1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
// SPDX-License-Identifier: Apache-2.0
// Copyright (c) 2024-present, fjall-rs
// Copyright (c) 2026-present, Structured World Foundation
use crate::{
MAX_SEQNO, SeqNo, SharedSequenceNumberGenerator,
comparator::SharedComparator,
fs::{Fs, SyncMode},
memtable::Memtable,
tree::sealed::SealedMemtables,
version::{Version, VersionId, edit_log, persist_version},
};
/// Removes `path`, treating an already-absent file as success — a prior crash
/// (or a racing rotation) may have removed it already.
fn remove_if_present(fs: &dyn Fs, path: &Path) -> crate::Result<()> {
match fs.remove_file(path) {
Ok(()) => Ok(()),
Err(e) if e.kind() == crate::io::ErrorKind::NotFound => Ok(()),
Err(e) => Err(e.into()),
}
}
use alloc::collections::VecDeque;
use alloc::sync::Arc;
#[cfg(not(feature = "std"))]
use alloc::vec::Vec;
#[cfg(feature = "std")]
use arc_swap::ArcSwap;
use crate::path::Path;
/// A super version is a point-in-time snapshot of memtables and a [`Version`] (list of disk files)
#[derive(Clone)]
pub struct SuperVersion {
/// Active memtable that is being written to
#[doc(hidden)]
pub active_memtable: Arc<Memtable>,
/// Frozen memtables that are being flushed
pub(crate) sealed_memtables: Arc<SealedMemtables>,
/// Current tree version
pub(crate) version: Version,
pub(crate) seqno: SeqNo,
}
pub struct SuperVersions {
versions: VecDeque<SuperVersion>,
/// Stable comparator identity persisted in every version file.
comparator_name: Arc<str>,
/// Durability level (`Config::sync_mode`) applied to every manifest /
/// version persist this history performs. Immutable for the tree's life.
sync_mode: SyncMode,
/// Version id of the on-disk snapshot the `CURRENT` pointer references. Each
/// version upgrade appends a [`VersionEdit`](crate::version::edit::VersionEdit)
/// to the log `edits-{snapshot_id}` instead of rewriting the whole manifest;
/// once that log grows past [`Self::log_rotate_bytes`] the next upgrade
/// rotates — writes a fresh snapshot, repoints `CURRENT`, starts an empty
/// log — and this id advances to the new snapshot's.
snapshot_id: VersionId,
/// Edit-log size (bytes) past which the next upgrade rotates instead of
/// appending (`Config::manifest_log_rotate_bytes`, default 1 MiB). Immutable
/// for the tree's life.
log_rotate_bytes: u64,
/// Lock-free mirror of the latest (back) `SuperVersion`, shared with the
/// `Tree` so a point read at `MAX_SEQNO` can load the current snapshot
/// without taking the history `RwLock` or cloning the deque entry. Kept
/// in sync under the same write lock at every site that changes the back
/// (construction, [`append_version`](Self::append_version),
/// [`replace_latest_version`](Self::replace_latest_version)). Recent
/// inserts remain visible through it because they mutate the shared
/// `active_memtable` behind a stable `Arc` — the back only changes on
/// flush / compaction.
///
/// `std`-only: `arc-swap` is not `#![no_std]`. A no-std build (where
/// `SuperVersions` is already std-bound for other reasons) simply does
/// without the lock-free mirror.
#[cfg(feature = "std")]
latest: Arc<ArcSwap<SuperVersion>>,
}
impl SuperVersions {
/// Builds the in-memory version history. `snapshot_id` is the version id of
/// the on-disk snapshot `CURRENT` points at — `version.id()` on a fresh
/// create (the first persist writes that snapshot), or the recovered
/// snapshot id on open (which may be `< version.id()` when edits were
/// replayed on top of it).
pub fn new(
version: Version,
comparator: &SharedComparator,
sync_mode: SyncMode,
snapshot_id: VersionId,
log_rotate_bytes: u64,
) -> Self {
let comparator_name: Arc<str> = comparator.name().into();
let initial = SuperVersion {
active_memtable: Arc::new(Memtable::new(0, comparator.clone())),
sealed_memtables: Arc::default(),
version,
seqno: 0,
};
Self {
#[cfg(feature = "std")]
latest: Arc::new(ArcSwap::from_pointee(initial.clone())),
versions: vec![initial].into(),
comparator_name,
sync_mode,
snapshot_id,
log_rotate_bytes,
}
}
pub fn memtable_size_sum(&self) -> u64 {
let mut set = crate::HashMap::default();
for super_version in &self.versions {
set.entry(super_version.active_memtable.id)
.and_modify(|bytes| *bytes += super_version.active_memtable.size())
.or_insert_with(|| super_version.active_memtable.size());
for sealed in super_version.sealed_memtables.iter() {
set.entry(sealed.id)
.and_modify(|bytes| *bytes += sealed.size())
.or_insert_with(|| sealed.size());
}
}
set.into_values().sum()
}
pub fn len(&self) -> usize {
self.versions.len()
}
pub fn free_list_len(&self) -> usize {
// Clamp-to-zero: the live version is excluded from the free list, so an
// empty history yields a zero-length free list rather than underflowing.
self.len().saturating_sub(1)
}
pub fn maintenance(
&mut self,
folder: &Path,
gc_watermark: SeqNo,
fs: &dyn Fs,
) -> crate::Result<()> {
if gc_watermark == 0 {
return Ok(());
}
if self.free_list_len() < 1 {
return Ok(());
}
log::trace!("Running manifest GC with watermark={gc_watermark}");
if let Some(hi_idx) = self.versions.iter().rposition(|x| x.seqno < gc_watermark) {
for _ in 0..hi_idx {
let Some(head) = self.versions.front() else {
break;
};
let evicted_id = head.version.id();
log::trace!("Removing version #{evicted_id} (seqno={})", head.seqno);
// Under the incremental manifest only the CURRENT snapshot has a
// `v{id}` file on disk; intermediate versions live in the edit
// log and have no file (so removing them is a no-op NotFound).
// The snapshot file must NOT be removed here even when its
// in-memory version is evicted from the history — `CURRENT` still
// points at it and the log layers on top. Its lifecycle belongs
// to rotation (which writes the next snapshot and deletes the old
// one only after `CURRENT` is repointed).
if evicted_id != self.snapshot_id {
let path = folder.join(format!("v{evicted_id}"));
match fs.remove_file(&path) {
Ok(()) => {}
Err(e) if e.kind() == crate::io::ErrorKind::NotFound => {}
Err(e) => return Err(e.into()),
}
}
self.versions.pop_front();
}
}
log::trace!(
"Manifest GC done, version length now {}",
self.versions.len()
);
Ok(())
}
/// Drops every retained version except the latest from the in-memory
/// history.
///
/// Used by [`AbstractTree::clear`](crate::AbstractTree::clear): the new
/// (latest) version is empty and every prior version's tables / blob files
/// were just marked deleted, so releasing the history's hold lets
/// [`Inner::Drop`](crate::table::Table) reclaim their files once any
/// concurrent reader's own snapshot clone is released (MVCC-safe — a reader
/// keeps its clone alive, deferring deletion until it finishes). The
/// on-disk manifest already reflects the latest version (persisted by the
/// preceding `upgrade_version`); intermediate in-memory versions carry no
/// `v{id}` snapshot file, so there is nothing to unlink here.
pub(crate) fn drain_obsolete_to_latest(&mut self) {
while self.versions.len() > 1 {
self.versions.pop_front();
}
}
/// Modifies the level manifest atomically.
///
/// The function accepts a transition function that receives the current version
/// and returns a new version.
///
/// The function takes care of persisting the version changes on disk.
// Takes &SharedSequenceNumberGenerator (not &dyn SequenceNumberGenerator)
// because Config stores Arc<dyn ...> and all callers already have that type.
#[expect(
clippy::too_many_arguments,
reason = "version upgrade threads tree_path, mutator closure, two seqno gens, fs, \
runtime, encryption — every parameter is load-bearing per the \
manifest-persist contract"
)]
pub(crate) fn upgrade_version<F: FnOnce(&SuperVersion) -> crate::Result<SuperVersion>>(
&mut self,
tree_path: &Path,
f: F,
seqno: &SharedSequenceNumberGenerator,
visible_seqno: &SharedSequenceNumberGenerator,
fs: &dyn Fs,
runtime: Arc<crate::runtime_config::RuntimeConfig>,
encryption: Option<Arc<dyn crate::encryption::EncryptionProvider>>,
) -> crate::Result<()> {
self.upgrade_version_with_seqno(
tree_path,
f,
seqno.next(),
visible_seqno,
fs,
runtime,
encryption,
)
}
/// Like `upgrade_version`, but takes an already-allocated sequence number.
///
/// This is useful when the seqno must be coordinated with other operations
/// (e.g., bulk ingestion where tables are recovered with the same seqno).
#[expect(
clippy::too_many_arguments,
reason = "version upgrade with pre-allocated seqno: tree_path, mutator, seqno, \
visible_seqno, fs, runtime, encryption — same load-bearing surface as \
the auto-allocating sibling above"
)]
pub(crate) fn upgrade_version_with_seqno<
F: FnOnce(&SuperVersion) -> crate::Result<SuperVersion>,
>(
&mut self,
tree_path: &Path,
f: F,
seqno: SeqNo,
visible_seqno: &SharedSequenceNumberGenerator,
fs: &dyn Fs,
runtime: Arc<crate::runtime_config::RuntimeConfig>,
encryption: Option<Arc<dyn crate::encryption::EncryptionProvider>>,
) -> crate::Result<()> {
let prior = self.latest_version();
let mut next_version = f(&prior)?;
next_version.seqno = seqno;
log::trace!("Next version seqno={}", next_version.seqno);
self.persist_change(
tree_path,
&prior.version,
&next_version.version,
fs,
runtime,
encryption,
)?;
self.append_version(next_version);
// Clamp to stay below the reserved MSB range.
let next_visible = seqno.saturating_add(1).min(MAX_SEQNO);
visible_seqno.fetch_max(next_visible);
Ok(())
}
/// Persists the transition from `prior` to `next` to disk, durably, the
/// incremental way: append one [`VersionEdit`](crate::version::edit::VersionEdit)
/// to the current snapshot's log (the common, O(changed-levels) path), or
/// rotate when that log has grown past [`Self::log_rotate_bytes`].
///
/// Rotation writes a fresh full snapshot for `next`, fsyncs it, and atomically
/// repoints `CURRENT` (all inside [`persist_version`]); only after `CURRENT`
/// commits does it delete the previous snapshot file and its log. Crash points:
/// before the `CURRENT` switch, `CURRENT` still names the old snapshot and its
/// log is intact (recover old + replay); after the switch, the new snapshot is
/// complete and its log is empty (recover new, no edits). A torn trailing edit
/// from an interrupted append is dropped on replay — the operation that wrote
/// it was never acknowledged upward.
fn persist_change(
&mut self,
tree_path: &Path,
prior: &Version,
next: &Version,
fs: &dyn Fs,
runtime: Arc<crate::runtime_config::RuntimeConfig>,
encryption: Option<Arc<dyn crate::encryption::EncryptionProvider>>,
) -> crate::Result<()> {
let log_path = tree_path.join(format!("edits-{}", self.snapshot_id));
if edit_log::log_size(fs, &log_path)? < self.log_rotate_bytes {
// Common path: append the delta and fsync. No snapshot rewrite.
let edit = next.diff(prior)?;
let mut scratch = Vec::new();
return edit_log::append_edit(fs, &log_path, &edit, &mut scratch, self.sync_mode);
}
// Rotation: write `next` as a fresh full snapshot and repoint CURRENT.
let old_snapshot = self.snapshot_id;
persist_version(
tree_path,
next,
&self.comparator_name,
fs,
runtime,
encryption,
self.sync_mode,
)?;
self.snapshot_id = next.id();
// The durable commit point of a rotation is the CURRENT repoint inside
// `persist_version` above — past it, the rotation has SUCCEEDED. Deleting
// the old generation's log + snapshot is pure garbage collection, so it
// is best-effort: a failure here must NOT propagate, or the caller
// (`upgrade_version_with_seqno`) would skip `append_version` /
// `fetch_max` and keep stale in-memory state while CURRENT already names
// the new snapshot — an on-disk/in-memory divergence. A leaked old file
// is harmless and swept by `cleanup_orphaned_version` on the next open.
if let Err(e) = remove_if_present(fs, &log_path) {
log::warn!(
"rotation: failed to remove old edit log {}: {e}",
log_path.display()
);
}
if old_snapshot != self.snapshot_id {
let old_path = tree_path.join(format!("v{old_snapshot}"));
if let Err(e) = remove_if_present(fs, &old_path) {
log::warn!(
"rotation: failed to remove old snapshot {}: {e}",
old_path.display()
);
}
}
Ok(())
}
pub fn append_version(&mut self, version: SuperVersion) {
// Mirror the new back into the lock-free latest pointer so point
// reads at MAX_SEQNO see it without taking the history lock.
#[cfg(feature = "std")]
self.latest.store(Arc::new(version.clone()));
self.versions.push_back(version);
}
pub fn replace_latest_version(&mut self, version: SuperVersion) {
if self.versions.pop_back().is_some() {
#[cfg(feature = "std")]
self.latest.store(Arc::new(version.clone()));
self.versions.push_back(version);
}
}
/// Returns a handle to the lock-free latest-`SuperVersion` mirror.
///
/// The `Tree` stores a clone of this handle and reads it on the point-read
/// hot path (`get` at `MAX_SEQNO`) to avoid the history `RwLock`. The
/// handle stays valid for the tree's lifetime; the pointee is swapped by
/// [`append_version`](Self::append_version) /
/// [`replace_latest_version`](Self::replace_latest_version) under the
/// history write lock.
///
/// Crate-internal: exposing the `ArcSwap` publicly would let a downstream
/// caller `store()` into it without the version-history write lock,
/// breaking the "mirror only changes at back-changing sites" invariant.
///
/// `std`-only: the mirror exists only when `arc-swap` is available.
#[cfg(feature = "std")]
#[must_use]
pub(crate) fn latest_handle(&self) -> Arc<ArcSwap<SuperVersion>> {
Arc::clone(&self.latest)
}
pub fn latest_version(&self) -> SuperVersion {
#[expect(clippy::expect_used, reason = "SuperVersion is expected to exist")]
self.versions
.iter()
.last()
.cloned()
.expect("should always have a SuperVersion")
}
pub fn get_version_for_snapshot(&self, seqno: SeqNo) -> SuperVersion {
if seqno == 0 {
#[expect(clippy::expect_used, reason = "SuperVersion is expected to exist")]
return self
.versions
.front()
.cloned()
.expect("should always find a SuperVersion");
}
let version = self
.versions
.iter()
.rev()
.find(|version| version.seqno < seqno)
.cloned();
if version.is_none() {
log::error!("Failed to find a SuperVersion for snapshot with seqno={seqno}");
log::error!("SuperVersions:");
for version in self.versions.iter().rev() {
log::error!("-> {}, seqno={}", version.version.id(), version.seqno);
}
}
#[expect(clippy::expect_used, reason = "SuperVersion is expected to exist")]
version.expect("should always find a SuperVersion")
}
}
#[cfg(test)]
mod tests;