Skip to content
This repository has been archived by the owner on Apr 4, 2023. It is now read-only.

Fix the invalid heed usage #264

Merged
merged 2 commits into from
Jun 28, 2021
Merged

Fix the invalid heed usage #264

merged 2 commits into from
Jun 28, 2021

Conversation

Kerollmops
Copy link
Member

We were incorrectly using LMDB by keeping references into the database while modifying it, it was mostly due to heed not specifying anything about this behavior (blame me). I made sure in this PR that we always keep and owned version of the references we were previously using.

This PR partially fixes #261, we need to bump heed to v0.12 when it is available as it marks the del/put_current, and append methods as unsafe and explains why.

I would like to thank the whole Rust community for their help, especially:

@Kerollmops
Add a test for the words level positions generation bug
9e5f9a8
@Kerollmops
Fix the LMDB and heed invalid interactions.
0013236 
It is undefined behavior to keep a reference to the database while
modifying it, we were keeping references in the database and also
feeding the heed put_current methods with keys referenced inside
the database itself.

meilisearch/heed#108
@Kerollmops Kerollmops requested a review from irevoire June 28, 2021 14:28
irevoire
irevoire reviewed Jun 28, 2021
View reviewed changes
Copy link
Member

@irevoire irevoire left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Tell me if I'm wrong, but we should totally fix these lines too, no?
https://github.com/meilisearch/milli/blob/main/milli/src/update/index_documents/mod.rs#L157
https://github.com/meilisearch/milli/blob/main/milli/src/update/index_documents/mod.rs#L219

@Kerollmops
Copy link
Member Author

The k variable comes from the grenad iterator, we compare it with the key variable which, this one, comes from the LMDB database. So, no need to change anything here, am I wrong?

@RalfJung
Copy link

I obviously have no right to impose anything here, but I'd just suggest that when you make subtle changes like this, you leave a comment in the source code that at least briefly explains that this was a deliberate choice, and possibly links to an issue with more details. That reduces the risk of someone, in 2 years, going "ah I can eliminate some copies here" and re-introducing the bug. ;)

irevoire
irevoire approved these changes Jun 28, 2021
View reviewed changes
Copy link
Member

@irevoire irevoire left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Yes you're right, thank you!

And thanks again everyone 😄

@Kerollmops
Copy link
Member Author

Thank you @RalfJung,

I am changing the heed functions to be unsafe, make a PR to this repo using the new version, and will add little comments above the functions in this PR. It will be just above an unsafe block, I hope this comment will be visible enough in 2 years 😄

@Kerollmops Kerollmops mentioned this pull request Jun 28, 2021
Merged
@Diggsey
Copy link

Diggsey commented Jun 28, 2021

FWIW, you don't need to make the heed functions unsafe - you just need to make sure that all references returned from the database have a lifetime tied to the database, and that all database-modifying functions require a mutable borrow of the database in order to operate.

@Kerollmops Kerollmops mentioned this pull request Jun 28, 2021
Open
@Kerollmops
Copy link
Member Author

Thank you @Diggsey, I just opened an issue about your proposal, not sure if it will work but will try it out. I didn't publish the new v0.12 version of heed on crates.io so I can change anything.

Anyway, we will merge this PR for now as it fixes the bug and will use the potentially safe new version of heed if we update it!

@Kerollmops Kerollmops merged commit 73384ae into main Jun 28, 2021
@Kerollmops Kerollmops deleted the fix-heed-undefined-behavior branch June 28, 2021 16:23
bors bot added a commit that referenced this pull request Jun 28, 2021
@bors @Kerollmops
Merge #266
9dbc8b2 
266: Bump LMDB to the latest version (v0.9.70) r=Kerollmops a=Kerollmops

By bumping to a new version of heed (from git, v0.12.0 unpublished yet), this PR fixes Windows disk reservation problems. This new version of heed changes the `del/put_current`, and `append` iterator methods signature by declaring them unsafe.

This PR also bumps milli itself into v0.7.0 as it is breaking due to the heed/LMDB bump.

This PR must be merged after #264.

Co-authored-by: Clément Renault <clement@meilisearch.com>
@Diggsey
Copy link

Diggsey commented Jun 28, 2021

@Kerollmops just a heads up that without implementing my proposal, you might have to worry about race conditions, since one thread might be reading a key from the DB while another thread tries to write to the DB. (I'm not sure, maybe everything is already forced to be single-threaded)

@Kerollmops
Copy link
Member Author

@Diggsey, Yeah LMDB already ensures that there can be only one mutable transaction at a time. Thank you anyway!

@curquiza curquiza added the DB breaking The related changes break the DB label Jun 29, 2021
@MarinPostma
Copy link
Contributor

I think that have to move around a ref mut to the db is too much constraint, since we won't be able to clone it and use references to it anymore. This is redundant to lmdb's locking mechanism.

As soon as we get GATs, which so not be too long now, we should be able to create a Current type which represent a view on the current iterator entry, with a consuming self, and accessors for the value and the data, whose lifetime are bound to the lifetime of the Current object.

@Kerollmops Kerollmops mentioned this pull request Jul 21, 2021
Merged
bors bot added a commit that referenced this pull request Jul 22, 2021
@bors @Kerollmops
Merge #291
ee3a49c 
291: Fix a bug about zero bytes in the inputs r=irevoire a=Kerollmops

Ok, good news, after a little session of debugging with `@irevoire` we found out that the bug seems to be related to zeroes in the input update. The engine wasn't designed to accept those. The chosen solution is to update the tokenizer to remove those zeroes. We are waiting on meilisearch/charabia#52 to be merged and a new version to be released.

It is not an undefined behavior, I repeat: it is a "normal" bug 🎉 👏

----

This PR tries to fix a bug where we use LMDB in the wrong way, leading to panic due to an undefined behavior on the Rust side. I thought [we fixed it in a previous PR](#264) but we found out that _a similar_ bug was still present. `@bb` found a way to trigger this bug and helped us find the origin of it.

As I don't have a minimal reproducible example of this bug I bet on the unsafe `put_current` calls when we index new documents as the bug was trigger after a big indexation on a clean database, thus not triggering a deletion update. I only replaced the unsafe `put_current` with two safe calls to `get`/`put`.

I hope it helps and fixes the bug, only `@bb` can help us check that. I am not even sure how I can create a custom Docker image and expose it for testing purposes.

<details>
  <summary>The backtrace leading us to a panic in grenad.</summary>

```
meilisearch_1    | thread 'tokio-runtime-worker' panicked at 'assertion failed: key > &last_key', /root/.cargo/git/checkouts/grenad-e2cb77f65d31bb02/3adcb26/src/block_builder.rs:38:17
meilisearch_1    | stack backtrace:
meilisearch_1    |    0: rust_begin_unwind
meilisearch_1    |              at ./rustc/53cb7b09b00cbea8754ffb78e7e3cb521cb8af4b/library/std/src/panicking.rs:493:5
meilisearch_1    |    1: core::panicking::panic_fmt
meilisearch_1    |              at ./rustc/53cb7b09b00cbea8754ffb78e7e3cb521cb8af4b/library/core/src/panicking.rs:92:14
meilisearch_1    |    2: core::panicking::panic
meilisearch_1    |              at ./rustc/53cb7b09b00cbea8754ffb78e7e3cb521cb8af4b/library/core/src/panicking.rs:50:5
meilisearch_1    |    3: grenad::block_builder::BlockBuilder::insert
meilisearch_1    |              at ./root/.cargo/git/checkouts/grenad-e2cb77f65d31bb02/3adcb26/src/block_builder.rs:38:17
meilisearch_1    |    4: grenad::writer::Writer<W>::insert
meilisearch_1    |              at ./root/.cargo/git/checkouts/grenad-e2cb77f65d31bb02/3adcb26/src/writer.rs:92:12
meilisearch_1    |    5: milli::update::words_level_positions::write_level_entry
meilisearch_1    |              at ./root/.cargo/git/checkouts/milli-00376cd5db949a15/007fec2/milli/src/update/words_level_positions.rs:262:5
meilisearch_1    |    6: milli::update::words_level_positions::compute_positions_levels
meilisearch_1    |              at ./root/.cargo/git/checkouts/milli-00376cd5db949a15/007fec2/milli/src/update/words_level_positions.rs:211:13
meilisearch_1    |    7: milli::update::words_level_positions::WordsLevelPositions::execute
meilisearch_1    |              at ./root/.cargo/git/checkouts/milli-00376cd5db949a15/007fec2/milli/src/update/words_level_positions.rs:65:23
meilisearch_1    |    8: milli::update::index_documents::IndexDocuments::execute_raw
meilisearch_1    |              at ./root/.cargo/git/checkouts/milli-00376cd5db949a15/007fec2/milli/src/update/index_documents/mod.rs:831:9
meilisearch_1    |    9: milli::update::index_documents::IndexDocuments::execute
meilisearch_1    |              at ./root/.cargo/git/checkouts/milli-00376cd5db949a15/007fec2/milli/src/update/index_documents/mod.rs:372:9
meilisearch_1    |   10: meilisearch_http::index::updates::<impl meilisearch_http::index::Index>::update_documents_txn
meilisearch_1    |              at ./meilisearch/meilisearch-http/src/index/updates.rs:225:30
meilisearch_1    |   11: meilisearch_http::index::updates::<impl meilisearch_http::index::Index>::update_documents
meilisearch_1    |              at ./meilisearch/meilisearch-http/src/index/updates.rs:183:22
meilisearch_1    |   12: meilisearch_http::index::update_handler::UpdateHandler::handle_update
meilisearch_1    |              at ./meilisearch/meilisearch-http/src/index/update_handler.rs:75:18
meilisearch_1    |   13: meilisearch_http::index_controller::index_actor::actor::IndexActor<S>::handle_update::{{closure}}::{{closure}}
meilisearch_1    |              at ./meilisearch/meilisearch-http/src/index_controller/index_actor/actor.rs:174:35
meilisearch_1    |   14: <tokio::runtime::blocking::task::BlockingTask<T> as core::future::future::Future>::poll
meilisearch_1    |              at ./root/.cargo/registry/src/github.com-1ecc6299db9ec823/tokio-1.7.1/src/runtime/blocking/task.rs:42:21
meilisearch_1    |   15: tokio::runtime::task::core::CoreStage<T>::poll::{{closure}}
meilisearch_1    |              at ./root/.cargo/registry/src/github.com-1ecc6299db9ec823/tokio-1.7.1/src/runtime/task/core.rs:243:17
meilisearch_1    |   16: tokio::loom::std::unsafe_cell::UnsafeCell<T>::with_mut
meilisearch_1    |              at ./root/.cargo/registry/src/github.com-1ecc6299db9ec823/tokio-1.7.1/src/loom/std/unsafe_cell.rs:14:9
meilisearch_1    |   17: tokio::runtime::task::core::CoreStage<T>::poll
meilisearch_1    |              at ./root/.cargo/registry/src/github.com-1ecc6299db9ec823/tokio-1.7.1/src/runtime/task/core.rs:233:13
meilisearch_1    |   18: tokio::runtime::task::harness::poll_future::{{closure}}
meilisearch_1    |              at ./root/.cargo/registry/src/github.com-1ecc6299db9ec823/tokio-1.7.1/src/runtime/task/harness.rs:427:23
meilisearch_1    |   19: <std::panic::AssertUnwindSafe<F> as core::ops::function::FnOnce<()>>::call_once
meilisearch_1    |              at ./rustc/53cb7b09b00cbea8754ffb78e7e3cb521cb8af4b/library/std/src/panic.rs:344:9
meilisearch_1    |   20: std::panicking::try::do_call
meilisearch_1    |              at ./rustc/53cb7b09b00cbea8754ffb78e7e3cb521cb8af4b/library/std/src/panicking.rs:379:40
meilisearch_1    |   21: std::panicking::try
meilisearch_1    |              at ./rustc/53cb7b09b00cbea8754ffb78e7e3cb521cb8af4b/library/std/src/panicking.rs:343:19
meilisearch_1    |   22: std::panic::catch_unwind
meilisearch_1    |              at ./rustc/53cb7b09b00cbea8754ffb78e7e3cb521cb8af4b/library/std/src/panic.rs:431:14
meilisearch_1    |   23: tokio::runtime::task::harness::poll_future
meilisearch_1    |              at ./root/.cargo/registry/src/github.com-1ecc6299db9ec823/tokio-1.7.1/src/runtime/task/harness.rs:414:19
meilisearch_1    |   24: tokio::runtime::task::harness::Harness<T,S>::poll_inner
meilisearch_1    |              at ./root/.cargo/registry/src/github.com-1ecc6299db9ec823/tokio-1.7.1/src/runtime/task/harness.rs:89:9
meilisearch_1    |   25: tokio::runtime::task::harness::Harness<T,S>::poll
meilisearch_1    |              at ./root/.cargo/registry/src/github.com-1ecc6299db9ec823/tokio-1.7.1/src/runtime/task/harness.rs:59:15
meilisearch_1    |   26: tokio::runtime::task::raw::RawTask::poll
meilisearch_1    |              at ./root/.cargo/registry/src/github.com-1ecc6299db9ec823/tokio-1.7.1/src/runtime/task/raw.rs:66:18
meilisearch_1    |   27: tokio::runtime::task::Notified<S>::run
meilisearch_1    |              at ./root/.cargo/registry/src/github.com-1ecc6299db9ec823/tokio-1.7.1/src/runtime/task/mod.rs:171:9
meilisearch_1    |   28: tokio::runtime::blocking::pool::Inner::run
meilisearch_1    |              at ./root/.cargo/registry/src/github.com-1ecc6299db9ec823/tokio-1.7.1/src/runtime/blocking/pool.rs:265:17
meilisearch_1    |   29: tokio::runtime::blocking::pool::Spawner::spawn_thread::{{closure}}
meilisearch_1    |              at ./root/.cargo/registry/src/github.com-1ecc6299db9ec823/tokio-1.7.1/src/runtime/blocking/pool.rs:245:17
meilisearch_1    | note: Some details are omitted, run with `RUST_BACKTRACE=full` for a verbose backtrace.
```

</details>

Co-authored-by: Kerollmops <clement@meilisearch.com>
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Reviewers

@irevoire irevoire irevoire approved these changes

Assignees
No one assigned
Labels
DB breaking The related changes break the DB
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

Unexpected key alterations when writing in LMDB can be caused by an undefined behavior
6 participants
@Kerollmops @RalfJung @Diggsey @MarinPostma @irevoire @curquiza