store: Make db thread-safe. #1892
Conversation
157435e to
c37efe0
Compare
store/db.go
Outdated
There was a problem hiding this comment.
What does "XXX" mean in the comment?
There was a problem hiding this comment.
https://en.wikipedia.org/wiki/Comment_%28computer_programming%29
XXX - warn other programmers of problematic or misguiding code
store/db.go
Outdated
There was a problem hiding this comment.
No, it's not just for making the race detector happy, it's to prevent legitimate races!
There was a problem hiding this comment.
@jonboulle Why? The first thing is Open() is to acquire a flock, and the last thing in Close() is to close the flock. All the code between these two lines are within the critical section.
c37efe0 to
28b95e0
Compare
|
I'm concerned this is insufficient to make the store.DB threadsafe (which is I assume what you really want). For example, walking through two concurrent Correct me if I'm totally misreading this, but otherwise there are several different race problems in the above. |
|
@jonboulle #1892 (comment) See this example: |
|
Happily, you're correct - I totally missed we're creating new file descriptors for each lock so then the flocks AREN'T reentrant. Hm, I still wonder if there is some cleaner way we can beat the race detector though |
|
Can we wrap the |
Will do. I figured out maybe it's the title that misleaded you, sorry :) |
48db311 to
a7bb9a7
Compare
|
Actually I just put the mutex locking before the flock. |
store/db.go
Outdated
There was a problem hiding this comment.
Need to db.Unlock() here. I feel a bit uneasy about all this :/
6bcaf6b to
762fd92
Compare
|
Updated |
|
LGTM, but another pair of eyes would be good too. |
|
or @vcaputo if he's around |
There was a problem hiding this comment.
How about we move the unlocking of the mutex above unlocking of the file lock? That way we have a LIFO unlocking, and we always unlock the locked mutex, even if file unlock fails.
There was a problem hiding this comment.
@krnowak Why we want to unlock the mutex when we failed to unlock flock?
#1892 (comment)
I think from man flock(2), unlocking a flock could return EBADF EINTR EINVAL. If we use the dbLock correct here, I can't imagine there should be failures except for memory flips. So I think when a failure happens, we should be able to retry. However if we move the mutex unlock above, we can't retry.
There was a problem hiding this comment.
@yifan-gu: I was treating flock like an another kind of mutex, so you usually do locking/unlocking in stack like manner (l1.lock, l2.lock, l2.unlock, l1.unlock). OTOH, we don't really care about sync.Mutex (it is here to shut up go race detector), so your reasoning is fair enough for me.
39eefb2 to
208be98
Compare
|
@krnowak Thanks for the review :) Updated. Except for the ordering of unlocking. |
|
lgtm, but are we sure this change is all that's needed to make safe what that panic and the existing lock implementation looks to be pretty intentionally preventing? @yifan-gu |
|
@vcaputo So that previous panic assumes that there is no concurrent tries of acquiring the flock in one process (one single call of The mutex doesn't have much effect here as flock also provides thread-safety, it's merely for the go race detector. |
|
Makes sense |
store/db_test.go
Outdated
There was a problem hiding this comment.
err at this point is always nil, so return value, nil, please.
|
Small nitpicks, otherwise LFAD. |
|
nit fixed. Will merge once this is green |
|
Merging this to fix #1890 |
Fix #1890