running-process 4.5.5

Subprocess and PTY runtime for the running-process project
Documentation 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164

//! Capacity-bounded pending handoff backlog.
//!
//! The real platform transports may need to park accepted client handles while
//! a backend handoff socket or acknowledgement catches up. This model keeps
//! that backlog finite and maps overload into the existing reconnect fallback.

use std::collections::VecDeque;
use std::time::{Duration, Instant};

use super::{HandoffAttemptDecision, HandoffFallbackDecision, HandoffFallbackReason};

/// Default number of pending handoffs retained by one broker process.
pub const DEFAULT_MAX_PENDING_HANDOFFS: usize = 64;

/// Default maximum age for a pending handoff before it is expired.
pub const DEFAULT_PENDING_HANDOFF_TTL: Duration = Duration::from_millis(100);

/// Runtime bounds for the pending handoff backlog.
#[derive(Clone, Copy, Debug, PartialEq, Eq)]
pub struct PendingHandoffQueueConfig {
    /// Maximum handoff attempts allowed to wait for backend handoff progress.
    pub max_pending_handoffs: usize,
    /// Maximum age of an unprocessed pending handoff.
    pub pending_ttl: Duration,
}

impl PendingHandoffQueueConfig {
    /// Build a config, clamping zero values to safe non-zero defaults.
    pub fn new(max_pending_handoffs: usize, pending_ttl: Duration) -> Self {
        Self {
            max_pending_handoffs: max_pending_handoffs.max(1),
            pending_ttl: if pending_ttl.is_zero() {
                Duration::from_millis(1)
            } else {
                pending_ttl
            },
        }
    }
}

impl Default for PendingHandoffQueueConfig {
    fn default() -> Self {
        Self {
            max_pending_handoffs: DEFAULT_MAX_PENDING_HANDOFFS,
            pending_ttl: DEFAULT_PENDING_HANDOFF_TTL,
        }
    }
}

/// FIFO queue for pending handoffs that cannot grow past its configured bound.
#[derive(Debug)]
pub struct PendingHandoffQueue<T> {
    config: PendingHandoffQueueConfig,
    queue: VecDeque<PendingHandoffEntry<T>>,
}

impl<T> PendingHandoffQueue<T> {
    /// Create an empty queue with default bounds.
    pub fn new() -> Self {
        Self::with_config(PendingHandoffQueueConfig::default())
    }

    /// Create an empty queue with explicit bounds.
    pub fn with_config(config: PendingHandoffQueueConfig) -> Self {
        Self {
            config,
            queue: VecDeque::with_capacity(config.max_pending_handoffs),
        }
    }

    /// Return the active queue bounds.
    pub fn config(&self) -> PendingHandoffQueueConfig {
        self.config
    }

    /// Return the number of currently pending, non-pruned handoffs.
    pub fn pending_len(&self) -> usize {
        self.queue.len()
    }

    /// Return true when no handoffs are pending.
    pub fn is_empty(&self) -> bool {
        self.queue.is_empty()
    }

    /// Enqueue one handoff in FIFO order.
    ///
    /// Expired entries are pruned first. If the backlog is still full, the
    /// caller must use the returned overflow decision to fall back to reconnect.
    pub fn enqueue(&mut self, handoff: T, now: Instant) -> Result<(), PendingHandoffOverflow> {
        self.expire(now);
        if self.queue.len() >= self.config.max_pending_handoffs {
            return Err(PendingHandoffOverflow {
                max_pending_handoffs: self.config.max_pending_handoffs,
            });
        }

        self.queue.push_back(PendingHandoffEntry {
            handoff,
            expires_at: expires_at(now, self.config.pending_ttl),
        });
        Ok(())
    }

    /// Dequeue the oldest non-expired handoff.
    pub fn dequeue(&mut self, now: Instant) -> Option<T> {
        self.expire(now);
        self.queue.pop_front().map(|entry| entry.handoff)
    }

    /// Drop all expired pending handoffs and return the number removed.
    pub fn expire(&mut self, now: Instant) -> usize {
        let before = self.queue.len();
        self.queue.retain(|entry| now < entry.expires_at);
        before - self.queue.len()
    }
}

impl<T> Default for PendingHandoffQueue<T> {
    fn default() -> Self {
        Self::new()
    }
}

/// Overflow raised when the pending handoff queue reaches its configured cap.
#[derive(Clone, Debug, PartialEq, Eq, thiserror::Error)]
#[error("pending handoff queue full ({max_pending_handoffs})")]
pub struct PendingHandoffOverflow {
    /// Maximum pending handoffs allowed before reconnect fallback is required.
    pub max_pending_handoffs: usize,
}

impl PendingHandoffOverflow {
    /// Return the existing fallback reason used for handoff pressure.
    pub fn fallback_reason(&self) -> HandoffFallbackReason {
        HandoffFallbackReason::FdPressureDisabled
    }

    /// Return the silent reconnect fallback for this overload condition.
    pub fn fallback_decision(&self) -> HandoffFallbackDecision {
        HandoffFallbackDecision::new(self.fallback_reason())
    }

    /// Return the full attempt decision for callers that operate on broker decisions.
    pub fn fallback_attempt_decision(&self) -> HandoffAttemptDecision {
        HandoffAttemptDecision::FallbackToReconnect(self.fallback_decision())
    }

    /// Return true when overflow is safe to hide behind reconnect fallback.
    pub fn is_fallback_safe(&self) -> bool {
        let fallback = self.fallback_decision();
        fallback.uses_backend_reconnect() && !fallback.sends_client_error()
    }
}

#[derive(Debug)]
struct PendingHandoffEntry<T> {
    handoff: T,
    expires_at: Instant,
}

fn expires_at(now: Instant, ttl: Duration) -> Instant {
    now.checked_add(ttl).unwrap_or(now)
}