2024-03-21 09:30:47 -04:00
|
|
|
# SPDX-FileCopyrightText: 2024 Redict Contributors
|
|
|
|
|
# SPDX-FileCopyrightText: 2024 Salvatore Sanfilippo <antirez at gmail dot com>
|
|
|
|
|
#
|
|
|
|
|
# SPDX-License-Identifier: BSD-3-Clause
|
|
|
|
|
# SPDX-License-Identifier: GPL-3.0-only
|
|
|
|
|
|
Add reply_schema to command json files (internal for now) (#10273)
Work in progress towards implementing a reply schema as part of COMMAND DOCS, see #9845
Since ironing the details of the reply schema of each and every command can take a long time, we
would like to merge this PR when the infrastructure is ready, and let this mature in the unstable branch.
Meanwhile the changes of this PR are internal, they are part of the repo, but do not affect the produced build.
### Background
In #9656 we add a lot of information about Redis commands, but we are missing information about the replies
### Motivation
1. Documentation. This is the primary goal.
2. It should be possible, based on the output of COMMAND, to be able to generate client code in typed
languages. In order to do that, we need Redis to tell us, in detail, what each reply looks like.
3. We would like to build a fuzzer that verifies the reply structure (for now we use the existing
testsuite, see the "Testing" section)
### Schema
The idea is to supply some sort of schema for the various replies of each command.
The schema will describe the conceptual structure of the reply (for generated clients), as defined in RESP3.
Note that the reply structure itself may change, depending on the arguments (e.g. `XINFO STREAM`, with
and without the `FULL` modifier)
We decided to use the standard json-schema (see https://json-schema.org/) as the reply-schema.
Example for `BZPOPMIN`:
```
"reply_schema": {
"oneOf": [
{
"description": "Timeout reached and no elements were popped.",
"type": "null"
},
{
"description": "The keyname, popped member, and its score.",
"type": "array",
"minItems": 3,
"maxItems": 3,
"items": [
{
"description": "Keyname",
"type": "string"
},
{
"description": "Member",
"type": "string"
},
{
"description": "Score",
"type": "number"
}
]
}
]
}
```
#### Notes
1. It is ok that some commands' reply structure depends on the arguments and it's the caller's responsibility
to know which is the relevant one. this comes after looking at other request-reply systems like OpenAPI,
where the reply schema can also be oneOf and the caller is responsible to know which schema is the relevant one.
2. The reply schemas will describe RESP3 replies only. even though RESP3 is structured, we want to use reply
schema for documentation (and possibly to create a fuzzer that validates the replies)
3. For documentation, the description field will include an explanation of the scenario in which the reply is sent,
including any relation to arguments. for example, for `ZRANGE`'s two schemas we will need to state that one
is with `WITHSCORES` and the other is without.
4. For documentation, there will be another optional field "notes" in which we will add a short description of
the representation in RESP2, in case it's not trivial (RESP3's `ZRANGE`'s nested array vs. RESP2's flat
array, for example)
Given the above:
1. We can generate the "return" section of all commands in [redis-doc](https://redis.io/commands/)
(given that "description" and "notes" are comprehensive enough)
2. We can generate a client in a strongly typed language (but the return type could be a conceptual
`union` and the caller needs to know which schema is relevant). see the section below for RESP2 support.
3. We can create a fuzzer for RESP3.
### Limitations (because we are using the standard json-schema)
The problem is that Redis' replies are more diverse than what the json format allows. This means that,
when we convert the reply to a json (in order to validate the schema against it), we lose information (see
the "Testing" section below).
The other option would have been to extend the standard json-schema (and json format) to include stuff
like sets, bulk-strings, error-string, etc. but that would mean also extending the schema-validator - and that
seemed like too much work, so we decided to compromise.
Examples:
1. We cannot tell the difference between an "array" and a "set"
2. We cannot tell the difference between simple-string and bulk-string
3. we cannot verify true uniqueness of items in commands like ZRANGE: json-schema doesn't cover the
case of two identical members with different scores (e.g. `[["m1",6],["m1",7]]`) because `uniqueItems`
compares (member,score) tuples and not just the member name.
### Testing
This commit includes some changes inside Redis in order to verify the schemas (existing and future ones)
are indeed correct (i.e. describe the actual response of Redis).
To do that, we added a debugging feature to Redis that causes it to produce a log of all the commands
it executed and their replies.
For that, Redis needs to be compiled with `-DLOG_REQ_RES` and run with
`--reg-res-logfile <file> --client-default-resp 3` (the testsuite already does that if you run it with
`--log-req-res --force-resp3`)
You should run the testsuite with the above args (and `--dont-clean`) in order to make Redis generate
`.reqres` files (same dir as the `stdout` files) which contain request-response pairs.
These files are later on processed by `./utils/req-res-log-validator.py` which does:
1. Goes over req-res files, generated by redis-servers, spawned by the testsuite (see logreqres.c)
2. For each request-response pair, it validates the response against the request's reply_schema
(obtained from the extended COMMAND DOCS)
5. In order to get good coverage of the Redis commands, and all their different replies, we chose to use
the existing redis test suite, rather than attempt to write a fuzzer.
#### Notes about RESP2
1. We will not be able to use the testing tool to verify RESP2 replies (we are ok with that, it's time to
accept RESP3 as the future RESP)
2. Since the majority of the test suite is using RESP2, and we want the server to reply with RESP3
so that we can validate it, we will need to know how to convert the actual reply to the one expected.
- number and boolean are always strings in RESP2 so the conversion is easy
- objects (maps) are always a flat array in RESP2
- others (nested array in RESP3's `ZRANGE` and others) will need some special per-command
handling (so the client will not be totally auto-generated)
Example for ZRANGE:
```
"reply_schema": {
"anyOf": [
{
"description": "A list of member elements",
"type": "array",
"uniqueItems": true,
"items": {
"type": "string"
}
},
{
"description": "Members and their scores. Returned in case `WITHSCORES` was used.",
"notes": "In RESP2 this is returned as a flat array",
"type": "array",
"uniqueItems": true,
"items": {
"type": "array",
"minItems": 2,
"maxItems": 2,
"items": [
{
"description": "Member",
"type": "string"
},
{
"description": "Score",
"type": "number"
}
]
}
}
]
}
```
### Other changes
1. Some tests that behave differently depending on the RESP are now being tested for both RESP,
regardless of the special log-req-res mode ("Pub/Sub PING" for example)
2. Update the history field of CLIENT LIST
3. Added basic tests for commands that were not covered at all by the testsuite
### TODO
- [x] (maybe a different PR) add a "condition" field to anyOf/oneOf schemas that refers to args. e.g.
when `SET` return NULL, the condition is `arguments.get||arguments.condition`, for `OK` the condition
is `!arguments.get`, and for `string` the condition is `arguments.get` - https://github.com/redis/redis/issues/11896
- [x] (maybe a different PR) also run `runtest-cluster` in the req-res logging mode
- [x] add the new tests to GH actions (i.e. compile with `-DLOG_REQ_RES`, run the tests, and run the validator)
- [x] (maybe a different PR) figure out a way to warn about (sub)schemas that are uncovered by the output
of the tests - https://github.com/redis/redis/issues/11897
- [x] (probably a separate PR) add all missing schemas
- [x] check why "SDOWN is triggered by misconfigured instance replying with errors" fails with --log-req-res
- [x] move the response transformers to their own file (run both regular, cluster, and sentinel tests - need to
fight with the tcl including mechanism a bit)
- [x] issue: module API - https://github.com/redis/redis/issues/11898
- [x] (probably a separate PR): improve schemas: add `required` to `object`s - https://github.com/redis/redis/issues/11899
Co-authored-by: Ozan Tezcan <ozantezcan@gmail.com>
Co-authored-by: Hanna Fadida <hanna.fadida@redislabs.com>
Co-authored-by: Oran Agra <oran@redislabs.com>
Co-authored-by: Shaya Potter <shaya@redislabs.com>
2023-03-11 03:14:16 -05:00
|
|
|
start_server {tags {"obuf-limits external:skip logreqres:skip"}} {
|
2021-08-29 08:03:05 -04:00
|
|
|
test {CONFIG SET client-output-buffer-limit} {
|
|
|
|
|
set oldval [lindex [r config get client-output-buffer-limit] 1]
|
|
|
|
|
|
|
|
|
|
catch {r config set client-output-buffer-limit "wrong number"} e
|
|
|
|
|
assert_match {*Wrong*arguments*} $e
|
|
|
|
|
|
|
|
|
|
catch {r config set client-output-buffer-limit "invalid_class 10mb 10mb 60"} e
|
|
|
|
|
assert_match {*Invalid*client*class*} $e
|
|
|
|
|
catch {r config set client-output-buffer-limit "master 10mb 10mb 60"} e
|
|
|
|
|
assert_match {*Invalid*client*class*} $e
|
|
|
|
|
|
|
|
|
|
catch {r config set client-output-buffer-limit "normal 10mbs 10mb 60"} e
|
|
|
|
|
assert_match {*Error*hard*} $e
|
|
|
|
|
|
|
|
|
|
catch {r config set client-output-buffer-limit "replica 10mb 10mbs 60"} e
|
|
|
|
|
assert_match {*Error*soft*} $e
|
|
|
|
|
|
|
|
|
|
catch {r config set client-output-buffer-limit "pubsub 10mb 10mb 60s"} e
|
|
|
|
|
assert_match {*Error*soft_seconds*} $e
|
|
|
|
|
|
|
|
|
|
r config set client-output-buffer-limit "normal 1mb 2mb 60 replica 3mb 4mb 70 pubsub 5mb 6mb 80"
|
|
|
|
|
set res [lindex [r config get client-output-buffer-limit] 1]
|
|
|
|
|
assert_equal $res "normal 1048576 2097152 60 slave 3145728 4194304 70 pubsub 5242880 6291456 80"
|
|
|
|
|
|
|
|
|
|
# Set back to the original value.
|
|
|
|
|
r config set client-output-buffer-limit $oldval
|
|
|
|
|
}
|
|
|
|
|
|
2012-01-25 12:34:56 -05:00
|
|
|
test {Client output buffer hard limit is enforced} {
|
2012-01-25 12:11:04 -05:00
|
|
|
r config set client-output-buffer-limit {pubsub 100000 0 0}
|
2024-03-21 05:56:59 -04:00
|
|
|
set rd1 [redict_deferring_client]
|
2012-01-25 12:11:04 -05:00
|
|
|
|
|
|
|
|
$rd1 subscribe foo
|
|
|
|
|
set reply [$rd1 read]
|
|
|
|
|
assert {$reply eq "subscribe foo 1"}
|
|
|
|
|
|
|
|
|
|
set omem 0
|
|
|
|
|
while 1 {
|
|
|
|
|
r publish foo bar
|
|
|
|
|
set clients [split [r client list] "\r\n"]
|
|
|
|
|
set c [split [lindex $clients 1] " "]
|
|
|
|
|
if {![regexp {omem=([0-9]+)} $c - omem]} break
|
|
|
|
|
if {$omem > 200000} break
|
|
|
|
|
}
|
2019-05-13 11:27:06 -04:00
|
|
|
assert {$omem >= 70000 && $omem < 200000}
|
2012-01-25 12:11:04 -05:00
|
|
|
$rd1 close
|
|
|
|
|
}
|
2021-05-04 06:45:08 -04:00
|
|
|
|
|
|
|
|
foreach {soft_limit_time wait_for_timeout} {3 yes
|
|
|
|
|
4 no } {
|
|
|
|
|
if $wait_for_timeout {
|
|
|
|
|
set test_name "Client output buffer soft limit is enforced if time is overreached"
|
|
|
|
|
} else {
|
|
|
|
|
set test_name "Client output buffer soft limit is not enforced too early and is enforced when no traffic"
|
2012-01-25 12:34:56 -05:00
|
|
|
}
|
|
|
|
|
|
2021-05-04 06:45:08 -04:00
|
|
|
test $test_name {
|
|
|
|
|
r config set client-output-buffer-limit "pubsub 0 100000 $soft_limit_time"
|
|
|
|
|
set soft_limit_time [expr $soft_limit_time*1000]
|
2024-03-21 05:56:59 -04:00
|
|
|
set rd1 [redict_deferring_client]
|
2012-01-25 12:34:56 -05:00
|
|
|
|
2021-05-04 06:45:08 -04:00
|
|
|
$rd1 client setname test_client
|
|
|
|
|
set reply [$rd1 read]
|
|
|
|
|
assert {$reply eq "OK"}
|
2012-01-25 12:34:56 -05:00
|
|
|
|
2021-05-04 06:45:08 -04:00
|
|
|
$rd1 subscribe foo
|
|
|
|
|
set reply [$rd1 read]
|
|
|
|
|
assert {$reply eq "subscribe foo 1"}
|
|
|
|
|
|
|
|
|
|
set omem 0
|
|
|
|
|
set start_time 0
|
|
|
|
|
set time_elapsed 0
|
|
|
|
|
set last_under_limit_time [clock milliseconds]
|
|
|
|
|
while 1 {
|
|
|
|
|
r publish foo [string repeat "x" 1000]
|
|
|
|
|
set clients [split [r client list] "\r\n"]
|
|
|
|
|
set c [lsearch -inline $clients *name=test_client*]
|
|
|
|
|
if {$start_time != 0} {
|
|
|
|
|
set time_elapsed [expr {[clock milliseconds]-$start_time}]
|
|
|
|
|
# Make sure test isn't taking too long
|
|
|
|
|
assert {$time_elapsed <= [expr $soft_limit_time+3000]}
|
|
|
|
|
}
|
|
|
|
|
if {$wait_for_timeout && $c == ""} {
|
|
|
|
|
# Make sure we're disconnected when we reach the soft limit
|
|
|
|
|
assert {$omem >= 100000 && $time_elapsed >= $soft_limit_time}
|
|
|
|
|
break
|
|
|
|
|
} else {
|
|
|
|
|
assert {[regexp {omem=([0-9]+)} $c - omem]}
|
|
|
|
|
}
|
|
|
|
|
if {$omem > 100000} {
|
|
|
|
|
if {$start_time == 0} {set start_time $last_under_limit_time}
|
|
|
|
|
if {!$wait_for_timeout && $time_elapsed >= [expr $soft_limit_time-1000]} break
|
|
|
|
|
# Slow down loop when omem has reached the limit.
|
|
|
|
|
after 10
|
|
|
|
|
} else {
|
|
|
|
|
# if the OS socket buffers swallowed what we previously filled, reset the start timer.
|
|
|
|
|
set start_time 0
|
|
|
|
|
set last_under_limit_time [clock milliseconds]
|
|
|
|
|
}
|
2021-04-19 03:08:07 -04:00
|
|
|
}
|
2021-05-04 06:45:08 -04:00
|
|
|
|
|
|
|
|
if {!$wait_for_timeout} {
|
|
|
|
|
# After we completely stopped the traffic, wait for soft limit to time out
|
|
|
|
|
set timeout [expr {$soft_limit_time+1500 - ([clock milliseconds]-$start_time)}]
|
|
|
|
|
wait_for_condition [expr $timeout/10] 10 {
|
|
|
|
|
[lsearch [split [r client list] "\r\n"] *name=test_client*] == -1
|
|
|
|
|
} else {
|
|
|
|
|
fail "Soft limit timed out but client still connected"
|
|
|
|
|
}
|
2012-01-25 12:34:56 -05:00
|
|
|
}
|
2021-05-04 06:45:08 -04:00
|
|
|
|
|
|
|
|
$rd1 close
|
2012-01-25 12:34:56 -05:00
|
|
|
}
|
|
|
|
|
}
|
Don't write replies if close the client ASAP (#7202)
Before this commit, we would have continued to add replies to the reply buffer even if client
output buffer limit is reached, so the used memory would keep increasing over the configured limit.
What's more, we shouldn’t write any reply to the client if it is set 'CLIENT_CLOSE_ASAP' flag
because that doesn't conform to its definition and we will close all clients flagged with
'CLIENT_CLOSE_ASAP' in ‘beforeSleep’.
Because of code execution order, before this, we may firstly write to part of the replies to
the socket before disconnecting it, but in fact, we may can’t send the full replies to clients
since OS socket buffer is limited. But this unexpected behavior makes some commands work well,
for instance ACL DELUSER, if the client deletes the current user, we need to send reply to client
and close the connection, but before, we close the client firstly and write the reply to reply
buffer. secondly, we shouldn't do this despite the fact it works well in most cases.
We add a flag 'CLIENT_CLOSE_AFTER_COMMAND' to mark clients, this flag means we will close the
client after executing commands and send all entire replies, so that we can write replies to
reply buffer during executing commands, send replies to clients, and close them later.
We also fix some implicit problems. If client output buffer limit is enforced in 'multi/exec',
all commands will be executed completely in redis and clients will not read any reply instead of
partial replies. Even more, if the client executes 'ACL deluser' the using user in 'multi/exec',
it will not read the replies after 'ACL deluser' just like before executing 'client kill' itself
in 'multi/exec'.
We added some tests for output buffer limit breach during multi-exec and using a pipeline of
many small commands rather than one with big response.
Co-authored-by: Oran Agra <oran@redislabs.com>
2020-09-24 09:01:41 -04:00
|
|
|
|
|
|
|
|
test {No response for single command if client output buffer hard limit is enforced} {
|
Added INFO LATENCYSTATS section: latency by percentile distribution/latency by cumulative distribution of latencies (#9462)
# Short description
The Redis extended latency stats track per command latencies and enables:
- exporting the per-command percentile distribution via the `INFO LATENCYSTATS` command.
**( percentile distribution is not mergeable between cluster nodes ).**
- exporting the per-command cumulative latency distributions via the `LATENCY HISTOGRAM` command.
Using the cumulative distribution of latencies we can merge several stats from different cluster nodes
to calculate aggregate metrics .
By default, the extended latency monitoring is enabled since the overhead of keeping track of the
command latency is very small.
If you don't want to track extended latency metrics, you can easily disable it at runtime using the command:
- `CONFIG SET latency-tracking no`
By default, the exported latency percentiles are the p50, p99, and p999.
You can alter them at runtime using the command:
- `CONFIG SET latency-tracking-info-percentiles "0.0 50.0 100.0"`
## Some details:
- The total size per histogram should sit around 40 KiB. We only allocate those 40KiB when a command
was called for the first time.
- With regards to the WRITE overhead As seen below, there is no measurable overhead on the achievable
ops/sec or full latency spectrum on the client. Including also the measured redis-benchmark for unstable
vs this branch.
- We track from 1 nanosecond to 1 second ( everything above 1 second is considered +Inf )
## `INFO LATENCYSTATS` exposition format
- Format: `latency_percentiles_usec_<CMDNAME>:p0=XX,p50....`
## `LATENCY HISTOGRAM [command ...]` exposition format
Return a cumulative distribution of latencies in the format of a histogram for the specified command names.
The histogram is composed of a map of time buckets:
- Each representing a latency range, between 1 nanosecond and roughly 1 second.
- Each bucket covers twice the previous bucket's range.
- Empty buckets are not printed.
- Everything above 1 sec is considered +Inf.
- At max there will be log2(1000000000)=30 buckets
We reply a map for each command in the format:
`<command name> : { `calls`: <total command calls> , `histogram` : { <bucket 1> : latency , < bucket 2> : latency, ... } }`
Co-authored-by: Oran Agra <oran@redislabs.com>
2022-01-05 07:01:05 -05:00
|
|
|
r config set latency-tracking no
|
Don't write replies if close the client ASAP (#7202)
Before this commit, we would have continued to add replies to the reply buffer even if client
output buffer limit is reached, so the used memory would keep increasing over the configured limit.
What's more, we shouldn’t write any reply to the client if it is set 'CLIENT_CLOSE_ASAP' flag
because that doesn't conform to its definition and we will close all clients flagged with
'CLIENT_CLOSE_ASAP' in ‘beforeSleep’.
Because of code execution order, before this, we may firstly write to part of the replies to
the socket before disconnecting it, but in fact, we may can’t send the full replies to clients
since OS socket buffer is limited. But this unexpected behavior makes some commands work well,
for instance ACL DELUSER, if the client deletes the current user, we need to send reply to client
and close the connection, but before, we close the client firstly and write the reply to reply
buffer. secondly, we shouldn't do this despite the fact it works well in most cases.
We add a flag 'CLIENT_CLOSE_AFTER_COMMAND' to mark clients, this flag means we will close the
client after executing commands and send all entire replies, so that we can write replies to
reply buffer during executing commands, send replies to clients, and close them later.
We also fix some implicit problems. If client output buffer limit is enforced in 'multi/exec',
all commands will be executed completely in redis and clients will not read any reply instead of
partial replies. Even more, if the client executes 'ACL deluser' the using user in 'multi/exec',
it will not read the replies after 'ACL deluser' just like before executing 'client kill' itself
in 'multi/exec'.
We added some tests for output buffer limit breach during multi-exec and using a pipeline of
many small commands rather than one with big response.
Co-authored-by: Oran Agra <oran@redislabs.com>
2020-09-24 09:01:41 -04:00
|
|
|
r config set client-output-buffer-limit {normal 100000 0 0}
|
|
|
|
|
# Total size of all items must be more than 100k
|
|
|
|
|
set item [string repeat "x" 1000]
|
|
|
|
|
for {set i 0} {$i < 150} {incr i} {
|
|
|
|
|
r lpush mylist $item
|
|
|
|
|
}
|
|
|
|
|
set orig_mem [s used_memory]
|
|
|
|
|
# Set client name and get all items
|
2024-03-21 05:56:59 -04:00
|
|
|
set rd [redict_deferring_client]
|
Don't write replies if close the client ASAP (#7202)
Before this commit, we would have continued to add replies to the reply buffer even if client
output buffer limit is reached, so the used memory would keep increasing over the configured limit.
What's more, we shouldn’t write any reply to the client if it is set 'CLIENT_CLOSE_ASAP' flag
because that doesn't conform to its definition and we will close all clients flagged with
'CLIENT_CLOSE_ASAP' in ‘beforeSleep’.
Because of code execution order, before this, we may firstly write to part of the replies to
the socket before disconnecting it, but in fact, we may can’t send the full replies to clients
since OS socket buffer is limited. But this unexpected behavior makes some commands work well,
for instance ACL DELUSER, if the client deletes the current user, we need to send reply to client
and close the connection, but before, we close the client firstly and write the reply to reply
buffer. secondly, we shouldn't do this despite the fact it works well in most cases.
We add a flag 'CLIENT_CLOSE_AFTER_COMMAND' to mark clients, this flag means we will close the
client after executing commands and send all entire replies, so that we can write replies to
reply buffer during executing commands, send replies to clients, and close them later.
We also fix some implicit problems. If client output buffer limit is enforced in 'multi/exec',
all commands will be executed completely in redis and clients will not read any reply instead of
partial replies. Even more, if the client executes 'ACL deluser' the using user in 'multi/exec',
it will not read the replies after 'ACL deluser' just like before executing 'client kill' itself
in 'multi/exec'.
We added some tests for output buffer limit breach during multi-exec and using a pipeline of
many small commands rather than one with big response.
Co-authored-by: Oran Agra <oran@redislabs.com>
2020-09-24 09:01:41 -04:00
|
|
|
$rd client setname mybiglist
|
|
|
|
|
assert {[$rd read] eq "OK"}
|
|
|
|
|
$rd lrange mylist 0 -1
|
|
|
|
|
$rd flush
|
|
|
|
|
after 100
|
|
|
|
|
|
2024-03-21 05:56:59 -04:00
|
|
|
# Before we read reply, redict will close this client.
|
Don't write replies if close the client ASAP (#7202)
Before this commit, we would have continued to add replies to the reply buffer even if client
output buffer limit is reached, so the used memory would keep increasing over the configured limit.
What's more, we shouldn’t write any reply to the client if it is set 'CLIENT_CLOSE_ASAP' flag
because that doesn't conform to its definition and we will close all clients flagged with
'CLIENT_CLOSE_ASAP' in ‘beforeSleep’.
Because of code execution order, before this, we may firstly write to part of the replies to
the socket before disconnecting it, but in fact, we may can’t send the full replies to clients
since OS socket buffer is limited. But this unexpected behavior makes some commands work well,
for instance ACL DELUSER, if the client deletes the current user, we need to send reply to client
and close the connection, but before, we close the client firstly and write the reply to reply
buffer. secondly, we shouldn't do this despite the fact it works well in most cases.
We add a flag 'CLIENT_CLOSE_AFTER_COMMAND' to mark clients, this flag means we will close the
client after executing commands and send all entire replies, so that we can write replies to
reply buffer during executing commands, send replies to clients, and close them later.
We also fix some implicit problems. If client output buffer limit is enforced in 'multi/exec',
all commands will be executed completely in redis and clients will not read any reply instead of
partial replies. Even more, if the client executes 'ACL deluser' the using user in 'multi/exec',
it will not read the replies after 'ACL deluser' just like before executing 'client kill' itself
in 'multi/exec'.
We added some tests for output buffer limit breach during multi-exec and using a pipeline of
many small commands rather than one with big response.
Co-authored-by: Oran Agra <oran@redislabs.com>
2020-09-24 09:01:41 -04:00
|
|
|
set clients [r client list]
|
|
|
|
|
assert_no_match "*name=mybiglist*" $clients
|
|
|
|
|
set cur_mem [s used_memory]
|
|
|
|
|
# 10k just is a deviation threshold
|
|
|
|
|
assert {$cur_mem < 10000 + $orig_mem}
|
|
|
|
|
|
|
|
|
|
# Read nothing
|
|
|
|
|
set fd [$rd channel]
|
2022-07-03 06:34:14 -04:00
|
|
|
assert_equal {} [$rd rawread]
|
Don't write replies if close the client ASAP (#7202)
Before this commit, we would have continued to add replies to the reply buffer even if client
output buffer limit is reached, so the used memory would keep increasing over the configured limit.
What's more, we shouldn’t write any reply to the client if it is set 'CLIENT_CLOSE_ASAP' flag
because that doesn't conform to its definition and we will close all clients flagged with
'CLIENT_CLOSE_ASAP' in ‘beforeSleep’.
Because of code execution order, before this, we may firstly write to part of the replies to
the socket before disconnecting it, but in fact, we may can’t send the full replies to clients
since OS socket buffer is limited. But this unexpected behavior makes some commands work well,
for instance ACL DELUSER, if the client deletes the current user, we need to send reply to client
and close the connection, but before, we close the client firstly and write the reply to reply
buffer. secondly, we shouldn't do this despite the fact it works well in most cases.
We add a flag 'CLIENT_CLOSE_AFTER_COMMAND' to mark clients, this flag means we will close the
client after executing commands and send all entire replies, so that we can write replies to
reply buffer during executing commands, send replies to clients, and close them later.
We also fix some implicit problems. If client output buffer limit is enforced in 'multi/exec',
all commands will be executed completely in redis and clients will not read any reply instead of
partial replies. Even more, if the client executes 'ACL deluser' the using user in 'multi/exec',
it will not read the replies after 'ACL deluser' just like before executing 'client kill' itself
in 'multi/exec'.
We added some tests for output buffer limit breach during multi-exec and using a pipeline of
many small commands rather than one with big response.
Co-authored-by: Oran Agra <oran@redislabs.com>
2020-09-24 09:01:41 -04:00
|
|
|
}
|
|
|
|
|
|
2024-03-21 05:56:59 -04:00
|
|
|
# Note: This test assumes that what's written with one write, will be read by redict in one read.
|
2020-09-27 10:13:33 -04:00
|
|
|
# this assumption is wrong, but seem to work empirically (for now)
|
Don't write replies if close the client ASAP (#7202)
Before this commit, we would have continued to add replies to the reply buffer even if client
output buffer limit is reached, so the used memory would keep increasing over the configured limit.
What's more, we shouldn’t write any reply to the client if it is set 'CLIENT_CLOSE_ASAP' flag
because that doesn't conform to its definition and we will close all clients flagged with
'CLIENT_CLOSE_ASAP' in ‘beforeSleep’.
Because of code execution order, before this, we may firstly write to part of the replies to
the socket before disconnecting it, but in fact, we may can’t send the full replies to clients
since OS socket buffer is limited. But this unexpected behavior makes some commands work well,
for instance ACL DELUSER, if the client deletes the current user, we need to send reply to client
and close the connection, but before, we close the client firstly and write the reply to reply
buffer. secondly, we shouldn't do this despite the fact it works well in most cases.
We add a flag 'CLIENT_CLOSE_AFTER_COMMAND' to mark clients, this flag means we will close the
client after executing commands and send all entire replies, so that we can write replies to
reply buffer during executing commands, send replies to clients, and close them later.
We also fix some implicit problems. If client output buffer limit is enforced in 'multi/exec',
all commands will be executed completely in redis and clients will not read any reply instead of
partial replies. Even more, if the client executes 'ACL deluser' the using user in 'multi/exec',
it will not read the replies after 'ACL deluser' just like before executing 'client kill' itself
in 'multi/exec'.
We added some tests for output buffer limit breach during multi-exec and using a pipeline of
many small commands rather than one with big response.
Co-authored-by: Oran Agra <oran@redislabs.com>
2020-09-24 09:01:41 -04:00
|
|
|
test {No response for multi commands in pipeline if client output buffer limit is enforced} {
|
|
|
|
|
r config set client-output-buffer-limit {normal 100000 0 0}
|
|
|
|
|
set value [string repeat "x" 10000]
|
|
|
|
|
r set bigkey $value
|
2024-03-21 05:56:59 -04:00
|
|
|
set rd1 [redict_deferring_client]
|
|
|
|
|
set rd2 [redict_deferring_client]
|
Don't write replies if close the client ASAP (#7202)
Before this commit, we would have continued to add replies to the reply buffer even if client
output buffer limit is reached, so the used memory would keep increasing over the configured limit.
What's more, we shouldn’t write any reply to the client if it is set 'CLIENT_CLOSE_ASAP' flag
because that doesn't conform to its definition and we will close all clients flagged with
'CLIENT_CLOSE_ASAP' in ‘beforeSleep’.
Because of code execution order, before this, we may firstly write to part of the replies to
the socket before disconnecting it, but in fact, we may can’t send the full replies to clients
since OS socket buffer is limited. But this unexpected behavior makes some commands work well,
for instance ACL DELUSER, if the client deletes the current user, we need to send reply to client
and close the connection, but before, we close the client firstly and write the reply to reply
buffer. secondly, we shouldn't do this despite the fact it works well in most cases.
We add a flag 'CLIENT_CLOSE_AFTER_COMMAND' to mark clients, this flag means we will close the
client after executing commands and send all entire replies, so that we can write replies to
reply buffer during executing commands, send replies to clients, and close them later.
We also fix some implicit problems. If client output buffer limit is enforced in 'multi/exec',
all commands will be executed completely in redis and clients will not read any reply instead of
partial replies. Even more, if the client executes 'ACL deluser' the using user in 'multi/exec',
it will not read the replies after 'ACL deluser' just like before executing 'client kill' itself
in 'multi/exec'.
We added some tests for output buffer limit breach during multi-exec and using a pipeline of
many small commands rather than one with big response.
Co-authored-by: Oran Agra <oran@redislabs.com>
2020-09-24 09:01:41 -04:00
|
|
|
$rd2 client setname multicommands
|
|
|
|
|
assert_equal "OK" [$rd2 read]
|
2020-09-27 10:13:33 -04:00
|
|
|
|
2024-03-21 05:56:59 -04:00
|
|
|
# Let redict sleep 1s firstly
|
2020-09-27 10:13:33 -04:00
|
|
|
$rd1 debug sleep 1
|
Don't write replies if close the client ASAP (#7202)
Before this commit, we would have continued to add replies to the reply buffer even if client
output buffer limit is reached, so the used memory would keep increasing over the configured limit.
What's more, we shouldn’t write any reply to the client if it is set 'CLIENT_CLOSE_ASAP' flag
because that doesn't conform to its definition and we will close all clients flagged with
'CLIENT_CLOSE_ASAP' in ‘beforeSleep’.
Because of code execution order, before this, we may firstly write to part of the replies to
the socket before disconnecting it, but in fact, we may can’t send the full replies to clients
since OS socket buffer is limited. But this unexpected behavior makes some commands work well,
for instance ACL DELUSER, if the client deletes the current user, we need to send reply to client
and close the connection, but before, we close the client firstly and write the reply to reply
buffer. secondly, we shouldn't do this despite the fact it works well in most cases.
We add a flag 'CLIENT_CLOSE_AFTER_COMMAND' to mark clients, this flag means we will close the
client after executing commands and send all entire replies, so that we can write replies to
reply buffer during executing commands, send replies to clients, and close them later.
We also fix some implicit problems. If client output buffer limit is enforced in 'multi/exec',
all commands will be executed completely in redis and clients will not read any reply instead of
partial replies. Even more, if the client executes 'ACL deluser' the using user in 'multi/exec',
it will not read the replies after 'ACL deluser' just like before executing 'client kill' itself
in 'multi/exec'.
We added some tests for output buffer limit breach during multi-exec and using a pipeline of
many small commands rather than one with big response.
Co-authored-by: Oran Agra <oran@redislabs.com>
2020-09-24 09:01:41 -04:00
|
|
|
$rd1 flush
|
|
|
|
|
after 100
|
|
|
|
|
|
2020-09-27 10:13:33 -04:00
|
|
|
# Create a pipeline of commands that will be processed in one socket read.
|
2021-06-10 08:39:33 -04:00
|
|
|
# It is important to use one write, in TLS mode independent writes seem
|
2020-09-27 10:13:33 -04:00
|
|
|
# to wait for response from the server.
|
2024-03-21 05:56:59 -04:00
|
|
|
# Total size should be less than OS socket buffer, redict can
|
Don't write replies if close the client ASAP (#7202)
Before this commit, we would have continued to add replies to the reply buffer even if client
output buffer limit is reached, so the used memory would keep increasing over the configured limit.
What's more, we shouldn’t write any reply to the client if it is set 'CLIENT_CLOSE_ASAP' flag
because that doesn't conform to its definition and we will close all clients flagged with
'CLIENT_CLOSE_ASAP' in ‘beforeSleep’.
Because of code execution order, before this, we may firstly write to part of the replies to
the socket before disconnecting it, but in fact, we may can’t send the full replies to clients
since OS socket buffer is limited. But this unexpected behavior makes some commands work well,
for instance ACL DELUSER, if the client deletes the current user, we need to send reply to client
and close the connection, but before, we close the client firstly and write the reply to reply
buffer. secondly, we shouldn't do this despite the fact it works well in most cases.
We add a flag 'CLIENT_CLOSE_AFTER_COMMAND' to mark clients, this flag means we will close the
client after executing commands and send all entire replies, so that we can write replies to
reply buffer during executing commands, send replies to clients, and close them later.
We also fix some implicit problems. If client output buffer limit is enforced in 'multi/exec',
all commands will be executed completely in redis and clients will not read any reply instead of
partial replies. Even more, if the client executes 'ACL deluser' the using user in 'multi/exec',
it will not read the replies after 'ACL deluser' just like before executing 'client kill' itself
in 'multi/exec'.
We added some tests for output buffer limit breach during multi-exec and using a pipeline of
many small commands rather than one with big response.
Co-authored-by: Oran Agra <oran@redislabs.com>
2020-09-24 09:01:41 -04:00
|
|
|
# execute all commands in this pipeline when it wakes up.
|
2020-09-27 10:13:33 -04:00
|
|
|
set buf ""
|
Don't write replies if close the client ASAP (#7202)
Before this commit, we would have continued to add replies to the reply buffer even if client
output buffer limit is reached, so the used memory would keep increasing over the configured limit.
What's more, we shouldn’t write any reply to the client if it is set 'CLIENT_CLOSE_ASAP' flag
because that doesn't conform to its definition and we will close all clients flagged with
'CLIENT_CLOSE_ASAP' in ‘beforeSleep’.
Because of code execution order, before this, we may firstly write to part of the replies to
the socket before disconnecting it, but in fact, we may can’t send the full replies to clients
since OS socket buffer is limited. But this unexpected behavior makes some commands work well,
for instance ACL DELUSER, if the client deletes the current user, we need to send reply to client
and close the connection, but before, we close the client firstly and write the reply to reply
buffer. secondly, we shouldn't do this despite the fact it works well in most cases.
We add a flag 'CLIENT_CLOSE_AFTER_COMMAND' to mark clients, this flag means we will close the
client after executing commands and send all entire replies, so that we can write replies to
reply buffer during executing commands, send replies to clients, and close them later.
We also fix some implicit problems. If client output buffer limit is enforced in 'multi/exec',
all commands will be executed completely in redis and clients will not read any reply instead of
partial replies. Even more, if the client executes 'ACL deluser' the using user in 'multi/exec',
it will not read the replies after 'ACL deluser' just like before executing 'client kill' itself
in 'multi/exec'.
We added some tests for output buffer limit breach during multi-exec and using a pipeline of
many small commands rather than one with big response.
Co-authored-by: Oran Agra <oran@redislabs.com>
2020-09-24 09:01:41 -04:00
|
|
|
for {set i 0} {$i < 15} {incr i} {
|
2020-09-27 10:13:33 -04:00
|
|
|
append buf "set $i $i\r\n"
|
|
|
|
|
append buf "get $i\r\n"
|
|
|
|
|
append buf "del $i\r\n"
|
Don't write replies if close the client ASAP (#7202)
Before this commit, we would have continued to add replies to the reply buffer even if client
output buffer limit is reached, so the used memory would keep increasing over the configured limit.
What's more, we shouldn’t write any reply to the client if it is set 'CLIENT_CLOSE_ASAP' flag
because that doesn't conform to its definition and we will close all clients flagged with
'CLIENT_CLOSE_ASAP' in ‘beforeSleep’.
Because of code execution order, before this, we may firstly write to part of the replies to
the socket before disconnecting it, but in fact, we may can’t send the full replies to clients
since OS socket buffer is limited. But this unexpected behavior makes some commands work well,
for instance ACL DELUSER, if the client deletes the current user, we need to send reply to client
and close the connection, but before, we close the client firstly and write the reply to reply
buffer. secondly, we shouldn't do this despite the fact it works well in most cases.
We add a flag 'CLIENT_CLOSE_AFTER_COMMAND' to mark clients, this flag means we will close the
client after executing commands and send all entire replies, so that we can write replies to
reply buffer during executing commands, send replies to clients, and close them later.
We also fix some implicit problems. If client output buffer limit is enforced in 'multi/exec',
all commands will be executed completely in redis and clients will not read any reply instead of
partial replies. Even more, if the client executes 'ACL deluser' the using user in 'multi/exec',
it will not read the replies after 'ACL deluser' just like before executing 'client kill' itself
in 'multi/exec'.
We added some tests for output buffer limit breach during multi-exec and using a pipeline of
many small commands rather than one with big response.
Co-authored-by: Oran Agra <oran@redislabs.com>
2020-09-24 09:01:41 -04:00
|
|
|
# One bigkey is 10k, total response size must be more than 100k
|
2020-09-27 10:13:33 -04:00
|
|
|
append buf "get bigkey\r\n"
|
Don't write replies if close the client ASAP (#7202)
Before this commit, we would have continued to add replies to the reply buffer even if client
output buffer limit is reached, so the used memory would keep increasing over the configured limit.
What's more, we shouldn’t write any reply to the client if it is set 'CLIENT_CLOSE_ASAP' flag
because that doesn't conform to its definition and we will close all clients flagged with
'CLIENT_CLOSE_ASAP' in ‘beforeSleep’.
Because of code execution order, before this, we may firstly write to part of the replies to
the socket before disconnecting it, but in fact, we may can’t send the full replies to clients
since OS socket buffer is limited. But this unexpected behavior makes some commands work well,
for instance ACL DELUSER, if the client deletes the current user, we need to send reply to client
and close the connection, but before, we close the client firstly and write the reply to reply
buffer. secondly, we shouldn't do this despite the fact it works well in most cases.
We add a flag 'CLIENT_CLOSE_AFTER_COMMAND' to mark clients, this flag means we will close the
client after executing commands and send all entire replies, so that we can write replies to
reply buffer during executing commands, send replies to clients, and close them later.
We also fix some implicit problems. If client output buffer limit is enforced in 'multi/exec',
all commands will be executed completely in redis and clients will not read any reply instead of
partial replies. Even more, if the client executes 'ACL deluser' the using user in 'multi/exec',
it will not read the replies after 'ACL deluser' just like before executing 'client kill' itself
in 'multi/exec'.
We added some tests for output buffer limit breach during multi-exec and using a pipeline of
many small commands rather than one with big response.
Co-authored-by: Oran Agra <oran@redislabs.com>
2020-09-24 09:01:41 -04:00
|
|
|
}
|
2020-09-27 10:13:33 -04:00
|
|
|
$rd2 write $buf
|
Don't write replies if close the client ASAP (#7202)
Before this commit, we would have continued to add replies to the reply buffer even if client
output buffer limit is reached, so the used memory would keep increasing over the configured limit.
What's more, we shouldn’t write any reply to the client if it is set 'CLIENT_CLOSE_ASAP' flag
because that doesn't conform to its definition and we will close all clients flagged with
'CLIENT_CLOSE_ASAP' in ‘beforeSleep’.
Because of code execution order, before this, we may firstly write to part of the replies to
the socket before disconnecting it, but in fact, we may can’t send the full replies to clients
since OS socket buffer is limited. But this unexpected behavior makes some commands work well,
for instance ACL DELUSER, if the client deletes the current user, we need to send reply to client
and close the connection, but before, we close the client firstly and write the reply to reply
buffer. secondly, we shouldn't do this despite the fact it works well in most cases.
We add a flag 'CLIENT_CLOSE_AFTER_COMMAND' to mark clients, this flag means we will close the
client after executing commands and send all entire replies, so that we can write replies to
reply buffer during executing commands, send replies to clients, and close them later.
We also fix some implicit problems. If client output buffer limit is enforced in 'multi/exec',
all commands will be executed completely in redis and clients will not read any reply instead of
partial replies. Even more, if the client executes 'ACL deluser' the using user in 'multi/exec',
it will not read the replies after 'ACL deluser' just like before executing 'client kill' itself
in 'multi/exec'.
We added some tests for output buffer limit breach during multi-exec and using a pipeline of
many small commands rather than one with big response.
Co-authored-by: Oran Agra <oran@redislabs.com>
2020-09-24 09:01:41 -04:00
|
|
|
$rd2 flush
|
|
|
|
|
after 100
|
|
|
|
|
|
|
|
|
|
# Reds must wake up if it can send reply
|
|
|
|
|
assert_equal "PONG" [r ping]
|
|
|
|
|
set clients [r client list]
|
|
|
|
|
assert_no_match "*name=multicommands*" $clients
|
2022-07-03 06:34:14 -04:00
|
|
|
assert_equal {} [$rd2 rawread]
|
Don't write replies if close the client ASAP (#7202)
Before this commit, we would have continued to add replies to the reply buffer even if client
output buffer limit is reached, so the used memory would keep increasing over the configured limit.
What's more, we shouldn’t write any reply to the client if it is set 'CLIENT_CLOSE_ASAP' flag
because that doesn't conform to its definition and we will close all clients flagged with
'CLIENT_CLOSE_ASAP' in ‘beforeSleep’.
Because of code execution order, before this, we may firstly write to part of the replies to
the socket before disconnecting it, but in fact, we may can’t send the full replies to clients
since OS socket buffer is limited. But this unexpected behavior makes some commands work well,
for instance ACL DELUSER, if the client deletes the current user, we need to send reply to client
and close the connection, but before, we close the client firstly and write the reply to reply
buffer. secondly, we shouldn't do this despite the fact it works well in most cases.
We add a flag 'CLIENT_CLOSE_AFTER_COMMAND' to mark clients, this flag means we will close the
client after executing commands and send all entire replies, so that we can write replies to
reply buffer during executing commands, send replies to clients, and close them later.
We also fix some implicit problems. If client output buffer limit is enforced in 'multi/exec',
all commands will be executed completely in redis and clients will not read any reply instead of
partial replies. Even more, if the client executes 'ACL deluser' the using user in 'multi/exec',
it will not read the replies after 'ACL deluser' just like before executing 'client kill' itself
in 'multi/exec'.
We added some tests for output buffer limit breach during multi-exec and using a pipeline of
many small commands rather than one with big response.
Co-authored-by: Oran Agra <oran@redislabs.com>
2020-09-24 09:01:41 -04:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
test {Execute transactions completely even if client output buffer limit is enforced} {
|
|
|
|
|
r config set client-output-buffer-limit {normal 100000 0 0}
|
|
|
|
|
# Total size of all items must be more than 100k
|
|
|
|
|
set item [string repeat "x" 1000]
|
|
|
|
|
for {set i 0} {$i < 150} {incr i} {
|
|
|
|
|
r lpush mylist2 $item
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
# Output buffer limit is enforced during executing transaction
|
|
|
|
|
r client setname transactionclient
|
|
|
|
|
r set k1 v1
|
|
|
|
|
r multi
|
|
|
|
|
r set k2 v2
|
|
|
|
|
r get k2
|
|
|
|
|
r lrange mylist2 0 -1
|
|
|
|
|
r set k3 v3
|
|
|
|
|
r del k1
|
|
|
|
|
catch {[r exec]} e
|
|
|
|
|
assert_match "*I/O error*" $e
|
|
|
|
|
reconnect
|
|
|
|
|
set clients [r client list]
|
|
|
|
|
assert_no_match "*name=transactionclient*" $clients
|
|
|
|
|
|
|
|
|
|
# Transactions should be executed completely
|
|
|
|
|
assert_equal {} [r get k1]
|
|
|
|
|
assert_equal "v2" [r get k2]
|
|
|
|
|
assert_equal "v3" [r get k3]
|
|
|
|
|
}
|
Obuf limit, exit during loop in *RAND* commands and KEYS (#11676)
Related to the hang reported in #11671
Currently, redis can disconnect a client due to reaching output buffer limit,
it'll also avoid feeding that output buffer with more data, but it will keep
running the loop in the command (despite the client already being marked for
disconnection)
This PR is an attempt to mitigate the problem, specifically for commands that
are easy to abuse, specifically: KEYS, HRANDFIELD, SRANDMEMBER, ZRANDMEMBER.
The RAND family of commands can take a negative COUNT argument (which is not
bound to the number of elements in the key), so it's enough to create a key
with one field, and then these commands can be used to hang redis.
For KEYS the caller can use the existing keyspace in redis (if big enough).
2023-01-16 06:51:18 -05:00
|
|
|
|
|
|
|
|
test "Obuf limit, HRANDFIELD with huge count stopped mid-run" {
|
|
|
|
|
r config set client-output-buffer-limit {normal 1000000 0 0}
|
|
|
|
|
r hset myhash a b
|
|
|
|
|
catch {r hrandfield myhash -999999999} e
|
|
|
|
|
assert_match "*I/O error*" $e
|
|
|
|
|
reconnect
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
test "Obuf limit, KEYS stopped mid-run" {
|
|
|
|
|
r config set client-output-buffer-limit {normal 100000 0 0}
|
|
|
|
|
populate 1000 "long-key-name-prefix-of-100-chars-------------------------------------------------------------------"
|
|
|
|
|
catch {r keys *} e
|
|
|
|
|
assert_match "*I/O error*" $e
|
|
|
|
|
reconnect
|
|
|
|
|
}
|
2012-01-25 12:11:04 -05:00
|
|
|
}
|
