Harden DuckDB extension persistence#185
Conversation
nicosuave
force-pushed
the
review/python-native-contract
branch
from
cd7a08e to
4b9c638
Compare
nicosuave
force-pushed
the
review/duckdb-extension-hardening
branch
from
66c6541 to
c712342
Compare
nicosuave
force-pushed
the
review/duckdb-extension-hardening
branch
3 times, most recently
from
9a6d2d2 to
67dd8ce
Compare
|
@codex review |
nicosuave
force-pushed
the
review/python-native-contract
branch
from
b3ee67c to
1b91738
Compare
nicosuave
force-pushed
the
review/duckdb-extension-hardening
branch
from
67dd8ce to
6cdc4af
Compare
![chatgpt-codex-connector[bot]](https://avatars.githubusercontent.com/in/1144995?s=60&v=4){kind=small}
There was a problem hiding this comment.
💡 Codex Review
Here are some automated review suggestions for this pull request.
Reviewed commit: 6cdc4afeab
ℹ️ About Codex in GitHub
Your team has set up Codex to review pull requests in this repo. Reviews are triggered when you
- Open a pull request for review
- Mark a draft as ready
- Comment "@codex review".
If Codex has suggestions, it will comment; otherwise it will react with 👍.
Codex can also answer questions or update the PR. Try commenting "@codex address that feedback".
| impl Drop for DefinitionsFileLock { | ||
| fn drop(&mut self) { | ||
| self.file.take(); | ||
| let _ = fs::remove_file(&self.path); |
There was a problem hiding this comment.
If a writer is paused or slow for longer than DEFINITIONS_STALE_LOCK_AFTER, another process can classify its lock as stale, remove and recreate the same .lock file, and then this original guard will unconditionally remove that newer lock when it drops. That opens a window for two writers to enter the critical section and lose or corrupt persisted definitions; write an owner token into the lock and only unlink when it still matches, or avoid stealing locks that may still be live.
Useful? React with 👍 / 👎.
There was a problem hiding this comment.
💡 Codex Review
Here are some automated review suggestions for this pull request.
Reviewed commit: 2baf6794d9
ℹ️ About Codex in GitHub
Your team has set up Codex to review pull requests in this repo. Reviews are triggered when you
- Open a pull request for review
- Mark a draft as ready
- Comment "@codex review".
If Codex has suggestions, it will comment; otherwise it will react with 👍.
Codex can also answer questions or update the PR. Try commenting "@codex address that feedback".
| idx += 1; | ||
| } | ||
|
|
||
| if let Some(statement_start) = start { |
There was a problem hiding this comment.
When definitions are created through clients that omit trailing semicolons (for example con.execute("SEMANTIC CREATE MODEL ...")), append_definition_to_content preserves the semicolonless text. This fallback then makes statement_ranges return one statement spanning the rest of the sidecar, so model_definition_ranges sees all subsequent MODEL definitions as part of the first block; replacing the first model can drop later models, and adding a metric to a later model reports that it is not present in the persisted file. Split on top-level definition keywords as well as semicolons, or normalize persisted definitions to include semicolons.
Useful? React with 👍 / 👎.
nicosuave
force-pushed
the
review/duckdb-extension-hardening
branch
3 times, most recently
from
e598752 to
9a62d99
Compare
There was a problem hiding this comment.
💡 Codex Review
Here are some automated review suggestions for this pull request.
Reviewed commit: 9a62d99e9a
ℹ️ About Codex in GitHub
Your team has set up Codex to review pull requests in this repo. Reviews are triggered when you
- Open a pull request for review
- Mark a draft as ready
- Comment "@codex review".
If Codex has suggestions, it will comment; otherwise it will react with 👍.
Codex can also answer questions or update the PR. Try commenting "@codex address that feedback".
| if is_stale_definitions_lock(&lock_path) { | ||
| let _ = fs::remove_file(&lock_path); |
There was a problem hiding this comment.
When two processes concurrently encounter the same stale sidecar lock, both can pass is_stale_definitions_lock before either recreates it; one process can then remove the old file and create its lock, only for the other process to execute this unconditional remove_file and delete that new lock before acquiring its own. That leaves two writers in the critical section despite the owner-token cleanup on drop; the fresh evidence in the current code is that the stale-removal path still unlinks by path without verifying the token or metadata it classified as stale.
Useful? React with 👍 / 👎.
nicosuave
force-pushed
the
review/duckdb-extension-hardening
branch
from
9a62d99 to
17f7749
Compare
There was a problem hiding this comment.
💡 Codex Review
Here are some automated review suggestions for this pull request.
Reviewed commit: 17f77491f3
ℹ️ About Codex in GitHub
Your team has set up Codex to review pull requests in this repo. Reviews are triggered when you
- Open a pull request for review
- Mark a draft as ready
- Comment "@codex review".
If Codex has suggestions, it will comment; otherwise it will react with 👍.
Codex can also answer questions or update the PR. Try commenting "@codex address that feedback".
| } else if (ch == ',' && depth == 0) { | ||
| break; |
There was a problem hiding this comment.
When the new CREATE MODEL name (...) shorthand is used with a structured property before the top-level name, this scanner treats commas inside {} or [] values as top-level separators because it only tracks parentheses. For example SEMANTIC CREATE MODEL orders (metadata {owner analytics, name internal}, table orders) is a valid body shape for the Rust parser's metadata object support, but this code resumes at the nested name key and reports a spurious name mismatch against orders, blocking the model from being created. Track bracket/brace depth here (as the Rust property parser does) before breaking on commas.
Useful? React with 👍 / 👎.
nicosuave
force-pushed
the
review/duckdb-extension-hardening
branch
2 times, most recently
from
9620ed3 to
04b06fe
Compare
nicosuave
force-pushed
the
review/duckdb-extension-hardening
branch
from
04b06fe to
3791e32
Compare
1 participant
Base: #184