Data race fixes #2494
Data race fixes #2494
Conversation
|
|
All test failures here are related to ros2/rosidl_typesupport_fastrtps#117 |
|
Can you explain the changes? |
|
@wjwwood did you look at the commit messages of the single commits ? |
|
Any rebuild request coming from a second thread may get lost, if issued, while the execution thread is in Executor::collect_entities(). Changes the clearing of the request to an atomic operation to fix this. The waitable did not rearm its guard condition if not processed yet. I think In the long run we should have a better API for this, as it is a common pitfall. After adding all of the timer_index++ in the outer code the code was basically same as the other next_XYZ, therefore This fixes a possible data race, as the on_trigger_callback might rely on the facts, that the executor wakes up, |
|
jmachowinski
force-pushed
the
data_race_fixes
branch
from
ac9ca01
to
e74e2bd
Compare
|
The unstable tests on windows seems to be non related, see ros2/rmw_connextdds#136 |
rclcpp/src/rclcpp/executor.cpp
Outdated
| size_t current_timer_index = 0; | ||
| while (true) { | ||
| auto [timer, timer_index] = wait_result_->peek_next_ready_timer(current_timer_index); | ||
| if (nullptr == timer) { | ||
| break; | ||
| } | ||
| current_timer_index = timer_index; | ||
| while (auto timer = wait_result_->next_ready_timer()) { | ||
| auto entity_iter = current_collection_.timers.find(timer->get_timer_handle().get()); | ||
| if (entity_iter != current_collection_.timers.end()) { | ||
| auto callback_group = entity_iter->second.callback_group.lock(); | ||
| if (callback_group && !callback_group->can_be_taken_from()) { | ||
| if (!callback_group || !callback_group->can_be_taken_from()) { | ||
| continue; | ||
| } | ||
| // At this point the timer is either ready for execution or was perhaps | ||
| // it was canceled, based on the result of call(), but either way it | ||
| // should not be checked again from peek_next_ready_timer(), so clear | ||
| // it from the wait result. | ||
| wait_result_->clear_timer_with_index(current_timer_index); |
There was a problem hiding this comment.
We made the change to peek and conditionally clear after a lot of iterations, and I don't fully understand why this needs to be changed back to not peek before clearing. Can you give a better explanation as to why this isn't needed any more? Is it related to the logic change around checking the callback groups?
Specifically, if this function is called multiple times before the wait_result_ is discarded due to a new call to wait on the wait set, we need to ensure timers are not passed over due to callback group constraints on one call only to be ignore on subsequent calls. If we could ensure that wait is called again (and the wait_result_ is discarded) every time a callback group became available to be taken from, then this wouldn't be needed, but I think for performance the idea is that wait results are fully processed before waiting again, in which case iterating over a timer, not calling it because of its callback group, but marking it as nullptr in the wait result anyways, would result in it getting skipped when it shouldn't.
There was a problem hiding this comment.
I did not readd this change for now, so we can go ahead with this PR.
Anyway, currently the behavior of the WaitResult is inconsistent.
The timers are the only objects, that feature the 'do not clear' logic if the callback group
is in used. I actually see not a real reason for this, perhaps to make some test happy ?
All other objects in the WaitResult clear on iteration. Therefore I would suggest, that we
either also clear the timers, or move the callback_group->can_be_taken_from() check inside
of the WaitResult and do not clear if blocked, to get a consistent behavior.
There was a problem hiding this comment.
The difference is that all the other waitable ros entities, excluding guard conditions, stay ready on subsequent waits. And for guard conditions if they represent something that needs to stay ready between waits, then that thing needs to re-trigger them, i.e. the pr I made about waitables and keeping guard conditions ready sometimes. That's why timers have a different API here.
This style of iteration is required to avoid having the wait result know anything about the callback group. We considered having an API that took a "can be executed callback" to do dependency injection, but we decided that was unnecessarily complicated and this API was simple by comparison and appeared to be more generic (remember the WaitSet and WaitResult objects were designed to be used directly as well as in the executor).
So while it was indeed in pursuit of making a test pass that was flaky, I do think where we landed makes some sense, even if it's not immediately obvious why timers are special. I do think it's possible that we want this style of "peek and clear" APIs for the other entities, but I'd need to convince myself of that. This is all related to the decision whether or not to wait again after each thing is executed or to instead burn down a wait result before waiting again.
There was a problem hiding this comment.
That's why timers have a different API here.
I'm confused about this statement. Timers stay ready as well on subsequent waits, as long as you don't 'call()' them. What would not be done, if the cbg is busy.
Signed-off-by: Janosch Machowinski <j.machowinski@cellumation.com>
Signed-off-by: Janosch Machowinski <J.Machowinski@cellumation.com>
jmachowinski
force-pushed
the
data_race_fixes
branch
from
e74e2bd
to
c5a13d5
Compare
Before this change, the rebuild of wait set would be triggered after the wait set was waken up. With bad timing, this could lead to the rebuild not happening with multi threaded executor. Signed-off-by: Janosch Machowinski <J.Machowinski@cellumation.com>
Signed-off-by: Janosch Machowinski <j.machowinski@cellumation.com>
jmachowinski
force-pushed
the
data_race_fixes
branch
from
c5a13d5
to
438e233
Compare
Signed-off-by: Janosch Machowinski <J.Machowinski@cellumation.com>
Signed-off-by: Michael Carroll <mjcarroll@intrinsic.ai> Co-authored-by: Janosch Machowinski <j.machowinski@nospam.org>
Signed-off-by: Janosch Machowinski <J.Machowinski@cellumation.com>
|
closed in favor for #2500 2500 |
|
On my machine, the test I'll run CI just to confirm:
I wasn't able to see any obvious issue, the CI is with my changes in #2500, but locally even this pr's changes have that problem. |
@mjcarroll @wjwwood
Make the executors more stable with our stack.