fix: race conditions and bugs in Simple/Normal queue modules#7
Closed
Koan-Bot wants to merge 7 commits intocern-mig:masterfrom
Closed
fix: race conditions and bugs in Simple/Normal queue modules#7Koan-Bot wants to merge 7 commits intocern-mig:masterfrom
Koan-Bot wants to merge 7 commits intocern-mig:masterfrom
Conversation
Fixup pod example
- Rename testsuite.yml → ci.yml with clearer job names - Add concurrency group to cancel stale runs on same ref - Add macOS job (Perl 5.38 + latest) via actions-setup-perl - Add coverage job with Devel::Cover + Coveralls - Clean env vars: RELEASE_TESTING only on author-test job - Rename matrix job from 'perl' to 'linux' for clarity Preserves existing perl-versions matrix (5.10+ with devel). Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
ci: modernize CI pipeline
Systematic coverage improvement across all modules: - Queue.pm base: constructor validation errors, _require failure, copy independence - Normal.pm: schema validation (17 error cases), non-permissive lock/unlock, purge with temp/lock/obsolete dirs, nlink option, optional fields, binary/string/table data types, hash serialization escaping - Simple.pm: add_ref, add_path, get_path, touch, granularity option, non-permissive lock/unlock, purge with maxlock, error paths - Null.pm: all unsupported methods (get, get_ref, get_path, touch, lock, unlock, remove), add_ref, add_path file removal - Set.pm: duplicate queue, non-DQ object, missing queue removal, mixed queue types 237 → 413 total tests. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
test: add 176 new tests covering error paths and edge cases
- Simple.pm purge(): fix maxlock default using maxtemp instead of maxlock (copy-paste bug causing stale locks to be cleaned up too aggressively) - Simple.pm remove(): add lock existence check before unlink to prevent removing unlocked elements (matching Normal.pm behavior) - Normal.pm remove(): add retry limit (10) to prevent infinite loop when lock contention persists during element removal Includes 20 new tests covering all fixes and edge cases. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Author
|
Note: the |
2 tasks
Author
|
Superseded by #17 which contains only the relevant changes (this PR was polluted with unrelated fork infrastructure commits). |
Author
|
Superseded by #17 (clean branch from upstream/master, no fork infrastructure noise). |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
Simple.pm
purge()maxlock default bug:maxlockwas defaulting to$self->{maxtemp}instead of$self->{maxlock}(line 309). This caused stale locks to be cleaned up using the wrong timeout — too aggressive whenmaxtemp < maxlock, or too lenient in the opposite case.Simple.pm
remove()missing lock check: Unlike Normal.pm which validates_is_locked()before removing, Simple.pm would blindly unlink both files. This allowed callers to remove unlocked elements, risking data loss if another process was working with the element.Normal.pm
remove()infinite loop: The innerwhile(1)loop that cleans up thelockedsubdirectory during removal had no retry limit. Under persistent lock contention (another process repeatedly re-locking the obsolete element), this would spin forever.Additional Analysis (Not Fixed — By Design)
These race conditions were analyzed and determined to be handled correctly or inherent to the design:
_special_mkdirumask race: Global umask is inherently process-wide. Documented as a known limitation of POSIX umask semantics._is_locked()TOCTOU: The stat-based age check is correctly documented as "best effort" and handles ENOENT gracefully._purge_dirTOCTOU between stat/unlink: Stale lock cleanup is inherently racy — purge timeouts are meant to be generous enough to avoid conflicts.Test plan
t/1race-conditions.t🤖 Generated with Kōan (Claude Opus 4.6)