UNDERTOW-1794 DefaultAccessLogReceiver violates Closeable contract

[baranowb]

Issue: https://issues.redhat.com/browse/UNDERTOW-1794
main: #1041
2.3.x: #1825
2.2.x: #1593

[baranowb]

It might be better to use peek()+remove() here. Though Id assume follow up might be better than to alter PRs ad hoc.

[fl4via]

@baranowb because this class has concurrent access, poll is better than peek() + remove(). Between the moment we invoke peek() and the moment we invoke remove, we risk having another thread executing flushAndTerminate. This is why we need to run poll() here.

[baranowb]

There is trade off. It is possible that XNIO thread will be terminated between poll() and write(), leaking one message.
If its peek()+remove(), it might double entry, but not loose it. Its a trade off.

[fl4via]

You're right about it. My question is now is hot to prevent both scenarios. Is there some way we can synchronize just a little bit to prevent a duplicate entry in the log? I think we must prevent an output that will be considered buggy by users if someone finds a duplicate entry after shutting down the server.

[baranowb]

Not unless we control threat termination, which we dont.

[fl4via]

method must take into account that the state could change between one if and the other. So, there is a possibility that all stateUpdater checks return false.

[fl4via]

It might not be possible. Lets wait for the final version of the code of run() and close() to decide this

[fl4via]

I think it is very unlikely, but still somethiing to safeguard against. Because we are on a best effort basis in graceful shutdown when closing, we might leave the loop in line 372 still in state 2. If that occurs, we have a race when trying to write the last messages. So, it could happens that poll returns null (and it could also result in a duplicate write of the same message).

[fl4via]

as this is a new feature, merging of this PR will require synchronization with the RFE process. I'll assist in having all the process followed as fast as we can to have this merged the soonest.

[fl4via]

Yes, but only once per run. Now that this method is called per message it is no longer the adequate place for that.

[fl4via]

Probably we should add the limit to 1000 here? I think it would perform a bit better.

[fl4via]

I still stand my ground, I think the granularity of checking 1000 here performs better.

[fl4via]

I don't know what I meant by limit of 1000. I think it looks good the way it is because we are checking for rotation in run already, and, as I said, checking per message is not the ideal place for this.

[baranowb]

Big brain math....

[baranowb]

On the other hand - no one noticed :)

I cant find this one to mark it as outdated, lets reset.

[fl4via]

There are some pending issues here to consider.

[fl4via]

it is not supposed to be null, because you are checking it is not empty

[fl4via]

I might be looking too much into details here, but why peeking and removing instead of just polling?

[baranowb]

in case there is some intermitent IO failure, it should not purge entries without writing them first. Though, in such case, some overflow mechanism should be in place as well?

[baranowb]

Also "i < 1000 && !this.closed &&" checking this in loop might not be best, should be enough to loop through and check at the end IMHO

[fl4via]

I have been thinking... we still need a state for being at the finally block, as it prevents us from having more than one thread scheduling a new execution of run at the same time

[baranowb]

how? if there is nothing in pendingMessages, it does not need scheduling, if someone writes, it will be able to schedule. In reality, pendingMessages are filled before state change, so its just a race between logMessage thread and run() to schedule new execution.

[fl4via]

as a second thought, I because we verify if we can go from 1 to 2 in the beginning of the method, we can get rid of finally block because only one finally will be running

[fl4via]

I added a comment down below that we will still need state 3 to be used to keep tracking of being at finally of run)
That being said what are we trying to achieve with the new state 3? (It will have to be moved to 4 if we decide to keep it)> Are we trying to prevent run from doing anything after closed is invoked? Is that its purpose?

[fl4via]

okay, it is clearly stated in the Jira: we want to make sure that close returns only after it is fully closed. The question that remains is if we need a new state for it, I think we need so we can fully skip the rest of the execution of run() in case it is closing, without having to resort to verifying the value of close.

[baranowb]

I dont think so. Its a bit different FSM/CAS that was present before. It relied only on worker threads to dump messages even when handler has been closed and once its done close. This cant be done now since those worker threads may be disabled( upstream issue)

[fl4via]

I still stand my ground, I think the granularity of checking 1000 here performs better.

[PrarthonaPaul]

Hi @baranowb
Thanks! The PR looks good, I have added some minor comments.

[ropalka]

I approved it by mistake, I oversaw the second commit. Leaving as changes requested until all Flavia's concerns are sorted out.

[fl4via]

Please rebase the PR against main and I think you can delete the question on how is poll returning null possible. The other notes I think we can leave for future reference, unless you are certain the questions have been fully answered, in that case, the cleaner the better. Thanks for looking into this!