[ISSUE #10578] Fix master election maxOffset comparator overflow#10579
Open
Aias00 wants to merge 1 commit into
Open
[ISSUE #10578] Fix master election maxOffset comparator overflow#10579Aias00 wants to merge 1 commit into
Aias00 wants to merge 1 commit into
Conversation
DefaultElectPolicy sorted broker candidates by subtracting maxOffset values and casting the long delta to int. Large offset gaps can overflow the comparator result and rank a lower-offset broker first. This replaces subtraction with safe comparator helpers and adds a focused overflow regression test. Constraint: Preserve existing election order: higher epoch, higher maxOffset, lower electionPriority Rejected: Keep subtraction comparator | unsafe for long offset deltas greater than Integer.MAX_VALUE Confidence: high Scope-risk: narrow Tested: mvn -q -pl controller -DskipTests=false -Dtest=DefaultElectPolicyTest -Djacoco.skip=true test Tested: mvn -q -pl controller -DskipTests compile -Dspotbugs.skip=true -Dcheckstyle.skip=true Tested: mvn -q -DskipTests compile -Dspotbugs.skip=true -Dcheckstyle.skip=true Not-tested: Full controller suite on local JDK due existing JaCoCo/Hessian module-access failures Related: apache#10578
There was a problem hiding this comment.
Pull request overview
Fixes a correctness bug in the controller master-election ordering by replacing overflow-prone subtraction/casting in DefaultElectPolicy’s comparator with safe Integer.compare / Long.compare comparisons, and adds a focused regression test for the overflow scenario described in #10578.
Changes:
- Replace subtraction-based epoch/maxOffset/priority comparisons in the election comparator with
Integer.compare/Long.compareto prevent overflow and preserve intended ordering. - Add
DefaultElectPolicyTestto cover the case wheremaxOffsetdeltas exceedInteger.MAX_VALUEand ensure the higher-offset broker is elected.
Reviewed changes
Copilot reviewed 2 out of 2 changed files in this pull request and generated no comments.
| File | Description |
|---|---|
| controller/src/main/java/org/apache/rocketmq/controller/elect/impl/DefaultElectPolicy.java | Updates the broker ordering comparator to avoid overflow and keep deterministic ordering rules (epoch desc, offset desc, priority asc). |
| controller/src/test/java/org/apache/rocketmq/controller/elect/impl/DefaultElectPolicyTest.java | Adds a regression test ensuring election prefers the higher maxOffset when the offset difference exceeds Integer.MAX_VALUE. |
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
Codecov Report✅ All modified and coverable lines are covered by tests. Additional details and impacted files@@ Coverage Diff @@
## develop #10579 +/- ##
=============================================
- Coverage 48.26% 48.14% -0.12%
+ Complexity 13433 13400 -33
=============================================
Files 1378 1378
Lines 100817 100820 +3
Branches 13040 13041 +1
=============================================
- Hits 48660 48542 -118
- Misses 46211 46310 +99
- Partials 5946 5968 +22 ☔ View full report in Codecov by Harness. 🚀 New features to boost your workflow:
|
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
What changed
Fix
DefaultElectPolicymaster-election ordering to avoid integer overflow when comparing brokermaxOffsetvalues.The election comparator previously used subtraction and cast the
longoffset delta toint:When two brokers have the same epoch and their
maxOffsetdifference exceedsInteger.MAX_VALUE, the comparator can overflow and return the wrong ordering. That may cause the controller to elect a broker with a lower offset as master.This PR replaces subtraction-based comparisons with
Integer.compareandLong.compare, preserving the existing ordering rules:Fixes #10578
Why
Master election is a control-plane correctness path. A comparator overflow here can select a stale replica when broker offsets diverge by more than
Integer.MAX_VALUE.Tests
Added
DefaultElectPolicyTestcovering the overflow case:Integer.MAX_VALUEVerified locally:
mvn -q -pl controller -DskipTests=false -Dtest=DefaultElectPolicyTest -Djacoco.skip=true test mvn -q -pl controller -DskipTests compile -Dspotbugs.skip=true -Dcheckstyle.skip=true mvn -q -DskipTests compile -Dspotbugs.skip=true -Dcheckstyle.skip=trueNotes
checkstyle:checkwas not used as a gating signal because the controller module currently reports existing unrelated checkstyle violations. The targeted test and compile checks pass.