fix: DROP TABLE no longer leaks across checkpoint boundary (#293, #398)#399
Merged
Conversation
Issue alibaba#293 reported two bugs from DROP TABLE: 1. DROP TABLE x; CREATE TABLE x; SELECT returned stale data. 2. DROP TABLE x; CHECKPOINT crashed the server. Root cause: VertexTable/EdgeTable lifecycle was not separated from the on-disk checkpoint state. Re-CREATEing a same-name label re-mmapped the prior label's leftover tmp files, and Drop() left the in-memory smart pointers populated, breaking the next Dump(). Design constraints adopted: - Drop() at every layer releases in-memory state only; it never touches the filesystem. checkpoint_dir is owned exclusively by Dump(). This preserves the implicit crash-rollback semantics: a crash between DROP and the next CHECKPOINT re-reads the prior checkpoint and effectively undoes the DROP. - Open() is split into Open() (restore from checkpoint) and Initialize() (fresh table). Initialize() sweeps tmp_dir for files keyed on the same label name/triple before opening, which is what fixes the same-session DROP+CREATE stale-data path (schema reuses the numeric label_t for a same-name CREATE, but tmp filenames key on the string name). - Tombstone slots in vertex_tables_ keep the label_t -> vector index mapping stable across DROP. - DeleteVertexType / DeleteEdgeType call Drop() before erasing the edge table map entries, so the two paths are symmetric. The previously proposed virtual IDataContainer::Drop() and per-container Drop() overrides are not introduced: in kInMemory / kHugePagePreferred modes a container's path_ points directly at the checkpoint file, so a generic Drop()-deletes-path_ contract would silently wipe checkpoint state. Keeping the file-system exit out of the container interface removes the footgun entirely. Tests: - tests/storage/test_checkpoint.cc: DropTableCheckpointTest cases for drop+checkpoint, drop+reopen+recreate, and the edge-table mirrors. - tools/python_bind/tests/test_db_query.py: end-to-end coverage for DROP TABLE + recreate visibility.
zhanglei1949
force-pushed
the
zl/fix-293-v2
branch
from
f41bc1c to
2b9d507
Compare
Contributor
There was a problem hiding this comment.
Pull request overview
This PR tightens the DROP TABLE vs CHECKPOINT contract to prevent dropped tables from leaking persisted state across a checkpoint boundary (fixing #293) and implements the refactor tracked in #398 by separating “restore from checkpoint” vs “fresh initialize” behavior for storage tables.
Changes:
- Split table bring-up into
Open()(restore from checkpoint) vsInitialize()(fresh table) for vertex/edge tables, with tmp-dir sweeping on re-create to avoid same-session stale mmaps. - Adjust graph open semantics to tolerate tombstoned (dropped) label slots while preserving
label_t→ slot mapping. - Add/expand regression coverage in both Python bindings and C++ storage checkpoint tests, including typed coverage over multiple memory levels.
Reviewed changes
Copilot reviewed 8 out of 8 changed files in this pull request and generated 4 comments.
Show a summary per file
| File | Description |
|---|---|
| tools/python_bind/tests/test_db_query.py | Adds Python regression tests for DROP+reCREATE and delete-all-then-reinsert visibility. |
| tests/storage/test_checkpoint.cc | Refactors checkpoint tests into typed suites (memory-level coverage) and adds DROP/CHECKPOINT regression scenarios. |
| src/storages/graph/vertex_table.cc | Adds Initialize() + tmp-file sweeping and routes Open()/Initialize() through a shared openImpl. |
| src/storages/graph/property_graph.cc | Uses Initialize() for CREATE paths, calls Drop() before erasing edge tables, and keeps tombstone slots on open. |
| src/storages/graph/edge_table.cc | Adds Initialize() + tmp sweeping, refactors open path, and introduces Close()/Drop(). |
| src/storages/csr/mutable_csr.cc | Makes CSR open tolerate missing snapshot directories by conditionally building the snapshot prefix. |
| include/neug/storages/graph/vertex_table.h | Adds default ctor + Initialize() + shared openImpl declaration. |
| include/neug/storages/graph/edge_table.h | Adds Initialize(), Close(), Drop(), and shared openImpl declaration. |
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
zhanglei1949
force-pushed
the
zl/fix-293-v2
branch
from
be6192f to
7551bc3
Compare
liulx20
reviewed
May 25, 2026
| meta_->dst_label_name, meta_->edge_label_name, | ||
| capacity_, table_idx_); | ||
| if (table_cap != capacity_.load()) { | ||
| THROW_INVALID_ARGUMENT_EXCEPTION( |
Collaborator
There was a problem hiding this comment.
is INVALID_ARGUMENT_EXCEPTION appropriate here
Member
Author
There was a problem hiding this comment.
Replace with Internal error
liulx20
reviewed
May 25, 2026
| // DROP). Do not make this function delete files; doing so requires writing | ||
| // DROP to the WAL first or that rollback invariant will break. | ||
| void EdgeTable::Drop() { | ||
| out_csr_.reset(); |
Collaborator
There was a problem hiding this comment.
is there a difference in usage between Drop and Close?
Member
Author
There was a problem hiding this comment.
It seems that for LFIndexer, Table, VertexTable, EdgeTable, the logic of drop and close are actually the same. Maybe we could unify two method into one.
zhanglei1949
force-pushed
the
zl/fix-293-v2
branch
from
bc4e3f9 to
99953c7
Compare
zhanglei1949
force-pushed
the
zl/fix-293-v2
branch
from
99953c7 to
d44a607
Compare
liulx20
previously approved these changes
May 25, 2026
zhanglei1949
force-pushed
the
zl/fix-293-v2
branch
from
469c00f to
9a83b43
Compare
liulx20
approved these changes
May 25, 2026
Merged
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
Fixes #293 and implements the refactor tracked in #398. Replaces the earlier PR #306 approach with a tighter Drop/checkpoint contract that keeps file-system mutation out of the container layer.
checkpoint_diris touched exclusively byDump(). This preserves the implicit crash-rollback semantics for DROP-before-CHECKPOINT.Open()split intoOpen()(restore from checkpoint) andInitialize()(fresh table). Replaces the leakybool load_from_checkpoint = trueparameter.Initialize()sweepstmp_dirfor files keyed on the same label name/triple before opening fresh containers. This is what unsticks the same-session DROP+CREATE stale-data path — schema reuses the numericlabel_tfor a same-name CREATE, but tmp filenames key on the string name.DeleteVertexTypeandDeleteEdgeTypecallDrop()before erasing, making the two paths symmetric.IDataContainer::Drop()is intentionally NOT added. InkInMemory/kHugePagePreferredmodes a container'spath_points at the checkpoint file, so a generic Drop-deletes-path contract would silently corrupt checkpoint state. See Refactor: tighten DROP TABLE / checkpoint isolation contract #398 for the full rationale.