Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Deferred rollback #123

Open
wants to merge 2 commits into
base: master
Choose a base branch
from
Open

Deferred rollback #123

wants to merge 2 commits into from

Conversation

nrdvana
Copy link

@nrdvana nrdvana commented Jan 31, 2018

This is my attempt at fixing an edge case where an inner transaction performs a rollback but an outer transaction performs a commit, which can happen in various ways by catching exceptions in txn_do blocks and etc.

There are several ways that a nested rollback can cause
un-intended behavior, but this is one I feel is pretty realistic.
(In fact, it probably already happens in the wild somewhere.)

In this case, if a subroutine wraps some code in a transaction,
then catches errors from the code expecting the transaction to be
rolled back, then performs some of its own database work without
carefully inspecting the exception it caught, the whole thing can
end up geting committed if it occurs within an inner transaction.
Currently, there is a messy case when savepoints aren't enabled
and a user creates nested transactions and then calls 'rollback'.
DBIC throws an exception in hopes that it propogates up the stack
to the top-most transaction where it can be rolled back properly,
but there is no guarantee that the user doesn't just catch the
exception and then accidentally commit unwanted changes by
exiting a txn_do block cleanly.

This change is a proposed fix that sets a "deferred rollback"
condition on the Storage object such that attempting any other
transaction-related operation will fail until the top-level
transaction has been rolled back.  It also makes the BlockRunner
aware of deferred rollbacks so that it performs a rollback
instead of commit when a block exits cleanly.

It also takes the somewhat bold step of stopping BlockRunner from
starting new blocks at all until the condition is resolved...

I stopped short of reaching into the individual Storage engines
to stop them from executing further statements, though that is
theoretically what we want to do.
@ribasushi
Copy link
Collaborator

Spoke briefly with @nrdvana on IRC about this at time of opening. The issue is legit, but there are likely outstanding issues with the implementation. On top of that CI is not fully functional yet, and the backlog in general doesn't look too friendly.

Likely will pick this up end-of-spring-ish. Thanks for the kick @nrdvana !

@ribasushi
Copy link
Collaborator

@wolfsage your IRC-example of nexting-out-of a txn is a known problem similar but not the same as 2bbdb85a47. The PR on which I am commenting set out to stop the problem from being silent, but more pressing work is in the way of looking at this properly.

Just highlighting you as a "Yes, I am aware, work is pending..."

@wolfsage
Copy link

Thanks!

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
Development

Successfully merging this pull request may close these issues.

3 participants