thrift: deal with TStruct serialization failures

[twilly]

A Thrift server handler can return success with a TStruct that may
return an error when writing a serialized form. This error is ignored,
which cause a invalid third argument to be written (or not written at
all).

We can better handle these kinds of errors earlier by buffering a
serialized TStruct and sending along a system error if the
serialization fails.

Fixes #743

[codecov]

Codecov Report

Merging #744 into dev will increase coverage by 0.39%.
The diff coverage is 100%.

@@            Coverage Diff             @@
##              dev     #744      +/-   ##
==========================================
+ Coverage   87.78%   88.17%   +0.39%     
==========================================
  Files          40       40              
  Lines        4101     4101              
==========================================
+ Hits         3600     3616      +16     
+ Misses        382      370      -12     
+ Partials      119      115       -4

Impacted Files	Coverage Δ
channel.go	88.46% <100%> (ø)	⬆️
mex.go	72.51% <0%> (-2.85%)	⬇️
inbound.go	82.19% <0%> (+1.57%)	⬆️
connection.go	88.38% <0%> (+4.79%)	⬆️

---

Continue to review full report at Codecov.

Legend - Click here to learn more
Δ = absolute <relative> (impact), ø = not affected, ? = missing data
Powered by Codecov. Last update 74b0fff...ca727e3. Read the comment docs.

[kriskowal]

That’s a decision best made with data, but I expect pooling to yield a 20% improvement in latency.

[abhinav]

This can return an err at which point it should be a tableflip

[twilly]

Same goes with writing out the buffer, eg the socket died. Plenty of tableflip failure modes that will at least get a server side error.

[prashantv]

I would like to avoid additional buffering if possible -- it's an easy fix, but it also has a performance impact that might not be necessary.

Have we tried other options:

• writing directly to arg3, but then sending an error halfway through?
• writing to arg3, but if it fails, logging an error, and blackholing that response (no more bytes, but the response is never completed. client will see a timeout)

If we have to buffer, then we probably should pool. We'll need benchmark numbers to compare, but considering most other things are pooled, it seems like this would have a visible performance impact.

[prashantv]

Are we sure about this? I'm quite sure Muttley can send an error halfway through a response, and the clients see the error.

[twilly]

writing directly to arg3, but then sending an error halfway through?

I'm still looking into this. I did a quick pass and wasn't sure we can terminate a half-written arg3 and then start another trailer arg.

writing to arg3, but if it fails, logging an error, and blackholing that response (no more bytes, but the response is never completed. client will see a timeout)

I'm trying to avoid this case. Timeouts don't tell the client what happened and the server knows what happened.

[abhinav]

@prashantv I've removed the buffering of responses and added a test to verify
that the system error propagates for partial writes.

[prashantv]

Nice tests!

[prashantv]

(unrelated to this diff but just thought of this) @twilly just as a safety check, let's verify that the passed in protocol here is a TBinaryProtocol so that users don't end up calling Write with a custom protocol and expect it to work?

[abhinav]

Agreed. Created an internal ticket to track this.