fix: incorrect concurrent usage of connection and transaction #546
Conversation
|
Welcome and thanks for contributing! For some context, I'm a member of encode but not a maintainer of this project. Reading this out of curiosity and just have a couple notes about proper usage of the context var. Someone else with more context for the project will have to do a review of the changes too. |
|
Thanks for the review. I'm eager to move this forward. We use databases in one of our products, and when load testing this certainly fixes an issue with concurrency. Even your two comments were pretty insightful, so if you have another encode member who is interested in taking a look that would be great. I'll also try the module level context var solution you helped me discover in our codebase to see if that can still fix the issue. As is stands Databases was (and continues) leaking memory from it's usage of non-module level contextvars, but if I can fix that here too then that's great! |
|
Also related #155 |
|
Do you have a minimal executable example I could use to explore this? |
|
I think #155 should be close enough, but I'll try and get a dedicated MCVE up here today |
|
@madkinsz Here's a minimal example as a test - turns out I could get it pretty small. This fails on master, but passes perfectly fine here: # file: tests/test_concurrent_tasks.py
import pytest
import asyncio
from tests.test_databases import async_adapter, DATABASE_URLS
from databases import Database
@pytest.mark.parametrize("database_url", DATABASE_URLS)
@async_adapter
async def test_concurrent_tasks(database_url: str):
"""
Test concurrent tasks.
"""
async with Database(database_url) as database:
# This could be an eg, fastapi / starlette endpoint
@database.transaction()
async def read_items() -> dict:
return dict(await database.fetch_one(query="SELECT 1 AS value"))
# Run 10 concurrent **tasks**
tasks = (asyncio.create_task(read_items()) for _ in range(10))
responses = await asyncio.gather(*tasks, return_exceptions=True)
# Check the responses
assert all(isinstance(response, dict) for response in responses)
assert all(response["value"] == 1 for response in responses)I'm using
|
zevisert
force-pushed
the
fix-transaction-contextvar
branch
from
0c5e047
to
4cd7451
Compare
|
Rebased to sign commits, all new and old tests passing, switched to module level contextvars to allow for the garbage collector to clean up unreferenced objects. Edit: And now all linting checks pass too |
|
Hey! I took some time to poke around at this today. It seems a little wild to use a For example, I've implemented this at master...madkinsz:example/instance-safe and it passes the MRE you provided (I only checked SQLite because I didn't want to deal with docker-compose) Curious for your thoughts |
I like that take too. Looking back I was a little too committed to getting the I'll give it a go with the other databases right now, and in the project were we initially ran into this problem. |
…x-transaction-contextvar
|
Yeah, this seems great. I've adopted/merged your changes into this MR to accompany the new tests I'm contributing here. I kept a few of the assertions I had added when resolving conflicts - I saw a few of them in the existing code. Let me know what encode's stance is on Thanks for your help on this, I'm excited for sentry to finally stop notifying us about the errors from this issue! |
|
Glad you think it makes sense too! I think my last concern is the event-loop compatibility bit (e.g. trio). @tomchristie Do you think you'd be willing to give this a look soon or point me to a better reviewer? |
|
I don't think Databases supports other event loop implementations like trio, curio, etc. I see an old PR #357 that was working on adding anyio support, but it's in draft still. |
zevisert
changed the title
|
Okay thanks to @reclosedev's issue #134, I've circled back around to thinking that users probably don't want implicit connection inheritance across tasks, BUT do want transaction inheritance if they explicitly reuse the same connection among descendant tasks. Their example boils down to this: import os
import asyncio
import databases
database = databases.Database(os.environ["DB_URL"])
async def worker():
async with database.transaction():
await database.execute("SELECT 1 + 1")
async def main():
await database.connect()
await database.execute("SELECT 1 + 1")
await asyncio.gather(*[worker() for _ in range(5)])
asyncio.run(main())That is:
In the current version of this PR (and on master) this example is still broken because we are using ContextVars such that the current connection is inherited by all descendant tasks. The descendant tasks cannot do parallel work within transactions, because they all share the same connection - and a single backend connection can only support nested transactions, not concurrent transactions. This all makes me think that the best solution is for each database instance to have an attribute that tracks connections in used per-task via something like I had been playing with in 8370299: class Database:
_active_connections: WeakKeyDictionary[asyncio.Task, Connection]This change would make connections task-local with no inheritance. Each new task acquires a new connection from the backend's connection pool unless a connection is explicitly provided to the task. The implicit connection inheritance to descendant tasks is what seems to be the cause of most user frustration with concurrent code. #230 explicitly calls this out. TransactionBackends, on the other hand, should still be tracked with ContextVariables so that transactions nest given the same connection is used - that's the whole point of |
|
Oh and another thing I found just now with the current implementation - context variables undergo a shallow clone when context is copied for new tasks. That means that we had been undoing any isolation that context variables had been providing by mutating the WeakKeyDictionary if it had been created before any descendant tasks started. Simple fix though, just need to treat those dictionaries as immutable. |
Connections are once again stored as state on the Database instance, keyed by the current asyncio.Task. Each task acquires it's own connection, and a WeakKeyDictionary allows the connection to be discarded if the owning task is garbage collected. TransactionBackends are still stored as contextvars, and a connection must be explicitly provided to descendant tasks if active transaction state is to be inherited.
zevisert
force-pushed
the
fix-transaction-contextvar
branch
from
bc28059
to
b94f097
Compare
zevisert
changed the title
|
Anything more I can do for anyone here to get this reviewed and released? |
zanieb
requested review from
tomchristie and
aminalaee
and removed request for
circlingthesun
|
Thanks for your patience! |
|
Thanks for the merge! Could we get @Kludex or @aminalaee to cut a new release so that we can actually have this bug corrected in our codebases? Is there a changelog or blog article I can help write for this? Is there a release cadence or policy that my team can plan from? |
|
@zevisert as far as I can tell, I can make a release. I do not think anyone else is available to maintain this project. I'd definitely appreciate if you opened a pull request for a changelog entry at https://github.com/encode/databases/blob/master/CHANGELOG.md There is no planned release cadence for this project. I'd like to release this change and some other fixes but there is little active development here. |
This commit should fix an issue with shared state with transactions.
The main issue is very well described by @circlingthesun here: #123 (comment) - we also ran into this most reliably using locust to load test as well, but did find this issue a few times in normal usage.
The big problem is that using the
@db.transactiondecorator creates a newDatabases.Transactioninstance that, when called creates a context manager for a transaction. The problem is that in concurrent frameworks, such as ASGI servers like starlette / fastapi, it's possible to have two concurrent tasks running. Since the Transaction instance is shared between tasks, it'sselfvariable is comparable to shared global state, concurrent code can't trust that no race condition has occurred without some helper mechanism like a ContextVar.Here's a mermaid diagram trying to show this:
sequenceDiagram actor User1 actor User2 participant API participant TXN API->>TXN: (startup) @db.transaction creates new shared Transaction(...) for route User1->>API: (1): Request to API route creates new asyncio.Task(...) API->>TXN: (1): Transaction.__call__ assignes self._connection User2->>API: (2): Request to same API route creates new asyncio.Task(...) API->>TXN: (2): PROBLEM -- Transaction.__call__ obtains new Databases.Connection for this asyncio.Task,<br/> like above, but overwrites self._connection TXN->>API: (1): PROBLEM -- Transaction.__aexit__ uses self._connection of task (2)<br/>since it was not retrieved from a ContextVar API->>User1: (1): Responding here closes the transaction's _connection TXN->>API: (2): FAULT -- Transaction.__aexit__ expects to also close self._connection, <br/>but since it also tries to retrieve the connection from self._connection instead of the ContextVar,<br/>it retireves (1)'s already closed connection API->>User2: (2): FAULT -- Propigated exception results in 500 response codeAll I've done with this PR is move the shared global state of
self._connectionandself._transactioninto local or contextvars instead of instance variables.Related issues are: #123 #134
Possibly related: #340
Related meta issue: #456