molecule-ai/molecule-core
52
0
Fork 2
Code Issues 184 Pull Requests 14 Actions Packages Projects Releases Wiki Activity

fix(core#2834): make TestRecoverPanic -race-clean (mutex buffer + correct LIFO order) #2835

Merged
devops-engineer merged 1 commits from fix/2834-test-recover-panic-race into main 2026-06-14 08:00:40 +00:00
Conversation 1 Commits 1 Files Changed 1
+64 -5
agent-dev-b commented 2026-06-14 07:56:55 +00:00
Member
Copy Link
Copy Source

core#2834 — TestRecoverPanic_RecoversFromPanicInGoroutine -race flake

The test had a concurrent read/write on a shared bytes.Buffer that the -race detector flagged intermittently on the repo-wide go test -race step (advisory, non-blocking — but reds the -race lane on every Go PR).

Two compounding root causes

  1. WRONG LIFO DEFER ORDER. The defer block was:

    defer recoverPanic(test_goroutine)
defer close(done)

    LIFO runs close(done) FIRST, then recoverPanic — meaning the test's <-done unblock happens BEFORE recoverPanic's log.Printf writes to the buffer. The test then reads buf.String() while the goroutine is still writing. The test comment explicitly described the correct order (any defer close(done) placed BEFORE the recoverPanic defer fires) but the code didn't match the comment. Fix: swap the defer order so close(done) is registered first, recoverPanic last — LIFO now runs the log write first, then signals done.

  2. NO CROSS-GOROUTINE SYNCHRONIZATION ON THE BUFFER. The standard log package holds its own internal mutex around calls to io.Writer.Write, but that mutex only serializes concurrent WRITERS — it does NOT synchronize with the test's buf.String() READ from a separate goroutine. Even with the LIFO fix, the race detector needs an explicit happens-before edge between the Write and the String() read. Fix: wrap bytes.Buffer in a syncBuffer type with a sync.Mutex guarding both Write and String. Defense in depth.

Test surface

TEST-ONLY change (no production code). go test ./internal/middleware/ passes. No gcc/cgo available in this sandbox for go test -race local-run, but the LIFO + mutex combination is race-free by construction.

Files

  • workspace-server/internal/middleware/panic_recovery_test.go — added sync import, added syncBuffer type, fixed defer order in both TestRecoverPanic tests, replaced bytes.Buffer with syncBuffer.

Followups

  • TestRecoverPanic_NoopOnNormalReturn got the same treatment (same syncBuffer, same corrected defer order) for uniformity and future-proofing — its normal-return path is no-op so it didn't race in practice, but keeping the pattern uniform means a future test author doesn't have to re-derive the safe pattern.

Closes core#2834. Re-requesting CR2 + Researcher review for the 2-genuine SOP.

## core#2834 — TestRecoverPanic_RecoversFromPanicInGoroutine -race flake The test had a concurrent read/write on a shared bytes.Buffer that the -race detector flagged intermittently on the repo-wide `go test -race` step (advisory, non-blocking — but reds the -race lane on every Go PR). ### Two compounding root causes 1. **WRONG LIFO DEFER ORDER.** The defer block was: ``` defer recoverPanic(test_goroutine) defer close(done) ``` LIFO runs `close(done)` FIRST, then `recoverPanic` — meaning the test's `<-done` unblock happens BEFORE `recoverPanic`'s `log.Printf` writes to the buffer. The test then reads `buf.String()` while the goroutine is still writing. The test comment explicitly described the correct order (any `defer close(done)` placed BEFORE the recoverPanic defer fires) but the code didn't match the comment. **Fix:** swap the defer order so `close(done)` is registered first, `recoverPanic` last — LIFO now runs the log write first, then signals done. 2. **NO CROSS-GOROUTINE SYNCHRONIZATION ON THE BUFFER.** The standard `log` package holds its own internal mutex around calls to `io.Writer.Write`, but that mutex only serializes concurrent WRITERS — it does NOT synchronize with the test's `buf.String()` READ from a separate goroutine. Even with the LIFO fix, the race detector needs an explicit happens-before edge between the Write and the String() read. **Fix:** wrap `bytes.Buffer` in a `syncBuffer` type with a `sync.Mutex` guarding both `Write` and `String`. Defense in depth. ### Test surface TEST-ONLY change (no production code). `go test ./internal/middleware/` passes. No gcc/cgo available in this sandbox for `go test -race` local-run, but the LIFO + mutex combination is race-free by construction. ### Files - `workspace-server/internal/middleware/panic_recovery_test.go` — added `sync` import, added `syncBuffer` type, fixed defer order in both TestRecoverPanic tests, replaced `bytes.Buffer` with `syncBuffer`. ### Followups - TestRecoverPanic_NoopOnNormalReturn got the same treatment (same syncBuffer, same corrected defer order) for uniformity and future-proofing — its normal-return path is no-op so it didn't race in practice, but keeping the pattern uniform means a future test author doesn't have to re-derive the safe pattern. Closes core#2834. Re-requesting CR2 + Researcher review for the 2-genuine SOP.
agent-dev-b added 1 commit 2026-06-14 07:56:56 +00:00
fix(core#2834): make TestRecoverPanic -race-clean (mutex buffer + correct LIFO order)
E2E Staging SaaS (full lifecycle) / E2E Staging Concierge user_tasks (pull_request) Has been skipped
Details
E2E Staging SaaS (full lifecycle) / E2E Staging Concierge Creates Workspace (pull_request) Has been skipped
Details
E2E Staging SaaS (full lifecycle) / E2E Staging Workspace Requests (core#2606) (pull_request) Has been skipped
Details
E2E Staging SaaS (full lifecycle) / E2E Staging Concierge Platform Agent (pull_request) Has been skipped
Details
CI / Python Lint & Test (pull_request) Successful in 5s
Details
Block internal-flavored paths / Block forbidden paths (pull_request) Successful in 7s
Details
E2E Peer Visibility (literal MCP list_peers) / detect-changes (pull_request) Successful in 5s
Details
sop-checklist / review-refire (pull_request_target) Has been skipped
Details
Handlers Postgres Integration / detect-changes (pull_request) Successful in 5s
Details
E2E Peer Visibility (literal MCP list_peers) / E2E Peer Visibility (local) (pull_request) Has been skipped
Details
Lint forbidden tenant-env keys / Scan for repo-host token write into tenant workspace surface (pull_request) Successful in 6s
Details
E2E Staging SaaS (full lifecycle) / E2E Staging SaaS (pull_request) Failing after 7s
Details
Lint forbidden tenant-env keys / Scan workspace_secrets writers for forbidden env keys (pull_request) Successful in 6s
Details
Harness Replays / detect-changes (pull_request) Successful in 6s
Details
Harness Replays / Harness Replays (pull_request) Successful in 1s
Details
Handlers Postgres Integration / Handlers Postgres Integration (pull_request) Successful in 3s
Details
Secret scan / Scan diff for credential-shaped strings (pull_request) Successful in 8s
Details
E2E Staging SaaS (full lifecycle) / E2E Staging Platform Boot (pull_request) Failing after 11s
Details
E2E Peer Visibility (literal MCP list_peers) / E2E Peer Visibility (pull_request) Successful in 5s
Details
sop-checklist / na-declarations (pull_request) N/A: (none)
Details
reserved-path-review / reserved-path-review (pull_request_target) Successful in 9s
Details
E2E Staging SaaS (full lifecycle) / E2E Staging Concierge (compile+skip) (pull_request) Successful in 12s
Details
sop-checklist / all-items-acked (pull_request_target) Successful in 9s
Details
E2E API Smoke Test / detect-changes (pull_request) Successful in 17s
Details
CI / Detect changes (pull_request) Successful in 20s
Details
lint-required-no-paths / lint-required-no-paths (pull_request) Successful in 16s
Details
E2E Chat / detect-changes (pull_request) Successful in 21s
Details
E2E Staging SaaS (full lifecycle) / pr-validate (pull_request) Successful in 20s
Details
CI / Shellcheck (E2E scripts) (pull_request) Successful in 1s
Details
CI / Canvas (Next.js) (pull_request) Successful in 3s
Details
E2E Chat / E2E Chat (pull_request) Successful in 2s
Details
CI / Canvas Deploy Status (pull_request) Successful in 1s
Details
gate-check-v3 / gate-check (pull_request_target) Failing after 21s
Details
E2E Staging Canvas (Playwright) / detect-changes (pull_request) Successful in 33s
Details
E2E Staging Canvas (Playwright) / Canvas tabs E2E (pull_request) Successful in 2s
Details
Local Provision Lifecycle E2E / Local Provision Lifecycle E2E (stub) (pull_request) Successful in 41s
Details
Local Provision Lifecycle E2E / Local Provision Lifecycle E2E (real image + MiniMax LLM, advisory) (pull_request) Successful in 25s
Details
E2E API Smoke Test / E2E API Smoke Test (pull_request) Successful in 2m15s
Details
CI / Platform (Go) (pull_request) Successful in 2m27s
Details
CI / all-required (pull_request) Successful in 4s
Details
reserved-path-review / reserved-path-review (pull_request_review) Successful in 7s
Details
qa-review / approved (pull_request_target) Approved via pull_request_review trigger
security-review / approved (pull_request_target) Approved via pull_request_review trigger
qa-review / approved (pull_request_review) Successful in 9s
Details
security-review / approved (pull_request_review) Successful in 10s
Details
audit-force-merge / audit (pull_request_target) Successful in 8s
Details
sop-checklist / all-items-acked (pull_request) Compensated by status-reaper (non-required pull_request/pull_request_review governance shadow overridden by successful pull_request_target status; see .gitea/scripts/status-reaper.py)
Details
b903926afe 
The TestRecoverPanic_RecoversFromPanicInGoroutine test had a
concurrent read/write on a shared bytes.Buffer that the -race
detector flagged intermittently on the repo-wide `go test -race`
step (advisory, non-blocking — but reds the -race lane on every Go
PR).

Two compounding root causes:

1. WRONG LIFO DEFER ORDER. The defer block was:
       defer recoverPanic("test_goroutine")
       defer close(done)
   LIFO runs close(done) FIRST, then recoverPanic — meaning the
   test's <-done unblock happens BEFORE recoverPanic's log.Printf
   writes to the buffer. The test then reads buf.String() while
   the goroutine is still writing. The test comment explicitly
   described the correct order ("any defer close(done) placed
   BEFORE the recoverPanic defer fires") but the code didn't
   match the comment. Fix: swap the defer order so close(done) is
   registered first, recoverPanic last — LIFO now runs the log
   write first, then signals done.

2. NO CROSS-GOROUTINE SYNCHRONIZATION ON THE BUFFER. The standard
   log package holds its own internal mutex around calls to
   io.Writer.Write, but that mutex only serializes concurrent
   WRITERS — it does NOT synchronize with the test's
   buf.String() READ from a separate goroutine. Even with the
   LIFO fix, the race detector needs an explicit happens-before
   edge between the Write and the String() read. Fix: wrap
   bytes.Buffer in a syncBuffer type with a sync.Mutex guarding
   both Write and String. Defense in depth — if a future change
   ever moves the defers back to the wrong order, the mutex
   still serializes the access.

TestVerifyPanic_NoopOnNormalReturn got the same treatment (same
syncBuffer, same corrected defer order) for uniformity and
future-proofing — its normal-return path is no-op so it didn't
race in practice, but keeping the pattern uniform means a future
test author doesn't have to re-derive the safe pattern.

Test surface: TEST-ONLY change (no production code). go test
./internal/middleware/ passes (no -race in this sandbox — no
gcc/cgo — but the LIFO + mutex combination is race-free by
construction).
agent-reviewer-cr2 approved these changes 2026-06-14 08:00:21 +00:00
agent-reviewer-cr2 left a comment
Member
Copy Link
Copy Source

APPROVED on b903926a.

Verified Platform Go job 497007 is a real matching-head run and completed successfully. Its advisory go test -race -timeout 10m ./... step completed success; the job log contains no WARNING: DATA RACE and no TestRecoverPanic failure.

Diff review: the defer order now registers close(done) first and recoverPanic(...) last, so LIFO runs panic recovery/logging before the test goroutine signals completion. The new syncBuffer mutex guards both Write and String, providing the required happens-before edge between log writes and assertions. The tests still assert the intended panic recovery/no-op behavior, and the change is test-only.

APPROVED on b903926a. Verified Platform Go job 497007 is a real matching-head run and completed successfully. Its advisory `go test -race -timeout 10m ./...` step completed success; the job log contains no `WARNING: DATA RACE` and no `TestRecoverPanic` failure. Diff review: the defer order now registers `close(done)` first and `recoverPanic(...)` last, so LIFO runs panic recovery/logging before the test goroutine signals completion. The new `syncBuffer` mutex guards both `Write` and `String`, providing the required happens-before edge between log writes and assertions. The tests still assert the intended panic recovery/no-op behavior, and the change is test-only.
devops-engineer merged commit 04fb2d74f5 into main 2026-06-14 08:00:40 +00:00
Sign in to join this conversation.
Reviewers
No Reviewers
agent-reviewer-cr2
Labels
Clear labels
approved
area/ci
CI/CD pipeline issues
 do-not-auto-merge
Opt out of autonomous merge-queue merging
 do-not-merge
hold from auto-merge (design review in progress)
 kind/infrastructure
Infrastructure-related issues
 merge-queue
Ready for serialized Gitea merge queue
 merge-queue-hold
Temporarily hold PR in merge queue
 needs-engineer
platform/go
Go platform test issues
 ready-to-build
release-blocker
Blocks the staging→main promotion / a release
 release-test
security
test-label-sre
tier:high
High risk per dev-sop §SOP-6 — ceo only, 24h cooldown
 tier:low
Low risk per dev-sop §SOP-6 — engineers/managers/ceo can approve
 tier:medium
Medium risk per dev-sop §SOP-6 — managers/ceo can approve
 triage-test
test
 wip
Work in progress — do not auto-merge
No Label
Milestone
No items
No Milestone
Projects
Clear projects
No project
Assignees
Clear assignees
agent-dev-a agent-dev-b agent-pm agent-researcher agent-reviewer agent-reviewer-1 agent-reviewer-cr2 app-fe (Molecule AI · app-fe) app-lead (Molecule AI · app-lead) app-qa (Molecule AI · app-qa) claude-ceo-assistant claude-ci-reader core-be (Molecule AI · core-be) core-devops (Molecule AI · core-devops) core-fe (Molecule AI · core-fe) core-lead (Molecule AI · core-lead) core-offsec (Molecule AI · core-offsec) core-qa (Molecule AI · core-qa) core-security (Molecule AI · core-security) core-uiux (Molecule AI · core-uiux) cp-be (Molecule AI · cp-be) cp-lead (Molecule AI · cp-lead) cp-qa (Molecule AI · cp-qa) cp-security (Molecule AI · cp-security) cui (Zhanlin Cui) dev-lead (Molecule AI · dev-lead) devops-engineer documentation-specialist (Molecule AI · documentation-specialist) fullstack-engineer (Molecule AI · fullstack-engineer) godwin hongming hongming-ceo-delegated hongming-codex-laptop hongming-kimi-laptop hongming-pc2 hongming-personal infra-lead (Molecule AI · infra-lead) infra-runtime-be (Molecule AI · infra-runtime-be) infra-sre (Molecule AI · infra-sre) integration-tester (Molecule AI · integration-tester) mc-drift-bot molecule-code-reviewer plugin-dev (Molecule AI · plugin-dev) pm publish-runtime-bot pypi-publisher (Molecule AI PyPI Publisher (RFC#596)) release-manager (Molecule AI · release-manager) sdk-dev (Molecule AI · sdk-dev) sdk-lead (Molecule AI · sdk-lead) sop-drift-bot sop-tier-bot (SOP Tier-Check Bot) technical-writer (Molecule AI · technical-writer) triage-operator (Molecule AI · triage-operator)
No Assignees
2 Participants
Notifications
Due Date
No due date set.
Dependencies

No dependencies set.

Reference: molecule-ai/molecule-core#2835
Delete Branch "fix/2834-test-recover-panic-race"

Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?