colexec: fix recent regression with cancellation of inboxes #79716
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
|
This change is |
yuzefovich
force-pushed
the
cancellation-fix
branch
from
343776a to
bb91ffe
Compare
cucaroach
approved these changes
Apr 11, 2022
There was a problem hiding this comment.
Reviewed 2 of 2 files at r1, all commit messages.
Reviewable status:complete! 1 of 0 LGTMs obtained (waiting on @michae2)
Recent change 773d9ca fixed the way inboxes handle regular query errors so that now the gRPC streams are not broken whenever a query error is encountered. However, that change introduced a regression - it is now possible that the inbox handler goroutine (the one instantiated to handle FlowStream gRPC call) never exits when the inbox is an input to the parallel unordered synchronizer. In particular, the following sequence of events can happen: 1. the reader goroutine of the inbox receives an error from the corresponding outbox 2. this error is propagated to one of the input goroutines of the unordered synchronizer via a panic. Notably, this is considered a "graceful" termination from the perspective of the gRPC stream handling, so the handler goroutine is not notified of this error, and the inbox is not closed. It is expected that the inbox will be drained which will close the handler goroutine. 3. however, the synchronizer input goroutine currently simply receives the error, propagates it to the coordinator goroutine, and exits, without performing the draining. Thus, we get into such a state that the inbox is never drained, so the handler goroutine will stay alive forever. In particular, this will block `Flow.Wait` calls, and `Flow.Cleanup` will never be called. This could leak, for example, to leaking file descriptors used by the temporary disk storage in the vectorized engine. This fix is quite simple - instead of exiting in step 3, the synchronizer's input goroutine should just proceed to draining, and only exit once draining is performed. I believe this was always the intention, but it didn't really matter until the fix in 773d9ca because draining of the inbox was a noop since the gRPC stream was prematurely broken. Release note: None
yuzefovich
force-pushed
the
cancellation-fix
branch
from
bb91ffe to
ecd6403
Compare
yuzefovich
commented
Apr 11, 2022
There was a problem hiding this comment.
Fixed a typo in the comment.
TFTR!
bors r+
Reviewable status:
michae2
approved these changes
Apr 11, 2022
|
Build succeeded: |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Recent change 773d9ca fixed the way
inboxes handle regular query errors so that now the gRPC streams are not
broken whenever a query error is encountered. However, that change
introduced a regression - it is now possible that the inbox handler
goroutine (the one instantiated to handle FlowStream gRPC call) never
exits when the inbox is an input to the parallel unordered synchronizer.
In particular, the following sequence of events can happen:
corresponding outbox
unordered synchronizer via a panic. Notably, this is considered
a "graceful" termination from the perspective of the gRPC stream
handling, so the handler goroutine is not notified of this error, and
the inbox is not closed. It is expected that the inbox will be drained
which will close the handler goroutine.
the error, propagates it to the coordinator goroutine, and exits,
without performing the draining.
Thus, we get into such a state that the inbox is never drained, so the
handler goroutine will stay alive forever. In particular, this will
block
Flow.Waitcalls, andFlow.Cleanupwill never be called. Thiscould leak, for example, to leaking file descriptors used by the
temporary disk storage in the vectorized engine.
This fix is quite simple - instead of exiting in step 3, the
synchronizer's input goroutine should just proceed to draining, and only
exit once draining is performed. I believe this was always the
intention, but it didn't really matter until the fix in
773d9ca because draining of the inbox
was a noop since the gRPC stream was prematurely broken.
Fixes: #79469.
Release note: None