Skip to content

[storage & runtime] Switch to page-level checksums instead of record-level checksums #2667

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
patrick-ogrady merged 25 commits into from
Jan 8, 2026
Merged

[storage & runtime] Switch to page-level checksums instead of record-level checksums #2667

patrick-ogrady merged 25 commits into from
Jan 8, 2026

Conversation

@roberto-bayardo
Copy link
Collaborator

@roberto-bayardo roberto-bayardo commented Jan 2, 2026
edited
Loading

This PR extends the buffer pool and its associated blob wrappers to perform integrity verification at a page level, allowing removal of the "application-level" integrity checking from storage structures such as journal which were explicitly CRCing every item.

Note that a good deal of complexity (e.g. dual CRCs per page) pertains to being able to rewrite the final (partial) page without affecting durability of any previously commited version.

Resolves: #2607
Resolves: #1219
Resolves: #2728

@cloudflare-workers-and-pages
Copy link

cloudflare-workers-and-pages bot commented Jan 2, 2026
edited
Loading

Deploying with  Cloudflare Workers  Cloudflare Workers

The latest updates on your project. Learn more about integrating Git with Workers.

Status Name Latest Commit Updated (UTC)
✅ Deployment successful!
View logs		 commonware-mcp b97a138 Jan 08 2026, 09:31 AM

@cloudflare-workers-and-pages
Copy link

cloudflare-workers-and-pages bot commented Jan 2, 2026
edited
Loading

Deploying monorepo with  Cloudflare Pages  Cloudflare Pages

Latest commit: b97a138
Status: ✅  Deploy successful!
Preview URL: https://de8bdff4.monorepo-eu0.pages.dev
Branch Preview URL: https://append-crc32.monorepo-eu0.pages.dev

View logs

patrick-ogrady
patrick-ogrady reviewed Jan 2, 2026
View reviewed changes
@roberto-bayardo roberto-bayardo force-pushed the append-crc32 branch 9 times, most recently from 39fe81d to 515a9e0 Compare January 3, 2026 03:05
@roberto-bayardo roberto-bayardo marked this pull request as ready for review January 3, 2026 18:58
cursor[bot]
cursor bot reviewed Jan 3, 2026
View reviewed changes
@roberto-bayardo roberto-bayardo force-pushed the append-crc32 branch 3 times, most recently from 0d7eb5e to 134fe3b Compare January 4, 2026 02:36
cursor[bot]
cursor bot reviewed Jan 4, 2026
View reviewed changes
cursor[bot]
cursor bot reviewed Jan 4, 2026
View reviewed changes
@roberto-bayardo roberto-bayardo force-pushed the append-crc32 branch 3 times, most recently from 449e157 to e92b376 Compare January 4, 2026 17:09
@roberto-bayardo roberto-bayardo force-pushed the append-crc32 branch 3 times, most recently from 2901be0 to cf1c179 Compare January 4, 2026 17:43
cursor[bot]
cursor bot reviewed Jan 4, 2026
View reviewed changes
patrick-ogrady
patrick-ogrady reviewed Jan 8, 2026
View reviewed changes
Copy link
Contributor

@patrick-ogrady patrick-ogrady left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

more feedback

cursor[bot]
cursor bot reviewed Jan 8, 2026
View reviewed changes
patrick-ogrady
patrick-ogrady reviewed Jan 8, 2026
View reviewed changes
Copy link
Contributor

@patrick-ogrady patrick-ogrady left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

another batch

cursor[bot]
cursor bot reviewed Jan 8, 2026
View reviewed changes
patrick-ogrady
patrick-ogrady reviewed Jan 8, 2026
View reviewed changes
patrick-ogrady
patrick-ogrady reviewed Jan 8, 2026
View reviewed changes
cursor[bot]
cursor bot reviewed Jan 8, 2026
View reviewed changes
cursor[bot]
cursor bot reviewed Jan 8, 2026
View reviewed changes
cursor[bot]
cursor bot reviewed Jan 8, 2026
View reviewed changes
runtime/src/utils/buffer/pool/append.rs
self.sync().await?;

// Acquire both locks to prevent concurrent operations.
let mut buf_guard = self.buffer.write().await;
Copy link

@cursor cursor bot Jan 8, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Resize race condition can silently lose appended data

High Severity

When shrinking, resize() calls sync() at line 831 which releases the buffer write lock after flushing. Between sync() returning and re-acquiring the buffer lock at line 834, another task can call append() and add data to the buffer. The resize then proceeds to overwrite buf_guard.data at lines 878/881 with data read from disk, silently discarding any data appended during that window. The removed implementation held the buffer lock throughout the operation to prevent this race. The warning only mentions concurrent readers, not that concurrent appends can cause data loss.

Additional Locations (1)

Fix in Cursor Fix in Web

patrick-ogrady
patrick-ogrady approved these changes Jan 8, 2026
View reviewed changes
Copy link
Contributor

@patrick-ogrady patrick-ogrady left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I think there is still a lot to optimize here (and am not sure runtime is the right place for this fancy checksummed buffer), but the written disk format (page + checksum record) is correct and we can work with this.

@andresilva andresilva mentioned this pull request Jan 8, 2026
Merged
@patrick-ogrady patrick-ogrady merged commit 6030f68 into main Jan 8, 2026
130 checks passed
@patrick-ogrady patrick-ogrady deleted the append-crc32 branch January 8, 2026 10:26
@codecov
Copy link

codecov bot commented Jan 8, 2026

Codecov Report

❌ Patch coverage is 95.52573% with 100 lines in your changes missing coverage. Please review.
✅ Project coverage is 93.18%. Comparing base (8f7a0d7) to head (b97a138).
⚠️ Report is 2 commits behind head on main.

Files with missing lines Patch % Lines
runtime/src/utils/buffer/pool/append.rs 96.29% 45 Missing ⚠️
runtime/src/utils/buffer/pool/read.rs 87.30% 33 Missing ⚠️
runtime/src/utils/buffer/pool/mod.rs 97.37% 7 Missing ⚠️
runtime/src/utils/buffer/pool/page_cache.rs 94.11% 5 Missing ⚠️
storage/src/journal/segmented/oversized.rs 94.28% 4 Missing ⚠️
storage/src/journal/contiguous/fixed.rs 97.32% 3 Missing ⚠️
storage/src/journal/segmented/fixed.rs 88.88% 2 Missing ⚠️
storage/src/journal/segmented/variable.rs 99.24% 1 Missing ⚠️ 
@@            Coverage Diff             @@
##             main    #2667      +/-   ##
==========================================
+ Coverage   93.13%   93.18%   +0.04%     
==========================================
  Files         368      371       +3     
  Lines      110795   112959    +2164     
==========================================
+ Hits       103193   105262    +2069     
- Misses       7602     7697      +95
Files with missing lines Coverage Δ
consensus/src/aggregation/mod.rs 97.95% <ø> (-0.86%) ⬇️
consensus/src/marshal/mod.rs 95.28% <ø> (ø)
consensus/src/ordered_broadcast/mod.rs 99.07% <ø> (ø)
consensus/src/simplex/actors/voter/mod.rs 95.54% <ø> (ø)
consensus/src/simplex/mod.rs 98.77% <ø> (-0.09%) ⬇️
runtime/src/lib.rs 97.05% <ø> (ø)
runtime/src/utils/buffer/mod.rs 99.85% <ø> (ø)
runtime/src/utils/buffer/tip.rs 100.00% <100.00%> (ø)
runtime/src/utils/buffer/write.rs 98.55% <100.00%> (ø)
storage/src/archive/immutable/mod.rs 100.00% <ø> (ø)
... and 28 more

... and 25 files with indirect coverage changes

Continue to review full report in Codecov by Sentry.

Legend - Click here to learn more
Δ = absolute <relative> (impact), ø = not affected, ? = missing data
Powered by Codecov. Last update 8f7a0d7...b97a138. Read the comment docs.

🚀 New features to boost your workflow:
  • ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.
  • 📦 JS Bundle Analysis: Save yourself from yourself by tracking and limiting bundle sizes in JS merges.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@danlaine danlaine danlaine left review comments

@cursor cursor[bot] cursor[bot] left review comments

@patrick-ogrady patrick-ogrady patrick-ogrady approved these changes

@andresilva andresilva Awaiting requested review from andresilva

Assignees

No one assigned

Labels

breaking-api This PR modifies the public interface of a function. breaking-format This PR modifies codec and/or storage formats.

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

[storage] blob corruption fuzz test [storage] Consider page-level CRCs instead of record level [storage/journal/fixed.rs] Immutable blob wrapper

5 participants

@roberto-bayardo @andresilva @patrick-ogrady @danlaine