{"id":109685,"date":"2024-04-18T07:00:00","date_gmt":"2024-04-18T14:00:00","guid":{"rendered":"https:\/\/devblogs.microsoft.com\/oldnewthing\/?p=109685"},"modified":"2024-04-18T07:32:36","modified_gmt":"2024-04-18T14:32:36","slug":"20240418-00","status":"publish","type":"post","link":"https:\/\/devblogs.microsoft.com\/oldnewthing\/20240418-00\/?p=109685","title":{"rendered":"Adding state to the update notification pattern, part 2"},"content":{"rendered":"

Last time, we started looking at solving the problem of a stateful but coalescing update notification<\/a>, where multiple requests for work can arrive, and your only requirement is that you send a notification for the last one. Any time a new request for work arrives, it replaces the existing one.<\/p>\n

One attempt to fix this is to check if the work is already in progress, and if so, then hand off the new query to the existing worker. We are using winrt::fire_and_forget<\/code>, which fails fast on any unhandled exception. This saves us from having to worry about recovering from exceptions. (At least for now.)<\/p>\n

class EditControl\r\n{\r\n    \u27e6 ... existing class members ... \u27e7\r\n\r\n    std::mutex m_workMutex;             <\/span>\r\n    std::mutex m_textMutex;             <\/span>\r\n    std::optional<string> m_pendingText;<\/span>\r\n};\r\n\r\nwinrt::fire_and_forget\r\nEditControl::TextChanged(std::string text)\r\n{\r\n    auto lifetime = get_strong();\r\n\r\n    auto workLock = std::unique_lock(m_workMutex, std::try_to_lock);<\/span>\r\n    if (!workLock) {                                                <\/span>\r\n        auto textLock = std::unique_lock(m_textMutex);              <\/span>\r\n        m_pendingText = std::move(text);                            <\/span>\r\n        co_return;                                                  <\/span>\r\n    }                                                               <\/span>\r\n    \u00a0                                                               <\/span>\r\n    while (true) {                                                  <\/span>\r\n        co_await winrt::resume_background();\r\n\r\n        std::vector<std::string> matches;\r\n        for (auto&& candidate : FindCandidates(text)) {\r\n            if (candidate.Verify()) {\r\n                matches.push_back(candidate.Text());\r\n            }\r\n        }\r\n\r\n        co_await winrt::resume_foreground(Dispatcher());\r\n\r\n        SetAutocomplete(matches);\r\n\r\n        auto text = std::unique_lock(m_textMutex);<\/span>\r\n        if (!m_pendingText) {                     <\/span>\r\n            co_return;                            <\/span>\r\n        }                                         <\/span>\r\n        text = std::move(*m_pendingText);         <\/span>\r\n        m_pendingText.reset();                    <\/span>\r\n    }                                             <\/span>\r\n}\r\n<\/pre>\n
But before even thinking about whether this addresses the race condition, we have to call out that this code isn’t even legal.<\/p>\n
The bad thing is that try_lock<\/code> is  allowed to fail spuriously<\/a> and return false<\/code> even if the mutex is not locked. This means that it’s possible that the workLock<\/code> will report that it does not own the lock, even though the lock is available, and you will have a m_pendingText<\/code> sitting around waiting futilely for some work to process it.<\/p>\n
The worse thing is that calling try_lock<\/code> from a thread that already holds the mutex  results in undefined behavior<\/a>. If two text changes occur in rapid succession on the UI thread, the second one will try to lock the m_workMutex<\/code> from the same thread that already locked it, and you have now broken the rules and anything could happen.<\/p>\n
Even worse than the worse case is the possibility that the mutex is released from the wrong thread. This code switches back to the UI thread before allowing the unique_lock<\/code> to destruct, so you think you’re safe, but you’re not because an exception while building the matches will result in the lock being destructed from a background thread. This happens before the promise’s unhandled_exception<\/code> is called, so you’ve corrupted the system before your fire_and_forget<\/code> can fail fast.<\/p>\n
The m_workMutex<\/code> is really a red herring. It doesn’t need to be a mutex. The code uses it merely as a flag. So let’s switch to a flag and avoid all the undefined behavior.<\/p>\n
Also, the m_textMutex<\/code> is unnecessary since the m_pendingText<\/code> is always accessed from the UI thread, so there is no concurrency. We can get rid of that too.<\/p>\n
We’re now left with this:<\/p>\n
class EditControl\r\n{\r\n    \u27e6 ... existing class members ... \u27e7\r\n\r\n    bool m_busy = false;<\/span>\r\n    \/\/ std::mutex m_textMutex;<\/span> \/\/ no longer needed<\/span>\r\n    std::optional<string> m_pendingText;\r\n};\r\n\r\nwinrt::fire_and_forget\r\nEditControl::TextChanged(std::string text)\r\n{\r\n    auto lifetime = get_strong();\r\n\r\n    if (std::exchange(m_busy, true)) {<\/span>\r\n        m_pendingText = text;         <\/span>\r\n        co_return;                    <\/span>\r\n    }                                 <\/span>\r\n    \u00a0                                 <\/span>\r\n    while (true) {                    <\/span>\r\n        co_await winrt::resume_background();\r\n\r\n        std::vector<std::string> matches;\r\n        for (auto&& candidate : FindCandidates(text)) {\r\n            if (candidate.Verify()) {\r\n                matches.push_back(candidate.Text());\r\n            }\r\n        }\r\n\r\n        co_await winrt::resume_foreground(Dispatcher());\r\n\r\n        SetAutocomplete(matches);\r\n\r\n        if (!m_pendingText) {              <\/span>\r\n            m_busy = false;                <\/span>\r\n            co_return;                     <\/span>\r\n        }                                  <\/span>\r\n        text = std::move(*m_pendingText);  <\/span>\r\n        m_pendingText.reset();             <\/span>\r\n    }                                      <\/span>\r\n}\r\n<\/pre>\n
We can simplify the code by simply treating every case as the pending case.<\/p>\n
winrt::fire_and_forget\r\nEditControl::TextChanged(std::string text)\r\n{\r\n    auto lifetime = get_strong();\r\n\r\n    m_pendingText = std::move(text);     <\/span>\r\n    if (std::exchange(m_busy, true)) {   <\/span>\r\n        co_return;                       <\/span>\r\n    }                                    <\/span>\r\n    \u00a0                                    <\/span>\r\n    while (m_pendingText) {              <\/span>\r\n        text = std::move(*m_pendingText);<\/span>\r\n        m_pendingText.reset();           <\/span>\r\n\r\n        co_await winrt::resume_background();\r\n\r\n        std::vector<std::string> matches;\r\n        for (auto&& candidate : FindCandidates(text)) {\r\n            if (candidate.Verify()) {\r\n                matches.push_back(candidate.Text());\r\n            }\r\n        }\r\n\r\n        co_await winrt::resume_foreground(Dispatcher());\r\n\r\n        SetAutocomplete(matches);\r\n\r\n    }\r\n    m_busy = false;<\/span>\r\n}\r\n<\/pre>\n
The UI thread is doing a lot of heavy lifting here because it implicitly locks the combined accesses to m_busy<\/code> and m_pendingText<\/code>.<\/p>\n
Next time, we’ll try to reduce the amount of unnecessary work.<\/p>\n","protected":false},"excerpt":{"rendered":"
First attempt to try to fix the race condition.<\/p>\n","protected":false},"author":1069,"featured_media":111744,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"footnotes":""},"categories":[1],"tags":[25],"class_list":["post-109685","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-oldnewthing","tag-code"],"acf":[],"blog_post_summary":"
First attempt to try to fix the race condition.<\/p>\n","_links":{"self":[{"href":"https:\/\/devblogs.microsoft.com\/oldnewthing\/wp-json\/wp\/v2\/posts\/109685","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/devblogs.microsoft.com\/oldnewthing\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/devblogs.microsoft.com\/oldnewthing\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/devblogs.microsoft.com\/oldnewthing\/wp-json\/wp\/v2\/users\/1069"}],"replies":[{"embeddable":true,"href":"https:\/\/devblogs.microsoft.com\/oldnewthing\/wp-json\/wp\/v2\/comments?post=109685"}],"version-history":[{"count":0,"href":"https:\/\/devblogs.microsoft.com\/oldnewthing\/wp-json\/wp\/v2\/posts\/109685\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/devblogs.microsoft.com\/oldnewthing\/wp-json\/wp\/v2\/media\/111744"}],"wp:attachment":[{"href":"https:\/\/devblogs.microsoft.com\/oldnewthing\/wp-json\/wp\/v2\/media?parent=109685"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/devblogs.microsoft.com\/oldnewthing\/wp-json\/wp\/v2\/categories?post=109685"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/devblogs.microsoft.com\/oldnewthing\/wp-json\/wp\/v2\/tags?post=109685"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}
This code carries a lock across a suspension point, which we saw  is not a good idea<\/a>. In this case, we use try_<\/code> mode to acquire the mutex, and the rules for try_lock<\/code> say two things, one bad, and the other worse.<\/p>\n