Page MenuHomePhabricator
Create Task
Maniphest T206147

Database::close() shouldn't commit transactions
Closed, ResolvedPublic
Actions

Description

A call to Database::close() with an open transaction is probably due to some sort of uncaught exception or an HHVM fatal error.[1] Transactional databases normally roll back when a connection is closed with an open transaction rather than committing them, so MediaWiki committing them is unexpected.

We currently have four cases being checked in Database::close():

  1. Atomic section open → Rollback, and exception is thrown.
  2. Automatic transaction open, writes were made → Rollback, and exception is thrown.
  3. Automatic transaction open, no writes were made → Commit, no exception or log message.
  4. Any other transaction open → Commit, no exception but there is a log message.

In case #3 there should be no appreciable difference between committing and rolling back because no writes were done. Either way it's probably not worth throwing an exception.

Case #4 is the one that's concerning, as it seems reasonably likely to be committing incomplete database changes.

Since I don't see the log message from case #4 in the logs from the past 60 days, I think we can be reasonably sure it's only case #3 being hit (whether because of T204346 or otherwise).

So I propose we make case #4 rollback and throw an exception, while case #3 should rollback without throwing an exception.

[1]: Zend PHP doesn't run destructors on fatal errors, so LoadBalancer->__destruct() doesn't get a chance to try to call Database::close().

Details

SubjectRepoBranchLines +/-
Database: close() should not commit transactionsmediawiki/coremaster+27 -20
Customize query in gerrit

Related Objects

Event Timeline

Anomie created this task.Oct 3 2018, 5:36 PM
Restricted Application added a subscriber: Aklapper. · View Herald TranscriptOct 3 2018, 5:36 PM
Anomie mentioned this in T204346: PHP-timed out requests also emit LoadBalancer::destruct error "you can't run this command now: COMMIT".Oct 3 2018, 5:37 PM
gerritbot subscribed.Oct 3 2018, 5:43 PM

Change 464372 had a related patch set uploaded (by Anomie; owner: Anomie):
[mediawiki/core@master] Database: close() should not commit transactions

https://gerrit.wikimedia.org/r/464372

gerritbot added a project: Patch-For-Review.Oct 3 2018, 5:43 PM
Anomie added a project: Platform Team Legacy (Designing).Oct 3 2018, 5:43 PM
Anomie moved this task from Inbox to Waiting for Review on the Platform Team Legacy (Designing) board.
CCicalese_WMF added a project: Platform Engineering (Needs Cleaning - Security, stability, performance, and scalability (TEC1)).Oct 3 2018, 8:28 PM
gerritbot added a comment.Oct 3 2018, 11:25 PM

Change 464372 merged by jenkins-bot:
[mediawiki/core@master] Database: close() should not commit transactions

https://gerrit.wikimedia.org/r/464372

ReleaseTaggerBot added a project: MW-1.32-notes (WMF-deploy-2018-10-16 (1.32.0-wmf.26)).Oct 4 2018, 12:01 AM
Anomie closed this task as Resolved.Oct 4 2018, 7:17 PM
Anomie claimed this task.
CCicalese_WMF moved this task from Waiting for Review to Done within CPT on the Platform Team Legacy (Designing) board.Oct 8 2018, 9:15 PM
CCicalese_WMF edited projects, added Platform Team Workboards (Done with CPT); removed Platform Team Legacy (Designing).Oct 14 2018, 3:47 PM
Aklapper removed a subscriber: Anomie.Oct 16 2020, 5:38 PM
Maintenance_bot removed a project: Patch-For-Review.Oct 16 2020, 6:15 PM
Content licensed under Creative Commons Attribution-ShareAlike (CC BY-SA) 4.0 unless otherwise noted; code licensed under GNU General Public License (GPL) 2.0 or later and other open source licenses. By using this site, you agree to the Terms of Use, Privacy Policy, and Code of Conduct. · Wikimedia Foundation · Privacy Policy · Code of Conduct · Terms of Use · Disclaimer · CC-BY-SA · GPL