Add snapshot support for point-in-time database copy

[psrvere]

This PR addresses feedback from tursodatabase/agentfs#119 suggesting that snapshot functionality should be implemented in turso.git using direct file copying rather than SQL-based row by row copying. Comment

Implementation

• TRUNCATE checkpoints the WAL
• Takes a read lock on WAL before database file copy
• Do above two in a loop till read_lock[0] is acquired (explanation below)
• Does not support MVCC mode, for now

Other Additions

• CLI's .clone uses this snapshot API (the older implementation was based on logical copy)
  The new implementation does not support snapshot with in-memory database which is a BREAKING change for this command.
• Adds snapshot API to sdk-kit
• Adds snapshot API to Rust SDK

Race Condition Handling

There is a race condition between TRUNCATE checkpoint and copying the database file in which another snapshot can run and we may end up copying a corrupted db file. To prevent this, the implementation runs a retry loop to do two things: 1) TRUNCATE Checkpoint, and 2) Take read_lock[0]. Since checkpoint flow need this lock to process, taking this lock prevents any other checkpoint.

Other Approaches I Considered

1. Acquire any read lock before Checkpointing

Although, from first read of the wal.rs code it looks like that checkpointing requires acquiring read locks in 1..N slots

/// Database checkpointers takes the following locks, in order:
/// The exclusive CHECKPOINTER lock.
/// The exclusive WRITER lock (FULL, RESTART and TRUNCATE only).
/// Exclusive lock on read-mark slots 1-N. These are immediately released after being taken.
/// Exclusive lock on read-mark 0.
/// Exclusive lock on read-mark slots 1-N again. These are immediately released after being taken (RESTART and TRUNCATE only).
/// All of the above use blocking locks.
impl CheckpointLocks {
    fn new(ptr: Arc<RwLock<WalFileShared>>, mode: CheckpointMode) -> Result<Self> { ... }

More specifically, these read lock are attempted to acquire in determine_max_safe_checkpoint_frame function which doesn't really enforce acquiring them -- if a slot is busy, it simply lowers the safe checkpoint boundary.

Hence holding non-zero read lock does not prevent from checkpoints to run.

2. FULL vs TRUNCATE Checkpoint

The flow is same for FULL, RESTART and TRUNCATE checkpoint in terms of acquiring locks and back-filling entire WAL, so this didn't help.

Assisted by: Cursor + Claude

[turso-bot]

Please review @jussisaurio

[sivukhin]

I have some suggestion and concerns regarding current tsnapshot logic.
Also, it will be great to use new snapshotting logic in the .clone CLI command

[sivukhin]

I don't think that checkpoint guarantee that guard always will be set.

There are cases (for example, empty WAL - so nothing to checkpoint) - where checkpoint will return without holding any lock.

So, this fix do not prevent race condition situation in all situations, IIUC.

[psrvere]

Yeah you are right. I didn't want to touch the checkpoint function in the first place.

[sivukhin]

Can we instead of patching checkpoint do snapshot like this:

1. Execute truncate checkpoint
2. Start read transaction (either explicitly with BEGIN or maybe by just issuing read_tx on WAL)
3. Do the copy of DB file
4. End read transaction

[psrvere]

I like this solution. I will implement this.

Although it does leave a tiny race window between truncating file and taking read lock where a writer can write and snapshot is taken. Maybe we can live with this right now. I will leave a detailed comment just in case we see a bug later on.

[sivukhin]

tiny race window between truncating file and taking read lock where a writer can write and snapshot is taken

Ah, yeah. The problem here actually is not in writes specifically - but in a checkpoint that can happen in the middle.

Alternative suggestion from me is to start read transaction before checkpoint but issue FULL checkpoint instead of TRUNCATE. This will make it possible for checkpoint to succeed - but also we will hold WAL and prevent any further checkpoint from happening (even if writes will happen).
Also, we should be careful with deferred nature of transaction and maybe we need to execute something after BEGIN statement in order to properly initiate read transaction.

As we are writing database - its better to be safe than sorry :) So even tiny race window is bad actually.

[psrvere]

@sivukhin - apologies for late reply. I was out with viral last week.

I thought about your suggestion but this also doesn't work. I have finally found another approach which works. I have detailed everything in the PR Note. Also, PR is ready for review.

[sivukhin]

Also, @psrvere, do you plan to add support of snapshot method in sdk-kit/Rust SDK later?

[psrvere]

Thanks for the feedback @sivukhin.
I will update the .clone CLI command to use new snapshot logic and update SDK too in this PR. Will ping again once PR is ready to review.

[psrvere]

Maintainers - Please review this PR.

[psrvere]

@sivukhin - please look at it when you get time.

[avinassh]

@psrvere could you rebase with main and solve the conflicts

[penberg]

This pull request has been marked as stale due to inactivity. It will be closed in 7 days if no further activity occurs.

[penberg]

This pull request has been closed due to inactivity. Please feel free to reopen it if you have further updates.