The logic is this: we start state transfer - and we crash before we know how it ended. So we have no idea what state datadir is in. In this situation we technically cannot leave grastate.dat valid. That's why mark_unsafe() was strategically (and deliberately) placed so, that in case of any state transfer error we have invalidated grastate file. It also gets deliberately invalidated in case any inconsistency is detected (e.g. duplicate key) when applying writesets, including IST.
Raghavendra,
The logic is this: we start state transfer - and we crash before we know how it ended. So we have no idea what state datadir is in. In this situation we technically cannot leave grastate.dat valid. That's why mark_unsafe() was strategically (and deliberately) placed so, that in case of any state transfer error we have invalidated grastate file. It also gets deliberately invalidated in case any inconsistency is detected (e.g. duplicate key) when applying writesets, including IST.