[http] Remove exceptions from HTTP/1 codec callbacks

[asraa]

Commit Message: Remove exceptions from HTTP/1 codec callbacks. Replaces with http_parser exit codes that indicate failure. codec_status_ propagates the error.

Additional Description:

• I know the diff is slightly messy but the principles I abided by were: Replace throw with setting codec_status_, immediately return and propagate return up to callback with an error exit code, always ASSERT(dispatching_) in the body of the method that throws, always ASSERT(codec_status_.ok()) before setting the codec status.
• The remaining exception is in encodeHeaders, which I will need to replace with ENVOY_BUG
• I audited for throws in the includes for this file and did not find anything used in the codec_impl, but I will need to do another pass.
• This is just part 1 of my HTTP/1 PRs. Part 2 is exception to error handling for encodeHeaders and any other utility functions. This is just a PR to stage.

Testing: Tests pass, codec_impl_fuzz_test has been running for a few minutes.
Risk level: Medium, this should do nothing but is a codec behavior change.
Issues: #10878

Signed-off-by: Asra Ali asraa@google.com

[mattklein123]

The remaining exception is in encodeHeaders, which I will need to replace with better error handling since the throw is not caught in a separate PR.

Just to make sure we are all on the same page, what is the plan for the "application error" exceptions? I don't really know what the caller would do with an error other than crash, and adding return code from encodeHeaders would be a larger change. Can we just PANIC/RELEASE_ASSERT in those cases for now?

[asraa]

Can we just PANIC/RELEASE_ASSERT in those cases for now?

Hmm yeah I'm happy to RELEASE_ASSERT, since that's preserving existing behavior, but I think I had some feedback to change this as I remove exceptions. Would you imagine some error status handling in sendLocalReply and other callers of encodeHeaders? @alyssawilk @antoniovicente What do you think?

[mattklein123]

Would you imagine some error status handling in sendLocalReply and other callers of encodeHeaders?

I honestly don't know what that would be. If we insist in not crashing in these cases the only thing I can think of to do would be to ASSERT and then continue on to fill in some default values or something.

[jmarantz]

I feel like the global capture could have unexpected costs as the code evolves. I think it's OK for tests, but WDYT of making this prod code explicitly capture what it needs?

[asraa]

I'm unfamiliar with this code, but I think the reason why it was written like that was because client/server would need to capture a disjoint set of things. Could pass both active request/pending response in, I can try to

[jmarantz]

oh, sorry. I misread the diff and thought you had added this. I'm not crazy about it but it's pre-existing so lgtm.

[jmarantz]

did you plan to leave this in? If so, can you include the URL?

[asraa]

done -- but actually this was useful for debugging. What do you think about adding logging statements when the codec_status_ sets an error?

This ends up getting logged when onData calls dispatch, but that was too late for any codec level test debugging. At that point I might want to wrap the whole pattern of

ASSERT(codec_status_.ok());
codec_status_ = .... ;
ENVOY_LOG_MISC(trace, codec_status_.message);

into one thing.

[jmarantz]

When debugging something in the heat of the moment, more logs are great, as long as the quantity of logs doesn't become a problem. I only suggest that if there's a URL to log, we include that.

[alyssawilk]

Sounds like a perfect use of ENVOY_BUG (assert in debug mode, log error with N^2 backoff in opt) with error handling - wasn't someone going to look into that this quarter?

…

On Thu, May 7, 2020 at 2:58 PM Matt Klein ***@***.***> wrote: Would you imagine some error status handling in sendLocalReply and other callers of encodeHeaders? I honestly don't know what that would be. If we insist in not crashing in these cases the only thing I can think of to do would be to ASSERT and then continue on to fill in some default values or something. — You are receiving this because you were mentioned. Reply to this email directly, view it on GitHub <#11101 (comment)>, or unsubscribe <https://github.com/notifications/unsubscribe-auth/AELALPNPOXAIKHJDKEXS5WDRQMAEXANCNFSM4M3P56KQ> .

[mattklein123]

Sounds like a perfect use of ENVOY_BUG (assert in debug mode, log error
with N^2 backoff in opt) with error handling - wasn't someone going to look
into that this quarter?

Yes, agreed, if there is a sane default behavior we can agree on this is a fine use case of that paradigm IMO.

[mattklein123]

Thanks this LGTM at a high level so will defer to others for detailed review. Nice work!

[jmarantz]

basically looks great, modulo the [&] capture and some commenting around the significance of the specific status codes ints.

[jmarantz]

put in the comment here where these constants come from, and maybe that they need to not overlap with standard HTTP Status codes?

[asraa]

done

[jmarantz]

Thanks -- one clarification: you said "These codes do not overlap with standard HTTP Status codes". Is it also correct to strengthen that to "These codes must not overlap with standard HTTP Status codes"? Or are they unrelated?

[asraa]

Unrelated. They're return values for the user defined callbacks for the parser, so they don't do anything but signal execution flow for the parser.

[asraa]

Maybe "The use of these codes are distinct from standard HTTP Status codes"

[jmarantz]

/wait

[jmarantz]

/azp run

[azure-pipelines]

Azure Pipelines successfully started running 1 pipeline(s), but failed to run 2 pipeline(s).