fix(db): cross-column snapshot atomicity in SnapshotableMemColumnsDb

LukaszRozmej · claude · LukaszRozmej · commit c14030da4dfa · 2026-04-30T21:18:45.000+02:00
SnapshotableMemColumnsDb.CreateSnapshot iterates columns in a loop and
captures each column's snapshot independently. InMemoryColumnWriteBatch
.Dispose iterates the per-column batches and disposes each
independently. Without a global guard, a CreateSnapshot call concurrent
with an in-flight writeBatch.Dispose can capture some columns AFTER the
new writes and others BEFORE — producing a cross-column-inconsistent
reader view.

This race only matters in the test backend (RocksDB has atomic
cross-CF snapshots), but it manifested concretely in
E2ESyncTests.SnapSync on Windows: post-snap-sync block processing leases
a fresh persistenceReader while the persistence pipeline is committing,
gets a snapshot whose Accounts column is updated but whose StateNodes
column is not, then walks the trie at the new state root and throws
TrieNodeException for a node that "should" be there.

Add a ReaderWriterLockSlim around CreateSnapshot (read) and
writeBatch.Dispose (write) so multi-column commits are atomic w.r.t.
snapshot creation. Multiple snapshots can still proceed concurrently —
the only contention is the rare overlap of a snapshot creation with a
multi-column commit.

This eliminates the TrieNodeException failure mode in the stress
reproducer (`SnapSync_StressRepro`). The "missing in flat" mode is a
separate, deterministic bug (the same ~9 addresses miss reliably) that
appears unaffected by this fix and needs follow-up investigation.

Co-Authored-By: Claude Opus 4.7 (1M context) &lt;noreply@anthropic.com&gt;
diff --git a/src/Nethermind/Nethermind.Db/SnapshotableMemColumnsDb.cs b/src/Nethermind/Nethermind.Db/SnapshotableMemColumnsDb.cs
@@ -3,6 +3,7 @@
 
 using System;
 using System.Collections.Generic;
+using System.Threading;
 using Nethermind.Core;
 
 namespace Nethermind.Db
@@ -16,6 +17,16 @@ public class SnapshotableMemColumnsDb<TKey> : IColumnsDb<TKey> where TKey : stru
         private readonly Dictionary<TKey, SnapshotableMemDb> _columnDbs = new();
         private readonly bool _neverPrune;
 
+        // Cross-column atomicity guard. Each per-column SnapshotableMemDb has its own version
+        // counter and lock, so per-column reads/writes are individually consistent. But a
+        // multi-column writeBatch dispose applies columns one-by-one, and CreateSnapshot
+        // captures column snapshots one-by-one. Without this lock a snapshot taken concurrently
+        // with an in-flight writeBatch dispose can capture some columns AFTER the new writes
+        // and others BEFORE, producing a cross-column-inconsistent reader view. RocksDB does
+        // not have this problem (its snapshots are atomic across CFs); this lock makes the
+        // in-memory test backend match.
+        private readonly Lock _atomicityLock = new();
+
         private SnapshotableMemColumnsDb(TKey[] keys, bool neverPrune)
         {
             _neverPrune = neverPrune;
@@ -55,10 +66,11 @@ public IDb GetColumnDb(TKey key)
 
         public IReadOnlyColumnDb<TKey> CreateReadOnly(bool createInMemWriteStore) => new ReadOnlyColumnsDb<TKey>(this, createInMemWriteStore);
 
-        public IColumnsWriteBatch<TKey> StartWriteBatch() => new InMemoryColumnWriteBatch<TKey>(this);
+        public IColumnsWriteBatch<TKey> StartWriteBatch() => new AtomicColumnsWriteBatch(this);
 
         public IColumnDbSnapshot<TKey> CreateSnapshot()
         {
+            using Lock.Scope _ = _atomicityLock.EnterScope();
             Dictionary<TKey, IKeyValueStoreSnapshot> snapshots = new();
             foreach (KeyValuePair<TKey, SnapshotableMemDb> kvp in _columnDbs)
             {
@@ -67,6 +79,26 @@ public IColumnDbSnapshot<TKey> CreateSnapshot()
             return new ColumnSnapshot(snapshots);
         }
 
+        /// <summary>
+        /// Wraps <see cref="InMemoryColumnWriteBatch{TKey}"/> so the per-column commit phase
+        /// happens under the columns DB's write lock, making the multi-column commit atomic
+        /// w.r.t. <see cref="CreateSnapshot"/>.
+        /// </summary>
+        private sealed class AtomicColumnsWriteBatch(SnapshotableMemColumnsDb<TKey> db) : IColumnsWriteBatch<TKey>
+        {
+            private readonly InMemoryColumnWriteBatch<TKey> _inner = new(db);
+
+            public IWriteBatch GetColumnBatch(TKey key) => _inner.GetColumnBatch(key);
+
+            public void Clear() => _inner.Clear();
+
+            public void Dispose()
+            {
+                using Lock.Scope _ = db._atomicityLock.EnterScope();
+                _inner.Dispose();
+            }
+        }
+
         public void Dispose()
         {
             foreach (SnapshotableMemDb db in _columnDbs.Values)
