hedera-services icon indicating copy to clipboard operation
hedera-services copied to clipboard

Published 20 hours ago verified publisher icon hashgraph

Safe software upgrades with birth rounds

Open litt3 opened this issue 6 months ago • 0 comments

Required Logic

The following logic must be applied when deciding to keep an event received through gossip (or replayed from the PCES):

if (birth round is ancient
  || birth round < last update
  || birth round > last verifiable 
  || software version != current {
    discard the event;
}
  • a round is verifiable if the node has already determined what the address book for that round will be
  • to retain hashgraph connectivity, nodes will need to remember the judges of the freeze round (stored in state), and use these judges as parents for new events created after the upgrade

Considerations

  • Discarding events that were created between the freeze round and the upgrade will cause these events to go stale
    • This is ok, since nodes shouldn't be putting app transactions into events post-freeze anyway
  • A more complicated approach could be taken, so that events between the freeze and the upgrade don't get discarded
    • since there isn't any big reason why these events need to be preserved, it seems the better option is the simple one

litt3 avatar Aug 07 '24 14:08 litt3