Merge pull request #26 from n0-computer/rklaehn/poison-mpsc-sender

rklaehn · web-flow · commit bcc402457ca3 · 2025-06-19T11:47:09.000+02:00
Make sure sending fails after the first io error or future drop
diff --git a/Cargo.lock b/Cargo.lock
diff --git a/Cargo.toml b/Cargo.toml
@@ -57,6 +57,7 @@ tokio = { workspace = true, features = ["full"] }
 thousands = "0.2.0"
 # macro tests
 trybuild = "1.0.104"
+testresult = "0.4.1"
 
 [features]
 # enable the remote transport
diff --git a/src/lib.rs b/src/lib.rs
@@ -389,7 +389,7 @@ pub mod channel {
             }
         }
 
-        /// A sender that can be wrapped in a `Box<dyn DynSender<T>>`.
+        /// A sender that can be wrapped in a `Arc<dyn DynSender<T>>`.
         pub trait DynSender<T>: Debug + Send + Sync + 'static {
             /// Send a message.
             ///
@@ -446,6 +446,13 @@ pub mod channel {
 
         impl<T: RpcMessage> Sender<T> {
             /// Send a message and yield until either it is sent or an error occurs.
+            ///
+            /// ## Cancellation safety
+            ///
+            /// If the future is dropped before completion, and if this is a remote sender,
+            /// then the sender will be closed and further sends will return an [`io::Error`]
+            /// with [`io::ErrorKind::BrokenPipe`]. Therefore, make sure to always poll the
+            /// future until completion if you want to reuse the sender or any clone afterwards.
             pub async fn send(&self, value: T) -> std::result::Result<(), SendError> {
                 match self {
                     Sender::Tokio(tx) => {
@@ -469,6 +476,13 @@ pub mod channel {
             /// all.
             ///
             /// Returns true if the message was sent.
+            ///
+            /// ## Cancellation safety
+            ///
+            /// If the future is dropped before completion, and if this is a remote sender,
+            /// then the sender will be closed and further sends will return an [`io::Error`]
+            /// with [`io::ErrorKind::BrokenPipe`]. Therefore, make sure to always poll the
+            /// future until completion if you want to reuse the sender or any clone afterwards.
             pub async fn try_send(&mut self, value: T) -> std::result::Result<bool, SendError> {
                 match self {
                     Sender::Tokio(tx) => match tx.try_send(value) {
@@ -1092,7 +1106,9 @@ pub mod rpc {
 #[cfg_attr(quicrpc_docsrs, doc(cfg(feature = "rpc")))]
 pub mod rpc {
     //! Module for cross-process RPC using [`quinn`].
-    use std::{fmt::Debug, future::Future, io, marker::PhantomData, pin::Pin, sync::Arc};
+    use std::{
+        fmt::Debug, future::Future, io, marker::PhantomData, ops::DerefMut, pin::Pin, sync::Arc,
+    };
 
     use n0_future::{future::Boxed as BoxFuture, task::JoinSet};
     use quinn::ConnectionError;
@@ -1307,11 +1323,11 @@ pub mod rpc {
     impl<T: RpcMessage> From<quinn::SendStream> for spsc::Sender<T> {
         fn from(write: quinn::SendStream) -> Self {
             spsc::Sender::Boxed(Arc::new(QuinnSender(tokio::sync::Mutex::new(
-                QuinnSenderInner {
+                QuinnSenderState::Open(QuinnSenderInner {
                     send: write,
                     buffer: SmallVec::new(),
                     _marker: PhantomData,
-                },
+                }),
             ))))
         }
     }
@@ -1400,7 +1416,14 @@ pub mod rpc {
         }
     }
 
-    struct QuinnSender<T>(tokio::sync::Mutex<QuinnSenderInner<T>>);
+    #[derive(Default)]
+    enum QuinnSenderState<T> {
+        Open(QuinnSenderInner<T>),
+        #[default]
+        Closed,
+    }
+
+    struct QuinnSender<T>(tokio::sync::Mutex<QuinnSenderState<T>>);
 
     impl<T> Debug for QuinnSender<T> {
         fn fmt(&self, f: &mut std::fmt::Formatter<'_>) -> std::fmt::Result {
@@ -1413,18 +1436,50 @@ pub mod rpc {
             &self,
             value: T,
         ) -> Pin<Box<dyn Future<Output = io::Result<()>> + Send + Sync + '_>> {
-            Box::pin(async { self.0.lock().await.send(value).await })
+            Box::pin(async {
+                let mut guard = self.0.lock().await;
+                let sender = std::mem::take(guard.deref_mut());
+                match sender {
+                    QuinnSenderState::Open(mut sender) => {
+                        let res = sender.send(value).await;
+                        if res.is_ok() {
+                            *guard = QuinnSenderState::Open(sender);
+                        }
+                        res
+                    }
+                    QuinnSenderState::Closed => Err(io::ErrorKind::BrokenPipe.into()),
+                }
+            })
         }
 
         fn try_send(
             &self,
             value: T,
         ) -> Pin<Box<dyn Future<Output = io::Result<bool>> + Send + Sync + '_>> {
-            Box::pin(async { self.0.lock().await.try_send(value).await })
+            Box::pin(async {
+                let mut guard = self.0.lock().await;
+                let sender = std::mem::take(guard.deref_mut());
+                match sender {
+                    QuinnSenderState::Open(mut sender) => {
+                        let res = sender.try_send(value).await;
+                        if res.is_ok() {
+                            *guard = QuinnSenderState::Open(sender);
+                        }
+                        res
+                    }
+                    QuinnSenderState::Closed => Err(io::ErrorKind::BrokenPipe.into()),
+                }
+            })
         }
 
         fn closed(&self) -> Pin<Box<dyn Future<Output = ()> + Send + Sync + '_>> {
-            Box::pin(async { self.0.lock().await.closed().await })
+            Box::pin(async {
+                let mut guard = self.0.lock().await;
+                match guard.deref_mut() {
+                    QuinnSenderState::Open(sender) => sender.closed().await,
+                    QuinnSenderState::Closed => {}
+                }
+            })
         }
 
         fn is_rpc(&self) -> bool {
diff --git a/tests/mpsc_sender.rs b/tests/mpsc_sender.rs
@@ -0,0 +1,117 @@
+use std::{
+    io::ErrorKind,
+    net::{Ipv4Addr, SocketAddr, SocketAddrV4},
+    time::Duration,
+};
+
+use irpc::{
+    channel::{spsc, SendError},
+    util::{make_client_endpoint, make_server_endpoint},
+};
+use quinn::Endpoint;
+use testresult::TestResult;
+use tokio::time::timeout;
+
+fn create_connected_endpoints() -> TestResult<(Endpoint, Endpoint, SocketAddr)> {
+    let addr = SocketAddrV4::new(Ipv4Addr::UNSPECIFIED, 0).into();
+    let (server, cert) = make_server_endpoint(addr)?;
+    let client = make_client_endpoint(addr, &[cert.as_slice()])?;
+    let port = server.local_addr()?.port();
+    let server_addr = SocketAddrV4::new(Ipv4Addr::LOCALHOST, port).into();
+    Ok((server, client, server_addr))
+}
+
+/// Checks that all clones of a `Sender` will get the closed signal as soon as
+/// a send fails with an io error.
+#[tokio::test]
+async fn mpsc_sender_clone_closed_error() -> TestResult<()> {
+    tracing_subscriber::fmt::try_init().ok();
+    let (server, client, server_addr) = create_connected_endpoints()?;
+    // accept a single bidi stream on a single connection, then immediately stop it
+    let server = tokio::spawn(async move {
+        let conn = server.accept().await.unwrap().await?;
+        let (_, mut recv) = conn.accept_bi().await?;
+        recv.stop(1u8.into())?;
+        TestResult::Ok(())
+    });
+    let conn = client.connect(server_addr, "localhost")?.await?;
+    let (send, _) = conn.open_bi().await?;
+    let send1 = spsc::Sender::<Vec<u8>>::from(send);
+    let send2 = send1.clone();
+    let send3 = send1.clone();
+    let second_client = tokio::spawn(async move {
+        send2.closed().await;
+    });
+    let third_client = tokio::spawn(async move {
+        // this should fail with an io error, since the stream was stopped
+        loop {
+            match send3.send(vec![1, 2, 3]).await {
+                Err(SendError::Io(e)) if e.kind() == ErrorKind::BrokenPipe => break,
+                _ => {}
+            };
+        }
+    });
+    // send until we get an error because the remote side stopped the stream
+    while send1.send(vec![1, 2, 3]).await.is_ok() {}
+    match send1.send(vec![4, 5, 6]).await {
+        Err(SendError::Io(e)) if e.kind() == ErrorKind::BrokenPipe => {}
+        e => panic!("Expected SendError::Io with kind BrokenPipe, got {:?}", e),
+    };
+    // check that closed signal was received by the second sender
+    second_client.await?;
+    // check that the third sender will get the right kind of io error eventually
+    third_client.await?;
+    // server should finish without errors
+    server.await??;
+    Ok(())
+}
+
+/// Checks that all clones of a `Sender` will get the closed signal as soon as
+/// a send future gets dropped before completing.
+#[tokio::test]
+async fn mpsc_sender_clone_drop_error() -> TestResult<()> {
+    let (server, client, server_addr) = create_connected_endpoints()?;
+    // accept a single bidi stream on a single connection, then read indefinitely
+    // until we get an error or the stream is finished
+    let server = tokio::spawn(async move {
+        let conn = server.accept().await.unwrap().await?;
+        let (_, mut recv) = conn.accept_bi().await?;
+        let mut buf = vec![0u8; 1024];
+        while let Ok(Some(_)) = recv.read(&mut buf).await {}
+        TestResult::Ok(())
+    });
+    let conn = client.connect(server_addr, "localhost")?.await?;
+    let (send, _) = conn.open_bi().await?;
+    let send1 = spsc::Sender::<Vec<u8>>::from(send);
+    let send2 = send1.clone();
+    let send3 = send1.clone();
+    let second_client = tokio::spawn(async move {
+        send2.closed().await;
+    });
+    let third_client = tokio::spawn(async move {
+        // this should fail with an io error, since the stream was stopped
+        loop {
+            match send3.send(vec![1, 2, 3]).await {
+                Err(SendError::Io(e)) if e.kind() == ErrorKind::BrokenPipe => break,
+                _ => {}
+            };
+        }
+    });
+    // send a lot of data with a tiny timeout, this will cause the send future to be dropped
+    loop {
+        let send_future = send1.send(vec![0u8; 1024 * 1024]);
+        // not sure if there is a better way. I want to poll the future a few times so it has time to
+        // start sending, but don't want to give it enough time to complete.
+        // I don't think now_or_never would work, since it wouldn't have time to start sending
+        if timeout(Duration::from_micros(1), send_future)
+            .await
+            .is_err()
+        {
+            break;
+        }
+    }
+    server.await??;
+    second_client.await?;
+    third_client.await?;
+    Ok(())
+}
