-
Notifications
You must be signed in to change notification settings - Fork 17.9k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
net: clarify net.Conn concurrency requirement #27203
Comments
It's the former: any methods may be called concurrently. But changing the docs to say distinct methods would suggest that you could not call the same method concurrently--e.g., two concurrent calls to Personally I think the current text is clear but I'm open to counter arguments. |
Calling the same method concurrently however is not part of the interface contract. Implementations might allow it, but don't have to. With the current text, it's not clear to me if a net.Conn implementation that breaks for concurrent calls to |
I don't understand. The text is, as you say, "Multiple goroutines may invoke methods on a Conn simultaneously." To me that clearly states that multiple goroutines may invoke the |
Ah, I interpreted your first message the other way around. That seems more strict than what I've seen implemented in practice, but I'm willing to believe it. x/net/nettest's ConcurrentMethods should test for it then, though, because it looks like it only tests concurrent calls of distinct methods. |
Also, some implementations may promise more: e.g. UDPConn permitting concurrent Write calls. |
Doesn't TCPConn allow simultaneous Write() to a single net.Conn? The docs certainly imply that. I make TCPConn.Write calls from one goroutine while another does io.Copy (invoking sendfile()), and haven't seen any errors that indicated "connection in use". Pls do test this formally if possible :-) @gopherbot add Testing |
@bradfitz I'm confused again, AFAICT @ianlancetaylor is saying that all net.Conn implementations must permit concurrent Write calls, so it wouldn't be promising more. I'll argue that we should make the docs more explicit after all. |
As a C programmer new to go, I also find the statement "Multiple goroutines may invoke methods on a Conn simultaneously" to be a bit ambiguous. It makes sense that it's probably safe to simultaneously call Read() and Write() from separate goroutines, but it's less clear what's going to happen if, say, I call conn.Write() from several goroutines simultaneously. I take the statement to mean that I "may" do it, but if I do, does my data get randomly interleaved? Or is it truly threadsafe and simultaneous conn.Write() commands will block while the others are writing? |
@FiloSottile you removed the Testing label. Does that mean tests have been added for concurrent calls of the same methods? If not, we should create an issue to request that... |
Ah, my bad, I didn't get why it was tagged Testing. I still don't have clear what the interface contract is, so it feels like first we need to update the docs, and then the tests. |
@bercknash A single |
Thanks for clarifying. I gathered as much from digging through the code, but it's the sort of thing I think the docs should make explicitly clear without having to dive in. |
There is another ambiguity the docs could clarify. An I was bitten by this when changing from a TCPConn to TLS :-) |
This is why the docs could use some clarification, the statement "Multiple goroutines may invoke methods on a Conn simultaneously" is ambiguous. Safe might mean calls are atomic and don't interleave, or it might only mean calls don't crash or corrupt internal state. See this stackoverflow answer here which specifically interprets it to mean there is no guarantee: https://stackoverflow.com/a/37922991/152580 I also interpreted it that way until I read the code. It would be nice to have a clearer guarantee of the implemented behaviour for net.Conn methods. To answer @davecheney from the duplicate issue I opened:
I've got a case where there can be messages produced asynchronously (from another goroutine) or synchronously. It doesn't matter what order async messages are sent, it could be before or after the sync messages, as long as their bytes don't interleave. |
Also net.Buffers WriteTo would be atomic on platforms with writev or equivalent, but not others, and not with TLS connections. I don't think people should expect those to be atomic though, and nothing about their documentation leads me to believe that they would be safe to call concurrently. |
I'd like to see clarification of this as well. There are some nasty bugs and data races that can occur without proper care. Note that TCP- and TLS conns, while very common, are not the only ones to care about. If you implement a wire protocol, it's common and extremely useful to implement Conforming with the most stringent thread-safety definition (which allows e.g. multiple concurrent write calls), would mean that any wire protocols need heavily fortify standard IO with extra mutices, because underlying Anyway, I'd argue thread safety should only be enabled for good reason:
Most of this is already documented, and it's pretty much what people expect already. It does however need some clarification. In the existing cases where there are stronger guarantees, such as for Finally, if the Go team agrees with this, then it's worth noting that x/net/nettest which is a useful test suite for wire protocol implementations, currently checks for "racy writes and reads". |
I think its clear at the moment, but it might be worth adding some guidance around the implications of using common helpers with a net.Conn: For example, it might be worth advising users to protect all of their reading of a single application-defined, conceptually-atomic "message" with a mutex (edit: or single goroutine design where only one goroutine ever has read access). There is a non-obvious hazard here if they could ever make more than a single call to net.Conn.Read() during the read of that "message", however defined. I say this because even something as simple as an io.ReadFull() or io.ReadAtLeast() can make multiple calls to Read() on the net.Conn under the covers. The user might miss the implications of these implicit retries. As the net.Conn guarantee provides no goroutine safety between those internal Read() calls, they could get interleaved with Read()s from another/multiple different goroutines. Writes can suffer the same issue. The io.Copy() example cited above above is the same hazard. |
From the net.Conn docs:
I'm not sure if this should be interpreted as different methods can be called concurrently, or as the same method can be called concurrently.
I suspect, judging from x/net/nettest's ConcurrentMethods and from most implementations, that it's the former. If so, should we change the docs to include "may invoke distinct methods"?
The text was updated successfully, but these errors were encountered: