makeBackoffMachine: Improve backoff sleep logic by making it local.

[chrisbobbe]

Fixes: #3840.

Replace progressiveTimeout with makeBackoffMachine, which is called
above a loop, and .wait() can be called inside the loop on the
returned backoffMachine. Give access to numSleepsCompleted and
timeElapsedSoFar so "give up" logic (e.g., on too many network
requests with transient failures) can be handled near .wait() call
sites. Prepare for work on #3829 (a permanent timeout on sending
outbox messages).

Previously, the state logic in progressiveTimeout was global, which
meant a potentially desirable general throttle on all network
requests that used it, but the drawbacks were greater. A particular
call to progressiveTimeout was nondeterministic, because other calls
may have been made recently, affecting the resulting delay duration.
A 60-second threshold was used as a heuristic to distinguish request
retry loops from each other, but this is much more effectively done
with the new interface.

[rk-for-zulip]

The rename commit feels like a misstep. makeBackoffMachine has a different API and no shared implementation details; it would be more straightforward to:

• create makeBackoffMachine directly in async.js, with new tests;
• replace the various uses of progressiveTimeout; and
• remove progressiveTimeout.

[chrisbobbe]

The rename commit feels like a misstep. makeBackoffMachine has a different API and no shared implementation details; it would be more straightforward to:

• create makeBackoffMachine directly in async.js, with new tests;
• replace the various uses of progressiveTimeout; and
• remove progressiveTimeout.

Mm, that approach makes a lot more sense than what I did! Even considering that the rename commit still preserves functionality and achieves a pretty minimal diff, but at the cost of being semantically incorrect, as noted in the commit message. Thanks for proposing this strategy, which avoids that awkward hiccup.

[chrisbobbe]

This would definitely be safer with Lolex. (Ref: #3727.)

There should probably also be tests for the backoff machine's auxiliary functions here.

OK! I'll await #3727 before switching to Lolex and adding those additional tests, since it looks like there's some question about what file the Lolex shim will eventually be in.

[chrisbobbe]

I just reorganized my commits, but you may want to postpone another review until I've added the Lolex changes (pending resolution of that PR) and those additional tests you mentioned; up to you. Also, the actual resolution of the bug you spotted with Date.now() - undefined, is now done on Greg's recommendation by just removing the timeElapsedSinceFirstWait getter because it is not used anywhere.

[chrisbobbe]

Removed the commit repealing the no-undef-init rule, and fixed the startTime declaration to comply, as discussed yesterday with Ray.

[rk-for-zulip]

To minimize blockage, the Lolex timer work has been separated from the presence-heartbeat work into a new PR, #3886.

[chrisbobbe]

Following discussion about private fields on classes, resolved in https://chat.zulip.org/#narrow/stream/243-mobile-team/topic/private.20class.20fields/near/815229, I'm happy to turn this into a class BackoffMachine if that's desired.

[gnprice]

The other day I happened to learn about some science! that shows there's a way to choose how long to wait before retry which is much better than the pure exponential version we've been using:
https://aws.amazon.com/blogs/architecture/exponential-backoff-and-jitter/

The takeaway is it's important to add "jitter", and specifically a quite radical amount of jitter, like this:

sleep = random_between(0, min(cap, base * 2 ** attempt))

Analysis in the linked post, and it makes all kinds of sense in retrospect.

I think this will be a pretty easy tweak to the code in this branch 🙂 when we come back to it -- the bulk of the work here is basically orthogonal to the particular formula used.

[chrisbobbe]

That’s great!! I’d seen jitter being used in some examples I found while working on this, but didn’t see the performance data or the different possible ways to use jitter.

[chrisbobbe]

OK, I've pushed a commit that adds jitter. I've also (hopefully) clarified the commit message for the commit that introduces makeBackoffMachine.

[gnprice]

Lolex is now merged, via #3886 -- so this is now unblocked to use that.

[chrisbobbe]

> Lolex is now merged, via #3886 -- so this is now unblocked to use that.

I'll pause in case there's cleanup work for 6d1d1df#r37482253. (This was a false alarm; I'm OK to proceed.)

[chrisbobbe]

And, now with Lolex! Thanks, @ray-kraesig and @gnprice!

[rk-for-zulip]

I'm not sure how turning this off will prevent – or even make less likely – the failure state you describe in the commit message. Our existing improper uses of array.forEach seem more likely to have been induced by AirBnB's anti-loop position, which we've since thoughtfully revoked. (See the bottom of this file.)

Which is not to say that I'm against removing this lint! I suspect we almost invariably do want sequential await whenever we have multiple Awaitables, simply because we rarely – if ever – want to fire off a hundred network requests at once.

[chrisbobbe]

I'm not sure how turning this off will prevent – or even make less likely – the failure state you describe in the commit message.

Well, with this rule, if you want to await sequentially in a loop, you have to choose between an eslint-disable and the failure of using a forEach. I think it's reasonable to assume that someone will choose wrong because they trust our choice of rules and they're not looking closely at the implementation of forEach. I'll see if I can make this clearer in the commit message.

Our existing improper uses of array.forEach seem more likely to have been induced by AirBnB's anti-loop position, which we've since thoughtfully revoked. (See the bottom of this file.)

That may be true, but it seems anecdotal; you're talking about the outbox issue, right, which I didn't know about when I committed this; in fact, my reasoning doesn't depend on any improper uses I saw. It sounds like you're not opposed to repealing no-await-in-loop, anyway, but I hope the reason I'd like to do so is clear.

[rk-for-zulip]

My first reaction on seeing this is "wow, that's likely to flake someday, isn't it?"

Which is of course wrong. But perhaps this could use a comment noting that the chances of this flaking are on the order of 2 * (1-(1-(0.25**100))**11) ≈ 1 / 7.3e58?

[rk-for-zulip]

Which is of course wrong. But perhaps this could use a comment noting that the chances of this flaking are on the order of 2 * (1-(1-(0.25**100))**11) ≈ 1 / 7.3e58?

I have no idea what I was thinking here with 0.25**100 rather than 0.75**100. (The rest is due to considering the aggregate flake chances rather than individual assertion chance failure. I'm skeptical of 2 *, in retrospect, but it's probably at least close to that.)

... anyway, the comment you've added in the current head is 👍.

[chrisbobbe]

... anyway, the comment you've added in the current head is 👍.

Many thanks to @gnprice for this, I can't take the credit! 😄

[chrisbobbe]

I've made the requested changes, and an additional change that Greg and I discussed (making it into a class BackoffMachine for readability). I also moved the BackoffMachine tests into async-test.js, since BackoffMachine is and has been in async.js.

This isn't ready to be merged in its current state. There seems to be Lolex-related interference between the existing tests in async-test and the ones I added; I'm seeing failures on both the existing sleep (ideal) › waits for exactly the right number of milliseconds test and my added BackoffMachine › timeouts are random from zero to 100ms, 200ms, 400ms, 800ms... test, with this message:

Timeout - Async callback was not invoked within the 5000ms timeout specified by jest.setTimeout.Timeout - Async callback was not invoked within the 5000ms timeout specified by jest.setTimeout.Error:

The failures in the newly added tests go away when the old tests are commented out, and vice versa.

[rk-for-zulip]

I also moved the BackoffMachine tests into async-test.js, since BackoffMachine is and has been in async.js.

And that's what triggered it. Jest is running both Lolex-based tests in the same environment in parallel. 😞

One would hope this would be resolved out of the box in Jest 26; it might even be safe in Jest 25.1.0 with a custom environment. In the meantime, I think placing the BackoffMachine tests in their own file (with a note describing why) should suffice as a workaround for now.

[chrisbobbe]

Argh, Jest!! OK, I'll put the tests back in their own file.

Or, argh, JavaScript? On the face of it, I wouldn't expect any interference, because the two tests running in parallel each use their own Lolex object (const lolex: Lolex = new Lolex()). I'd like that to be sufficient to ensure that they don't interfere, but I suspect that if I dug deeply enough, I'd find that those two objects are sharing the use of some bit of state. Do you think I would encounter the same unfulfilled expectation in most other programming languages, or is this just another lovely JavaScript quirk?

[chrisbobbe]

OK, I've put them back into backoffMachine-test.js.

EDIT: Um, oops? Does Command+Enter trigger "Close Pull Request" instead of "Comment"??

[rk-for-zulip]

Argh, Jest!! OK, I'll put the tests back in their own file.

Or, argh, JavaScript?

I could make a decent argument that it's "Argh, Ray!" I didn't write the core of our Lolex shim, but I did write most of the shell.

On the face of it, I wouldn't expect any interference, because the two tests running in parallel each use their own Lolex object (const lolex: Lolex = new Lolex()). I'd like that to be sufficient to ensure that they don't interfere, but I suspect that if I dug deeply enough, I'd find that those two objects are sharing the use of some bit of state.

You don't need to dig too deep. For starters, they're both (presumably?) modifying the same global Date object.

This problem is actually noted in the Lolex shim. I wasn't expecting this use case to fail either, though; I hadn't considered that Jest might run different test-groups in the same environment in parallel.

I don't know how Jest v26 is supposed to handle this – but then, I don't know how Jest handles mocking the setTimeout global binding in some tests but not others today. (I can think of at least two ways, and both of them are extensible to handle Date.now().)

Do you think I would encounter the same unfulfilled expectation in most other programming languages, or is this just another lovely JavaScript quirk?

Depends on exactly what the unfulfilled expectation in question is, I think. It's certainly possible to see similar behavior in any dynamic language with a mutable global environment.

[rk-for-zulip]

Sorry about the delay! Not sure how this one fell off my radar.

Looks good. Merged!

[chrisbobbe]

No problem! Thanks!! 🙂