Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Fix two WebSocket API bugs #3371

Merged
merged 2 commits into from
Jan 22, 2025
Merged

Fix two WebSocket API bugs #3371

merged 2 commits into from
Jan 22, 2025
+56 −38

Conversation

kentonv
Copy link
Member

@kentonv kentonv commented Jan 20, 2025

One is a spurious (and prolific) error appearing in our sentry.

The other is a serious issue that could cause messages to be dropped when using auto-responses, but is probably exceedingly rare.

@kentonv
Fix Sentry error: "expected !currentlySending; another message send i…
Loading
Loading status checks…
029973c 
…s already in progress"

If writing to the underlying KJ WebSocket throws an exception or is canceled, then the WebSocket is left in an inconsistent state and no further messages can be sent. All further attempts to send messages will throw the above exception.

In the WebSocket workerd API code, upon catching an exception from a write, we normally set `outgoingAborted = true`, which causes us to drop all future writes on the floor.

The problem is, we weren't actually setting `outgoingAborted = true` until `reportError()` was invoked, which is a few microtasks after the point where `pump()` ended. In the meantime, a new `send()` could be invoked, starting a fresh `pump()`, which would then fail with the `expected !currentlySending` error.

To fix the problem, we must set `outgoingAborted = true` promptly on exit from `pump()`.

I was unable to reproduce the problem in a test, though, because the WebSocket API code also listens on the underlying WebSocket's `whenAborted()` and, when it resolves, immediately sets `outgoingAborted = true`. There must be some case where `send()` throws but `whenAborted()` doesn't actually fire, but I can't think of what that would be.

Nevertheless, it is quite clear that we need to set `outgoingAborted = true` promptly when a send fails, before anyone else could possibly begin another pump. So, this commit does that.
@kentonv kentonv requested review from mikea and jqmmes January 20, 2025 18:18
@kentonv kentonv requested review from a team as code owners January 20, 2025 18:18
@kentonv kentonv requested a review from a-robinson January 20, 2025 18:18
@kentonv
Fix rare scenario where outgoing WebSocket messages could be dropped.
a973d2a 
Per the comment: At the end of pump(), while writing out pending auto-response messages, it's possible new regular messages could be queued concurrently. If we don't check for that, they could be discarded without actually being sent.

This is probably extremely unlikely and I have no evidence that it has ever happened. I noticed the problem while reading the code.
@kentonv kentonv force-pushed the kenton/fix-websockets branch from 4197674 to a973d2a Compare January 20, 2025 20:23
@kentonv kentonv merged commit 00d8c87 into main Jan 22, 2025
17 checks passed
@kentonv kentonv deleted the kenton/fix-websockets branch January 22, 2025 00:19
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@jasnell jasnell

@mikea mikea

@jqmmes jqmmes

@a-robinson a-robinson

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
2 participants
@kentonv @jasnell