Summary
Three concurrency safety gaps found:
1. No loom or Miri — zero model-checked concurrency
No crate declares `loom` as a dependency, no `#[cfg(loom)]` gates exist, and Miri is not referenced anywhere. The four `unsafe impl Send/Sync` declarations are unverified by any formal tool.
2. MmapVectorStorage Sync impl is under-documented
`crates/krites/src/runtime/hnsw/mmap_storage.rs:85-86`:
```rust
unsafe impl Send for StorageInner {}
unsafe impl Sync for StorageInner {}
```
`as_bytes(&self)` dereferences a raw `*mut u8` from mmap under `&self`. The comment says "access is controlled through `&self` / `&mut self`" but does not name the external guard (per-relation `ShardedLock` in `Db`) or prove that concurrent `push(&mut self)` + `get(&self)` races are excluded.
The other two `unsafe impl Sync` declarations (`FjallReadTx`, `FjallWriteTx` at `krites/src/storage/fjall_backend.rs:144,149`) have adequate inline rationale.
3. No stress tests — shallow concurrent test coverage
- `SessionStore` (`Arc<Mutex>`) has 18 production clone sites across nous/pylon/diaporeia but zero concurrent access tests
- Integration concurrent tests are N=2 with `tokio::join!` only — no iteration, no write-write contention
- No pattern of `for _ in 0..N { spawn(...) }` exists anywhere
- nextest has no concurrency profiles
Contention surface (45 Arc<Mutex/RwLock> sites)
| Crate |
Count |
Hot path? |
| nous |
18 |
Yes — SessionStore |
| pylon |
6 |
Yes — same SessionStore |
| krites |
6 |
Yes — running_queries, HNSW |
| koina |
6 |
No |
| Others |
9 |
Mixed |
Fix priority
- Document the external guard for `MmapVectorStorage` Sync impl (or add a lock)
- Add stress test for `SessionStore` concurrent access (spawn 100 tasks, mix reads/writes)
- Evaluate loom for the krites transaction/storage layer
- Add multi-thread flavor to integration concurrent tests
Source
Concurrency stress testing audit — basanos TESTING.md + RUST.md concurrency sections.
Summary
Three concurrency safety gaps found:
1. No loom or Miri — zero model-checked concurrency
No crate declares `loom` as a dependency, no `#[cfg(loom)]` gates exist, and Miri is not referenced anywhere. The four `unsafe impl Send/Sync` declarations are unverified by any formal tool.
2. MmapVectorStorage Sync impl is under-documented
`crates/krites/src/runtime/hnsw/mmap_storage.rs:85-86`:
```rust
unsafe impl Send for StorageInner {}
unsafe impl Sync for StorageInner {}
```
`as_bytes(&self)` dereferences a raw `*mut u8` from mmap under `&self`. The comment says "access is controlled through `&self` / `&mut self`" but does not name the external guard (per-relation `ShardedLock` in `Db`) or prove that concurrent `push(&mut self)` + `get(&self)` races are excluded.
The other two `unsafe impl Sync` declarations (`FjallReadTx`, `FjallWriteTx` at `krites/src/storage/fjall_backend.rs:144,149`) have adequate inline rationale.
3. No stress tests — shallow concurrent test coverage
Contention surface (45 Arc<Mutex/RwLock> sites)
Fix priority
Source
Concurrency stress testing audit — basanos TESTING.md + RUST.md concurrency sections.