[Consensus] process sync committed sub dags

[akichidis]

Description

The PR is changing the way we are processing the synchronized committed sub dags when GC is enabled. This was a necessity given that it's possible during GC for committed sub dags to drop dependencies that are necessary to accept vote and decision round blocks, effectively leading us to having to fetch the missing blocks via the synchronizer. By empirical examination there is a correlation between the missing blocks and the gc depth - the lower the gc depth the higher the number of missing blocks that need to be fetched.

With this new approach we attempt to commit the synchronized committed sub dag without waiting for the commit rule to run (hence wait to have accepted blocks to form the voting & decision rounds). Attention needs to be given that to avoid edge cases we need to make sure that the synchronized sub dags needs to be processed first on their own , and then run on a next iteration the commit rule for any other leaders. That guarantees that any accepted blocks due to commit sync will not run into "missing ancestor" issues.

Test plan

CI/PT

---

Release notes

Check each box that your changes affect. If none of the boxes relate to your changes, release notes aren't required.

For each box you select, include information after the relevant heading that describes the impact of your changes that a user might notice and any actions they must take to implement updates.

• Protocol:
• Nodes (Validators and Full nodes):
• gRPC:
• JSON-RPC:
• GraphQL:
• CLI:
• Rust SDK:

[vercel]

The latest updates on your projects. Learn more about Vercel for Git ↗︎

Name	Status	Preview	Comments	Updated (UTC)
sui-docs	✅ Ready (Inspect)	Visit Preview	💬 Add feedback	Feb 19, 2025 6:26pm

2 Skipped Deployments

Name	Status	Preview	Comments	Updated (UTC)
multisig-toolkit	⬜️ Ignored (Inspect)	Visit Preview		Feb 19, 2025 6:26pm
sui-kiosk	⬜️ Ignored (Inspect)	Visit Preview		Feb 19, 2025 6:26pm

[akichidis]

Something to note here; we could avoid even linearizing the DAG and just produce the necessary outputs, persist etc. However right now:

• uitlising the same path saves us from having to specially handle the storing of committed sub dags, move GC rounds etc
• provides some extra layer of confirmation as we can - and we do in the end - make sure that the same sub dag is produced with the current state

[mwtian]

The high level strategy lgtm. This should be simpler than skipping & rewriting commit_observer.handle_commit().

[mwtian]

remove?

[mwtian]

remove?

[mwtian]

Is this moved somewhere?

[mwtian]

The change here is minimal which is nice.

[mwtian]

info seems too much logging here

[arun-koshy]

The direction of the PR LGTM!

[arun-koshy]

This is cool! It feels like this is in general how we should handle the trusted commits regardless of GC. Did you notice a performance boost for catchup doing this instead of trying to run the commit rule for the synced commits?

[akichidis]

I haven't benchmarked this but I'll do. So far didn't see any difference on the opposite direction at least.

[arun-koshy]

why not just do this even if GC is not enabled?

[akichidis]

Well to be fair we could enable this without GC. Not sure if I wouldn't still feature flag it though. Let me think a bit about it.

[arun-koshy]

one thing to consider here is that you moved some of the logic of leader schedule into universal committer where try_decide does not work like that and we kept the commit logic as a black box that just spits out decided leaders. What do you think about continuing to keep that separation of logic?

[akichidis]

Yeah my initial iteration was without moving part of that logic in universal committer and keeping it in Core. We can certainly do that. It's just that the truncation of the leaders is a bit more complex and decided to do everything in the try_decide_synced method. I am open though to suggestions here.

[arun-koshy]

One suggestion is to remove try_decide_certified from universal committer and keep it as a separate method in core i.e. get_certified_commit_leaders. We are actually bypassing the committer with your new logic so it makes sense to not use the component at all.

[arun-koshy]

Why can't you update self.last_decided_leader from the synced decided leaders and then run the commit rule to fill whatever remaining space is left for the schedule?

[akichidis]

We don't want to run the commit rule until the synced leaders have been committed and GC rounds have been moved. That's important to make sure that when we try to run the commit rule we have the most updated GC and there is no possibility to try retrieve causal history (ex when we figure out the certificate support) that doesn't exist.

[mwtian]

This seems inefficient in a loop. We may as well filter certified_commits, then check the 1st element for gap.

[akichidis]

You are right about the inefficiency. Let me refactor this.

[mwtian]

I think this check is pretty critical to the correctness of Core::add_certified_commits(). Personally I would be comfortable having it called first thing in Core::add_certified_commits() or included in the function itself. Otherwise we may loose or reorder this check after refactoring. I think try_decide_certified() can assume the CertifiedCommits have been filtered and validated, and can just assert_eq(...). Wdyt?

[akichidis]

I see the point on the Core::add_certified_commits. It's just that the try_commit can be practically called from anywhere within the Core and the caller should always be mindful to do the validation. But given the limit scope we can continue with the assumption here and I can move the checks. Left me refactor this a bit.

[mwtian]

For logic above this line, I think they are better to be around core.rs. For logic below, they are indeed closer to commit rule. But tbh I'm not sure if we should actually move leader schedule commit loop to core as well instead. There are more refactor and we don't have to make things perfect in this PR.

[akichidis]

Ok I'll keep the logic for now in Core.rs. I agree that overall we could work out some refactoring with the leader schedule loop etc. Let's do that on upcoming PR.