rate-limiting: Add ScheduledStartingRateLimiter#281
Conversation
As per discussion [1], this is intended to be used as a replacement for the way we offset worker request release timings today. [1] envoyproxy#219 (comment) Signed-off-by: Otto van der Schaaf <oschaaf@we-amp.com>
Signed-off-by: Otto van der Schaaf <oschaaf@we-amp.com>
|
@dubious90 please review and assign to me once done. |
dubious90
left a comment
dubious90
left a comment
There was a problem hiding this comment.
This way of implementing this feature makes a lot of sense to me. Thanks for putting this change together. A few small comments/questions.
| .Times(AtLeast(1)) | ||
| .WillRepeatedly(Return(true)); | ||
|
|
||
| if (starting_late) { |
There was a problem hiding this comment.
I'm not sure if starting_late is adding any extra coverage for this test case. This test should already be testing what happens when enough time has passed and when not enough time has passed.
There was a problem hiding this comment.
I'm not sure I follow; the intent here is to skip the scheduled delay entirely, so the first call to acquireOne() will hit the line that logs the warning that the "first acquisition attempt was late":
There was a problem hiding this comment.
Ah, okay. I didn't process the comments in line 74-76 properly when I read this code the first time. I follow now.
Is there a way to assert that the log line was actually hit? Or is this just for line code coverage?
There was a problem hiding this comment.
This is just for coverage. Unfortunately we can't really mock the logging today and I couldn't find an efficient way to assert on hitting that line
| } | ||
|
|
||
| // We should expect zero releases until it is time to start. | ||
| while (time_system.monotonicTime() < scheduled_starting_time) { |
There was a problem hiding this comment.
If this test case doesn't succeed, it will run infinitely rather than fail. Can you add in a tripping mechanism?
There was a problem hiding this comment.
The simulated time system here is guaranteed to move forward in this loop with 1ms steps we add via the call to time_system.sleep(1ms) below.. afaict this is guaranteed to terminate?
There was a problem hiding this comment.
Nevermind here. I was overcomplicated the situation in my head. Sorry about that!
source/common/rate_limiter_impl.cc
Outdated
| // about this happening in the logs. | ||
| if (!aquisition_attempted_) { | ||
| aquisition_attempted_ = true; | ||
| ENVOY_LOG(warn, "First acquisition attempt was late"); |
There was a problem hiding this comment.
Can we add in an identifier here, so this message makes more sense for a debugger who might not have context into this specific rate limiter?
Something like
ScheduledStartingRateLimiter first acquisition attempt was late
| } | ||
|
|
||
| void ScheduledStartingRateLimiter::releaseOne() { | ||
| if (timeSource().monotonicTime() < scheduled_starting_time_) { |
There was a problem hiding this comment.
I'm probably missing something, but couldn't a cancel operation (not yet implemented) result in releasing before the time arrives? What are we trying to prevent by failing here?
There was a problem hiding this comment.
Right now, it is only valid to release what has been acquired. So when we hit this, it ought to be impossible to have a preceding successful acquisition because we're not due to start yet. The intent is to catch programming mistakes early when consuming this, but possibly this is overly paranoid.. shall I remove this?
There was a problem hiding this comment.
This explanation makes sense to me. I don't think it's necessary to remove this.
dubious90
added
waiting-for-changes
Signed-off-by: Otto van der Schaaf <oschaaf@we-amp.com>
oschaaf
added
waiting-for-review
dubious90
left a comment
dubious90
left a comment
There was a problem hiding this comment.
Just one small followup left. In parallel assigning to mum4k for approval
| } | ||
|
|
||
| void ScheduledStartingRateLimiter::releaseOne() { | ||
| if (timeSource().monotonicTime() < scheduled_starting_time_) { |
There was a problem hiding this comment.
This explanation makes sense to me. I don't think it's necessary to remove this.
| .Times(AtLeast(1)) | ||
| .WillRepeatedly(Return(true)); | ||
|
|
||
| if (starting_late) { |
There was a problem hiding this comment.
Ah, okay. I didn't process the comments in line 74-76 properly when I read this code the first time. I follow now.
Is there a way to assert that the log line was actually hit? Or is this just for line code coverage?
| } | ||
|
|
||
| // We should expect zero releases until it is time to start. | ||
| while (time_system.monotonicTime() < scheduled_starting_time) { |
There was a problem hiding this comment.
Nevermind here. I was overcomplicated the situation in my head. Sorry about that!
…g-rate-limiter Signed-off-by: Otto van der Schaaf <oschaaf@we-amp.com>
3 participants
As per discussion [1], this is intended to be used as a replacement
for the way we offset worker request release timings today.
[1] #219 (comment)
Signed-off-by: Otto van der Schaaf oschaaf@we-amp.com