Context added TSA

[kitaisreal]

Follow-up to #55121

Changelog category (leave one):

• Not for changelog (changelog entry is not required)

[robot-ch-test-poll4]

This is an automated comment for commit 0e176fa with description of existing statuses. It's updated for the latest CI running

✅ Click here to open a full report in a separate page

Successful checks

Check name	Description	Status
AST fuzzer	Runs randomly generated queries to catch program errors. The build type is optionally given in parenthesis. If it fails, ask a maintainer for help	✅ success
CI running	A meta-check that indicates the running CI. Normally, it's in success or pending state. The failed status indicates some problems with the PR	✅ success
ClickHouse build check	Builds ClickHouse in various configurations for use in further steps. You have to fix the builds that fail. Build logs often has enough information to fix the error, but you might have to reproduce the failure locally. The cmake options can be found in the build log, grepping for cmake. Use these options and follow the general build process	✅ success
Compatibility check	Checks that clickhouse binary runs on distributions with old libc versions. If it fails, ask a maintainer for help	✅ success
Docker image for servers	The check to build and optionally push the mentioned image to docker hub	✅ success
Fast test	Normally this is the first check that is ran for a PR. It builds ClickHouse and runs most of stateless functional tests, omitting some. If it fails, further checks are not started until it is fixed. Look at the report to see which tests fail, then reproduce the failure locally as described here	✅ success
Flaky tests	Checks if new added or modified tests are flaky by running them repeatedly, in parallel, with more randomization. Functional tests are run 100 times with address sanitizer, and additional randomization of thread scheduling. Integrational tests are run up to 10 times. If at least once a new test has failed, or was too long, this check will be red. We don't allow flaky tests, read the doc	✅ success
Install packages	Checks that the built packages are installable in a clear environment	✅ success
Integration tests	The integration tests report. In parenthesis the package type is given, and in square brackets are the optional part/total tests	✅ success
Mergeable Check	Checks if all other necessary checks are successful	✅ success
Performance Comparison	Measure changes in query performance. The performance test report is described in detail here. In square brackets are the optional part/total tests	✅ success
Push to Dockerhub	The check for building and pushing the CI related docker images to docker hub	✅ success
SQLTest	There's no description for the check yet, please add it to tests/ci/ci_config.py:CHECK_DESCRIPTIONS	✅ success
SQLancer	Fuzzing tests that detect logical bugs with SQLancer tool	✅ success
Sqllogic	Run clickhouse on the sqllogic test set against sqlite and checks that all statements are passed	✅ success
Stateful tests	Runs stateful functional tests for ClickHouse binaries built in various configurations -- release, debug, with sanitizers, etc	✅ success
Stateless tests	Runs stateless functional tests for ClickHouse binaries built in various configurations -- release, debug, with sanitizers, etc	✅ success
Stress test	Runs stateless functional tests concurrently from several clients to detect concurrency-related errors	✅ success
Style Check	Runs a set of checks to keep the code style clean. If some of tests failed, see the related log from the report	✅ success
Unit tests	Runs the unit tests for different release types	✅ success
Upgrade check	Runs stress tests on server version from last release and then tries to upgrade it to the version from the PR. It checks if the new server can successfully startup without any errors, crashes or sanitizer asserts	✅ success

[rschu1ze]

The direction is good but TBH the SharedMutexHelper / ContextSharedMutex / SharedLockGuard machine seem overengineered. As far as I see, it addresses two problems:

1. Only the non-relockable locker classes in libcxx (std::lock_guard and std::scoped_lock) have TSA annotations, the relockable ones (std::unique_lock, std::shared_lock) lack them.
2. Additional code (update profile events) should run when the lock is aquired/released. As none of the locker classes in libcxx allows that, a custom implementation is needed.

I believe that 2. is quite a special case throughout the codebase, and that a non-generic (= Context-specific) class would do the job. I also think that the problem can be solved with small wrappers around std::unique_lock and std::shared_lock which behave like non-relockable locker classes and run some code in their ctors/dtors. Let me try to implement this (in a separate PR).

[kitaisreal]

The direction is good but TBH the SharedMutexHelper / ContextSharedMutex / SharedLockGuard machine seem overengineered. As far as I see, it addresses two problems:

1. Only the non-relockable locker classes in libcxx (std::lock_guard and std::scoped_lock) have TSA annotations, the relockable ones (std::unique_lock, std::shared_lock) lack them.
2. Additional code (update profile events) should run when the lock is aquired/released. As none of the locker classes in libcxx allows that, a custom implementation is needed.

I believe that 2. is quite a special case throughout the codebase, and that a non-generic (= Context-specific) class would do the job. I also think that the problem can be solved with small wrappers around std::unique_lock and std::shared_lock which behave like non-relockable locker classes and run some code in their ctors/dtors. Let me try to implement this (in a separate PR).

1. It does not do the same logic at all https://github.com/ClickHouse/ClickHouse/pull/55573/files#diff-c7c4cea868f661341c1e9866836dc34c1c88723f9f33b4e09db530c2ea074036R214. If we take mutex in LockGuard constructor and start to record time, and in destructor try to add elapsed time to ProfileEvents. It is not the same as implemented in my pull request, we need to record time that we actually waited for mutex to be acquired.
2. std::unique_lock, std::shared_lock provide additional overhead that is not needed at all, because your class now is movable and for TSA it is harder to analyze such classes.
3. SharedMutexHelper is needed in a lot of other places in codebase when we want to add custom logic for lock and unlock methods.

[kitaisreal]

Additionally:
4. We should add custom logic to mutex not to LockGuards because we actually can lock mutex without this special guard and that way we does not get custom logic to run.
5. SharedLockGuard is also needed in a lot of places in codebase where we use shared_mutex and want to add TSA.

[rschu1ze]

After checking your PR in more detail, I think it is okay to merge (after incorporating the feedback).

1. It does not do the same logic at all https://github.com/ClickHouse/ClickHouse/pull/55573/files#diff-c7c4cea868f661341c1e9866836dc34c1c88723f9f33b4e09db530c2ea074036R214. If we take mutex in `LockGuard` constructor and start to record time, and in destructor try to add elapsed time to `ProfileEvents`. It is not the same as implemented in my pull request, we need to record time that we actually waited for mutex to be acquired.

True, that was a glitch on my end.

2. std::unique_lock, std::shared_lock provide additional overhead that is not needed at all, because your class now is movable and for TSA it is harder to analyze such classes.

In my PR, TSA doesn't care what is inside both new lock classes. It only looks at the interface of the lock class (which is the same as in your PR - the constructor and destructor with annotation). There was a little bit of extra overhead but I don't think it would be significant.

3. SharedMutexHelper is needed in a lot of other places in codebase when we want to add custom logic for `lock` and `unlock` methods.

Not sure if there are "a lot" of other places but it is a good to make custom logic around lock/unlock possible.

4. We should add custom logic to mutex not to LockGuards because we actually can lock mutex without this special guard and that way we does not get custom logic to run.

That was where my PR took a different approach (to reduce complexity) but you are right that it also allowed to evade the custom logic.

5. SharedLockGuard is also needed in a lot of places in codebase where we use shared_mutex and want to add TSA.

I added a comment about SharedLockGuard into the PR.

[kitaisreal]

@rschu1ze can you please check this pull request ? I want to continue with adding TSA coverage for non shared Context, on top of this pull request.