Preventing duplicate delivery due to unacknowledged event while completing the subscription #596
Conversation
…eting the subscription
| @@ -313,8 +319,24 @@ private void errorOccurred(RecordFlow triggeringFlow, Throwable t) { | |||
| } | |||
| } | |||
|
|
|||
| private void clearRecordsDeliveryQueue() { | |||
| // This method is not thread safe. This needs to be executed after acquiring lock on this.lockObject | |||
| private void clearRecordsDeliveryQueue(boolean isSubscriptionCompleting) { | |||
There was a problem hiding this comment.
This method seems to be no-op if the delivery q is empty. Just check that in the beginning and return and continue if not. Below seems more easier to read as we just clear the queue immediately and then wait instead of doing the opposite since setting isAwaitingFinalAckForCurrentSubscription to true has anyways stopped events from getting scheduled. Also we can update the method name to say clearRecordsDeliveryQueueAndWaitForSubscriberNotification() or something with more context
if (recordsDeliveryQueue.isEmpty()) {
return;
}
// This will prevent further events from getting scheduled
isAwaitingFinalAckForCurrentSubscription = true;
recordsDeliveryQueue.clear();
if(isSubscriptionCompleting) {
try {
// Wait for the configured time to get a notification for already delivered event, if any.
lockObject.wait(TIME_TO_WAIT_FOR_FINAL_ACK_MILLIS);
} catch (InterruptedException e) {
Thread.currentThread().interrupt();
}
}
// Set isAwaitingFinalAckForCurrentSubscription to default value.
isAwaitingFinalAckForCurrentSubscription = false;
There was a problem hiding this comment.
Ack. Will make changes
| try { | ||
| if (!recordsDeliveryQueue.isEmpty()) { | ||
| // Wait for the configured time to get a notification for already delivered event, if any. | ||
| lockObject.wait(TIME_TO_WAIT_FOR_FINAL_ACK_MILLIS); |
There was a problem hiding this comment.
Why are we not waiting if the delivery queue is empty. There might still be a event in which was already delivered?
There was a problem hiding this comment.
when the delivery queue is empty then it is guaranteed that there will be no valid in-flight event.
| @@ -132,6 +134,10 @@ public void notify(RecordsDeliveryAck recordsDeliveryAck) { | |||
| triggeringFlow = evictAckedEventAndScheduleNextEvent(recordsDeliveryAck); | |||
| } catch (Throwable t) { | |||
| errorOccurred(triggeringFlow, t); | |||
| } finally { | |||
| if(isAwaitingFinalAckForCurrentSubscription) { | |||
| lockObject.notifyAll(); | |||
There was a problem hiding this comment.
This is critical line, worth adding comments explaining the design.
| @@ -160,7 +166,7 @@ RecordFlow evictAckedEventAndScheduleNextEvent(RecordsDeliveryAck recordsDeliver | |||
| // Update the triggering flow for post scheduling upstream request. | |||
| flowToBeReturned = recordsRetrievedContext.getRecordFlow(); | |||
| // Try scheduling the next event in the queue, if available. | |||
| if (recordsDeliveryQueue.peek() != null) { | |||
| if (!isAwaitingFinalAckForCurrentSubscription && recordsDeliveryQueue.peek() != null) { | |||
| subscriber.onNext(recordsDeliveryQueue.peek().getRecordsRetrieved()); | |||
There was a problem hiding this comment.
given we schedule the next event under two different conditions (here and in bufferCurrentEventAndScheduleIfRequired method) , and both required isShuttingDown check, let's move out the schedule call it its own method, with the check. And add comment on why the check is necessary.
i.e. scheduleNextEvent(event) {if !pendingShutdown; then subscriber.onNext(event)}
| @@ -313,8 +319,24 @@ private void errorOccurred(RecordFlow triggeringFlow, Throwable t) { | |||
| } | |||
| } | |||
|
|
|||
| private void clearRecordsDeliveryQueue() { | |||
| // This method is not thread safe. This needs to be executed after acquiring lock on this.lockObject | |||
| private void clearRecordsDeliveryQueue(boolean isSubscriptionCompleting) { | |||
There was a problem hiding this comment.
Couple comment on this method:
Why it's necessary to introduce split-brain logic here? Do we expect queue to be full, by the time subscribeToShard call is made? That invocation seems to be backup plan. We can either pull that out to its own method, or just let the start of a new subscription wait as well.
isAwaitingFinalAck variable is tightly couple with the queue status, why not update that within the if? i.e. if !queue.isEmpty -> then set the variable, and lock.wait()
There was a problem hiding this comment.
Do we expect queue to be full, by the time subscribeToShard call is made? - Ideally no, just for precaution.
We can either pull that out to its own method - would be preferred instead of waiting
isAwaitingFinalAck variable is tightly couple with the queue status, why not update that within the if? - Updated as part of yatins comment
| @@ -82,6 +83,7 @@ | |||
| private long availableQueueSpace = 0; | |||
|
|
|||
| private BlockingQueue<RecordsRetrievedContext> recordsDeliveryQueue = new LinkedBlockingQueue<>(MAX_EVENT_BURST_FROM_SERVICE); | |||
| private boolean isAwaitingFinalAckForCurrentSubscription = false; | |||
There was a problem hiding this comment.
What do you think about introducing this variable as a more generic status indication boolean, i.e. pendingShutdown.
Waiting to get the ACK for the last submitted batch is current design, that flips the pendingShutdown status. We can later wait to drain all events in the queue etc..
There was a problem hiding this comment.
pendingShutdown might be misleading, as we are not letting know what is being shutdown. Do you think pendingCurrentSubscriptionShutdown or pendingActiveSubscriptionShutdown would be better?
| @@ -166,8 +170,8 @@ RecordFlow evictAckedEventAndScheduleNextEvent(RecordsDeliveryAck recordsDeliver | |||
| // Update the triggering flow for post scheduling upstream request. | |||
| flowToBeReturned = recordsRetrievedContext.getRecordFlow(); | |||
| // Try scheduling the next event in the queue, if available. | |||
| if (!isAwaitingFinalAckForCurrentSubscription && recordsDeliveryQueue.peek() != null) { | |||
| subscriber.onNext(recordsDeliveryQueue.peek().getRecordsRetrieved()); | |||
| if (recordsDeliveryQueue.peek() != null) { | |||
| @@ -212,6 +216,14 @@ void bufferCurrentEventAndScheduleIfRequired(RecordsRetrieved recordsRetrieved, | |||
| } | |||
| } | |||
|
|
|||
| // This method is not thread-safe. You need to acquire a lock in the caller in order to execute this. | |||
| // Schedule the next event only when the active subscription is not pending shutdown. | |||
| private void scheduleNextEvent(RecordsRetrieved recordsRetrieved) { | |||
There was a problem hiding this comment.
nit : what about checkSubscriptionStatusAndScheduleNextEvent ?
There was a problem hiding this comment.
Hmmm we might add more checks in future and we can't keep extending the name. Hence just mentioning the core functionality.
| try { | ||
| // Wait for the configured time to get a notification for already delivered event, if any. | ||
| lockObject.wait(TIME_TO_WAIT_FOR_FINAL_ACK_MILLIS); | ||
| } catch (InterruptedException e) { | ||
| Thread.currentThread().interrupt(); | ||
| } | ||
| // Clear the queue to remove any remaining entries from the queue. | ||
| recordsDeliveryQueue.clear(); |
There was a problem hiding this comment.
Why cant we clear the queue before waiting ?
There was a problem hiding this comment.
If we clear before waiting, the ack received will be marked as stale and records will be duplicated.
| recordsDeliveryQueue.clear(); | ||
| } | ||
| // Set pendingActiveSubscriptionShutdown to default value. | ||
| pendingActiveSubscriptionShutdown = false; |
There was a problem hiding this comment.
Should we log warning if pendingActiveSubscriptionShutdown is found true, or there are records in the queue?
Either of these cases points to something not working as expected, and logging status under such conditions can help us for RC'ing issues.
There was a problem hiding this comment.
yep, they will be informational.
Preventing duplicate delivery due to unacknowledged event while completing the subscription
Issue #, if available:
Description of changes:
By submitting this pull request, I confirm that you can use, modify, copy, and redistribute this contribution, under the terms of your choice.