Skip to content

client-api: Rewrite websocket loop #2906

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 30 commits into from
Jul 10, 2025
Merged

client-api: Rewrite websocket loop #2906

merged 30 commits into from
Jul 10, 2025

Conversation

kim
Copy link
Contributor

@kim kim commented Jun 26, 2025
edited
Loading

Split the websocket stream into send and receive halves and spawns a
new tokio task to handle the sending. Also move message serialization +
compression to a blocking task if the message appears to be large.

This addresses two issues:

  1. The select! loop is not blocked on sending messages, and can thus
    react to auxiliary events. Namely, when a module exits, we want to
    terminate the connection as soon as possible in order to release any
    database handles.

  2. Large outgoing messages should not occupy tokio worker threads, in
    particular when there are a large number of clients receiving large
    intial updates.

EDIT: This patch started out to address the above issues, but evolved into a rewrite as more issues where discovered. Namely:

  • logic is split into multiple functions that can be tested in isolation
  • remove unbounded ingress buffer in favor of no buffer (i.e. applying backpressure to clients in case of slow processing)
  • use an idle timer on any received packet, instead of waiting for pongs that are potentially end-of-line
  • time-bound waiting for the close handshake to complete (server-initiated close)
  • crucially, do not evaluate outstanding reducer call messages when a close handshake was already initiated
  • ensure the connection is dropped when there is an error sending or receiving
  • ensure all tasks exit when the loop exits

API and ABI breaking changes

Because there is no inbound buffering, the queue length metric will not be updated.

Expected complexity level and risk

4 - The state transitions remain hard to follow.

Testing

  • Ran a stress test with many clients and large initial updates,
    and observed no hangs / delays (which I did before this patch).
    In reconnection scenarios, all clients where disconnected timely, but
    could reconnect almost immediately.
  • Added unit-level tests

@kim
client-api: Move websocket sender to its own tokio task
e300b50 
Split the websocket stream into send and receive halves and spawns a
new tokio task to handle the sending. Also move message serialization +
compression to a blocking task if the message appears to be large.

This addresses two issues:

1. The `select!` loop is not blocked on sending messages, and can thus
   react to auxiliary events. Namely, when a module exits, we want to
   terminate the connection as soon as possible in order to release any
   database handles.

2. Large outgoing messages should not occupy tokio worker threads, in
   particular when there are a large number of clients receiving large
   intial updates.
@kim kim requested review from Centril, gefjon and jsdt June 26, 2025 18:02
kim
kim commented Jun 26, 2025
View reviewed changes
gefjon
gefjon approved these changes Jun 26, 2025
View reviewed changes
Copy link
Contributor

@gefjon gefjon left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I'd like to figure out what's going on with the SerializeBuffer and fix it before merging, but otherwise this looks good to me.

kim added 2 commits June 27, 2025 10:07
@kim
Reclaim those bytes
038aeb0
@kim
Don't send more data after sending a close frame.
b67fbd3 
Also close the messages queue after the close went through.
Accordingly, closed and exited are the same -- we can just drop incoming
messages when closed.
@kim
Copy link
Contributor Author

kim commented Jun 27, 2025

Updated to:

  • Reclaim the serialize buffer
  • Not send any more data after sending a Close frame (as mandated by the RFC)

I think that we should also clear the message queue and cancel outstanding execution futures in the latter case, but that can be left to a future change.

jsdt
jsdt reviewed Jun 27, 2025
View reviewed changes
Copy link
Contributor

@jsdt jsdt left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I looked through this for a while, and I'm still not very confident that I understand the error cases. I think we should do some bot testing with this to see what effect it has, but I think I'd like to try writing some tests for this, so we can trigger some of these tricky cases.

kim added 2 commits June 29, 2025 11:21
@kim
Use rayon instead of tokio blocking thread for serialize
7e6df49
@kim
Rewrite to use more modular stream transformers for testability
4e75fc2 
Also fixes the actual resource hog, which is that the ws_actor never
terminated because all receive errors were ignored.
@kim
Copy link
Contributor Author

kim commented Jun 30, 2025

Update to:

  • split into smaller functions that mainly transform Streams. For readability and testability.
  • actually terminate the actor loop when recv from the socket returns an error

@kim kim changed the title client-api: Move websocket sender to its own tokio task client-api: Rewrite websocket loop Jun 30, 2025
@kim
Copy link
Contributor Author

kim commented Jun 30, 2025
edited
Loading

Updated to:

  • consider that buffer reclamation can fail if the socket is already closed

  • re-introduce spawning the send loop

    This seems to be necessary in order to guarantee timely release of the database.
    I'm considering to spawn the receive end, too, so that we can get rid of the unbounded buffer + apply backpressure to clients instead.

@kim
Copy link
Contributor Author

kim commented Jun 30, 2025

Updated to:

  • spawn the receive end, too

@bfops bfops added the release-any To be landed in any release window label Jun 30, 2025
kim added 8 commits July 1, 2025 11:56
@kim
Refactor
1396eac
@kim
Propagate task panics and abort tasks on exit / unwind.
55178e7
@kim
Terminate send loop on all send errors
3c982a2
@kim
Exit select loop when send task terminates -- connection is probably bad
76f3b6b
@kim
Use idle timer instead of ping / pong.
31e0186 
Pong frames sit in line with previously sent messages, and so may not be
received in time if the server is backlogging.

We also want to time out the connection in "cable plugged" scenarios,
where the kernel doesn't consider the connection gone until
`tcp_keepalive_time`.
@kim
Add a batch of tests
abdcad1
@kim
fixup! Add a batch of tests
e5b0b96
@kim
Another batch of tests
5cf5d3b
@kim kim requested review from jsdt and joshua-spacetime and removed request for Centril July 3, 2025 13:32
@ResuBaka ResuBaka mentioned this pull request Jul 3, 2025
Closed
@kim kim requested a review from gefjon July 7, 2025 07:38
gefjon
gefjon reviewed Jul 8, 2025
View reviewed changes
Copy link
Contributor

@gefjon gefjon left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This is a huge improvement, many thanks. The tests are very encouraging. I've left a number of requests for new or expanded comments, as I'm wary that in a few months or years we'll end up with a similarly opaque tangle of logic to the previous version if multiple collaborators don't fully understand what's happening.

Because there is no inbound buffering, the queue length metric will not be updated.

Should we remove this metric? Or is that going to break our dashboards in some frustrating way?

@kim
Copy link
Contributor Author

kim commented Jul 8, 2025

Should we remove this metric?

I'd like to put this up for discussion. The effect of not buffering is that we have no or reduced visibility into a situation where the database is lagging behind. We may alternatively insert a bounded queue, where the effect on the metric is likely that the queue is reported as either full or empty. But maybe that's good enough?

gefjon
gefjon approved these changes Jul 9, 2025
View reviewed changes
Copy link
Contributor

@gefjon gefjon left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Beautiful, thanks!

@kim kim enabled auto-merge July 10, 2025 10:25
@kim kim added this pull request to the merge queue Jul 10, 2025
Merged via the queue into master with commit b63216a Jul 10, 2025
18 of 19 checks passed
@kim kim deleted the kim/ws/unblock branch July 10, 2025 11:17
mamcx pushed a commit that referenced this pull request Aug 26, 2025
@kim @gefjon @mamcx
client-api: Rewrite websocket loop (#2906)
3f11585 
Signed-off-by: Kim Altintop <[email protected]>
Co-authored-by: Phoebe Goldman <[email protected]>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@gefjon gefjon gefjon approved these changes

@jsdt jsdt Awaiting requested review from jsdt

@joshua-spacetime joshua-spacetime Awaiting requested review from joshua-spacetime

Assignees

@kim kim

Labels
release-any To be landed in any release window
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
4 participants
@kim @jsdt @gefjon @bfops