rate-limit: Replace readers-writer lock with atomic Map

Signed-off-by: Christian Pardillo Laursen <[email protected]>

Author: cplaursen

ocaml/libs/rate-limit/bucket_table.ml

@@ -23,37 +23,13 @@ type rate_limit_data = {
 }
 [@@warning "-69"]
 
-type t = {
-    table: (string, rate_limit_data) Hashtbl.t
-  ; mutable readers: int
-  ; readers_lock: Mutex.t (* protects readers count *)
-  ; table_lock: Mutex.t
-        (* held collectively by readers, exclusively by writers *)
-}
-
-let with_lock = Xapi_stdext_threads.Threadext.Mutex.execute
+module StringMap = Map.Make (String)
 
-let with_read_lock t f =
-  with_lock t.readers_lock (fun () ->
-      t.readers <- t.readers + 1 ;
-      if t.readers = 1 then Mutex.lock t.table_lock
-  ) ;
-  Fun.protect f ~finally:(fun () ->
-      with_lock t.readers_lock (fun () ->
-          t.readers <- t.readers - 1 ;
-          if t.readers = 0 then Mutex.unlock t.table_lock
-      )
-  )
+type t = rate_limit_data StringMap.t Atomic.t
 
-let with_write_lock t f = with_lock t.table_lock f
+let with_lock = Xapi_stdext_threads.Threadext.Mutex.execute
 
-let create () =
-  {
-    table= Hashtbl.create 10
-  ; readers= 0
-  ; readers_lock= Mutex.create ()
-  ; table_lock= Mutex.create ()
-  }
+let create () = Atomic.make StringMap.empty
 
 (* The worker thread is responsible for calling the callback when the token
    amount becomes available *)
@@ -81,73 +57,70 @@ let rec worker_loop ~bucket ~process_queue ~process_queue_lock
 (* TODO: Indicate failure reason - did we get invalid config or try to add an
    already present user_agent? *)
 let add_bucket t ~user_agent ~burst_size ~fill_rate =
-  with_write_lock t (fun () ->
-      if Hashtbl.mem t.table user_agent then
+  let map = Atomic.get t in
+  if StringMap.mem user_agent map then
+    false
+  else
+    match Token_bucket.create ~burst_size ~fill_rate with
+    | Some bucket ->
+        let process_queue = Queue.create () in
+        let process_queue_lock = Mutex.create () in
+        let worker_thread_cond = Condition.create () in
+        let should_terminate = ref false in
+        let worker_thread =
+          Thread.create
+            (fun () ->
+              worker_loop ~bucket ~process_queue ~process_queue_lock
+                ~worker_thread_cond ~should_terminate
+            )
+            ()
+        in
+        let data =
+          {
+            bucket
+          ; process_queue
+          ; process_queue_lock
+          ; worker_thread_cond
+          ; should_terminate
+          ; worker_thread
+          }
+        in
+        let updated_map = StringMap.add user_agent data map in
+        Atomic.set t updated_map ; true
+    | None ->
         false
-      else
-        match Token_bucket.create ~burst_size ~fill_rate with
-        | Some bucket ->
-            let process_queue = Queue.create () in
-            let process_queue_lock = Mutex.create () in
-            let worker_thread_cond = Condition.create () in
-            let should_terminate = ref false in
-            let worker_thread =
-              Thread.create
-                (fun () ->
-                  worker_loop ~bucket ~process_queue ~process_queue_lock
-                    ~worker_thread_cond ~should_terminate
-                )
-                ()
-            in
-            let data =
-              {
-                bucket
-              ; process_queue
-              ; process_queue_lock
-              ; worker_thread_cond
-              ; should_terminate
-              ; worker_thread
-              }
-            in
-            Hashtbl.add t.table user_agent data ;
-            true
-        | None ->
-            false
-  )
 
 let delete_bucket t ~user_agent =
-  with_write_lock t (fun () ->
-      match Hashtbl.find_opt t.table user_agent with
-      | None ->
-          ()
-      | Some data ->
-          Mutex.lock data.process_queue_lock ;
-          data.should_terminate := true ;
-          Condition.signal data.worker_thread_cond ;
-          Mutex.unlock data.process_queue_lock ;
-          Hashtbl.remove t.table user_agent
-  )
+  let map = Atomic.get t in
+  match StringMap.find_opt user_agent map with
+  | None ->
+      ()
+  | Some data ->
+      Mutex.lock data.process_queue_lock ;
+      data.should_terminate := true ;
+      Condition.signal data.worker_thread_cond ;
+      Mutex.unlock data.process_queue_lock ;
+      Atomic.set t (StringMap.remove user_agent map)
 
 let try_consume t ~user_agent amount =
-  with_read_lock t (fun () ->
-      match Hashtbl.find_opt t.table user_agent with
-      | None ->
-          false
-      | Some data ->
-          Token_bucket.consume data.bucket amount
-  )
+  let map = Atomic.get t in
+  match StringMap.find_opt user_agent map with
+  | None ->
+      false
+  | Some data ->
+      Token_bucket.consume data.bucket amount
 
 let peek t ~user_agent =
-  with_read_lock t (fun () ->
-      Option.map
-        (fun contents -> Token_bucket.peek contents.bucket)
-        (Hashtbl.find_opt t.table user_agent)
-  )
+  let map = Atomic.get t in
+  Option.map
+    (fun contents -> Token_bucket.peek contents.bucket)
+    (StringMap.find_opt user_agent map)
 
 (* The callback should return quickly - if it is a longer task it is
    responsible for creating a thread to do the task *)
 let submit t ~user_agent ~callback amount =
-  match with_read_lock t (fun () -> Hashtbl.find_opt t.table user_agent) with
+  let map = Atomic.get t in
+  match StringMap.find_opt user_agent map with
   | None ->
       callback ()
   | Some {bucket; process_queue; process_queue_lock; worker_thread_cond; _} ->

ocaml/libs/rate-limit/test/test_bucket_table.ml

@@ -198,64 +198,6 @@ let test_submit_sync () =
   Alcotest.(check bool)
     "blocked waiting for tokens" true (elapsed_seconds >= 0.4)
 
-let test_add_same_key_race () =
-  (* Test the check-then-act race in add_bucket.
-     add_bucket does: if not mem then add. Without locking, multiple threads
-     could all pass the mem check and try to add, but only one should succeed.
-     Note: OCaml 4's GIL makes races hard to trigger, but this test verifies
-     the invariant holds under concurrent access and would catch races if the
-     GIL is released at allocation points within the critical section. *)
-  let iterations = 500 in
-  let threads_per_iter = 10 in
-  let failures = ref 0 in
-  let failures_mutex = Mutex.create () in
-  for _ = 1 to iterations do
-    let table = Bucket_table.create () in
-    let success_count = ref 0 in
-    let count_mutex = Mutex.create () in
-    let barrier = ref 0 in
-    let barrier_mutex = Mutex.create () in
-    let threads =
-      Array.init threads_per_iter (fun _ ->
-          Thread.create
-            (fun () ->
-              (* Increment barrier and wait for all threads *)
-              Mutex.lock barrier_mutex ;
-              incr barrier ;
-              Mutex.unlock barrier_mutex ;
-              while
-                Mutex.lock barrier_mutex ;
-                let b = !barrier in
-                Mutex.unlock barrier_mutex ; b < threads_per_iter
-              do
-                Thread.yield ()
-              done ;
-              (* All threads try to add the same key simultaneously *)
-              let success =
-                Bucket_table.add_bucket table ~user_agent:"contested_key"
-                  ~burst_size:10.0 ~fill_rate:1.0
-              in
-              if success then (
-                Mutex.lock count_mutex ;
-                incr success_count ;
-                Mutex.unlock count_mutex
-              )
-            )
-            ()
-      )
-    in
-    Array.iter Thread.join threads ;
-    (* Exactly one thread should succeed in adding the key *)
-    if !success_count <> 1 then (
-      Mutex.lock failures_mutex ;
-      incr failures ;
-      Mutex.unlock failures_mutex
-    )
-  done ;
-  Alcotest.(check int)
-    "Exactly one add should succeed for same key (across all iterations)" 0
-    !failures
-
 let test_concurrent_add_delete_stress () =
   (* Stress test: rapidly add and delete entries.
      Without proper locking, hashtable can get corrupted. *)
@@ -394,7 +336,6 @@ let test =
   ; ("Submit nonexistent", `Quick, test_submit_nonexistent)
   ; ("Submit fairness", `Slow, test_submit_fairness)
   ; ("Submit sync", `Slow, test_submit_sync)
-  ; ("Add same key race", `Quick, test_add_same_key_race)
   ; ("Concurrent add/delete stress", `Quick, test_concurrent_add_delete_stress)
   ; ("Consume during delete race", `Quick, test_consume_during_delete_race)
   ]