[consensus] only wait to replay until highest consumer processed commit

[mwtian]

Description

Currently, CommitConsumerMonitor::replay_complete() waits until all local commits found during initialization gets processed through handle_consensus_commit(). But a suffix of local commits may not have been finalized before. These commits can only be finalized with new commits, after consensus starts running. So the waiter can wait for a long time.

This change makes the waiter only wait until the last commit index handle_consensus_commit() finished processing, which is guaranteed to be finalized in local DAG. Then the waiter should not wait for too long on restart.

Also, record finalized commit refs and their rejected transactions. They will be used during recovery to identify the commits which have enough blocks in local DAG to finalize them. In future, they will be used to verify rejected transactions are computed correctly during recovery.

Test plan

CI

TRANSACTION_DRIVER=50 python ./scripts/simtest/seed-search.py test_simulated_load_reconfig_with_crashes_and_delays --test simtest --num-seeds 500

---

Release notes

Check each box that your changes affect. If none of the boxes relate to your changes, release notes aren't required.

For each box you select, include information after the relevant heading that describes the impact of your changes that a user might notice and any actions they must take to implement updates.

• Protocol:
• Nodes (Validators and Full nodes):
• gRPC:
• JSON-RPC:
• GraphQL:
• CLI:
• Rust SDK:

[vercel]

The latest updates on your projects. Learn more about Vercel for Git ↗︎

Name	Status	Preview	Comments	Updated (UTC)
sui-docs	✅ Ready (Inspect)	Visit Preview	💬 Add feedback	Jul 25, 2025 5:26am

2 Skipped Deployments

Name	Status	Preview	Comments	Updated (UTC)
multisig-toolkit	⬜️ Ignored (Inspect)	Visit Preview		Jul 25, 2025 5:26am
sui-kiosk	⬜️ Ignored (Inspect)	Visit Preview		Jul 25, 2025 5:26am

[mwtian]

This is needed to mitigate incorrectly finalize transactions in recovered commits.

[arun-koshy]

I am not sure how this fixes the issue? We only persist finalized commits to store so recovering finalized commits should be able to be reprocessed correctly. What information is missing to be able to properly finalize transactions in recovered commits?

sui/consensus/core/src/commit_finalizer.rs

Lines 118 to 124 in 6fe223c

	if !finalized_commits.is_empty() {
	// Commits and committed blocks must be persisted to storage before sending them to Sui
	// to execute their finalized transactions.
	// Commit metadata and uncommitted blocks can be persisted more lazily because they are recoverable.
	// But for simplicity, all unpersisted commits and blocks are flushed to storage.
	self.dag_state.write().flush();
	}

[mwtian]

Chatted offline. Today for simplicity both finalized and non-finalized commits are persisted. But a suffix of commits may not have been finalized, and they don't have enough info in local dag to optimistically finalize transactions.

[arun-koshy]

Approving to unblock fixing the original issue of reducing delay in rebuilding checkpoints which looks good, but I still have an open question on how this fixes incorrect finalization

[arun-koshy]

I am not sure how this fixes the issue? We only persist finalized commits to store so recovering finalized commits should be able to be reprocessed correctly. What information is missing to be able to properly finalize transactions in recovered commits?

sui/consensus/core/src/commit_finalizer.rs

Lines 118 to 124 in 6fe223c

	if !finalized_commits.is_empty() {
	// Commits and committed blocks must be persisted to storage before sending them to Sui
	// to execute their finalized transactions.
	// Commit metadata and uncommitted blocks can be persisted more lazily because they are recoverable.
	// But for simplicity, all unpersisted commits and blocks are flushed to storage.
	self.dag_state.write().flush();
	}

[akichidis]

💯

[akichidis]

nit: maybe this could be something more directly with how this sub dag has been committed? Ex:

• committed_with_local_certificate
• commit_certificate_exists_locally
• leader_certificate_exists_locally

[mwtian]

Good ideas.

[akichidis]

Do we intend to use somewhere the rejected transaction indexes?

[mwtian]

Yes, let me follow up with verification. Also they can be used for debugging if needed.

[akichidis]

nit: restart_after_commit -> replay_after_commit ?