SlideShare a Scribd company logo

DevDay: Reliable Finality, Lessons From the Field, R3

Download as PPTX, PDF
R3
R3

Christian Sailer, R3, presents on DevDay at CordaCon 2019.

Technology
1 of 44
11 Reliable Finality, Lessons From the Field Christian Sailer – R3 christian.sailer@r3.com
And why is it important?Quick recap: What is finality The concept of Finality in Corda: Ensure a transaction gets notarised and recorded with all relevant parties
And why is it important?Quick recap: What is finality The concept of Finality in Corda: Ensure a transaction gets notarised and recorded with all relevant parties “I see what you see” – the central promise of a distributed ledger
And why is it important?Quick recap: What is finality The concept of Finality in Corda: Ensure a transaction gets notarised and recorded with all relevant parties “I see what you see” – the central promise of a distributed ledger • Verify transaction • Notarise state spending if required (check for double spend) • Record transaction, consumed and created states • Broadcast transaction to all involved parties
What it isn’tQuick recap: What is finality Finality takes not care of the following – this has to happen before invoking finality! • Agreement between counterparties • Collection of signatures
Evolution of finality • Original Finality flow has been part of the Corda API since very first prototypes • Reworked for Corda 4: • Modified to take relevance of states into consideration • Explicit receive finality flow so only nodes waiting for broadcast will store states • Use inline flows with explicit list of sessions to broadcast to • Current changes: • Verify/ensure ledger consistency if something goes wrong.
How does finality work? The initiating flow invokes the finality subflow subFlow(FinalityFlow(counterSignedTx, recipientSession))
How does finality work? The initiating flow invokes the finality subflow subFlow(FinalityFlow(counterSignedTx, recipientSession)) Transaction to be finalised
How does finality work? The initiating flow invokes the finality subflow subFlow(FinalityFlow(counterSignedTx, recipientSession)) Transaction to be finalised Sessions for broadcast
How does finality work? The initiating flow invokes the finality subflow Finality flow (simplified): subFlow(FinalityFlow(counterSignedTx, recipientSession)) val ledgerTransaction = verifyTx() val notarised = notariseAndRecord() for (session in sessions) { subFlow(SendTransactionFlow(session, notarised)) }
How does finality work? The initiating flow invokes the finality subflow The initialised flows invoke the receive finality subflow subFlow(FinalityFlow(counterSignedTx, recipientSession)) // Not ideal that we have to do this check, but we must as FinalityFlow // does not send locally if (!serviceHub.myInfo.isLegalIdentity(otherSide.counterparty)) { subFlow(ReceiveFinalityFlow(otherSide)) }
What can go wrong? • Transaction verification can fail • That is fine – will just roll back
What can go wrong? • Transaction verification can fail • That is fine – will just roll back • Notarisation can fail • Not a problem for consistency – can still just roll back
What can go wrong? • Transaction verification can fail • That is fine – will just roll back • Notarisation can fail • Not a problem for consistency – can still just roll back • Once a transaction is notarised, it must be recorded • The input states are recorded as spent on the notary • Rolling back would leave them as unspent in the local vault • The ledger would be inconsistent!
Failure after notarisationFinality errors • Database errors while recording • Database connection failure • Database out of space • Other transient database errors
Failure after notarisationFinality errors • Database errors while recording • Database connection failure • Database out of space • Other transient database errors • Network errors when broadcasting
Failure after notarisationFinality errors • Database errors while recording • Database connection failure • Database out of space • Other transient database errors • Network errors when broadcasting • Database errors on the counterparty
Failure after notarisationFinality errors • Database errors while recording • Database connection failure • Database out of space • Other transient database errors • Network errors when broadcasting • Database errors on the counterparty • Errors in CorDapp code
Failure after notarisationFinality errors • Database errors while recording • Database connection failure • Database out of space • Other transient database errors • Network errors when broadcasting • Database errors on the counterparty • Errors in CorDapp code Wait, what?!
Raw vault observerExcursion • Service gets instantiated on every node where the CorDapp installed • Sets up observer on raw vault feed • The subscribed lambda gets run when vault states get added in the context of the flow fiber before database commit @CordaService class DbListenerService(services: AppServiceHub) : SingletonSerializeAsToken() { init { services.vaultService.rawUpdates.subscribe { (consumed, produced) -> … } } }
Raw vault observersFinality errors User (i.e. CorDapp) code can be injected e.g. via a raw VaultObserver • Raw updates are processed before recording DB transaction is committed • Can interact with database • Useful if additional changes need to be committed to the database atomically • Can throw exceptions that interfere with committing the DB transaction • Can alter the state of the node (e.g. unsubscribe observers)
Raw vault observersFinality errors User (i.e. CorDapp) code can be injected e.g. via VaultObserver • Raw updates are processed before recording DB transaction is processed • Can interact with database • Can throw exceptions that interfere with committing the DB transaction • Can alter the state of the node (e.g. unsubscribe observers) This has been observed by users
Raw vault observersFinality errors User (i.e. CorDapp) code can be injected e.g. via VaultObserver • Raw updates are processed before recording DB transaction is processed • Can interact with database • Can throw exceptions that interfere with committing the DB transaction • Can alter the state of the node (e.g. unsubscribe observers) This has been observed by users Investigation into what happens in error cases
Finality errors in action • CorDapp that can force a number of errors • Database or user exception in VaultObserver • On created or consumed state • Forcing data base exceptions on transaction commit
Finality Errors in action • CorDapp that can force a number of errors • Database or user exception in VaultObserver • On created or consumed state • Forcing data base exceptions on transaction commit • Integration tests using this CorDapp • Checking contents of vault and notary log • Checking whether flows finish (successfully or error state) or get stuck • Checking whether consistency can be recovered via restart
Database errors during recording locallyHandling errors during finality Notarised Recorded locally Distributed to participants • When throwing an exception, the flow will be passed to the flow hospital • In case of certain exceptions (e.g. transient exception, connection exception), the flow might be retried from the last checkpoint • Other DB exceptions/if retry fails, the flow will be kept dormant
Database errors during recording locallyHandling errors during finality Notarised Recorded locally Distributed to participants • When throwing an exception, the flow will be passed to the flow hospital • In case of certain exceptions (e.g. transient exception, connection exception), the flow might be retried from the last checkpoint • Other DB exceptions/if retry fails, the flow will be kept dormant • Fixing the database problem and restarting the node should make finality complete.
User error from raw VaultObserverHandling errors during finality Notarised Recorded locally Distributed to participants • Exception will stop recording of transactions • The exception might escape and kill the flow
User error from raw VaultObserverHandling errors during finality Notarised Recorded locally Distributed to participants • Exception will stop recording of transactions • The exception might escape and kill the flow The ledger can end up inconsistent between the notary and the nodes!
User error from raw VaultObserverHandling errors during finality Notarised Recorded locally Distributed to participants • Exception will stop recording of transactions • The exception might escape and kill the flow The ledger can end up inconsistent between the notary and the nodes! Don’t do this!
Network error during broadcastHandling errors during finality Notarised Recorded locally Distributed to participants - will be delivered eventually • Initiating flow will keep retrying to broadcast • If flows get interrupted/nodes restarted, persistent queues will redeliver the message
Network error during broadcastHandling errors during finality Notarised Recorded locally Distributed to participants - will be delivered eventually • Initiating flow will keep retrying to broadcast • If flows get interrupted/nodes restarted, persistent queues will redeliver the message
Database error during recording on counterpartyHandling errors during finality Notarised Recorded locally Distributed to participants • Failure to record on the counterparty does not affect initiating flow • Flow gets kept – fixing database and restarting counterparty will finalise correctly
Database error during recording on counterpartyHandling errors during finality Notarised Recorded locally Distributed to participants • Failure to record on the counterparty does not affect initiating flow • Flow gets kept – fixing database and restarting counterparty will finalise correctly
User exception from VaultObserver on counterpartyHandling errors during finality Notarised Recorded locally Distributed to participants • Failure to record on the counterparty does not affect initiating flow • The exception might escape and kill the flow
User exception from VaultObserver on counterpartyHandling errors during finality Notarised Recorded locally Distributed to participants • Failure to record on the counterparty does not affect initiating flow • The exception might escape and kill the flow The ledger will be inconsistent between the two nodes!
User exception from VaultObserver on counterpartyHandling errors during finality Notarised Recorded locally Distributed to participants • Failure to record on the counterparty does not affect initiating flow • The exception might escape and kill the flow The ledger will be inconsistent between the two nodes! Don’t do this!
Recap • Corda handles database exceptions during finality • Either retry • Or keeping flows in the flow hospital Flows in the hospital need attention, the ledger might be inconsistent until they are resolved
Recap • Corda handles database exceptions during finality • Either retry • Or keeping flows in the flow hospital Flows in the hospital need attention, the ledger might be inconsistent until they are resolved • Corda handles connection errors during finality • Retry and persistent queues ensure eventual consistency
Recap • Throwing exceptions from raw vault observers can be dangerous! • Exceptions from raw vault observer can threaten integrity of the ledger (this is a bug that is scheduled to be fixed) • Exceptions from any vault observer can change the behaviour of the node (also a bug)
Recap • Throwing exceptions from raw vault observers can be dangerous! • Exceptions from raw vault observer can threaten integrity of the ledger (this is a bug that is scheduled to be fixed) • Exceptions from any vault observer can change the behaviour of the node (also a bug) • Workaround: don’t let exceptions escape your code inside observers Be careful what code to run in a vault observer! When using vault observers make sure to handle exceptions!
Recap • Or even better, use an alternative, e.g. VaultService.trackBy() val updates = database.transaction { val (snapshot, updates) = vaultService.trackBy<LinearState>() updates }
Conclusions • With the latest changes, Corda ensures consistent finality even in case of: • database exceptions • connection exceptions • Only user exceptions from raw VaultObservers are problematic • Only use raw updates if you absolutely must – often VaultService.trackBy is the better alternative (e.g. if you just need to track/notify external services) • If you must use raw observables, be sure to catch and handle all exceptions
London 2 London Wall Place, London, EC2Y 5AU Hong Kong Bonham Strand, 7F Office 18- 121 Hong Kong www.r3.com Thank you Brazil Av. Angélica, 2529 - Bela Vista 6th Floor São Paulo - SP, 01153-000, Brazil New York 11 West 42nd Street, 8th Floor New York, NY 10036 Singapore 18 Robinson Road, Level #14-02 Singapore, 048547

Recommended

Supporting trade finance with letters of credit on corda
Supporting trade finance with letters of credit on cordaSupporting trade finance with letters of credit on corda
Supporting trade finance with letters of credit on corda
R3
 
Corda Developer Bootcamp: Introduction to Corda
Corda Developer Bootcamp: Introduction to CordaCorda Developer Bootcamp: Introduction to Corda
Corda Developer Bootcamp: Introduction to Corda
R3
 
Corda Developer Bootcamp: Tokens
Corda Developer Bootcamp: TokensCorda Developer Bootcamp: Tokens
Corda Developer Bootcamp: Tokens
R3
 
Corda Developer Bootcamp: Tokens
Corda Developer Bootcamp: TokensCorda Developer Bootcamp: Tokens
Corda Developer Bootcamp: Tokens
R3
 
Introduction to Corda Blockchain for Developers
Introduction to Corda Blockchain for DevelopersIntroduction to Corda Blockchain for Developers
Introduction to Corda Blockchain for Developers
R3
 
Corda Developer Bootcamp: Accounts
Corda Developer Bootcamp: AccountsCorda Developer Bootcamp: Accounts
Corda Developer Bootcamp: Accounts
R3
 
Insurance Round Table
Insurance Round TableInsurance Round Table
Insurance Round Table
R3
 
BizDay: David E. Rutter Welcome Address
BizDay: David E. Rutter Welcome AddressBizDay: David E. Rutter Welcome Address
BizDay: David E. Rutter Welcome Address
R3
 

Recommended

Supporting trade finance with letters of credit on corda
Supporting trade finance with letters of credit on cordaSupporting trade finance with letters of credit on corda
Supporting trade finance with letters of credit on corda
R3
 
Corda Developer Bootcamp: Introduction to Corda
Corda Developer Bootcamp: Introduction to CordaCorda Developer Bootcamp: Introduction to Corda
Corda Developer Bootcamp: Introduction to Corda
R3
 
Corda Developer Bootcamp: Tokens
Corda Developer Bootcamp: TokensCorda Developer Bootcamp: Tokens
Corda Developer Bootcamp: Tokens
R3
 
Corda Developer Bootcamp: Tokens
Corda Developer Bootcamp: TokensCorda Developer Bootcamp: Tokens
Corda Developer Bootcamp: Tokens
R3
 
Introduction to Corda Blockchain for Developers
Introduction to Corda Blockchain for DevelopersIntroduction to Corda Blockchain for Developers
Introduction to Corda Blockchain for Developers
R3
 
Corda Developer Bootcamp: Accounts
Corda Developer Bootcamp: AccountsCorda Developer Bootcamp: Accounts
Corda Developer Bootcamp: Accounts
R3
 
Insurance Round Table
Insurance Round TableInsurance Round Table
Insurance Round Table
R3
 
BizDay: David E. Rutter Welcome Address
BizDay: David E. Rutter Welcome AddressBizDay: David E. Rutter Welcome Address
BizDay: David E. Rutter Welcome Address
R3
 
BizDay: Usage Based Insurance and Fleet Management, Infosys
BizDay: Usage Based Insurance and Fleet Management, InfosysBizDay: Usage Based Insurance and Fleet Management, Infosys
BizDay: Usage Based Insurance and Fleet Management, Infosys
R3
 
DevDay: Managing a Distributed Network on a Common Infra, SIA
DevDay: Managing a Distributed Network on a Common Infra, SIADevDay: Managing a Distributed Network on a Common Infra, SIA
DevDay: Managing a Distributed Network on a Common Infra, SIA
R3
 
BizDay: Improving Remittances in the World's 2nd Largest Corridor, Digiledge
BizDay: Improving Remittances in the World's 2nd Largest Corridor, DigiledgeBizDay: Improving Remittances in the World's 2nd Largest Corridor, Digiledge
BizDay: Improving Remittances in the World's 2nd Largest Corridor, Digiledge
R3
 
BizDay: Designing the Future of Payments, Mastercard
BizDay: Designing the Future of Payments, MastercardBizDay: Designing the Future of Payments, Mastercard
BizDay: Designing the Future of Payments, Mastercard
R3
 
DevDay: Developer Updates: Visual Studio Code, Java 11 and OpenAPI (oh my), L...
DevDay: Developer Updates: Visual Studio Code, Java 11 and OpenAPI (oh my), L...DevDay: Developer Updates: Visual Studio Code, Java 11 and OpenAPI (oh my), L...
DevDay: Developer Updates: Visual Studio Code, Java 11 and OpenAPI (oh my), L...
R3
 
DevDay: Node Analytics with Python, Chainhaus
DevDay: Node Analytics with Python, ChainhausDevDay: Node Analytics with Python, Chainhaus
DevDay: Node Analytics with Python, Chainhaus
R3
 
DevDay: Getting Started with Tokens and Accounts, R3
DevDay: Getting Started with Tokens and Accounts, R3DevDay: Getting Started with Tokens and Accounts, R3
DevDay: Getting Started with Tokens and Accounts, R3
R3
 
BizDay: Transition to DLT in RTGS payments, Accenture, SAP
BizDay: Transition to DLT in RTGS payments, Accenture, SAPBizDay: Transition to DLT in RTGS payments, Accenture, SAP
BizDay: Transition to DLT in RTGS payments, Accenture, SAP
R3
 
BizDay: Connecting Construction & Insurance Ecosystem, Tinubu Square
BizDay: Connecting Construction & Insurance Ecosystem, Tinubu SquareBizDay: Connecting Construction & Insurance Ecosystem, Tinubu Square
BizDay: Connecting Construction & Insurance Ecosystem, Tinubu Square
R3
 
BizDay: The Wholesale Food Supply Chain is Ripe for Transformation, ripe.io
BizDay: The Wholesale Food Supply Chain is Ripe for Transformation, ripe.ioBizDay: The Wholesale Food Supply Chain is Ripe for Transformation, ripe.io
BizDay: The Wholesale Food Supply Chain is Ripe for Transformation, ripe.io
R3
 
BizDay: Fully Managed Corda Enterprise with Azure Blockchain Service, Microsoft
BizDay: Fully Managed Corda Enterprise with Azure Blockchain Service, MicrosoftBizDay: Fully Managed Corda Enterprise with Azure Blockchain Service, Microsoft
BizDay: Fully Managed Corda Enterprise with Azure Blockchain Service, Microsoft
R3
 
BizDay: Truck Wallet, Daimler, KI Decentralized
BizDay: Truck Wallet, Daimler, KI DecentralizedBizDay: Truck Wallet, Daimler, KI Decentralized
BizDay: Truck Wallet, Daimler, KI Decentralized
R3
 
BizDay: A View From Behind the Curtain, SIX Exchange
BizDay: A View From Behind the Curtain, SIX ExchangeBizDay: A View From Behind the Curtain, SIX Exchange
BizDay: A View From Behind the Curtain, SIX Exchange
R3
 
BizDay: Finteum Presentation
BizDay: Finteum PresentationBizDay: Finteum Presentation
BizDay: Finteum Presentation
R3
 
BizDay: Using Tokens for Payment and Instant Settlement, R3
BizDay: Using Tokens for Payment and Instant Settlement, R3BizDay: Using Tokens for Payment and Instant Settlement, R3
BizDay: Using Tokens for Payment and Instant Settlement, R3
R3
 
BizDay: Digital Micro-Lending and Debt Crowd Funding Platform, JVentures
BizDay: Digital Micro-Lending and Debt Crowd Funding Platform, JVenturesBizDay: Digital Micro-Lending and Debt Crowd Funding Platform, JVentures
BizDay: Digital Micro-Lending and Debt Crowd Funding Platform, JVentures
R3
 
BizDay: Trusted Data Exchange for Corp and Supplier Onboarding, Capgemini
BizDay: Trusted Data Exchange for Corp and Supplier Onboarding, CapgeminiBizDay: Trusted Data Exchange for Corp and Supplier Onboarding, Capgemini
BizDay: Trusted Data Exchange for Corp and Supplier Onboarding, Capgemini
R3
 
BizDay: The Path to The Risk Singularity, RiskStream
BizDay: The Path to The Risk Singularity, RiskStreamBizDay: The Path to The Risk Singularity, RiskStream
BizDay: The Path to The Risk Singularity, RiskStream
R3
 
BizDay: Insurtech Challenge, Nationwide
BizDay: Insurtech Challenge, NationwideBizDay: Insurtech Challenge, Nationwide
BizDay: Insurtech Challenge, Nationwide
R3
 
BizDay: How Corda is Enabling Low Income Families to be Protected, Blocksure
BizDay: How Corda is Enabling Low Income Families to be Protected, BlocksureBizDay: How Corda is Enabling Low Income Families to be Protected, Blocksure
BizDay: How Corda is Enabling Low Income Families to be Protected, Blocksure
R3
 
2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...
Martijn de Jong
 
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc
 

More Related Content

More from R3

More from R3 (20)

BizDay: Usage Based Insurance and Fleet Management, Infosys
BizDay: Usage Based Insurance and Fleet Management, InfosysBizDay: Usage Based Insurance and Fleet Management, Infosys
BizDay: Usage Based Insurance and Fleet Management, Infosys
 
DevDay: Managing a Distributed Network on a Common Infra, SIA
DevDay: Managing a Distributed Network on a Common Infra, SIADevDay: Managing a Distributed Network on a Common Infra, SIA
DevDay: Managing a Distributed Network on a Common Infra, SIA
 
BizDay: Improving Remittances in the World's 2nd Largest Corridor, Digiledge
BizDay: Improving Remittances in the World's 2nd Largest Corridor, DigiledgeBizDay: Improving Remittances in the World's 2nd Largest Corridor, Digiledge
BizDay: Improving Remittances in the World's 2nd Largest Corridor, Digiledge
 
BizDay: Designing the Future of Payments, Mastercard
BizDay: Designing the Future of Payments, MastercardBizDay: Designing the Future of Payments, Mastercard
BizDay: Designing the Future of Payments, Mastercard
 
DevDay: Developer Updates: Visual Studio Code, Java 11 and OpenAPI (oh my), L...
DevDay: Developer Updates: Visual Studio Code, Java 11 and OpenAPI (oh my), L...DevDay: Developer Updates: Visual Studio Code, Java 11 and OpenAPI (oh my), L...
DevDay: Developer Updates: Visual Studio Code, Java 11 and OpenAPI (oh my), L...
 
DevDay: Node Analytics with Python, Chainhaus
DevDay: Node Analytics with Python, ChainhausDevDay: Node Analytics with Python, Chainhaus
DevDay: Node Analytics with Python, Chainhaus
 
DevDay: Getting Started with Tokens and Accounts, R3
DevDay: Getting Started with Tokens and Accounts, R3DevDay: Getting Started with Tokens and Accounts, R3
DevDay: Getting Started with Tokens and Accounts, R3
 
BizDay: Transition to DLT in RTGS payments, Accenture, SAP
BizDay: Transition to DLT in RTGS payments, Accenture, SAPBizDay: Transition to DLT in RTGS payments, Accenture, SAP
BizDay: Transition to DLT in RTGS payments, Accenture, SAP
 
BizDay: Connecting Construction & Insurance Ecosystem, Tinubu Square
BizDay: Connecting Construction & Insurance Ecosystem, Tinubu SquareBizDay: Connecting Construction & Insurance Ecosystem, Tinubu Square
BizDay: Connecting Construction & Insurance Ecosystem, Tinubu Square
 
BizDay: The Wholesale Food Supply Chain is Ripe for Transformation, ripe.io
BizDay: The Wholesale Food Supply Chain is Ripe for Transformation, ripe.ioBizDay: The Wholesale Food Supply Chain is Ripe for Transformation, ripe.io
BizDay: The Wholesale Food Supply Chain is Ripe for Transformation, ripe.io
 
BizDay: Fully Managed Corda Enterprise with Azure Blockchain Service, Microsoft
BizDay: Fully Managed Corda Enterprise with Azure Blockchain Service, MicrosoftBizDay: Fully Managed Corda Enterprise with Azure Blockchain Service, Microsoft
BizDay: Fully Managed Corda Enterprise with Azure Blockchain Service, Microsoft
 
BizDay: Truck Wallet, Daimler, KI Decentralized
BizDay: Truck Wallet, Daimler, KI DecentralizedBizDay: Truck Wallet, Daimler, KI Decentralized
BizDay: Truck Wallet, Daimler, KI Decentralized
 
BizDay: A View From Behind the Curtain, SIX Exchange
BizDay: A View From Behind the Curtain, SIX ExchangeBizDay: A View From Behind the Curtain, SIX Exchange
BizDay: A View From Behind the Curtain, SIX Exchange
 
BizDay: Finteum Presentation
BizDay: Finteum PresentationBizDay: Finteum Presentation
BizDay: Finteum Presentation
 
BizDay: Using Tokens for Payment and Instant Settlement, R3
BizDay: Using Tokens for Payment and Instant Settlement, R3BizDay: Using Tokens for Payment and Instant Settlement, R3
BizDay: Using Tokens for Payment and Instant Settlement, R3
 
BizDay: Digital Micro-Lending and Debt Crowd Funding Platform, JVentures
BizDay: Digital Micro-Lending and Debt Crowd Funding Platform, JVenturesBizDay: Digital Micro-Lending and Debt Crowd Funding Platform, JVentures
BizDay: Digital Micro-Lending and Debt Crowd Funding Platform, JVentures
 
BizDay: Trusted Data Exchange for Corp and Supplier Onboarding, Capgemini
BizDay: Trusted Data Exchange for Corp and Supplier Onboarding, CapgeminiBizDay: Trusted Data Exchange for Corp and Supplier Onboarding, Capgemini
BizDay: Trusted Data Exchange for Corp and Supplier Onboarding, Capgemini
 
BizDay: The Path to The Risk Singularity, RiskStream
BizDay: The Path to The Risk Singularity, RiskStreamBizDay: The Path to The Risk Singularity, RiskStream
BizDay: The Path to The Risk Singularity, RiskStream
 
BizDay: Insurtech Challenge, Nationwide
BizDay: Insurtech Challenge, NationwideBizDay: Insurtech Challenge, Nationwide
BizDay: Insurtech Challenge, Nationwide
 
BizDay: How Corda is Enabling Low Income Families to be Protected, Blocksure
BizDay: How Corda is Enabling Low Income Families to be Protected, BlocksureBizDay: How Corda is Enabling Low Income Families to be Protected, Blocksure
BizDay: How Corda is Enabling Low Income Families to be Protected, Blocksure
 

Recently uploaded

TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc
 
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
?#DUbAI#??##{{(☎️+971_581248768%)**%*]'#abortion pills for sale in dubai@
 
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data DiscoveryTrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc
 
Histor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slideHistor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slide
vu2urc
 
Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...
Enterprise Knowledge
 
Boost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityBoost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivity
Principled Technologies
 

Recently uploaded (20)

2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...
 
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
 
Scaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationScaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organization
 
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
 
Real Time Object Detection Using Open CV
Real Time Object Detection Using Open CVReal Time Object Detection Using Open CV
Real Time Object Detection Using Open CV
 
Partners Life - Insurer Innovation Award 2024
Partners Life - Insurer Innovation Award 2024Partners Life - Insurer Innovation Award 2024
Partners Life - Insurer Innovation Award 2024
 
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, AdobeApidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
 
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data DiscoveryTrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected Worker
 
Histor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slideHistor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slide
 
Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...
 
HTML Injection Attacks: Impact and Mitigation Strategies
HTML Injection Attacks: Impact and Mitigation StrategiesHTML Injection Attacks: Impact and Mitigation Strategies
HTML Injection Attacks: Impact and Mitigation Strategies
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected Worker
 
AWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of TerraformAWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of Terraform
 
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemkeProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
 
Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...
 
Handwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsHandwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed texts
 
GenAI Risks & Security Meetup 01052024.pdf
GenAI Risks & Security Meetup 01052024.pdfGenAI Risks & Security Meetup 01052024.pdf
GenAI Risks & Security Meetup 01052024.pdf
 
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
 
Boost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityBoost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivity
 

DevDay: Reliable Finality, Lessons From the Field, R3

  • 1. 11 Reliable Finality, Lessons From the Field Christian Sailer – R3 christian.sailer@r3.com
  • 2. And why is it important?Quick recap: What is finality The concept of Finality in Corda: Ensure a transaction gets notarised and recorded with all relevant parties
  • 3. And why is it important?Quick recap: What is finality The concept of Finality in Corda: Ensure a transaction gets notarised and recorded with all relevant parties “I see what you see” – the central promise of a distributed ledger
  • 4. And why is it important?Quick recap: What is finality The concept of Finality in Corda: Ensure a transaction gets notarised and recorded with all relevant parties “I see what you see” – the central promise of a distributed ledger • Verify transaction • Notarise state spending if required (check for double spend) • Record transaction, consumed and created states • Broadcast transaction to all involved parties
  • 5. What it isn’tQuick recap: What is finality Finality takes not care of the following – this has to happen before invoking finality! • Agreement between counterparties • Collection of signatures
  • 6. Evolution of finality • Original Finality flow has been part of the Corda API since very first prototypes • Reworked for Corda 4: • Modified to take relevance of states into consideration • Explicit receive finality flow so only nodes waiting for broadcast will store states • Use inline flows with explicit list of sessions to broadcast to • Current changes: • Verify/ensure ledger consistency if something goes wrong.
  • 7. How does finality work? The initiating flow invokes the finality subflow subFlow(FinalityFlow(counterSignedTx, recipientSession))
  • 8. How does finality work? The initiating flow invokes the finality subflow subFlow(FinalityFlow(counterSignedTx, recipientSession)) Transaction to be finalised
  • 9. How does finality work? The initiating flow invokes the finality subflow subFlow(FinalityFlow(counterSignedTx, recipientSession)) Transaction to be finalised Sessions for broadcast
  • 10. How does finality work? The initiating flow invokes the finality subflow Finality flow (simplified): subFlow(FinalityFlow(counterSignedTx, recipientSession)) val ledgerTransaction = verifyTx() val notarised = notariseAndRecord() for (session in sessions) { subFlow(SendTransactionFlow(session, notarised)) }
  • 11. How does finality work? The initiating flow invokes the finality subflow The initialised flows invoke the receive finality subflow subFlow(FinalityFlow(counterSignedTx, recipientSession)) // Not ideal that we have to do this check, but we must as FinalityFlow // does not send locally if (!serviceHub.myInfo.isLegalIdentity(otherSide.counterparty)) { subFlow(ReceiveFinalityFlow(otherSide)) }
  • 12. What can go wrong? • Transaction verification can fail • That is fine – will just roll back
  • 13. What can go wrong? • Transaction verification can fail • That is fine – will just roll back • Notarisation can fail • Not a problem for consistency – can still just roll back
  • 14. What can go wrong? • Transaction verification can fail • That is fine – will just roll back • Notarisation can fail • Not a problem for consistency – can still just roll back • Once a transaction is notarised, it must be recorded • The input states are recorded as spent on the notary • Rolling back would leave them as unspent in the local vault • The ledger would be inconsistent!
  • 15. Failure after notarisationFinality errors • Database errors while recording • Database connection failure • Database out of space • Other transient database errors
  • 16. Failure after notarisationFinality errors • Database errors while recording • Database connection failure • Database out of space • Other transient database errors • Network errors when broadcasting
  • 17. Failure after notarisationFinality errors • Database errors while recording • Database connection failure • Database out of space • Other transient database errors • Network errors when broadcasting • Database errors on the counterparty
  • 18. Failure after notarisationFinality errors • Database errors while recording • Database connection failure • Database out of space • Other transient database errors • Network errors when broadcasting • Database errors on the counterparty • Errors in CorDapp code
  • 19. Failure after notarisationFinality errors • Database errors while recording • Database connection failure • Database out of space • Other transient database errors • Network errors when broadcasting • Database errors on the counterparty • Errors in CorDapp code Wait, what?!
  • 20. Raw vault observerExcursion • Service gets instantiated on every node where the CorDapp installed • Sets up observer on raw vault feed • The subscribed lambda gets run when vault states get added in the context of the flow fiber before database commit @CordaService class DbListenerService(services: AppServiceHub) : SingletonSerializeAsToken() { init { services.vaultService.rawUpdates.subscribe { (consumed, produced) -> … } } }
  • 21. Raw vault observersFinality errors User (i.e. CorDapp) code can be injected e.g. via a raw VaultObserver • Raw updates are processed before recording DB transaction is committed • Can interact with database • Useful if additional changes need to be committed to the database atomically • Can throw exceptions that interfere with committing the DB transaction • Can alter the state of the node (e.g. unsubscribe observers)
  • 22. Raw vault observersFinality errors User (i.e. CorDapp) code can be injected e.g. via VaultObserver • Raw updates are processed before recording DB transaction is processed • Can interact with database • Can throw exceptions that interfere with committing the DB transaction • Can alter the state of the node (e.g. unsubscribe observers) This has been observed by users
  • 23. Raw vault observersFinality errors User (i.e. CorDapp) code can be injected e.g. via VaultObserver • Raw updates are processed before recording DB transaction is processed • Can interact with database • Can throw exceptions that interfere with committing the DB transaction • Can alter the state of the node (e.g. unsubscribe observers) This has been observed by users Investigation into what happens in error cases
  • 24. Finality errors in action • CorDapp that can force a number of errors • Database or user exception in VaultObserver • On created or consumed state • Forcing data base exceptions on transaction commit
  • 25. Finality Errors in action • CorDapp that can force a number of errors • Database or user exception in VaultObserver • On created or consumed state • Forcing data base exceptions on transaction commit • Integration tests using this CorDapp • Checking contents of vault and notary log • Checking whether flows finish (successfully or error state) or get stuck • Checking whether consistency can be recovered via restart
  • 26. Database errors during recording locallyHandling errors during finality Notarised Recorded locally Distributed to participants • When throwing an exception, the flow will be passed to the flow hospital • In case of certain exceptions (e.g. transient exception, connection exception), the flow might be retried from the last checkpoint • Other DB exceptions/if retry fails, the flow will be kept dormant
  • 27. Database errors during recording locallyHandling errors during finality Notarised Recorded locally Distributed to participants • When throwing an exception, the flow will be passed to the flow hospital • In case of certain exceptions (e.g. transient exception, connection exception), the flow might be retried from the last checkpoint • Other DB exceptions/if retry fails, the flow will be kept dormant • Fixing the database problem and restarting the node should make finality complete.
  • 28. User error from raw VaultObserverHandling errors during finality Notarised Recorded locally Distributed to participants • Exception will stop recording of transactions • The exception might escape and kill the flow
  • 29. User error from raw VaultObserverHandling errors during finality Notarised Recorded locally Distributed to participants • Exception will stop recording of transactions • The exception might escape and kill the flow The ledger can end up inconsistent between the notary and the nodes!
  • 30. User error from raw VaultObserverHandling errors during finality Notarised Recorded locally Distributed to participants • Exception will stop recording of transactions • The exception might escape and kill the flow The ledger can end up inconsistent between the notary and the nodes! Don’t do this!
  • 31. Network error during broadcastHandling errors during finality Notarised Recorded locally Distributed to participants - will be delivered eventually • Initiating flow will keep retrying to broadcast • If flows get interrupted/nodes restarted, persistent queues will redeliver the message
  • 32. Network error during broadcastHandling errors during finality Notarised Recorded locally Distributed to participants - will be delivered eventually • Initiating flow will keep retrying to broadcast • If flows get interrupted/nodes restarted, persistent queues will redeliver the message
  • 33. Database error during recording on counterpartyHandling errors during finality Notarised Recorded locally Distributed to participants • Failure to record on the counterparty does not affect initiating flow • Flow gets kept – fixing database and restarting counterparty will finalise correctly
  • 34. Database error during recording on counterpartyHandling errors during finality Notarised Recorded locally Distributed to participants • Failure to record on the counterparty does not affect initiating flow • Flow gets kept – fixing database and restarting counterparty will finalise correctly
  • 35. User exception from VaultObserver on counterpartyHandling errors during finality Notarised Recorded locally Distributed to participants • Failure to record on the counterparty does not affect initiating flow • The exception might escape and kill the flow
  • 36. User exception from VaultObserver on counterpartyHandling errors during finality Notarised Recorded locally Distributed to participants • Failure to record on the counterparty does not affect initiating flow • The exception might escape and kill the flow The ledger will be inconsistent between the two nodes!
  • 37. User exception from VaultObserver on counterpartyHandling errors during finality Notarised Recorded locally Distributed to participants • Failure to record on the counterparty does not affect initiating flow • The exception might escape and kill the flow The ledger will be inconsistent between the two nodes! Don’t do this!
  • 38. Recap • Corda handles database exceptions during finality • Either retry • Or keeping flows in the flow hospital Flows in the hospital need attention, the ledger might be inconsistent until they are resolved
  • 39. Recap • Corda handles database exceptions during finality • Either retry • Or keeping flows in the flow hospital Flows in the hospital need attention, the ledger might be inconsistent until they are resolved • Corda handles connection errors during finality • Retry and persistent queues ensure eventual consistency
  • 40. Recap • Throwing exceptions from raw vault observers can be dangerous! • Exceptions from raw vault observer can threaten integrity of the ledger (this is a bug that is scheduled to be fixed) • Exceptions from any vault observer can change the behaviour of the node (also a bug)
  • 41. Recap • Throwing exceptions from raw vault observers can be dangerous! • Exceptions from raw vault observer can threaten integrity of the ledger (this is a bug that is scheduled to be fixed) • Exceptions from any vault observer can change the behaviour of the node (also a bug) • Workaround: don’t let exceptions escape your code inside observers Be careful what code to run in a vault observer! When using vault observers make sure to handle exceptions!
  • 42. Recap • Or even better, use an alternative, e.g. VaultService.trackBy() val updates = database.transaction { val (snapshot, updates) = vaultService.trackBy<LinearState>() updates }
  • 43. Conclusions • With the latest changes, Corda ensures consistent finality even in case of: • database exceptions • connection exceptions • Only user exceptions from raw VaultObservers are problematic • Only use raw updates if you absolutely must – often VaultService.trackBy is the better alternative (e.g. if you just need to track/notify external services) • If you must use raw observables, be sure to catch and handle all exceptions
  • 44. London 2 London Wall Place, London, EC2Y 5AU Hong Kong Bonham Strand, 7F Office 18- 121 Hong Kong www.r3.com Thank you Brazil Av. Angélica, 2529 - Bela Vista 6th Floor São Paulo - SP, 01153-000, Brazil New York 11 West 42nd Street, 8th Floor New York, NY 10036 Singapore 18 Robinson Road, Level #14-02 Singapore, 048547