Bug/220 spice makes bsk sims not thread safe

[Natsoulas]

• Tickets addressed: Spice makes BSK simulations not thread safe #220
• Review: By commit

Description

The changes implement thread safety for the SPICE interface to address GitHub issue #220, which reported deadlocks and data corruption when running parallel Monte Carlo simulations.

This solution uses a mutex and reference counting approach to protect SPICE kernel loading and unloading operations (inspired by Juan's suggestion comment on the issue):

1. Added a static mutex kernel_manipulation_mutex in the SpiceInterface class
2. Added a static reference counter kernel_reference_counter to track kernel usage
3. Modified loadSpiceKernel() to only load kernels once and use reference counting
4. Modified unloadSpiceKernel() to only unload kernels when no longer needed
5. Protected clearKeeper() with the mutex
6. Updated the destructor to properly unload kernels

This ensures that when multiple simulations run in parallel, they won't encounter race conditions or deadlocks when accessing SPICE kernels.

Verification

The changes were verified with a dedicated thread safety unit test:

• Added test_spiceThreadSafety.py unit test in the SPICE interface's _UnitTest directory
• The test creates multiple SpiceInterface instances in parallel and forces them to simultaneously load/unload kernels
• It verifies no deadlocks occur and no kernel files are corrupted
• No existing functionality was broken - all other SPICE-related tests continue to pass

The test specifically reproduces the conditions described in issue #220.

Documentation

Added code comments explaining the thread safety mechanism in:

• spiceInterface.h for the static mutex and reference counter
• spiceInterface.cpp for the mutex implementation and kernel reference counting logic

No existing documentation was invalidated.

Future work

1. Monitor for the release of NAIF's thread-safe SPICE implementation, which may provide a better solution in the future (Juan's advice from a comment in the issue 220 page).

[schaubh]

nice work! All tests passed on my system. Just some minor comments to address

[schaubh]

random is not used, please delete this import

[schaubh]

numpy is not used, please delete this import

[schaubh]

signal is imported, if needed, later on. We can delete this import.

[schaubh]

You are not using unitTestSupport, we can delete this import

[schaubh]

make this part of the documentation a hyperlink to issue 220?

[schaubh]

Nice work, looks like we are there. @juan-g-bonilla , as you commented on the original issue with the suggestion to use a mutex, would you have time to take a look at this code?

[juan-g-bonilla]

Nicely done @Natsoulas ! Many of my comments are actually encouraging you to fix existing issues or even the original fix I proposed so we can get this class to its highest quality possible.

Thanks for the tag @schaubh .

[juan-g-bonilla]

Should probably make these variables camelCase. (sorry I originally suggested snake_case!).

[juan-g-bonilla]

std::unordered_map is probably better here.

[schaubh]

yes, variables should be lower camel case.

[juan-g-bonilla]

You should change these methods into:

int loadSpiceKernel(std::string_view kernelName, std::string_view dataPath);
int unloadSpiceKernel(std::string_view kernelName, std::string_view dataPath);

or at least std::string. There's no reason why we should be passing char*.

This will also save you a lot of headache on the implementation (see later comment).

[juan-g-bonilla]

If you change the signature of unloadSpiceKernel (see previous comment), you'll be able to call:

unloadSpiceKernel("de430.bsp", this->SPICEDataPath);

[juan-g-bonilla]

might want to refactor this into:

auto kernelNames = {
    "naif0012.tls", "pck00010.tpc", "de-403-masses.tpc", "de430.bsp"
};
for (auto kernelName : kernelNames)
{
    if(loadSpiceKernel(kernelName, this->SPICEDataPath)) {
        bskLogger.bskLog(BSK_ERROR, "Unable to load %s", kernelName);
    }
}

actually a similar refactor is also possible above for unloadSpiceKernels. You might even make the kernelNames a class-wide static variable so we don't need to update both loading and unloading methods to keep the kernels in sync.

[schaubh]

True, this is a cleaner solution.

[juan-g-bonilla]

If you refactor the inputs into std::string_view, then:

std::string filepath = std::string{dataPath} + std::string{kernelName);

[juan-g-bonilla]

Nice job fetching the error from SPICE.

[juan-g-bonilla]

Similar comment as above.

[juan-g-bonilla]

I understand you're using std::vector to handle the memory of the underlying char*. This might just be personal preference, but I think:

std::unique_ptr<char[]> spiceOutputBuffer(new char[allowedOutputLength]);

is a bit more expressive and safe. Just a thought.

Maybe actually we should make allowedOutputLength a constexpr size_t so that we can simply do:

char spiceOutputBuffer[allowedOutputLength];

and thus we get rid of nasty dynamically allocated memory.

[juan-g-bonilla]

Very comprehensive test, nicely done.

Just for own curiosity, have you run this test without your fix? We would want it to fail on that case, so that we're sure the test is actually correctly stressing the system. I remember this error is infamously tricky to reproduce, so we want to make sure this test is actually testing as we need.