1. 30 Nov, 2020 2 commits
  2. 31 Jul, 2020 3 commits
    • Kirill Smelkov's avatar
      [ZODB3] FileStorage: Save committed transaction to disk even if changed data is empty · 5cf7bf81
      Kirill Smelkov authored
      [ This is ZODB3 backport of commit bb9bf539
        (https://github.com/zopefoundation/ZODB/pull/298) ]
      
      ZODB tries to avoid saving empty transactions to storage on
      `transaction.commit()`. The way it works is: if no objects were changed
      during ongoing transaction, ZODB.Connection does not join current
      TransactionManager, and transaction.commit() performs two-phase commit
      protocol only on joined DataManagers. In other words if no objects were
      changed, no tpc_*() methods are called at all on ZODB.Connection at
      transaction.commit() time.
      
      This way application servers like Zope/ZServer/ERP5/... can have
      something as
      
          try:
              # process incoming request
              transaction.commit()    # processed ok
          except:
              transaction.abort()
              # problem: log + reraise
      
      in top-level code to process requests without creating many on-disk
      transactions with empty data changes just because read-only requests
      were served.
      
      Everything is working as intended.
      
      However at storage level, FileStorage currently also checks whether
      transaction that is being committed also comes with empty data changes,
      and _skips_ saving transaction into disk *at all* for such cases, even
      if it has been explicitly told to commit the transaction via two-phase
      commit protocol calls done at storage level.
      
      This creates the situation, where contrary to promise in
      ZODB/interfaces.py(*), after successful tpc_begin/tpc_vote/tpc_finish()
      calls made at storage level, transaction is _not_ made permanent,
      despite tid of "committed" transaction being returned to caller. In other
      words FileStorage, when asked to commit a transaction, even if one with
      empty data changes, reports "ok" and gives transaction ID to the caller,
      without creating corresponding transaction record on disk.
      
      This behaviour is
      
      a) redundant to application-level avoidance to create empty transaction
         on storage described in the beginning, and
      
      b) creates problems:
      
      The first problem is that application that works at storage-level might
      be interested in persisting transaction, even with empty changes to
      data, just because it wants to save the metadata similarly to e.g.
      `git commit --allow-empty`.
      
      The other problem is that an application view and data in database
      become inconsistent: an application is told that a transaction was
      created with corresponding transaction ID, but if the storage is
      actually inspected, e.g. by iteration, the transaction is not there.
      This, in particular, can create problems if TID of committed transaction
      is reported elsewhere and that second database client does not find the
      transaction it was told should exist.
      
      I hit this particular problem with wendelin.core. In wendelin.core,
      there is custom virtual memory layer that keeps memory in sync with
      data in ZODB. At commit time, the memory is inspected for being dirtied,
      and if a page was changed, virtual memory layer joins current
      transaction _and_ forces corresponding ZODB.Connection - via which it
      will be saving data into ZODB objects - to join the transaction too,
      because it would be too late to join ZODB.Connection after 2PC process
      has begun(+). One of the format in which data are saved tries to
      optimize disk space usage, and it actually might happen, that even if
      data in RAM were dirtied, the data itself stayed the same and so nothing
      should be saved into ZODB. However ZODB.Connection is already joined
      into transaction and it is hard not to join it because joining a
      DataManager when the 2PC is already ongoing does not work.
      
      This used to work ok with wendelin.core 1, but with wendelin.core 2 -
      where separate virtual filesystem is also connected to the database to
      provide base layer for arrays mappings - this creates problem, because
      when wcfs (the filesystem) is told to synchronize to view the database
      @tid of committed transaction, it can wait forever waiting for that, or
      later, transaction to appear on disk in the database, creating
      application-level deadlock.
      
      I agree that some more effort might be made at wendelin.core side to
      avoid committing transactions with empty data at storage level.
      
      However the most clean way to fix this problem in my view is to fix
      FileStorage itself, because if at storage level it was asked to commit
      something, it should not silently skip doing so and dropping even non-empty
      metadata + returning ok and committed transaction ID to the caller.
      
      As described in the beginning this should not create problems for
      application-level ZODB users, while at storage-level the implementation
      is now consistently matching interface and common sense.
      
      ----
      
      (*) tpc_finish: Finish the transaction, making any transaction changes permanent.
          Changes must be made permanent at this point.
          ...
      
          https://github.com/zopefoundation/ZODB/blob/5.5.1-35-gb5895a5c2/src/ZODB/interfaces.py#L828-L831
      
      (+) https://lab.nexedi.com/kirr/wendelin.core/blob/9ff5ed32/bigfile/file_zodb.py#L788-822
      5cf7bf81
    • Julien Muchembled's avatar
    • Kirill Smelkov's avatar
      [ZODB3] Start of 3.10-nxd branch · d9d5b50a
      Kirill Smelkov authored
      People say that ZODB3 is kind of closed:
      
      	https://github.com/zopefoundation/ZODB/pull/306#issuecomment-606735225
      
      Givent that even for ZEO4 we were suggested that 4 is considered "dead" by upstream:
      
      	https://github.com/zopefoundation/ZEO/pull/161#pullrequestreview-447245642
      
      Let's keep on patching ZODB3 in our local fork until we keep on using it.
      d9d5b50a
  3. 19 Apr, 2017 4 commits
  4. 14 Sep, 2016 2 commits
  5. 13 Sep, 2016 6 commits
  6. 28 Apr, 2016 2 commits
    • Julien Muchembled's avatar
      Changelog for PR #52 · 64f3b58f
      Julien Muchembled authored
      64f3b58f
    • Julien Muchembled's avatar
      Fix possible data corruption after FileStorage is truncated to roll back a transaction · 2ed12f35
      Julien Muchembled authored
      Multi-threaded IO support, which is new to ZODB 3.10, allows clients to read
      data (load & loadBefore) even after tpc_vote has started to write a new
      transaction to disk. This is done by using different 'file' objects.
      
      Issues start when a transaction is rolled back after data has been appended
      (using the writing file object). Truncating is not enough because the FilePool
      may have been used concurrently to read the end of the last transaction:
      file objects have their own read buffers which, in this case, may also contain
      the beginning of the aborted transaction.
      
      So a solution is to invalidate read buffers whenever they may contain wrong
      data. This patch does it on truncation, which happens rarely enough to not
      affect performance.
      
      We discovered this bug in the following conditions:
      - ZODB splitted in several FileStorage
      - many conflicts in the first committed DB, but always resolved
      - unresolved conflict in another DB
      If the transaction is replayed with success (no more conflict in the other DB),
      a subsequent load of the object that could be resolved in the first DB may, for
      example, return a wrong serial (tid of the aborted transaction) if the layout
      of the committed transaction matches that of the aborted one.
      
      The bug usually manifests with POSKeyError & CorruptedDataError exceptions in
      ZEO logs, for example while trying to resolve a conflict (and restarting the
      transaction does not help, causing Site Errors in Zope). But theorically,
      this could also cause silent corruption or unpickling errors at client side.
      
      (cherry picked from commit 028b1922)
      
      Conflicts:
      	src/ZODB/FileStorage/FileStorage.py
      2ed12f35
  7. 17 Mar, 2016 4 commits
  8. 16 Mar, 2016 1 commit
  9. 10 Mar, 2014 3 commits
  10. 03 Mar, 2014 2 commits
  11. 03 Feb, 2014 6 commits
  12. 23 Dec, 2013 1 commit
  13. 21 Oct, 2013 2 commits
  14. 17 Sep, 2013 2 commits