invariants: add buffer mangler, use for blob.ValueFetcher

This moves the buffer mangling logic from the valblk fetcher to a
generic construct and uses it for the blob fetcher as well.

Author: RaduBerinde

internal/invariants/off.go

@@ -50,6 +50,15 @@ func (*Value[V]) Get() V {
 // Set the value; no-op in non-invariant builds.
 func (*Value[V]) Set(v V) {}
 
+// BufMangler is a utility that can be used to test that the caller doesn't use
+type BufMangler struct{}
+
+// MaybeMangleLater returns either the given buffer or a copy of it which will
+// be mangled the next time this function is called.
+func (bm *BufMangler) MaybeMangleLater(buf []byte) []byte {
+	return buf
+}
+
 // CheckBounds panics if the index is not in the range [0, n). No-op in
 // non-invariant builds.
 func CheckBounds[T Integer](i T, n T) {}

internal/invariants/on.go

@@ -9,6 +9,7 @@ package invariants
 import (
 	"fmt"
 	"math/rand/v2"
+	"slices"
 )
 
 // Sometimes returns true percent% of the time if invariants are Enabled (i.e.
@@ -71,6 +72,27 @@ func (v *Value[V]) Get() V {
 	return v.v
 }
 
+// BufMangler is a utility that can be used to test that the caller doesn't use
+type BufMangler struct {
+	lastReturnedBuf []byte
+}
+
+// MaybeMangleLater returns either the given buffer or a copy of it which will
+// be mangled the next time this function is called.
+func (bm *BufMangler) MaybeMangleLater(buf []byte) []byte {
+	if bm.lastReturnedBuf != nil {
+		for i := range bm.lastReturnedBuf {
+			bm.lastReturnedBuf[i] = 0xCC
+		}
+		bm.lastReturnedBuf = nil
+	}
+	if rand.Uint32N(2) == 0 {
+		bm.lastReturnedBuf = slices.Clone(buf)
+		return bm.lastReturnedBuf
+	}
+	return buf
+}
+
 // Set the value; no-op in non-invariant builds.
 func (v *Value[V]) Set(inner V) {
 	v.v = inner

sstable/blob/fetcher.go

@@ -68,6 +68,7 @@ type ValueFetcher struct {
 	env            block.ReadEnv
 	fetchCount     int
 	readers        [maxCachedReaders]cachedReader
+	bufMangler     invariants.BufMangler
 }
 
 // TODO(jackson): Support setting up a read handle for compaction when relevant.
@@ -97,6 +98,9 @@ func (r *ValueFetcher) Fetch(
 		ValueID:    handleSuffix.ValueID,
 	}
 	v, err := r.retrieve(ctx, vh)
+	if invariants.Enabled {
+		v = r.bufMangler.MaybeMangleLater(v)
+	}
 	return v, false, err
 }
 

sstable/valblk/reader.go

@@ -6,7 +6,6 @@ package valblk
 
 import (
 	"context"
-	"math/rand/v2"
 	"unsafe"
 
 	"github.com/cockroachdb/pebble/internal/base"
@@ -165,11 +164,12 @@ type valueBlockFetcher struct {
 	valueBlockPtr unsafe.Pointer
 	valueCache    block.BufferHandle
 	closed        bool
-	bufToMangle   []byte
 
 	// lazyFetcher is the LazyFetcher value embedded in any LazyValue that we
 	// return. It is used to avoid having a separate allocation for that.
 	lazyFetcher base.LazyFetcher
+
+	bufMangler invariants.BufMangler
 }
 
 var _ base.ValueFetcher = (*valueBlockFetcher)(nil)
@@ -193,9 +193,9 @@ func (f *valueBlockFetcher) Fetch(
 	ctx context.Context, handle []byte, _ base.BlobFileID, valLen uint32, buf []byte,
 ) (val []byte, callerOwned bool, err error) {
 	if !f.closed {
-		val, err := f.getValueInternal(handle, valLen)
+		val, err = f.getValueInternal(handle, valLen)
 		if invariants.Enabled {
-			val = f.doValueMangling(val)
+			val = f.bufMangler.MaybeMangleLater(val)
 		}
 		return val, false, err
 	}
@@ -235,21 +235,6 @@ func (f *valueBlockFetcher) close() {
 	// implemented.
 }
 
-// doValueMangling attempts to uncover violations of the contract listed in
-// the declaration comment of LazyValue. It is expensive, hence only called
-// when invariants.Enabled.
-func (f *valueBlockFetcher) doValueMangling(v []byte) []byte {
-	// Randomly set the bytes in the previous retrieved value to 0, since
-	// property P1 only requires the valueBlockReader to maintain the memory of
-	// one fetched value.
-	if rand.IntN(2) == 0 {
-		clear(f.bufToMangle)
-	}
-	// Store the current value in a new buffer for future mangling.
-	f.bufToMangle = append([]byte(nil), v...)
-	return f.bufToMangle
-}
-
 func (f *valueBlockFetcher) getValueInternal(handle []byte, valLen uint32) (val []byte, err error) {
 	vh := DecodeRemainingHandle(handle)
 	vh.ValueLen = valLen