Track superseded mempool errors separately#4385
Conversation
tilacog
force-pushed
the
mempool-metric-superseded
branch
2 times, most recently
from
a798fc3 to
9905e6e
Compare
This comment was marked as outdated.
This comment was marked as outdated.
When `Mempools::execute()` runs mempools in parallel, errors from mempools
whose results were discarded after another mempool succeeded were still
recorded against `driver_mempool_submission`, biasing the per-mempool
success ratio with timing-dependent shadowed failures.
Replace `select_ok` with `FuturesUnordered` + manual loop so observation
runs in the consuming context. Errors that occur before another mempool
succeeds are now recorded under a new `Superseded` label via
`observe::mempool_superseded`, which also records the winning mempool in
the trace fields. Errors in the all-failed case keep their existing
labels (Revert / Expired / Other / Disabled).
Alert query update needed when deploying:
sum by (network) (increase(driver_mempool_submission{cow_fi_environment="prod",result="Success"}[2h]))
/
sum by (network) (increase(driver_mempool_submission{cow_fi_environment="prod",result!~"Disabled|Superseded"}[2h])) < 0.6
`mempool_executed` took a `Result<&SubmissionSuccess, &mempools::Error>` and re-matched the same discriminant several times to pick the log level, metric label, and block-passed labels. Replace it with two functions, `mempool_succeeded(&SubmissionSuccess)` and `mempool_failed(&mempools::Error)`, so each branch is straight-line and call sites pick the correct observer directly. Behavior and emitted metrics are unchanged.
tilacog
force-pushed
the
mempool-metric-superseded
branch
from
9905e6e to
d9fb0cb
Compare
fleupold
left a comment
fleupold
left a comment
There was a problem hiding this comment.
Is there a reason you are not using the PR template for the description?
I agree with the change, however I'd like to suggest that we interpret "superseeded" events as success wrt. how you envision to change the metric. A superseeded submission should be considered a successful one.
This way we receive N (# of mempool) events in the happy case, and N events in the failure case allowing us to keep our alert metric as a ratio of successful to failed ones (otherwise failed events would be weighted N times more than successful ones).
Every loser in a mempool race is now marked Superseded, whether it failed before the winner finished or was still in flight when the winner landed. The old code only labelled already-failed losers as superseded and quietly dropped ones still in flight; the shadowed_errors accumulator that carried their errors across is gone. Minor cleanup: - Error::blocks_passed on the domain type returns the block delta from submission to the terminal event for variants that carry block-level timing. This replaces the inline match in mempool_failed. - error_label is shared between mempool_failed and the per-attempt counter so the Prometheus labels stay in sync. The all-failed path also swaps the expect for an explicit Error::Other fallback instead of panicking on the (currently unreachable) empty-errors case.
Apologies, I was in a rush and didn't account for that. I've updated the description to match the template.
Agree. I've adjusted the suggested metric. |
![gemini-code-assist[bot]](https://avatars.githubusercontent.com/in/956858?s=60&v=4){kind=small}
There was a problem hiding this comment.
Code Review
This pull request refactors the mempool execution logic to use FuturesUnordered, enabling more detailed tracking of success, failure, and superseded states. It also adds a blocks_passed method to the Error enum for improved block-level timing metrics. A high-severity logic error was identified where disabled mempools are incorrectly reported as 'Superseded' if another mempool wins the race, which would artificially inflate success rate metrics. A correction was suggested to preserve the 'Disabled' status during the racing process.
Disabled is a configuration skip, not a submission failure. Split it into its own observer so failure-rate metrics aren't polluted.
Co-authored-by: José Duarte <15343819+jmg-duarte@users.noreply.github.com>
We've established this during the review, fixing this small regression
Replace the pre-race disabled filter with an Outcome enum that records per-mempool state (Pending/Success/Failed/Disabled) as futures settle. update_metrics observes per-mempool labels after the race, and reconstruct_result collapses the stats into the caller's Result — first Success in config order wins, else first non-Disabled error, else Error::Disabled. This makes the surfaced error deterministic and keeps Disabled out of the Superseded bucket.
|
Ok, here's what I landed on after addressing @MartinquaXD's comments: I didn't use a Dashmap or Hashmap because hashing I had to use So I followed the suggestions as closely as I could: I used an I think this is in good shape to merge. If we don't see any correctness issues, I'd recommend merging right away and improving the code later, because I think this will help with our current alerts on high mempool submission errors. |
Short-circuits on the first Success instead of carrying it through the remaining outcomes. Drops the manual_try_fold allow since fold_while expresses the state machine directly.
MartinquaXD
left a comment
MartinquaXD
left a comment
There was a problem hiding this comment.
It seems like logging the submission outcome and updating the labels in a single function lands you in hot water. I think the least invasive solution would be:
- keep using
select_ok() - log result in
select_ok() - have 1 generic function that increments the metric for a given mempool based on the given
Outcome.
| while let Some((idx, outcome)) = submission_futures.next().await { | ||
| stats[idx] = outcome | ||
| } |
There was a problem hiding this comment.
AFAICS there is no need to introduce the FuturesUnordered. Using select_ok() protects us from the case where there is already some future that returned success but some other futures gets stuck and doesn't finish.
let mut stats: Vec<Outcome> = std::iter::repeat_with(|| Outcome::Pending)
.take(self.mempools.len())
.collect();
let res = select_ok(
self.mempools
.iter()
.zip(stats.iter_mut())
.map(|(mempool, stat)| {
async move {
let result = self
.submit(mempool, settlement, submission_deadline, mode)
.instrument(tracing::info_span!("mempool", kind = mempool.to_string()))
.await;
*stat = Outcome::from(&result);
result
}
.boxed()
}),
)
.await;
self.update_metrics(settlement, &stats);
Ok(res?.0.tx_hash)There was a problem hiding this comment.
Good call, thanks!
I really missed the short-circuiting logic between the last commits.
(I'll revisit this note after considering your suggestion for splitting logs and metrics, so what follows is just the initial part of the fix)
I'm afraid we really need FuturesUnordered here, under the premise that Outcome owns submit results. The reason is we can’t create an Outcome from a &result inside an async task sent to select_ok, because:
- It’s short-lived, so we can’t borrow it.
- We can’t clone it, since
anyhow::Errorisn’tClone.
The current approach moves error values back and forth. Using FuturesUnordered lets us pull results into the caller’s scope, move them into Outcome, and then extract them again to build the expected return for execute.
To preserve the safety you mentioned, I added a small follow-up in 1cf8033 to exit the while let loop early, reproducing the previous select_ok behavior.
Let me know if I’m missing anything!
There was a problem hiding this comment.
Martin and I had a quick sync, and we decided on the this next set of changes:
- We will split the code paths for logs and metrics. This will simplify the creation of
Outcomevalues, which can then become stateless enums (meaning they can be assigned from within theselect_ok!task scope. (So no need forFuturesUnorderedanymore) - We should log all errors, even if their submissions turn out to be superseded in the round.
- It's OK to use mempool names as their IDs (we already do this for the metric labels)
- After all that, we can simplify the
statsvector creation.
| /// two sets of values: 1) a few errors, a success and some pending, | ||
| /// disabled; or 2) all errors plus disabled. | ||
| fn update_metrics(&self, settlement: &Settlement, stats: &[Outcome]) { | ||
| // SAFETY: using `zip_eq` instead of `zip` here to catch regressions early on |
There was a problem hiding this comment.
This function looks very complicated. Wouldn't something like this also work?
let some_submission_successful = stats
.iter()
.any(|outcome| matches!(outcome, Outcome::Success(_)));
for (mempool, outcome) in self.mempools.iter().zip_eq(stats.iter()) {
match outcome {
Outcome::Failed(error) if some_submission_successful => {
// if there was a successful submission we assume the errors are
// false-positivies due to race conditions during the
// submission.
observe::mempool_outcome(mempool, Outcome::Superseeded),
}
_ => observe::mempool_outcome(mempool, outcome),
}
}There was a problem hiding this comment.
Thanks for the suggestion. Addressed in 3551bb6
| /// Label used for the `mempool_submission` metric when submission succeeds. | ||
| const MEMPOOL_SUBMISSION_SUCCESS_LABEL: &str = "Success"; |
There was a problem hiding this comment.
You could have a single function like metric_label(&Outcome) which contains those strings inside and calls err.metric_label().
Collapses the winner/no-winner branches into a single loop. Moves per-variant dispatch to `Outcome::observe`, reusing `Pending` as the "lost the race" marker so no synthetic enum variant is needed. `mempool_superseded` drops its now-unused `winner` argument.
Previously the loop awaited every submission future before returning. A stuck mempool future would hang `execute` indefinitely even after another mempool already succeeded. Break on the first Success; remaining futures stop being polled and their slots stay `Pending`, which `update_metrics` already reports as `Superseded`.
The `'static` bound was unnecessary — these functions only read the slice to pass it as a metric label. Drop it so callers aren't forced to provide a static lifetime. The label producer (`Outcome::metric_label`) still returns `&'static str`.
Drop `FuturesUnordered` + manual break-on-success in favor of `select_ok`, which already protects against a stuck future hanging the race, returns the first success or last error directly, and writes each outcome into its pre-allocated `stats` slot via `iter_mut`. `reconstruct_result` is gone. Split observability so errors from mempools that later get superseded still surface in logs. `observe::mempool_log` runs inline from each racing task and only logs. `observe::mempool_submission_result` runs once per mempool from `update_metrics` after the race resolves and emits both Prometheus counters (`mempool_submission` and `mempool_submission_results_blocks_passed`) with one shared label, so the two cannot drift on the `Failed`->`Superseded` reclassification. `Outcome` carries the data each state has: `Success` and `Failed` own `blocks_passed`; `Failed` also carries a stateless `FailureReason` enum for the `Revert`/`Expired`/`Other` subtype label. The exhaustive `From<&Result<...>>` impl makes the compiler reject any new `Error` variant that hasn't been classified.
MartinquaXD
left a comment
MartinquaXD
left a comment
There was a problem hiding this comment.
The diff is still larger than anticipated but that seems due to some existing code being moved into separate functions and some re-formatting which is alright.
The actual logic change is now very small.
Already approving as the last comments are mostly nits.
| // practice). | ||
| for (mempool, &outcome) in self.mempools.iter().zip_eq(stats.iter()) { | ||
| let label = match outcome { | ||
| Outcome::Failed { .. } if winner_exists => "Superseded", |
There was a problem hiding this comment.
This string literal has the risk of drifting. I think the less error prone option would be to rename Pending to Superseded and do Outcome::Superseded.metric_label() instead of the string literal here.
| #[derive(Clone, Copy)] | ||
| enum FailureReason { |
There was a problem hiding this comment.
Given that we only capture the FailureReason as a label to increase metrics with having a full enum here seems a little much. Directly storing a String or &'static str in the Failed variant seems to be sufficient.
| #[derive(Clone, Copy)] | ||
| enum Outcome { |
There was a problem hiding this comment.
nit: pet peeve of Jose's is that there should not be a bunch of other stuff between struct and impl blocks (in this case of Mempools).
Eliminates a drifting string literal: the metric layer reads Outcome::Superseded.metric_label() instead of hardcoding "Superseded".
The FailureReason enum existed only to feed a metric label; storing the label string directly removes a layer of indirection.
Keep struct and its impl block adjacent.
4 participants
Description
Mempools::execute()races configured mempools concurrently and returns the first one that succeeds. Previously, errors from mempools that lost the race were counted as real failures, even though the overall submission was successful. Dropped mempools were never recorded.This skewed mempool counts by both:
This PR keeps the racing behavior but changes how outcomes interact with the metrics.
Changes
Behavior
Successmetric for the winning mempool andSupersededfor every other configured mempool.Failedmetric for each one of them.Code specific (all in
crates/driver)domain/mempools.rs:Outcomeenum, representing the bare outcome of a mempool submission.Mempools::executedefers updating the metrics afterselect_okresolves (once it has all the relevantOutcomes).infra/observe/mod.rs:mempool_executedwith two narrower helpers:mempool_log: emits only the per-attempt log line, no metrics.mempool_submission_result: increases the metricdriver_mempool_submissioncounter (and the..._blocks_passedand counter when timing is known) using the final, reclassified label produced byupdate_metrics.How to test
Existing driver unit tests cover the race semantics; this PR does not change the externally observable submission outcome, only how observation is sequenced and labeled. To verify manually:
result="Success"increment for the winner and oneresult="Superseded"increment for the loser; noRevert/Expired/Otherfrom the loser.Supersededfailure label.Alert query update needed when deploying
Per-mempool success counts both wins and races-lost (so happy and failure paths both emit N events for N configured mempools, keeping the ratio symmetric).
Supersededstays a separate label so dashboards can still distinguish wins from race-losses (and race-losses-that-errored) per mempool.