Review requested:

• @nodejs/sqlite

Concurrency Control

For concurrency control, SQLite provides a few options. Multi-threaded seems to be a good fit.

Multi-thread. In this mode, SQLite can be safely used by multiple threads provided that no single database connection nor any object derived from database connection, such as a prepared statement, is used in two or more threads at the same time.

We just need a way to guarantee that no two threads will be using connection or statements at the same time. Since we have a threadpool, hence no control over which thread a work will be executed, seems like we need a mutex. Please share your thoughts.

We just need a way to guarantee that no two threads will be using connection or statements at the same time. Since we have a threadpool, hence no control over which thread a work will be executed, seems like we need a mutex. Please share your thoughts.

I wonder if, for the first version of this API if the serialized mode is good enough

Serialized. In serialized mode, API calls to affect or use any SQLite database connection or any object derived from such a database connection can be made safely from multiple threads. The effect on an individual object is the same as if the API calls had all been made in the same order from a single thread. The name "serialized" arises from the fact that SQLite uses mutexes to serialize access to each object.

having implemented worker thread offloading i can state that there's a significant amount of gnarly lifecycle plumbing involved, especially if one wants to support transactions if some of that plumbing could live within node.js itself it would be much appreciated not sure where a line would have to be drawn be to support more advanced use cases (e.g. 1 writer, <n> reader setups) but i'm eager to test stuff out!

Yeah. I will build a solution based on the authorizer, and let's see what you think about it.

From the beginning, the idea is not to default all queries to run asynchronously. It's about to add the possibility for async.

I think the API should reflect this. If it is named Database then I think a lot of people will just go for that one, thinking fewer keystrokes! And async is better/faster! For reading files, async often makes most sense. Correct me if I am wrong, but I think for SQLite queries, most of the time, the overhead makes async the worse option, even measured in wall clock time on the main thread.

Maybe calling it something like DatabaseAsync, StatementAsync is an option?

Or maybe DatabaseSync can be renamed to Database and we can have Database.execAsync?

It turns out I was very naive while conceiving this implementation. My approach was to utilize libuv's thread pool for running SQLite operations, as we do for backups.

In a situation where a query calls a user-defined function, authorizer, or aggregation, execution on the thread pool fails because it doesn't have access to an Isolate.

My first idea was to track the defined functions and identify when they are in the query; if functions are present, that query would run in the main thread. Another option would be using worker threads that have their own isolates.

@nodejs/sqlite would you have any clue? Thanks in advance.

The only viable solution is not support custom functions with the async mode. Basically you would need to move the computation back to the main thread, causing a possible deadlock situation.

It turns out I was very naive while conceiving this implementation. My approach was to utilize libuv's thread pool for running SQLite operations, as we do for backups.
In a situation where a query calls a user-defined function, authorizer, or aggregation, execution on the thread pool fails because it doesn't have access to an Isolate.
My first idea was to track the defined functions and identify when they are in the query; if functions are present, that query would run in the main thread. Another option would be using worker threads that have their own isolates.
@nodejs/sqlite would you have any clue? Thanks in advance.

The only viable solution is not support custom functions with the async mode. Basically you would need to move the computation back to the main thread, causing a possible deadlock situation.

That sounds good to me

Here's the state of this PR by now.

• Async API delegates work to the Thread pool
• Classes don't have a Sync postfix (like zlib), this is what is causing most of the conflicts.
• Custom functions, aggregates and authorizer are not allowed, those functions require to be executed in the main thread.
• Each database instance has a queue for async tasks. With that we ensure only no connection or statement will be used in multiple threads at the same time.
• Iterators remains the same as async iterator helpers are still on stage 2 (https://github.com/tc39/proposal-async-iterator-helpers)

cc @mcollina @cjihrig

From the beginning, the idea is not to default all queries to run asynchronously. It's about to add the possibility for async.

I think the API should reflect this. If it is named Database then I think a lot of people will just go for that one, thinking fewer keystrokes! And async is better/faster! For reading files, async often makes most sense. Correct me if I am wrong, but I think for SQLite queries, most of the time, the overhead makes async the worse option, even measured in wall clock time on the main thread.

Maybe calling it something like DatabaseAsync, StatementAsync is an option?

Or maybe DatabaseSync can be renamed to Database and we can have Database.execAsync?

All of them are good options but the argument of consistency is very strong. Looking at other modules with the perspective of what is exported. Zlib exports functions with sync prefix with the function is sync and without it otherwise.

Maybe this can be a turning point?

I saw that @mcollina added the tsc-agenda tag to the PR #61262. Maybe this naming thing can be discusses as well?

I don't find the consistency argument very strong, because as far as I am aware there is no precedent of postfixing a class with *Sync (versus leaving it out for async). It's only functions.

I also don't think creating a separate Database class that allows asynchronous operations is a particularly good API. It makes it harder to switch between async and sync. Due to the overhead workers incur, I expect many applications will want to only use async for a subset of queries (and ideally be able to switch between one or the other without too much fuss).

In addition, we are staying quite close to the SQLite API, which I think it a good thing to do. The current DatabaseSync class has a single SQLite database connection handle, wheras the proposed (async) Database wraps complicated machinery to juggle multiple database connection handles on different threads. I think the naming should reflect this (call it a database pool or something similar) and offer a more constrained API that makes more sense for the underlying multi-threaded implementation.

I wonder what you think about this API and if it would be feasible.

I don't find the consistency argument very strong, because as far as I am aware there is no precedent of postfixing a class with *Sync (versus leaving it out for async). It's only functions.

That's why I mentioned the perspective. If you look at what is exported, they follow this rule.

I wonder what you think about #54307 (comment) and if it would be feasible.

I like your proposal. It brings flexibility, with the async stuff under the pool attribute. I don't think we need a threadingMode though. We can keep all async under pool anyways.

If we all agree we can drop the Sync postfix - as Bun - I think we can do this.

The machinery will still have complexity because that's how it is. Every work must be splitted to run part on thread pool (SQLite stuff) part on main thread (object creation like arrays and objects, and promise resolving).

I don't think we need a threadingMode though.

Agreed. I thought this would make it possible to use single threaded mode for individual database connections, but this is not possible as pointed out by @BurningEnlightenment.

Glad you like it though!

The machinery will still have complexity because that's how it is.

Yes, but this API makes it clear that it not 'just' a SQLite database handle.

Appreciate your help, @addaleax . I will revisit this implementation and will take your suggestion in consideration as well @louwers 🚀

@mcollina That's a valid concern.

Do you have an opinion on naming? Just Database for the database pool? I prefer something else for reasons outlined here...

I'm not even convinced we need a pool. That is not what node-sqlite3 was doing, wasn't it?

I would keep Database for the async version, yes.

Just a single thread? Not sure about node-sqlite3 but that would simplify things a lot.

Edit: if Node.js/libuv had lightweight threads, the resource management simplicity of one thread per Database instance and Database Connection Handle would be appealing, but aren't we stuck with heavyweight OS threads?

FWIW, node-sqlite3 uses libuv mutexes and sqlite3_db_mutex to manage concurrency -- it doesn't bind connections to a thread. It's quite complex: database instances share the same libuv thread pool, each Database instance has a bool locked and bool serialize field, and depending on the operation, some mélange of mutexes are acquired and released.

Disclosure: this comment was drafted with AI assistance and reviewed/edited by me.

I dug into TryGhost/node-sqlite3 (current master) to validate how one Database instance is used across libuv workers, and the key point is that it uses two synchronization layers for different problems:

1. Addon-level queueing/locking (semantic ordering + lifecycle safety)
2. SQLite mutexing (low-level thread safety around the shared sqlite3* handle)

1) Addon-level scheduler: when work is queued vs dispatched

A Database object owns a single sqlite3* _handle. Every async operation carries Database* db in a baton and runs via napi_queue_async_work (libuv threadpool).

Scheduling is done in Database::Schedule() / Database::Process().

Roughly:

• If DB is not open/usable -> error path
• Else, queue if !open || ((locked || exclusive || serialize) && pending > 0)
• Else, dispatch immediately

Meaning:

• pending = number of in-flight async jobs touching this DB
• exclusive jobs (e.g. close/exec/loadExtension/wait) require no overlap with other in-flight jobs
• serialize mode forces newly scheduled work to behave like exclusive work
• parallelize mode allows non-exclusive jobs to be issued without forced serialization

Clarification of terms (important):

• exclusive = operation-level scheduling flag.
  That specific operation cannot start until pending == 0 (no other DB work in flight), and once started it prevents overlapping starts until it completes.
• serialize = connection-level mode flag.
  When enabled, every newly scheduled operation is treated as exclusive (exclusive || serialize), so work is effectively one-at-a-time and ordered.
  When disabled (parallelize), only explicitly exclusive operations get that strict treatment.

Process() drains queue only when state allows it. Important guard:

• if next queued call is exclusive and pending > 0, it waits in queue

So queueing here is not just about thread-safety; it enforces operation semantics and lifecycle invariants.

2) SQLite mutexes: protecting the shared connection internals

Even with the addon queue, work still executes on threadpool workers and may touch the same connection handle. node-sqlite3 therefore uses SQLite in thread-safe mode:

• compiled with SQLITE_THREADSAFE=1
• default open flags include SQLITE_OPEN_FULLMUTEX

Additionally, statement worker code explicitly acquires the per-DB SQLite mutex (sqlite3_db_mutex(db->_handle)) around critical sections (sqlite3_prepare_v2, bind/step/error retrieval paths, etc.).

That protects internal SQLite connection/statement state and avoids races while extracting status/error data.

Why both layers are needed

FULLMUTEX alone gives memory/thread safety, but it does not give higher-level behavior guarantees expected by the JS API. The addon queue is still needed to guarantee things like:

• close runs only when prior work is drained
• exclusive operations do not interleave with others
• serialize/parallelize API semantics
• deterministic callback/error event behavior for queued operations

So:

• SQLite mutexes = “is concurrent access to this connection memory-safe?”
• Addon queue/locks = “is operation ordering/lifecycle behavior correct for this API?”

That combination is what allows one Database instance to be shared across multiple libuv workers safely while preserving node-sqlite3 semantics.

FWIW, node-sqlite3 uses libuv mutexes and sqlite3_db_mutex to manage concurrency -- it doesn't bind connections to a thread. It's quite complex: database instances share the same libuv thread pool, each Database instance has a bool locked and bool serialize field, and depending on the operation, some mélange of mutexes are acquired and released.

The node-sqlite3 "parallel" dispatch strategy has the distinct disadvantage of very bad cache locality and thrashing the db connection mutex as you have potentially multiple uv thread pool threads waiting on a single mutex. This also introduces the risk of (temporary) thread pool starvation and SQLITE_BUSY timeouts if one query hogs the mutex for a long time. Optimally one would only ever schedule one uv thread pool task at the same time for one db connection which drains a single-producer-single-consumer (spsc) thread safe queue of query tasks while asynchronously dispatching completion events/callbacks to the main thread. And this would be perfectly fine with SQLITE_THREADSAFE=2.

Having helped maintain the better-sqlite3 package for several years, I can't remember the last issue we had that was from a "code correctness"/thread/lock/mutex related defect (it's all build/compilation issues because it's not using n-api!). The abundant issue list for node-sqlite3 is a wholly different story--it's really hard to get right, and I personally hit several bugs with my project, which is why I switched to better-sqlite3 in the first place.

Also: the performance hit from bad cache locality (like @BurningEnlightenment mentioned) and all the mutex juggling results in 4X to 10X performance hits for some functionality: https://github.com/photostructure/node-sqlite/tree/main/benchmark#performance-results

Appreciate all your reviews here. I changed configuration of threads back to 1 (and a few other things in my local branch).

The thing is as @mcollina has pointed out. It this thing even needed? The more I worked on it the less it seemed useful.

I know there are some use cases. But for those, people can use worker threads? Having this working on a threadpool would be having a database connection with less capabilities (it won't have an isolate, hence no custom functions, aggregations or authorizers).

@geeksilva97 Agreed: I think brief example code on how to run long running queries on a separate node:worker_threads instance would be the most conservative and most expeditious way forward (but I'm just shouting from the peanut gallery here).

My main hope was to highlight the substantial complexity that the node-sqlite3 package tackled (and how Joshua's better-sqlite3 and the current node:sqlite sync approach avoids it!)