Add apiCallAttempt timeout and apiCall timeout feature for asynchrounous operations

[zoewangg]

Add apiCallAttempt timeout and apiCall timeout feature for asynchronous operations.

• apiCallTimeout: time out config for the entire api call request (including signing, retry, etc)
• apiCallAttemptTimeout: time out config for an api call attempt.

I renamed the original timeout classes. Below are the new classes:

• TimeoutTask interface of the timer task to abort the abortable
  -> AsyncTimeoutTask implementation for asynchronous operation

• TimeoutTracker interface to track the TimeoutTask and the ScheduledFuture
  -> ApiCallTimeoutTracker default implementations to track Api call time out task AsyncTimeoutTask
  -> NoOpTimeoutTracker when timeout is not enabled

I removed all the existing timer unit tests using the AmazonSyncHttpClient because I'm working on adding more tests using the generated clients and those tests would cover the existing tests.
Second thoughts: will fix them and add them back
Added them back.

---

TODOs:

• add more protocol tests with both apiCallTimeout and apiCallAttemptTimeout enabled.
• add javadocs
• clean up logs

[dagnir]

Still going through it but I had a some questions regarding the async timeouts:

What are the situations in which a customer would want to use a timer on an async call? Since we return a CompletableFuture it seems like it's easy for them to do their own timing out if necessary:

e.g.

CompletableFuture<GetObjectResponse> f = s3Client.getObject(request, toFileTransformer);

// do other stuff

f.get(10, TimeUnit.MILLISECONDS);

I think we should also clearly define what it means to timeout an async task since by definition it doesn't happen synchronously with the current thread. For example, does the timer start when we submit the request to async client? Or when the async client actually starts executing the request?

[shorea]

I think timeouts for async is more about releasing resources than customer SLAs. I.E. close the connection and give it back to the pool, don't submit to our future completion executor, etc.

[zoewangg]

Customer might still want to timeout if the request is taking too long and could take up resources and there might be other chained operations in the completableFuture that are getting "blocked".

For example:

CompletableFuture.allOf(s3Async.getObject(oneRequest), s3Async.getObject(anotherrequest));

f.get(10, TimeUnit.MILLISECONDS) could work but that's a blocking call.

Side note: Java 9 introduced CompletableFutre.orTimeout https://docs.oracle.com/javase/9/docs/api/java/util/concurrent/CompletableFuture.html#orTimeout-long-java.util.concurrent.TimeUnit- which is pretty cool.

I think we should also clearly define what it means to timeout an async task since by definition it doesn't happen synchronously with the current thread. does the timer start when we submit the request to async client? Or when the async client actually starts executing the request?

Yeah, I'll add more javadocs.

For ApiCallTimeout, timer starts in the signing stage. https://github.com/aws/aws-sdk-java-v2/pull/657/files#diff-427c7fb0c6f7ebb4aa635811a210f908R130

For ApiCallAttemptTimeout, timer starts right before making http requests. https://github.com/aws/aws-sdk-java-v2/pull/657/files#diff-e3a70123328ddb47abe656e045204a99R224

[dagnir]

@shorea I thought about that as well, but it seems like timeout is the wrong place to hang it on. Resource cleanup should all take place if the customer cancels the future while the request is executing as well right? I'm not sure sure if we do that today, but I don't think we do.

[dagnir]

nit: should be TIMEOUT to match spelling of the getter/setter as well as the spelling of timeout in other places.

[zoewangg]

+1 good catch. it's too tempting to separate them when they are all uppercase!

[dagnir]

Do we need to do anything special when streaming responses? Do we bubble an exception to the Subscriber?

[zoewangg]

Not that I'm aware of. The exception is bubbled to AsyncResponseTransformer.exceptionOccurred.

We have a test for streaming operation: https://github.com/aws/aws-sdk-java-v2/pull/657/files#diff-a78559873b6762403653c7ac0f1beb9eR103

[dagnir]

minor: this makes it sound like the task itself has timed out. Maybe something like hasExecuted?

[millems]

+1 to cleaning up if the user cancels the future (eg. if they're using Java 9's orTimeout()).

I still think we should support global timeouts within the SDK so that the customer doesn't always have to enforce it at the future level, and can use the same timeout configuration with sync and async.

[millems]

Should it be "this value will always be positive, if present"? (same comment below)

[zoewangg]

yup, fixed

[millems]

Can we have a section here that differentiates between this and apiCallTimeout? I see there's one down there already.

[zoewangg]

+1 fixed

[millems]

Initial thought without looking further in the code first: We already have an internal scheduled executor service for retries. Can we use the same one for timeouts?

[zoewangg]

yeah, we can, probably need to rename the existingASYNC_RETRY_EXECUTOR_SERVICE to SDK_INTERNAL_EXECUTOR_SERVICE(or something else)?

[zoewangg]

reused the scheduled executor and renamed it to SCHEDULED_EXECUTOR_SERVICE

[millems]

Whoops!

[zoewangg]

good catch! fixed

[millems]

Can we specify the timeout that was configured here as well?

[zoewangg]

+1 updated

[millems]

Seems duplicated from elsewhere.

[zoewangg]

the other place is getApiTimoeut and this is getApiCallAttemptTimeout

[millems]

Same question here. Where were we not interrupting the thread before? Can we just fix it there instead of re-interrupting here?

[zoewangg]

yeah, reverted the change and will create a backlog item to track those.

[millems]

software*? needed?

[millems]

Are these needed?

[millems]

Maybe isPositiveOrNull? "Present" implies there's an optional involved, to me. Can isPositive delegate to here now for its positivity check?

I also think the naming convention elsewhere is to include "param" in the method name if the second parameter is a field name. Otherwise it would be a string format for the caller to specify the whole message... but it looks like that's already been broken by isPositive, so nevermind!

[dagnir]

I might have missed it, but are API call attempt timeouts implement for sync calls?

[dagnir]

Why do we need this check here?

[zoewangg]

We need the checks here because we don't want it to timeout if the completableFuture fails exceptionally. I'll add a test for it.

[dagnir]

If the future has already been completed, the timeout task should not have any effect though right? Unless it tries to force the timeout exception by using obtrudeException: https://docs.oracle.com/javase/8/docs/api/java/util/concurrent/CompletableFuture.html#obtrudeException-java.lang.Throwable-

[zoewangg]

Whoops.. I meant to write if (t == null)(The unit tests succeeded because there were either response unmarshaller expception or ApiCallAttemptTimeoutException got retried). But yeah, I think you are right, we should remove the check here.

[dagnir]

When would we have a null future?

[zoewangg]

yeah, it should not be null. I'll add the validation in the constructor.

[dagnir]

Same here, would we ever have a null future?

[zoewangg]

yup. same as above, will remove the null check here and add validation in the constructor.

[zoewangg]

@dagnir Timeouts for sync were implemented before and we removed them via #494 because timeouts for async were not working back then and we wanted to keep consistent for async and sync.

Hmmm, we are in the same situation now except that this time it's sync that is missing the timeout feature.

[dagnir]

Some weird linebreaks in the javadocs for apiCallTimeout, apiCallAttemptTimeout getters/setters. Can we fix those as well?

[dagnir]

I don't think we need this check. If the future is already complete cancel() should have no effect. There's also no guarantee isDone would still be false when we call cancel

[zoewangg]

👍 fixed

[dagnir]

minor: Taking Duration as a param would be more flexible

[zoewangg]

hmmm. I actually prefer using long here because we don't need another null check here.

[dagnir]

Fair enough; it's an internal util so I' don't feel strongly either way.

[dagnir]

nit: "or null"

[dagnir]

If fallbackValue is empty get() will throw an exception here. I think we can just return fallbackValue here

[dagnir]

Oops nm, it's a Supplier, not an Optional. In that case we can just change this to Optional.ofNullable(value)

[dagnir]

LGTM. Can you add a changelog message? Can you also clarify in your commit and and changelog message that it's for async only?

[Khalian]

Isnt this thread pool technically unbounded? The core pool size is 1, but the max pool is int.max.

[millems]

I believe the work queue used by the scheduledThreadPool is unbounded. Because the JDK classes only use the core pool size until the work queue is full, and the work queue is unbounded, the maximumPoolSize within the scheduled thread pool should never used.