Enforce account RPC limits by account objects traversed #4032
Conversation
There was a problem hiding this comment.
Looking at these three handlers together, I realize there's a ton of overlapping / boilerplate code that could probably be pulled into one or more common helper functions. That may be beyond the scope of this PR, but it would be pretty cool.
Otherwise, all of my feedback items are minor - comments, variable names, and such.
This flag, if present, suppresses the output of incoming trustlines in default state. This is primarily motivated by observing that users of Xumm often have many unwanted incoming trustlines in a default state, which are not useful in the vast majority of cases. Being able to suppress those when doing `account_lines` saves bandwidth and resources.
* Just the rep is made atomic to workaround older compilers
seperated -> separated
determing -> determining
* Log load fee values (at debug) received from validations. * Log remote and cluster fee values (at trace) when changed. * Refactor JobQueue::isOverloaded to return sooner if overloaded. * Refactor Transactor::checkFee to only compute fee if ledger is open.
* Sort by fee level (which is the current behavior) then by transaction ID (hash). * Edge case when the account at the end of the queue submits a higher paying transaction to walk backwards and compare against the cheapest transaction from a different account. * Use std::if_any to simplify the JobQueue::isOverloaded loop.
There was a problem hiding this comment.
I've finished my review and I'm okay with what's here. I'd be a lot more comfortable if we check isFieldPresent in getStartHint(). So I hope you'll look at the suggestions and see what you think. But, I'll acknowledge, there's also risk in changing stuff that's been well tested.
|
Just want to point out this change actually changes the behavior of the RPCs from a client perspective. The call will return less objects than what is specified in |
|
@cjcobb23, I'm okay to wait on this PR until 1.8.3, its already running in reporting mode, which is where it is most important. If we don't feel comfortable shipping it right now, we can wait until the next release. Thoughts? |
|
@natenichols I would like to ship it now, because we are trying to make it easy for others to run reporting mode. I think this will also benefit regular rippled. |
natenichols
added
the
Passed
|
@natenichols, the latest changes look good to me. Thanks for adding the unit test, however I don't think it is testing as much as you hope for. When I check code coverage I see that, even with the added test, none of the non-manual unit tests exercise the I'll poke at a way to fix the new unit test so it exercises that branch. But in the mean time, know that we haven't verified that part of the code. |
There was a problem hiding this comment.
At a glance this looks fine, though it's a bit hard for me to figure out all the consequences this might have on the API.
Are the markers portable across servers, or not? Say you connect via JSON-RPC to a hostname that is backed by a round-robin pool of servers. If you do a request and get a marker back, but then your follow-up request using the marker goes to a different machine, will pagination continue smoothly? Ideally I think all markers should be portable across machines, but that's not a guarantee we provide for all calls. (The account_tx command does guarantee portability of its markers, but that's a different story.)
| @@ -46,7 +46,7 @@ static LimitRange constexpr accountObjects = {10, 200, 400}; | |||
| static LimitRange constexpr accountOffers = {10, 200, 400}; | |||
|
|
|||
| /** Limits for the book_offers command. */ | |||
| static LimitRange constexpr bookOffers = {0, 300, 400}; | |||
| static LimitRange constexpr bookOffers = {0, 60, 100}; | |||
There was a problem hiding this comment.
What happens if you specify a limit=200 for example? To my understanding, that would have been allowed in the old API but it's too large in the new API. Depending on the behavior, this may or may not be a breaking change that requires clients to be rewritten:
- If the limit is quietly clamped to the new max limit of 100, that's OK. Clients already need to assume that the API may return fewer than their specified limit.
- If the command now returns an error like rpcINVALID_PARAMS, that's a problematic breaking change.
There was a problem hiding this comment.
Limits are quietly clamped.
There was a problem hiding this comment.
These limits also are only applied to non-admin clients
No, they are not portable across servers. There is not a scenario where these changes could make markers portable, since now markers can be the index of a non-RippleState SLE, which is not allowed pre 1.8.2.
Yes, as long as all servers in the same cluster are running 1.8.2. If there are different versions of rippled running in the same cluster, then no, because markers are not portable. |
natenichols
force-pushed
the
account-rpc-limits
branch
from
cdd9601 to
d03b771
Compare
natenichols
force-pushed
the
account-rpc-limits
branch
from
dc77f16 to
f0cc98f
Compare
natenichols
force-pushed
the
account-rpc-limits
branch
from
f0cc98f to
bf540e9
Compare
High Level Overview of Change
Modifies account RPCs to enforce limits by number of account objects traversed.
Context of Change
Previously, we limited account RPCs by the number of objects returned, not the number of objects traversed. This can get expensive when traversing accounts with a lot of owned objects. This PR modifies this behavior to enforce limits based on number of objects traversed. It also slightly changes how we do markers, including the marker
startHintin the marker, similar to howaccount_objectsworks.Type of Change
Test Plan
If helpful, please describe the tests that you ran to verify your changes and provide instructions so that others can reproduce.
This section may not be needed if your change includes thoroughly commented unit tests.
Some tests had to be modified, including increasing limits and changing markers.