Merge lp:~vila/bzr/383920-pycurl-hangs into lp:~bzr/bzr/trunk-old

Nasty bug here: pycurl was hanging when connecting in https mode to our test server
due to a missing Content-Length header in the python's BaseHttpServer implementation.

We didn't realize it sooner because it's triggered only when we test pycurl against
our https test server which requires both python2.6 and pycurl, which in turn seems
to be rather unsual.

A big thank you to Pavel, Russel and Martitza for bringing that up !

I think your analysis of the problem is slightly off.

HTTP says (broadly):
- 1.1: connections are persistent unless otherwise noted/prevented
- 1.0: connections are non-persistent unless otherwise requested and not
       prevented
- all messages are delimited
 - by Content-Length or
 - TE or
 - dropping the connection

So, if:
 - we're sending 1.1 as the version
 - we were not sending Content-Length, nor doing TE
 - and not dropping the connection

then the server was fundamentally broken, not that the client was being
overly strict.

Is the diff accurate? it seems to have bundle stuff in it...

-Rob

>>>>> "robert" == Robert Collins <email address hidden> writes:

    robert> I think your analysis of the problem is slightly off.
    robert> HTTP says (broadly):
    robert> - 1.1: connections are persistent unless otherwise noted/prevented
    robert> - 1.0: connections are non-persistent unless otherwise requested and not
    robert> prevented
    robert> - all messages are delimited
    robert> - by Content-Length or
    robert> - TE or
    robert> - dropping the connection

    robert> So, if:
    robert> - we're sending 1.1 as the version
    robert> - we were not sending Content-Length, nor doing TE
    robert> - and not dropping the connection

    robert> then the server was fundamentally broken, not that
    robert> the client was being overly strict.

Right. So the test server was:
- presenting itself as 1.1,
- not sending the Content-Length,
- sending 'Connection: close',
- closing the connection

and the client hanged, so following your arguments, it means the
*client* is broken, right ? Or is there still some grey area
because the server close on error while announcing 1.1 ?

Would you prefer KnownFailures for pycurl+https instead ?

    robert> Is the diff accurate? it seems to have bundle stuff in it...

Yes to both points, the commit messages says... d-a-m-n--i-t,
commit messages don't appear in mails, <suffering/> right, I
should have think about that and explain in the cover letter :-/

A test was added there (long ago, which breaks under the same conditions
than the others, to avoid further regressions there, I refactor
the three existing tests, since there was a bunch of duplication,
that makes some noise.

     Vincent

On Tue, 2009-07-07 at 13:15 +0000, Vincent Ladeuil wrote:

> Right. So the test server was:
> - presenting itself as 1.1,
> - not sending the Content-Length,
> - sending 'Connection: close',
> - closing the connection

This is valid. How were we closing it? shutdown(both), or halfshutdown,
then close, or ...? Perhaps this question doesn't matter, if doing
exactly the same thing but adding the header was enough to stop the
symptoms.

> and the client hanged, so following your arguments, it means the
> *client* is broken, right ? Or is there still some grey area
> because the server close on error while announcing 1.1 ?

Is it using https, or just http? I can imagine that there is some https
teardown stuff that perhaps we aren't doing right.

> Would you prefer KnownFailures for pycurl+https instead ?

I'd prefer to know the real cause. If valid http behaviour makes pycurl
hang, then real servers on the internet will be able to make bzr hang,
and thats bad. As it stands, I feel that landing this is a bit of an
anti-fix, as it is a workaround we can't reasonably ask live internet
servers to make.

-Rob

31 + def send_error(self, code, message=None):
32 + """Send and log an error reply.
33 +
34 + Replace the bogus BaseHTTPServer.py with one that add the
35 + Content-Length header to address strict http clients.
36 + """

Please add a comment pointing to the bug so we know what particular problem this causes.

+ self.send_header("Content-Length", "%d" % len(content))

I'd be a bit concerned about this being wrong if the message happens to be unicode - this will get the length in characters and then it'll be written as bytes. But maybe that never happens.

57 + if self.command != 'HEAD' and code >= 200 and code not in (204, 304):
58 + self.wfile.write(content)

This should possibly handle OPTIONS too, though I doubt we ever send it and it may not even reach this function, so it's academic.

> On Tue, 2009-07-07 at 13:15 +0000, Vincent Ladeuil wrote:
>
> > Right. So the test server was:
> > - presenting itself as 1.1,
> > - not sending the Content-Length,
> > - sending 'Connection: close',
> > - closing the connection
>
> This is valid. How were we closing it? shutdown(both), or halfshutdown,
> then close, or ...? Perhaps this question doesn't matter, if doing
> exactly the same thing but adding the header was enough to stop the
> symptoms.

I can imagine some deadlocks occurring because they're both in the same process - perhaps the socket is relying on gc collect and it's not running before the deadlock occurs.

> > Would you prefer KnownFailures for pycurl+https instead ?
>
> I'd prefer to know the real cause. If valid http behaviour makes pycurl
> hang, then real servers on the internet will be able to make bzr hang,
> and thats bad. As it stands, I feel that landing this is a bit of an
> anti-fix, as it is a workaround we can't reasonably ask live internet
> servers to make.

I don't think we should hold this patch hostage to that. It's making the test server more correct and it's fixing a real problem that the test suite hangs. If we get reports that bzr hangs against real http/1.1 servers, which I don't remember seeing so far, then we can look at how to test that.

ie approve

On Wed, 2009-07-08 at 00:09 +0000, Martin Pool wrote:

> I can imagine some deadlocks occurring because they're both in the
> same process - perhaps the socket is relying on gc collect and it's
> not running before the deadlock occurs.

Thats another possibility yes. Good catch.

> > > Would you prefer KnownFailures for pycurl+https instead ?
> >
> > I'd prefer to know the real cause. If valid http behaviour makes
> pycurl
> > hang, then real servers on the internet will be able to make bzr
> hang,
> > and thats bad. As it stands, I feel that landing this is a bit of an
> > anti-fix, as it is a workaround we can't reasonably ask live
> internet
> > servers to make.
>
> I don't think we should hold this patch hostage to that. It's making
> the test server more correct and it's fixing a real problem that the
> test suite hangs. If we get reports that bzr hangs against real
> http/1.1 servers, which I don't remember seeing so far, then we can
> look at how to test that.

The patch *does not* make the server more correct. It does prevent
hangs, but still, I think we should not stop looking at this till we
know the actual cause. Otherwise we've only half completed the root
cause analysis.

One reason we probably don't see reports of hangs, is that error cases
are relatively rare for bzr - we generally request resources that exist.

-Rob

>>>>> "robert" == Robert Collins <email address hidden> writes:

    robert> On Tue, 2009-07-07 at 13:15 +0000, Vincent Ladeuil wrote:
    >> Right. So the test server was:
    >> - presenting itself as 1.1,
    >> - not sending the Content-Length,
    >> - sending 'Connection: close',
    >> - closing the connection

    robert> This is valid. How were we closing it? shutdown(both),

No

    robert> or halfshutdown,

Not sure what you mean.

    robert> then close, or ...?

Close the read and write parts of the socket. Simple closes.

    robert> Perhaps this question doesn't matter, if doing
    robert> exactly the same thing but adding the header was
    robert> enough to stop the symptoms.

I was about to either:
- look at the C code,
- test against real servers (via my local_test_server) plugins,
- keep thinking...

And then I thought about the send_error method that I didn't
fully trust in the past and thought, well, let's just try
that.. and it worked.

    >> and the client hanged, so following your arguments, it
    >> means the *client* is broken, right ? Or is there still
    >> some grey area because the server close on error while
    >> announcing 1.1 ?

    robert> Is it using https, or just http?

https *only*, http is fine...

    robert> I can imagine that there is some https teardown stuff
    robert> that perhaps we aren't doing right.

Whatever we do, a network connection loss will not, the client is
not supposed to hang either in that case no ?

    >> Would you prefer KnownFailures for pycurl+https instead ?

    robert> I'd prefer to know the real cause.

Cost/benefit analysis stopped me there, whatever the bug is, it
came from a change in either python or pycurl as I can guarantee
that at one point I had a python2.6/https/pycurl combo passing
the full test suite. It's a pity I didn't take note of the
precise versions involved.

    robert> If valid http behaviour makes pycurl hang, then real
    robert> servers on the internet will be able to make bzr
    robert> hang, and thats bad.

I totally share that view.

    robert> As it stands, I feel that landing this is a bit of an
    robert> anti-fix, as it is a workaround we can't reasonably
    robert> ask live internet servers to make.

Iff there are servers in the wild acting as described above (1.1,
close on error without Content-Length)...

My plan for that is to keep adding real servers to the
local_test_server plugin.

Overall, I think my time is better spent that way than fixing
bugs in pycurl instead of working on certificate validation for
urllib...

        Vincent