Issue #481 fix hanging race condition

[ColinDKelley]

Fixes issue #481 by removing code that attempted to synchronize threads with sleep() and Thread#wakeup. That was a race condition bug since if wakeup ran before sleep(), it would be lost and the sleeping thread would simply hang.

Detailed changes:

• Use ::Mutex/::ConditionVariable to wait/wake up on state transitions. I factored this down into FSM since it's used in two state machine classes now.
• Clean up and simplify FSM. Enforce symbol contracts, remove unnecessary methods, rename default_state to start_state since the latter is standard FSM terminology. Also initialize with initialize_fsm vs super().
• Use Queue#pop to block front-end when waiting for events.
• Combine Loop#setup and Loop#resume since they were always called consecutively. This allowed the Listener :front_end_ready state to disappear.
• Remove Loop#resume and Loop#pause since they were no-ops.
• Rename teardown to stop to be consistent. (At some point I'd like to do a similar thing with :processing_events. This could simply be called :started.)

[coveralls]

Coverage decreased (-0.7%) to 97.026% when pulling aabfbbf on Invoca:issue_481-fix-hanging-race-condition into ba5059c on guard:master.

[ioquatix]

Thanks for your effort. I have asked for some changes.

In the future, please make smaller PRs focusing on one particular issue.

Pay attention to changes to public interfaces since this can cause a lot of pain downstream.

I look forward to reviewing and merging this PR and others from you.

[ioquatix]

Since NotStarted is a public interface, please reuse it instead of introducing ThreadFailedToStart.

[ColinDKelley]

Good point--I hadn't thought about it being in the public interface. I will put that back to its old name.

[ColinDKelley]

I restored it to its old name, NotStarted. And if start is called when we're already started, I put the code back as it was to simply return as a no-op, since there could be callers who were counting on that public behavior.
0b236c1

[ioquatix]

I would say it's better to use explicit if statement here

unless state == :pre_start
  raise Error::AlreadyStarted...
end

[ioquatix]

I wonder if this should inherit from NotStarted to preserve existing semantics where possible.

[ColinDKelley]

That might be a bit confusing though?

AlreadyStarted.is_a?(NotStarted)

I will look into what was raised before if start was called a second time.

[ioquatix]

Yes, understood. In this context... if someone calls start, and it's already started, that's a kind of NotStarted because it was already started. If you can think of something better, it's worth considering.

[ColinDKelley]

Restored to its old behavior: 0b236c1

[ioquatix]

Instead of explicitly detecting it's a symbol, why not use to_sym?

[ColinDKelley]

This is a style we like for enforcing contracts, especially around symbol-vs-string! There aren't any callers of this method passing strings, so .to_sym would be a no-op now. Adding .to_sym now might serve to enable more confusing usage later...but there's no need for that, is there?

[ioquatix]

This kind of pseudo type checking is uncommon in Ruby, even thought I can see how it makes sense.

The reality is, if you add this, there are many other places where you might start trying to enforce type contracts.

Agreed, we don't really want users passing in strings.

[ColinDKelley]

True that it's not common in Ruby (yet). But we've found it to be invaluable for containing String vs. Symbol insanity! Otherwise, you wind up with defensive code sprinkled everywhere that tries to handle String and Symbol as equivalent...and you never know if that clutter is complete.

Speaking of which, I added the missing spec for the FSM module and made sure to test this case: bbd10ee

[ioquatix]

This seems like an overly specific issue to check for - I can imagine some code was not working correctly, but in that case @mutex.synchronize will blow up with nil error... do we need to manually check it?

[ColinDKelley]

I added this because of the contract that the including code must call super() first. That's pretty unusual for mixins, but it's how the code was already structured, and it work well in this case. It's critical to get the mutex initialized up front because the lazy style that's often used in mixins (@mutex ||= Mutex.new) wouldn't work; ironically, it would need a synchronizing mutex around it!

Ah, this might make it more clear: how about an overall flag like @_fsm_initialized that's set = true when super() is called. This could code check that for the ArgumentError test. If that test passes, we can be confident that @mutex has been initialized.

[ioquatix]

Understood.

Well, I don't really want to make the code any more complicated than it already is.

If the code is not implemented correctly (missing call to super) it's a mechanical problem - i.e. the code needs to be fixed. This isn't a transient run-time issue. The current implementation is okay, but it's also very explicit in a non-canonical way.

I don't think we should be adding extra instance variables to enforce initialisation.

[ColinDKelley]

I realized we had to move away from super(). There's a reason I've never seen mixins initialized that way before: it precludes any base class initialization, since the mixin would have to do that for you (by calling super itself), but would have no way to know the base class's initialize signature!

Instead I went with an explicitly-named method initialize_fsm. And stored a variable to remember if that didn't happen. And I addressed the longstanding comment in there to make the FSM methods private. And I added a spec for the FSM module and tested all of this. I think it's all much cleaner now! LMK what you think.

[ioquatix]

You don't need if transitions.

[ColinDKelley]

I kept it from the old code. You can see it hiding up there one line up... in "trailing if" form. There is code below that counts on it. It's just after this comment:

All transitions are allowed if none are expressly declared

[ioquatix]

It's simply not needed. Array(nil) => [].

[ColinDKelley]

I don't follow. That if is there so that when transitions is nil, @transitions will be as well. The code below counts on that, because it uses nil in @transitions as an indicator that all transitions are allowed.

[ioquatix]

You may need to rebase on master.

[ColinDKelley]

Thanks for the review, @ioquatix.

I've responded to all the comments you left. 3 of them require changes. I'll try to push those up in the next day or two.

[ColinDKelley]

Good point--I hadn't thought about it being in the public interface. I will put that back to its old name.

[ColinDKelley]

That might be a bit confusing though?

AlreadyStarted.is_a?(NotStarted)

I will look into what was raised before if start was called a second time.

[ColinDKelley]

We're fans for the one-line and/or form for concise preconditions [this use case is exactly why and and or are in Ruby, from Perl], but I can certainly change it to the 3-line form.

[ColinDKelley]

This is a style we like for enforcing contracts, especially around symbol-vs-string! There aren't any callers of this method passing strings, so .to_sym would be a no-op now. Adding .to_sym now might serve to enable more confusing usage later...but there's no need for that, is there?

[ColinDKelley]

I added this because of the contract that the including code must call super() first. That's pretty unusual for mixins, but it's how the code was already structured, and it work well in this case. It's critical to get the mutex initialized up front because the lazy style that's often used in mixins (@mutex ||= Mutex.new) wouldn't work; ironically, it would need a synchronizing mutex around it!

Ah, this might make it more clear: how about an overall flag like @_fsm_initialized that's set = true when super() is called. This could code check that for the ArgumentError test. If that test passes, we can be confident that @mutex has been initialized.

[ColinDKelley]

I kept it from the old code. You can see it hiding up there one line up... in "trailing if" form. There is code below that counts on it. It's just after this comment:

All transitions are allowed if none are expressly declared

[houndci-bot]

Style/FrozenStringLiteralComment: Missing magic comment # frozen_string_literal: true.

[ColinDKelley]

I will make a separate PR for this later.

[ColinDKelley]

@ioquatix I believe all comments are addressed here. I merged up latest master as well. There were a couple build failures that came across with master. I sent a separate PR #488 for those and merged it in here.

[ColinDKelley]

Hi @ioquatix
Anything else to do on this PR?

[ioquatix]

My apologies, I was busy for Ruby Kaigi conference. I'm reviewing it now.

[ioquatix]

I'll fix the Ruby 3 issues. However can you check why:

Failures:

  1) Listen with one listen dir force_polling option to false with default ignore options two dirs with files in listen dir listens to dir move
     Failure/Error:
       expect(wrapper.listen do
         mv 'dir1', 'dir2/'
       end).to eq expected

       expected: {:added=>["dir2/dir1/file1.rb"], :modified=>[], :removed=>["dir1/file1.rb"]}
            got: {:added=>["dir2/dir1/file1.rb"], :modified=>["dir2/file2.rb"], :removed=>["dir1/file1.rb"]}

       (compared using ==)

[ioquatix]

Okay, I see a bunch of specs are failing, I'll try to bring master back to green.

[ioquatix]

Okay, master is green again, can you rebase?

[ColinDKelley]

@ioquatix Thanks for getting master green again. I've merged that in and now this branch is green too!

[ioquatix]

Can you please rebase on master so I can merge - please don't merge master into your branch because it creates a huge mess.

[ColinDKelley]

@ioquatix : Rebased and pushed.

[ioquatix]

Great work, thanks for your effort. Do you have time to jump on call some time this week to discuss a release plan/schedule?

[ColinDKelley]

Hi @ioquatix Thank you! Yes, this week is good for a call. I'm on US/Pacific time. How about if we pick an exact time and medium by email?