fix(ordermatch): treat SyncPubkeyOrderbookState None as Unavailable (no-ban); add TODO

shamardy · shamardy · commit f69b6901291e · 2025-09-27T02:13:46.000+03:00
diff --git a/mm2src/mm2_main/src/lp_ordermatch.rs b/mm2src/mm2_main/src/lp_ordermatch.rs
@@ -543,11 +543,27 @@ async fn process_orders_keep_alive(
             );
         },
         Ok(None) => {
-            // Peer responded but returned None for a diff request; classify as InvalidOrIncomplete.
-            // This is unexpected for SyncPubkeyOrderbookState.
-            had_response = true;
+            // Peer responded but returned None for a diff request; treat as Unavailable (no-ban).
+            // Rationale: None means the responder currently has no pubkey_state for this pubkey.
+            // This avoids misclassifying forwarders that lost state due to GC/restart/null-root cleanup races.
+            //
+            // TODO(sync-none):
+            // Investigate and harden all code paths that can make a responder unable to serve Sync (Ok(None)/Err):
+            // 1) Null‑root keep‑alive: today we clear per‑pair history immediately (remove_pubkey_pair_orders).
+            // - Proposal: preserve history and let it expire via TRIE_STATE_HISTORY_TIMEOUT instead of dropping it.
+            // - Verify we can still serve exact from→to deltas (incl. to null) during the TTL window.
+            // 2) Cancel‑order races: KA → Cancel shortly after.
+            // - Confirm cancel paths keep per‑pair history (they should) and do not trigger pubkey GC too soon.
+            // - Consider refreshing liveness (pair_last_seen_local) on cancel and null‑root KA so a pubkey with empty pairs isn’t GC’d immediately.
+            // 3) GC interaction: pubkey_state removed when all pairs are stale.
+            // - Consider a pubkey‑level last_seen updated on any maker message (KA/Cancel/Update) and include it in the GC decision.
+            // 4) Serving empty roots: if pubkey_state is missing and all expected_roots are null, serve FullTrie([]) instead of returning None.
+            // 5) Instrumentation to confirm root causes:
+            // - On Ok(None): log pubkey, whether pubkey_state exists, known pairs/roots for that pubkey, and expected_roots summary.
+            // - Around null‑root KA and cancel: log pair, old/new root, history length after the operation, and liveness timestamps.
+            // - Add counters: sync_none, sync_unavailable, from_history_hits, fulltrie_fallbacks, memdb_purge_errors.
             warn!(
-                "SyncPubkeyOrderbookState request to {} returned None; treating as InvalidOrIncomplete",
+                "SyncPubkeyOrderbookState request to {} returned None; treating as Unavailable (no-ban)",
                 propagated_from
             );
         },
