Skip to content

http: Make server shutdown more robust #31929

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
wants to merge 4 commits into
base: master
Choose a base branch
from
Open

http: Make server shutdown more robust #31929

wants to merge 4 commits into from
+46 −21

Conversation

hodlinator
Copy link
Contributor

  • Instead of hanging indefinitely, use timeouts and abort when HTTP connections take unreasonably long to close.
  • Add request id with logging to be able to discover which one is stuck.
  • Ensure we always free libevent HTTP.
  • Improve documentation around libevent behavior.

Should help debug #31894.

@hodlinator
doc http: Improve documentation around (libevent) HTTP shutdown behavior
1350087
@hodlinator
http: Ensure eventHTTP is always freed
757de96 
There is a race between ThreadHTTP exiting and our queuing of the freeing-event (event_base_once).

Additional free was useful in 709 of 962 runs.
@hodlinator
http: Abort with clear error instead of hanging forever
a00dfd2 
Could happen when connection doesn't complete for some reason.

Output early warning to give clue about what's up.

Prior check+log message before even starting to wait was a bit too eager to hint at something being wrong.
@DrahtBot
Copy link
Contributor

DrahtBot commented Feb 21, 2025
edited
Loading

The following sections might be updated with supplementary metadata relevant to reviewers and maintainers.

Code Coverage & Benchmarks

For details see: https://corecheck.dev/bitcoin/bitcoin/pulls/31929.

Reviews

See the guideline for information on the review process.
A summary of reviews will appear here.

Conflicts

No conflicts as of last run.

@fanquake
Copy link
Member 

Assertion failed: (evb), function WriteReply, file httpserver.cpp, line 682.
Error processing input "/Users/runner/work/bitcoin/bitcoin/ci/scratch/qa-assets/fuzz_corpora/http_request/83149a7e3abd937c7bc67fa55b9a4fc9338e3d8c"

⚠️ Failure generated from target with exit code 1: ['/Users/runner/work/bitcoin/bitcoin/ci/scratch/build-aarch64-apple-darwin23.6.0/src/test/fuzz/fuzz', PosixPath('/Users/runner/work/bitcoin/bitcoin/ci/scratch/qa-assets/fuzz_corpora/http_request')]

@DrahtBot
Copy link
Contributor

🚧 At least one of the CI tasks failed.
Debug: https://github.com/bitcoin/bitcoin/runs/37612857743

Hints

Try to run the tests locally, according to the documentation. However, a CI failure may still
happen due to a number of reasons, for example:

  • Possibly due to a silent merge conflict (the changes in this pull request being
    incompatible with the current code in the target branch). If so, make sure to rebase on the latest
    commit of the target branch.

  • A sanitizer issue, which can only be found by compiling with the sanitizer and running the
    affected test.

  • An intermittent issue.

Leave a comment here, if you need help tracking down a confusing failure.

@hodlinator
http: Add logged request ids
24558c2 
Could aid debugging when an HTTP request gets stuck at shutdown.
@hodlinator hodlinator force-pushed the 2025/02/stop_http_robust branch from ef290c0 to 24558c2 Compare February 21, 2025 23:32
hodlinator
hodlinator commented Feb 22, 2025
View reviewed changes
Copy link
Contributor Author

@hodlinator hodlinator left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The fuzz-failure was me underestimating a default-initialized argument. Fixed in 2nd push.

src/httpserver.cpp
Comment on lines +557 to +559
// Schedule a callback to call evhttp_free in the event base thread, as
// otherwise eventHTTP often keeps internal events alive, meaning
// aforementioned thread would never run out of events and exit.
Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

To verify the improved accuracy of the documentation here one can apply:

diff --git a/src/httpserver.cpp b/src/httpserver.cpp
index 52fa8463d2..a3efaa2579 100644
--- a/src/httpserver.cpp
+++ b/src/httpserver.cpp
@@ -557,6 +557,10 @@ void StopHTTPServer()
         // Schedule a callback to call evhttp_free in the event base thread, as
         // otherwise eventHTTP often keeps internal events alive, meaning
         // aforementioned thread would never run out of events and exit.
+        while (true) {
+            event_base_dump_events(eventBase, stderr);
+            std::this_thread::sleep_for(5s);
+        }
         if (event_base_once(eventBase, -1, EV_TIMEOUT, [](evutil_socket_t, short, void*) {
             evhttp_free(eventHTTP);
             eventHTTP = nullptr;

Run bitcoind, and then send the stop-RPC from bitcoin-cli. It gave me the following log:

2025-02-22T15:18:19Z [http] Stopping HTTP server
2025-02-22T15:18:19Z [http] Waiting for HTTP worker threads to exit
Inserted events:
2025-02-22T15:18:19Z [http] Exited http event loop
  0x555556947a50 [fd  11] Read Persist Internal
Active events:
2025-02-22T15:18:19Z net thread exit
2025-02-22T15:18:20Z msghand thread exit
Inserted events:
  0x555556947a50 [fd  11] Read Persist Internal
Active events:
Inserted events:
  0x555556947a50 [fd  11] Read Persist Internal
Active events:
Inserted events:
  0x555556947a50 [fd  11] Read Persist Internal
Active events:
<repeated until killing the process>

@hodlinator hodlinator mentioned this pull request Feb 24, 2025
Open
@DrahtBot DrahtBot mentioned this pull request Mar 14, 2025
Open
@laanwj
Copy link
Member

laanwj commented Mar 18, 2025
edited
Loading

From what i remember this was extrememly hard to get right with libevent (or at least our use of it), without leaking anything or running into race conditions. There have been a few tries to fix the behavior over the years, but they all were different compromises, adding ever more compexity, and often introducing new problems.

As it seems to be where things are heading anyway (#32061) maybe it's better to focus on replacing libevent and its webserver framework wholesale.

@hodlinator
Copy link
Contributor Author

hodlinator commented Mar 18, 2025
edited
Loading

Thank you for providing your perspective @laanwj!

In working on this PR, I've also gained an appreciation for getting rid of libevent. However, I'm not sure when that will happen, maybe not until post-30.0. In the meantime we are seeing issues on CI such as #31894 (analysis).

What this PR is doing is adding our own request ids to track which HTTP request never finishes. When we have stuck HTTP requests, it also makes us abort the process with a clear error after 10min30s instead of waiting for the test framework to time out after 40min. On top of that it also fixes an intermittent leak, right after we've joined on the thread that is the only one to sometimes perform deletion.

Have come across #26742 and #19420 while working on this, so have seen some of the struggle.

Don't have an overall grasp on how frequent issues like 31894 are on CI (or in the wild), it's fair that that frequency should influence the priority of this compared to other work.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
RPC/REST/ZMQ
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
4 participants
@hodlinator @DrahtBot @fanquake @laanwj