npm - tigerbeetle-node - Versions diffs - 0.5.2 → 0.8.1 - Mend

tigerbeetle-node 0.5.2 → 0.8.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (61) hide show

package/README.md +97 -78
package/dist/benchmark.js +96 -94
package/dist/benchmark.js.map +1 -1
package/dist/index.d.ts +82 -82
package/dist/index.js +74 -93
package/dist/index.js.map +1 -1
package/dist/test.js +134 -111
package/dist/test.js.map +1 -1
package/package.json +3 -2
package/scripts/download_node_headers.sh +3 -1
package/src/benchmark.ts +114 -118
package/src/index.ts +102 -111
package/src/node.zig +55 -63
package/src/test.ts +146 -125
package/src/tigerbeetle/scripts/benchmark.bat +46 -0
package/src/tigerbeetle/scripts/benchmark.sh +5 -0
package/src/tigerbeetle/scripts/install_zig.bat +109 -109
package/src/tigerbeetle/scripts/install_zig.sh +8 -4
package/src/tigerbeetle/scripts/vopr.bat +47 -47
package/src/tigerbeetle/scripts/vopr.sh +2 -2
package/src/tigerbeetle/src/benchmark.zig +65 -102
package/src/tigerbeetle/src/cli.zig +39 -18
package/src/tigerbeetle/src/config.zig +44 -25
package/src/tigerbeetle/src/demo.zig +2 -15
package/src/tigerbeetle/src/demo_01_create_accounts.zig +10 -10
package/src/tigerbeetle/src/demo_03_create_transfers.zig +5 -3
package/src/tigerbeetle/src/{demo_04_create_transfers_two_phase_commit.zig → demo_04_create_pending_transfers.zig} +18 -12
package/src/tigerbeetle/src/demo_05_post_pending_transfers.zig +37 -0
package/src/tigerbeetle/src/demo_06_void_pending_transfers.zig +24 -0
package/src/tigerbeetle/src/demo_07_lookup_transfers.zig +1 -1
package/src/tigerbeetle/src/io/benchmark.zig +24 -49
package/src/tigerbeetle/src/io/darwin.zig +175 -44
package/src/tigerbeetle/src/io/linux.zig +177 -72
package/src/tigerbeetle/src/io/test.zig +61 -39
package/src/tigerbeetle/src/io/windows.zig +1161 -0
package/src/tigerbeetle/src/io.zig +2 -0
package/src/tigerbeetle/src/main.zig +31 -10
package/src/tigerbeetle/src/message_bus.zig +49 -61
package/src/tigerbeetle/src/message_pool.zig +66 -57
package/src/tigerbeetle/src/ring_buffer.zig +55 -3
package/src/tigerbeetle/src/simulator.zig +108 -12
package/src/tigerbeetle/src/state_machine.zig +1813 -816
package/src/tigerbeetle/src/storage.zig +0 -230
package/src/tigerbeetle/src/test/cluster.zig +168 -38
package/src/tigerbeetle/src/test/message_bus.zig +4 -3
package/src/tigerbeetle/src/test/network.zig +13 -16
package/src/tigerbeetle/src/test/packet_simulator.zig +14 -1
package/src/tigerbeetle/src/test/state_checker.zig +6 -3
package/src/tigerbeetle/src/test/state_machine.zig +8 -7
package/src/tigerbeetle/src/test/storage.zig +99 -40
package/src/tigerbeetle/src/tigerbeetle.zig +108 -101
package/src/tigerbeetle/src/time.zig +58 -11
package/src/tigerbeetle/src/vsr/client.zig +18 -32
package/src/tigerbeetle/src/vsr/clock.zig +1 -1
package/src/tigerbeetle/src/vsr/journal.zig +1388 -464
package/src/tigerbeetle/src/vsr/replica.zig +1340 -576
package/src/tigerbeetle/src/vsr.zig +452 -40
package/src/translate.zig +10 -0
package/src/tigerbeetle/src/demo_05_accept_transfers.zig +0 -23
package/src/tigerbeetle/src/demo_06_reject_transfers.zig +0 -17
package/src/tigerbeetle/src/format_test.zig +0 -69

package/src/tigerbeetle/src/state_machine.zig CHANGED Viewed

@@ -1,5 +1,7 @@
 const std = @import("std");
 const assert = std.debug.assert;
+const math = std.math;
+const mem = std.mem;
 const log = std.log.scoped(.state_machine);
 const tb = @import("tigerbeetle.zig");
@@ -10,49 +12,43 @@ const AccountFlags = tb.AccountFlags;
 const Transfer = tb.Transfer;
 const TransferFlags = tb.TransferFlags;
-const Commit = tb.Commit;
-const CommitFlags = tb.CommitFlags;
 const CreateAccountsResult = tb.CreateAccountsResult;
 const CreateTransfersResult = tb.CreateTransfersResult;
-const CommitTransfersResult = tb.CommitTransfersResult;
 const CreateAccountResult = tb.CreateAccountResult;
 const CreateTransferResult = tb.CreateTransferResult;
-const CommitTransferResult = tb.CommitTransferResult;
 const LookupAccountResult = tb.LookupAccountResult;
 const HashMapAccounts = std.AutoHashMap(u128, Account);
 const HashMapTransfers = std.AutoHashMap(u128, Transfer);
-const HashMapCommits = std.AutoHashMap(u128, Commit);
+const HashMapPosted = std.AutoHashMap(u128, bool);
 pub const StateMachine = struct {
     pub const Operation = enum(u8) {
         /// Operations reserved by VR protocol (for all state machines):
         reserved,
-        init,
+        root,
         register,
         /// Operations exported by TigerBeetle:
         create_accounts,
         create_transfers,
-        commit_transfers,
         lookup_accounts,
         lookup_transfers,
     };
-    allocator: std.mem.Allocator,
+    allocator: mem.Allocator,
     prepare_timestamp: u64,
     commit_timestamp: u64,
     accounts: HashMapAccounts,
     transfers: HashMapTransfers,
-    commits: HashMapCommits,
+    posted: HashMapPosted,
     pub fn init(
-        allocator: std.mem.Allocator,
+        allocator: mem.Allocator,
         accounts_max: usize,
         transfers_max: usize,
-        commits_max: usize,
+        transfers_pending_max: usize,
     ) !StateMachine {
         var accounts = HashMapAccounts.init(allocator);
         errdefer accounts.deinit();
@@ -62,12 +58,9 @@ pub const StateMachine = struct {
         errdefer transfers.deinit();
         try transfers.ensureTotalCapacity(@intCast(u32, transfers_max));
-        var commits = HashMapCommits.init(allocator);
-        errdefer commits.deinit();
-        try commits.ensureTotalCapacity(@intCast(u32, commits_max));
-        // TODO After recovery, set prepare_timestamp max(wall clock, op timestamp).
-        // TODO After recovery, set commit_timestamp max(wall clock, commit timestamp).
+        var posted = HashMapPosted.init(allocator);
+        errdefer posted.deinit();
+        try posted.ensureTotalCapacity(@intCast(u32, transfers_pending_max));
         return StateMachine{
             .allocator = allocator,
@@ -75,21 +68,20 @@ pub const StateMachine = struct {
             .commit_timestamp = 0,
             .accounts = accounts,
             .transfers = transfers,
-            .commits = commits,
+            .posted = posted,
         };
     }
     pub fn deinit(self: *StateMachine) void {
         self.accounts.deinit();
         self.transfers.deinit();
-        self.commits.deinit();
+        self.posted.deinit();
     }
     pub fn Event(comptime operation: Operation) type {
         return switch (operation) {
             .create_accounts => Account,
             .create_transfers => Transfer,
-            .commit_transfers => Commit,
             .lookup_accounts => u128,
             .lookup_transfers => u128,
             else => unreachable,
@@ -100,42 +92,33 @@ pub const StateMachine = struct {
         return switch (operation) {
             .create_accounts => CreateAccountsResult,
             .create_transfers => CreateTransfersResult,
-            .commit_transfers => CommitTransfersResult,
             .lookup_accounts => Account,
             .lookup_transfers => Transfer,
             else => unreachable,
         };
     }
-    pub fn prepare(self: *StateMachine, realtime: i64, operation: Operation, input: []u8) void {
+    /// Returns the header's timestamp.
+    pub fn prepare(self: *StateMachine, operation: Operation, input: []u8) u64 {
         switch (operation) {
-            .init => unreachable,
+            .root => unreachable,
             .register => {},
-            .create_accounts => self.prepare_timestamps(realtime, .create_accounts, input),
-            .create_transfers => self.prepare_timestamps(realtime, .create_transfers, input),
-            .commit_transfers => self.prepare_timestamps(realtime, .commit_transfers, input),
+            .create_accounts => self.prepare_timestamps(.create_accounts, input),
+            .create_transfers => self.prepare_timestamps(.create_transfers, input),
             .lookup_accounts => {},
             .lookup_transfers => {},
             else => unreachable,
         }
+        return self.prepare_timestamp;
     }
     fn prepare_timestamps(
         self: *StateMachine,
-        realtime: i64,
         comptime operation: Operation,
         input: []u8,
     ) void {
-        // Guard against the wall clock going backwards by taking the max with timestamps issued:
-        self.prepare_timestamp = std.math.max(
-            // The cluster `commit_timestamp` may be ahead of our `prepare_timestamp` because this
-            // may be our first prepare as a recently elected leader:
-            std.math.max(self.prepare_timestamp, self.commit_timestamp) + 1,
-            @intCast(u64, realtime),
-        );
-        assert(self.prepare_timestamp > self.commit_timestamp);
         var sum_reserved_timestamps: usize = 0;
-        var events = std.mem.bytesAsSlice(Event(operation), input);
+        var events = mem.bytesAsSlice(Event(operation), input);
         for (events) |*event| {
             sum_reserved_timestamps += event.timestamp;
             self.prepare_timestamp += 1;
@@ -155,13 +138,11 @@ pub const StateMachine = struct {
         output: []u8,
     ) usize {
         _ = client;
         return switch (operation) {
-            .init => unreachable,
+            .root => unreachable,
             .register => 0,
             .create_accounts => self.execute(.create_accounts, input, output),
             .create_transfers => self.execute(.create_transfers, input, output),
-            .commit_transfers => self.execute(.commit_transfers, input, output),
             .lookup_accounts => self.execute_lookup_accounts(input, output),
             .lookup_transfers => self.execute_lookup_transfers(input, output),
             else => unreachable,
@@ -176,14 +157,14 @@ pub const StateMachine = struct {
     ) usize {
         comptime assert(operation != .lookup_accounts and operation != .lookup_transfers);
-        const events = std.mem.bytesAsSlice(Event(operation), input);
-        var results = std.mem.bytesAsSlice(Result(operation), output);
+        const events = mem.bytesAsSlice(Event(operation), input);
+        var results = mem.bytesAsSlice(Result(operation), output);
         var count: usize = 0;
         var chain: ?usize = null;
         var chain_broken = false;
-        for (events) |event, index| {
+        for (events) |*event, index| {
             if (event.flags.linked and chain == null) {
                 chain = index;
                 assert(chain_broken == false);
@@ -191,7 +172,6 @@ pub const StateMachine = struct {
             const result = if (chain_broken) .linked_event_failed else switch (operation) {
                 .create_accounts => self.create_account(event),
                 .create_transfers => self.create_transfer(event),
-                .commit_transfers => self.commit_transfer(event),
                 else => unreachable,
             };
             log.debug("{s} {}/{}: {}: {}", .{
@@ -243,7 +223,7 @@ pub const StateMachine = struct {
         chain_start_index: usize,
         chain_error_index: usize,
     ) void {
-        const events = std.mem.bytesAsSlice(Event(operation), input);
+        const events = mem.bytesAsSlice(Event(operation), input);
         // We commit events in FIFO order.
         // We must therefore rollback events in LIFO order with a reverse loop.
@@ -259,9 +239,8 @@ pub const StateMachine = struct {
             assert(event.timestamp <= self.commit_timestamp);
             switch (operation) {
-                .create_accounts => self.create_account_rollback(event),
-                .create_transfers => self.create_transfer_rollback(event),
-                .commit_transfers => self.commit_transfer_rollback(event),
+                .create_accounts => self.create_account_rollback(&event),
+                .create_transfers => self.create_transfer_rollback(&event),
                 else => unreachable,
             }
             log.debug("{s} {}/{}: rollback(): {}", .{
@@ -275,9 +254,9 @@ pub const StateMachine = struct {
     }
     fn execute_lookup_accounts(self: *StateMachine, input: []const u8, output: []u8) usize {
-        const batch = std.mem.bytesAsSlice(u128, input);
+        const batch = mem.bytesAsSlice(u128, input);
         const output_len = @divFloor(output.len, @sizeOf(Account)) * @sizeOf(Account);
-        const results = std.mem.bytesAsSlice(Account, output[0..output_len]);
+        const results = mem.bytesAsSlice(Account, output[0..output_len]);
         var results_count: usize = 0;
         for (batch) |id| {
             if (self.get_account(id)) |result| {
@@ -289,9 +268,9 @@ pub const StateMachine = struct {
     }
     fn execute_lookup_transfers(self: *StateMachine, input: []const u8, output: []u8) usize {
-        const batch = std.mem.bytesAsSlice(u128, input);
+        const batch = mem.bytesAsSlice(u128, input);
         const output_len = @divFloor(output.len, @sizeOf(Transfer)) * @sizeOf(Transfer);
-        const results = std.mem.bytesAsSlice(Transfer, output[0..output_len]);
+        const results = mem.bytesAsSlice(Transfer, output[0..output_len]);
         var results_count: usize = 0;
         for (batch) |id| {
             if (self.get_transfer(id)) |result| {
@@ -302,186 +281,337 @@ pub const StateMachine = struct {
         return results_count * @sizeOf(Transfer);
     }
-    fn create_account(self: *StateMachine, a: Account) CreateAccountResult {
+    fn create_account(self: *StateMachine, a: *const Account) CreateAccountResult {
         assert(a.timestamp > self.commit_timestamp);
+        if (a.flags.padding != 0) return .reserved_flag;
         if (!zeroed_48_bytes(a.reserved)) return .reserved_field;
-        if (a.flags.padding != 0) return .reserved_flag_padding;
+        if (a.id == 0) return .id_must_not_be_zero;
+        if (a.ledger == 0) return .ledger_must_not_be_zero;
+        if (a.code == 0) return .code_must_not_be_zero;
+        if (a.flags.debits_must_not_exceed_credits and a.flags.credits_must_not_exceed_debits) {
+            return .mutually_exclusive_flags;
+        }
+        if (sum_overflows(a.debits_pending, a.debits_posted)) return .overflows_debits;
+        if (sum_overflows(a.credits_pending, a.credits_posted)) return .overflows_credits;
         // Opening balances may never exceed limits:
         if (a.debits_exceed_credits(0)) return .exceeds_credits;
         if (a.credits_exceed_debits(0)) return .exceeds_debits;
-        var insert = self.accounts.getOrPutAssumeCapacity(a.id);
-        if (insert.found_existing) {
-            const exists = insert.value_ptr.*;
-            if (exists.unit != a.unit) return .exists_with_different_unit;
-            if (exists.code != a.code) return .exists_with_different_code;
-            if (@bitCast(u32, exists.flags) != @bitCast(u32, a.flags)) {
-                return .exists_with_different_flags;
-            }
-            if (exists.user_data != a.user_data) return .exists_with_different_user_data;
-            if (!equal_48_bytes(exists.reserved, a.reserved)) {
-                return .exists_with_different_reserved_field;
-            }
-            return .exists;
-        } else {
-            insert.value_ptr.* = a;
-            self.commit_timestamp = a.timestamp;
-            return .ok;
-        }
+        if (self.get_account(a.id)) |e| return create_account_exists(a, e);
+        self.accounts.putAssumeCapacityNoClobber(a.id, a.*);
+        self.commit_timestamp = a.timestamp;
+        return .ok;
     }
-    fn create_account_rollback(self: *StateMachine, a: Account) void {
+    fn create_account_rollback(self: *StateMachine, a: *const Account) void {
         assert(self.accounts.remove(a.id));
     }
-    fn create_transfer(self: *StateMachine, t: Transfer) CreateTransferResult {
+    fn create_account_exists(a: *const Account, e: *const Account) CreateAccountResult {
+        assert(a.id == e.id);
+        if (@bitCast(u16, a.flags) != @bitCast(u16, e.flags)) return .exists_with_different_flags;
+        if (a.user_data != e.user_data) return .exists_with_different_user_data;
+        assert(zeroed_48_bytes(a.reserved) and zeroed_48_bytes(e.reserved));
+        if (a.ledger != e.ledger) return .exists_with_different_ledger;
+        if (a.code != e.code) return .exists_with_different_code;
+        if (a.debits_pending != e.debits_pending) return .exists_with_different_debits_pending;
+        if (a.debits_posted != e.debits_posted) return .exists_with_different_debits_posted;
+        if (a.credits_pending != e.credits_pending) return .exists_with_different_credits_pending;
+        if (a.credits_posted != e.credits_posted) return .exists_with_different_credits_posted;
+        return .exists;
+    }
+    fn create_transfer(self: *StateMachine, t: *const Transfer) CreateTransferResult {
         assert(t.timestamp > self.commit_timestamp);
-        if (t.flags.padding != 0) return .reserved_flag_padding;
-        if (t.flags.two_phase_commit) {
-            // Otherwise reserved amounts may never be released:
-            if (t.timeout == 0) return .two_phase_commit_must_timeout;
-        } else if (t.timeout != 0) {
-            return .timeout_reserved_for_two_phase_commit;
+        if (t.flags.padding != 0) return .reserved_flag;
+        if (t.reserved != 0) return .reserved_field;
+        if (t.id == 0) return .id_must_not_be_zero;
+        if (t.flags.post_pending_transfer or t.flags.void_pending_transfer) {
+            return self.post_or_void_pending_transfer(t);
         }
-        if (!t.flags.condition and !zeroed_32_bytes(t.reserved)) return .reserved_field;
-        if (t.amount == 0) return .amount_is_zero;
+        if (t.debit_account_id == 0) return .debit_account_id_must_not_be_zero;
+        if (t.credit_account_id == 0) return .credit_account_id_must_not_be_zero;
+        if (t.credit_account_id == t.debit_account_id) return .accounts_must_be_different;
-        if (t.debit_account_id == t.credit_account_id) return .accounts_are_the_same;
+        if (t.pending_id != 0) return .pending_id_must_be_zero;
+        if (t.flags.pending) {
+            // Otherwise, reserved amounts may never be released.
+            if (t.timeout == 0) return .pending_transfer_must_timeout;
+        } else {
+            if (t.timeout != 0) return .timeout_reserved_for_pending_transfer;
+        }
-        // The etymology of the DR and CR abbreviations for debit and credit is interesting, either:
-        // 1. derived from the Latin past participles of debitum and creditum, debere and credere,
+        if (t.ledger == 0) return .ledger_must_not_be_zero;
+        if (t.code == 0) return .code_must_not_be_zero;
+        if (t.amount == 0) return .amount_must_not_be_zero;
+        // The etymology of the DR and CR abbreviations for debit/credit is interesting, either:
+        // 1. derived from the Latin past participles of debitum/creditum, i.e. debere/credere,
         // 2. standing for debit record and credit record, or
         // 3. relating to debtor and creditor.
         // We use them to distinguish between `cr` (credit account), and `c` (commit).
-        var dr = self.get_account(t.debit_account_id) orelse return .debit_account_not_found;
-        var cr = self.get_account(t.credit_account_id) orelse return .credit_account_not_found;
+        const dr = self.get_account(t.debit_account_id) orelse return .debit_account_not_found;
+        const cr = self.get_account(t.credit_account_id) orelse return .credit_account_not_found;
+        assert(dr.id == t.debit_account_id);
+        assert(cr.id == t.credit_account_id);
         assert(t.timestamp > dr.timestamp);
         assert(t.timestamp > cr.timestamp);
-        if (dr.unit != cr.unit) return .accounts_have_different_units;
+        if (dr.ledger != cr.ledger) return .accounts_must_have_the_same_ledger;
+        if (t.ledger != dr.ledger) return .transfer_must_have_the_same_ledger_as_accounts;
+        // If the transfer already exists, then it must not influence the overflow or limit checks.
+        if (self.get_transfer(t.id)) |e| return create_transfer_exists(t, e);
+        if (t.flags.pending) {
+            if (sum_overflows(t.amount, dr.debits_pending)) return .overflows_debits_pending;
+            if (sum_overflows(t.amount, cr.credits_pending)) return .overflows_credits_pending;
+        }
+        if (sum_overflows(t.amount, dr.debits_posted)) return .overflows_debits_posted;
+        if (sum_overflows(t.amount, cr.credits_posted)) return .overflows_credits_posted;
+        // We assert that the sum of the pending and posted balances can never overflow:
+        if (sum_overflows(t.amount, dr.debits_pending + dr.debits_posted)) {
+            return .overflows_debits;
+        }
+        if (sum_overflows(t.amount, cr.credits_pending + cr.credits_posted)) {
+            return .overflows_credits;
+        }
-        // TODO We need a lookup before inserting in case transfer exists and would overflow limits.
-        // If the transfer exists, then we should rather return .exists as an error.
         if (dr.debits_exceed_credits(t.amount)) return .exceeds_credits;
         if (cr.credits_exceed_debits(t.amount)) return .exceeds_debits;
-        var insert = self.transfers.getOrPutAssumeCapacity(t.id);
-        if (insert.found_existing) {
-            const exists = insert.value_ptr.*;
-            if (exists.debit_account_id != t.debit_account_id) {
-                return .exists_with_different_debit_account_id;
-            } else if (exists.credit_account_id != t.credit_account_id) {
-                return .exists_with_different_credit_account_id;
-            }
-            if (exists.amount != t.amount) return .exists_with_different_amount;
-            if (@bitCast(u32, exists.flags) != @bitCast(u32, t.flags)) {
-                return .exists_with_different_flags;
-            }
-            if (exists.user_data != t.user_data) return .exists_with_different_user_data;
-            if (!equal_32_bytes(exists.reserved, t.reserved)) {
-                return .exists_with_different_reserved_field;
-            }
-            if (exists.timeout != t.timeout) return .exists_with_different_timeout;
-            return .exists;
+        self.transfers.putAssumeCapacityNoClobber(t.id, t.*);
+        if (t.flags.pending) {
+            dr.debits_pending += t.amount;
+            cr.credits_pending += t.amount;
         } else {
-            insert.value_ptr.* = t;
-            if (t.flags.two_phase_commit) {
-                dr.debits_reserved += t.amount;
-                cr.credits_reserved += t.amount;
-            } else {
-                dr.debits_accepted += t.amount;
-                cr.credits_accepted += t.amount;
-            }
-            self.commit_timestamp = t.timestamp;
-            return .ok;
+            dr.debits_posted += t.amount;
+            cr.credits_posted += t.amount;
         }
+        self.commit_timestamp = t.timestamp;
+        return .ok;
     }
-    fn create_transfer_rollback(self: *StateMachine, t: Transfer) void {
-        var dr = self.get_account(t.debit_account_id).?;
-        var cr = self.get_account(t.credit_account_id).?;
-        if (t.flags.two_phase_commit) {
-            dr.debits_reserved -= t.amount;
-            cr.credits_reserved -= t.amount;
+    fn create_transfer_rollback(self: *StateMachine, t: *const Transfer) void {
+        if (t.flags.post_pending_transfer or t.flags.void_pending_transfer) {
+            return self.post_or_void_pending_transfer_rollback(t);
+        }
+        const dr = self.get_account(t.debit_account_id).?;
+        const cr = self.get_account(t.credit_account_id).?;
+        assert(dr.id == t.debit_account_id);
+        assert(cr.id == t.credit_account_id);
+        if (t.flags.pending) {
+            dr.debits_pending -= t.amount;
+            cr.credits_pending -= t.amount;
         } else {
-            dr.debits_accepted -= t.amount;
-            cr.credits_accepted -= t.amount;
+            dr.debits_posted -= t.amount;
+            cr.credits_posted -= t.amount;
         }
         assert(self.transfers.remove(t.id));
     }
-    fn commit_transfer(self: *StateMachine, c: Commit) CommitTransferResult {
-        assert(c.timestamp > self.commit_timestamp);
+    fn create_transfer_exists(t: *const Transfer, e: *const Transfer) CreateTransferResult {
+        assert(t.id == e.id);
+        // The flags change the behavior of the remaining comparisons, so compare the flags first.
+        if (@bitCast(u16, t.flags) != @bitCast(u16, e.flags)) return .exists_with_different_flags;
+        if (t.debit_account_id != e.debit_account_id) {
+            return .exists_with_different_debit_account_id;
+        }
+        if (t.credit_account_id != e.credit_account_id) {
+            return .exists_with_different_credit_account_id;
+        }
+        if (t.user_data != e.user_data) return .exists_with_different_user_data;
+        assert(t.reserved == 0 and e.reserved == 0);
+        assert(t.pending_id == 0 and e.pending_id == 0); // We know that the flags are the same.
+        if (t.timeout != e.timeout) return .exists_with_different_timeout;
+        assert(t.ledger == e.ledger); // If the accounts are the same, the ledger must be the same.
+        if (t.code != e.code) return .exists_with_different_code;
+        if (t.amount != e.amount) return .exists_with_different_amount;
+        return .exists;
+    }
-        if (!c.flags.preimage and !zeroed_32_bytes(c.reserved)) return .reserved_field;
-        if (c.flags.padding != 0) return .reserved_flag_padding;
+    fn post_or_void_pending_transfer(self: *StateMachine, t: *const Transfer) CreateTransferResult {
+        assert(t.id != 0);
+        assert(t.flags.padding == 0);
+        assert(t.reserved == 0);
+        assert(t.timestamp > self.commit_timestamp);
+        assert(t.flags.post_pending_transfer or t.flags.void_pending_transfer);
-        var t = self.get_transfer(c.id) orelse return .transfer_not_found;
-        assert(c.timestamp > t.timestamp);
+        if (t.flags.post_pending_transfer and t.flags.void_pending_transfer) {
+            return .cannot_post_and_void_pending_transfer;
+        }
+        if (t.flags.pending) return .pending_transfer_cannot_post_or_void_another;
+        if (t.timeout != 0) return .timeout_reserved_for_pending_transfer;
+        if (t.pending_id == 0) return .pending_id_must_not_be_zero;
+        if (t.pending_id == t.id) return .pending_id_must_be_different;
+        const p = self.get_transfer(t.pending_id) orelse return .pending_transfer_not_found;
+        assert(p.id == t.pending_id);
+        if (!p.flags.pending) return .pending_transfer_not_pending;
+        const dr = self.get_account(p.debit_account_id).?;
+        const cr = self.get_account(p.credit_account_id).?;
+        assert(dr.id == p.debit_account_id);
+        assert(cr.id == p.credit_account_id);
+        assert(p.timestamp > dr.timestamp);
+        assert(p.timestamp > cr.timestamp);
+        assert(p.amount > 0);
+        if (t.debit_account_id > 0 and t.debit_account_id != p.debit_account_id) {
+            return .pending_transfer_has_different_debit_account_id;
+        }
+        if (t.credit_account_id > 0 and t.credit_account_id != p.credit_account_id) {
+            return .pending_transfer_has_different_credit_account_id;
+        }
+        // The user_data field is allowed to differ across pending and posting/voiding transfers.
+        if (t.ledger > 0 and t.ledger != p.ledger) return .pending_transfer_has_different_ledger;
+        if (t.code > 0 and t.code != p.code) return .pending_transfer_has_different_code;
-        if (!t.flags.two_phase_commit) return .transfer_not_two_phase_commit;
+        const amount = if (t.amount > 0) t.amount else p.amount;
+        if (amount > p.amount) return .exceeds_pending_transfer_amount;
-        if (self.get_commit(c.id)) |exists| {
-            if (!exists.flags.reject and c.flags.reject) return .already_committed_but_accepted;
-            if (exists.flags.reject and !c.flags.reject) return .already_committed_but_rejected;
-            return .already_committed;
+        if (t.flags.void_pending_transfer and amount < p.amount) {
+            return .pending_transfer_has_different_amount;
         }
-        if (t.timeout > 0 and t.timestamp + t.timeout <= c.timestamp) return .transfer_expired;
+        if (self.get_transfer(t.id)) |e| return post_or_void_pending_transfer_exists(t, e, p);
-        if (t.flags.condition) {
-            if (!c.flags.preimage) return .condition_requires_preimage;
-            if (!valid_preimage(t.reserved, c.reserved)) return .preimage_invalid;
-        } else if (c.flags.preimage) {
-            return .preimage_requires_condition;
+        if (self.get_posted(t.pending_id)) |posted| {
+            if (posted) return .pending_transfer_already_posted;
+            return .pending_transfer_already_voided;
         }
-        var dr = self.get_account(t.debit_account_id) orelse return .debit_account_not_found;
-        var cr = self.get_account(t.credit_account_id) orelse return .credit_account_not_found;
-        assert(t.timestamp > dr.timestamp);
-        assert(t.timestamp > cr.timestamp);
+        assert(p.timestamp < t.timestamp);
+        assert(p.timeout > 0);
+        if (p.timestamp + p.timeout <= t.timestamp) return .pending_transfer_expired;
+        self.transfers.putAssumeCapacityNoClobber(t.id, .{
+            .id = t.id,
+            .debit_account_id = p.debit_account_id,
+            .credit_account_id = p.credit_account_id,
+            .user_data = if (t.user_data > 0) t.user_data else p.user_data,
+            .reserved = p.reserved,
+            .ledger = p.ledger,
+            .code = p.code,
+            .pending_id = t.pending_id,
+            .timeout = t.timeout,
+            .timestamp = t.timestamp,
+            .flags = t.flags,
+            .amount = amount,
+        });
+        self.posted.putAssumeCapacityNoClobber(t.pending_id, t.flags.post_pending_transfer);
+        dr.debits_pending -= p.amount;
+        cr.credits_pending -= p.amount;
+        if (t.flags.post_pending_transfer) {
+            assert(amount > 0);
+            assert(amount <= p.amount);
+            dr.debits_posted += amount;
+            cr.credits_posted += amount;
+        }
-        assert(t.flags.two_phase_commit);
-        if (dr.debits_reserved < t.amount) return .debit_amount_was_not_reserved;
-        if (cr.credits_reserved < t.amount) return .credit_amount_was_not_reserved;
+        self.commit_timestamp = t.timestamp;
+        return .ok;
+    }
+    fn post_or_void_pending_transfer_rollback(self: *StateMachine, t: *const Transfer) void {
+        assert(t.id > 0);
+        assert(t.flags.post_pending_transfer or t.flags.void_pending_transfer);
+        assert(t.pending_id > 0);
+        const p = self.get_transfer(t.pending_id).?;
+        assert(p.id == t.pending_id);
+        assert(p.debit_account_id > 0);
+        assert(p.credit_account_id > 0);
+        const dr = self.get_account(p.debit_account_id).?;
+        const cr = self.get_account(p.credit_account_id).?;
+        assert(dr.id == p.debit_account_id);
+        assert(cr.id == p.credit_account_id);
+        if (t.flags.post_pending_transfer) {
+            const amount = if (t.amount > 0) t.amount else p.amount;
+            assert(amount > 0);
+            assert(amount <= p.amount);
+            dr.debits_posted -= amount;
+            cr.credits_posted -= amount;
+        }
+        dr.debits_pending += p.amount;
+        cr.credits_pending += p.amount;
-        // Once reserved, the amount can be moved from reserved to accepted without breaking limits:
-        assert(!dr.debits_exceed_credits(0));
-        assert(!cr.credits_exceed_debits(0));
+        assert(self.posted.remove(t.pending_id));
+        assert(self.transfers.remove(t.id));
+    }
+    fn post_or_void_pending_transfer_exists(
+        t: *const Transfer,
+        e: *const Transfer,
+        p: *const Transfer,
+    ) CreateTransferResult {
+        assert(p.flags.pending);
+        assert(t.pending_id == p.id);
+        assert(t.id != p.id);
+        assert(t.id == e.id);
+        // Do not assume that `e` is necessarily a posting or voiding transfer.
+        if (@bitCast(u16, t.flags) != @bitCast(u16, e.flags)) {
+            return .exists_with_different_flags;
+        }
-        // TODO We can combine this lookup with the previous lookup if we return `error!void`:
-        var insert = self.commits.getOrPutAssumeCapacity(c.id);
-        if (insert.found_existing) {
-            unreachable;
+        // If `e` posted or voided a different pending transfer, then the accounts will differ.
+        if (t.pending_id != e.pending_id) return .exists_with_different_pending_id;
+        assert(e.flags.post_pending_transfer or e.flags.void_pending_transfer);
+        assert(e.debit_account_id == p.debit_account_id);
+        assert(e.credit_account_id == p.credit_account_id);
+        assert(e.reserved == 0);
+        assert(e.pending_id == p.id);
+        assert(e.timeout == 0);
+        assert(e.ledger == p.ledger);
+        assert(e.code == p.code);
+        assert(e.timestamp > p.timestamp);
+        assert(t.flags.post_pending_transfer == e.flags.post_pending_transfer);
+        assert(t.flags.void_pending_transfer == e.flags.void_pending_transfer);
+        assert(t.debit_account_id == 0 or t.debit_account_id == e.debit_account_id);
+        assert(t.credit_account_id == 0 or t.credit_account_id == e.credit_account_id);
+        assert(t.reserved == 0);
+        assert(t.timeout == 0);
+        assert(t.ledger == 0 or t.ledger == e.ledger);
+        assert(t.code == 0 or t.code == e.code);
+        assert(t.timestamp > e.timestamp);
+        if (t.user_data == 0) {
+            if (e.user_data != p.user_data) return .exists_with_different_user_data;
         } else {
-            insert.value_ptr.* = c;
-            dr.debits_reserved -= t.amount;
-            cr.credits_reserved -= t.amount;
-            if (!c.flags.reject) {
-                dr.debits_accepted += t.amount;
-                cr.credits_accepted += t.amount;
-            }
-            self.commit_timestamp = c.timestamp;
-            return .ok;
+            if (t.user_data != e.user_data) return .exists_with_different_user_data;
         }
-    }
-    fn commit_transfer_rollback(self: *StateMachine, c: Commit) void {
-        assert(self.get_commit(c.id) != null);
-        var t = self.get_transfer(c.id).?;
-        var dr = self.get_account(t.debit_account_id).?;
-        var cr = self.get_account(t.credit_account_id).?;
-        dr.debits_reserved += t.amount;
-        cr.credits_reserved += t.amount;
-        if (!c.flags.reject) {
-            dr.debits_accepted -= t.amount;
-            cr.credits_accepted -= t.amount;
+        if (t.amount == 0) {
+            if (e.amount != p.amount) return .exists_with_different_amount;
+        } else {
+            if (t.amount != e.amount) return .exists_with_different_amount;
         }
-        assert(self.commits.remove(c.id));
+        return .exists;
     }
     /// This is our core private method for changing balances.
@@ -490,30 +620,24 @@ pub const StateMachine = struct {
     /// This pointer is invalidated if the hash map is resized by another insert, e.g. if we get a
     /// pointer, insert another account without capacity, and then modify this pointer... BOOM!
     /// This is a sharp tool but replaces a lookup, copy and update with a single lookup.
-    fn get_account(self: *StateMachine, id: u128) ?*Account {
+    fn get_account(self: *const StateMachine, id: u128) ?*Account {
         return self.accounts.getPtr(id);
     }
     /// See the comment for get_account().
-    fn get_transfer(self: *StateMachine, id: u128) ?*Transfer {
+    fn get_transfer(self: *const StateMachine, id: u128) ?*Transfer {
         return self.transfers.getPtr(id);
     }
-    /// See the comment for get_account().
-    fn get_commit(self: *StateMachine, id: u128) ?*Commit {
-        return self.commits.getPtr(id);
+    /// Returns whether a pending transfer, if it exists, has already been posted or voided.
+    fn get_posted(self: *const StateMachine, pending_id: u128) ?bool {
+        return self.posted.get(pending_id);
     }
 };
-// TODO Optimize this by precomputing hashes outside and before committing to the state machine.
-// If we see that a batch of commits contains commits with preimages, then we will:
-// Divide the batch into subsets, dispatch these to multiple threads, store the result in a bitset.
-// Then we can simply provide the result bitset to the state machine when committing.
-// This will improve crypto performance significantly by a factor of 8x.
-fn valid_preimage(condition: [32]u8, preimage: [32]u8) bool {
-    var target: [32]u8 = undefined;
-    std.crypto.hash.sha2.Sha256.hash(&preimage, &target, .{});
-    return std.crypto.utils.timingSafeEql([32]u8, target, condition);
+fn sum_overflows(a: u64, b: u64) bool {
+    var c: u64 = undefined;
+    return @addWithOverflow(u64, a, b, &c);
 }
 /// Optimizes for the common case, where the array is zeroed. Completely branchless.
@@ -550,924 +674,1797 @@ fn equal_48_bytes(a: [48]u8, b: [48]u8) bool {
 }
 const testing = std.testing;
+const expect = testing.expect;
+const expectEqual = testing.expectEqual;
+const expectEqualSlices = testing.expectEqualSlices;
+test "sum_overflows" {
+    try expectEqual(false, sum_overflows(math.maxInt(u64), 0));
+    try expectEqual(false, sum_overflows(math.maxInt(u64) - 1, 1));
+    try expectEqual(false, sum_overflows(1, math.maxInt(u64) - 1));
-test "create/lookup accounts" {
-    var arena = std.heap.ArenaAllocator.init(std.heap.page_allocator);
-    defer arena.deinit();
+    try expectEqual(true, sum_overflows(math.maxInt(u64), 1));
+    try expectEqual(true, sum_overflows(1, math.maxInt(u64)));
-    const allocator = arena.allocator();
+    try expectEqual(true, sum_overflows(math.maxInt(u64), math.maxInt(u64)));
+    try expectEqual(true, sum_overflows(math.maxInt(u64), math.maxInt(u64)));
+}
+test "create/lookup/rollback accounts" {
     const Vector = struct { result: CreateAccountResult, object: Account };
     const vectors = [_]Vector{
-        Vector{
-            .result = .reserved_flag_padding,
-            .object = std.mem.zeroInit(Account, .{
+        .{
+            .result = .ok,
+            .object = mem.zeroInit(Account, .{
                 .id = 1,
+                .user_data = 2,
+                .ledger = 3,
+                .code = 4,
+                .debits_pending = 5,
+                .debits_posted = 6,
+                .credits_pending = 7,
+                .credits_posted = 8,
                 .timestamp = 1,
-                .flags = .{ .padding = 1 },
             }),
         },
-        Vector{
+        .{
+            .result = .reserved_flag,
+            .object = mem.zeroInit(Account, .{
+                .id = 0,
+                .user_data = 0,
+                .reserved = [_]u8{1} ** 48,
+                .ledger = 0,
+                .code = 0,
+                .flags = .{
+                    .padding = 1,
+                    .debits_must_not_exceed_credits = true,
+                    .credits_must_not_exceed_debits = true,
+                },
+                .debits_pending = math.maxInt(u64),
+                .debits_posted = math.maxInt(u64),
+                .credits_pending = math.maxInt(u64),
+                .credits_posted = math.maxInt(u64),
+                .timestamp = 2,
+            }),
+        },
+        .{
             .result = .reserved_field,
-            .object = std.mem.zeroInit(Account, .{
-                .id = 2,
-                .timestamp = 1,
+            .object = mem.zeroInit(Account, .{
+                .id = 0,
+                .user_data = 0,
                 .reserved = [_]u8{1} ** 48,
+                .ledger = 0,
+                .code = 0,
+                .flags = .{
+                    .padding = 0,
+                    .debits_must_not_exceed_credits = true,
+                    .credits_must_not_exceed_debits = true,
+                },
+                .debits_pending = math.maxInt(u64),
+                .debits_posted = math.maxInt(u64),
+                .credits_pending = math.maxInt(u64),
+                .credits_posted = math.maxInt(u64),
+                .timestamp = 2,
             }),
         },
-        Vector{
-            .result = .exceeds_credits,
-            .object = std.mem.zeroInit(Account, .{
-                .id = 3,
-                .timestamp = 1,
-                .debits_reserved = 10,
-                .flags = .{ .debits_must_not_exceed_credits = true },
+        .{
+            .result = .id_must_not_be_zero,
+            .object = mem.zeroInit(Account, .{
+                .id = 0,
+                .user_data = 0,
+                .ledger = 0,
+                .code = 0,
+                .flags = .{
+                    .padding = 0,
+                    .debits_must_not_exceed_credits = true,
+                    .credits_must_not_exceed_debits = true,
+                },
+                .debits_pending = math.maxInt(u64),
+                .debits_posted = math.maxInt(u64),
+                .credits_pending = math.maxInt(u64),
+                .credits_posted = math.maxInt(u64),
+                .timestamp = 2,
             }),
         },
-        Vector{
-            .result = .exceeds_credits,
-            .object = std.mem.zeroInit(Account, .{
-                .id = 4,
-                .timestamp = 1,
-                .debits_accepted = 10,
-                .flags = .{ .debits_must_not_exceed_credits = true },
+        .{
+            .result = .ledger_must_not_be_zero,
+            .object = mem.zeroInit(Account, .{
+                .id = 1,
+                .user_data = 20,
+                .ledger = 0,
+                .code = 0,
+                .flags = .{
+                    .padding = 0,
+                    .debits_must_not_exceed_credits = true,
+                    .credits_must_not_exceed_debits = true,
+                },
+                .debits_pending = math.maxInt(u64),
+                .debits_posted = math.maxInt(u64),
+                .credits_pending = math.maxInt(u64),
+                .credits_posted = math.maxInt(u64),
+                .timestamp = 2,
             }),
         },
-        Vector{
-            .result = .exceeds_debits,
-            .object = std.mem.zeroInit(Account, .{
-                .id = 5,
-                .timestamp = 1,
-                .credits_reserved = 10,
-                .flags = .{ .credits_must_not_exceed_debits = true },
+        .{
+            .result = .code_must_not_be_zero,
+            .object = mem.zeroInit(Account, .{
+                .id = 1,
+                .user_data = 20,
+                .ledger = 30,
+                .code = 0,
+                .flags = .{
+                    .debits_must_not_exceed_credits = true,
+                    .credits_must_not_exceed_debits = true,
+                },
+                .debits_pending = math.maxInt(u64),
+                .debits_posted = math.maxInt(u64),
+                .credits_pending = math.maxInt(u64),
+                .credits_posted = math.maxInt(u64),
+                .timestamp = 2,
             }),
         },
-        Vector{
-            .result = .exceeds_debits,
-            .object = std.mem.zeroInit(Account, .{
-                .id = 6,
-                .timestamp = 1,
-                .credits_accepted = 10,
-                .flags = .{ .credits_must_not_exceed_debits = true },
+        .{
+            .result = .mutually_exclusive_flags,
+            .object = mem.zeroInit(Account, .{
+                .id = 1,
+                .user_data = 20,
+                .ledger = 30,
+                .code = 40,
+                .flags = .{
+                    .debits_must_not_exceed_credits = true,
+                    .credits_must_not_exceed_debits = true,
+                },
+                .debits_pending = math.maxInt(u64),
+                .debits_posted = math.maxInt(u64),
+                .credits_pending = math.maxInt(u64),
+                .credits_posted = math.maxInt(u64),
+                .timestamp = 2,
             }),
         },
-        Vector{
-            .result = .ok,
-            .object = std.mem.zeroInit(Account, .{
-                .id = 7,
-                .timestamp = 1,
+        .{
+            .result = .overflows_debits,
+            .object = mem.zeroInit(Account, .{
+                .id = 1,
+                .user_data = 20,
+                .ledger = 30,
+                .code = 40,
+                .flags = .{
+                    .debits_must_not_exceed_credits = true,
+                },
+                .debits_pending = math.maxInt(u64),
+                .debits_posted = 60,
+                .credits_pending = math.maxInt(u64),
+                .credits_posted = 80,
+                .timestamp = 2,
             }),
         },
-        Vector{
-            .result = .exists,
-            .object = std.mem.zeroInit(Account, .{
-                .id = 7,
+        .{
+            .result = .overflows_credits,
+            .object = mem.zeroInit(Account, .{
+                .id = 1,
+                .user_data = 20,
+                .ledger = 30,
+                .code = 40,
+                .flags = .{
+                    .credits_must_not_exceed_debits = true,
+                },
+                .debits_pending = 50,
+                .debits_posted = 60,
+                .credits_pending = math.maxInt(u64),
+                .credits_posted = 80,
                 .timestamp = 2,
             }),
         },
-        Vector{
-            .result = .ok,
-            .object = std.mem.zeroInit(Account, .{
-                .id = 8,
+        .{
+            .result = .exceeds_credits,
+            .object = mem.zeroInit(Account, .{
+                .id = 1,
+                .user_data = 20,
+                .ledger = 30,
+                .code = 40,
+                .flags = .{
+                    .debits_must_not_exceed_credits = true,
+                },
+                .debits_pending = 50,
+                .debits_posted = 60,
+                .credits_pending = 1,
+                .credits_posted = 109,
                 .timestamp = 2,
-                .user_data = 'U',
-                .unit = 9,
             }),
         },
-        Vector{
-            .result = .exists_with_different_unit,
-            .object = std.mem.zeroInit(Account, .{
-                .id = 8,
-                .timestamp = 3,
-                .user_data = 'U',
-                .unit = 10,
+        .{
+            .result = .exceeds_debits,
+            .object = mem.zeroInit(Account, .{
+                .id = 1,
+                .user_data = 20,
+                .ledger = 30,
+                .code = 40,
+                .flags = .{
+                    .credits_must_not_exceed_debits = true,
+                },
+                .debits_pending = 50,
+                .debits_posted = 60,
+                .credits_pending = 1,
+                .credits_posted = 109,
+                .timestamp = 2,
             }),
         },
-        Vector{
-            .result = .ok,
-            .object = std.mem.zeroInit(Account, .{
-                .id = 9,
-                .timestamp = 3,
-                .code = 9,
-                .user_data = 'U',
+        .{
+            .result = .exists_with_different_flags,
+            .object = mem.zeroInit(Account, .{
+                .id = 1,
+                .user_data = 20,
+                .ledger = 30,
+                .code = 40,
+                .flags = .{
+                    .credits_must_not_exceed_debits = true,
+                },
+                .debits_pending = 50,
+                .debits_posted = 60,
+                .credits_pending = 0,
+                .credits_posted = 0,
+                .timestamp = 2,
             }),
         },
-        Vector{
+        .{
+            .result = .exists_with_different_user_data,
+            .object = mem.zeroInit(Account, .{
+                .id = 1,
+                .user_data = 20,
+                .ledger = 30,
+                .code = 40,
+                .debits_pending = 50,
+                .debits_posted = 60,
+                .credits_pending = 70,
+                .credits_posted = 80,
+                .timestamp = 2,
+            }),
+        },
+        .{
+            .result = .exists_with_different_ledger,
+            .object = mem.zeroInit(Account, .{
+                .id = 1,
+                .user_data = 2,
+                .ledger = 30,
+                .code = 40,
+                .debits_pending = 50,
+                .debits_posted = 60,
+                .credits_pending = 70,
+                .credits_posted = 80,
+                .timestamp = 2,
+            }),
+        },
+        .{
             .result = .exists_with_different_code,
-            .object = std.mem.zeroInit(Account, .{
-                .id = 9,
-                .timestamp = 4,
-                .code = 10,
-                .user_data = 'D',
+            .object = mem.zeroInit(Account, .{
+                .id = 1,
+                .user_data = 2,
+                .ledger = 3,
+                .code = 40,
+                .debits_pending = 50,
+                .debits_posted = 60,
+                .credits_pending = 70,
+                .credits_posted = 80,
+                .timestamp = 2,
             }),
         },
-        Vector{
-            .result = .ok,
-            .object = std.mem.zeroInit(Account, .{
-                .id = 10,
-                .timestamp = 4,
-                .flags = .{ .credits_must_not_exceed_debits = true },
+        .{
+            .result = .exists_with_different_debits_pending,
+            .object = mem.zeroInit(Account, .{
+                .id = 1,
+                .user_data = 2,
+                .ledger = 3,
+                .code = 4,
+                .debits_pending = 50,
+                .debits_posted = 60,
+                .credits_pending = 70,
+                .credits_posted = 80,
+                .timestamp = 2,
             }),
         },
-        Vector{
-            .result = .exists_with_different_flags,
-            .object = std.mem.zeroInit(Account, .{
-                .id = 10,
-                .timestamp = 5,
-                .flags = .{ .debits_must_not_exceed_credits = true },
+        .{
+            .result = .exists_with_different_debits_posted,
+            .object = mem.zeroInit(Account, .{
+                .id = 1,
+                .user_data = 2,
+                .ledger = 3,
+                .code = 4,
+                .debits_pending = 5,
+                .debits_posted = 60,
+                .credits_pending = 70,
+                .credits_posted = 80,
+                .timestamp = 2,
             }),
         },
-        Vector{
-            .result = .ok,
-            .object = std.mem.zeroInit(Account, .{
-                .id = 11,
-                .timestamp = 5,
-                .user_data = 'U',
+        .{
+            .result = .exists_with_different_credits_pending,
+            .object = mem.zeroInit(Account, .{
+                .id = 1,
+                .user_data = 2,
+                .ledger = 3,
+                .code = 4,
+                .debits_pending = 5,
+                .debits_posted = 6,
+                .credits_pending = 70,
+                .credits_posted = 80,
+                .timestamp = 2,
             }),
         },
-        Vector{
-            .result = .exists_with_different_user_data,
-            .object = std.mem.zeroInit(Account, .{
-                .id = 11,
-                .timestamp = 6,
-                .user_data = 'D',
+        .{
+            .result = .exists_with_different_credits_posted,
+            .object = mem.zeroInit(Account, .{
+                .id = 1,
+                .user_data = 2,
+                .ledger = 3,
+                .code = 4,
+                .debits_pending = 5,
+                .debits_posted = 6,
+                .credits_pending = 7,
+                .credits_posted = 80,
+                .timestamp = 2,
+            }),
+        },
+        .{
+            .result = .exists,
+            .object = mem.zeroInit(Account, .{
+                .id = 1,
+                .user_data = 2,
+                .ledger = 3,
+                .code = 4,
+                .debits_pending = 5,
+                .debits_posted = 6,
+                .credits_pending = 7,
+                .credits_posted = 8,
+                .timestamp = 2,
             }),
         },
     };
-    var state_machine = try StateMachine.init(allocator, vectors.len, 0, 0);
+    var state_machine = try StateMachine.init(testing.allocator, vectors.len, 0, 0);
     defer state_machine.deinit();
-    for (vectors) |vector| {
-        try testing.expectEqual(vector.result, state_machine.create_account(vector.object));
+    for (vectors) |vector, i| {
+        const result = state_machine.create_account(&vector.object);
+        expectEqual(vector.result, result) catch |err| {
+            print_test_vector(i, vector.result, result, vector.object, err);
+            return err;
+        };
         if (vector.result == .ok) {
-            try testing.expectEqual(vector.object, state_machine.get_account(vector.object.id).?.*);
+            try expectEqual(vector.object, state_machine.get_account(vector.object.id).?.*);
         }
     }
+    state_machine.create_account_rollback(&vectors[0].object);
+    try expect(state_machine.get_account(vectors[0].object.id) == null);
 }
 test "linked accounts" {
-    var arena = std.heap.ArenaAllocator.init(std.heap.page_allocator);
-    defer arena.deinit();
-    const allocator = arena.allocator();
     const accounts_max = 5;
     const transfers_max = 0;
-    const commits_max = 0;
+    const transfers_pending_max = 0;
     var accounts = [_]Account{
         // An individual event (successful):
-        std.mem.zeroInit(Account, .{ .id = 7, .code = 200 }),
+        mem.zeroInit(Account, .{ .id = 7, .code = 1, .ledger = 1 }),
         // A chain of 4 events (the last event in the chain closes the chain with linked=false):
-        // Commit/rollback:
-        std.mem.zeroInit(Account, .{ .id = 0, .flags = .{ .linked = true } }),
-        // Commit/rollback:
-        std.mem.zeroInit(Account, .{ .id = 1, .flags = .{ .linked = true } }),
-        // Fail with .exists:
-        std.mem.zeroInit(Account, .{ .id = 0, .flags = .{ .linked = true } }),
+        // Commit/rollback.
+        mem.zeroInit(Account, .{ .id = 1, .code = 1, .ledger = 1, .flags = .{ .linked = true } }),
+        // Commit/rollback.
+        mem.zeroInit(Account, .{ .id = 2, .code = 1, .ledger = 1, .flags = .{ .linked = true } }),
+        // Fail with .exists.
+        mem.zeroInit(Account, .{ .id = 1, .code = 1, .ledger = 1, .flags = .{ .linked = true } }),
         // Fail without committing.
-        std.mem.zeroInit(Account, .{ .id = 2 }),
+        mem.zeroInit(Account, .{ .id = 3, .code = 1, .ledger = 1 }),
         // An individual event (successful):
-        // This should not see any effect from the failed chain above:
-        std.mem.zeroInit(Account, .{ .id = 0, .code = 200 }),
+        // This should not see any effect from the failed chain above.
+        mem.zeroInit(Account, .{ .id = 1, .code = 1, .ledger = 1 }),
         // A chain of 2 events (the first event fails the chain):
-        std.mem.zeroInit(Account, .{ .id = 0, .flags = .{ .linked = true } }),
-        std.mem.zeroInit(Account, .{ .id = 1 }),
+        mem.zeroInit(Account, .{ .id = 1, .code = 2, .ledger = 1, .flags = .{ .linked = true } }),
+        mem.zeroInit(Account, .{ .id = 2, .code = 1, .ledger = 1 }),
         // An individual event (successful):
-        std.mem.zeroInit(Account, .{ .id = 1, .code = 200 }),
+        mem.zeroInit(Account, .{ .id = 2, .code = 1, .ledger = 1 }),
         // A chain of 2 events (the last event fails the chain):
-        std.mem.zeroInit(Account, .{ .id = 2, .flags = .{ .linked = true } }),
-        std.mem.zeroInit(Account, .{ .id = 0 }),
+        mem.zeroInit(Account, .{ .id = 3, .code = 1, .ledger = 1, .flags = .{ .linked = true } }),
+        mem.zeroInit(Account, .{ .id = 1, .code = 1, .ledger = 2 }),
         // A chain of 2 events (successful):
-        std.mem.zeroInit(Account, .{ .id = 2, .flags = .{ .linked = true } }),
-        std.mem.zeroInit(Account, .{ .id = 3 }),
+        mem.zeroInit(Account, .{ .id = 3, .code = 1, .ledger = 1, .flags = .{ .linked = true } }),
+        mem.zeroInit(Account, .{ .id = 4, .code = 1, .ledger = 1 }),
     };
-    var state_machine = try StateMachine.init(allocator, accounts_max, transfers_max, commits_max);
+    var state_machine = try StateMachine.init(
+        testing.allocator,
+        accounts_max,
+        transfers_max,
+        transfers_pending_max,
+    );
     defer state_machine.deinit();
-    const input = std.mem.asBytes(&accounts);
-    const output = try allocator.alloc(u8, 4096);
+    const input = mem.asBytes(&accounts);
+    const output = try testing.allocator.alloc(u8, 4096);
+    defer testing.allocator.free(output);
-    state_machine.prepare(0, .create_accounts, input);
+    _ = state_machine.prepare(.create_accounts, input);
     const size = state_machine.commit(0, .create_accounts, input, output);
-    const results = std.mem.bytesAsSlice(CreateAccountsResult, output[0..size]);
+    const results = mem.bytesAsSlice(CreateAccountsResult, output[0..size]);
-    try testing.expectEqualSlices(
+    try expectEqualSlices(
         CreateAccountsResult,
         &[_]CreateAccountsResult{
-            CreateAccountsResult{ .index = 1, .result = .linked_event_failed },
-            CreateAccountsResult{ .index = 2, .result = .linked_event_failed },
-            CreateAccountsResult{ .index = 3, .result = .exists },
-            CreateAccountsResult{ .index = 4, .result = .linked_event_failed },
-            CreateAccountsResult{ .index = 6, .result = .exists_with_different_code },
-            CreateAccountsResult{ .index = 7, .result = .linked_event_failed },
-            CreateAccountsResult{ .index = 9, .result = .linked_event_failed },
-            CreateAccountsResult{ .index = 10, .result = .exists_with_different_code },
+            .{ .index = 1, .result = .linked_event_failed },
+            .{ .index = 2, .result = .linked_event_failed },
+            .{ .index = 3, .result = .exists },
+            .{ .index = 4, .result = .linked_event_failed },
+            .{ .index = 6, .result = .exists_with_different_flags },
+            .{ .index = 7, .result = .linked_event_failed },
+            .{ .index = 9, .result = .linked_event_failed },
+            .{ .index = 10, .result = .exists_with_different_ledger },
         },
         results,
     );
-    try testing.expectEqual(accounts[0], state_machine.get_account(accounts[0].id).?.*);
-    try testing.expectEqual(accounts[5], state_machine.get_account(accounts[5].id).?.*);
-    try testing.expectEqual(accounts[8], state_machine.get_account(accounts[8].id).?.*);
-    try testing.expectEqual(accounts[11], state_machine.get_account(accounts[11].id).?.*);
-    try testing.expectEqual(accounts[12], state_machine.get_account(accounts[12].id).?.*);
-    try testing.expectEqual(@as(u32, 5), state_machine.accounts.count());
+    try expectEqual(accounts[0], state_machine.get_account(accounts[0].id).?.*);
+    try expectEqual(accounts[5], state_machine.get_account(accounts[5].id).?.*);
+    try expectEqual(accounts[8], state_machine.get_account(accounts[8].id).?.*);
+    try expectEqual(accounts[11], state_machine.get_account(accounts[11].id).?.*);
+    try expectEqual(accounts[12], state_machine.get_account(accounts[12].id).?.*);
+    try expectEqual(@as(u32, 5), state_machine.accounts.count());
     // TODO How can we test that events were in fact rolled back in LIFO order?
     // All our rollback handlers appear to be commutative.
 }
+// The goal is to ensure that:
+// 1. all CreateTransferResult enums are covered, with
+// 2. enums tested in the order that they are defined, for easier auditing of coverage, and that
+// 3. state machine logic cannot be reordered in any way, breaking determinism.
 test "create/lookup/rollback transfers" {
-    var arena = std.heap.ArenaAllocator.init(std.heap.page_allocator);
-    defer arena.deinit();
-    const allocator = arena.allocator();
     var accounts = [_]Account{
-        std.mem.zeroInit(Account, .{ .id = 1 }),
-        std.mem.zeroInit(Account, .{ .id = 2 }),
-        std.mem.zeroInit(Account, .{ .id = 3, .unit = 1 }),
-        std.mem.zeroInit(Account, .{ .id = 4, .unit = 2 }),
-        std.mem.zeroInit(Account, .{ .id = 5, .flags = .{ .debits_must_not_exceed_credits = true } }),
-        std.mem.zeroInit(Account, .{ .id = 6, .flags = .{ .credits_must_not_exceed_debits = true } }),
-        std.mem.zeroInit(Account, .{ .id = 7 }),
-        std.mem.zeroInit(Account, .{ .id = 8 }),
+        mem.zeroInit(Account, .{
+            .id = 1,
+            .ledger = 1,
+            .code = 1,
+            .debits_pending = 100,
+            .debits_posted = 200,
+        }),
+        mem.zeroInit(Account, .{ .id = 2, .ledger = 2, .code = 2 }),
+        mem.zeroInit(Account, .{
+            .id = 3,
+            .ledger = 1,
+            .code = 1,
+            .credits_pending = 110,
+            .credits_posted = 210,
+        }),
+        mem.zeroInit(Account, .{
+            .id = 4,
+            .ledger = 1,
+            .code = 1,
+            .flags = .{ .debits_must_not_exceed_credits = true },
+            .debits_pending = 20,
+            .debits_posted = math.maxInt(u64) - 500 - 200,
+            .credits_pending = 0,
+            .credits_posted = math.maxInt(u64) - 500,
+        }),
+        mem.zeroInit(Account, .{
+            .id = 5,
+            .ledger = 1,
+            .code = 1,
+            .flags = .{ .credits_must_not_exceed_debits = true },
+            .debits_pending = 0,
+            .debits_posted = math.maxInt(u64) - 1000,
+            .credits_pending = 10,
+            .credits_posted = math.maxInt(u64) - 1000 - 100,
+        }),
     };
-    var state_machine = try StateMachine.init(allocator, accounts.len, 1, 0);
+    var state_machine = try StateMachine.init(testing.allocator, accounts.len, 1, 0);
     defer state_machine.deinit();
-    const input = std.mem.asBytes(&accounts);
-    const output = try allocator.alloc(u8, 4096);
+    const input = mem.asBytes(&accounts);
-    state_machine.prepare(0, .create_accounts, input);
+    const output = try testing.allocator.alloc(u8, 4096);
+    defer testing.allocator.free(output);
+    _ = state_machine.prepare(.create_accounts, input);
     const size = state_machine.commit(0, .create_accounts, input, output);
-    const errors = std.mem.bytesAsSlice(CreateAccountsResult, output[0..size]);
-    try testing.expectEqual(@as(usize, 0), errors.len);
+    const errors = mem.bytesAsSlice(CreateAccountsResult, output[0..size]);
+    try expect(errors.len == 0);
     for (accounts) |account| {
-        try testing.expectEqual(account, state_machine.get_account(account.id).?.*);
+        try expectEqual(account, state_machine.get_account(account.id).?.*);
     }
     const Vector = struct { result: CreateTransferResult, object: Transfer };
     const timestamp: u64 = (state_machine.commit_timestamp + 1);
     const vectors = [_]Vector{
-        Vector{
-            .result = .amount_is_zero,
-            .object = std.mem.zeroInit(Transfer, .{
+        .{
+            .result = .reserved_flag,
+            .object = mem.zeroInit(Transfer, .{
+                .id = 0,
+                .debit_account_id = 0,
+                .credit_account_id = 0,
+                .reserved = 1,
+                .pending_id = 1,
+                .timeout = 0,
+                .ledger = 0,
+                .code = 0,
+                .flags = .{ .pending = true, .padding = 1 },
+                .amount = 0,
+                .timestamp = timestamp,
+            }),
+        },
+        .{
+            .result = .reserved_field,
+            .object = mem.zeroInit(Transfer, .{
+                .id = 0,
+                .debit_account_id = 0,
+                .credit_account_id = 0,
+                .reserved = 1,
+                .pending_id = 1,
+                .timeout = 0,
+                .ledger = 0,
+                .code = 0,
+                .flags = .{ .pending = true },
+                .amount = 0,
+                .timestamp = timestamp,
+            }),
+        },
+        .{
+            .result = .id_must_not_be_zero,
+            .object = mem.zeroInit(Transfer, .{
+                .id = 0,
+                .debit_account_id = 0,
+                .credit_account_id = 0,
+                .pending_id = 1,
+                .timeout = 0,
+                .ledger = 0,
+                .code = 0,
+                .flags = .{ .pending = true },
+                .amount = 0,
+                .timestamp = timestamp,
+            }),
+        },
+        .{
+            .result = .debit_account_id_must_not_be_zero,
+            .object = mem.zeroInit(Transfer, .{
                 .id = 1,
+                .debit_account_id = 0,
+                .credit_account_id = 0,
+                .pending_id = 1,
+                .timeout = 0,
+                .ledger = 0,
+                .code = 0,
+                .flags = .{ .pending = true },
+                .amount = 0,
                 .timestamp = timestamp,
             }),
         },
-        Vector{
-            .result = .reserved_flag_padding,
-            .object = std.mem.zeroInit(Transfer, .{
-                .id = 2,
+        .{
+            .result = .credit_account_id_must_not_be_zero,
+            .object = mem.zeroInit(Transfer, .{
+                .id = 1,
+                .debit_account_id = 100,
+                .credit_account_id = 0,
+                .pending_id = 1,
+                .timeout = 0,
+                .ledger = 0,
+                .code = 0,
+                .flags = .{ .pending = true },
+                .amount = 0,
                 .timestamp = timestamp,
-                .flags = .{ .padding = 1 },
             }),
         },
-        Vector{
-            .result = .two_phase_commit_must_timeout,
-            .object = std.mem.zeroInit(Transfer, .{
-                .id = 3,
+        .{
+            .result = .accounts_must_be_different,
+            .object = mem.zeroInit(Transfer, .{
+                .id = 1,
+                .debit_account_id = 100,
+                .credit_account_id = 100,
+                .pending_id = 1,
+                .timeout = 0,
+                .ledger = 0,
+                .code = 0,
+                .flags = .{ .pending = true },
+                .amount = 0,
                 .timestamp = timestamp,
-                .flags = .{ .two_phase_commit = true },
             }),
         },
-        Vector{
-            .result = .timeout_reserved_for_two_phase_commit,
-            .object = std.mem.zeroInit(Transfer, .{
-                .id = 4,
+        .{
+            .result = .pending_id_must_be_zero,
+            .object = mem.zeroInit(Transfer, .{
+                .id = 1,
+                .debit_account_id = 100,
+                .credit_account_id = 200,
+                .pending_id = 1,
+                .timeout = 0,
+                .ledger = 0,
+                .code = 0,
+                .flags = .{ .pending = true },
+                .amount = 0,
                 .timestamp = timestamp,
+            }),
+        },
+        .{
+            .result = .pending_transfer_must_timeout,
+            .object = mem.zeroInit(Transfer, .{
+                .id = 1,
+                .debit_account_id = 100,
+                .credit_account_id = 200,
+                .timeout = 0,
+                .ledger = 0,
+                .code = 0,
+                .flags = .{ .pending = true },
+                .amount = 0,
+                .timestamp = timestamp,
+            }),
+        },
+        .{
+            .result = .timeout_reserved_for_pending_transfer,
+            .object = mem.zeroInit(Transfer, .{
+                .id = 1,
+                .debit_account_id = 100,
+                .credit_account_id = 200,
                 .timeout = 1,
+                .ledger = 0,
+                .code = 0,
+                .amount = 0,
+                .timestamp = timestamp,
             }),
         },
-        Vector{
-            .result = .reserved_field,
-            .object = std.mem.zeroInit(Transfer, .{
-                .id = 5,
+        .{
+            .result = .ledger_must_not_be_zero,
+            .object = mem.zeroInit(Transfer, .{
+                .id = 1,
+                .debit_account_id = 100,
+                .credit_account_id = 200,
+                .timeout = 1,
+                .ledger = 0,
+                .code = 0,
+                .flags = .{ .pending = true },
+                .amount = 0,
                 .timestamp = timestamp,
-                .flags = .{ .condition = false },
-                .reserved = [_]u8{1} ** 32,
             }),
         },
-        Vector{
-            .result = .accounts_are_the_same,
-            .object = std.mem.zeroInit(Transfer, .{
-                .id = 6,
+        .{
+            .result = .code_must_not_be_zero,
+            .object = mem.zeroInit(Transfer, .{
+                .id = 1,
+                .debit_account_id = 100,
+                .credit_account_id = 200,
+                .timeout = 1,
+                .ledger = 100,
+                .code = 0,
+                .flags = .{ .pending = true },
+                .amount = 0,
                 .timestamp = timestamp,
-                .amount = 10,
-                .debit_account_id = 1,
-                .credit_account_id = 1,
             }),
         },
-        Vector{
-            .result = .debit_account_not_found,
-            .object = std.mem.zeroInit(Transfer, .{
-                .id = 7,
+        .{
+            .result = .amount_must_not_be_zero,
+            .object = mem.zeroInit(Transfer, .{
+                .id = 1,
+                .debit_account_id = 100,
+                .credit_account_id = 200,
+                .timeout = 1,
+                .ledger = 100,
+                .code = 1,
+                .flags = .{ .pending = true },
+                .amount = 0,
                 .timestamp = timestamp,
-                .amount = 10,
+            }),
+        },
+        .{
+            .result = .debit_account_not_found,
+            .object = mem.zeroInit(Transfer, .{
+                .id = 1,
                 .debit_account_id = 100,
-                .credit_account_id = 1,
+                .credit_account_id = 200,
+                .timeout = 1,
+                .ledger = 100,
+                .code = 1,
+                .flags = .{ .pending = true },
+                .amount = 100,
+                .timestamp = timestamp,
             }),
         },
-        Vector{
+        .{
             .result = .credit_account_not_found,
-            .object = std.mem.zeroInit(Transfer, .{
-                .id = 8,
+            .object = mem.zeroInit(Transfer, .{
+                .id = 1,
+                .debit_account_id = 1,
+                .credit_account_id = 200,
+                .timeout = 1,
+                .ledger = 100,
+                .code = 1,
+                .flags = .{ .pending = true },
+                .amount = 100,
                 .timestamp = timestamp,
-                .amount = 10,
+            }),
+        },
+        .{
+            .result = .accounts_must_have_the_same_ledger,
+            .object = mem.zeroInit(Transfer, .{
+                .id = 1,
                 .debit_account_id = 1,
-                .credit_account_id = 100,
+                .credit_account_id = 2,
+                .ledger = 100,
+                .code = 1,
+                .amount = 1,
+                .timestamp = timestamp,
             }),
         },
-        Vector{
-            .result = .accounts_have_different_units,
-            .object = std.mem.zeroInit(Transfer, .{
-                .id = 9,
+        .{
+            .result = .transfer_must_have_the_same_ledger_as_accounts,
+            .object = mem.zeroInit(Transfer, .{
+                .id = 1,
+                .debit_account_id = 1,
+                .credit_account_id = 3,
+                .ledger = 100,
+                .code = 1,
+                .amount = 1,
                 .timestamp = timestamp,
-                .amount = 10,
-                .debit_account_id = 3,
-                .credit_account_id = 4,
             }),
         },
-        Vector{
-            .result = .exceeds_credits,
-            .object = std.mem.zeroInit(Transfer, .{
-                .id = 10,
+        .{
+            .result = .overflows_debits_pending,
+            .object = mem.zeroInit(Transfer, .{
+                .id = 1,
+                .debit_account_id = 1,
+                .credit_account_id = 3,
+                .timeout = 30000,
+                .ledger = 1,
+                .code = 1,
+                .flags = .{ .pending = true },
+                .amount = math.maxInt(u64) - accounts[1 - 1].debits_pending + 1,
                 .timestamp = timestamp,
-                .amount = 1000,
-                .debit_account_id = 5,
-                .credit_account_id = 1,
             }),
         },
-        Vector{
-            .result = .exceeds_debits,
-            .object = std.mem.zeroInit(Transfer, .{
-                .id = 11,
+        .{
+            .result = .overflows_credits_pending,
+            .object = mem.zeroInit(Transfer, .{
+                .id = 1,
+                .debit_account_id = 1,
+                .credit_account_id = 3,
+                .timeout = 30000,
+                .ledger = 1,
+                .code = 1,
+                .flags = .{ .pending = true },
+                .amount = math.maxInt(u64) - accounts[3 - 1].credits_pending + 1,
                 .timestamp = timestamp,
-                .amount = 1000,
+            }),
+        },
+        .{
+            .result = .overflows_debits_posted,
+            .object = mem.zeroInit(Transfer, .{
+                .id = 1,
                 .debit_account_id = 1,
-                .credit_account_id = 6,
+                .credit_account_id = 3,
+                .ledger = 1,
+                .code = 1,
+                .amount = math.maxInt(u64) - accounts[1 - 1].debits_posted + 1,
+                .timestamp = timestamp,
             }),
         },
-        Vector{
-            .result = .ok,
-            .object = std.mem.zeroInit(Transfer, .{
-                .id = 12,
+        .{
+            .result = .overflows_credits_posted,
+            .object = mem.zeroInit(Transfer, .{
+                .id = 1,
+                .debit_account_id = 1,
+                .credit_account_id = 3,
+                .ledger = 1,
+                .code = 1,
+                .amount = math.maxInt(u64) - accounts[3 - 1].credits_posted + 1,
                 .timestamp = timestamp,
-                .amount = 10,
-                .debit_account_id = 7,
-                .credit_account_id = 8,
             }),
         },
-        Vector{
-            .result = .exists,
-            .object = std.mem.zeroInit(Transfer, .{
-                .id = 12,
-                .timestamp = timestamp + 1,
-                .amount = 10,
-                .debit_account_id = 7,
-                .credit_account_id = 8,
+        .{
+            .result = .overflows_debits,
+            .object = mem.zeroInit(Transfer, .{
+                .id = 1,
+                .debit_account_id = 1,
+                .credit_account_id = 3,
+                .ledger = 1,
+                .code = 1,
+                .amount = math.maxInt(u64) -
+                    accounts[1 - 1].debits_pending -
+                    accounts[1 - 1].debits_posted + 1,
+                .timestamp = timestamp,
             }),
         },
-        Vector{
-            .result = .exists_with_different_debit_account_id,
-            .object = std.mem.zeroInit(Transfer, .{
-                .id = 12,
-                .timestamp = timestamp + 1,
-                .amount = 10,
-                .debit_account_id = 8,
-                .credit_account_id = 7,
+        .{
+            .result = .overflows_credits,
+            .object = mem.zeroInit(Transfer, .{
+                .id = 1,
+                .debit_account_id = 1,
+                .credit_account_id = 3,
+                .ledger = 1,
+                .code = 1,
+                .amount = math.maxInt(u64) -
+                    accounts[3 - 1].credits_pending -
+                    accounts[3 - 1].credits_posted + 1,
+                .timestamp = timestamp,
             }),
         },
-        Vector{
-            .result = .exists_with_different_credit_account_id,
-            .object = std.mem.zeroInit(Transfer, .{
-                .id = 12,
-                .timestamp = timestamp + 1,
-                .amount = 10,
-                .debit_account_id = 7,
-                .credit_account_id = 1,
+        .{
+            .result = .exceeds_credits,
+            .object = mem.zeroInit(Transfer, .{
+                .id = 1,
+                .debit_account_id = 4,
+                .credit_account_id = 5,
+                .ledger = 1,
+                .code = 1,
+                .amount = accounts[4 - 1].credits_posted -
+                    accounts[4 - 1].debits_pending -
+                    accounts[4 - 1].debits_posted + 1,
+                .timestamp = timestamp,
             }),
         },
-        Vector{
-            .result = .exists_with_different_amount,
-            .object = std.mem.zeroInit(Transfer, .{
-                .id = 12,
+        .{
+            .result = .exceeds_debits,
+            .object = mem.zeroInit(Transfer, .{
+                .id = 1,
+                .debit_account_id = 4,
+                .credit_account_id = 5,
+                .ledger = 1,
+                .code = 1,
+                .amount = accounts[5 - 1].debits_posted -
+                    accounts[5 - 1].credits_pending -
+                    accounts[5 - 1].credits_posted + 1,
+                .timestamp = timestamp,
+            }),
+        },
+        .{
+            .result = .ok,
+            .object = mem.zeroInit(Transfer, .{
+                .id = 1,
+                .debit_account_id = 1,
+                .credit_account_id = 3,
+                .timeout = 10000,
+                .ledger = 1,
+                .code = 1,
+                .flags = .{ .pending = true },
+                .amount = 123,
                 .timestamp = timestamp + 1,
-                .amount = 11,
-                .debit_account_id = 7,
-                .credit_account_id = 8,
             }),
         },
-        Vector{
+        .{
+            // Ensure that idempotence is only checked after validation.
+            .result = .transfer_must_have_the_same_ledger_as_accounts,
+            .object = mem.zeroInit(Transfer, .{
+                .id = 1,
+                .debit_account_id = 1,
+                .credit_account_id = 3,
+                .timeout = 10000,
+                .ledger = 2,
+                .code = 1,
+                .flags = .{ .pending = true },
+                .amount = 123,
+                .timestamp = timestamp + 2,
+            }),
+        },
+        .{
             .result = .exists_with_different_flags,
-            .object = std.mem.zeroInit(Transfer, .{
-                .id = 12,
-                .timestamp = timestamp + 1,
-                .amount = 10,
-                .debit_account_id = 7,
-                .credit_account_id = 8,
-                .flags = .{ .condition = true },
+            .object = mem.zeroInit(Transfer, .{
+                .id = 1,
+                .debit_account_id = 1,
+                .credit_account_id = 3,
+                .user_data = 1,
+                .ledger = 1,
+                .code = 2,
+                .flags = .{ .pending = false },
+                .amount = math.maxInt(u64),
+                .timestamp = timestamp + 2,
             }),
         },
-        Vector{
+        .{
+            .result = .exists_with_different_debit_account_id,
+            .object = mem.zeroInit(Transfer, .{
+                .id = 1,
+                .debit_account_id = 3,
+                .credit_account_id = 1,
+                .user_data = 1,
+                .timeout = 10000,
+                .ledger = 1,
+                .code = 2,
+                .flags = .{ .pending = true },
+                .amount = math.maxInt(u64),
+                .timestamp = timestamp + 2,
+            }),
+        },
+        .{
+            .result = .exists_with_different_credit_account_id,
+            .object = mem.zeroInit(Transfer, .{
+                .id = 1,
+                .debit_account_id = 1,
+                .credit_account_id = 4,
+                .user_data = 1,
+                .timeout = 10000,
+                .ledger = 1,
+                .code = 2,
+                .flags = .{ .pending = true },
+                .amount = math.maxInt(u64),
+                .timestamp = timestamp + 2,
+            }),
+        },
+        .{
             .result = .exists_with_different_user_data,
-            .object = std.mem.zeroInit(Transfer, .{
-                .id = 12,
-                .timestamp = timestamp + 1,
-                .amount = 10,
-                .debit_account_id = 7,
-                .credit_account_id = 8,
-                .user_data = 'A',
+            .object = mem.zeroInit(Transfer, .{
+                .id = 1,
+                .debit_account_id = 1,
+                .credit_account_id = 3,
+                .user_data = 1,
+                .timeout = 10000,
+                .ledger = 1,
+                .code = 2,
+                .flags = .{ .pending = true },
+                .amount = math.maxInt(u64),
+                .timestamp = timestamp + 2,
             }),
         },
-        Vector{
-            .result = .ok,
-            .object = std.mem.zeroInit(Transfer, .{
-                .id = 13,
-                .timestamp = timestamp + 1,
-                .amount = 10,
-                .debit_account_id = 7,
-                .credit_account_id = 8,
-                .flags = .{ .condition = true },
-                .reserved = [_]u8{1} ** 32,
+        .{
+            .result = .exists_with_different_timeout,
+            .object = mem.zeroInit(Transfer, .{
+                .id = 1,
+                .debit_account_id = 1,
+                .credit_account_id = 3,
+                .timeout = 10001,
+                .ledger = 1,
+                .code = 2,
+                .flags = .{ .pending = true },
+                .amount = math.maxInt(u64),
+                .timestamp = timestamp + 2,
             }),
         },
-        Vector{
-            .result = .exists_with_different_reserved_field,
-            .object = std.mem.zeroInit(Transfer, .{
-                .id = 13,
+        .{
+            .result = .exists_with_different_code,
+            .object = mem.zeroInit(Transfer, .{
+                .id = 1,
+                .debit_account_id = 1,
+                .credit_account_id = 3,
+                .timeout = 10000,
+                .ledger = 1,
+                .code = 2,
+                .flags = .{ .pending = true },
+                .amount = math.maxInt(u64),
                 .timestamp = timestamp + 2,
-                .amount = 10,
-                .debit_account_id = 7,
-                .credit_account_id = 8,
-                .flags = .{ .condition = true },
-                .reserved = [_]u8{2} ** 32,
             }),
         },
-        Vector{
-            .result = .timeout_reserved_for_two_phase_commit,
-            .object = std.mem.zeroInit(Transfer, .{
-                .id = 13,
+        .{
+            .result = .exists_with_different_amount,
+            .object = mem.zeroInit(Transfer, .{
+                .id = 1,
+                .debit_account_id = 1,
+                .credit_account_id = 3,
+                .timeout = 10000,
+                .ledger = 1,
+                .code = 1,
+                .flags = .{ .pending = true },
+                .amount = math.maxInt(u64),
                 .timestamp = timestamp + 2,
-                .amount = 10,
-                .debit_account_id = 7,
-                .credit_account_id = 8,
-                .flags = .{ .condition = true },
-                .reserved = [_]u8{1} ** 32,
-                .timeout = 10,
-            }),
-        },
-        Vector{
-            .result = .two_phase_commit_must_timeout,
-            .object = std.mem.zeroInit(Transfer, .{
-                .id = 14,
+            }),
+        },
+        .{
+            .result = .exists,
+            .object = mem.zeroInit(Transfer, .{
+                .id = 1,
+                .debit_account_id = 1,
+                .credit_account_id = 3,
+                .timeout = 10000,
+                .ledger = 1,
+                .code = 1,
+                .flags = .{ .pending = true },
+                .amount = 123,
                 .timestamp = timestamp + 2,
-                .amount = 10,
-                .debit_account_id = 7,
-                .credit_account_id = 8,
-                .flags = .{ .two_phase_commit = true },
-                .timeout = 0,
             }),
         },
-        Vector{
+        .{
             .result = .ok,
-            .object = std.mem.zeroInit(Transfer, .{
-                .id = 15,
+            .object = mem.zeroInit(Transfer, .{
+                .id = 2,
+                .debit_account_id = 3,
+                .credit_account_id = 1,
+                .ledger = 1,
+                .code = 2,
+                .amount = 7,
                 .timestamp = timestamp + 2,
-                .amount = 10,
-                .debit_account_id = 7,
-                .credit_account_id = 8,
-                .flags = .{ .two_phase_commit = true },
-                .timeout = 20,
             }),
         },
-        Vector{
-            .result = .exists_with_different_timeout,
-            .object = std.mem.zeroInit(Transfer, .{
-                .id = 15,
+        .{
+            .result = .ok,
+            .object = mem.zeroInit(Transfer, .{
+                .id = 3,
+                .debit_account_id = 1,
+                .credit_account_id = 3,
+                .ledger = 1,
+                .code = 2,
+                .amount = 3,
                 .timestamp = timestamp + 3,
-                .amount = 10,
-                .debit_account_id = 7,
-                .credit_account_id = 8,
-                .flags = .{ .two_phase_commit = true },
-                .timeout = 25,
             }),
         },
     };
-    for (vectors) |vector| {
-        try testing.expectEqual(vector.result, state_machine.create_transfer(vector.object));
+    for (vectors) |vector, i| {
+        const result = state_machine.create_transfer(&vector.object);
+        expectEqual(vector.result, result) catch |err| {
+            print_test_vector(i, vector.result, result, vector.object, err);
+            return err;
+        };
         if (vector.result == .ok) {
-            try testing.expectEqual(vector.object, state_machine.get_transfer(vector.object.id).?.*);
+            try expectEqual(vector.object, state_machine.get_transfer(vector.object.id).?.*);
         }
     }
-    // 2 phase commit [reserved]:
-    try testing.expectEqual(@as(u64, 10), state_machine.get_account(7).?.*.debits_reserved);
-    try testing.expectEqual(@as(u64, 0), state_machine.get_account(7).?.*.credits_reserved);
-    try testing.expectEqual(@as(u64, 10), state_machine.get_account(8).?.*.credits_reserved);
-    try testing.expectEqual(@as(u64, 0), state_machine.get_account(8).?.*.debits_reserved);
-    // 1 phase commit [accepted]:
-    try testing.expectEqual(@as(u64, 20), state_machine.get_account(7).?.*.debits_accepted);
-    try testing.expectEqual(@as(u64, 0), state_machine.get_account(7).?.*.credits_accepted);
-    try testing.expectEqual(@as(u64, 20), state_machine.get_account(8).?.*.credits_accepted);
-    try testing.expectEqual(@as(u64, 0), state_machine.get_account(8).?.*.debits_accepted);
-    // Rollback transfer with id [12], amount of 10:
-    state_machine.create_transfer_rollback(state_machine.get_transfer(vectors[11].object.id).?.*);
-    try testing.expectEqual(@as(u64, 10), state_machine.get_account(7).?.*.debits_accepted);
-    try testing.expectEqual(@as(u64, 0), state_machine.get_account(7).?.*.credits_accepted);
-    try testing.expectEqual(@as(u64, 10), state_machine.get_account(8).?.*.credits_accepted);
-    try testing.expectEqual(@as(u64, 0), state_machine.get_account(8).?.*.debits_accepted);
-    try testing.expect(state_machine.get_transfer(vectors[11].object.id) == null);
-    // Rollback transfer with id [15], amount of 10:
-    state_machine.create_transfer_rollback(state_machine.get_transfer(vectors[22].object.id).?.*);
-    try testing.expectEqual(@as(u64, 0), state_machine.get_account(7).?.*.debits_reserved);
-    try testing.expectEqual(@as(u64, 0), state_machine.get_account(8).?.*.credits_reserved);
-    try testing.expect(state_machine.get_transfer(vectors[22].object.id) == null);
-}
+    // Transfer 3:
+    try test_account_balances(&state_machine, 1, 100 + 123, 200 + 3, 0, 7);
+    try test_account_balances(&state_machine, 3, 0, 7, 110 + 123, 210 + 3);
+    state_machine.create_transfer_rollback(state_machine.get_transfer(3).?);
+    try test_account_balances(&state_machine, 1, 100 + 123, 200, 0, 7);
+    try test_account_balances(&state_machine, 3, 0, 7, 110 + 123, 210);
+    try expect(state_machine.get_transfer(3) == null);
+    // Transfer 2:
+    try test_account_balances(&state_machine, 1, 100 + 123, 200, 0, 7);
+    try test_account_balances(&state_machine, 3, 0, 7, 110 + 123, 210);
+    state_machine.create_transfer_rollback(state_machine.get_transfer(2).?);
+    try test_account_balances(&state_machine, 1, 100 + 123, 200, 0, 0);
+    try test_account_balances(&state_machine, 3, 0, 0, 110 + 123, 210);
+    try expect(state_machine.get_transfer(2) == null);
+    // Transfer 1:
+    try test_account_balances(&state_machine, 1, 100 + 123, 200, 0, 0);
+    try test_account_balances(&state_machine, 3, 0, 0, 110 + 123, 210);
+    state_machine.create_transfer_rollback(state_machine.get_transfer(1).?);
+    try test_account_balances(&state_machine, 1, 100, 200, 0, 0);
+    try test_account_balances(&state_machine, 3, 0, 0, 110, 210);
+    try expect(state_machine.get_transfer(1) == null);
-test "create/lookup/rollback commits" {
-    var arena = std.heap.ArenaAllocator.init(std.heap.page_allocator);
-    defer arena.deinit();
-    const allocator = arena.allocator();
-    const Vector = struct { result: CommitTransferResult, object: Commit };
+    for (accounts) |account| {
+        state_machine.create_account_rollback(&account);
+        try expect(state_machine.get_account(account.id) == null);
+    }
+}
+test "create/lookup/rollback 2-phase transfers" {
     var accounts = [_]Account{
-        std.mem.zeroInit(Account, .{ .id = 1 }),
-        std.mem.zeroInit(Account, .{ .id = 2 }),
-        std.mem.zeroInit(Account, .{ .id = 3 }),
-        std.mem.zeroInit(Account, .{ .id = 4 }),
+        mem.zeroInit(Account, .{ .id = 1, .ledger = 1, .code = 1 }),
+        mem.zeroInit(Account, .{ .id = 2, .ledger = 1, .code = 1 }),
     };
     var transfers = [_]Transfer{
-        std.mem.zeroInit(Transfer, .{
+        mem.zeroInit(Transfer, .{
             .id = 1,
-            .amount = 15,
             .debit_account_id = 1,
             .credit_account_id = 2,
+            .ledger = 1,
+            .code = 1,
+            .amount = 15,
         }),
-        std.mem.zeroInit(Transfer, .{
+        mem.zeroInit(Transfer, .{
             .id = 2,
-            .amount = 15,
             .debit_account_id = 1,
             .credit_account_id = 2,
-            .flags = .{ .two_phase_commit = true },
-            .timeout = 25,
+            .timeout = 1000,
+            .ledger = 1,
+            .code = 1,
+            .flags = .{ .pending = true },
+            .amount = 15,
         }),
-        std.mem.zeroInit(Transfer, .{
+        mem.zeroInit(Transfer, .{
             .id = 3,
-            .amount = 15,
             .debit_account_id = 1,
             .credit_account_id = 2,
-            .flags = .{ .two_phase_commit = true },
-            .timeout = 25,
+            .timeout = 5,
+            .ledger = 1,
+            .code = 1,
+            .flags = .{ .pending = true },
+            .amount = 15,
         }),
-        std.mem.zeroInit(Transfer, .{
+        mem.zeroInit(Transfer, .{
             .id = 4,
-            .amount = 15,
             .debit_account_id = 1,
             .credit_account_id = 2,
-            .flags = .{ .two_phase_commit = true },
             .timeout = 1,
-        }),
-        std.mem.zeroInit(Transfer, .{
-            .id = 5,
+            .ledger = 1,
+            .code = 1,
+            .flags = .{ .pending = true },
             .amount = 15,
-            .debit_account_id = 1,
-            .credit_account_id = 2,
-            .flags = .{
-                .two_phase_commit = true,
-                .condition = true,
-            },
-            .timeout = 25,
         }),
-        std.mem.zeroInit(Transfer, .{
-            .id = 6,
-            .amount = 15,
+        mem.zeroInit(Transfer, .{
+            .id = 5,
             .debit_account_id = 1,
             .credit_account_id = 2,
-            .flags = .{
-                .two_phase_commit = true,
-                .condition = false,
-            },
-            .timeout = 25,
-        }),
-        std.mem.zeroInit(Transfer, .{
-            .id = 7,
-            .amount = 15,
-            .debit_account_id = 3,
-            .credit_account_id = 4,
-            .flags = .{ .two_phase_commit = true },
-            .timeout = 25,
+            .user_data = 73,
+            .timeout = 6,
+            .ledger = 1,
+            .code = 1,
+            .flags = .{ .pending = true },
+            .amount = 7,
         }),
     };
-    var state_machine = try StateMachine.init(allocator, accounts.len, transfers.len, 1);
+    var state_machine = try StateMachine.init(testing.allocator, accounts.len, 100, 1);
     defer state_machine.deinit();
-    const input = std.mem.asBytes(&accounts);
-    const output = try allocator.alloc(u8, 4096);
+    // Create accounts:
+    const accounts_input = mem.asBytes(&accounts);
-    // Accounts:
-    state_machine.prepare(0, .create_accounts, input);
-    const size = state_machine.commit(0, .create_accounts, input, output);
+    const accounts_output = try testing.allocator.alloc(u8, 4096);
+    defer testing.allocator.free(accounts_output);
+    const accounts_timestamp = state_machine.prepare(.create_accounts, accounts_input);
     {
-        const errors = std.mem.bytesAsSlice(CreateAccountsResult, output[0..size]);
-        try testing.expectEqual(@as(usize, 0), errors.len);
+        const size = state_machine.commit(0, .create_accounts, accounts_input, accounts_output);
+        const errors = mem.bytesAsSlice(CreateAccountsResult, accounts_output[0..size]);
+        try expectEqual(@as(usize, 0), errors.len);
     }
     for (accounts) |account| {
-        try testing.expectEqual(account, state_machine.get_account(account.id).?.*);
+        try expectEqual(account, state_machine.get_account(account.id).?.*);
     }
-    // Transfers:
-    const object_transfers = std.mem.asBytes(&transfers);
-    const output_transfers = try allocator.alloc(u8, 4096);
+    // Create pending transfers:
+    const transfers_input = mem.asBytes(&transfers);
-    state_machine.prepare(0, .create_transfers, object_transfers);
-    const size_transfers = state_machine.commit(
-        0,
-        .create_transfers,
-        object_transfers,
-        output_transfers,
-    );
-    const errors = std.mem.bytesAsSlice(CreateTransfersResult, output_transfers[0..size_transfers]);
-    try testing.expectEqual(@as(usize, 0), errors.len);
+    const transfers_output = try testing.allocator.alloc(u8, 4096);
+    defer testing.allocator.free(transfers_output);
+    const transfers_timestamp = state_machine.prepare(.create_transfers, transfers_input);
+    try testing.expect(transfers_timestamp > accounts_timestamp);
+    {
+        const size = state_machine.commit(0, .create_transfers, transfers_input, transfers_output);
+        const errors = mem.bytesAsSlice(CreateTransfersResult, transfers_output[0..size]);
+        try expectEqual(@as(usize, 0), errors.len);
+    }
     for (transfers) |transfer| {
-        try testing.expectEqual(transfer, state_machine.get_transfer(transfer.id).?.*);
+        try expectEqual(transfer, state_machine.get_transfer(transfer.id).?.*);
     }
-    // Commits:
+    // Test balances before posting:
+    try test_account_balances(&state_machine, 1, 52, 15, 0, 0);
+    try test_account_balances(&state_machine, 2, 0, 0, 52, 15);
+    // Post pending transfers:
+    const Vector = struct { result: CreateTransferResult, object: Transfer };
     const timestamp: u64 = (state_machine.commit_timestamp + 1);
     const vectors = [_]Vector{
-        Vector{
-            .result = .reserved_field,
-            .object = std.mem.zeroInit(Commit, .{
-                .id = 1,
+        .{
+            .result = .ok,
+            .object = mem.zeroInit(Transfer, .{
+                .id = 101,
+                .debit_account_id = 1,
+                .credit_account_id = 2,
+                .user_data = 1000,
+                .pending_id = 2,
+                .ledger = 1,
+                .code = 1,
+                .flags = .{ .post_pending_transfer = true },
+                .amount = 13,
                 .timestamp = timestamp,
-                .reserved = [_]u8{1} ** 32,
             }),
         },
-        Vector{
-            .result = .reserved_flag_padding,
-            .object = std.mem.zeroInit(Commit, .{
-                .id = 1,
-                .timestamp = timestamp,
-                .flags = .{ .padding = 1 },
+        .{
+            .result = .cannot_post_and_void_pending_transfer,
+            .object = mem.zeroInit(Transfer, .{
+                .id = 101,
+                .debit_account_id = 10,
+                .credit_account_id = 20,
+                .user_data = 30,
+                .pending_id = 0,
+                .timeout = 50,
+                .ledger = 60,
+                .code = 70,
+                .flags = .{
+                    .pending = true,
+                    .post_pending_transfer = true,
+                    .void_pending_transfer = true,
+                },
+                .amount = 80,
+                .timestamp = timestamp + 1,
             }),
         },
-        Vector{
-            .result = .transfer_not_found,
-            .object = std.mem.zeroInit(Commit, .{
-                .id = 777,
-                .timestamp = timestamp,
+        .{
+            .result = .pending_transfer_cannot_post_or_void_another,
+            .object = mem.zeroInit(Transfer, .{
+                .id = 101,
+                .debit_account_id = 10,
+                .credit_account_id = 20,
+                .user_data = 30,
+                .pending_id = 0,
+                .timeout = 50,
+                .ledger = 60,
+                .code = 70,
+                .flags = .{
+                    .pending = true,
+                    .void_pending_transfer = true,
+                },
+                .amount = 80,
+                .timestamp = timestamp + 1,
             }),
         },
-        Vector{
-            .result = .transfer_not_two_phase_commit,
-            .object = std.mem.zeroInit(Commit, .{
-                .id = 1,
-                .timestamp = timestamp,
+        .{
+            .result = .timeout_reserved_for_pending_transfer,
+            .object = mem.zeroInit(Transfer, .{
+                .id = 101,
+                .debit_account_id = 10,
+                .credit_account_id = 20,
+                .user_data = 30,
+                .timeout = 50,
+                .ledger = 60,
+                .code = 70,
+                .flags = .{
+                    .void_pending_transfer = true,
+                },
+                .amount = 80,
+                .timestamp = timestamp + 1,
             }),
         },
-        Vector{
-            .result = .ok,
-            .object = std.mem.zeroInit(Commit, .{
-                .id = 2,
-                .timestamp = timestamp,
+        .{
+            .result = .pending_id_must_not_be_zero,
+            .object = mem.zeroInit(Transfer, .{
+                .id = 101,
+                .debit_account_id = 10,
+                .credit_account_id = 20,
+                .user_data = 30,
+                .pending_id = 0,
+                .ledger = 60,
+                .code = 70,
+                .flags = .{
+                    .void_pending_transfer = true,
+                },
+                .amount = 80,
+                .timestamp = timestamp + 1,
             }),
         },
-        Vector{
-            .result = .already_committed_but_accepted,
-            .object = std.mem.zeroInit(Commit, .{
-                .id = 2,
+        .{
+            .result = .pending_id_must_be_different,
+            .object = mem.zeroInit(Transfer, .{
+                .id = 101,
+                .debit_account_id = 10,
+                .credit_account_id = 20,
+                .user_data = 30,
+                .pending_id = 101,
+                .ledger = 60,
+                .code = 70,
+                .flags = .{
+                    .void_pending_transfer = true,
+                },
+                .amount = 80,
                 .timestamp = timestamp + 1,
-                .flags = .{ .reject = true },
             }),
         },
-        Vector{
-            .result = .already_committed,
-            .object = std.mem.zeroInit(Commit, .{
-                .id = 2,
+        .{
+            .result = .pending_transfer_not_found,
+            .object = mem.zeroInit(Transfer, .{
+                .id = 101,
+                .debit_account_id = 10,
+                .credit_account_id = 20,
+                .user_data = 30,
+                .pending_id = 102,
+                .ledger = 60,
+                .code = 70,
+                .flags = .{
+                    .void_pending_transfer = true,
+                },
+                .amount = 80,
                 .timestamp = timestamp + 1,
             }),
         },
-        Vector{
-            .result = .ok,
-            .object = std.mem.zeroInit(Commit, .{
-                .id = 3,
+        .{
+            .result = .pending_transfer_not_pending,
+            .object = mem.zeroInit(Transfer, .{
+                .id = 101,
+                .debit_account_id = 10,
+                .credit_account_id = 20,
+                .user_data = 30,
+                .pending_id = 1,
+                .ledger = 60,
+                .code = 70,
+                .flags = .{
+                    .void_pending_transfer = true,
+                },
+                .amount = 80,
                 .timestamp = timestamp + 1,
-                .flags = .{ .reject = true },
             }),
         },
-        Vector{
-            .result = .already_committed_but_rejected,
-            .object = std.mem.zeroInit(Commit, .{
-                .id = 3,
-                .timestamp = timestamp + 2,
+        .{
+            .result = .pending_transfer_has_different_debit_account_id,
+            .object = mem.zeroInit(Transfer, .{
+                .id = 101,
+                .debit_account_id = 10,
+                .credit_account_id = 20,
+                .user_data = 30,
+                .pending_id = 2,
+                .ledger = 60,
+                .code = 70,
+                .flags = .{
+                    .void_pending_transfer = true,
+                },
+                .amount = 80,
+                .timestamp = timestamp + 1,
             }),
         },
-        Vector{
-            .result = .transfer_expired,
-            .object = std.mem.zeroInit(Commit, .{
-                .id = 4,
-                .timestamp = timestamp + 2,
+        .{
+            .result = .pending_transfer_has_different_credit_account_id,
+            .object = mem.zeroInit(Transfer, .{
+                .id = 101,
+                .debit_account_id = 1,
+                .credit_account_id = 20,
+                .user_data = 30,
+                .pending_id = 2,
+                .ledger = 60,
+                .code = 70,
+                .flags = .{
+                    .void_pending_transfer = true,
+                },
+                .amount = 80,
+                .timestamp = timestamp + 1,
+            }),
+        },
+        .{
+            .result = .pending_transfer_has_different_ledger,
+            .object = mem.zeroInit(Transfer, .{
+                .id = 101,
+                .debit_account_id = 1,
+                .credit_account_id = 2,
+                .user_data = 30,
+                .pending_id = 2,
+                .ledger = 60,
+                .code = 70,
+                .flags = .{
+                    .void_pending_transfer = true,
+                },
+                .amount = 80,
+                .timestamp = timestamp + 1,
+            }),
+        },
+        .{
+            .result = .pending_transfer_has_different_code,
+            .object = mem.zeroInit(Transfer, .{
+                .id = 101,
+                .debit_account_id = 1,
+                .credit_account_id = 2,
+                .user_data = 30,
+                .pending_id = 2,
+                .ledger = 1,
+                .code = 70,
+                .flags = .{
+                    .void_pending_transfer = true,
+                },
+                .amount = 80,
+                .timestamp = timestamp + 1,
+            }),
+        },
+        .{
+            .result = .exceeds_pending_transfer_amount,
+            .object = mem.zeroInit(Transfer, .{
+                .id = 101,
+                .debit_account_id = 1,
+                .credit_account_id = 2,
+                .user_data = 7000,
+                .pending_id = 2,
+                .ledger = 1,
+                .code = 1,
+                .flags = .{
+                    .void_pending_transfer = true,
+                },
+                .amount = 80,
+                .timestamp = timestamp + 1,
+            }),
+        },
+        .{
+            .result = .pending_transfer_has_different_amount,
+            .object = mem.zeroInit(Transfer, .{
+                .id = 101,
+                .debit_account_id = 1,
+                .credit_account_id = 2,
+                .user_data = 7000,
+                .pending_id = 2,
+                .ledger = 1,
+                .code = 1,
+                .flags = .{
+                    .void_pending_transfer = true,
+                },
+                .amount = 1,
+                .timestamp = timestamp + 1,
+            }),
+        },
+        .{
+            .result = .exists_with_different_flags,
+            .object = mem.zeroInit(Transfer, .{
+                .id = 101,
+                .debit_account_id = 0,
+                .credit_account_id = 0,
+                .user_data = 7000,
+                .pending_id = 3,
+                .ledger = 0,
+                .code = 0,
+                .flags = .{
+                    .void_pending_transfer = true,
+                },
+                .amount = 15,
+                .timestamp = timestamp + 1,
             }),
         },
-        Vector{
-            .result = .condition_requires_preimage,
-            .object = std.mem.zeroInit(Commit, .{
-                .id = 5,
+        .{
+            .result = .exists_with_different_pending_id,
+            .object = mem.zeroInit(Transfer, .{
+                .id = 101,
+                .debit_account_id = 1,
+                .credit_account_id = 2,
+                .user_data = 7000,
+                .pending_id = 3,
+                .ledger = 1,
+                .code = 1,
+                .flags = .{
+                    .post_pending_transfer = true,
+                },
+                .amount = 14,
+                .timestamp = timestamp + 1,
+            }),
+        },
+        .{
+            .result = .exists_with_different_user_data,
+            .object = mem.zeroInit(Transfer, .{
+                .id = 101,
+                .debit_account_id = 1,
+                .credit_account_id = 2,
+                .user_data = 7000,
+                .pending_id = 2,
+                .ledger = 1,
+                .code = 1,
+                .flags = .{
+                    .post_pending_transfer = true,
+                },
+                .amount = 14,
+                .timestamp = timestamp + 1,
+            }),
+        },
+        .{
+            .result = .exists_with_different_user_data,
+            .object = mem.zeroInit(Transfer, .{
+                .id = 101,
+                .debit_account_id = 1,
+                .credit_account_id = 2,
+                .user_data = 0,
+                .pending_id = 2,
+                .ledger = 1,
+                .code = 1,
+                .flags = .{
+                    .post_pending_transfer = true,
+                },
+                .amount = 14,
+                .timestamp = timestamp + 1,
+            }),
+        },
+        .{
+            .result = .exists_with_different_amount,
+            .object = mem.zeroInit(Transfer, .{
+                .id = 101,
+                .debit_account_id = 1,
+                .credit_account_id = 2,
+                .user_data = 1000,
+                .pending_id = 2,
+                .ledger = 1,
+                .code = 1,
+                .flags = .{
+                    .post_pending_transfer = true,
+                },
+                .amount = 14,
+                .timestamp = timestamp + 1,
+            }),
+        },
+        .{
+            .result = .exists_with_different_amount,
+            .object = mem.zeroInit(Transfer, .{
+                .id = 101,
+                .debit_account_id = 1,
+                .credit_account_id = 2,
+                .user_data = 1000,
+                .pending_id = 2,
+                .ledger = 1,
+                .code = 1,
+                .flags = .{
+                    .post_pending_transfer = true,
+                },
+                .amount = 0,
+                .timestamp = timestamp + 1,
+            }),
+        },
+        .{
+            .result = .exists,
+            .object = mem.zeroInit(Transfer, .{
+                .id = 101,
+                .debit_account_id = 1,
+                .credit_account_id = 2,
+                .user_data = 1000,
+                .pending_id = 2,
+                .ledger = 1,
+                .code = 1,
+                .flags = .{
+                    .post_pending_transfer = true,
+                },
+                .amount = 13,
+                .timestamp = timestamp + 1,
+            }),
+        },
+        .{
+            .result = .pending_transfer_already_posted,
+            .object = mem.zeroInit(Transfer, .{
+                .id = 102,
+                .debit_account_id = 1,
+                .credit_account_id = 2,
+                .user_data = 1000,
+                .pending_id = 2,
+                .ledger = 1,
+                .code = 1,
+                .flags = .{
+                    .post_pending_transfer = true,
+                },
+                .amount = 13,
+                .timestamp = timestamp + 1,
+            }),
+        },
+        .{
+            .result = .ok,
+            .object = mem.zeroInit(Transfer, .{
+                .id = 103,
+                .debit_account_id = 0,
+                .credit_account_id = 0,
+                .user_data = 0,
+                .pending_id = 3,
+                .ledger = 0,
+                .code = 0,
+                .flags = .{ .void_pending_transfer = true },
+                .amount = 15,
+                .timestamp = timestamp + 1,
+            }),
+        },
+        .{
+            .result = .pending_transfer_already_voided,
+            .object = mem.zeroInit(Transfer, .{
+                .id = 102,
+                .debit_account_id = 1,
+                .credit_account_id = 2,
+                .user_data = 1000,
+                .pending_id = 3,
+                .ledger = 1,
+                .code = 1,
+                .flags = .{
+                    .post_pending_transfer = true,
+                },
+                .amount = 13,
                 .timestamp = timestamp + 2,
             }),
         },
-        Vector{
-            .result = .preimage_invalid,
-            .object = std.mem.zeroInit(Commit, .{
-                .id = 5,
+        .{
+            .result = .pending_transfer_expired,
+            .object = mem.zeroInit(Transfer, .{
+                .id = 102,
+                .debit_account_id = 1,
+                .credit_account_id = 2,
+                .user_data = 4000,
+                .pending_id = 4,
+                .ledger = 1,
+                .code = 1,
+                .flags = .{
+                    .void_pending_transfer = true,
+                },
+                .amount = 15,
                 .timestamp = timestamp + 2,
-                .flags = .{ .preimage = true },
-                .reserved = [_]u8{1} ** 32,
             }),
         },
-        Vector{
-            .result = .preimage_requires_condition,
-            .object = std.mem.zeroInit(Commit, .{
-                .id = 6,
+        .{
+            .result = .ok,
+            .object = mem.zeroInit(Transfer, .{
+                .id = 105,
+                .debit_account_id = 0,
+                .credit_account_id = 0,
+                .user_data = 0,
+                .pending_id = 5,
+                .ledger = 0,
+                .code = 0,
+                .flags = .{ .post_pending_transfer = true },
+                .amount = 0,
                 .timestamp = timestamp + 2,
-                .flags = .{ .preimage = true },
             }),
         },
     };
-    // Test balances BEFORE commit
-    // Account 1:
-    const account_1_before = state_machine.get_account(1).?.*;
-    try testing.expectEqual(@as(u64, 15), account_1_before.debits_accepted);
-    try testing.expectEqual(@as(u64, 75), account_1_before.debits_reserved);
-    try testing.expectEqual(@as(u64, 0), account_1_before.credits_accepted);
-    try testing.expectEqual(@as(u64, 0), account_1_before.credits_reserved);
-    // Account 2:
-    const account_2_before = state_machine.get_account(2).?.*;
-    try testing.expectEqual(@as(u64, 0), account_2_before.debits_accepted);
-    try testing.expectEqual(@as(u64, 0), account_2_before.debits_reserved);
-    try testing.expectEqual(@as(u64, 15), account_2_before.credits_accepted);
-    try testing.expectEqual(@as(u64, 75), account_2_before.credits_reserved);
-    for (vectors) |vector| {
-        try testing.expectEqual(vector.result, state_machine.commit_transfer(vector.object));
+    for (vectors) |vector, i| {
+        const result = state_machine.create_transfer(&vector.object);
+        expectEqual(vector.result, result) catch |err| {
+            print_test_vector(i, vector.result, result, vector.object, err);
+            return err;
+        };
         if (vector.result == .ok) {
-            try testing.expectEqual(vector.object, state_machine.get_commit(vector.object.id).?.*);
+            // Test that posted values inherit from the pending or posting transfer:
+            const pending = state_machine.get_transfer(vector.object.pending_id).?.*;
+            const posted = state_machine.get_transfer(vector.object.id).?.*;
+            const user_data = if (vector.object.user_data == 0)
+                pending.user_data
+            else
+                vector.object.user_data;
+            const amount = if (vector.object.amount == 0)
+                pending.amount
+            else
+                vector.object.amount;
+            const expected = Transfer{
+                .id = vector.object.id,
+                .debit_account_id = pending.debit_account_id,
+                .credit_account_id = pending.credit_account_id,
+                .user_data = user_data,
+                .reserved = 0,
+                .pending_id = pending.id,
+                .timeout = 0,
+                .ledger = pending.ledger,
+                .code = pending.code,
+                .flags = vector.object.flags,
+                .amount = amount,
+                .timestamp = vector.object.timestamp,
+            };
+            expectEqual(expected, posted) catch |err| {
+                print_test_vector(
+                    i,
+                    expected,
+                    posted,
+                    vector.object,
+                    err,
+                );
+                return err;
+            };
         }
     }
-    // Test balances AFTER commit
-    // Account 1:
-    const account_1_after = state_machine.get_account(1).?.*;
-    try testing.expectEqual(@as(u64, 30), account_1_after.debits_accepted);
-    // +15 (acceptance applied):
-    try testing.expectEqual(@as(u64, 45), account_1_after.debits_reserved);
-    // -15 (reserved moved):
-    try testing.expectEqual(@as(u64, 0), account_1_after.credits_accepted);
-    try testing.expectEqual(@as(u64, 0), account_1_after.credits_reserved);
-    // Account 2:
-    const account_2_after = state_machine.get_account(2).?.*;
-    try testing.expectEqual(@as(u64, 0), account_2_after.debits_accepted);
-    try testing.expectEqual(@as(u64, 0), account_2_after.debits_reserved);
-    // +15 (acceptance applied):
-    try testing.expectEqual(@as(u64, 30), account_2_after.credits_accepted);
-    // -15 (reserved moved):
-    try testing.expectEqual(@as(u64, 45), account_2_after.credits_reserved);
-    // Test COMMIT with invalid debit/credit accounts
-    state_machine.create_account_rollback(accounts[3]);
-    try testing.expect(state_machine.get_account(accounts[3].id) == null);
-    try testing.expectEqual(
-        state_machine.commit_transfer(std.mem.zeroInit(Commit, .{
-            .id = 7,
-            .timestamp = timestamp + 2,
-        })),
-        .credit_account_not_found,
-    );
-    state_machine.create_account_rollback(accounts[2]);
-    try testing.expect(state_machine.get_account(accounts[2].id) == null);
-    try testing.expectEqual(
-        state_machine.commit_transfer(std.mem.zeroInit(Commit, .{
-            .id = 7,
-            .timestamp = timestamp + 2,
-        })),
-        .debit_account_not_found,
-    );
+    // Balances after posting:
+    try test_account_balances(&state_machine, 1, 15, 35, 0, 0);
+    try test_account_balances(&state_machine, 2, 0, 0, 15, 35);
+    // Rollback posting transfer (different amount):
+    assert(vectors[0].result == .ok);
+    try test_transfer_rollback(&state_machine, &vectors[0].object);
+    try test_account_balances(&state_machine, 1, 30, 22, 0, 0);
+    try test_account_balances(&state_machine, 2, 0, 0, 30, 22);
+    // Rollback voiding transfer:
+    assert(vectors[22].result == .ok);
+    try test_transfer_rollback(&state_machine, &vectors[22].object);
+    try test_account_balances(&state_machine, 1, 45, 22, 0, 0);
+    try test_account_balances(&state_machine, 2, 0, 0, 45, 22);
+    // Rollback posting transfer (zero amount):
+    assert(vectors[25].result == .ok);
+    try test_transfer_rollback(&state_machine, &vectors[25].object);
+    try test_account_balances(&state_machine, 1, 52, 15, 0, 0);
+    try test_account_balances(&state_machine, 2, 0, 0, 52, 15);
+    // Rollback all pending transfers:
+    try test_transfer_rollback(&state_machine, &transfers[1]);
+    try test_account_balances(&state_machine, 1, 37, 15, 0, 0);
+    try test_account_balances(&state_machine, 2, 0, 0, 37, 15);
+    try test_transfer_rollback(&state_machine, &transfers[2]);
+    try test_account_balances(&state_machine, 1, 22, 15, 0, 0);
+    try test_account_balances(&state_machine, 2, 0, 0, 22, 15);
+    try test_transfer_rollback(&state_machine, &transfers[3]);
+    try test_account_balances(&state_machine, 1, 7, 15, 0, 0);
+    try test_account_balances(&state_machine, 2, 0, 0, 7, 15);
+    try test_transfer_rollback(&state_machine, &transfers[4]);
+    try test_account_balances(&state_machine, 1, 0, 15, 0, 0);
+    try test_account_balances(&state_machine, 2, 0, 0, 0, 15);
+    // Rollback transfer:
+    try test_transfer_rollback(&state_machine, &transfers[0]);
+    try test_account_balances(&state_machine, 1, 0, 0, 0, 0);
+    try test_account_balances(&state_machine, 2, 0, 0, 0, 0);
+}
-    // Rollback [id=2] not rejected:
-    state_machine.commit_transfer_rollback(vectors[4].object);
-    // Account 1:
-    const account_1_rollback = state_machine.get_account(1).?.*;
-    // -15 (rollback):
-    try testing.expectEqual(@as(u64, 15), account_1_rollback.debits_accepted);
-    try testing.expectEqual(@as(u64, 60), account_1_rollback.debits_reserved);
-    try testing.expectEqual(@as(u64, 0), account_1_rollback.credits_accepted);
-    try testing.expectEqual(@as(u64, 0), account_1_rollback.credits_reserved);
-    // Account 2:
-    const account_2_rollback = state_machine.get_account(2).?.*;
-    try testing.expectEqual(@as(u64, 0), account_2_rollback.debits_accepted);
-    try testing.expectEqual(@as(u64, 0), account_2_rollback.debits_reserved);
-    // -15 (rollback):
-    try testing.expectEqual(@as(u64, 15), account_2_rollback.credits_accepted);
-    try testing.expectEqual(@as(u64, 60), account_2_rollback.credits_reserved);
-    // Rollback [id=3] rejected:
-    state_machine.commit_transfer_rollback(vectors[7].object);
-    // Account 1:
-    const account_1_rollback_reject = state_machine.get_account(1).?.*;
-    try testing.expectEqual(@as(u64, 15), account_1_rollback_reject.debits_accepted);
-    // Remains unchanged:
-    try testing.expectEqual(@as(u64, 75), account_1_rollback_reject.debits_reserved);
-    // +15 rolled back:
-    try testing.expectEqual(@as(u64, 0), account_1_rollback_reject.credits_accepted);
-    try testing.expectEqual(@as(u64, 0), account_1_rollback_reject.credits_reserved);
-    // Account 2:
-    const account_2_rollback_reject = state_machine.get_account(2).?.*;
-    try testing.expectEqual(@as(u64, 0), account_2_rollback_reject.debits_accepted);
-    try testing.expectEqual(@as(u64, 0), account_2_rollback_reject.debits_reserved);
-    try testing.expectEqual(@as(u64, 15), account_2_rollback_reject.credits_accepted);
-    // +15 rolled back"
-    try testing.expectEqual(@as(u64, 75), account_2_rollback_reject.credits_reserved);
+fn print_test_vector(
+    i: usize,
+    result_expect: anytype,
+    result_actual: anytype,
+    vector_object: anytype,
+    err: anyerror,
+) void {
+    std.debug.print("\nindex={}\n\nexpect: {}\n\nactual: {}\n\nobject: {}\n\nerr={}", .{
+        i,
+        result_expect,
+        result_actual,
+        vector_object,
+        err,
+    });
 }
-fn test_routine_zeroed(comptime len: usize) !void {
-    const routine = switch (len) {
+fn test_account_balances(
+    state_machine: *const StateMachine,
+    account_id: u128,
+    debits_pending: u64,
+    debits_posted: u64,
+    credits_pending: u64,
+    credits_posted: u64,
+) !void {
+    const account = state_machine.get_account(account_id).?.*;
+    try expectEqual(debits_pending, account.debits_pending);
+    try expectEqual(debits_posted, account.debits_posted);
+    try expectEqual(credits_pending, account.credits_pending);
+    try expectEqual(credits_posted, account.credits_posted);
+}
+fn test_transfer_rollback(state_machine: *StateMachine, transfer: *const Transfer) !void {
+    assert(state_machine.get_transfer(transfer.id) != null);
+    state_machine.create_transfer_rollback(transfer);
+    try expect(state_machine.get_transfer(transfer.id) == null);
+    if (transfer.flags.post_pending_transfer or transfer.flags.void_pending_transfer) {
+        try expect(state_machine.get_posted(transfer.pending_id) == null);
+    }
+}
+test "zeroed_32_bytes" {
+    try test_zeroed_n_bytes(32);
+}
+test "zeroed_48_bytes" {
+    try test_zeroed_n_bytes(48);
+}
+fn test_zeroed_n_bytes(comptime n: usize) !void {
+    const routine = switch (n) {
         32 => zeroed_32_bytes,
         48 => zeroed_48_bytes,
         else => unreachable,
     };
-    var a = [_]u8{0} ** len;
+    var a = [_]u8{0} ** n;
     var i: usize = 0;
     while (i < a.len) : (i += 1) {
         a[i] = 1;
-        try testing.expectEqual(false, routine(a));
+        try expectEqual(false, routine(a));
         a[i] = 0;
     }
-    try testing.expectEqual(true, routine(a));
+    try expectEqual(true, routine(a));
+}
+test "equal_32_bytes" {
+    try test_equal_n_bytes(32);
+}
+test "equal_48_bytes" {
+    try test_equal_n_bytes(48);
 }
-fn test_routine_equal(comptime len: usize) !void {
-    const routine = switch (len) {
+fn test_equal_n_bytes(comptime n: usize) !void {
+    const routine = switch (n) {
         32 => equal_32_bytes,
         48 => equal_48_bytes,
         else => unreachable,
     };
-    var a = [_]u8{0} ** len;
-    var b = [_]u8{0} ** len;
+    var a = [_]u8{0} ** n;
+    var b = [_]u8{0} ** n;
     var i: usize = 0;
     while (i < a.len) : (i += 1) {
         a[i] = 1;
-        try testing.expectEqual(false, routine(a, b));
+        try expectEqual(false, routine(a, b));
         a[i] = 0;
         b[i] = 1;
-        try testing.expectEqual(false, routine(a, b));
+        try expectEqual(false, routine(a, b));
         b[i] = 0;
     }
-    try testing.expectEqual(true, routine(a, b));
-}
-test "zeroed_32_bytes" {
-    try test_routine_zeroed(32);
-}
-test "zeroed_48_bytes" {
-    try test_routine_zeroed(48);
-}
-test "equal_32_bytes" {
-    try test_routine_equal(32);
-}
-test "equal_48_bytes" {
-    try test_routine_equal(48);
+    try expectEqual(true, routine(a, b));
 }