Skip Value Expiration Check When Scanning a Tombstoned Record (#1612)

* fix migrate write test

* prevent expiration check on tombstoned key while scanning

* fix formatting

* ensure reviv pause signal is observed through epoch protection

* make revivPauseEvent readonly

* Update test/Garnet.test.cluster/ClusterMigrateTests.cs

Co-authored-by: Copilot <[email protected]>

* addressing first comments

* update comment in MigrateScanFunctions

* release epoch when acquiring exlucisve SuspendConfigMerge lock

* add ReaderWriterLock custom implementation

* fix formatting

* fixing simple tests

* make pause reviv thread safe

---------

Co-authored-by: Copilot <[email protected]>

Author: vazois

libs/cluster/Server/ClusterManager.cs

@@ -105,6 +105,7 @@ public ClusterManager(ClusterProvider clusterProvider, ILogger logger = null)
             gossipDelay = TimeSpan.FromSeconds(serverOptions.GossipDelay);
             clusterTimeout = serverOptions.ClusterTimeout <= 0 ? Timeout.InfiniteTimeSpan : TimeSpan.FromSeconds(serverOptions.ClusterTimeout);
             numActiveTasks = 0;
+            activeMergeLock = new();
             GossipSamplePercent = serverOptions.GossipSamplePercent;
 
             // Run Background task
@@ -141,7 +142,7 @@ async Task FlushTask()
         public void Dispose()
         {
             DisposeBackgroundTasks();
-
+            activeMergeLock?.Dispose();
             clusterConfigDevice.Dispose();
             pool.Free();
             epoch?.Dispose();

libs/cluster/Server/Gossip/Gossip.cs

@@ -19,7 +19,7 @@ internal sealed partial class ClusterManager : IDisposable
         public readonly TimeSpan gossipDelay;
         public readonly TimeSpan clusterTimeout;
         private volatile int numActiveTasks = 0;
-        private SingleWriterMultiReaderLock activeMergeLock;
+        private readonly common.ReaderWriterLock activeMergeLock;
         public readonly GarnetClusterConnectionStore clusterConnectionStore;
 
         public GossipStats gossipStats;

libs/cluster/Server/Migration/MigrateScanFunctions.cs

@@ -33,7 +33,8 @@ public unsafe bool SingleReader(ref SpanByte key, ref SpanByte value, RecordMeta
                 mss.ThrowIfCancelled();
 
                 // Do not send key if it is expired
-                if (ClusterSession.Expired(ref value))
+                // NOTE: Because the scan executes includingTombstones, tombstone records may not have valid expiration metadata; skip expiration validation here and defer it until the actual send occurs (MigrateSessionCommonUtils.cs:WriteOrSendMainStoreKeyValuePair).
+                if (!recordMetadata.RecordInfo.Tombstone && ClusterSession.Expired(ref value))
                     return true;
 
                 // TODO: Some other way to detect namespaces
@@ -99,7 +100,8 @@ public unsafe bool SingleReader(ref byte[] key, ref IGarnetObject value, RecordM
                 mss.ThrowIfCancelled();
 
                 // Do not send key if it is expired
-                if (ClusterSession.Expired(ref value))
+                // NOTE: Because the scan executes includingTombstones, tombstone records may not have valid expiration metadata; skip expiration validation here and defer it until the actual send occurs (MigrateSessionCommonUtils.cs:WriteOrSendObjectStoreKeyValuePair).
+                if (!recordMetadata.RecordInfo.Tombstone && ClusterSession.Expired(ref value))
                     return true;
 
                 var s = HashSlotUtils.HashSlot(key);

libs/cluster/Server/Migration/MigrationDriver.cs

@@ -54,7 +54,7 @@ private async Task BeginAsyncMigrationTask()
             var configResumed = true;
             try
             {
-                clusterProvider.storeWrapper.store.PauseRevivification();
+                clusterProvider.storeWrapper.store.PauseRevivification(_timeout, _cts.Token);
 
                 // Set target node to import state
                 if (!TrySetSlotRanges(GetSourceNodeId, MigrateState.IMPORT))

libs/cluster/Session/RespClusterBasicCommands.cs

@@ -1,6 +1,7 @@
 // Copyright (c) Microsoft Corporation.
 // Licensed under the MIT license.
 
+using System;
 using System.Diagnostics;
 using System.Text;
 using Garnet.common;
@@ -75,17 +76,26 @@ private bool NetworkClusterForget(out bool invalidParameters)
             }
 
             logger?.LogTrace("CLUSTER FORGET {nodeid} {seconds}", nodeId, expirySeconds);
-            if (!clusterProvider.clusterManager.TryRemoveWorker(nodeId, expirySeconds, out var errorMessage))
+            // NOTE: Release epoch to prevent deadlock when acquiring SuspendConfigMerge exclusive lock within TryRemoveWorker.
+            ReleaseCurrentEpoch();
+            try
             {
-                while (!RespWriteUtils.TryWriteError(errorMessage, ref dcurr, dend))
-                    SendAndReset();
+                if (!clusterProvider.clusterManager.TryRemoveWorker(nodeId, expirySeconds, out var errorMessage))
+                {
+                    while (!RespWriteUtils.TryWriteError(errorMessage, ref dcurr, dend))
+                        SendAndReset();
+                }
+                else
+                {
+                    // Terminate any outstanding migration tasks
+                    _ = clusterProvider.migrationManager.TryRemoveMigrationTask(nodeId);
+                    while (!RespWriteUtils.TryWriteDirect(CmdStrings.RESP_OK, ref dcurr, dend))
+                        SendAndReset();
+                }
             }
-            else
+            finally
             {
-                // Terminate any outstanding migration tasks
-                _ = clusterProvider.migrationManager.TryRemoveMigrationTask(nodeId);
-                while (!RespWriteUtils.TryWriteDirect(CmdStrings.RESP_OK, ref dcurr, dend))
-                    SendAndReset();
+                AcquireCurrentEpoch();
             }
 
             return true;
@@ -379,7 +389,16 @@ private bool NetworkClusterGossip(out bool invalidParameters)
                 // GossipWithMeet messages are only send through a call to CLUSTER MEET at the remote node
                 if (gossipWithMeet || current.IsKnown(other.LocalNodeId))
                 {
-                    _ = clusterProvider.clusterManager.TryMerge(other);
+                    // NOTE: release the epoch to avoid deadlock with MIGRATE config suspension
+                    ReleaseCurrentEpoch();
+                    try
+                    {
+                        _ = clusterProvider.clusterManager.TryMerge(other);
+                    }
+                    finally
+                    {
+                        AcquireCurrentEpoch();
+                    }
 
                     // Remember that this connection is being used for another cluster node to talk to us
                     Debug.Assert(RemoteNodeId is null || RemoteNodeId == other.LocalNodeId, "Node Id shouldn't change once set for a connection");
@@ -448,7 +467,17 @@ private bool NetworkClusterReset(out bool invalidParameters)
                 }
             }
 
-            var resp = clusterProvider.clusterManager.TryReset(soft, expirySeconds);
+            // NOTE: Release epoch to prevent deadlock when acquiring SuspendConfigMerge exclusive lock within TryReset.
+            ReleaseCurrentEpoch();
+            ReadOnlySpan<byte> resp = default;
+            try
+            {
+                resp = clusterProvider.clusterManager.TryReset(soft, expirySeconds);
+            }
+            finally
+            {
+                AcquireCurrentEpoch();
+            }
             if (!soft) clusterProvider.FlushDB(true);
 
             while (!RespWriteUtils.TryWriteDirect(resp, ref dcurr, dend))

libs/common/ReaderWriterLock.cs

@@ -0,0 +1,253 @@
+// Copyright (c) Microsoft Corporation.
+// Licensed under the MIT license.
+
+using System;
+using System.Threading;
+
+namespace Garnet.common
+{
+    /// <summary>
+    /// Reader/writer lock backed by semaphores.
+    /// Supports a single writer or multiple concurrent readers.
+    /// </summary>
+    public sealed class ReaderWriterLock : IDisposable
+    {
+        enum LockOperation
+        {
+            Reader,
+            Writer
+        }
+
+#if NET9_0_OR_GREATER
+        readonly Lock mutex;
+#else
+        readonly object mutex;
+#endif
+        readonly SemaphoreSlim readerSemaphore;
+        readonly SemaphoreSlim writerSemaphore;
+
+        // -1: writer holds the lock, 0: free, >0: number of active readers.
+        int lockHeld;
+        int waitingReaders;
+        int waitingWriters;
+        int grantedReaders;
+        int grantedWriters;
+        bool disposed;
+
+        public ReaderWriterLock()
+        {
+            mutex = new();
+            readerSemaphore = new(0);
+            writerSemaphore = new(0);
+        }
+
+        public void Dispose()
+        {
+            lock (mutex)
+            {
+                if (disposed)
+                    return;
+                disposed = true;
+            }
+
+            readerSemaphore.Dispose();
+            writerSemaphore.Dispose();
+        }
+
+        /// <summary>
+        /// Acquires an exclusive write lock, granting sole access to the resource for write operations.
+        /// </summary>
+        public void WriteLock()
+            => WriteLock(default);
+
+        /// <summary>
+        /// Acquires an exclusive write lock, granting sole access to the resource for write operations.
+        /// </summary>
+        /// <param name="token">A cancellation token that can be used to cancel the lock acquisition process.</param>
+        public void WriteLock(CancellationToken token)
+            => Acquire(LockOperation.Writer, token);
+
+        /// <summary>
+        /// Release writer lock and wake either one writer or all waiting readers.
+        /// </summary>
+        public void WriteUnlock()
+            => Release();
+
+        /// <summary>
+        /// Acquires a reader lock, allowing concurrent read access to the resource.
+        /// </summary>
+        public void ReadLock()
+            => ReaderLock(default);
+
+        /// <summary>
+        /// Acquires a reader lock, allowing concurrent read access to the resource.
+        /// </summary>
+        /// <param name="token">The cancellation token used to signal the operation's cancellation.</param>
+        public void ReaderLock(CancellationToken token)
+            => Acquire(LockOperation.Reader, token);
+
+        /// <summary>
+        /// Release reader lock and wake one writer when this was the last active reader.
+        /// </summary>
+        public void ReadUnlock()
+            => Release();
+
+        void Acquire(LockOperation operation, CancellationToken cancellationToken)
+        {
+            SemaphoreSlim waitSemaphore;
+            lock (mutex)
+            {
+                ObjectDisposedException.ThrowIf(disposed, nameof(ReaderWriterLock));
+
+                switch (operation)
+                {
+                    case LockOperation.Reader:
+                        // Acquire reader lock immediately
+                        if (lockHeld >= 0 && waitingWriters == 0)
+                        {
+                            lockHeld++;
+                            return;
+                        }
+
+                        // Prepare to wait because lock was not available for readers
+                        waitingReaders++;
+                        waitSemaphore = readerSemaphore;
+                        break;
+                    case LockOperation.Writer:
+                        // Acquire writer lock immediately
+                        if (lockHeld == 0)
+                        {
+                            lockHeld = -1;
+                            return;
+                        }
+
+                        // Prepare to wait because lock was not available for writers
+                        waitingWriters++;
+                        waitSemaphore = writerSemaphore;
+                        break;
+                    default:
+                        throw new InvalidOperationException();
+                }
+            }
+
+            WaitForGrant(waitSemaphore, operation, cancellationToken);
+        }
+
+        void WaitForGrant(SemaphoreSlim waitSemaphore, LockOperation operation, CancellationToken cancellationToken)
+        {
+            try
+            {
+                waitSemaphore.Wait(cancellationToken);
+            }
+            catch (OperationCanceledException)
+            {
+                var shouldRelease = false;
+                lock (mutex)
+                {
+                    ObjectDisposedException.ThrowIf(disposed, nameof(ReaderWriterLock));
+
+                    switch (operation)
+                    {
+                        case LockOperation.Reader:
+                            if (grantedReaders > 0)
+                            {
+                                // lock was granted before cancellation
+                                grantedReaders--;
+                                shouldRelease = true;
+                            }
+                            else
+                            {
+                                // lock was not granted yet
+                                waitingReaders--;
+                            }
+                            break;
+                        case LockOperation.Writer:
+                            if (grantedWriters > 0)
+                            {
+                                // lock was granted before cancellation
+                                grantedWriters--;
+                                shouldRelease = true;
+                            }
+                            else
+                            {
+                                // lock was not granted yet
+                                waitingWriters--;
+                            }
+                            break;
+                        default:
+                            throw new InvalidOperationException();
+                    }
+                }
+
+                if (shouldRelease)
+                    Release();
+
+                throw;
+            }
+
+            lock (mutex)
+            {
+                ObjectDisposedException.ThrowIf(disposed, nameof(ReaderWriterLock));
+
+                switch (operation)
+                {
+                    case LockOperation.Reader:
+                        if (grantedReaders <= 0)
+                            throw new SynchronizationLockException("Reader wakeup observed without matching grant.");
+                        // Release granted counters and not waiting counters since they have been decremented at release that granted the lock.
+                        grantedReaders--;
+                        break;
+                    case LockOperation.Writer:
+                        if (grantedWriters <= 0)
+                            throw new SynchronizationLockException("Writer wakeup observed without matching grant.");
+                        // Release granted counters and not waiting counters since they have been decremented at release that granted the lock.
+                        grantedWriters--;
+                        break;
+                    default:
+                        throw new InvalidOperationException();
+                }
+            }
+        }
+
+        void Release()
+        {
+            lock (mutex)
+            {
+                ObjectDisposedException.ThrowIf(disposed, nameof(ReaderWriterLock));
+
+                if (lockHeld == 0)
+                    throw new SynchronizationLockException("Unlock called when lock is not held.");
+
+                // Update lock state first.
+                if (lockHeld == -1)
+                    lockHeld = 0;
+                else
+                    lockHeld--;
+
+                // Still held by active readers.
+                if (lockHeld != 0)
+                    return;
+
+                // Writers have priority.
+                if (waitingWriters > 0)
+                {
+                    waitingWriters--;
+                    lockHeld = -1;
+                    grantedWriters++;
+                    _ = writerSemaphore.Release();
+                    return;
+                }
+
+                // Consume readers next
+                if (waitingReaders > 0)
+                {
+                    var toRelease = waitingReaders;
+                    waitingReaders = 0;
+                    lockHeld = toRelease;
+                    grantedReaders += toRelease;
+                    _ = readerSemaphore.Release(toRelease);
+                }
+            }
+        }
+    }
+}