feat(hydro_lang)!: require explicit failure policy for TCP channels

Currently, we only offer `fail_stop` as a policy, which was the implicit default TCP guarantees thus far.

Author: shadaj

hydro_lang/src/live_collections/keyed_stream/networking.rs

@@ -61,7 +61,7 @@ impl<'a, T, L, L2, B: Boundedness, O: Ordering, R: Retries>
     where
         T: Serialize + DeserializeOwned,
     {
-        self.demux(other, TCP.bincode())
+        self.demux(other, TCP.fail_stop().bincode())
     }
 
     /// Sends each group of this stream to a specific member of a cluster, with the [`MemberId`] key
@@ -182,7 +182,7 @@ impl<'a, K, T, L, L2, B: Boundedness, O: Ordering, R: Retries>
         K: Serialize + DeserializeOwned,
         T: Serialize + DeserializeOwned,
     {
-        self.demux(other, TCP.bincode())
+        self.demux(other, TCP.fail_stop().bincode())
     }
 
     /// Sends each group of this stream to a specific member of a cluster. The input stream has a
@@ -317,7 +317,7 @@ impl<'a, T, L, L2, B: Boundedness, O: Ordering, R: Retries>
     where
         T: Serialize + DeserializeOwned,
     {
-        self.demux(other, TCP.bincode())
+        self.demux(other, TCP.fail_stop().bincode())
     }
 
     /// Sends each group of this stream at each source member to a specific member of a destination
@@ -475,7 +475,7 @@ impl<'a, K, V, L, B: Boundedness, O: Ordering, R: Retries>
         K: Serialize + DeserializeOwned,
         V: Serialize + DeserializeOwned,
     {
-        self.send(other, TCP.bincode())
+        self.send(other, TCP.fail_stop().bincode())
     }
 
     #[expect(clippy::type_complexity, reason = "compound key types with ordering")]

hydro_lang/src/live_collections/stream/mod.rs

@@ -2480,7 +2480,7 @@ mod tests {
         let numbers = first_node.source_iter(q!(0..10));
         let out_port = numbers
             .map(q!(|n| SendOverNetwork { n }))
-            .send(&second_node, TCP.bincode())
+            .send(&second_node, TCP.fail_stop().bincode())
             .send_bincode_external(&external);
 
         let nodes = flow

hydro_lang/src/live_collections/stream/networking.rs

@@ -126,7 +126,7 @@ impl<'a, T, L, B: Boundedness, O: Ordering, R: Retries> Stream<T, Process<'a, L>
     where
         T: Serialize + DeserializeOwned,
     {
-        self.send(other, TCP.bincode())
+        self.send(other, TCP.fail_stop().bincode())
     }
 
     /// "Moves" elements of this stream to a new distributed location by sending them over the network,
@@ -239,7 +239,7 @@ impl<'a, T, L, B: Boundedness, O: Ordering, R: Retries> Stream<T, Process<'a, L>
     where
         T: Clone + Serialize + DeserializeOwned,
     {
-        self.broadcast(other, TCP.bincode(), nondet_membership)
+        self.broadcast(other, TCP.fail_stop().bincode(), nondet_membership)
     }
 
     /// Broadcasts elements of this stream to all members of a cluster by sending them over the network,
@@ -429,7 +429,7 @@ impl<'a, T, L, L2, B: Boundedness, O: Ordering, R: Retries>
     where
         T: Serialize + DeserializeOwned,
     {
-        self.demux(other, TCP.bincode())
+        self.demux(other, TCP.fail_stop().bincode())
     }
 
     /// Sends elements of this stream to specific members of a cluster, identified by a [`MemberId`],
@@ -535,7 +535,7 @@ impl<'a, T, L, B: Boundedness> Stream<T, Process<'a, L>, B, TotalOrder, ExactlyO
     where
         T: Serialize + DeserializeOwned,
     {
-        self.round_robin(other, TCP.bincode(), nondet_membership)
+        self.round_robin(other, TCP.fail_stop().bincode(), nondet_membership)
     }
 
     /// Distributes elements of this stream to cluster members in a round-robin fashion, using
@@ -672,7 +672,7 @@ impl<'a, T, L, B: Boundedness> Stream<T, Cluster<'a, L>, B, TotalOrder, ExactlyO
     where
         T: Serialize + DeserializeOwned,
     {
-        self.round_robin(other, TCP.bincode(), nondet_membership)
+        self.round_robin(other, TCP.fail_stop().bincode(), nondet_membership)
     }
 
     /// Distributes elements of this stream to cluster members in a round-robin fashion, using
@@ -816,7 +816,7 @@ impl<'a, T, L, B: Boundedness, O: Ordering, R: Retries> Stream<T, Cluster<'a, L>
     where
         T: Serialize + DeserializeOwned,
     {
-        self.send(other, TCP.bincode())
+        self.send(other, TCP.fail_stop().bincode())
     }
 
     /// "Moves" elements of this stream from a cluster to a process by sending them over the network,
@@ -968,7 +968,7 @@ impl<'a, T, L, B: Boundedness, O: Ordering, R: Retries> Stream<T, Cluster<'a, L>
     where
         T: Clone + Serialize + DeserializeOwned,
     {
-        self.broadcast(other, TCP.bincode(), nondet_membership)
+        self.broadcast(other, TCP.fail_stop().bincode(), nondet_membership)
     }
 
     /// Broadcasts elements of this stream at each source member to all members of a destination
@@ -1095,7 +1095,7 @@ impl<'a, T, L, L2, B: Boundedness, O: Ordering, R: Retries>
     where
         T: Serialize + DeserializeOwned,
     {
-        self.demux(other, TCP.bincode())
+        self.demux(other, TCP.fail_stop().bincode())
     }
 
     /// Sends elements of this stream at each source member to specific members of a destination
@@ -1182,7 +1182,7 @@ mod tests {
         let (in_send, input) = node.sim_input();
 
         let out_recv = input
-            .send(&node2, TCP.bincode())
+            .send(&node2, TCP.fail_stop().bincode())
             .batch(&node2.tick(), nondet!(/** test */))
             .count()
             .all_ticks()
@@ -1210,7 +1210,7 @@ mod tests {
         let input = cluster.source_iter(q!(vec![1]));
 
         let out_recv = input
-            .send(&node, TCP.bincode())
+            .send(&node, TCP.fail_stop().bincode())
             .entries()
             .batch(&node.tick(), nondet!(/** test */))
             .all_ticks()
@@ -1243,13 +1243,13 @@ mod tests {
 
         let out_recv_1 = cluster1
             .source_iter(q!(vec![1]))
-            .send(&node, TCP.bincode())
+            .send(&node, TCP.fail_stop().bincode())
             .entries()
             .sim_output();
 
         let out_recv_2 = cluster2
             .source_iter(q!(vec![2]))
-            .send(&node, TCP.bincode())
+            .send(&node, TCP.fail_stop().bincode())
             .entries()
             .sim_output();
 
@@ -1292,9 +1292,9 @@ mod tests {
         ]));
 
         let out_recv = input
-            .demux(&cluster, TCP.bincode())
+            .demux(&cluster, TCP.fail_stop().bincode())
             .map(q!(|x| x + 1))
-            .send(&node, TCP.bincode())
+            .send(&node, TCP.fail_stop().bincode())
             .entries()
             .sim_output();
 
@@ -1320,9 +1320,9 @@ mod tests {
         let input = node.source_iter(q!(vec![123, 456]));
 
         let out_recv = input
-            .broadcast(&cluster, TCP.bincode(), nondet!(/** test */))
+            .broadcast(&cluster, TCP.fail_stop().bincode(), nondet!(/** test */))
             .map(q!(|x| x + 1))
-            .send(&node, TCP.bincode())
+            .send(&node, TCP.fail_stop().bincode())
             .entries()
             .sim_output();
 
@@ -1362,15 +1362,15 @@ mod tests {
         ]));
 
         let out_recv = input
-            .demux(&cluster, TCP.bincode())
+            .demux(&cluster, TCP.fail_stop().bincode())
             .map(q!(|x| x + 1))
             .flat_map_ordered(q!(|x| vec![
                 (MemberId::from_raw_id(0), x),
                 (MemberId::from_raw_id(1), x),
             ]))
-            .demux(&cluster, TCP.bincode())
+            .demux(&cluster, TCP.fail_stop().bincode())
             .entries()
-            .send(&node, TCP.bincode())
+            .send(&node, TCP.fail_stop().bincode())
             .entries()
             .sim_output();
 

hydro_lang/src/location/cluster.rs

@@ -195,12 +195,12 @@ mod tests {
 
         let out_recv = cluster1
             .source_iter(q!(vec![CLUSTER_SELF_ID]))
-            .send(&node, TCP.bincode())
+            .send(&node, TCP.fail_stop().bincode())
             .values()
             .interleave(
                 cluster2
                     .source_iter(q!(vec![CLUSTER_SELF_ID]))
-                    .send(&node, TCP.bincode())
+                    .send(&node, TCP.fail_stop().bincode())
                     .values(),
             )
             .sim_output();
@@ -229,7 +229,7 @@ mod tests {
             .batch(&cluster.tick(), nondet!(/** test */))
             .count()
             .all_ticks()
-            .send(&node, TCP.bincode())
+            .send(&node, TCP.fail_stop().bincode())
             .entries()
             .map(q!(|(id, v)| (id, v)))
             .sim_output();

hydro_lang/src/networking/mod.rs

@@ -34,11 +34,24 @@ pub enum NoSer {}
 #[sealed::sealed]
 trait TransportKind {}
 
+#[sealed::sealed]
+#[diagnostic::on_unimplemented(
+    message = "TCP transport requires a failure policy. For example, `TCP.fail_stop()` stops sending messages after a failed connection."
+)]
+trait TcpFailPolicy {}
+
+/// A TCP failure policy that stops sending messages after a failed connection.
+pub enum FailStop {}
+#[sealed::sealed]
+impl TcpFailPolicy for FailStop {}
+
 /// Send items across a length-delimited TCP channel.
-pub enum Tcp {}
+pub struct Tcp<F> {
+    _phantom: PhantomData<F>,
+}
 
 #[sealed::sealed]
-impl TransportKind for Tcp {}
+impl<F: TcpFailPolicy> TransportKind for Tcp<F> {}
 
 /// A networking backend implementation that supports items of type `T`.
 #[sealed::sealed]
@@ -78,6 +91,22 @@ impl<Tr: ?Sized, S: ?Sized> NetworkingConfig<Tr, S> {
     }
 }
 
+impl<S: ?Sized> NetworkingConfig<Tcp<()>, S> {
+    /// Configures the TCP transport to stop sending messages after a failed connection.
+    ///
+    /// Note that the Hydro simulator will not simulate connection failures that impact the
+    /// *liveness* of a program. If an output assertion depends on a `fail_stop` channel
+    /// making progress, that channel will not experience a failure that would cause the test to
+    /// block indefinitely. However, any *safety* issues caused by connection failures will still
+    /// be caught, such as a race condition between a failed connection and some other message.
+    pub const fn fail_stop(self) -> NetworkingConfig<Tcp<FailStop>, S> {
+        NetworkingConfig {
+            name: self.name,
+            _phantom: (PhantomData, PhantomData),
+        }
+    }
+}
+
 #[sealed::sealed]
 impl<Tr: ?Sized, S: ?Sized, T: ?Sized> NetworkFor<T> for NetworkingConfig<Tr, S>
 where
@@ -117,7 +146,7 @@ where
 }
 
 /// A network channel that uses length-delimited TCP for transport.
-pub const TCP: NetworkingConfig<Tcp, NoSer> = NetworkingConfig {
+pub const TCP: NetworkingConfig<Tcp<()>, NoSer> = NetworkingConfig {
     name: None,
     _phantom: (PhantomData, PhantomData),
 };

hydro_std/src/bench_client/mod.rs

@@ -226,7 +226,7 @@ pub fn aggregate_bench_results<'a, Client: 'a, Aggregator>(
     let keyed_throughputs = results
         .throughput
         .sample_every(q!(Duration::from_millis(interval_millis)), nondet_sampling)
-        .send(aggregator, TCP.bincode());
+        .send(aggregator, TCP.fail_stop().bincode());
 
     let latest_throughputs = keyed_throughputs.reduce(q!(
         |combined, new| {
@@ -291,7 +291,7 @@ pub fn aggregate_bench_results<'a, Client: 'a, Aggregator>(
                 histogram: latencies,
             }
         }))
-        .send(aggregator, TCP.bincode());
+        .send(aggregator, TCP.fail_stop().bincode());
 
     let most_recent_histograms = keyed_latencies
         .map(q!(|histogram| histogram.histogram.borrow().clone()))

hydro_std/src/compartmentalize.rs

@@ -28,7 +28,9 @@ impl<'a, T, C1, C2, Order: Ordering> PartitionStream<'a, T, C1, C2, Order>
     where
         T: Clone + Serialize + DeserializeOwned,
     {
-        self.map(dist_policy).demux(other, TCP.bincode()).values()
+        self.map(dist_policy)
+            .demux(other, TCP.fail_stop().bincode())
+            .values()
     }
 }
 
@@ -60,7 +62,7 @@ where
                 MemberId::from_tagless(CLUSTER_SELF_ID.clone().into_tagless()), // this is a seemingly round about way to convert from one member id tag to another.
                 b
             )))
-            .demux(other, TCP.bincode())
+            .demux(other, TCP.fail_stop().bincode())
             .values();
 
         sent.assume_ordering(
@@ -88,6 +90,6 @@ impl<'a, T, L, B: Boundedness, Order: Ordering>
     where
         T: Clone + Serialize + DeserializeOwned,
     {
-        self.send(other, TCP.bincode())
+        self.send(other, TCP.fail_stop().bincode())
     }
 }

hydro_test/src/cluster/compartmentalized_paxos.rs

@@ -277,7 +277,7 @@ fn sequence_payload<'a, P: PaxosPayload>(
             ((slot, ballot), payload)
         ))))
         .all_ticks()
-        .demux(proxy_leaders, TCP.bincode())
+        .demux(proxy_leaders, TCP.fail_stop().bincode())
         .values()
         .atomic(proxy_leader_tick);
 
@@ -305,7 +305,7 @@ fn sequence_payload<'a, P: PaxosPayload>(
             p2as
         }))
         .end_atomic()
-        .demux(acceptors, TCP.bincode())
+        .demux(acceptors, TCP.fail_stop().bincode())
         .values();
 
     let (a_log, a_to_proxy_leaders_p2b) = acceptor_p2(
@@ -336,7 +336,7 @@ fn sequence_payload<'a, P: PaxosPayload>(
     let pl_failed_p2b_to_proposer = fails
         .map(q!(|(_, ballot)| (ballot.proposer_id.clone(), ballot)))
         .inspect(q!(|(_, ballot)| println!("Failed P2b: {:?}", ballot)))
-        .demux(proposers, TCP.bincode())
+        .demux(proposers, TCP.fail_stop().bincode())
         .values();
 
     (

hydro_test/src/cluster/compute_pi.rs

@@ -29,13 +29,16 @@ pub fn compute_pi<'a>(
         )
         .all_ticks();
 
-    let estimate = trials.send(&process, TCP.bincode()).values().reduce(q!(
-        |(inside, total), (inside_batch, total_batch)| {
-            *inside += inside_batch;
-            *total += total_batch;
-        },
-        commutative = ManualProof(/* int addition is commutative */)
-    ));
+    let estimate = trials
+        .send(&process, TCP.fail_stop().bincode())
+        .values()
+        .reduce(q!(
+            |(inside, total), (inside_batch, total_batch)| {
+                *inside += inside_batch;
+                *total += total_batch;
+            },
+            commutative = ManualProof(/* int addition is commutative */)
+        ));
 
     estimate
         .sample_every(

hydro_test/src/cluster/many_to_many.rs

@@ -6,7 +6,7 @@ pub fn many_to_many<'a>(flow: &mut FlowBuilder<'a>) -> Cluster<'a, ()> {
         .source_iter(q!(0..2))
         .broadcast(
             &cluster,
-            TCP.bincode().name("m2m_broadcast"),
+            TCP.fail_stop().bincode().name("m2m_broadcast"),
             nondet!(/** test */),
         )
         .entries()