fix: race condition in ReplicaOfInternal

[kostasrim]

#4636 introduced a small race . The problem is that Start() might have failed (because a subsequent ReplicaOf command cancelled it). ReplicaOfInternal would ignore the ec and start the replication fiber via replica_->StartMainReplicationFiber but the second ReplicaOf command that followed updated replica_ so we tried to start replication twice on the same replica instance triggering a check failed that the fiber is running.

We did not have that problem before because we called new_replica_->Start() which would start replication. Even if the replication got cancelled because of a second ReplicaOf command, it would be fine because the MainReplicationFiber would start twice on two separate Replica instances and one of them would cancel right away becauseR_CANCELLED was not set (since Stop() explicitly set it by cancelling the context)

[kostasrim]

This is the FIX. Same replica_ instance was used by two fibers and we ended up starting the main replication fiber twice. The rest of the changes above are an early exit to avoid creating the fiber all together in case of an error or if the context got cancelled. This small optimization is not really needed even in the presence of parallel ReplicaOf commands because MainReplicationFiber exits early if the context is cancelled (that's why we did not need to check for ec before my changes) -- so as long as this replication fiber is part of the correct instance -- cancellation would take care of the rest.

[kostasrim]

Small optimization. We do not need to start the replication fiber if we got an error or if the context is cancelled.

This would be handled anyway by new_replica->StartMainReplicationFiber which would spawn the MainReplicationFiber and then exit because it got cancelled. But yeah, no reason to do that

[kostasrim]

https://github.com/dragonflydb/dragonfly/actions/runs/13516050833 🟢

[BorysTheDev]

Do you really need such a function

[kostasrim]

We can just start the replication fiber and let it cancel. I wanted to avoid that alltogether so I added this. As I explained, this is not part of the fix but an "early optimization" (which is kinda funny because fiber cost is insignificant and this path is non critical)

[BorysTheDev]

what if replica != new_replica for the first command and the second command was cancelled. In this case we will not have replica at all and botjh commands are failed. Maybe lets discuss it with @adiholden

[kostasrim]

Then we should not have a replica! The second command cancelled the previously then it cancelled itself ? Isn't that what you are describing or am I missing something ?

[adiholden]

how can replica_ == new_replica if new_replica->IsContextCancelled()?
when we cancel replication (from replica of command)
we take replicaof mutex
call replica_->Stop
and set replica_ var
So from what I understadn we can not get to the condition replica_ == new_replica and new_replica->IsContextCancelled()

[adiholden]

Another comment here.
I think that if replica was canceld and ec is not error you do not return response to client.

[kostasrim]

So from what I understadn we can not get to the condition replica_ == new_replica and new_replica->IsContextCancelled()

Yes that's true and it is not an issue. The IsContextCancelled() is ored with ec because ec might be 0 (meaning success) but the context got cancelled. For that case we just return. However, if ec has an error and replica == new_replica then it means we need to cancel everything alltogether (there is no other replica of command and we just cancelled ourselves)

[kostasrim]

+1 for the missing response

[adiholden]

It will be more clear I think if you enter the Drakarys call under if (on_err == ActionOnConnectionFail::kReturnOnError)instead of if (tx)

[kostasrim]

I did not want to change the semantics. I will update on this

[kostasrim]

Yep +1 for the suggestion. This also removes tx alltogether as well

[kostasrim]

oh Drakarys needs, nvm

[adiholden]

This is confusing. Please send the error from one place here. lets not send it in start but only here.

[adiholden]

I suggest to write like this
if (ec && replica_ == new_replica) {
service_.SwitchState(GlobalState::LOADING, GlobalState::ACTIVE);
SetMasterFlagOnAllThreads(true);
replica_.reset();
}
if (ec || cancelled) {
builder->SendError
return;
} else {
builder->SendOk();
}
if (on_err == ActionOnConnectionFail::kReturnOnError) {
Drakarys(tx, DbSlice::kDbAll);
new_replica->StartMainReplicationFiber(builder);
}

[adiholden]

I suggest to send the ok also here and not inside StartMainReplicationFiber

[adiholden]

can RETURN_ON_ERR work on GenericError?

[kostasrim]

Generic error is implicitly convertible to error code. However RETURN_ON_ERR does this:

GenericError -> ErrorCode then RETURN_ON_ERR returns that ErrorCode, which is then converted back to GenericError.

This looses the details part of the GenericError. I will fix this.

I am SAVING my rant around implicit conversions.

[adiholden]

I am confused how this is working.. why shouldnt this be return {ec, absl::StrCat(msg, ec.message())}

[kostasrim]

Look how GenericError::Format is implemented. The above expression is turned to absl::StrCat(msg, ec.message() when formatted.

[kostasrim]

Also we can construct GenericError directly from string. We can omit the first argument {} because we have that constructor. I will take care of this as well

[adiholden]

Because the GenericError does this concatenation for us you can do
return {ec, msg}

[kostasrim]

It does not do the same concatenation.

330 std::string GenericError::Format() const {
331   if (!ec_ && details_.empty())
332     return "";
333 
334   if (details_.empty())
335     return ec_.message();
336   else if (!ec_)
337     return details_;
338   else
339     return absl::StrCat(ec_.message(), ": ", details_);
340 }

ec is true so absl::StrCat(ec_.message(), ": ", details_); is not identical to {absl::StrCat(msg, ec.message())};

[adiholden]

do we care about the order here? does this realy needs a different implementaion?

[kostasrim]

I would need to check but it's irrelevant. At the end of the day we are discussing here return {ec, msg} vs return {msg}. Either way is fine and it's not important

[kostasrim]

@adiholden

I had to, there is no really good solution otherwise. Doing something RETURN_ON_ERR_T(GenericError, x) won't work. Yes I tried modifying the micro above by converting the statement:

std::error_code __ec = (x); ----> T __ex = (x) but a) this is not properly being parsed and we get compiler errors, b) we also do an extra copy in that expression which is fine for error code because it's trivially copyable but not for Generic error.