Properly handling cancellation and protecting channel pool from multiple releases

Author: shorea

core/sdk-core/src/main/java/software/amazon/awssdk/core/internal/http/pipeline/stages/MakeAsyncHttpRequestStage.java

@@ -19,16 +19,12 @@
 import java.util.concurrent.CompletableFuture;
 import java.util.concurrent.Executor;
 import java.util.concurrent.RejectedExecutionException;
-import java.util.concurrent.atomic.AtomicBoolean;
 import org.reactivestreams.Publisher;
-import org.reactivestreams.Subscriber;
-import org.reactivestreams.Subscription;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
 import software.amazon.awssdk.annotations.SdkInternalApi;
 import software.amazon.awssdk.core.client.config.SdkAdvancedAsyncClientOption;
 import software.amazon.awssdk.core.client.config.SdkClientOption;
-import software.amazon.awssdk.core.exception.SdkClientException;
 import software.amazon.awssdk.core.exception.SdkException;
 import software.amazon.awssdk.core.http.HttpResponse;
 import software.amazon.awssdk.core.internal.Response;
@@ -47,8 +43,6 @@
 import software.amazon.awssdk.http.async.SdkAsyncHttpClient;
 import software.amazon.awssdk.http.async.SdkHttpRequestProvider;
 import software.amazon.awssdk.http.async.SdkHttpResponseHandler;
-import software.amazon.awssdk.utils.async.DelegatingSubscriber;
-import software.amazon.awssdk.utils.async.DelegatingSubscription;
 
 /**
  * Delegate to the HTTP implementation to make an HTTP request and receive the response.
@@ -128,7 +122,6 @@ private boolean shouldSetContentLength(SdkHttpFullRequest request, SdkHttpReques
     private class ResponseHandler implements SdkHttpResponseHandler<Response<OutputT>> {
         private final SdkHttpFullRequest request;
         private final Completable completable;
-        private final AtomicBoolean isCancelled = new AtomicBoolean(false);
 
         private volatile SdkHttpResponse response;
         private volatile boolean isSuccess = false;
@@ -157,36 +150,21 @@ public void headersReceived(SdkHttpResponse response) {
         public void onStream(Publisher<ByteBuffer> publisher) {
             if (isSuccess) {
                 // TODO handle exception as non retryable
-                responseHandler.onStream(subscriber ->
-                                             publisher.subscribe(new OnCancelSubscriber(subscriber, this::onCancel)));
+                responseHandler.onStream(publisher);
             } else {
                 errorResponseHandler.onStream(publisher);
             }
         }
 
-        /**
-         * If the subscriber cancels the subscription we treat it as an error and notify the future accordingly.
-         */
-        private void onCancel() {
-            this.isCancelled.set(true);
-            completable.completeExceptionally(SdkClientException.create("Subscriber cancelled before all events were published"));
-        }
-
         @Override
         public void exceptionOccurred(Throwable throwable) {
-            if (isCancelled.get()) {
-                return;
-            }
             // Note that we don't notify the response handler here, we do that in AsyncRetryableStage where we
             // have more context of what's going on and can deliver exceptions more reliably.
             completable.completeExceptionally(throwable);
         }
 
         @Override
         public Response<OutputT> complete() {
-            if (isCancelled.get()) {
-                return null;
-            }
             try {
                 SdkHttpFullResponse httpFullResponse = (SdkHttpFullResponse) this.response;
                 final HttpResponse httpResponse = SdkHttpResponseAdapter.adapt(false, request, httpFullResponse);
@@ -210,39 +188,6 @@ private Response<OutputT> handleResponse(HttpResponse httpResponse) {
 
     }
 
-    /**
-     * Decorator around a {@link Subscriber} to notify if a cancellation occurs.
-     */
-    private class OnCancelSubscriber extends DelegatingSubscriber<ByteBuffer, ByteBuffer> {
-
-        private final Runnable onCancel;
-
-        /**
-         * @param subscriber Subscriber to delegate to.
-         * @param onCancel Runnable to execute if a cancellation occurs.
-         */
-        private OnCancelSubscriber(Subscriber<? super ByteBuffer> subscriber, Runnable onCancel) {
-            super(subscriber);
-            this.onCancel = onCancel;
-        }
-
-        @Override
-        public void onSubscribe(Subscription subscription) {
-            super.onSubscribe(new DelegatingSubscription(subscription) {
-                @Override
-                public void cancel() {
-                    onCancel.run();
-                    super.cancel();
-                }
-            });
-        }
-
-        @Override
-        public void onNext(ByteBuffer byteBuffer) {
-            subscriber.onNext(byteBuffer);
-        }
-    }
-
     /**
      * An interface similar to {@link CompletableFuture} that may or may not dispatch completion of the future to an executor
      * service, depending on the client's configuration.

http-clients/netty-nio-client/src/main/java/software/amazon/awssdk/http/nio/netty/NettyNioAsyncHttpClient.java

@@ -53,6 +53,7 @@
 import software.amazon.awssdk.http.nio.netty.internal.HandlerRemovingChannelPool;
 import software.amazon.awssdk.http.nio.netty.internal.NettyConfiguration;
 import software.amazon.awssdk.http.nio.netty.internal.NonManagedEventLoopGroup;
+import software.amazon.awssdk.http.nio.netty.internal.ReleaseOnceChannelPool;
 import software.amazon.awssdk.http.nio.netty.internal.RequestAdapter;
 import software.amazon.awssdk.http.nio.netty.internal.RequestContext;
 import software.amazon.awssdk.http.nio.netty.internal.RunnableRequest;
@@ -147,11 +148,13 @@ protected ChannelPool newPool(URI key) {
                         .option(ChannelOption.TCP_NODELAY, true)
                         .remoteAddress(key.getHost(), key.getPort());
                 AtomicReference<ChannelPool> channelPoolRef = new AtomicReference<>();
-                channelPoolRef.set(new HandlerRemovingChannelPool(
-                    new HttpOrHttp2ChannelPool(bootstrap,
-                                               new ChannelPipelineInitializer(protocol, sslContext, maxStreams, channelPoolRef),
-                                               configuration.maxConnections(),
-                                               configuration)));
+                channelPoolRef.set(
+                    new ReleaseOnceChannelPool(
+                        new HandlerRemovingChannelPool(
+                            new HttpOrHttp2ChannelPool(bootstrap,
+                                                       new ChannelPipelineInitializer(protocol, sslContext, maxStreams, channelPoolRef),
+                                                       configuration.maxConnections(),
+                                                       configuration))));
                 return channelPoolRef.get();
             }
         };

http-clients/netty-nio-client/src/main/java/software/amazon/awssdk/http/nio/netty/internal/ReleaseOnceChannelPool.java

@@ -0,0 +1,89 @@
+/*
+ * Copyright 2018 Amazon.com, Inc. or its affiliates. All Rights Reserved.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License").
+ * You may not use this file except in compliance with the License.
+ * A copy of the License is located at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * or in the "license" file accompanying this file. This file is distributed
+ * on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either
+ * express or implied. See the License for the specific language governing
+ * permissions and limitations under the License.
+ */
+
+package software.amazon.awssdk.http.nio.netty.internal;
+
+import io.netty.channel.Channel;
+import io.netty.channel.pool.ChannelPool;
+import io.netty.channel.pool.FixedChannelPool;
+import io.netty.util.AttributeKey;
+import io.netty.util.concurrent.Future;
+import io.netty.util.concurrent.GenericFutureListener;
+import io.netty.util.concurrent.Promise;
+import io.netty.util.concurrent.SucceededFuture;
+import java.util.concurrent.atomic.AtomicBoolean;
+import software.amazon.awssdk.http.nio.netty.internal.http2.Http2MultiplexedChannelPool;
+
+/**
+ * Wrapper around a {@link ChannelPool} to protect it from having the same channel released twice. This can
+ * cause issues in {@link FixedChannelPool} and {@link Http2MultiplexedChannelPool} which has a simple
+ * mechanism to track leased connections.
+ */
+public class ReleaseOnceChannelPool implements ChannelPool {
+
+    private static final AttributeKey<AtomicBoolean> IS_RELEASED = AttributeKey.newInstance("isReleased");
+
+    private final ChannelPool delegate;
+
+    public ReleaseOnceChannelPool(ChannelPool delegate) {
+        this.delegate = delegate;
+    }
+
+    @Override
+    public Future<Channel> acquire() {
+        return delegate.acquire().addListener(onAcquire());
+    }
+
+    @Override
+    public Future<Channel> acquire(Promise<Channel> promise) {
+        return delegate.acquire(promise).addListener(onAcquire());
+    }
+
+    private GenericFutureListener<Future<Channel>> onAcquire() {
+        return future -> {
+            if(future.isSuccess()) {
+                future.getNow().attr(IS_RELEASED).set(new AtomicBoolean(false));
+            }
+        };
+    }
+
+    @Override
+    public Future<Void> release(Channel channel) {
+        if (shouldRelease(channel)) {
+            return delegate.release(channel);
+        } else {
+            return new SucceededFuture<>(channel.eventLoop(), null);
+        }
+    }
+
+    @Override
+    public Future<Void> release(Channel channel, Promise<Void> promise) {
+        if (shouldRelease(channel)) {
+            return delegate.release(channel, promise);
+        } else {
+            return promise.setSuccess(null);
+        }
+    }
+
+    private boolean shouldRelease(Channel channel) {
+        return channel.attr(IS_RELEASED).get() == null
+               || channel.attr(IS_RELEASED).get().compareAndSet(false, true);
+    }
+
+    @Override
+    public void close() {
+        delegate.close();
+    }
+}

http-clients/netty-nio-client/src/main/java/software/amazon/awssdk/http/nio/netty/internal/ResponseHandler.java

@@ -38,6 +38,7 @@
 import java.nio.ByteBuffer;
 import java.util.List;
 import java.util.Map;
+import java.util.concurrent.atomic.AtomicBoolean;
 import java.util.stream.Collectors;
 import org.reactivestreams.Publisher;
 import org.reactivestreams.Subscriber;
@@ -50,6 +51,8 @@
 import software.amazon.awssdk.http.SdkHttpResponse;
 import software.amazon.awssdk.http.nio.netty.internal.http2.Http2ResetSendingSubscription;
 import software.amazon.awssdk.utils.FunctionalUtils.UnsafeRunnable;
+import software.amazon.awssdk.utils.async.DelegatingSubscriber;
+import software.amazon.awssdk.utils.async.DelegatingSubscription;
 
 @Sharable
 @SdkInternalApi
@@ -176,6 +179,7 @@ private static class PublisherAdapter implements Publisher<ByteBuffer> {
         private final StreamedHttpResponse response;
         private final ChannelHandlerContext channelContext;
         private final RequestContext requestContext;
+        private final AtomicBoolean isCancelled = new AtomicBoolean(false);
 
         private PublisherAdapter(StreamedHttpResponse response, ChannelHandlerContext channelContext,
                                  RequestContext requestContext) {
@@ -189,13 +193,30 @@ public void subscribe(Subscriber<? super ByteBuffer> subscriber) {
             response.subscribe(new Subscriber<HttpContent>() {
                 @Override
                 public void onSubscribe(Subscription subscription) {
+                    subscriber.onSubscribe(new OnCancelSubscription(resolveSubscription(subscription),
+                                                                    this::onCancel));
+                }
+
+                private Subscription resolveSubscription(Subscription subscription) {
                     // For HTTP2 we send a RST_STREAM frame on cancel to stop the service from sending more data
                     if (Protocol.HTTP2.equals(ChannelAttributeKey.getProtocolNow(channelContext.channel()))) {
-                        subscriber.onSubscribe(new Http2ResetSendingSubscription(channelContext, subscription));
+                        return new Http2ResetSendingSubscription(channelContext, subscription);
                     } else {
                         // TODO I believe the behavior for H1 is to finish reading the data. Do we want to do this
                         // or abort the connection?
-                        subscriber.onSubscribe(subscription);
+                        return subscription;
+                    }
+                }
+
+                private void onCancel() {
+                    try {
+                        isCancelled.set(true);
+                        requestContext.handler().exceptionOccurred(new RuntimeException("Cancelled subscription"));
+                    } finally {
+                        runAndLogError("Could not release channel back to the pool",
+                                       () -> closeAndRelease(channelContext));
+                        runAndLogError("Could not release channel back to the pool",
+                                       () -> closeAndRelease(channelContext));
                     }
                 }
 
@@ -210,6 +231,9 @@ public void onNext(HttpContent httpContent) {
 
                 @Override
                 public void onError(Throwable t) {
+                    if (isCancelled.get()) {
+                        return;
+                    }
                     try {
                         runAndLogError(String.format("Subscriber %s threw an exception in onError.", subscriber.toString()),
                             () -> subscriber.onError(t));
@@ -222,6 +246,11 @@ public void onError(Throwable t) {
 
                 @Override
                 public void onComplete() {
+                    // For HTTP/2 it's possible to get an onComplete after we cancel due to the channel becoming
+                    // inactive. We guard against that here and just ignore the signal (see HandlerPublisher)
+                    if (isCancelled.get()) {
+                        return;
+                    }
                     try {
                         runAndLogError(String.format("Subscriber %s threw an exception in onComplete.", subscriber.toString()),
                                        subscriber::onComplete);
@@ -234,6 +263,25 @@ public void onComplete() {
         }
     }
 
+    /**
+     * Decorator around a {@link Subscription} to notify if a cancellation occurs.
+     */
+    private static class OnCancelSubscription extends DelegatingSubscription {
+
+        private final Runnable onCancel;
+
+        private OnCancelSubscription(Subscription subscription, Runnable onCancel) {
+            super(subscription);
+            this.onCancel = onCancel;
+        }
+
+        @Override
+        public void cancel() {
+            onCancel.run();
+            super.cancel();
+        }
+    }
+
     static class FullResponseContentPublisher implements Publisher<ByteBuffer> {
         private final ChannelHandlerContext channelContext;
         private final ByteBuffer fullContent;
@@ -277,7 +325,6 @@ public void cancel() {
         }
     }
 
-
     private static class LastHttpContentSwallower extends SimpleChannelInboundHandler<HttpObject> {
 
         @Override

http-clients/netty-nio-client/src/main/java/software/amazon/awssdk/http/nio/netty/internal/http2/Http2MultiplexedChannelPool.java

@@ -126,7 +126,12 @@ public Future<Void> release(Channel channel, Promise<Void> promise) {
     private void release0(Channel channel, Promise<Void> promise) {
         if (channel.parent() == null) {
             // This is the socket channel, close and release from underlying connection pool
-            releaseParentChannel(channel);
+            try {
+                releaseParentChannel(channel);
+            } finally {
+                // This channel doesn't technically belong to this pool as it was never acquired directly
+                promise.setFailure(new IllegalArgumentException("Channel does not belong to this pool"));
+            }
         } else {
             Channel parentChannel = channel.parent();
             MultiplexedChannelRecord channelRecord = parentChannel.attr(CHANNEL_POOL_RECORD).get();