Skip to content

STOR-5107: Make process wide SQLite memory limits configurable#6597

Open
joshthoward wants to merge 2 commits intomainfrom
jhoward/STOR-5107
Open

STOR-5107: Make process wide SQLite memory limits configurable#6597
joshthoward wants to merge 2 commits intomainfrom
jhoward/STOR-5107

Conversation

@joshthoward
Copy link
Copy Markdown
Contributor

No description provided.

Copy link
Copy Markdown
Contributor

@ask-bonk ask-bonk Bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I'm Bonk, and I've done a quick review of your PR.

This PR makes the SQLite process-wide hard heap limit configurable by adding a sqliteMaxMemoryPerProcessBytes parameter to the SqliteDatabase constructor, replacing the previous autogate-driven logic.

I found two bugs and one cleanup item, ranked by severity:

  1. [High] Uninitialized member readsqliteMaxMemoryPerProcessBytes is added as a member field and a constructor parameter, but is not initialized in the member initializer list (line 578-583 of sqlite.c++). It is then read in setupSecurity() via the static bool doOnce lambda during init(), which is called from the constructor body. This is a read of an indeterminate value. Fix: add sqliteMaxMemoryPerProcessBytes(sqliteMaxMemoryPerProcessBytes), to the initializer list after sqliteMaxMemoryBytes(sqliteMaxMemoryBytes),.

  2. [Medium] [&] capture on static local is a latent hazard — The lambda was changed from []() (captureless) to [&](). Since static locals initialize exactly once this works, but [&] captures this by reference — that reference is dangling after the first constructor returns. Any future refactor that re-invokes this code path would hit UB. Prefer [sqliteMaxMemoryPerProcessBytes]() (capture by value).

  3. [Low] Dead autogateINCREASE_SQLITE_HARD_HEAP_LIMIT in autogate.h / autogate.c++ is no longer referenced. Consider cleaning it up in this PR or a follow-up.

See inline comments for suggested fixes.

Comment thread src/workerd/util/sqlite.c++
Comment thread src/workerd/util/sqlite.c++
@ask-bonk
Copy link
Copy Markdown
Contributor

ask-bonk Bot commented Apr 16, 2026

The review was posted successfully. Here's a summary of what I found:

3 issues on PR #6597, ranked by severity:

  1. [High] Uninitialized member readsqliteMaxMemoryPerProcessBytes is added as a constructor parameter and member field but is missing from the member initializer list in sqlite.c++:578-583. It's read via setupSecurity() during init() on the very next line, meaning the process-wide SQLite hard heap limit gets set to an indeterminate value.

  2. [Medium] [&] capture on static local — The doOnce lambda was changed from captureless []() to [&](). While static initialization only runs once so this works in practice, the captured this reference becomes dangling after the constructor returns. A by-value capture [sqliteMaxMemoryPerProcessBytes]() is safer.

  3. [Low] Dead autogateINCREASE_SQLITE_HARD_HEAP_LIMIT in autogate.h/autogate.c++ is no longer used after this change and should be cleaned up.

github run

@codspeed-hq
Copy link
Copy Markdown

codspeed-hq Bot commented Apr 16, 2026

Merging this PR will improve performance by 39.34%

⚠️ Different runtime environments detected

Some benchmarks with significant performance changes were compared across different runtime environments,
which may affect the accuracy of the results.

Open the report in CodSpeed to investigate

⚡ 1 improved benchmark
✅ 71 untouched benchmarks
⏩ 129 skipped benchmarks1

Performance Changes

Benchmark BASE HEAD Efficiency
simpleStringBody[Response] 27.2 µs 19.5 µs +39.34%

Comparing jhoward/STOR-5107 (22a7b58) with main (22c1ca0)

Open in CodSpeed

Footnotes

  1. 129 benchmarks were skipped, so the baseline results were used instead. If they were deleted from the codebase, click here and archive them to remove them from the performance reports.

@joshthoward joshthoward marked this pull request as ready for review April 17, 2026 19:52
@joshthoward joshthoward requested review from a team as code owners April 17, 2026 19:52
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant