Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Consistency Violation #21

Open
dtornow opened this issue Nov 17, 2021 · 2 comments
Open

Consistency Violation #21

dtornow opened this issue Nov 17, 2021 · 2 comments

Comments

@dtornow
Copy link

dtornow commented Nov 17, 2021

Clever, but I believe the durable object still runs into a consistency violation if the clock does go backwards because the object does not persist lastTimeStamp

I could be wrong though, distributed systems are hard 🤯🤓

workers-chat-demo/src/chat.mjs

Lines 367 to 371 in 7e2972c

// Add timestamp. Here's where this.lastTimestamp comes in -- if we receive a bunch of
// messages at the same time (or if the clock somehow goes backwards????), we'll assign
// them sequential timestamps, so at least the ordering is maintained.
data.timestamp = Math.max(Date.now(), this.lastTimestamp + 1);
this.lastTimestamp = data.timestamp;

@a-robinson
Copy link
Member

a-robinson commented Nov 17, 2021
edited
Loading

That's hypothetically possible, yeah. Good point :)

Although in practice there are a bunch of defenses against it to the point where I think it's incredibly unlikely it'd ever be hit:

  • The workers runtime prevents backwards clock jumps on the system from being visible within a worker. Unless that (well-tested, fairly simple) protection breaks then the durable object would need to move between machines in order to see a backwards jump.
  • Cloudflare's edge has very well synchronized clocks -- we run a public NTP service off all of our servers, so real attention gets paid to the problem of keeping the clocks on our machines tightly in sync.
  • There's an inherent delay involved in the process of moving an object from running on one machine to another because we have to provide the guarantee that there is only one live instance of an object at a time. Without getting into specific numbers, it's quite unlikely that this will ever be less than the maximum clock offset between the machines an object is moving between.

But it wouldn't be hard to grab the timestamp off the last message when we load the most recent messages from storage, so we should probably just do that given that it's effectively free.

Thanks for checking out the example and mentioning this!

@kentonv
Copy link
Member

kentonv commented Nov 18, 2021

Yeah, could even be a good example of using blockConcurrencyWhile() in the constructor...

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@dtornow @kentonv @a-robinson