Ayende @ Rahien

Hi!
My name is Oren Eini
Founder of Hibernating Rhinos LTD and RavenDB.
You can reach me by phone or email:

ayende@ayende.com

+972 52-548-6969

, @ Q c

Posts: 5,972 | Comments: 44,516

filter by tags archive

ChallengeFind the bug


The following code contains a bug that would only occur under rare situations, can you figure out what is the bug?

image

More posts in "Challenge" series:

  1. (28 Apr 2015) What is the meaning of this change?
  2. (26 Sep 2013) Spot the bug
  3. (27 May 2013) The problem of locking down tasks…
  4. (17 Oct 2011) Minimum number of round trips
  5. (23 Aug 2011) Recent Comments with Future Posts
  6. (02 Aug 2011) Modifying execution approaches
  7. (29 Apr 2011) Stop the leaks
  8. (23 Dec 2010) This code should never hit production
  9. (17 Dec 2010) Your own ThreadLocal
  10. (03 Dec 2010) Querying relative information with RavenDB
  11. (29 Jun 2010) Find the bug
  12. (23 Jun 2010) Dynamically dynamic
  13. (28 Apr 2010) What killed the application?
  14. (19 Mar 2010) What does this code do?
  15. (04 Mar 2010) Robust enumeration over external code
  16. (16 Feb 2010) Premature optimization, and all of that…
  17. (12 Feb 2010) Efficient querying
  18. (10 Feb 2010) Find the resource leak
  19. (21 Oct 2009) Can you spot the bug?
  20. (18 Oct 2009) Why is this wrong?
  21. (17 Oct 2009) Write the check in comment
  22. (15 Sep 2009) NH Prof Exporting Reports
  23. (02 Sep 2009) The lazy loaded inheritance many to one association OR/M conundrum
  24. (01 Sep 2009) Why isn’t select broken?
  25. (06 Aug 2009) Find the bug fixes
  26. (26 May 2009) Find the bug
  27. (14 May 2009) multi threaded test failure
  28. (11 May 2009) The regex that doesn’t match
  29. (24 Mar 2009) probability based selection
  30. (13 Mar 2009) C# Rewriting
  31. (18 Feb 2009) write a self extracting program
  32. (04 Sep 2008) Don't stop with the first DSL abstraction
  33. (02 Aug 2008) What is the problem?
  34. (28 Jul 2008) What does this code do?
  35. (26 Jul 2008) Find the bug fix
  36. (05 Jul 2008) Find the deadlock
  37. (03 Jul 2008) Find the bug
  38. (02 Jul 2008) What is wrong with this code
  39. (05 Jun 2008) why did the tests fail?
  40. (27 May 2008) Striving for better syntax
  41. (13 Apr 2008) calling generics without the generic type
  42. (12 Apr 2008) The directory tree
  43. (24 Mar 2008) Find the version
  44. (21 Jan 2008) Strongly typing weakly typed code
  45. (28 Jun 2007) Windsor Null Object Dependency Facility

Comments

Jason Meckley

isNewDatabase = write.Length == 0;

If (isNewDatabase)

CreateFromScratch();

There doesn't appear to be locking. In rare cases you may have 2 threads call CreateFromScratch() at that same time.

Ayende Rahien

Jason,

No, I won't. the writer FileStream ensures that only one thread access this code.

David Thibault

Check the length of the reader before validating the signature ?

matt

race condition in the 1st two lines between checking for the existence of the directory and creating it.

Tim Schwallie

Are the permissions to the Directory ok?

Ramon Smits

Why the weird ==false check and not using if(! construct? THen again, AFAIK the Directory.Create will do nothing when it already exists. So the check is useless.

Andy K

Not knowing what CreateFromScratch does I would guess that you don't want to TryReadingFromExistingFile when isNewDatabase.

James Curran

@matt,

nope. The .Net CreateDirectory silently NOPs if the directory is already present (the if() is superfluous).

Stephane

Where do you close the writer?

Chris C

If the file is deleted whilst the writer is open then OpenReader will fail (assuming open reader is creating a new file stream).

Rik Hemsley

I've parsed this a few times and can't see the bug. I write similar code often so I'll be checking back to see what you reveal as the answer in case I've fallen into the same trap!

Steve Py

I suspect the writer is module level and left open so that data can be streamed to file. It has read-level sharing.

the check on writer.Length == 0 doesn't sit right with me. It looks like you want to check to see if the file was newly created then call the CreateFromScratch().

I'd have elected for:

storageFile = Path.Combine...

isNewDatabase = File.Exists(storageFile);

writer = ...

if (isNewDatabase)

CreateFromScratch()

But that's just semantics, I don't think that's the cause of any bug...

Two instances of the same application implementing Raven DB could be a problem if started up around the same time.

Simon Labrecque

Not sure if you'consider it a bug since you kinda expect an exception anyway, but

if (new Guid(binaryReader.ReadBytes(16)) != HeaderSignatureGuid)

will generate an ArgumentException when the file exists but is not at least 16 bytes long.

Martin

If the path parameter is a drive letter (eg "C:") then Path.Combine won't create a valid path. You'll get "C:storage.raven" instead of "C:\storage.raven".

(unless of course you're appending the slash in the caller.)

Geert Baeyaert

The race condition is not between the first two lines, but between creating the directory and creating the file.

Directory.CreateDirectory throws an IOException when the directory is read-only or not empty.

Ayende Rahien

David,

No, that is okay, we assume that len = 0 is always okay.

Matt,

Ignore race conditions, as other have pointed out, it will work, but the problem isn't with a race condition.

Tim,

No, bad permissions would cause it to crash with an expected error.

Andy,

Actually, that is okay, I always want to read from the file. CreateFromScratch just set things up for me.

Stephane,

The writer is close is the Dispose() method.

Chris,

Ignore any race conditions, they aren't required to show the bug.

Steve,

That is not a problem, only one instance of RavenDB can own a file at a given time.

Simon,

Thanks, that is expected and not what I meant.

Mattia

You don't check if you have enough space on disk before creating file. This may result in a IOException if the disk is full.

Ayende Rahien

Mattia,

I don't worry about that, I'll get the appropriate error then.

Ryan Heath

Why is FileShare.Delete allowed? Writing to a file that is allowed to be deleted, that looks like a bug to me ...

// Ryan

Ayende Rahien

Ryan,

That means that you can delete the file, which is important for some scenarios (cleanup, mostly).

That is not a bug

Matthew Wills

If path wasn't an existing directory but was an existing FILE then the CreateDirectory would throw IOException.

Ayende Rahien

Matthew,

Good catch, but that still isn't it

Ayende Rahien

@Everyone,

Here is a big hint, think C++

Gerard Kappen

I'm not sure if you're aiming for some sort of backward compatibility in your storage file, but if so, I would assume you'd rather compare the version as

if (version > Version)

throw ...

Matthew Wills

You are throwing an exception from a constructor. So I suppose you could have a partially constructed object - not sure what impact this would have on the disposal of the writer, for instance.

Ayende Rahien

Matthew,

Yes, you are right, what is the result?

Matthew Wills

Well, assuming you are using a using block around your use of TransactionStorage, I suspect the writer will stay alive and thus lock the DB. I suspect GC would get it eventually – I haven't tested and thus don’t know for sure.

You likely should change your Dispose method to handle partially constructed objects (ie don’t assume everything is initialized correctly) and then call the Dispose from a catch block in your constructor.

Richard Dingwall

Doing file IO in a ctor is a shooting offense. Wouldn't be surprised if that is a factor.

Ayende Rahien

Matthew,

Ding, ding ding!

You got it.

The dispose is actually never called, because we aren't completing the ctor.

Ori Peleg

Awesome, especially for the "Think C++" hint. I wonder why we consider exception-safety differently when we're not in C++.

Comment preview

Comments have been closed on this topic.

FUTURE POSTS

  1. Reducing parsing costs in RavenDB - one day from now

There are posts all the way to Aug 04, 2015

RECENT SERIES

  1. Production postmortem (5):
    29 Jul 2015 - The evil licensing code
  2. Career planning (6):
    24 Jul 2015 - The immortal choices aren't
  3. API Design (7):
    20 Jul 2015 - We’ll let the users sort it out
  4. What is new in RavenDB 3.5 (3):
    15 Jul 2015 - Exploring data in the dark
  5. The RavenDB Comic Strip (3):
    28 May 2015 - Part III – High availability & sleeping soundly
View all series

Syndication

Main feed Feed Stats
Comments feed   Comments Feed Stats