Details

Reviewers

tomek
varun
• karol

Commits

rCOMM4d1d473b8441: Implement read-and-flush operation for flat-file based message storage

Summary

Implements operation that reads all messages that were written since last call to this method, and clears main storage content if semaphore acquisition succeded. It also reads and deletes all random files with single notifications.

Test Plan

Use this method in AppDelegate to read messages written by NotificationService (see test plan for parent diff). Ensure all messages sent via web client are seen in the debugger where AppDelegate calls this method. Once it is done. Launch debugger again (but do not send any notifications). Ensure that no messages are seen this time (this checks for successful flush operation).

Diff Detail

Repository

rCOMM Comm

Lint

Lint Not Applicable

Unit

Tests Not Applicable

Event Timeline

marcin created this revision.Jun 29 2022, 2:43 AM

Herald added subscribers: • abosh, atul, • adrian, ashoat. · View Herald TranscriptJun 29 2022, 2:43 AM

Harbormaster returned this revision to the author for changes because remote builds failed.Jun 29 2022, 2:52 AM

Harbormaster failed remote builds in B10074: Diff 13928!

marcin added a parent revision: D4393: Implement write operation for flat-file based message storage.Jun 29 2022, 2:54 AM

marcin added a child revision: D4395: Implement sanity check for semaphore for flat-file based message storage.

Harbormaster completed remote builds in B10074: Diff 13928.Jun 29 2022, 3:20 AM

marcin requested review of this revision.Jun 29 2022, 3:20 AM

We should never see "No test plan". @marcinwasowicz, can you go through each diff you put up and add a test plan?

In D4394#124474, @ashoat wrote:

We should never see "No test plan". @marcinwasowicz, can you go through each diff you put up and add a test plan?

I will write appropriate test plan for every diff by tomorrow.

Introduce files to project.pbxproj

Harbormaster completed remote builds in B10192: Diff 14070.Jul 1 2022, 2:24 AM

marcin edited the test plan for this revision. (Show Details)Jul 1 2022, 2:55 AM

Remove messageSeparator constant usage

Harbormaster failed remote builds in B10265: Diff 14157!Jul 5 2022, 3:24 AM

Rebase master

tomek requested changes to this revision.Jul 5 2022, 3:48 AM

tomek added inline comments.

native/ios/Comm/TemporalMessageStorage/TemporalMessageStorage.mm
94 ↗	(On Diff #14168)	Is it possible that while iterating the files a notification service extension would create a new file in the directory? How would we handle that?
110 ↗	(On Diff #14168)	We should do it in `@finally`
111–114 ↗	(On Diff #14168)	What's the purpose of this branch? If we read the file even if we haven't acquired the lock, why should we try to acquire it at all?
138 ↗	(On Diff #14168)	What's the purpose of it?

This revision now requires changes to proceed.Jul 5 2022, 3:48 AM

marcin requested review of this revision.Jul 5 2022, 4:22 AM

marcin added inline comments.

native/ios/Comm/TemporalMessageStorage/TemporalMessageStorage.mm
94 ↗	(On Diff #14168)	The file created in such a case will be read and deleted next time user launches app.
110 ↗	(On Diff #14168)	In my opinion there are no clear reasons to do so. `@finally` is a part of `@try-catch` statement that is not needed here since none of the functions used here throws exception. Additionally there are 3 cases here: The file we are reading is random file created by NotificationService The file we are reading is main file and we acquired semaphore The file we are reading is main file and we failed to acquire semaphore The only case we should try to release semaphore is 2. We could wrap else if() content in a try-catch statement with, but none of the methods called here throws exception so it might be redundant.
111–114 ↗	(On Diff #14168)	We try to acquire the lock to be able to clear file content without the worry that NotificationService will write something in the meantime. If we fail to acquire the lock, then it means NotificationService is writing something so we can still read its content but we cannot clear it.
138 ↗	(On Diff #14168)	`componentsSeparatedByString:encryptedDataSeparator` may return array containing empty strings if separator happens to be at the end, beginning or repeated in consecutive places.

Harbormaster completed remote builds in B10276: Diff 14168.Jul 5 2022, 5:09 AM

marcin added inline comments.Jul 6 2022, 3:38 AM

native/ios/Comm/TemporalMessageStorage/TemporalMessageStorage.mm
110 ↗	(On Diff #14168)	After some considerations I came to a conclusion that reading a file might throw an exception if its content is too large. Therefore it it understandable to wrap else if content in a try catch statement.

Reimplement read operation for temporal storage to use new EncryptedFileUtils API

Harbormaster completed remote builds in B10320: Diff 14226.Jul 6 2022, 5:04 AM

New implementation of write method

marcin added a child revision: D4444: Write to temporary message storage from NotificationService.Jul 7 2022, 5:47 AM

Harbormaster completed remote builds in B10353: Diff 14261.Jul 7 2022, 6:29 AM

Rename Temporal to Temporary

I'm still not sure about the algorithm. Now we're reading the file without acquiring the lock, and got the lock only before deleting. What if we read file's content, then a service extension appends something to it, finishes, and we successfully acquire the lock and delete the file with unprocessed notif. We will lose all the notifs that were written after we read the file and before the lock.

native/ios/Comm/TemporaryMessageStorage/TemporaryMessageStorage.mm
128 ↗	(On Diff #14278)	If `!storageUpdated` we don't call `tryAcquireLock` and we should probably avoid calling `releaseLock`, right?

This revision now requires changes to proceed.Jul 7 2022, 8:21 AM

Harbormaster completed remote builds in B10370: Diff 14278.Jul 7 2022, 8:26 AM

In D4394#127130, @palys-swm wrote:

I'm still not sure about the algorithm. Now we're reading the file without acquiring the lock, and got the lock only before deleting. What if we read file's content, then a service extension appends something to it, finishes, and we successfully acquire the lock and delete the file with unprocessed notif. We will lose all the notifs that were written after we read the file and before the lock.

You are right, I think reading should be placed inside a lock too, if it was acquired.

native/ios/Comm/TemporaryMessageStorage/TemporaryMessageStorage.mm
128 ↗	(On Diff #14278)	releaseLock is a noop if we didn't acquire lock. In such a case it overwrites NSError** variable passed via arguments with information about an attempt to release lock that was not acquired in the first place. This message can be ignored. Another solution is to include an if statement in @finallly before we try to release lock, that checks if the lock was acquired. But this would increase indenation so I didn't choose this path.

Read after lock acquisition and file deletion

Harbormaster completed remote builds in B10415: Diff 14356.Jul 8 2022, 6:25 AM

tomek accepted this revision.Jul 11 2022, 7:02 AM

tomek added inline comments.

native/ios/Comm/TemporaryMessageStorage/TemporaryMessageStorage.mm
136 ↗	(On Diff #14356)	Is it possible that we will see this file in the middle of notification service writing to it?
128 ↗	(On Diff #14278)	Ok, we can keep it for now, but in the future, if we decide to take different action when releasing the semaphore fails, we can revisit it.

This revision is now accepted and ready to land.Jul 11 2022, 7:02 AM

marcin added inline comments.Jul 11 2022, 7:24 AM

native/ios/Comm/TemporaryMessageStorage/TemporaryMessageStorage.mm
136 ↗	(On Diff #14356)	Files handled in this `else {}` branch are the randomly named files NotificationService created on semaphore acquisition failure. They are written to with `[EncryptedFileUtils WriteData: toFileAtPath: error:]` method which uses `[NSData writeToFile: atomically:YES]`. Therefore if the write is atomic, AppDelegate cannot see this file in the middle ofNotificationService writing to it.