make Channel lifecycle statemachine explicit

[weissi]

@normanmaurer / @Lukasa this is a preview of what I'm working on. It passes tests, also happy with some monkey channel test which previously used to crash stuff a lot. But we should have a chat what we want to do in which situations. Also CC @vlm .

Motivation:

We had a lot of problems with the Channel lifecycle statemachine as it
wasn't explicit, this fixes this. Additionally, it asserts a lot more.

Modifications:

• made Channel lifecycle statemachine explicit
• lots of asserts

Result:

• hopefully the state machine works better
• the asserts should guide our way to work on in corner cases as well

[Lukasa]

Cool, the general shape of this is really good. Some notes inline.

[Lukasa]

I assume the reason this conditional is a bit complex is to avoid doing too many atomic ops?

[weissi]

@Lukasa indeed, also don't think it's too complex tbh

[Lukasa]

Would be nice to confirm that the compiler actually gets this right.

Presumably the other option is to pass a collection of non-escaping closures into this.

[weissi]

@normanmaurer / @Lukasa the problem here is that the compiler might change at any point in time and there's nothing that we can do to make sure that it's inlined unfortunately.

And passing the closures in is just so ugly, no?

[Lukasa]

Do we intend to allow activating an unregistered socket? I think I'd kinda prefer we didn't.

[Lukasa]

Mild nit, but it may be a bit clearer to read this state machine if you fold all the badTransition cases for a given state together, e.g

case (.registeredNeverActivated, .deactivate),
     (.registeredNeverActivated, .register):
    self.badTransition(event: event)

[Lukasa]

Hrm, do we want allow a channel to go registered -> active -> registered -> active? I'd be inclined to want Channels to be single-use constructs.

[normanmaurer]

@Lukasa I think you are right... it should be single use.

[weissi]

agreed

[Lukasa]

This is such a weird property. I wonder if we really need it.

[weissi]

@Lukasa we use it all over the place to check if a channel has not been closed. Sure, I could introduce a isClosed property but then we'd need to guard !...isClosed which gives us the inversion always...

[Lukasa]

We have a reference cycle here, right? lifecycleManager holds a reference to self, meaning self holds a cyclic reference to self.

[weissi]

@Lukasa no because ChannelPipeline holds Channel as an unowned reference. It's totally non-obvious but has always been like this.

[Lukasa]

This should probably check the lifecycleManager directly, as it's definitionally called from on the event loop.

[weissi]

thanks, yes, forgot to record that change

[Lukasa]

Same note, we're on the event loop and can avoid the atomic.

[Lukasa]

Do we want to wrap these in convenience methods that let the states and inputs become private to lifecycleManager? e.g. self.lifecycleManager.close().

[ianpartridge]

Does this need adding to the Equatable conformance?

[weissi]

thanks @ianpartridge indeed

[normanmaurer]

Just a few style changes... Also did you run a benchmark to verify how much more costly this is with all the closures ?

[normanmaurer]

@weissi Please change to use EventLoopPromise<Void> to be consistent

[weissi]

sorry, will do

[normanmaurer]

@weissi Please change to use EventLoopPromise<Void> to be consistent

[normanmaurer]

@weissi Please change to use EventLoopPromise<Void> to be consistent

[normanmaurer]

@weissi Please change to use EventLoopPromise<Void> to be consistent

[normanmaurer]

So just to clarify this is to safe the heap allocation ? If so can you just add this to the comment ?

[Lukasa]

Is there a reason we're injecting this?

[weissi]

oh thanks, no there isn't anymore

[weissi]

@Lukasa now found the reason why this was injected: lifecycle manager is of course held mutable by the BaseSocketChannel. But we need to get to the atomic from any thread. Therefore the atomic needs to be stored on the BaseSocketChannel in a let and passed to the lifecycle manager. Sorry I did forget about that. Patch coming.

[weissi]

--> #294

[Lukasa]

Are we still sure we don't heap-allocate a closure here?

[weissi]

let me read some SIL

[weissi]

@Lukasa ok I had a look at this and it seems totally fine. SIL didn't work as the compiler kept crashing, looked at the assembly instead. To make it easier I planted to bogus fcntl calls in there just so I know where we are:

and then I traced them back in the assembly which you can find below. I marked the beginning and the end of the interesting section as well as all the CALL instructions (which could lead to allocations):

as you can see all the calls are either retain or release, some optional projections or the call to badTransition which is expected. Do you agree that this is fine?

[weissi]

hang on, something's not quite right! I can't see the calls to pipeline.becomeActive and so either. LOoking

[weissi]

ok, it's slightly more complicated but the argument holds. Let me try to paste the right way through the code here:

[weissi]

sorry about that @Lukasa but this is the best I could do but there you can see quite well a run through of what happens:

• the beginning (fcntl marker call)
• fulfill the promise
• fire channelActive
• the end (fcntl marker call)

all the CALL instructions are highlighted and none of them should allocate. So it's all good I think

[weissi]

ah, in step 4 we can also see the atomic store (to mark the channel as active) which is also important but I forgot to annotate.

[Lukasa]

Is this right? It's not clear to me that the contract of readComplete requires that it only fire on active channels. If it does, is that contract in tension with the contract that readComplete always fires after channelRead?

[normanmaurer]

I think in general it should only fire when the channel is active.

[weissi]

@Lukasa, chatted to @normanmaurer and added a test which always gets into this situation by doing

1. one successful read
2. one read that fails with ECONNRESET
3. in the errorCaught calls ctx.close to close the channel
4. sees channelInactive (from the close)
5. does not ever see channelReadComplete.

[normanmaurer]

I think this can be simplified as:

return self.currentState == .closed

[weissi]

thanks @normanmaurer it can indeed now. Used to have more states :)

[normanmaurer]

Just do:

return  self.currentState != .closed

[normanmaurer]

Can't we remove this and just use channelPipeline.eventLoop when needed ?

[normanmaurer]

why we store the pipeline here first ? So we not escape self ?

[weissi]

@normanmaurer yes so that self isn't captured. I can remove now as the @inline(_always) should make the whole closure go away anyway. Want me to?

[normanmaurer]

why not just use?:

return self.currentState == .activated

[weissi]

thanks, same here, used to be more states

[normanmaurer]

@weissi please fix the test compile error.

[weissi]

@normanmaurer sorry, should be fixed

[normanmaurer]

@weissi can you also run some benchmarks with this ?

[weissi]

@normanmaurer the same:

before:

GO
Destination: [127.0.0.1]:9999
Interface lo0 address [127.0.0.1]:0
Using interface lo0 to connect to [127.0.0.1]:9999
Ramped up to 10 connections.
Total data sent:     32351.8 MiB (33923309052 bytes)
Total data received: 32347.9 MiB (33919252327 bytes)
Bandwidth per channel: 2713.545⇅ Mbps (339193.1 kBps)
Aggregate bandwidth: 13566.911↓, 13568.534↑ Mbps
Packet rate estimate: 1208692.7↓, 1194076.8↑ (11↓, 31↑ TCP MSS/op)
Test duration: 20.0012 s.

after:

GO
Destination: [127.0.0.1]:9999
Interface lo0 address [127.0.0.1]:0
Using interface lo0 to connect to [127.0.0.1]:9999
Ramped up to 10 connections.
Total data sent:     32794.0 MiB (34387041676 bytes)
Total data received: 32788.0 MiB (34380754909 bytes)
Bandwidth per channel: 2750.181⇅ Mbps (343772.6 kBps)
Aggregate bandwidth: 13749.648↓, 13752.162↑ Mbps
Packet rate estimate: 1217976.4↓, 1214771.9↑ (11↓, 32↑ TCP MSS/op)
Test duration: 20.0039 s.

[Lukasa]

LGTM, ship it.

[normanmaurer]

@weissi thanks ... merged!