refactor(consensus)!: typed AdvanceOutOfRange variant end-to-end#569
Merged
Merged
Conversation
Coverage Report for CI Build 26494250958Coverage decreased (-0.06%) to 94.848%Details
Uncovered Changes
Coverage RegressionsNo coverage regressions found. Coverage Stats
💛 - Coveralls |
Promote the rejected-out-of-range advance from a `Box<dyn Error>`-erased `PermanentDriver` source to a first-class `ConsensusError::AdvanceOutOfRange(u64)` variant. The offending value is now carried structurally from the propose-time guard, through the server's disposition layer, into both consumers — no downcasting, no re-boxing in `classify`. The breaking change is the removal of the public `AdvanceOutOfRange` struct and its `pub use` re-export from `tsoracle-consensus`. The only downcaster in the tree was the crate's own test; no external consumer is affected. `PersistDisposition::OutOfRange(u64)` carries the value end-to-end at the server layer rather than collapsing into `Permanent(Box::new(...))`. This follows the disposition module's stated design philosophy — "a new ConsensusError variant becomes one edit here plus a compiler-forced arm at each site" — and lets the fence path reconstruct `ConsensusError::AdvanceOutOfRange(n)` faithfully instead of laundering it back into `PermanentDriver`. `service.rs` reuses the variant's `Display` so the message text stays pinned to a single source of truth in `ConsensusError`. Three driver tests that previously asserted `matches!(_, PermanentDriver(_))` on the OOR path are strengthened to assert the new variant carries the expected `u64`; the unrelated `PermanentDriver(_)` assertions (storage I/O, Raft fatal, paxos pending-reconfig, watch-task death) are unchanged. Verified `cargo test --workspace --all-features` (1158 passed, 0 failed), `cargo clippy --workspace --all-features --all-targets -- -D warnings` (clean), and the license-header script. Signed-off-by: Sebastian Thiebaud <sebastian@prismarisk.com>
SebastianThiebaud
force-pushed
the
refactor/advance-out-of-range-variant
branch
from
f0a0bd7 to
919e627
Compare
7 tasks
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
Promote the out-of-range high-water advance from a
Box<dyn Error>-erasedConsensusError::PermanentDriversource to a first-classConsensusError::AdvanceOutOfRange(u64)variant. The offending value is carried structurally from the propose-time guard, through the server's disposition layer, into both consumers — no downcasting, no re-boxing inclassify.!): the publicAdvanceOutOfRangestruct and itspub usere-export are removed fromtsoracle-consensus. The only downcaster in the tree was the crate's own test; no external consumer is affected.PersistDisposition::OutOfRange(u64)instead ofPermanent(Box::new(...)). This follows the disposition module's stated design philosophy — "a fifthConsensusErrorvariant becomes one edit here plus a compiler-forced arm at each site" — and lets the fence path reconstructConsensusError::AdvanceOutOfRange(n)faithfully instead of laundering it back intoPermanentDriver.service.rsreuses the variant'sDisplayso the message text stays pinned to one source of truth.matches!(_, PermanentDriver(_))on the OOR path now assert the new variant and the carriedu64. The unrelatedPermanentDriver(_)assertions (storage I/O failpoints, RaftFatal, paxosPendingReconfig, watch-task death) are untouched.Blast radius (9 files, +92/−30): the new variant + simplified guard in
tsoracle-consensus, the new disposition arm + two compiler-forced consumer arms intsoracle-server, and three updated test assertions across the file/paxos/openraft drivers.Test plan
cargo test --workspace --all-features— 1158 passed, 0 failed, 21 ignored across 135 test result blockscargo clippy --workspace --all-features --all-targets -- -D warnings— cleanscripts/check-ts-header.py— 270 files OKcargo fmt --check+cargo clippypassedconsensus::advance::tests::reject_out_of_range_advance_rejects_above_the_cap_as_variantconsensus::error::tests::consensus_error_display_text(now coversAdvanceOutOfRange)server::persist_disposition::tests::advance_out_of_range_carries_the_offending_value_structurally