fix: Add type safety to FindMutable calls #5886
Conversation
vyavdoshenko
requested review from
romange,
BorysTheDev,
kostasrim and
dranikpg
src/server/string_family.cc
Outdated
| const int64_t increment_ns = emission_interval_ns * quantity; // should be nonnegative | ||
|
|
||
| auto res = db_slice.FindMutable(op_args.db_cntx, key); | ||
| // Use type-safe FindMutable with OBJ_STRING (fixes #5316) |
There was a problem hiding this comment.
I think those comments are redundant, especially referencing the issue
| db_slice.Del(db_context, it); | ||
| auto res_it = db_slice.FindMutable(db_context, key, OBJ_HASH); | ||
| if (res_it) { | ||
| res_it->post_updater.Run(); |
There was a problem hiding this comment.
why do you need to run it manually?
There was a problem hiding this comment.
AutoUpdater dtor automatically calls Run() on destruction, which has a DCHECK that verifies the key still exists in the database.
Since we call db_slice.Del() earlier in the code (which removes the key), we must manually call post_updater.Run() before deletion to update memory accounting while the key is still valid. Otherwise, when res_it goes out of scope, the destructor will call Run() on an already-deleted key and the DCHECK will fail.
This pattern is used throughout the codebase whenever a key is deleted after FindMutable().
There was a problem hiding this comment.
maybe we can unify somehow this code, I mean do delete in post_updater or call run during delete.
There was a problem hiding this comment.
This pattern (post_updater.Run() + Del()) appears many times across several files in the codebase, so unifying it makes sense.
Suggested approach:
Add a new method DelMutable() to DbSlice:
void DbSlice::DelMutable(Context cntx, ItAndUpdater& it_updater) {
it_updater.post_updater.Run();
Del(cntx, it_updater.it);
}
This would simplify code like:
// From
res_it->post_updater.Run();
db_slice.Del(op_args.db_cntx, res_it->it);
// To
db_slice.DelMutable(op_args.db_cntx, *res_it);
However, I'd suggest doing this as a separate follow-up PR after this one, because:
- This PR focuses on type safety fixes
- Refactoring many call sites is a larger change that deserves separate review
- Mixing two different goals increases risk and review complexity
Maybe better create a separate issue for this refactoring?
Fixes: #5316
Adds explicit type checking to
FindMutablecalls in string, set, and hash family commands to prevent accidentally deleting objects of the wrong type.Changes:
string_family.cc:OpIncrBy,OpThrottle→ addedOBJ_STRINGset_family.cc:OpAdd→ addedOBJ_SEThset_family.cc:HRandField→ addedOBJ_HASHThis ensures that operations fail fast with
WRONG_TYPEinstead of potentially corrupting data by operating on objects of unexpected types.