elfringham
diff --git a/‎3rdParty/rocksdb/6.8/util/heap.h
Lines changed: 3 additions & 1 deletion b/‎3rdParty/rocksdb/6.8/util/heap.h
Lines changed: 3 additions & 1 deletion
diff --git a/‎CHANGELOG
Lines changed: 12 additions & 0 deletions b/‎CHANGELOG
Lines changed: 12 additions & 0 deletions
diff --git a/‎arangod/Indexes/Index.cpp
Lines changed: 2 additions & 2 deletions b/‎arangod/Indexes/Index.cpp
Lines changed: 2 additions & 2 deletions
diff --git a/‎arangod/Indexes/Index.h
Lines changed: 3 additions & 3 deletions b/‎arangod/Indexes/Index.h
Lines changed: 3 additions & 3 deletions
diff --git a/‎arangod/Replication/DatabaseInitialSyncer.cpp
Lines changed: 56 additions & 37 deletions b/‎arangod/Replication/DatabaseInitialSyncer.cpp
Lines changed: 56 additions & 37 deletions
diff --git a/‎arangod/RestHandler/RestReplicationHandler.cpp
Lines changed: 2 additions & 2 deletions b/‎arangod/RestHandler/RestReplicationHandler.cpp
Lines changed: 2 additions & 2 deletions
diff --git a/‎arangod/RocksDBEngine/CMakeLists.txt
Lines changed: 1 addition & 0 deletions b/‎arangod/RocksDBEngine/CMakeLists.txt
Lines changed: 1 addition & 0 deletions
@@ -72,7 +72,9 @@ class BinaryHeap {
 
   void pop() {
     assert(!empty());
-    data_.front() = std::move(data_.back());
+    if (data_.size() > 1) {
+      data_.front() = std::move(data_.back());
+    }
     data_.pop_back();
     if (!empty()) {
       downheap(get_root());
 
@@ -1,6 +1,18 @@
 devel
 -----
 
+* Fixed replication bug in MerkleTree sync protocol, which could lead to
+  data corruption. The visible effect was that shards could no longer get
+  in sync since the counts would not match after sync, even after a recount.
+  This corruption only happened if there were large amounts of differences
+  (at least 65537) and the destination side had newer revisions for some
+  keys than the source side.
+
+* Fixed a RocksDB bug which could lead to an assertion failure when compiling
+  with STL debug mode -D_GLIBCXX_DEBUG.
+
+* Fixed a rare internal buffer overflow around ridBuffers.
+
 * Issue #13141: The `move-filters-into-enumerate` optimization, when applied to
   an EnumerateCollectionNode (i.e. full collection scan), did not do regular
   checks for the query being killed during the filtering of documents, resulting
 
@@ -1015,11 +1015,11 @@ void Index::warmup(arangodb::transaction::Methods*, std::shared_ptr<basics::Loca
 
 /// @brief generate error message
 /// @param key the conflicting key
-Result& Index::addErrorMsg(Result& r, std::string const& key) {
+Result& Index::addErrorMsg(Result& r, std::string const& key) const {
   return r.withError([this, &key](result::Error& err) { addErrorMsg(err, key); });
 }
 
-void Index::addErrorMsg(result::Error& r, std::string const& key) {
+void Index::addErrorMsg(result::Error& r, std::string const& key) const {
   // now provide more context based on index
   r.appendErrorMessage(" - in index ");
   r.appendErrorMessage(name());
 
@@ -443,7 +443,7 @@ class Index {
   /// @param code the error key
   /// @param key the conflicting key
   arangodb::Result& addErrorMsg(Result& r, ErrorCode code,
-                                std::string const& key = "") {
+                                std::string const& key = "") const {
     if (code != TRI_ERROR_NO_ERROR) {
       r.reset(code);
       return addErrorMsg(r, key);
@@ -453,8 +453,8 @@ class Index {
 
   /// @brief generate error result
   /// @param key the conflicting key
-  arangodb::Result& addErrorMsg(Result& r, std::string const& key = "");
-  void addErrorMsg(result::Error& err, std::string const& key);
+  arangodb::Result& addErrorMsg(Result& r, std::string const& key = "") const;
+  void addErrorMsg(result::Error& err, std::string const& key) const;
 
   /// @brief extracts a timestamp value from a document
   /// returns a negative value if the document does not contain the specified
 
@@ -170,9 +170,8 @@ arangodb::Result fetchRevisions(arangodb::transaction::Methods& trx,
       "&batchId=" + std::to_string(config.batch.id);
   auto headers = arangodb::replutils::createHeaders();
 
-  std::string msg = "fetching documents by revision for collection '" +
-                    collection.name() + "' from " + url;
-  config.progress.set(msg);
+  config.progress.set("fetching documents by revision for collection '" +
+                      collection.name() + "' from " + url);
 
   auto removeConflict = [&](auto const& conflictingKey) -> Result {
     keyBuilder->clear();
@@ -187,10 +186,18 @@ arangodb::Result fetchRevisions(arangodb::transaction::Methods& trx,
     return res;
   };
 
+  std::size_t numUniqueIndexes = [&]() {
+    std::size_t numUnique = 0;
+    for (auto const& idx : collection.getIndexes()) {
+      numUnique += idx->unique() ? 1 : 0;
+    }
+    return numUnique;
+  }();
+
   std::size_t current = 0;
   auto guard = arangodb::scopeGuard(
       [&current, &stats]() -> void { stats.numDocsRequested += current; });
-  char ridBuffer[11];
+  char ridBuffer[arangodb::basics::maxUInt64StringSize];
   std::unique_ptr<arangodb::httpclient::SimpleHttpResult> response;
   while (current < toFetch.size()) {
     arangodb::transaction::BuilderLeaser requestBuilder(&trx);
@@ -230,6 +237,8 @@ arangodb::Result fetchRevisions(arangodb::transaction::Methods& trx,
                             config.leader.endpoint, url,
                             ": response is not an array"));
     }
+  
+    config.progress.set("applying documents by revision for collection '" + collection.name() + "'");
 
     for (VPackSlice leaderDoc : VPackArrayIterator(docs)) {
       if (!leaderDoc.isObject()) {
@@ -254,41 +263,50 @@ arangodb::Result fetchRevisions(arangodb::transaction::Methods& trx,
                           ": document revision is invalid");
       }
 
-      TRI_ASSERT(options.indexOperationMode == arangodb::IndexOperationMode::internal);
-
-      Result res = physical->insert(&trx, leaderDoc, mdr, options);
-      
-      if (res.fail()) {
-        if (res.is(TRI_ERROR_ARANGO_UNIQUE_CONSTRAINT_VIOLATED) &&
-            res.errorMessage() > keySlice.stringView()) {
-          arangodb::RevisionId rid = arangodb::RevisionId::fromSlice(leaderDoc);
-          if (physical->readDocument(&trx, arangodb::LocalDocumentId(rid.id()), mdr)) {
-            // already have exactly this revision no need to insert
-            continue;
-          }
-          // remove conflict and retry
-          // errorMessage() is this case contains the conflicting key
-          auto inner = removeConflict(res.errorMessage());
-          if (inner.fail()) {
-            return res;
-          }
+      options.indexOperationMode = arangodb::IndexOperationMode::internal;
+
+      // we need a retry loop here for unique indexes (we will always have at least
+      // one unique index, which is the primary index, but there can be more). as 
+      // documents can be presented in any state on the follower, simply inserting
+      // them in leader order may trigger a unique constraint violation on the follower.
+      // in this case we may need to remove the conflicting document. this can 
+      // happen multiple times if there are multiple unique indexes! we can only
+      // stop trying once we have tried often enough, or if inserting succeeds.
+      std::size_t tries = 1 + numUniqueIndexes;
+      while (tries-- > 0) {
+        if (tries == 0) {
           options.indexOperationMode = arangodb::IndexOperationMode::normal;
-          res = physical->insert(&trx, leaderDoc, mdr, options);
+        }
+
+        Result res = physical->insert(&trx, leaderDoc, mdr, options);
 
-          options.indexOperationMode = arangodb::IndexOperationMode::internal;
-          if (res.fail()) {
-            return res;
-          }
-          // fall-through
-        } else {
+        options.indexOperationMode = arangodb::IndexOperationMode::internal;
+
+        if (res.ok()) {
+          ++stats.numDocsInserted;
+          break;
+        }
+
+        if (!res.is(TRI_ERROR_ARANGO_UNIQUE_CONSTRAINT_VIOLATED)) {
           auto errorNumber = res.errorNumber();
           res.reset(errorNumber, concatT(TRI_errno_string(errorNumber), ": ",
                                          res.errorMessage()));
           return res;
         }
-      }
 
-      ++stats.numDocsInserted;
+        arangodb::RevisionId rid = arangodb::RevisionId::fromSlice(leaderDoc);
+        if (physical->readDocument(&trx, arangodb::LocalDocumentId(rid.id()), mdr)) {
+          // already have exactly this revision no need to insert
+          break;
+        }
+
+        // remove conflict and retry
+        // errorMessage() is this case contains the conflicting key
+        auto inner = removeConflict(res.errorMessage());
+        if (inner.fail()) {
+          return res;
+        }
+      }
     }
     current += docs.length();
   }
@@ -1145,8 +1163,7 @@ Result DatabaseInitialSyncer::fetchCollectionSyncByKeys(arangodb::LogicalCollect
 
     if (!res.ok()) {
       return Result(res.errorNumber(),
-                    concatT("unable to start transaction (", __FILE__, ":",
-                            __LINE__, "): ", res.errorMessage()));
+                    concatT("unable to start transaction: ", res.errorMessage()));
     }
 
     OperationOptions options;
@@ -1260,8 +1277,7 @@ Result DatabaseInitialSyncer::fetchCollectionSyncByRevisions(arangodb::LogicalCo
 
       if (!res.ok()) {
         return Result(res.errorNumber(),
-                      concatT("unable to start transaction (", __FILE__, ":",
-                              __LINE__, "): ", res.errorMessage()));
+                      concatT("unable to start transaction: ", res.errorMessage()));
       }
 
       OperationOptions options;
@@ -1315,7 +1331,10 @@ Result DatabaseInitialSyncer::fetchCollectionSyncByRevisions(arangodb::LogicalCo
     }
     return Result(ex.code());
   }
-  trx->addHint(Hints::Hint::NO_INDEXING);
+
+  // we must be able to read our own writes here - otherwise the end result
+  // can be wrong. do not enable NO_INDEXING here!
+  
   // turn on intermediate commits as the number of keys to delete can be huge
   // here
   trx->addHint(Hints::Hint::INTERMEDIATE_COMMITS);
@@ -1355,7 +1374,7 @@ Result DatabaseInitialSyncer::fetchCollectionSyncByRevisions(arangodb::LogicalCo
   {
     VPackBuilder requestBuilder;
     {
-      char ridBuffer[11];
+      char ridBuffer[arangodb::basics::maxUInt64StringSize];
       VPackArrayBuilder list(&requestBuilder);
       for (auto& pair : ranges) {
         VPackArrayBuilder range(&requestBuilder);
 
@@ -1524,7 +1524,7 @@ Result RestReplicationHandler::parseBatch(transaction::Methods& trx,
           if (generateNewRevisionIds && 
               !isKey && 
               arangodb::velocypack::StringRef(it.key) == StaticStrings::RevString) {
-            char ridBuffer[11];
+            char ridBuffer[arangodb::basics::maxUInt64StringSize];
             RevisionId newRid = physical->newRevisionId();
             documentsToInsert.add(newRid.toValuePair(ridBuffer));
           } else {
@@ -3059,7 +3059,7 @@ void RestReplicationHandler::handleCommandRevisionRanges() {
     };
     setRange(current);
 
-    char ridBuffer[11];
+    char ridBuffer[arangodb::basics::maxUInt64StringSize];
     {
       TRI_ASSERT(response.isOpenObject());
       VPackArrayBuilder rangesGuard(&response, StaticStrings::RevisionTreeRanges);
 
@@ -79,6 +79,7 @@ set(ROCKSDB_SOURCES
   RocksDBEngine/RocksDBRestHandlers.cpp
   RocksDBEngine/RocksDBRestReplicationHandler.cpp
   RocksDBEngine/RocksDBRestWalHandler.cpp
+  RocksDBEngine/RocksDBSavePoint.cpp
   RocksDBEngine/RocksDBSettingsManager.cpp
   RocksDBEngine/RocksDBSyncThread.cpp
   RocksDBEngine/RocksDBTransactionCollection.cpp