-
Notifications
You must be signed in to change notification settings - Fork 134
/
Copy pathlimiter.go
305 lines (279 loc) · 11.4 KB
/
limiter.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
// Package pahlimiter contains a PollAndHistoryLimiter, used to share resources between polls and history loading,
// to prevent flooding the server with history requests that will not complete in a reasonable time.
package pahlimiter
import (
"context"
"errors"
"sync"
)
type (
// PollAndHistoryLimiter defines an interface used to share request resources between pollers and history iterator
// funcs, to prevent unsustainable growth of history-loading requests.
//
// this is intended to be used with other poller limiters and retry backoffs, not on its own.
//
// implementations include:
// - NewUnlimited (historical behavior, a noop)
// - NewHistoryLimited (limits history requests, does not limit polls)
// - NewWeighted (history requests "consume" poll requests, and can reduce or stop polls)
PollAndHistoryLimiter interface {
// Poll will try to acquire a poll resource,
// blocking until it succeeds or the context is canceled.
//
// The done func will release the resource - it will always be returned and can be called multiple times,
// only the first will have an effect.
// TODO: see if this is necessary... but it's easy and safe.
Poll(context.Context) (ok bool, done func())
// GetHistory will try to acquire a history-downloading resource,
// blocking until it succeeds or the context is canceled.
//
// The done func will release the resource - it will always be returned and can be called multiple times,
// only the first will have an effect.
// TODO: see if this is necessary... but it's easy and safe.
GetHistory(context.Context) (ok bool, done func())
// Close will clean up any resources, call at worker shutdown.
// This blocks until they are cleaned up.
Close()
}
unlimited struct{}
history struct {
tokens chan struct{} // sized at startup
}
weighted struct {
stopOnce sync.Once
// close to clean up resources
stop chan struct{}
// closed when cleaned up
stopped chan struct{}
// used to signal history requests starting and stopping
historyStart, historyDone chan struct{}
// used to signal poll requests starting and stopping
pollStart, pollDone chan struct{}
}
)
var _ PollAndHistoryLimiter = (*unlimited)(nil)
var _ PollAndHistoryLimiter = (*history)(nil)
var _ PollAndHistoryLimiter = (*weighted)(nil)
// NewUnlimited creates a new "unlimited" poll-and-history limiter, which does not constrain either operation.
// This is the default, historical behavior.
func NewUnlimited() (PollAndHistoryLimiter, error) {
return (*unlimited)(nil), nil
}
func (*unlimited) Poll(_ context.Context) (ok bool, done func()) { return true, func() {} }
func (*unlimited) GetHistory(_ context.Context) (ok bool, done func()) { return true, func() {} }
func (*unlimited) Close() {}
// NewHistoryLimited creates a simple limiter, which allows a specified number of concurrent history requests,
// and does not limit polls at all.
//
// This implementation is NOT expected to be used widely, but it exists as a trivially-safe fallback implementation
// that will still behave better than the historical default.
//
// This is very simple and should be sufficient to stop request floods during rate-limiting with many pending decision
// tasks, but seems likely to allow too many workflows to *attempt* to make progress on a host, starving progress
// when the sticky cache is higher than this size and leading to interrupted or timed out decision tasks.
func NewHistoryLimited(concurrentHistoryRequests int) (PollAndHistoryLimiter, error) {
l := &history{
tokens: make(chan struct{}, concurrentHistoryRequests),
}
// fill the token buffer
for i := 0; i < concurrentHistoryRequests; i++ {
l.tokens <- struct{}{}
}
return l, nil
}
func (p *history) Poll(_ context.Context) (ok bool, done func()) { return true, func() {} }
func (p *history) Close() {}
func (p *history) GetHistory(ctx context.Context) (ok bool, done func()) {
select {
case <-p.tokens:
var once sync.Once
return true, func() {
once.Do(func() {
p.tokens <- struct{}{}
})
}
case <-ctx.Done():
return false, func() {} // canceled, nothing to release
}
}
// NewWeighted creates a new "weighted" poll-and-handler limiter, which shares resources between history requests
// and polls.
//
// Each running poll or history request consumes its weight in total available (capped at max) resources, and one
// request type is allowed to reduce resources for or starve the other completely.
//
// Since this runs "inside" other poller limiting, having equal or lesser poll-resources than the poller limiter
// will allow history requests to block polls... and if history weights are lower, they can perpetually starve polls
// by not releasing enough resources.
//
// **This is intended behavior**, as it can be used to cause a heavily-history-loading worker to stop pulling more
// workflows that may also need their history loaded, until some resources free up.
//
// ---
//
// The reverse situation, where history resources cannot prevent polls, may lead to some undesirable behavior.
// Continually adding workflows while not allowing them to pull history degrades to NewHistoryLimited behavior:
// it is easily possible to have hundreds or thousands of workflows trying to load history, but few or none of them
// are allowed through this limiter to actually perform that request.
//
// In this situation it will still limit the number of actual concurrent requests to load history, but with a very
// large increase in complexity. If you want this, strongly consider just using NewHistoryLimited.
//
// ---
//
// All that said: this is NOT built to be a reliable blocker of polls for at least two reasons:
// - History iterators do not hold their resources between loading (and executing) pages of history, causing a gap
// where a poller could claim resources despite the service being "too busy" loading history from a human's view.
// - History iterators race with polls. If enough resources are available and both possibilities can be satisfied,
// Go chooses fairly between them.
//
// To reduce the chance of this happening, keep history weights relatively small compared to polls, so many concurrent
// workflows loading history will be unlikely to free up enough resources for a poll to occur.
func NewWeighted(pollRequestWeight, historyRequestWeight, maxResources int) (PollAndHistoryLimiter, error) {
if historyRequestWeight > maxResources || pollRequestWeight > maxResources {
return nil, errors.New("weights must be less than max resources, or no requests can be sent")
}
l := &weighted{
stopOnce: sync.Once{},
stop: make(chan struct{}),
stopped: make(chan struct{}),
historyStart: make(chan struct{}),
historyDone: make(chan struct{}),
pollStart: make(chan struct{}),
pollDone: make(chan struct{}),
}
l.init(pollRequestWeight, historyRequestWeight, maxResources)
return l, nil
}
func (p *weighted) init(pollRequestWeight, historyRequestWeight, maxResources int) {
// mutated only by the actor goroutine
available := maxResources
// start an actor-goroutine to simplify concurrency logic with many possibilities at any time.
// all logic is decided single-threaded, run by this goroutine, and every operation (except stop) is blocking.
//
// this actor only sends to history/poll channels.
// modifying functions only read from them.
// both read from "stop" and "stopped".
//
// - by reading from a channel, the caller has successfully acquired or released resources, and it can immediately proceed.
// - by sending on a channel, this actor has observed that resources are changed, and it must update its state.
// - by closing `p.stop`, this limiter will stop reading from channels.
// - ALL channel operations (except stop) will block forever.
// - this means "xDone" resource-releasing must also read from `p.stop`.
// - because `p.stop` races with other channel operations, stop DOES NOT guarantee no further polls will start,
// even on the same goroutine, until `Close()` returns.
// - this is one reason why `Close()` waits for the actor to exit. without it, you do not have sequential
// logic guarantees.
// - you can `Close()` any number of times from any goroutines, all calls will wait for the actor to stop.
//
// all operations are "fast", and it must remain this way.
// callers block while waiting on this actor, including when releasing resources.
go func() {
defer func() { close(p.stopped) }()
for {
// every branch must:
// 1. read from `p.stop`, so this limiter can be stopped.
// 2. write to "done" chans, so resources can be freed.
// 3. optionally write to "start" chans, so resources can be acquired
//
// doing otherwise for any reason risks deadlocks or invalid resource values.
if available >= pollRequestWeight && available >= historyRequestWeight {
// resources available for either == wait for either
select {
case <-p.stop:
return
case p.historyStart <- struct{}{}:
available -= historyRequestWeight
case p.pollStart <- struct{}{}:
available -= pollRequestWeight
case p.historyDone <- struct{}{}:
available += historyRequestWeight
case p.pollDone <- struct{}{}:
available += pollRequestWeight
}
} else if available >= pollRequestWeight && available < historyRequestWeight {
// only poll resources available
select {
case <-p.stop:
return
// case p.historyStart <- struct{}{}: // insufficient resources
case p.pollStart <- struct{}{}:
available -= pollRequestWeight
case p.historyDone <- struct{}{}:
available += historyRequestWeight
case p.pollDone <- struct{}{}:
available += pollRequestWeight
}
} else if available < pollRequestWeight && available >= historyRequestWeight {
// only history resources available
select {
case <-p.stop:
return
case p.historyStart <- struct{}{}:
available -= historyRequestWeight
// case p.pollStart <- struct{}{}: // insufficient resources
case p.historyDone <- struct{}{}:
available += historyRequestWeight
case p.pollDone <- struct{}{}:
available += pollRequestWeight
}
} else {
// no resources for either, wait for something to finish
select {
case <-p.stop:
return
// case p.historyStart <- struct{}{}: // insufficient resources
// case p.pollStart <- struct{}{}: // insufficient resources
case p.historyDone <- struct{}{}:
available += historyRequestWeight
case p.pollDone <- struct{}{}:
available += pollRequestWeight
}
}
}
}()
}
func (p *weighted) Close() {
p.stopOnce.Do(func() {
close(p.stop)
})
<-p.stopped
}
func (p *weighted) Poll(ctx context.Context) (ok bool, done func()) {
select {
case <-ctx.Done():
return false, func() {} // canceled
case <-p.stop:
return false, func() {} // shutting down
case <-p.pollStart:
// resource acquired
var once sync.Once
return true, func() {
once.Do(func() {
select {
case <-p.pollDone: // released
case <-p.stop: // shutting down
}
})
}
}
}
func (p *weighted) GetHistory(ctx context.Context) (ok bool, done func()) {
select {
case <-ctx.Done():
return false, func() {} // canceled
case <-p.stop:
return false, func() {} // shutting down
case <-p.historyStart:
// resource acquired
var once sync.Once
return true, func() {
once.Do(func() {
select {
case <-p.historyDone: // released
case <-p.stop: // shutting down
}
})
}
}
}