Fix deadlock caused by race while signal receivers are stopping #1220
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
A user reported a possible deadlock within the signal receivers (uber-go#1219). This happens by: * `(*signalReceivers).Stop()` is called, by Shutdowner for instance. * `(*signalReceivers).Stop()` acquires the lock. * Separately, an OS signal is sent to the program. * There is a chance that `relayer()` is still running at this point if `(*signalReceivers).Stop()` has not yet sent along the `shutdown` channel. * The relayer attempts to broadcast the signal received via the `signals` channel. * Broadcast()` blocks on trying to acquire the lock. * `(*signalReceivers).Stop()` blocks on waiting for the `relayer()` to finish by blocking on the `finished` channel. * Deadlock. Luckily, this is not a hard deadlock, as `Stop` will return if the context times out. This PR fixes this deadlock. The idea behind how it does it is based on the observation that the broadcasting logic does not necessarily seem to need to share a mutex with the rest of `signalReceivers`. Specifically, it seems like we can separate protection around the registered `wait` and `done` channels, `last`, and the rest of the fields. To avoid overcomplicating `signalReceivers` with multiple locks for different uses, this PR creates a separate `broadcaster` type in charge of keeping track of and broadcasting to `Wait` and `Done` channels. Having a separate broadcaster type seems actually quite natural, so I opted for this to fix the deadlock. Absolutely open to feedback or taking other routes if folks have thoughts. Since broadcasting is protected separately, this deadlock no longer happens since `relayer()` is free to finish its broadcast and then exit. In addition to running the example provided in the original post to verify, I added a test and ran it before/after this change. Before: ``` $ go test -v -count=10 -run "TestSignal/stop_deadlock" . === RUN TestSignal/stop_deadlock signal_test.go:141: Error Trace: /home/user/go/src/github.com/uber-go/fx/signal_test.go:141 Error: Received unexpected error: context deadline exceeded Test: TestSignal/stop_deadlock ``` (the failure appeared roughly 1/3 of the time) After: ``` $ go test -v -count=100 -run "TestSignal/stop_deadlock" . --- PASS: TestSignal (0.00s) --- PASS: TestSignal/stop_deadlock (0.00s) ``` (no failures appeared)
Codecov ReportAll modified and coverable lines are covered by tests ✅
Additional details and impacted files@@ Coverage Diff @@
## master #1220 +/- ##
=======================================
Coverage 98.41% 98.42%
=======================================
Files 34 35 +1
Lines 2909 2918 +9
=======================================
+ Hits 2863 2872 +9
Misses 38 38
Partials 8 8 ☔ View full report in Codecov by Sentry. |
JacobOaks
commented
Jun 28, 2024
lverma14
reviewed
Jun 28, 2024
sywhang
approved these changes
Jul 1, 2024
r-hang
approved these changes
Jul 1, 2024
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
A user reported a possible deadlock within the signal receivers (#1219).
This happens by:
(*signalReceivers).Stop()is called, by Shutdowner for instance.(*signalReceivers).Stop()acquires the lock.relayer()is still running at this point if(*signalReceivers).Stop()has not yet sent along theshutdownchannel.signalschannel.Broadcast()blocks on trying to acquire the lock.(*signalReceivers).Stop()blocks on waiting for therelayer()to finish by blocking on thefinishedchannel.Luckily, this is not a hard deadlock, as
Stopwill return if the context times out, but we should still fix it.This PR fixes this deadlock. The idea behind how it does it is based on the observation that the broadcasting logic does not necessarily seem to need to share a mutex with the rest of
signalReceivers. Specifically, it seems like we can separate protection around the registeredwaitanddonechannels,last, and the rest of the fields, since the references to those fields are easily isolated. To avoid overcomplicatingsignalReceiverswith multiple locks for different uses, this PR creates a separatebroadcastertype in charge of keeping track of and broadcasting toWaitandDonechannels. Most of the implementation ofbroadcasteris simply moved over fromsignalReceivers.Having a separate broadcaster type seems actually quite natural, so I opted for this to fix the deadlock. Absolutely open to feedback or taking other routes if folks have thoughts.
Since broadcasting is protected separately, this deadlock no longer happens since
relayer()is free to finish its broadcast and then exit.In addition to running the example provided in the original post to verify, I added a test and ran it before/after this change.
Before:
(the failure appeared roughly 1/3 of the time)
After:
(no failures appeared)