Initial broker design and implementation#880
Merged
Merged
Conversation
wdcui
added
discussion
wdcui
force-pushed
the
wdcui/ulitebox/broker-design
branch
2 times, most recently
from
8d6f5d2 to
bc2c10e
Compare
wdcui
force-pushed
the
wdcui/ulitebox/broker-design
branch
from
c889ab4 to
56fe76c
Compare
wdcui
removed
discussion
Member
There was a problem hiding this comment.
Bunch of comments all throughout the place about lower-level details. As discussed IRL, the plan is to merge this almost as-is (modulo removing the docs/ dir); a lot of the other comments are mostly to be read right now, but not really change the PR; future PRs will be doing the necessary cleanup. As a 1st order approximation, this current PR is directionally correct, but the agents have left a bunch of code smells that we do need to clean up to keep the project healthy; that's what most of the suggestions are focusing on.
On major bit (other than the docs/) that we should try to remove from this PR before merging, if possible, is the readv/writev changes that are mostly irrelevant to this PR at least as I understand it.
If one of my comments mentions just adding a tiny TODO or such trivially tweaked thing, might be good to just resolve that up front rn; but anything more significant than that probably should go into its own PR.
I'm making a tracking issue for the changes needed btw (#911)
Comment on lines
+22
to
+35
| pub use channel::{ | ||
| HostControlChannel, LocalControlChannel, PeerCredential, ReceivedBrokerRequest, | ||
| ReceivedBrokerResponse, | ||
| }; | ||
| pub use error::ErrorCode; | ||
| pub use event::{ | ||
| AddEventRequest, AddEventResponse, ConsumeEventRequest, ConsumeEventResponse, | ||
| CreateEventRequest, CreateEventResponse, EventConsumeMode, EventConsumption, ReadinessState, | ||
| WaitEventRequest, WaitEventResponse, WaitOutcome, | ||
| }; | ||
| pub use message::{ | ||
| BrokerRequest, BrokerResponse, CoreRequest, CoreResponse, EventRequest, EventResponse, | ||
| }; | ||
| pub use object::{ObjectHandle, ObjectReferenceGeneration, ObjectReferenceId}; |
Member
There was a problem hiding this comment.
A large number of pub use make it difficult to follow things along, basically a bunch of modularity gets lost if everything is re-exposed publicly
Comment on lines
+10
to
+47
| /// Broker request sent over the control channel. | ||
| /// | ||
| /// The outer broker request is intentionally small. Object-family and | ||
| /// domain-specific operations are grouped below it so new object families do not | ||
| /// accumulate as unrelated top-level broker variants. | ||
| #[derive(Clone, Debug, PartialEq, Eq)] | ||
| #[non_exhaustive] | ||
| pub enum BrokerRequest { | ||
| /// Protocol negotiation request. | ||
| Negotiate { | ||
| /// Required protocol version. | ||
| protocol_version: ProtocolVersion, | ||
| }, | ||
| /// BrokerCore authority request. | ||
| Core(CoreRequest), | ||
| } | ||
|
|
||
| /// Request adapted by the broker host into a BrokerCore domain call. | ||
| #[derive(Clone, Debug, PartialEq, Eq)] | ||
| #[non_exhaustive] | ||
| pub enum CoreRequest { | ||
| /// Event object request family. | ||
| Event(EventRequest), | ||
| } | ||
|
|
||
| /// Broker-owned event object request. | ||
| #[derive(Clone, Debug, PartialEq, Eq)] | ||
| #[non_exhaustive] | ||
| pub enum EventRequest { | ||
| /// Create a broker-owned event object. | ||
| Create(CreateEventRequest), | ||
| /// Check whether an event wait would complete now. | ||
| Wait(WaitEventRequest), | ||
| /// Add readiness credits to an event. | ||
| Add(AddEventRequest), | ||
| /// Consume readiness credits from an event. | ||
| Consume(ConsumeEventRequest), | ||
| } |
Member
There was a problem hiding this comment.
I'm not immediately seeing the benefits of this 3 layer indirection
Comment on lines
+5
to
+8
| use crate::{ | ||
| AddEventRequest, AddEventResponse, ConsumeEventRequest, ConsumeEventResponse, | ||
| CreateEventRequest, CreateEventResponse, ErrorCode, WaitEventRequest, WaitEventResponse, | ||
| }; |
Member
There was a problem hiding this comment.
this is the sort of stuff that becomes unreadable / unfollowable when the crate top becomes pub use everything
agents really prefer making everything pub and everything just into a big top level thing, we need to steer them away from that :)
Comment on lines
+484
to
+486
| // Broker control-channel I/O runs through a host Unix socket in the | ||
| // current POC. The transport refreshes read/write timeouts around | ||
| // each request. |
Member
There was a problem hiding this comment.
This seems like an unnecessary weakening of our seccomp filters. I'm not quite sure why read/write timeouts are needed if the broker is healthy
26 tasks
wdcui
force-pushed
the
wdcui/ulitebox/broker-design
branch
2 times, most recently
from
154dda9 to
0f9601c
Compare
Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
Introduce modular broker protocol, transport, wire codec, client, core, server, and Unix socket implementation for the initial broker-owned event object path. Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
Track effective protocol negotiation in client and server state, expose version mismatch responses for downgrade retries, and make public broker interface enums forward-compatible. Map future core outcomes to an Internal protocol error and keep wire tag details contained in the wire layer. Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
Expose broker handles as reference capabilities containing only reference ID and reference generation. Keep object IDs internal to BrokerCore and remove ObjectGeneration from the protocol, wire codec, and server adapters. Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
Exclude litebox_broker_unix_socket from the confirm_no_std sweep because it is the concrete hosted Unix-domain-socket transport and broker executable for the split-broker POC. Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
Rename the broker transport boundary to a channel boundary and tighten the protocol/channel naming so future IPC implementations can share the same semantic broker contract. Document the protocol, channel, wire, and core separation, including the future notification lane and kernel broker relationship. Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
Keep server, core, and Unix socket tests focused on distinct interface and security behavior while removing redundant private implementation coverage. Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
Separate the Unix socket channel adapter from the hosted userland broker deployment, replace the redundant broker connection wrapper with associations, and align broker interface naming. Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
Restore shim-local nonblocking eventfd behavior when no broker control channel is configured, while still using broker-backed counters when available. Update the ratchet and missing test C-file copyright header. Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
Remove redundant timeout and deadline transport tests while keeping framing coverage and a single wall-clock partial-frame timeout case. Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
Simplify the userland broker entry point, move core-request envelope handling into broker-local/LiteBox layers, and keep the Linux runner focused on endpoint setup. Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
Cover poll readiness transitions and nonblocking counter saturation in the broker-backed eventfd runner fixture. Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
Count event requests observed by the test broker so the broker-backed eventfd integration test proves eventfd operations used the broker. Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
Enable broker-backed event counters to support blocking waits so eventfd status flags can clear nonblocking mode. Special-case pipe and socket readv to perform one backend read, and coalesce small pipe writev calls to preserve PIPE_BUF atomicity. Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
Keep the spawned eventfd writer handle and join it after epoll_wait so Windows test processes do not remain alive after the test body reports success. Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
The docs now live on wdcui/ulitebox/broker-design-docs. Drop them from the implementation branch so the PR contains only code changes. Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
Keep eventfd-specific readv/writev handling while routing pipes and sockets through the existing generic fallback paths. Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
Use plain read/write in the eventfd fixture and remove eventfd-specific readv/writev shim handling that is not needed for the broker POC. Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
wdcui
force-pushed
the
wdcui/ulitebox/broker-design
branch
from
0f9601c to
e1d7407
Compare
|
🤖 SemverChecks 🤖 Click for details |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
This PR implements the broker based on a new design and adds the end-to-end implementation for the broker to provide the support for non-blocking evenfd.