[WIP] [#1573] Enhance degradation handler [Rust, no bindings]#1575
[WIP] [#1573] Enhance degradation handler [Rust, no bindings]#1575elBoberido wants to merge 31 commits intomainfrom
Conversation
elBoberido
force-pushed
the
iox2-1573-enhance-degradation-handler-rust-part
branch
6 times, most recently
from
e266995 to
651a740
Compare
…OperationAndFail'
elBoberido
force-pushed
the
iox2-1573-enhance-degradation-handler-rust-part
branch
from
651a740 to
74d91e3
Compare
| mgmt.channels[channel_id.value()].submission_queue.is_full() | ||
| && is_connected | ||
| && has_valid_channel_state | ||
| if is_connected && has_valid_channel_state { |
There was a problem hiding this comment.
This maybe break request response. I think the channel state corresponds to the request id and if the channel state changes at all the blocking send operation must be stopped since now a different pending response is using this channel for another request.
But I am unsure - could you try to check if this would be true? As soon as I find a space to concentrate I will try to confirm this but this maybe hard in the next hours.
There was a problem hiding this comment.
I take a look into this, but the behavior should be the same as right now
There was a problem hiding this comment.
Okay, I checked the logic and it is indeed the same as before regarding to stopping blocking operations. If any of
- mgmt.channels[channel_id.value()].submission_queue.is_full()
- is_connected
- has_valid_channel_state
is false, the wait loop will abort. The only difference is that if all three conditions are true, there is still the possibility that the handler decides to leave the wait loop.
But my initial changes are superfluous, so I change it back to have all three conditions in the same if statement
| LoanErrorInternalFailure, | ||
| /// A failure occurred while establishing a connection to the ports counterpart port. | ||
| ConnectionError, | ||
| /// The request could not be delivered |
There was a problem hiding this comment.
I think the response side is missing. It is possible that an ActiveRequest is unable to send the ResponseMut to its PendingResponse counterpart.
There was a problem hiding this comment.
Here some pictures and context: https://github.com/eclipse-iceoryx/iceoryx2/blob/main/doc/user-documentation/request-response.md
There was a problem hiding this comment.
Really? I taught it is guaranteed the the response will always be delivered?
There was a problem hiding this comment.
There is no iox2_request_send_error_e in the C bindings or a RequestSendError in the C++ bindings but the response branch of request-response seems to use the generic SendError.
| return iox2_request_send_error_e_LOAN_ERROR_INTERNAL_FAILURE; | ||
| case iox2::RequestSendError::ConnectionError: | ||
| return iox2_request_send_error_e_CONNECTION_ERROR; | ||
| case iox2::RequestSendError::UnableToDeliver: |
There was a problem hiding this comment.
Isnt here a ResponseSendError missing?
There was a problem hiding this comment.
In theory not. I had the assumption that a response can never fail, since there is no overflow for the responses and the queue is as large as the amount of active requests.
| } | ||
| DegradationAction::Fail => { | ||
| fail!(from self, with e, "Unable to establish connection to new sender {:?}.", | ||
| DegradationAction::AbortOperationAndFail => { |
There was a problem hiding this comment.
I really struggle with giving the user that option since this clearly violates the freedom of interference for me. I understand and accept that the user needs to be able to do this. But I would love to have an unsafe enum here or something comparable where a safety section (our term of safety) clearly states that this might break the freedom of intereference and the user must be cautious.
There was a problem hiding this comment.
Isn't this the same category of violation the freedom of interference like when the publisher decides not to send data anymore to any subscriber?
It is not the subscriber that is so slow that influences the other subscriber, but an deliberate act of the publisher, like stopping to send samples on Friday.
There was a problem hiding this comment.
How about this:
- rename
AbortDeliveryAndFailtoDiscardSampleAndFailandAbortOperationAndFailtoDegradeOperationAndFail DiscardSampleAndFailwould discard the sample for the receiver that blocks and try to deliver to the remaining receiversDegradeOperationAndFailwould ignore the broken connection and continue with the remaining ones- in the
sendcall, where the degradation as well as the unable to deliver handler could be called, the degradation error has a higher priority and if both occur, the initial degradation error will be returned - if an EINTR occurs, the
DegradeOperationAndFailaction will make the call fail immediately
What do you think?
elBoberido
force-pushed
the
iox2-1573-enhance-degradation-handler-rust-part
branch
2 times, most recently
from
eb8636c to
a40f2f2
Compare
elBoberido
force-pushed
the
iox2-1573-enhance-degradation-handler-rust-part
branch
2 times, most recently
from
212a8fe to
65c730a
Compare
elBoberido
force-pushed
the
iox2-1573-enhance-degradation-handler-rust-part
branch
from
65c730a to
a2aa490
Compare
2 participants
Notes for Reviewer
Pre-Review Checklist for the PR Author
Convert to draft)iox2-123-introduce-posix-ipc-example)[#123] Add posix ipc example)PR Reviewer Reminders
References
Relates to #1573