Don't crash when hitting long backoffs. (swift-server#458)

Lukasa · web-flow · commit 1081b0b0541f · 2021-10-13T13:09:54.000+01:00
Motivation:

If we backoff sufficiently far we can overflow Int64, which will cause
us to crash.

Modifications:

Clamp the backoff value before we convert to Int64.

Results:

No crashes!
diff --git a/Sources/AsyncHTTPClient/ConnectionPool/State Machine/HTTPConnectionPool+Backoff.swift b/Sources/AsyncHTTPClient/ConnectionPool/State Machine/HTTPConnectionPool+Backoff.swift
@@ -46,9 +46,12 @@ extension HTTPConnectionPool{
 // - 29 failed attempts: ~60s (max out)
 
 let start = Double(TimeAmount.milliseconds(100).nanoseconds)
- let backoffNanoseconds = Int64(start * pow(1.25, Double(attempts - 1)))
+ let backoffNanosecondsDouble = start * pow(1.25, Double(attempts - 1))
 
- let backoff: TimeAmount = min(.nanoseconds(backoffNanoseconds), .seconds(60))
+ // Cap to 60s _before_ we convert to Int64, to avoid trapping in the Int64 initializer.
+ let backoffNanoseconds = Int64(min(backoffNanosecondsDouble, Double(TimeAmount.seconds(60).nanoseconds)))
+
+ let backoff = TimeAmount.nanoseconds(backoffNanoseconds)
 
 // Calculate a 3% jitter range
 let jitterRange = (backoff.nanoseconds / 100) * 3
diff --git a/Tests/AsyncHTTPClientTests/HTTPConnectionPoolTests+XCTest.swift b/Tests/AsyncHTTPClientTests/HTTPConnectionPoolTests+XCTest.swift
@@ -33,6 +33,7 @@ extension HTTPConnectionPoolTests{
 ("testConnectionCreationIsRetriedUntilRequestIsCancelled", testConnectionCreationIsRetriedUntilRequestIsCancelled),
 ("testConnectionShutdownIsCalledOnActiveConnections", testConnectionShutdownIsCalledOnActiveConnections),
 ("testConnectionPoolStressResistanceHTTP1", testConnectionPoolStressResistanceHTTP1),
+ ("testBackoffBehavesSensibly", testBackoffBehavesSensibly),
 ]
 }
 }
diff --git a/Tests/AsyncHTTPClientTests/HTTPConnectionPoolTests.swift b/Tests/AsyncHTTPClientTests/HTTPConnectionPoolTests.swift
@@ -453,6 +453,32 @@ class HTTPConnectionPoolTests: XCTestCase{
 pool.shutdown()
 XCTAssertNoThrow(try poolDelegate.future.wait())
 }
+
+ func testBackoffBehavesSensibly() throws{
+ var backoff = HTTPConnectionPool.calculateBackoff(failedAttempt: 1)
+
+ // The value should be 100ms±3ms
+ XCTAssertLessThanOrEqual((backoff - .milliseconds(100)).nanoseconds.magnitude, TimeAmount.milliseconds(3).nanoseconds.magnitude)
+
+ // Should always increase
+ // We stop when we get within the jitter of 60s, which is 1.8s
+ var attempt = 1
+ while backoff < (.seconds(60) - .milliseconds(1800)){
+ attempt += 1
+ let newBackoff = HTTPConnectionPool.calculateBackoff(failedAttempt: attempt)
+
+ XCTAssertGreaterThan(newBackoff, backoff)
+ backoff = newBackoff
+ }
+
+ // Ok, now we should be able to do a hundred increments, and always hit 60s, plus or minus 1.8s of jitter.
+ for offset in 0..<100{
+ XCTAssertLessThanOrEqual(
+ (HTTPConnectionPool.calculateBackoff(failedAttempt: attempt + offset) - .seconds(60)).nanoseconds.magnitude,
+ TimeAmount.milliseconds(1800).nanoseconds.magnitude
+ )
+ }
+ }
 }
 
 class TestDelegate: HTTPConnectionPoolDelegate{

-Original file line number
+Diff line change
  // - 29 failed attempts: ~60s (max out)
 letstart=Double(TimeAmount.milliseconds(100).nanoseconds)
 -letbackoffNanoseconds=Int64(start * pow(1.25,Double(attempts -1)))
 +letbackoffNanosecondsDouble= start * pow(1.25,Double(attempts -1))
 -letbackoff:TimeAmount=min(.nanoseconds(backoffNanoseconds),.seconds(60))
 + // Cap to 60s _before_ we convert to Int64, to avoid trapping in the Int64 initializer.
 +letbackoffNanoseconds=Int64(min(backoffNanosecondsDouble,Double(TimeAmount.seconds(60).nanoseconds)))
++
 +letbackoff=TimeAmount.nanoseconds(backoffNanoseconds)
  // Calculate a 3% jitter range
 letjitterRange=(backoff.nanoseconds /100)*3
Original file line number	Diff line number	Diff line change
`@@ -33,6 +33,7 @@ extension HTTPConnectionPoolTests{`
`33`	`33`	`("testConnectionCreationIsRetriedUntilRequestIsCancelled", testConnectionCreationIsRetriedUntilRequestIsCancelled),`
`34`	`34`	`("testConnectionShutdownIsCalledOnActiveConnections", testConnectionShutdownIsCalledOnActiveConnections),`
`35`	`35`	`("testConnectionPoolStressResistanceHTTP1", testConnectionPoolStressResistanceHTTP1),`
	`36`	`+("testBackoffBehavesSensibly", testBackoffBehavesSensibly),`
`36`	`37`	`]`
`37`	`38`	`}`
`38`	`39`	`}`