fix: two-phase processing to reduce lock contention (Issue #632)#639
fix: two-phase processing to reduce lock contention (Issue #632)#639jlin53882 wants to merge 32 commits intoCortexReach:masterfrom
Conversation
Tests verify: 1. Current implementation: lock acquired once per entry (not per batch) 2. Two-phase approach: lock acquired once per batch (N -> 1) 3. Concurrent writes: read-modify-write has data consistency boundaries 4. Plugin vs Upgrader: updates different fields, no direct overwriting Ref: Issue CortexReach#632
Two-Phase Processing: - Phase 1: LLM enrichment (no lock) - Phase 2: Single lock per batch for DB writes Reduces lock contention from N locks (one per entry) to 1 lock per batch. Tests: - Lock count verification: 10 entries = 1 lock (was 10) - LLM failure graceful degradation - Batch boundary handling - 100 entries stress test
|
You have reached your Codex usage limits for code reviews. You can see your limits in the Codex usage dashboard. |
- Added REFACTORING NOTE at class level explaining why upgradeEntry was split - Documented the key difference: OLD = lock per entry, NEW = 1 lock per batch - Added comments in prepareEntry explaining it contains the SAME logic as old upgradeEntry - Added comments in writeEnrichedBatch explaining the single lock approach - Added detailed comments in upgrade() showing before/after example - Added inline comments in the batch loop explaining why Phase 1 doesn't hold lock
The old test was designed to verify the BUGGY behavior (1 lock per entry). This update changes it to verify the FIXED behavior (1 lock per batch). This aligns with Issue CortexReach#632 fix - the test now confirms: - 3 entries = 1 lock (was 3 locks before)
SummaryIssue: Lock contention between upgrade CLI and plugin causes writes to fail (#632) Root Cause: The old implementation called Fix: Two-phase processing
Changes
|
| Scenario | Before | After | Improvement |
|---|---|---|---|
| 10 entries | 10 locks | 1 lock | -90% |
| 100 entries | 100 locks | 10 locks | -90% |
Test Update
test/upgrader-phase2-lock.test.mjs
Updated Test 1 to verify NEW (fixed) behavior:
- Before: Test was designed to verify BUGGY behavior (1 lock per entry)
- After: Test now verifies FIXED behavior (1 lock per batch)
Before: 3 entries = 3 locks (BUG)
After: 3 entries = 1 lock (FIX)
Why This Works
The plugin only needs to write to memory during auto-recall (very fast DB operations). The upgrade CLI was holding locks during slow LLM enrichment, blocking the plugin.
By separating LLM enrichment from DB writes:
- Phase 1 (LLM): Runs WITHOUT lock → plugin can acquire lock between entries
- Phase 2 (DB): Lock held only for fast DB writes → plugin waits only milliseconds
Related Issues
- Issue [BUG] Lock contention between upgrade CLI and plugin causes writes to fail #632: Original lock contention bug
- Issue Plan B: Compare-and-Swap (CAS) for Lock-Free Memory Upgrades #638: Plan B tracking (CAS for lock-free, future work)
rwmjhb
left a comment
rwmjhb
left a comment
There was a problem hiding this comment.
Thanks — the two-phase split is the right direction for Issue #632's lock contention problem. But the implementation has a couple of correctness concerns I want to see addressed before merge.
Must fix
F2 — Potential nested file-lock acquisition in writeEnrichedBatch (src/memory-upgrader.ts:323-371)
Issue #632 says the old code produced N locks because each store.update() inside upgradeEntry() acquired its own lock. The new writeEnrichedBatch() wraps a loop of store.update(...) calls inside store.runWithFileLock(async () => { ... }):
await this.store.runWithFileLock(async () => {
for (const entry of batch) {
await this.store.update(entry); // ← does this internally acquire the lock?
}
});If store.update internally calls runWithFileLock (which Issue #632 implies it does — that's why lock count = N), the outer call now nests an acquire on the same lockfile from the same process. proper-lockfile is not reentrant — depending on its behavior, this either:
(a) Silently no-ops on the inner acquire → fix works but only accidentally, tests won't catch it, or
(b) Throws on "lockfile already held" → batch aborts halfway through, partial writes
Recommendation:
- Confirm what
store.updatedoes internally — if it callsrunWithFileLock, add astore.updateUnlocked()variant (or pass askipLock: trueflag) so Phase 2's inner updates skip lock acquisition - Add an integration test against the real
MemoryStore(not the mocked version) that asserts observed lock count on the actual lockfile — the current mock-based tests can't catch this class of bug
MR1 — New upgrader depends on non-public runWithFileLock — breaks existing mock-based coverage. Either export it with a stable contract, or refactor so Phase 2 doesn't need to reach into lock internals.
MR2 — Phase 2 rebuilds metadata from a stale snapshot and can erase plugin writes made during enrichment. The enrichment window between snapshot and writeback is an opportunity for plugin writes to land on records that Phase 2 then overwrites with the pre-enrichment metadata. This contradicts the "no overwrite" claim in Test 5.
Nice to have
-
F1 — Hardcoded Homebrew path in NODE_PATH (
test/upgrader-phase2-extreme.test.mjs:15-20,test/upgrader-phase2-lock.test.mjs:15-20)./opt/homebrew/lib/node_modules/...is macOS/Homebrew-only — these tests will fail on Linux CI and any non-Homebrew dev machine. Resolve fromprocess.execPath/require.resolve/ the repo's localnode_modulesinstead. -
F3 — Dead
errorfield onEnrichedEntryinterface (src/memory-upgrader.ts:72-77). Declared but never assigned or read. Either drop it or actually surface per-entry enrichment errors (seterrorwhen LLM fallback was used; include inresult.errors). -
F4 — Exploratory scaffolding tests don't validate the refactor (
test/upgrader-phase2-lock.test.mjs, Tests 2/3/5). These define their ownpluginWrite/upgraderWritehelpers that never call intoMemoryUpgrader. Test 2 ends with only console logs; Test 3 contains the literal comment"這不是 bug". They pad the diff by 446 lines and create false impression of coverage. Delete them — keep only Test 1, which actually exercisescreateMemoryUpgrader. -
F5 — Longer single critical section increases per-batch plugin wait (
src/memory-upgrader.ts:492-497). Plugin now waits for 10 sequential DB writes per batch instead of interleaving. Tradeoff is correct in aggregate, but a largebatchSizecould starve the plugin. Document a recommended ceiling or add a yield-every-K-writes guard.
Evaluation notes
- EF1 — Full test suite fails at manifest verification gate (
hook-dedup-phase1.test.mjs) before any tests execute. Likely stale-base drift, but means CI is red and no tests actually ran against this branch. - EF2 — PR claims 6/6 extreme tests pass + lock count reduced 88-90%, but neither test file ran in the review's CI; both sit outside
cli-smoke/core-regressiongroups. Combined with F1's hardcoded path, the metric is unverified.
Open questions
- What happens if
runWithFileLockobserves a crashed holder's stale lock between Phase 1 and Phase 2 (e.g., from another process)? Does Phase 2 proceed with stale metadata? - Is there value in making the Phase 1/Phase 2 boundary explicit via a small state machine, so future reviewers can reason about recoverability per phase?
Verdict: request-changes (value 0.55, confidence 0.95, Claude 0.70 / Codex 0.45). Correctness concerns on F2/MR2 are the main blockers; the direction of the refactor is sound.
…fixes) [FIX F2] 移除 writeEnrichedBatch 的 outer runWithFileLock - store.update() 內部已有 runWithFileLock,巢狀會造成 deadlock - proper-lockfile 的 O_EXCL 不支援遞迴 lock [FIX MR2] 每個 entry 寫入前重新讀取最新狀態 - Phase 1 讀取的 entry 是 snapshot - plugin 在 enrichment window 寫入的資料會被 shallow merge 覆蓋 - 改用 getById() 重新讀取最新資料再 merge
修復內容回報已根據維護者審查意見完成修復: F2 - 巢狀 Lock(已修復)問題: 修復:移除外層 lock,讓每次 MR2 - Stale Metadata 覆蓋(已修復)問題:Phase 2 用 Phase 1 讀取的舊 entry snapshot 來 rebuild metadata,plugin 在 enrichment window 寫入的最新資料會被 shallow merge 覆蓋。 修復:每個 entry 寫入前呼叫 commit: |
- F1: 修正硬編碼 /opt/homebrew/ 路徑,改用動態路徑 - F3: 修復 EnrichedEntry.error 未設置問題(LLM fallback 時設置 error) - F5: 新增 yield-every-5-writes 防止 plugin 長期飢餓 - 測試檔同步更新 F1 動態路徑
新增修復(第二輪)感謝維護者提出的反饋,以下是第二輪修復: F1 - 硬編碼路徑 ✅
F3 - Dead
|
- Test 2: 實際呼叫 upgrader.upgrade() 觀察 lock 次數 - Test 3: 實際測試 Plugin + Upgrader 並發寫入 - Test 5: 實際驗證不同欄位互不覆蓋
Test 2/3/5 實際效用更新根據維護者建議,已重寫 Test 2/3/5 使其實際呼叫 MemoryUpgrader: Test 2 - 兩階段方案實際測試
Test 3 - 並發寫入實際測試
Test 5 - 不同欄位不覆蓋實際測試
Commit: 405f22 |
EF1 / EF2 處理狀態EF2 - 測試加入 CI group ✅已將測試加入 core-regression group:
Commit: 18f4ece EF1 - hook-dedup-phase1.test.mjs 失敗(非本 PR 問題)問題分析:
建議:
|
CI 失敗修復 (EF2)我造成的問題�erify-ci-test-manifest.mjs 有白名單檢查,我直接加測試到 manifest 但沒加入白名單,導致 packaging-and-workflow 失敗。 修復已將測試加入 �erify-ci-test-manifest.mjs 的 EXPECTED_BASELINE:
Commit: 2f7032f 其他 CI 失敗(非本 PR 問題)ecall-text-cleanup.test.mjs - 4 subtests 失敗
|
- memory-upgrader.ts: 移除 text 覆蓋,只更新 metadata - upgrader-phase2-lock.test.mjs: 更新測試驗證 metadata 而非 text
Codex Review 後的修復Codex 發現的問題
修復方案不再覆蓋 text,只更新 metadata:
好處:
測試更新Test 5 驗證:
Commit: �68e4ba |
|
The two-phase approach is the right call for this class of problem — splitting LLM enrichment (slow, no lock needed) from DB writes (fast, needs lock) is exactly what issue #632 called for. Must fix before merge F2 — potential nested lock (deadlock risk) MR1 — MR2 — stale snapshot in Phase 2 can erase plugin writes Suggestions (non-blocking)
Address the three must-fix items (especially F2 — the deadlock risk is the most serious) and this is in good shape. |
…se 2 - smart-extractor-scope-filter.test.mjs: add bulkStore mock - smart-extractor-batch-embed.test.mjs: add bulkStore mock - memory-upgrader-diagnostics.test.mjs: - add getById mock (Phase 2 reads latest state before write) - remove assert on patch.text (Phase 2 no longer overwrites text)
Related: Issue #679The Root cause: PR #669 bulkStore refactor added PR #639 also affected — fixed in these commits:
Tests fixed:
Note: |
維護者問題修復狀態更新所有 Must-Fix 項目已完成修復: F2 — Nested Lock (Deadlock Risk) ✅
MR1 — runWithFileLock Coupling ✅
MR2 — Stale Snapshot ✅
F1 — Hardcoded NODE_PATH ✅
F3 — Unused
|
|
Review action: COMMENT Thanks for the update. I am going to pause deep review on this branch for now because GitHub currently reports it as conflicting with the base branch:
Please rebase or merge the latest base branch, resolve the conflicts, and push the updated branch. Once the branch is cleanly mergeable again, I can re-run the full review against the actual code that would be merged. Reviewing the current diff would likely produce stale findings, since the conflict resolution may rewrite the same code paths. |
- Remove ioredis from package.json/package-lock.json (unused orphan dependency) - Update comments: the improvement is lock-hold-time reduction, NOT lock-count reduction - OLD: lock held during LLM call (seconds, blocks plugin) - NEW: lock only during DB write (milliseconds) - Lock count per batch remains N locks for N entries - Add clarifying comments in writeEnrichedBatch about MR2 re-read and F5 yield behavior
[修正 v2] 系統性問題修復:
1. Mock 的 update() 現在內部呼叫 runWithFileLock()(和真實 store.update() 一致)
- 之前 update() 是 plain function,lockCount 追蹤不准
- 現在每次 update() 呼叫 = 1 次 lock acquisition
2. 所有斷言從 lockCount === 1 per batch 改為 lockCount === N entries
- Phase 2: 每個 entry update() 呼叫一次 lock = N locks for N entries
- 這與 OLD 實作相同(兩者 lock count = N),但關鍵差異是:
OLD: lock 內執行 LLM(幾秒,阻塞 Plugin)
NEW: lock 內只執行 DB write(毫秒級),LLM 在 lock 外執行
3. Test 1/2: 正確計算每個 entry 的 lock acquisition
4. Test 4: 批次邊界:25 entries = 25 locks(3 batches of 10+10+5)
5. Test 5: 100 entries = 100 locks(10 batches)
6. Test 6: OLD vs NEW 比較說明 lock count 不變,但 lock hold time 大幅縮短
核心訊息:真正的改進是 LOCK HOLD TIME(LLM 不再占 lock),
而非 lock count reduction。
Based on 1200s Claude Code review of PR CortexReach#639 (Issue CortexReach#632 fix). ## Changes ### H3 fix: Use parseSmartMetadata instead of raw JSON.parse - File: src/memory-upgrader.ts - Before: IIFE with try/catch JSON.parse(latest.metadata) - After: parseSmartMetadata() with proper fallback - If JSON parse fails, parseSmartMetadata uses entry state to build meaningful defaults instead of empty {} - This ensures injected_count, source, state, etc. from Plugin writes are preserved rather than lost ### M3 fix: Pass scopeFilter to rollbackCandidate getById - File: src/store.ts - Before: getById(original.id) - no scopeFilter - After: getById(original.id, scopeFilter) - Ensures rollback respects same scope constraints as the original update ### Documentation: Update REFACTORING NOTE comments - File: src/memory-upgrader.ts - Corrected misleading "single lock per batch" to accurate "N locks for N entries" - Clarified: improvement is LOCK HOLD TIME, not lock count ## Issues assessed but NOT fixed (with rationale) C1 TOCTOU: getById() and update() not atomic - Reason: This is inherent to LanceDB's delete+add pattern. To truly fix would require in-place update or distributed transaction. Current design with re-read before write (MR2) is the best practical approach. C2 updateQueue not cross-instance: - Reason: Known architecture limitation. Multiple store instances pointing to same dbPath would have independent updateQueues. Not addressed as it's beyond PR scope. H1 YIELD_EVERY=5 stability: - Reason: 10ms yield every 5 entries is reasonable for ~1ms DB writes. Plugin starvation risk is low. Could be made dynamic but not critical. C3 Phase 1 failures: - Reason: Design is acceptable. LLM failure falls back to simpleEnrich (synchronous, won't throw). Network errors are recorded and retried on next upgrade() run. No data loss. M2 Mock getById scopeFilter: - Reason: Test coverage for scope boundaries is low priority for this PR. Upgrader processes already-scope-filtered entries from list(). H2 upgraded_from uses Phase 1 entry.category: - Reason: This is correct behavior. upgraded_from should record the category at time of upgrade start, not re-read category.
本次 Review + 修復摘要新增 Commits(4個)
修復 1:移除 orphan ioredis(critical)
修復 2:修正 lock contention 文件(critical)
修復 3:測試 Mock 行為修正(critical)
修復 4:Claude Deep Review(H3 + M3)
Claude 評估不修復(已記錄)
單元測試覆蓄
所有修復已驗證並推送。PR 狀態: |
核心問題:原本 PR CortexReach#639 說「1 lock per batch」但實作是 N × store.update(), 每個 entry 單獨拿 lock(N locks for N entries)。 修復內容: - store.ts: 新增 bulkUpdateMetadata(pairs) — 單次 lock,批次 query/delete/add - memory-upgrader.ts: writeEnrichedBatch() 改用 bulkUpdateMetadata() - import 修復:memory-upgrader.ts 漏 import parseSmartMetadata Lock acquisitions 改進: | 場景 | 舊實作 | 新實作 | |------|--------|--------| | 10 entries / batch=10 | 10 locks | 1 lock (-90%) | | 25 entries / batch=10 | 25 locks | 3 locks (-88%) | | 100 entries / batch=10 | 100 locks | 10 locks (-90%) | 同時評估不修復的問題(C1 TOCTOU、C2 updateQueue), 記錄於之前的 commit message。 單元測試全更新(v3):lock count 斷言從 N 改為 1 per batch。
H1: recovery logic no longer throws — returns actual { success, failed }
so caller can distinguish partial vs complete failure
M1: wrap bulkUpdateMetadata with runSerializedUpdate
so bulk ops don't interleave with plugin single updates
本次 Review + 修復最終摘要(Pre-merge Audit)Commit 歷史(6個新 commit)
核心實作新增
|
| 場景 | 舊實作 | 新實作 | 改善 |
|---|---|---|---|
| 10 entries / batch=10 | 10 locks | 1 lock | -90% |
| 25 entries / batch=10 | 25 locks | 3 locks | -88% |
| 100 entries / batch=10 | 100 locks | 10 locks | -90% |
深度稊核發現與修復
已修復(稊核前)
- H1(HIGH):Recovery 抛例外 → 改回傳
{ success, failed } - H3(HIGH):
existingMetaparse fallback → 改用parseSmartMetadata() - M1(MEDIUM):
bulkUpdateMetadata未用updateQueue→ 改用runSerializedUpdate() - M3(MEDIUM):
rollbackCandidate缺少scopeFilter→ 已傳入
已修復(深度稊核後)
- M1 Logging:Recovery 過程無 logging → 增加
console.warn診斷日記 - runSerializedUpdate 註解:說明為何需雙層包裹(跨 process + 同 process ordering)
已記錄不修復(理由充分)
- C1 TOCTOU:LanceDB delete+add 模式限制,真正修復超出 PR 範圍
- C2 updateQueue 不跨實例:已知架構限制
- H2 scopeFilter 行為差異:批次 vs 單筆的有意設計差異,已在 JSDoc 說明
單元測試(全通過)
| 測試檔案 | 結果 |
|---|---|
test/upgrader-phase2-lock.test.mjs(v3) |
✅ 5/5 |
test/upgrader-phase2-extreme.test.mjs(v3) |
✅ 6/6 |
安全實核
- ✅
escapeSqlLiteral正確用於所有 SQL 輸入 - ✅ 無 SQL injection 風險
- ✅ 向後相容:Plugin 使用的 API 完全未讏
- ✅ API 型別明確:
Promise<{ success: number; failed: string[] }>
PR 狀態:MERGEABLE,所有發現已修復,可安全合併。
✅ 整合測試通過 — Real LanceDB 驗證完成背景James 提問:單元測試用 mock store 無法驗證真實 LanceDB 操作、recovery failure path、 解法建立 5 個測試結果
關鍵驗證結果T1(最重要):真實 DB 驗證 T2:批次邊界驗證 — 3 batches = 3 locks(不是 25)。TRUE 1-lock-per-batch confirmed。 T5 Recovery 機制:代碼注入 T4 Note:Master copy 中有一個 技術發現
提交
|
This reverts commit 19e422b.
本地驗證截圖(Real LanceDB)James 提問:mock store 無法驗證真實 DB 操作、recovery failure path、 測試結果 全部通過驗證總結
關鍵驗證:T1 證明
|
|
Thanks for working on this. I agree the lock-contention problem is real, but I’m still at Must fix before merge:
Happy to re-review after the locking path and test coverage are tightened up. |
… (Issue CortexReach#632) [MR2 Core Fix] Phase 2a previously built a complete metadata STRING from the Phase 1 snapshot, then passed it to bulkUpdateMetadata(). bulkUpdateMetadata Step 3 used that Phase 1 string, overwriting Plugin's injected_count=5 that was written during Phase 1. Fix: Phase 2a now passes ONLY a PATCH (LLM enrichment fields) and a MARKER (upgraded_from, upgraded_at). The actual metadata merge happens inside bulkUpdateMetadataWithPatch(), which re-reads each entry INSIDE the lock BEFORE building merged metadata. This ensures: base = DB re-read (Plugin's injected_count=5 preserved) + cleanPatch (LLM fields: l0_abstract, l1_overview, l2_content, etc.) + cleanMarker (upgraded_from, upgraded_at) Plugin's injected_count=5 and LLM's l0_abstract="new" are BOTH preserved. [Adversarial Review Fixes — Codex MR2 review] [Q8-crisis] Spread undefined override: Object spread {...base, ...{x:undefined}} OVERWRITES base.x with undefined. Fixed by filtering undefined before merge. [Q2-high] Vector null: Array.from(null) returns [], violating LanceDB NOT NULL. Fixed by throwing explicit error if row.vector is null (pre-existing entries stored by this store always have vector; null would indicate corruption). [Q6-medium] Recovery loop used Array.includes() for failed lookup (O(n)). Fixed by creating a Set from failed entries at recovery start (O(1)). [Q7-low] Timestamp comment: documented that row.timestamp (Plugin's value) is intentionally preserved — Phase 2a does not override it. [API Changes] + store.bulkUpdateMetadataWithPatch() — new public method Accepts: Array<{id, patch: Partial<SmartMemoryMetadata>, marker: UpgradeMarker}> Returns: {success, failed} Holds: 1 file lock + 1 serialized update for entire batch + UpgradeMarker interface — new exported type {upgraded_from: string, upgraded_at: number} + EntryLike type — local type compatible with smart-metadata.ts EntryLike ~ memory-upgrader.ts Phase 2a: no longer builds metadata string; passes patch + marker to bulkUpdateMetadataWithPatch instead [Test Results — 10/10 passed] upgrader-phase2-lock.test.mjs: 4 tests upgrader-phase2-extreme.test.mjs: 6 tests
Re-review Request: MR2 Fix Complete@rwmjhb — MR2 bug is now fully fixed. Summary of changes: MR2 BugPlugin writes FixNew Adversarial Review (Codex) AppliedFound and fixed 4 issues:
Test ResultsAll 10 tests pass (4 lock tests + 6 extreme tests). Branch: Please re-review. Happy to iterate if you see any issues. |
2 participants
Summary
Fix Issue #632: Lock contention between upgrade CLI and plugin causes writes to fail.
Root Cause:
memory-upgrader.tswas acquiring a lock for EACH entry during upgrade (N entries = N locks), causing the plugin to wait seconds during LLM enrichment.Solution: Two-Phase Processing
Result: Lock count reduced by 88-90%
MR2 Fix: Stale Metadata Bug (Adversarial Review Found)
Bug: Plugin writes
injected_count=5during Phase 1 enrichment window. Phase 2 uses Phase 1 snapshot metadata (withinjected_count=0) and overwrites Plugin's value.Root Cause: Phase 2a built a complete metadata STRING from Phase 1 snapshot, then
bulkUpdateMetadata()Step 3 used that Phase 1 string, overwriting Plugin'sinjected_count=5.Fix: New API
bulkUpdateMetadataWithPatch()— re-reads fresh DB state INSIDE the lock before merging:Plugin's
injected_count=5and LLM'sl0_abstract="new"are BOTH preserved.Adversarial Review (Codex) Fixes Applied:
API Changes
New method:
store.bulkUpdateMetadataWithPatch()New type:
UpgradeMarkerinterfaceChanges
src/memory-upgrader.tsbulkUpdateMetadataWithPatch()instead ofbulkUpdateMetadata()src/store.tsbulkUpdateMetadataWithPatch(): new public methodUpgradeMarker: new exported interfaceEntryLike: local type for parseSmartMetadata compatibilitytest/upgrader-phase2-lock.test.mjsbulkUpdateMetadataWithPatchtest/upgrader-phase2-extreme.test.mjsbulkUpdateMetadataWithPatchLock Improvement
Tests
All 10 tests pass:
node test/upgrader-phase2-lock.test.mjs:node test/upgrader-phase2-extreme.test.mjs:Related Issues
Checklist