From: Vladimir Davydov <vdavydov.dev@gmail.com> To: Vladislav Shpilevoy <v.shpilevoy@tarantool.org> Cc: tarantool-patches@freelists.org, kostja@tarantool.org Subject: Re: [tarantool-patches] [PATCH 1/1] vinyl: fix crash in vinyl_iterator_secondary_next Date: Sat, 12 May 2018 03:30:09 +0300 [thread overview] Message-ID: <20180512003009.7wwgg3ecdsfibzcy@esperanza> (raw) In-Reply-To: <dff067540ee7081cc4e488f283b7475f72b0c937.1526080999.git.v.shpilevoy@tarantool.org> On Sat, May 12, 2018 at 02:24:41AM +0300, Vladislav Shpilevoy wrote: > + > +-- > +-- gh-3393: vinyl secondary index iterator must take in the hopper > +-- that a tuple can disappear from the primary index after the > +-- secondary index lookup. > +-- > +s = box.schema.create_space('test', {engine = 'vinyl'}) > +pk = s:create_index('pk') > +sk = s:create_index('sk', {parts = {{2, 'unsigned'}, {1, 'unsigned'}}}) > +s:replace{1, 2} > +s:replace{3, 4} > +box.snapshot() > +ret = nil > +function iterate(i) ret = i.next() end > +box.begin() > +s:replace{5, 6} -- Start a transaction in the engine. > +iter = create_iterator(sk, {4}, {iterator = 'GE'}) > +errinj.set("ERRINJ_VY_DELAY_PK_LOOKUP", true) > +f = fiber.create(iterate, iter) > +s:delete{3} > +errinj.set("ERRINJ_VY_DELAY_PK_LOOKUP", false) > +while not ret do fiber.sleep(0.1) end Here's what happens here: 1. You create an iterator in a transaction and pass it to a new fiber. Let us denote the current fiber as fiber A and the new fiber as fiber B. 2. Fiber B uses the iterator to read the secondary key {4}, then it yields right before fetching the tuple {3, 4} from the primary key. 3. In the mid time fiber A deletes tuple {3, 4} by writing DELETE{3, 4} to the transaction write set. 4. Fiber B continues execution and since it's bound to transaction corresponding to fiber A, it finds DELETE{3, 4} in the transaction write set and crashes. I don't think this has anything to do with the original bug you're pursuing. The use case is quite unnatural obviously. I guess we should simply prohibit it (i.e. abort read iterator if it is passed to another fiber). I surmise the crash our customer is experiencing is caused by a bug in read iterator restore procedure, which was probably brought about by one of my recent patches. That said, NAK for this patch. > +ret > +iter.iterate_over() > +box.commit() > +s:drop()
prev parent reply other threads:[~2018-05-12 0:30 UTC|newest] Thread overview: 3+ messages / expand[flat|nested] mbox.gz Atom feed top 2018-05-11 23:24 Vladislav Shpilevoy 2018-05-11 23:52 ` [tarantool-patches] " Konstantin Osipov 2018-05-12 0:30 ` Vladimir Davydov [this message]
Reply instructions: You may reply publicly to this message via plain-text email using any one of the following methods: * Save the following mbox file, import it into your mail client, and reply-to-all from there: mbox Avoid top-posting and favor interleaved quoting: https://en.wikipedia.org/wiki/Posting_style#Interleaved_style * Reply using the --to, --cc, and --in-reply-to switches of git-send-email(1): git send-email \ --in-reply-to=20180512003009.7wwgg3ecdsfibzcy@esperanza \ --to=vdavydov.dev@gmail.com \ --cc=kostja@tarantool.org \ --cc=tarantool-patches@freelists.org \ --cc=v.shpilevoy@tarantool.org \ --subject='Re: [tarantool-patches] [PATCH 1/1] vinyl: fix crash in vinyl_iterator_secondary_next' \ /path/to/YOUR_REPLY https://kernel.org/pub/software/scm/git/docs/git-send-email.html * If your mail client supports setting the In-Reply-To header via mailto: links, try the mailto: link
This is a public inbox, see mirroring instructions for how to clone and mirror all data and code used for this inbox