RetainableByteBuffer as mutable

[gregw]

Opening this PR against 12.1.x rather than 12.0.x, replacing #11598

I'm just going to summarize the objectives of this PR:

• Homogenize the APIs used for buffer manipulation in utils, aggregators, accumulators and buffers. Currently we have several different naming conventions and semantics (e.g. is the buffer consumed or not).
• Reduce the API impedance between key abstractions. Buffers from Content.Sources should be compatible with buffers from ByteBufferPools and both should be easily written to Content.Sinks
• Separate the read-only APIs from read-write APIs. The API used should indicate if buffer mutation is permitted or not.
• protect mutable APIs from being applied to retained buffers
• Avoid or hide modal APIs. Abstract away from the BB fill/flush mode issues so that these are rarely a concern for most buffer manipulations.
• Where possible, internal implementations should leave BBs in the appropriate mode to avoid excess flipping
• Remove unnecessary copies and encourage retention where possible and desirable.
• Create common mechanisms that could allow heuristics decisions regarding copy vs retain, so that common usage does not need to make a hard coded choice.
• Compatible with current buffer and API usage. We want evolution not revolution.
• Avoid the complaints about BufferUtil and flipToFill and flipToFlush

[lorban]

It looks odd that ByteBufferPool.acquire() returns non-mutable buffers.

[lorban]

Shouldn't accumulator.release() be idempotent instead of using this released flag?

[gregw]

The underlying reference counter class is not idempotent, as it throws if you release beyond 0.
Hence we can't just call accumulator.release() without it throwing. This we need to boolean.

I think it is good that we check for over-releases

[lorban]

0 sounds like a more sensible default, doesn't it?

[gregw]

Maybe. or throw Unsupported operation exception, as it should only be used be real retainables

[lorban]

I'm wondering if that API isn't going to cause more harm than good as I fail to see when we'd like to make copies into newly allocated buffers, except in tests.

[gregw]

It is used in the take implementations.... which themselves are mostly used for tests..... but copy is something likely to be needed if usage of these APIs becomes more widespread, so I'd much rather we implement it and test it correctly.

If we don't use it, then it is not a problem. If we do, then it is needed.

I'd much rather have this API then see code doing BufferUtil.copy(rbb.getByteBuffer()), which could result in multiple copies

[lorban]

Isn't it the right moment to break backward compatibility and stop using int sizing?

[gregw]

The approach I've taken is to keep int usage for the APIs that are named the same as BB. So int capacity() and int remaining(). This means that existing code does not break.

But there are new equivalent methods that use long, so long maxSize() and long size() are the equivalent of capacity and remaining.

[lorban]

It's good that you javadoc'ed that the originating RBB gets retained by slice(), but I remember having a lengthy discussion about slice() retaining or not with @sbordet, but I cannot remember the outcome, so we may need to revisit this later.

[lorban]

I don't think we want to expose blocking APIs here.

[gregw]

It is just a convenience wrapper of the async API. I found myself passing Callback.NOOP too often, which I think is dangerous as you can get code that looks like it works on simple tests, but fails if something blocks. Far better to provide the API so that short cuts are not taken elsewhere.

Every call to buffer.writeTo(sink, false, Callback.NOOP) is a bug in waiting!

[gregw]

@lorban thanks for the review. I've answered a some of the questions and will work on some of the fixes/changes you suggest tomorrow.

[lorban]

This implementation of slice() does not retain, unlike the version it overrides.

[gregw]

It doesn't need to. It retains the contained buffers and then returns an entirely new DynamicCapacity instance over those buffers. Thus it implements the contract. i.e it returns an independent set of pointers over shared data. When the nested buffers are consumed from either the original or the slice, they are released, so when both original and slice are consumed (or explicitly released), then so are the nested buffers

[lorban]

This breaks the Retainable contract: it's up to the caller to release.

[gregw]

No. See javadoc for add. It explicitly says that responsibility is passed. This is how add differs from append.

[lorban]

This also breaks the Retainable contract: you're keeping a ref to the RBB after returning, so you should retain it.

[gregw]

Ditto, see javadoc for add

[lorban]

If hpack.slice() retains (like the RBB impl does) then the RBB returned by slice() should be released here. If it does not retains (like the RBB.DynamicCapacity impl does) then this code is fine... but it's breaking the Retainable contract.

[gregw]

The slice is retained, but then added to the accumulator, so the contract is that the accumulator take over responsibility for releasing the slice. If I had appended, then I would need to release here.

[sbordet]

@gregw that is the opposite of the documented behavior that Retainables must have.

[gregw]

@sbordet you explicitly asked me to provide the add semantic so we can "give" a RBB and not have to release it ourselves. The documented behaviour for Retainable is described as "typical" and as a "general rule", should I think is equivalent to a SHOULD rather than a MUST. The divergence from the norm is well documented in the signature of the add method.

We could instead do:

Suggested change

	accumulator.add(hpack.slice(maxHeaderBlockFragment));
	RetainableByteBuffer hpackSlice = hpack.slice(maxHeaderBlockFragment);
	accumulator.append(hpackSlice);
	hpackSlice.release();

But that is more verbose and means the reference counter is needlessly incremented and decremented, then we end up at the same place.

This is using exactly the same semantic as the existing org.eclipse.jetty.io.ByteBufferPool.Accumulator#append, which also deviates from the "general rule", but without any javadoc saying so!

[gregw]

@lorban can you go through my responses and resolve any that you are satisfied with. I still have a few TODOs I'm working on as a result of your feedback....

[gregw]

@lorban Can you quickly go through and resolve any questions that you think are well enough answered?

[lorban]

@gregw the only point of contention I see is the behavior of accumulator.add() w.r.t the Retainable contract. I don't mind making an exception to the rules if that's properly javadoc'ed, as you did.

But this caught me by surprise, and I assume it could again in the future, more so if we multiply the exceptions. So I think there should be some hint in the method's name that it's not playing by the rules to suggest the caller of that API to go read the javadoc.

How about renaming add() to addPreRetained() or something like that? And maybe put it in bold at the top of the javadoc that an exception to the Retainable contract is being made?

[gregw]

But this caught me by surprise, and I assume it could again in the future, more so if we multiply the exceptions. So I think there should be some hint in the method's name that it's not playing by the rules to suggest the caller of that API to go read the javadoc.

@lorban I too was caught by surprise that we already have some accumulators that have this semantic behind a method called append, so this is not new behaviour.

How about renaming add() to addPreRetained() or something like that? And maybe put it in bold at the top of the javadoc that an exception to the Retainable contract is being made?

I'm open to change the name, but I don't like addPreRetained, @sbordet has referred to it as offer so we could use that name?