Merge pull request #11125 from dolthub/aaron/nbs-try-lock-on-read-only-optimization

go/{store/nbs,dbfactory,env}: Add functionality to fast-fail fslock, instead of serially waiting 100ms per DB load, when we already have some ReadOnly databases in the MultiRepoEnv.

Author: reltuk

go/cmd/dolt/dolt.go

@@ -753,11 +753,22 @@ If you're interested in running this command against a remote host, hit us up on
 		// repositories in our MultiEnv are ReadOnly. This includes the
 		// case where there are no repositories in our MultiEnv
 		var allReposAreReadOnly bool = true
+		var anyIsReadOnly bool = false
 		err = mrEnv.Iter(func(name string, dEnv *env.DoltEnv) (stop bool, err error) {
+			if anyIsReadOnly {
+				if dEnv.DBLoadParams == nil {
+					dEnv.DBLoadParams = map[string]any{dbfactory.SkipJournalLockTimeoutParam: true}
+				} else {
+					dEnv.DBLoadParams[dbfactory.SkipJournalLockTimeoutParam] = true
+				}
+			}
 			readOnly, err := dEnv.IsAccessModeReadOnly(ctx)
 			if err != nil {
 				return true, fmt.Errorf("Failed to load database %s due to error: %w", name, err)
 			}
+			if readOnly {
+				anyIsReadOnly = true
+			}
 
 			allReposAreReadOnly = allReposAreReadOnly && readOnly
 

go/libraries/doltcore/dbfactory/file.go

@@ -71,6 +71,11 @@ const (
 	//
 	// Intended for embedded-driver usage so higher layers can implement their own retry/backoff policy.
 	FailOnJournalLockTimeoutParam = "fail_on_journal_lock_timeout"
+
+	// Immediatly proceed with opening the database or failing the open (based on FailOnJournalLockTimeoutParam) as
+	// soon as a non-blocking fslock call indicates that the LOCK is unavailable. Do not spend a short timeout
+	// waiting for it to become available.
+	SkipJournalLockTimeoutParam = "skip_journal_lock_timeout"
 )
 
 // DoltDataDir is the directory where noms files will be stored
@@ -209,6 +214,9 @@ func (fact FileFactory) CreateDbNoCache(ctx context.Context, nbf *types.NomsBinF
 			if _, ok := params[FailOnJournalLockTimeoutParam]; ok {
 				opts.FailOnLockTimeout = true
 			}
+			if _, ok := params[SkipJournalLockTimeoutParam]; ok {
+				opts.SkipLockFileTimeout = true
+			}
 		}
 		newGenSt, err = nbs.NewLocalJournalingStoreWithOptions(ctx, nbf.VersionString(), path, q, mmapArchiveIndexes, recCb, opts)
 	} else {

go/libraries/doltcore/env/multi_repo_env.go

@@ -197,6 +197,13 @@ func multiEnvForConfigDirectoryEnv(ctx context.Context, config config.ReadWriteC
 				logrus.Warnf("failed to load database with error: %s", dbErr.Error())
 			}
 		}
+		if skipLockTimeout, err := dEnv.IsAccessModeReadOnly(ctx); err == nil && skipLockTimeout {
+			if dbLoadParams == nil {
+				dbLoadParams = map[string]any{dbfactory.SkipJournalLockTimeoutParam: true}
+			} else {
+				dbLoadParams[dbfactory.SkipJournalLockTimeoutParam] = true
+			}
+		}
 		envSet[dbName] = dEnv
 		openedEnvs = append(openedEnvs, dEnv)
 	}
@@ -266,9 +273,16 @@ func multiEnvForConfigDirectoryEnv(ctx context.Context, config config.ReadWriteC
 }
 
 func (mrEnv *MultiRepoEnv) ReloadDBs(ctx context.Context) {
+	anyIsReadOnly := false
 	for _, namedEnv := range mrEnv.envs {
 		dEnv := namedEnv.env
-
+		if anyIsReadOnly {
+			if dEnv.DBLoadParams == nil {
+				dEnv.DBLoadParams = map[string]any{dbfactory.SkipJournalLockTimeoutParam: true}
+			} else {
+				dEnv.DBLoadParams[dbfactory.SkipJournalLockTimeoutParam] = true
+			}
+		}
 		if dEnv.doltDB == nil {
 			LoadDoltDB(ctx, dEnv)
 		}
@@ -286,6 +300,10 @@ func (mrEnv *MultiRepoEnv) ReloadDBs(ctx context.Context) {
 			if cfgErr != nil {
 				logrus.Warnf("failed to load database configuration at %s with error: %s", dEnv.urlStr, cfgErr.Error())
 			}
+		} else if !anyIsReadOnly {
+			if isReadOnly, err := dEnv.IsAccessModeReadOnly(ctx); err == nil && isReadOnly {
+				anyIsReadOnly = true
+			}
 		}
 	}
 }

go/store/nbs/journal.go

@@ -608,11 +608,19 @@ func (c journalConjoiner) chooseConjoinees(upstream []tableSpec) (conjoinees []t
 	return c.child.chooseConjoinees(pruned)
 }
 
-func newJournalLock(dir string, failOnTimeout bool) (*fslock.Lock, chunks.ExclusiveAccessMode, error) {
+func newJournalLock(dir string, timeout time.Duration, failOnTimeout bool) (*fslock.Lock, chunks.ExclusiveAccessMode, error) {
 	lock := fslock.New(filepath.Join(dir, lockFileName))
 	// try to take the file lock. if we fail, make the manifest read-only.
 	// if we succeed, hold the file lock until we close the journalManifest
-	err := lock.LockWithTimeout(lockFileTimeout)
+	var err error
+	if timeout == 0 {
+		err = lock.TryLock()
+		if errors.Is(err, fslock.ErrLocked) {
+			err = fslock.ErrTimeout
+		}
+	} else {
+		err = lock.LockWithTimeout(timeout)
+	}
 	if errors.Is(err, fslock.ErrTimeout) {
 		if failOnTimeout {
 			return nil, chunks.ExclusiveAccessMode_ReadOnly, ErrDatabaseLocked

go/store/nbs/journal_test.go

@@ -37,7 +37,7 @@ func makeTestChunkJournal(t *testing.T) *ChunkJournal {
 	dir, err := os.MkdirTemp("", "")
 	require.NoError(t, err)
 	t.Cleanup(func() { file.RemoveAll(dir) })
-	l, _, err := newJournalLock(dir, false)
+	l, _, err := newJournalLock(dir, lockFileTimeout, false)
 	require.NoError(t, err)
 	m, err := newJournalManifest(ctx, dir, l)
 	require.NoError(t, err)
@@ -54,7 +54,7 @@ func makeTestChunkJournal(t *testing.T) *ChunkJournal {
 }
 
 func openTestChunkJournal(t *testing.T, dir string) *ChunkJournal {
-	l, _, err := newJournalLock(dir, false)
+	l, _, err := newJournalLock(dir, lockFileTimeout, false)
 	require.NoError(t, err)
 	m, err := newJournalManifest(t.Context(), dir, l)
 	require.NoError(t, err)
@@ -111,7 +111,7 @@ func TestChunkJournalReadOnly(t *testing.T) {
 		rw := makeTestChunkJournal(t)
 		assert.Equal(t, chunks.ExclusiveAccessMode(chunks.ExclusiveAccessMode_Exclusive), rw.AccessMode())
 
-		_, _, err := newJournalLock(rw.backing.dir, true)
+		_, _, err := newJournalLock(rw.backing.dir, lockFileTimeout, true)
 		require.ErrorIs(t, err, ErrDatabaseLocked)
 	})
 }

go/store/nbs/store.go

@@ -791,14 +791,24 @@ type JournalingStoreOptions struct {
 	// FailOnLockTimeout returns an error if the exclusive journal manifest lock cannot be acquired
 	// within Dolt's internal lock timeout, instead of falling back to opening in read-only mode.
 	FailOnLockTimeout bool
+
+	// If true, instead of waiting a short time to try to acquire the lock, proceed immediately
+	// as soon as the lock acquire has failed. This is useful to Dolt if some databases have
+	// already been loaded in ExclusiveAccessMode_ReadOnly and there is no real reason to wait
+	// around trying to get Exclusive mode if you fail on the first non-blocking flock call.
+	SkipLockFileTimeout bool
 }
 
 func NewLocalJournalingStoreWithOptions(ctx context.Context, nbfVers, dir string, q MemoryQuotaProvider, mmapArchiveIndexes bool, warningsCb func(error), opts JournalingStoreOptions) (*NomsBlockStore, error) {
 	if err := checkDir(dir); err != nil {
 		return nil, err
 	}
 
-	lock, staticAccessMode, err := newJournalLock(dir, opts.FailOnLockTimeout)
+	timeout := lockFileTimeout
+	if opts.SkipLockFileTimeout {
+		timeout = 0
+	}
+	lock, staticAccessMode, err := newJournalLock(dir, timeout, opts.FailOnLockTimeout)
 	if err != nil {
 		return nil, err
 	}

integration-tests/bats/stats.bats

@@ -476,53 +476,76 @@ EOF
 }
 
 @test "stats: worker thread quiesces and then runs again on new writes" {
-    get_stats_time() {
-        dolt sql -r csv -q 'call dolt_stats_info()' | tail -n 1 | sed -e 's|.*lastUpdate"":""||' -e 's|""}"$||'
+    # genCnt goes up once every time stats is swapped.
+    get_stats_gen() {
+        dolt sql -r csv -q 'call dolt_stats_info()' | tail -n 1 | sed -e 's|.*genCnt"":||' -e 's|,.*||'
     }
-    newtime=
-    wait_for_new_time() {
-        # We don't use dolt_stats_wait here, because that would
-	# trigger a stats run on its own. Here we want to assert
-	# that an incoming write triggered the run.
-        cnt=0
-        while [[ "$newtime" == "$origtime" ]]; do
-	    newtime=$(get_stats_time)
-            if [ "$cnt" -eq 8 ]; then
-                echo "took too long to run stats after a write" 1>&2
-                exit 1
+
+    # Poll until the generation counter holds steady, i.e. the worker has
+    # stopped running. Fails if it keeps advancing, which is what a
+    # non-quiescing worker would do.
+    wait_for_quiesced() {
+        local prev cur stable
+        prev=$(get_stats_gen)
+        stable=0
+        for _ in $(seq 1 20); do
+            sleep 0.2
+            cur=$(get_stats_gen)
+            if [[ "$cur" == "$prev" ]]; then
+                stable=$((stable+1))
+                if [[ "$stable" -ge 5 ]]; then
+                    return 0
+                fi
+            else
+                stable=0
             fi
-	    sleep 1
-	done
+            prev=$cur
+        done
+        echo "stats worker never quiesced; generation still advancing (last=$cur)"
+        return 1
     }
-    wait_for_quiesced() {
-        dolt sql -q 'call dolt_stats_wait();'
-        origtime=$(get_stats_time)
-        cnt=0
-        while [[ ! "$cnt" -eq 8 ]]; do
-            newtime=$(get_stats_time)
-            [[ "$newtime" == "$origtime" ]] || false
-            cnt=$((cnt+1))
+
+    # Assert a trigger made the worker run, then quiesce, a small finite
+    # number of times. $1 is the generation before the trigger.
+    assert_ran_and_quiesced() {
+        local base=$1 cur delta
+        # First confirm the trigger actually woke the worker.
+        for _ in $(seq 1 20); do
+            cur=$(get_stats_gen)
+            [[ "$cur" != "$base" ]] && break
+            sleep 0.2
         done
+        if [[ "$cur" == "$base" ]]; then
+            echo "stats did not run after a write; generation stuck at $base"
+            return 1
+        fi
+        # Then confirm it stops, after only a few runs.
+        wait_for_quiesced
+        cur=$(get_stats_gen)
+        delta=$((cur - base))
+        if [[ "$delta" -gt 6 ]]; then
+            echo "stats ran more times than expected for one change ($base -> $cur)"
+            return 1
+        fi
     }
 
     start_sql_server
 
     # After it runs, stats quiesces until a new write.
     wait_for_quiesced
+    base=$(get_stats_gen)
 
     # Doing a write makes it run again
     dolt sql -q 'create table vals (id int primary key)'
-    wait_for_new_time
-
-    wait_for_quiesced
+    assert_ran_and_quiesced "$base"
+    base=$(get_stats_gen)
 
     # Creating a new database makes it run again
     dolt sql -q 'create database newdb'
-    wait_for_new_time
-
-    wait_for_quiesced
+    assert_ran_and_quiesced "$base"
+    base=$(get_stats_gen)
 
     # Writing against the new database makes it run again
     dolt sql -q 'create table `newdb`.`newtable` (id int primary key)'
-    wait_for_new_time
+    assert_ran_and_quiesced "$base"
 }

integration-tests/go-sql-server-driver/read_only_db_lock_timeout_test.go

@@ -0,0 +1,125 @@
+// Copyright 2026 Dolthub, Inc.
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//     http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+package main
+
+import (
+	"fmt"
+	"testing"
+	"time"
+
+	"github.com/stretchr/testify/require"
+
+	driver "github.com/dolthub/dolt/go/libraries/doltcore/dtestutils/sql_server_driver"
+)
+
+// This test asserts the behavior of the fast-fail file-lock optimization for
+// dolt CLI commands which run against a data dir while a `dolt sql-server` is
+// running in that data dir.
+//
+// When opening a directory of databases, we don't want to wait for the
+// lock-acquire timeout once we've failed to get one.
+//
+// This test creates many databases and runs a server in the data dir. It then
+// spawns a CLI command in the data dir root and times it. The command must
+// finish well under the un-optimized cost, which is ~N * 100ms.
+
+const (
+	// perDatabaseLockTimeout mirrors lockFileTimeout in nbs/journal.go
+	perDatabaseLockTimeout = 100 * time.Millisecond
+
+	// numReadOnlyDatabases is chosen large enough that the un-optimized,
+	// serial lock-wait cost is unmistakably larger than the optimized cost
+	numReadOnlyDatabases = 32
+
+	// We will try up to this many times to see good behavior. If we have
+	// lots of scheduling contention, we can still be slow enough that we
+	// think we are waiting on the lock files but we are actually just
+	// running slowly.
+	maxTrials = 3
+)
+
+// makeEmptyDatabases creates n freshly initialized, empty databases as
+// subdirectories of the data dir root |rs|. Empty databases still need
+// locking, and so meet our use case.
+func makeEmptyDatabases(t *testing.T, rs driver.RepoStore, n int) {
+	for i := 0; i < n; i++ {
+		_, err := rs.MakeRepo(fmt.Sprintf("db_%02d", i))
+		require.NoError(t, err)
+	}
+}
+
+// timeShowDatabases runs `dolt sql -q "show databases"` from the data dir root
+// |rs| up to maxTrials times, returning the best time seen. If the time is
+// ever < maxAcceptable, it returns that immediately.
+func timeShowDatabases(t *testing.T, rs driver.RepoStore, maxAcceptable time.Duration) time.Duration {
+	var best time.Duration
+	for trial := 0; trial < maxTrials; trial++ {
+		cmd := rs.DoltCmd("sql", "-q", "show databases")
+		start := time.Now()
+		out, err := cmd.CombinedOutput()
+		elapsed := time.Since(start)
+		require.NoError(t, err, "show databases failed, output:\n%s", string(out))
+		require.Regexp(t, "db_00", string(out))
+		if trial == 0 || elapsed < best {
+			best = elapsed
+		}
+		if best < maxAcceptable {
+			// We take the very first run. Serially waiting for
+			// the timeouts would have definitely taken longer
+			// than this.
+			return best
+		}
+	}
+	return best
+}
+
+// TestReadOnlyDatabaseLoadSkipsLockTimeout asserts that loading many read-only
+// databases behind a running sql-server does not serially pay the file-lock
+// timeout for every database.
+func TestReadOnlyDatabaseLoadSkipsLockTimeout(t *testing.T) {
+	// No Parallel because it's just a bit sensitive to wall-clock time.
+	u, err := driver.NewDoltUser()
+	require.NoError(t, err)
+	t.Cleanup(func() {
+		u.Cleanup()
+	})
+
+	rs, err := u.MakeRepoStore()
+	require.NoError(t, err)
+	makeEmptyDatabases(t, rs, numReadOnlyDatabases)
+
+	// Start a sql-server in the data dir root. It holds the file lock on every
+	// database, forcing the CLI below to open them all read-only. The helper
+	// blocks until the server is up and serving, so server startup time is not
+	// included in the measurement below.
+	var ports DynamicResources
+	ports.global = &GlobalPorts
+	ports.t = t
+	RunServerUntilEndOfTest(t, rs, &driver.Server{
+		Args:        []string{"--port", `{{get_port "server"}}`},
+		DynamicPort: "server",
+	}, &ports)
+
+	unoptimizedCost := numReadOnlyDatabases * perDatabaseLockTimeout
+	maxAcceptable := unoptimizedCost / 2
+
+	best := timeShowDatabases(t, rs, maxAcceptable)
+
+	require.Lessf(t, best, maxAcceptable,
+		"loading %d read-only databases behind a running sql-server took %s; "+
+			"without the fast-fail lock optimization this would have taken about "+
+			"%s (%d serial %s file-lock waits)",
+		numReadOnlyDatabases, best, unoptimizedCost, numReadOnlyDatabases, perDatabaseLockTimeout)
+}