Add Deep Database Style#4925
Merged
Merged
Conversation
Replaces SPACETIME_PROGRAMMING_STANDARDS.md with DEEP_CORE_STYLE.md. The document is reorganized around seven principles for the core (datastore, commitlog, snapshotting, replication): 1. Work towards zero dependencies 2. Work towards deterministic simulation testing 3. Work towards thread-per-core 4. Work towards no_std 5. Think in terms of persistent data structures 6. Think in terms of pipelining 7. Think in terms of unreliable processes A short style section follows the principles, covering assertions, bounded loops and queues, error handling, control flow, naming, and formatting.
aasoni
approved these changes
May 7, 2026
Centril
reviewed
May 7, 2026
Centril
reviewed
May 7, 2026
Centril
reviewed
May 7, 2026
Centril
reviewed
May 7, 2026
Centril
reviewed
May 7, 2026
Centril
reviewed
May 7, 2026
Centril
reviewed
May 7, 2026
- Rename DEEP_CORE_STYLE.md to DEEP_DATABASE_STYLE.md and retitle to "Deep Database Style". The "deep core" remains the term we use for the core of the database inside the document. - §4 (no_std): note that an allocator-trait-based, per-resource-type approach is the natural Rust expression, and that the resulting intrusion in the datastore is expected, not a cost to avoid. - §5 (persistent data structures): clarify the principle is about the externally observable behavior of the system, not a ban on mutable internals. Components may still use mutable, non-persistent structures internally. - §7 (unreliable processes): make corruption explicit, including cosmic rays and ordinary hardware faults; tie back to Merkle structures from §5. - Style/Control flow: drop the parts I do not feel strongly about (compound-condition splitting, positive invariant phrasing); keep and expand the macros guidance. - Style/Comments: allow short what-summaries for genuinely complex logic, while still warning about drift between comments and code.
Two additions to DEEP_DATABASE_STYLE.md. Principle 8: Think in terms of assertions. Type systems prove a class of properties at compile time; assertions extend that proof system to properties the compiler cannot express, and combined with principle 2 they cover the rest. Assertion failures are programmer errors and the only correct response is to crash. The principle adds two rules that follow from "assertions are always on": - Use assert!, not debug_assert!. Stripping the check in release reduces an assertion to a comment that runs sometimes, which defeats the point. A failing assertion in production tells us our model was wrong, and production is exactly where we want to know. - Isolate before you assert. An assertion failure must crash only the smallest unit of correctness it bounds. An assertion in code that handles one database's transaction takes down that database's worker, not every database hosted on the same process. Without isolation, "panic on assertion failure" is strictly worse than not asserting. Per-tenant thread plus catch_unwind is one realization; OS process per tenant is another. The existing Style/Assertions sub-section becomes the mechanics that put principle 8 into practice (preconditions, paired checks, positive/negative space, splitting, compile-time assertions). Style addition: "Use explicit integer sizes; never usize." `usize` and `isize` are pointer-width and break cross-target determinism (principle 2). The rule and its rationale come from operating experience with our wasm + native split. Intro updated to "eight principles."
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
4 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
Adds
docs/DEEP_DATABASE_STYLE.md, a style guide for the deep core of the SpacetimeDB database (datastore, commitlog, snapshotting, replication).Read the rendered document
The document is organized around seven principles:
no_stdA short style section follows the principles, covering assertions, bounded loops and queues, error handling, control flow, naming, and formatting. Inspired by TIGER STYLE, narrowed and adapted for Rust and our principles.
This is a seed document. It will grow as we make the principles operational in code and as the practices that serve them become clearer with use.
Test plan