New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Row cache updates do not provide strong exception safety guarantees #15576
Comments
…y Halevy Currently the cache updaters aren't exception safe yet they are intended to be. Instead of allowing exceptions from `external_updater::execute` escape `row_cache::update`, abort using `on_fatal_internal_error`. Future changes should harden all `execute` implementations to effectively make them `noexcept`, then the pure virtual definition can be made `noexcept` to cement that. Fixes #15576 Closes #15577 * github.com:scylladb/scylladb: row_cache: abort on exteral_updater::execute errors row_cache: do_update: simplify _prev_snapshot_pos setup
…y Halevy Currently the cache updaters aren't exception safe yet they are intended to be. Instead of allowing exceptions from `external_updater::execute` escape `row_cache::update`, abort using `on_fatal_internal_error`. Future changes should harden all `execute` implementations to effectively make them `noexcept`, then the pure virtual definition can be made `noexcept` to cement that. Fixes #15576 Closes #15577 * github.com:scylladb/scylladb: row_cache: abort on exteral_updater::execute errors row_cache: do_update: simplify _prev_snapshot_pos setup
Backport should be applicable to all live versions |
@scylladb/scylla-maint please backport |
There are conflicts, please provide backport PRs. Actually, a single PR against branch-5.4 should be enough, I can try to cherr-pick that backport to the older branches too. |
…y Halevy Currently the cache updaters aren't exception safe yet they are intended to be. Instead of allowing exceptions from `external_updater::execute` escape `row_cache::update`, abort using `on_fatal_internal_error`. Future changes should harden all `execute` implementations to effectively make them `noexcept`, then the pure virtual definition can be made `noexcept` to cement that. \Fixes scylladb#15576 \Closes scylladb#15577 * github.com:scylladb/scylladb: row_cache: abort on exteral_updater::execute errors row_cache: do_update: simplify _prev_snapshot_pos setup (cherry picked from commit 4a0f164)
…y Halevy Currently the cache updaters aren't exception safe yet they are intended to be. Instead of allowing exceptions from `external_updater::execute` escape `row_cache::update`, abort using `on_fatal_internal_error`. Future changes should harden all `execute` implementations to effectively make them `noexcept`, then the pure virtual definition can be made `noexcept` to cement that. \Fixes #15576 \Closes #15577 * github.com:scylladb/scylladb: row_cache: abort on exteral_updater::execute errors row_cache: do_update: simplify _prev_snapshot_pos setup (cherry picked from commit 4a0f164) Closes #16256
…y Halevy Currently the cache updaters aren't exception safe yet they are intended to be. Instead of allowing exceptions from `external_updater::execute` escape `row_cache::update`, abort using `on_fatal_internal_error`. Future changes should harden all `execute` implementations to effectively make them `noexcept`, then the pure virtual definition can be made `noexcept` to cement that. \Fixes #15576 \Closes #15577 * github.com:scylladb/scylladb: row_cache: abort on exteral_updater::execute errors row_cache: do_update: simplify _prev_snapshot_pos setup (cherry picked from commit 4a0f164) Closes #16256
The 5.4 backport PR was good for 5.2 but it doesn't apply to 5.1. |
Once 5.4 is released, we only support it and 5.2. There's no need for a 5.1 backport. |
@bhalevy please provide a backport for enterprise, if needed. |
The row_cache update path uses an
external_updater
class with two api functions:prepare
andexecute
.The current design calls for:
prepare
to create only temporary state, so if it fails, the failure is handled gracefully and the error is propagated torow_cache::update
caller leaving no state changes behind (to the row cache nor to the updated table).execute
role is to apply the temporary stateprepare
left behind.Currently (as of 5.4-dev 652153c), we let errors from
execute
escaperow_cache::update
, but there is no guarantee that theexecute
implementation provides strong exception safety gurantees, i.e. either succeed in whole or be exception safe leaving the state unchanged in case an exception is thrown.See
scylladb/row_cache.hh
Lines 172 to 182 in 6d34f99
See also #13937 (comment)
The text was updated successfully, but these errors were encountered: