Implement Throttler

[black-adder]

Adding a throttler that will allow clients to rate limit the amount of debug spans that they can generate.

• Tests
• Agree on APIs

Signed-off-by: Won Jun Jang wjang@uber.com

[codecov]

Codecov Report

Merging #253 into master will increase coverage by 1%.
The diff coverage is 100%.

@@           Coverage Diff            @@
##           master     #253    +/-   ##
========================================
+ Coverage   84.95%   85.96%    +1%     
========================================
  Files          51       54     +3     
  Lines        2705     2899   +194     
========================================
+ Hits         2298     2492   +194     
- Misses        287      288     +1     
+ Partials      120      119     -1

Impacted Files	Coverage Δ
tracer.go	88.57% <100%> (+0.57%)	⬆️
internal/throttler/remote/throttler.go	100% <100%> (ø)
log/logger.go	100% <100%> (ø)	⬆️
tracer_options.go	74.54% <100%> (+1.46%)	⬆️
internal/throttler/throttler.go	100% <100%> (ø)
internal/throttler/remote/options.go	100% <100%> (ø)
config/options.go	100% <0%> (ø)	⬆️
... and 1 more

---

Continue to review full report at Codecov.

Legend - Click here to learn more
Δ = absolute <relative> (impact), ø = not affected, ? = missing data
Powered by Codecov. Last update f6dd779...e8cb677. Read the comment docs.

[black-adder]

An alternative approach would be to lazily set the UUID in the throttler as done here: https://github.com/jaegertracing/jaeger-client-go/blob/master/transport_udp.go#L85

However, this would mean the API would have to change to IsThrottled(operation, uuid) which could potentially save us a lot of headache. However, this isn't compatible with the Sampler API although I could duck type the sampler to remove the circular dependency issues and then we could just initialize everything in the tracer on initialization. I'll play around with this some more

[black-adder]

As mentioned in the comment, this is just a proof of concept of how we'd throttle normal sampler traffic. (I'll remove before landing).

[black-adder]

Some brainstorming is required before we can actually do this. If sampled == true and isThrottled() == true, we need to emit a hint somewhere (meta-span?) so that XYS is aware that a sampled span was dropped.

[black-adder]

If we want to use the existing Sampler API, we would have to update it with this function since the sampler will be wrapped by the throttler in the config directory but the UUID setting occurs in the tracer which means it's too late to initialize this wrapped sampler in the tracer (and it'd cause cycling import errors).

[yurishkuro]

duck-typing sounds fine to me. However, I would combine this UUID with service name + process tags (i.e. have an internal Process struct) and have the same SetProcess duck-typed interface shared by reporters and samplers.

[black-adder]

Ok, I got it where we can use the throttler as a sampler without needing to update the sampler API. Only downside is that we're possibly increasing the surface area of our root Jaeger API. I actually think it makes sense to keep the throttledSampler API private.

[isaachier]

Like the implementation overall. Mostly nits.

[isaachier]

I think you should use a different name if it changes the credits map, something like deductCredits makes more sense.

[yurishkuro]

should/must - https://www.ietf.org/rfc/rfc2119.txt

[isaachier]

I believe stopping the ticker is unnecessary in a case like this.

[yurishkuro]

why is that?

[isaachier]

Because it should be garbage collected as a local variable with no references to its channel. Unless this results in a leaked goroutine, which is confusing. For the record, it seems you can leak goroutines but not channels.

[isaachier]

This may not be as bad as you think. Used to do transformations like this all the time in C++ thanks to std::transform. Even when we hit memory issues in our C++ code, std::transform wasn't the main issue, despite allocating a temporary vector each time like this code does. IMO, allocation issues aren't really a problem for a small collection of temporaries (< 100 elements) as much as long living, tree-like recursive structures or huge blobs.

[yurishkuro]

allocations are a problem when they are on the hot path of the business logic of the application. In the periodic background activities - not so much.

[isaachier]

For the record, I used to love the idea of reader-writer locks in all code, then learned that it might actually perform worse than a regular mutex if the contention isn't high enough. RW locks generally have a bit more overhead because the logic to avoid writer/reader starvation is more complex. Might be worth considering and/or profiling.

[isaachier]

Why bother with an atomic string instead of using a regular constructor here?

[isaachier]

Why are we doing two throttlers upfront? I thought we would use one throttler and just allow the users to define the type of throttling to do.

[black-adder]

The options are:

1. Two throttlers options
2. One throttler option, and a enum option of: "DEBUG", "SAMPLING", "BOTH"

I don't mind either one since both will work but I just chose the former

[yurishkuro]

I thought we haven't even agreed that throttling regular sampling is not going to mess up xys.

[black-adder]

tis a proof of concept, I wanted to make sure we could throttle the sampler without being too invasive. I'll be removing this code.

[isaachier]

Cool. I was thinking more like the option based approach if we need it.

[isaachier]

Not sure if polling is truly necessary. On the other hand, I believe it should be required to spawn an asynchronous credit request when an operation runs out of credits (i.e. below 1.0). Otherwise, we run the risk of making requests when we don't need credits and not requesting when we do need credits.

[yurishkuro]

if we do this on demand, and the demand happens to be very high, there will be a lot of these async requests, each only returning a small fraction of accumulated credits from the agent.

[black-adder]

also, the agent uses these requests to update the client's updateTime. If we don't ping regularly, we could potentially have the agent give the client way more credits than its due.

[isaachier]

Ya I was wondering if we could combine the two somehow. I guess let's try this and see if it works well.

[yurishkuro]

uber-go/atomic is not an existing dependency (it may be transitive of tchannel, which is not used in production), so let's not introduce it

[yurishkuro]

synchronously fetch

can we make this configurable? Only yab needs it synchronously, normal services could just wait for refresh?

[yurishkuro]

allocations are a problem when they are on the hot path of the business logic of the application. In the periodic background activities - not so much.

[yurishkuro]

refreshCredits

[yurishkuro]

fetchCredits

[yurishkuro]

should/must - https://www.ietf.org/rfc/rfc2119.txt

[yurishkuro]

if we do this on demand, and the demand happens to be very high, there will be a lot of these async requests, each only returning a small fraction of accumulated credits from the agent.

[yurishkuro]

why is that?

[yurishkuro]

Somehow I get a feeling that this is a double negative. Wouldn't "is allowed" be better? If you look at various rate limiter implementations, their API are typically expressed in the positive outcomes, "is allowed", "how long till it's allowed".

[yurishkuro]

it might be better to duck type this

[black-adder]

may I ask why?

[isaachier]

Good question. I don't really get when to do one or the other.

[yurishkuro]

did you see my comment this morning about unifying this with SetProcess across the board?

[black-adder]

@yurishkuro is this what you had in mind?

[yurishkuro]

Yep

[yurishkuro]

Why not just use atomic.value for the string?

[isaachier]

LGTM, but you might wants to wait on @yurishkuro.

[vprithvi]

Could you add some details on when it's a good idea to set this option to the docstring?

[vprithvi]

Why don't we test the default SynchronousInitialization?

[vprithvi]

Why is this called UUID?
We only seem to be using it as an arbitrary identifier.

[isaachier]

At one point we actually did use a UUID. Not sure what happened.

[vprithvi]

I don't think we should continue calling this field UUID if it's not going to be holding a UUID.

[isaachier]

See #248

[black-adder]

It will be a UUID, I just have to combine this with https://github.com/jaegertracing/jaeger-client-go/pull/248/files

[vprithvi]

Why not return a ([]creditResponse, error) ?