Update and expand the TLA+ model#216
Draft
the-mikedavis wants to merge 9 commits into
Draft
Conversation
The model previously didn't include the committed offset according to replicas / followers. Adding this is necessary to later cover retention or consumer behaviors.
TLA 1.8 flags a deadlock as an error. A deadlock can happen because the model allows all replicas to stop. We could alternatively prevent this structurally by ensuring that one replica is always online, but this doesn't seem realistic in practice, since a cluster may realistically go fully offline and recover gracefully.
Some variables were marked as UNCHANGED but were assigned anyways. This logs a warning when running. It also constrains the model to not consider states where the variable can change.
Collaborator
Author
|
Found some extra issues with TLA+ 1.8.0 around the dead-locking behavior. The message of Tested again for an hour on an |
Contributor
|
thanks, does this model match what we actually do with the coordinator in RabbitMQ? |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
I was taking a look through the model to try to extend it for rabbitmq-stream-s3. The diff looks pretty large since I flattened the directory but the commit history lays out each change.
I added replication of commit offset and retention to the model as well. I tested this for 20-30 min on an
hpc7a.96xlarge(192 cores) and didn't find any violations.