STOR-5107: Make process wide SQLite memory limits configurable

[joshthoward]

No description provided.

[ask-bonk]

I'm Bonk, and I've done a quick review of your PR.

This PR makes the SQLite process-wide hard heap limit configurable by adding a sqliteMaxMemoryPerProcessBytes parameter to the SqliteDatabase constructor, replacing the previous autogate-driven logic.

I found two bugs and one cleanup item, ranked by severity:

1. [High] Uninitialized member read — sqliteMaxMemoryPerProcessBytes is added as a member field and a constructor parameter, but is not initialized in the member initializer list (line 578-583 of sqlite.c++). It is then read in setupSecurity() via the static bool doOnce lambda during init(), which is called from the constructor body. This is a read of an indeterminate value. Fix: add sqliteMaxMemoryPerProcessBytes(sqliteMaxMemoryPerProcessBytes), to the initializer list after sqliteMaxMemoryBytes(sqliteMaxMemoryBytes),.

2. [Medium] [&] capture on static local is a latent hazard — The lambda was changed from []() (captureless) to [&](). Since static locals initialize exactly once this works, but [&] captures this by reference — that reference is dangling after the first constructor returns. Any future refactor that re-invokes this code path would hit UB. Prefer [sqliteMaxMemoryPerProcessBytes]() (capture by value).

3. [Low] Dead autogate — INCREASE_SQLITE_HARD_HEAP_LIMIT in autogate.h / autogate.c++ is no longer referenced. Consider cleaning it up in this PR or a follow-up.

See inline comments for suggested fixes.

[ask-bonk]

The review was posted successfully. Here's a summary of what I found:

3 issues on PR #6597, ranked by severity:

1. [High] Uninitialized member read — sqliteMaxMemoryPerProcessBytes is added as a constructor parameter and member field but is missing from the member initializer list in sqlite.c++:578-583. It's read via setupSecurity() during init() on the very next line, meaning the process-wide SQLite hard heap limit gets set to an indeterminate value.

2. [Medium] [&] capture on static local — The doOnce lambda was changed from captureless []() to [&](). While static initialization only runs once so this works in practice, the captured this reference becomes dangling after the constructor returns. A by-value capture [sqliteMaxMemoryPerProcessBytes]() is safer.

3. [Low] Dead autogate — INCREASE_SQLITE_HARD_HEAP_LIMIT in autogate.h/autogate.c++ is no longer used after this change and should be cleaned up.

github run

[codspeed-hq]

Merging this PR will improve performance by 39.34%

⚠️ Different runtime environments detected

Some benchmarks with significant performance changes were compared across different runtime environments,
which may affect the accuracy of the results.

Open the report in CodSpeed to investigate

⚡ 1 improved benchmark
✅ 71 untouched benchmarks
⏩ 129 skipped benchmarks¹

Performance Changes

	Benchmark	BASE	HEAD	Efficiency
⚡	simpleStringBody[Response]	27.2 µs	19.5 µs	+39.34%

---

_{Comparing jhoward/STOR-5107 (22a7b58) with main (22c1ca0)}

Footnotes

1. 129 benchmarks were skipped, so the baseline results were used instead. If they were deleted from the codebase, click here and archive them to remove them from the performance reports. ↩