Fix RWLock inconsistency after write lock timeout

[vitlibar]

Changelog category:

• Bug Fix

Changelog entry:

Fix RWLock inconsistency after write lock timeout.

This PR is to provide a correct fix for the issue described in the description of #38864. The fix provided in #38864 was not complete and after that fix after exclusive lock failure RWLock could become inconsistent and not be actually unlocked after releasing all locks. See #42719 (comment)

[robot-ch-test-poll]

This is an automated comment for commit 179a0a2 with description of existing statuses. It's updated for the latest CI running

❌ Click here to open a full report in a separate page

Successful checks

Check name	Description	Status
ClickHouse build check	Builds ClickHouse in various configurations for use in further steps. You have to fix the builds that fail. Build logs often has enough information to fix the error, but you might have to reproduce the failure locally. The cmake options can be found in the build log, grepping for cmake. Use these options and follow the general build process	✅ success
Compatibility check	Checks that clickhouse binary runs on distributions with old libc versions. If it fails, ask a maintainer for help	✅ success
Docker image for servers	The check to build and optionally push the mentioned image to docker hub	✅ success
Fast test	Normally this is the first check that is ran for a PR. It builds ClickHouse and runs most of stateless functional tests, omitting some. If it fails, further checks are not started until it is fixed. Look at the report to see which tests fail, then reproduce the failure locally as described here	✅ success
Flaky tests	Checks if new added or modified tests are flaky by running them repeatedly, in parallel, with more randomization. Functional tests are run 100 times with address sanitizer, and additional randomization of thread scheduling. Integrational tests are run up to 10 times. If at least once a new test has failed, or was too long, this check will be red. We don't allow flaky tests, read the doc	✅ success
Install packages	Checks that the built packages are installable in a clear environment	✅ success
Mergeable Check	Checks if all other necessary checks are successful	✅ success
Performance Comparison	Measure changes in query performance. The performance test report is described in detail here. In square brackets are the optional part/total tests	✅ success
Push to Dockerhub	The check for building and pushing the CI related docker images to docker hub	✅ success
SQLTest	There's no description for the check yet, please add it to tests/ci/ci_config.py:CHECK_DESCRIPTIONS	✅ success
SQLancer	Fuzzing tests that detect logical bugs with SQLancer tool	✅ success
Sqllogic	Run clickhouse on the sqllogic test set against sqlite and checks that all statements are passed	✅ success
Stateful tests	Runs stateful functional tests for ClickHouse binaries built in various configurations -- release, debug, with sanitizers, etc	✅ success
Stress test	Runs stateless functional tests concurrently from several clients to detect concurrency-related errors	✅ success
Style Check	Runs a set of checks to keep the code style clean. If some of tests failed, see the related log from the report	✅ success
Unit tests	Runs the unit tests for different release types	✅ success

Check name	Description	Status
AST fuzzer	Runs randomly generated queries to catch program errors. The build type is optionally given in parenthesis. If it fails, ask a maintainer for help	❌ failure
Bugfix validate check	Checks that either a new test (functional or integration) or there some changed tests that fail with the binary built on master branch	❌ error
CI running	A meta-check that indicates the running CI. Normally, it's in success or pending state. The failed status indicates some problems with the PR	⏳ pending
Integration tests	The integration tests report. In parenthesis the package type is given, and in square brackets are the optional part/total tests	❌ failure
Stateless tests	Runs stateless functional tests for ClickHouse binaries built in various configurations -- release, debug, with sanitizers, etc	❌ failure
Upgrade check	Runs stress tests on server version from last release and then tries to upgrade it to the version from the PR. It checks if the new server can successfully startup without any errors, crashes or sanitizer asserts	❌ failure

[vitlibar]

@alesapin It says Bugfix validate check — Changed tests don't reproduce the bug, but that's not true because the bug is reproduced well in unit-tests (src/unit_tests_dbms). So I suppose we should fix CI to make it consider those unit tests results too, do you know how to do that?

[Algunenano]

In general it looks great. I've left some comments about minor things

[Algunenano]

I'd recommend fmt::formatter to do things like this. It makes formatting containers much simpler.

Not necessary for the PR, just something to keep in mind

[vitlibar]

Here we build our output in a cycle, fmt::formatter() doesn't seem to be much better in this case.

[Algunenano]

I guess this depends on the table type right? MergeTree should not require an exclusive lock for truncate as it's going to replace the old parts with an empty range.

[Algunenano]

OTOH In the case of DROP it depends on the database type (Atomic is fine)

[vitlibar]

For MergeTree-based tables TRUNCATE doesn't require an exclusive lock (see) however this test can create "Log" tables too. I added a comment about that to the test.

[Algunenano]

Although this might be inconsistent (time to check vs time to read) it's an amazing QOL improvement. It'd have been extremely useful to have it in the past.

[Algunenano]

This ternary conditional seems wrong, as this can only be reached if type == Read. Otherwise writers_queue won't be empty

[vitlibar]

readers_queue and writers_queue can't be both empty here, at least they must contain it_group.
But we don't check those queues for emptyness here, we assign rdlock_owner or wrlock_owner to it_group.
This condition is not wrong.

[Algunenano]

There should be, at most, only one group of readers pending right?

You can have N readers that are already owner, a writers, and then only a block of readers all together. AFAICS it's not possible to have more than one group of readers that aren't owners, but I might be missing something

[vitlibar]

Yes, we append readers to the same reader group if this group doesn't have ownership yet.
We create another reading group only if the last reading group is already an owner.
But there can be multiple reader groups with ownership.

[vitlibar]

I've added chassert() to check that.

[Algunenano]

Is this even possible anymore? If we removed all readers there must be a writer or nothing in the queue, but never another reader group.

[vitlibar]

There can be an active reader group, then a writer, then another (inactive) reading group.
We remove the active reader group, then we activate the writer.

[Algunenano]

We can remove the prints now and leave the asserts

[vitlibar]

done

[vitlibar]

Test failures:

• test_replicated_merge_tree_s3_zero_copy/test.py::test_drop_table - see issue 57651
• 01732_race_condition_storage_join_long - see issue 57715
• AST fuzzer (ubsan) — Logical error: '!is_parallel_reading_from_replicas' - see issue 57716

[alexey-milovidov]

@vitlibar a test has failed: https://s3.amazonaws.com/clickhouse-test-reports/57712/6b55c16b4ed40864aa0577fa61a9a6a41c12912d/unit_tests__msan_.html

I've temporarily reverted it.