Add EndpointAPI.wait_until_connected_to

[pipermerriam]

• builds on Combine inbound and outbound connection concepts #85

What was wrong?

Needed a non-polling mechanism to wait for a connection.

How was it fixed?

Additive changes to our connections are now guarded with an asyncio.Condition. This allows implementation of wait_until_connected_to in a non-polling manner. After the initial connection check, the API waits for an update to the connection before checking again.

Cute Animal Picture

[pipermerriam]

I've got some PR stacking going on here. This contains the diff from 3 PRs, only latest commit is relevant.

[lithp]

Don't know whether you intentionally didn't use this, but if you push the first two commits to this repo under a branch you can then set the base branch of this PR so that the diff only shows the last commit. Just have to remember to set the base back to master once the preceding PRs have been merged!

[pipermerriam]

@lithp since this stretches across forks, that results in the PR being only open in my fork which lacks visibility. Maybe I should just open these as drafts so that there's less confusion and they can be reviewed sequentially as they get merged and rebased.

[lithp]

Love this API 😍

[lithp]

It might be a little cleaner to replace this finally block with another task.add_done_callback(self._half_connections.remote(remote)) inside _accept_conn.

[lithp]

Why does this suppress CancelledError? I think that in this situation it's okay but letting it propagate up is safer.

From the docs:

cancelled() can be used to check if the Task was cancelled. The method returns True if the wrapped coroutine did not suppress the CancelledError exception and was actually cancelled.

Suppressing the error prevents callers of _handle_client which didn't use ensure_future from knowing they've been cancelled, and it also prevents other callers of _handle_client from determining whether the coro stopped because of cancellation. Neither kind of caller exists right now but this still seems like unexpected behavior.

[lithp]

Left some comments, esp one about suppressing CancellationError, but no major complaints here (only looking at the last commit). One potential source of errors here is that the code which adds to _half_connections is fairly removed from the code which removes from it (and same with _full_connections). It'd be nice if there was some way of bringing them closer together.

[pipermerriam]

@lithp I had to make some structural changes to fix a race condition where subscription updates could end up not transmitting if they occured at a specific timing during the connection. Would like one more pass if you will.

[pipermerriam]

can/should extract to standalone.

[pipermerriam]

@lithp can you confirm this should be how this is structured or do you think it's ok to send the Ack after we've released the lock...

[lithp]

I think it's fine to send the Ack from outside the lock's block, and maybe even preferable! The Condition is there to coordinate the local process, since the remote process doesn't even know about this Condition I don't think that releasing the lock first could create any race conditions.

[pipermerriam]

@lithp can you confirm this is ok according to your understanding of conditions. rather than release and then re-acquire at the entrance to each loop, we eliminate this and only switch on the release/acquire that happens as part of the wait call.

[lithp]

This looks good to me!

[pipermerriam]

Didn't intend to relocate this but I think I like it here better. Need to add some comments to deliniate the body of this class more clearly but I'll do that as a cleanup PR since re-organizing makes code hard to audit.

TODO: revert this move.

[pipermerriam]

TODO: remove this method and inline it to _process_subscription_updates since we never want anyone to call this directly.

[pipermerriam]

@lithp Needed this to ensure we don't end up with concurrent subscription updates being sent out since it's possible that they arrive out of order in that case and then the other side will have potentially in-accurate subscription records.

TOOD: add a code comment explaining this.

[lithp]

How would they arrive out of order? Domain sockets always deliver messages in order and _notify_lock ensures there's only one update per socket happening at any time.

[pipermerriam]

I started undoing this but then stopped as I'm inclined to leave it this way. Here's my reasoning.

1. we end up needing to do subscription updates from synchronous methods with the addition of subscribe_nowait which seems to be a necessary API.
2. I'm much more comfortable with that method doing a Queue.put_nowait than I am adding an additional call to asyncio.ensure_future(self._notify_subscription_updates()).
3. I think that the asyncio.Condition based approach is more appropriate and under that approach we still need a background process to listen for changes. The various branches that I have in progress have made good use of that Condition API.

I'm fine unrolling this if you're still not convinced at the point where the trio based endpoint is being added to the library.

[pipermerriam]

TODO: extract to standalone.

[lithp]

The comment just above this line isn't quite right anymore: "Alert the Endpoint which has connected to us that our subscription set has changed." Since RemoteEndpoint now handles both inbound and outbound this should be something like "Alert the remote that this endpoint's subscription set has changed"

[lithp]

These could be initialized in __init__ which would save you from needing to declare them at the beginning of this class and would also make it easier to reason about the potential for None dereferences.

The await *.running() pattern sounds like it could be pulled out into a helper which removes the potentially None instance attribute entirely. Something like await self.start_coro(self._process_subscription_updates) which doesn't return until the coro has started.

[pipermerriam]

I'm going to leave this for now and open an issue to track as I've seen this issue arising as well but I don't want to conflate this PR with an extra fix that I'm not sure I know the right solution for.

[pipermerriam]

#106

[lithp]

As of this change _handle_client and _handle_server are the same method and together they constitute the only callers of run_remote_endpoint. Maybe they could all be merged into one method (untested):

async def run_remote_endpoint(remote: RemoteEndpoint) -> None
    await remote.start()
    try:
        await remote.wait_stopped()
    finally:
        await remote.stop()

[pipermerriam]

good catch.

[lithp]

I can't figure out from these comments what the problem with missed updates was so it's possible that this is the best solution and I'm willing to be talked into approving, but this solution is very heavyweight!

This method with _subscription_updates_condition which uses a single coro to do the notifications has the effect of serializing all updates across all remote endpoints. It's not only a lot of code but it's also much slower than it needs to be! I think that in most cases the endpoint doesn't need to block at all, it's okay if we take a while to inform the remotes of the messages we're expecting, because endpoints already drop all messages which occurred before the endpoint started listening for them.

Blocking before returning from connect_to_endpoint and stream was added to make it easier to write tests. Once those methods return the caller is able to call broadcast() on other endpoints and be sure the message will be sent.

I'm not sure what was causing the dropped updates but I'm hoping there's a different way to fix it, and adding sleep() calls to the tests sounds preferable to the complication of putting this condition everywhere the endpoint might update a subscription, and adding a queue and a coro to allow asynchronously updating subscriptions. I think this change tips this class over into the territory where it's too scary to touch, which will slow down the API improvements I think we plan on adding in the future.

[lithp]

Ahh, okay, I see the problem now, _add_half_connection blocks when it tries to acquire connections_changed so there's a period in time where the remote isn't receiving subscription updates. Double-sending the same set of subscriptions has a very small cost though! And I think that trying not to send it introduced greater inefficiencies elsewhere, serializing all updates isn't cheap!

[pipermerriam]

(I thought I responded to this somewhere but I don't see it)

I'm inclined to leave it this way because it correctly manages the appropriate locks on the resource, where-as the other mechanism solves the problem through indirection. First, I think the overall cost here is low because our usage patterns for the library don't involve adding new connections at a high frequency. Second, doing it the alternate way of inverting these statements seems like a solution that could easily be undone incidentally in a refactor since it's an implicit solution.

[pipermerriam]

I've been futzing with this code for days so it's a bit muddled in my head but one thing that makes me prefer this approach is that it I'd "correct" in the sense that it properly maintains the necessary resource locks. The alternative one of double sending is likely also adequate in fixing the bug but it does so through some insurrection which I think means more mental overhead since it's no longer trivial to do things like grep the code for all of the places the resource is modified by looking for the places it gets locked. Sent from ProtonMail mobile

…

-------- Original Message --------

On May 28, 2019, 6:49 PM, Brian Cloutier wrote: @lithp commented on this pull request. --------------------------------------------------------------- In [lahja/asyncio/endpoint.py](#86 (comment)): > self._server_tasks.add(task) - # the Endpoint on the other end blocks until it receives this message - await remote.notify_subscriptions_updated(self.subscribed_events) + await remote.wait_started() + + # we **must** ensure that the subscription updates are locked between + # the time that we manually update this individual connection and that + # we place it within the set of tracked connections, otherwise, a + # subscription update from elsewhere can occur between the time these + # two statements execute resulting in the remote missing a new + # subscription update. Note that inverting these statements should + # also mitigate this, but it has the downside of the manual update + # potentially being redundant. + async with self._subscription_updates_condition: + await remote.notify_subscriptions_updated(self.subscribed_events) + await self._add_half_connection(remote) Ahh, okay, I see the problem now, _add_half_connection blocks when it tries to acquire connections_changed so there's a period in time where the remote isn't receiving subscription updates. Double-sending the same set of subscriptions has a very small cost though! And I think that trying not to send it introduced greater inefficiencies elsewhere, serializing all updates isn't cheap! — You are receiving this because you authored the thread. Reply to this email directly, [view it on GitHub](#86?email_source=notifications&email_token=AAGJHAWLNRGDNTX7BZ3TAQDPXXHJNA5CNFSM4HPO2UA2YY3PNVWWK3TUL52HS4DFWFIHK3DMKJSXC5LFON2FEZLWNFSXPKTDN5WW2ZLOORPWSZGOBZ542WQ#pullrequestreview-242994522), or [mute the thread](https://github.com/notifications/unsubscribe-auth/AAGJHAWPH3UM3ZG5XLWJNC3PXXHJNANCNFSM4HPO2UAQ).

[pipermerriam]

@lithp lets do a call later today when we're both online and see if we can find something that works for both of us.

• We need something that can work from synchronous methods as both Subscription.remove and EndpointAPI.subscribe_nowait need to be able to trigger subscription updates.
• I don't like using asyncio.ensure_future(...) as the mechanism for handling the synchronous context problem.
• I am pretty sure that a Condition based approach is justified as I've spent some serious time debugging race conditions over the last week around subscriptions not being properly updated and while I know we can achieve working code without the locks, I'm not excited about such solutions.

[pipermerriam]

replaced by #110 and #108