websocket: prevent deadlocks #407
Conversation
HaraldNordgren
requested review from
StevenACoffman,
benjaminjkraft,
csilvers and
dnerdy
as code owners
HaraldNordgren
force-pushed
the
TestSubscriptionClose_flake
branch
from
c5e0355 to
845628c
Compare
HaraldNordgren
force-pushed
the
TestSubscriptionClose_flake
branch
6 times, most recently
from
452d39f to
c3c0cc0
Compare
HaraldNordgren
force-pushed
the
TestSubscriptionClose_flake
branch
from
c3c0cc0 to
50ba8c0
Compare
|
I repeatedly amended and pushed my commit to re-run the tests. The 8th time it failed, it seems there is a deadlock in the code. |
HaraldNordgren
force-pushed
the
TestSubscriptionClose_flake
branch
5 times, most recently
from
21e0698 to
24ed421
Compare
HaraldNordgren
changed the title
HaraldNordgren
force-pushed
the
TestSubscriptionClose_flake
branch
2 times, most recently
from
0af0f08 to
366f1f3
Compare
HaraldNordgren
force-pushed
the
TestSubscriptionClose_flake
branch
from
366f1f3 to
50ba8c0
Compare
HaraldNordgren
force-pushed
the
TestSubscriptionClose_flake
branch
3 times, most recently
from
fa5ed52 to
e4b8869
Compare
HaraldNordgren
force-pushed
the
TestSubscriptionClose_flake
branch
2 times, most recently
from
034b115 to
f97ba73
Compare
HaraldNordgren
force-pushed
the
TestSubscriptionClose_flake
branch
from
f97ba73 to
2523e2a
Compare
|
Hi @benjaminjkraft, I'm at a bit of a loss here. The deadlock in the tests seems going be stemming from the forwardData will still holding a lock. However, deleting it exposes a situation where we can end up writing on a closed channel. That gives a panic which could be caught and ignored. But that seems like a very bad way to handle problems. There seems to be an inherent race condition between checking isClosing and actually using channel. It's seems tricky to actually make this atomic. Do you have any ideas? |
HaraldNordgren
force-pushed
the
TestSubscriptionClose_flake
branch
2 times, most recently
from
210caa3 to
a984656
Compare
HaraldNordgren
force-pushed
the
TestSubscriptionClose_flake
branch
4 times, most recently
from
b56cbd8 to
d6b326f
Compare
HaraldNordgren
force-pushed
the
TestSubscriptionClose_flake
branch
from
d6b326f to
f9a5e5d
Compare
HaraldNordgren
changed the title
HaraldNordgren
force-pushed
the
TestSubscriptionClose_flake
branch
7 times, most recently
from
2fa4559 to
01125ae
Compare
HaraldNordgren
force-pushed
the
TestSubscriptionClose_flake
branch
from
01125ae to
9f24ffc
Compare
HaraldNordgren
force-pushed
the
TestSubscriptionClose_flake
branch
2 times, most recently
from
bcce435 to
9f24ffc
Compare
benjaminjkraft
left a comment
benjaminjkraft
left a comment
There was a problem hiding this comment.
Hmm, this gets kinda complicated. I would need to think some more to see if I think it's right (for example I sure don't recall the rules for atomics). It feels like it's just sweeping problems under the rug.
I was too lazy to think so I gave this to Claude, who refactored to have just one lock (in the client); this passes the tests at least and seems less likely to have a hidden deadlock, although I'm not sure if I fully understand what invariants we need to ensure. Does having two actually let us be meaningfully more granular? (Or, can we ensure we always take the two locks out in some order? And we should probably regardless ensure we never hold a lock during network operations or calls to user-controlled code.)
|
@benjaminjkraft Makes sense, I added some comment on the PR. Thanks for the help! ❤️ |
2 participants
Follow-up to #402 (comment).