Refactor return and goto statements

[naglera]

Consolidate the cleanup of local variables to a single point within the method, ensuring proper resource management and p
reventing memory leaks or double-free issues.

Previoslly descused here:

• Dual channel replication #60 (comment)
• Dual channel replication #60 (comment)

[codecov]

Codecov Report

Attention: Patch coverage is 76.47059% with 40 lines in your changes missing coverage. Please review.

Project coverage is 70.64%. Comparing base (36d438b) to head (bbc498f).
Report is 7 commits behind head on unstable.

Files with missing lines	Patch %	Lines
src/replication.c	76.47%	40 Missing ⚠️

Additional details and impacted files

@@             Coverage Diff              @@
##           unstable     #945      +/-   ##
============================================
- Coverage     70.69%   70.64%   -0.05%     
============================================
  Files           114      114              
  Lines         61693    61735      +42     
============================================
+ Hits          43611    43613       +2     
- Misses        18082    18122      +40     

Files with missing lines	Coverage Δ
src/server.h	100.00% <ø> (ø)
src/replication.c	87.45% <76.47%> (-0.56%)	⬇️

... and 10 files with indirect coverage changes

[ranshid]

no cleanup needed in line 3524?

[naglera]

right

[PingXie]

I think we should consider refactoring this code further by breaking out the different if paths so each function, including fullSyncWithPrimary, is dealing with a single concern. What do you think about a skeleton function like this?

static void fullSyncWithPrimary(connection *conn) {
    char *err = NULL;

    serverAssert(conn == server.repl_rdb_transfer_s);

    if (server.repl_state == REPL_STATE_NONE) goto error;
    if (connGetState(conn) != CONN_STATE_CONNECTED) {
        serverLog(LL_WARNING, "Error condition on socket for dual channel replication: %s", connGetLastError(conn));
        goto error;
    }

    switch (server.repl_rdb_channel_state) {
        case REPL_DUAL_CHANNEL_SEND_HANDSHAKE:
            handleHandshake(conn, &err); /* TO BE FILLED OUT */
            break;
        case REPL_DUAL_CHANNEL_RECEIVE_AUTH_REPLY:
            if (server.primary_auth) {
                handleAuthReply(conn, &err);  /* TO BE FILLED OUT */
            } else {
                server.repl_rdb_channel_state = REPL_DUAL_CHANNEL_RECEIVE_REPLCONF_REPLY;
            }
            break;
        case REPL_DUAL_CHANNEL_RECEIVE_REPLCONF_REPLY:
            handleReplConfReply(conn, &err);  /* TO BE FILLED OUT */
            break;
        case REPL_DUAL_CHANNEL_RECEIVE_ENDOFF:
            handleEndOffsetResponse(conn, &err);  /* TO BE FILLED OUT */
            break;
        default:
            break;
    }

    if (err) goto error;
    return;

error:
    if (err) sdsfree(err);
    connClose(conn);
    server.repl_transfer_s = NULL;
    if (server.repl_rdb_transfer_s) {
        connClose(server.repl_rdb_transfer_s);
        server.repl_rdb_transfer_s = NULL;
    }
    if (server.repl_transfer_fd != -1) close(server.repl_transfer_fd);
    server.repl_transfer_fd = -1;
    server.repl_state = REPL_STATE_CONNECT;
    replicationAbortDualChannelSyncTransfer();
}

[naglera]

Started with setupMainConnForPsync and fullSyncWithPrimary. Do we also want to refactor syncWithPrimary?

[PingXie]

LGTM overall. My feedback is all on fit-n-finish.

[PingXie]

I like this naming scheme but can we shorten it a bit? It is a bit mouthful :)

Suggested change

	case REPL_STATE_SEND_HANDSHAKE: ret = dualChannelReplicationMainConnSendHandshake(conn, &err); break;
	case REPL_STATE_SEND_HANDSHAKE: ret = dualChanReplMainConnSendHandshake(conn, &err); break;

[PingXie]

What do you think about prefixing this function with dualChan as well?

Suggested change

	void setupMainConnForPsync(connection *conn) {
	void dualChanSetupMainConnForPsync(connection *conn) {

[naglera]

Right, I just don't like the abbreviation Channel => Chan, I don't think it is very clean.

[PingXie]

Suggested change

	ret = dualChannelReplicationMainConnReceiveCapaReply(conn, &err);
	ret = dualChanReplMainConnRecvCapaReply(conn, &err);

[PingXie]

Suggested change

	case REPL_STATE_SEND_PSYNC: ret = dualChannelReplicationMainConnSendPsync(conn, &err); break;
	case REPL_STATE_SEND_PSYNC: ret = dualChanReplMainConnSendPsync(conn, &err); break;

[PingXie]

Suggested change

	case REPL_STATE_RECEIVE_PSYNC_REPLY: ret = dualChannelReplicationMainConnReceivePsyncReply(conn, &err); break;
	case REPL_STATE_RECEIVE_PSYNC_REPLY: ret = dualChanReplMainConnRecvPsyncReply(conn, &err); break;

[PingXie]

This function is used in the dual-chan replication path only so I would think it makes more sense to prefix it too

Suggested change

	static void fullSyncWithPrimary(connection *conn);
	static void dualChanFullSyncWithPrimary(connection *conn);

[PingXie]

connection has last_errno. can we return an error string here to caller?

[naglera]

In the context of this specific function you are right, but generally while error strings can be useful for logging purposes, relying solely on them may not be the best approach. Based on my observations, there's no guarantee that the error string will always be non-NULL when error accures. Moreover last_errno could potentially be overridden by unrelated code changes, making it less reliable over time.

[PingXie]

In the context of this specific function you are right, but generally while error strings can be useful for logging purposes, relying solely on them may not be the best approach.

Right. Logging is my intent here too.

[PingXie]

there's no guarantee that the error string will always be non-NULL when error accures

I think dualChannelSetupMainConnForPsync requires a non-NULL err when C_ERR is returned - https://github.com/valkey-io/valkey/pull/945/files#diff-955c0fee32b574a1d9adb4540b8ff1564b15db9695d88a8dabc66b3c19c825daR3298

[naglera]

Right, fixing now

[PingXie]

if this function can't fail, I would suggest we null out err so we stick to a more intuitive contract, which is null err means success. Let's not leave the err state undefined (or decided by the caller).

[naglera]

I don't like the idea of relying on the error string. From my observation, it is not maintained for every error.

[PingXie]

Looks like this is another inconsistency in the existing code. Functions like sendCommand return a non-NULL error string to indicate failures already. I am fine with treating an error string returned via an outgoing parameter as "informational" and for "logging purpose only" hence optional. This should help ensure consistency.

[PingXie]

Started with setupMainConnForPsync and fullSyncWithPrimary. Do we also want to refactor syncWithPrimary?

+1 on refactoring syncWithPrimary as well but maybe do it in a separate PR? I don't have a strong opinion though (between two PRs or a combined PRs for both syncWithPrimary and fullSyncWithPrimary).

[PingXie]

Thanks @naglera! I think we are very close.

[PingXie]

I would like to see us pulling all state changes into the driver function, i.e., dualChannelFullSyncWithPrimary in this case. This way it is very easy to see all the state transitions together. I will suggest some changes in dualChannelFullSyncWithPrimary next

[naglera]

Ok nice

[PingXie]

This is what I meant by consolidating state manipulations in the "driver" function and then all the "worker" functions (such as dualChannelReplMainConnRecvCapaReply) become "stateless".

Suggested change

	case REPL_STATE_SEND_HANDSHAKE: ret = dualChannelReplMainConnSendHandshake(conn, &err); break;
	case REPL_STATE_SEND_HANDSHAKE:
	ret = dualChannelReplMainConnSendHandshake(conn, &err);
	if (ret != C_ERR) server.repl_state = REPL_STATE_RECEIVE_CAPA_REPLY;
	/* else server.repl_state = XXX; // if it makes sense */
	break;

[naglera]

sounds good

[PingXie]

Do you want to move these changes to the PR that refactors syncWithPrimary too?

[naglera]

yes, I will revert it

[PingXie]

In the context of this specific function you are right, but generally while error strings can be useful for logging purposes, relying solely on them may not be the best approach.

Right. Logging is my intent here too.

[PingXie]

Looks like this is another inconsistency in the existing code. Functions like sendCommand return a non-NULL error string to indicate failures already. I am fine with treating an error string returned via an outgoing parameter as "informational" and for "logging purpose only" hence optional. This should help ensure consistency.

[PingXie]

can we move this to where C_OK/C_ERR is defined?

[PingXie]

This looks like a bug to me. It seems the two connection objects are getting mixed up. We should zero out the RDB channel connection here, i.e., server.repl_rdb_transfer_s = NULL. Then on L2726/L2747, we should be testing the normal channel connection instead, i.e., if (server.repl_transfer_s)

[naglera]

Yeah we are trying to close repl_transfer_s twice 😅

[PingXie]

Can we fix #1088 in a separate PR first? I think we will need to backport it to Valkey 8.0

[PingXie]

I think we should only update the state upon successful returns.

[naglera]

It shouldn't matter because in case of C_ERR, we will reset the state, but I agree that it makes more sense for the reader. I'll fix it.

[PingXie]

this seems incorrect. *err is not assigned at this point. we should revert back to strerror(errno) I think.

[naglera]

right err was not assigned in this case. will fix

[PingXie]

consider adding sdsfree(err) after the error: label as well so that if we ever goto error in the future with a non-NULL err, we won't leak memory accidentally.

[PingXie]

just realize that we never consume err in dualChannelFullSyncWithPrimary, whose only job when it comes to err is to free the memory. Was a logging statement missed?

[naglera]

You're correct, we used to log it in case of an error, but after the refactor we're already logging it inside the helper functions, so there's no need to log it inside dualChannelFullSyncWithPrimary anymore. That being said, I believe we should retain the error deallocation logic within dualChannelFullSyncWithPrimary for the sake of maintaining simplicity in our code structure.

[PingXie]

there's no guarantee that the error string will always be non-NULL when error accures

I think dualChannelSetupMainConnForPsync requires a non-NULL err when C_ERR is returned - https://github.com/valkey-io/valkey/pull/945/files#diff-955c0fee32b574a1d9adb4540b8ff1564b15db9695d88a8dabc66b3c19c825daR3298

[PingXie]

missing an assignment to err? This branch if hit will break the assumption on L3298.

[naglera]

Right, it will break the log at L3298, we should be able to handle an empty err.

[PingXie]

I think I am running out of comments ... if you could resolve the last few comments, let's merge this PR. It is great refactoring.

[PingXie]

if this is unreachable, we should serverPanic

[PingXie]

I think it is a logic bug if we ever get here. should we serverPanic instead?

[PingXie]

I think we should give the error handling logic a chance to examine the err string. whether or not the error handling logic needs to consume the string is a separate concern.

Suggested change

	sdsfree(err);
	if (ret == C_ERR) goto error;
	if (ret == C_ERR) goto error;
	sdsfree(err);

[naglera]

Right so we should change the order to

    if (ret == C_ERR) goto error;
    sdsfree(err);

Also maybe we better log the error string here as well just in case we didn't log it earlier (better log twice then miss it).

[PingXie]

LGTM. Thanks @naglera!