Recover from unexpected primary lease loss

Author: schmidt-sebastian

packages/firestore/src/core/sync_engine.ts

@@ -33,7 +33,7 @@ import { RemoteEvent, TargetChange } from '../remote/remote_event';
 import { RemoteStore } from '../remote/remote_store';
 import { RemoteSyncer } from '../remote/remote_syncer';
 import { assert, fail } from '../util/assert';
-import { FirestoreError } from '../util/error';
+import { Code, FirestoreError } from '../util/error';
 import * as log from '../util/log';
 import { AnyJs, primitiveComparator } from '../util/misc';
 import { ObjectMap } from '../util/obj_map';
@@ -66,6 +66,7 @@ import {
 } from '../local/shared_client_state_syncer';
 import { ClientId, SharedClientState } from '../local/shared_client_state';
 import { SortedSet } from '../util/sorted_set';
+import * as objUtils from '../util/obj';
 
 const LOG_TAG = 'SyncEngine';
 
@@ -277,11 +278,10 @@ export class SyncEngine implements RemoteSyncer, SharedClientStateSyncer {
       if (!targetRemainsActive) {
         this.remoteStore.unlisten(queryView.targetId);
         await this.removeAndCleanupQuery(queryView);
-        await this.localStore.releaseQuery(
-          query,
-          /*keepPersistedQueryData=*/ false
-        );
-        await this.localStore.collectGarbage();
+        return this.localStore
+          .releaseQuery(query, /*keepPersistedQueryData=*/ false)
+          .then(() => this.localStore.collectGarbage())
+          .catch(err => this.tryRecoverClient(err));
       }
     } else {
       await this.removeAndCleanupQuery(queryView);
@@ -382,9 +382,12 @@ export class SyncEngine implements RemoteSyncer, SharedClientStateSyncer {
   applyRemoteEvent(remoteEvent: RemoteEvent): Promise<void> {
     this.assertSubscribed('applyRemoteEvent()');
 
-    return this.localStore.applyRemoteEvent(remoteEvent).then(changes => {
-      return this.emitNewSnapsAndNotifyLocalStore(changes, remoteEvent);
-    });
+    return this.localStore
+      .applyRemoteEvent(remoteEvent)
+      .then(changes => {
+        return this.emitNewSnapsAndNotifyLocalStore(changes, remoteEvent);
+      })
+      .catch(err => this.tryRecoverClient(err));
   }
 
   /**
@@ -490,6 +493,11 @@ export class SyncEngine implements RemoteSyncer, SharedClientStateSyncer {
       // connection is disabled.
       await this.remoteStore.fillWritePipeline();
     } else if (batchState === 'acknowledged' || batchState === 'rejected') {
+      // If we receive a notification of an `acknowledged` or `rejected` batch
+      // via Web Storage, we are either already secondary or another tab has
+      // taken the primary lease.
+      await this.applyPrimaryState(false);
+
       // NOTE: Both these methods are no-ops for batches that originated from
       // other clients.
       this.sharedClientState.removeLocalPendingMutation(batchId);
@@ -521,7 +529,8 @@ export class SyncEngine implements RemoteSyncer, SharedClientStateSyncer {
       .then(changes => {
         this.sharedClientState.removeLocalPendingMutation(batchId);
         return this.emitNewSnapsAndNotifyLocalStore(changes);
-      });
+      })
+      .catch(err => this.tryRecoverClient(err));
   }
 
   rejectFailedWrite(batchId: BatchId, error: FirestoreError): Promise<void> {
@@ -533,11 +542,14 @@ export class SyncEngine implements RemoteSyncer, SharedClientStateSyncer {
     // listen events.
     this.processUserCallback(batchId, error);
 
-    return this.localStore.rejectBatch(batchId).then(changes => {
-      this.sharedClientState.trackMutationResult(batchId, 'rejected', error);
-      this.sharedClientState.removeLocalPendingMutation(batchId);
-      return this.emitNewSnapsAndNotifyLocalStore(changes);
-    });
+    return this.localStore
+      .rejectBatch(batchId)
+      .then(changes => {
+        this.sharedClientState.trackMutationResult(batchId, 'rejected', error);
+        this.sharedClientState.removeLocalPendingMutation(batchId);
+        return this.emitNewSnapsAndNotifyLocalStore(changes);
+      })
+      .catch(err => this.tryRecoverClient(err));
   }
 
   private addMutationCallback(
@@ -712,7 +724,27 @@ export class SyncEngine implements RemoteSyncer, SharedClientStateSyncer {
     await this.localStore.notifyLocalViewChanges(docChangesInAllViews);
     // TODO(multitab): Multitab garbage collection
     if (this.isPrimary) {
-      await this.localStore.collectGarbage();
+      await this.localStore
+        .collectGarbage()
+        .catch(err => this.tryRecoverClient(err));
+    }
+  }
+
+  /**
+   * Marks the client as secondary if an IndexedDb operation fails because the
+   * primary lease has been taken by another client. This can happen when the
+   * client is temporarily CPU throttled and fails to renew its lease in time,
+   * in which we treat the current client as secondary. We can always revert
+   * back to primary status via the lease refresh in our persistence layer.
+   *
+   * @param err An error returned by an IndexedDb operation.
+   * @return A Promise that resolves after we recovered, or the original error.
+   */
+  private async tryRecoverClient(err: FirestoreError): Promise<void> {
+    if (err.code === Code.FAILED_PRECONDITION) {
+      return this.applyPrimaryState(false);
+    } else {
+      throw err;
     }
   }
 
@@ -784,9 +816,10 @@ export class SyncEngine implements RemoteSyncer, SharedClientStateSyncer {
       }
     } else if (isPrimary === false && this.isPrimary !== false) {
       this.isPrimary = false;
-
-      // TODO: Unlisten from all active targets
       await this.remoteStore.disableNetwork();
+      objUtils.forEachNumber(this.queryViewsByTarget, targetId => {
+        this.remoteStore.unlisten(targetId);
+      });
     }
   }
 
@@ -801,6 +834,12 @@ export class SyncEngine implements RemoteSyncer, SharedClientStateSyncer {
     state: QueryTargetState,
     error?: FirestoreError
   ): Promise<void> {
+    if (this.isPrimary) {
+      // If we receive a target state notification via Web Storage, we are
+      // either already secondary or another tab has taken the primary lease.
+      await this.applyPrimaryState(false);
+    }
+
     if (this.queryViewsByTarget[targetId]) {
       switch (state) {
         case 'current':

packages/firestore/src/local/indexeddb_persistence.ts

@@ -203,10 +203,10 @@ export class IndexedDbPersistence implements Persistence {
         .put(new DbClientMetadata(this.clientId, Date.now(), this.inForeground))
         .next(() => this.canActAsPrimary(txn))
         .next(canActAsPrimary => {
-          if (canActAsPrimary !== this.isPrimary) {
-            this.isPrimary = canActAsPrimary;
-            this.queue.enqueue(() => this.primaryStateListener(this.isPrimary));
-          }
+          this.isPrimary = canActAsPrimary;
+          // Always call the primary state listener, since SyncEngine may have
+          // changed the primary state to 'false'.
+          this.queue.enqueue(() => this.primaryStateListener(this.isPrimary));
 
           if (this.isPrimary) {
             return this.acquireOrExtendPrimaryLease(txn);

packages/firestore/src/local/local_store.ts

@@ -669,7 +669,7 @@ export class LocalStore {
    * found - used for testing.
    */
   readDocument(key: DocumentKey): Promise<MaybeDocument | null> {
-    return this.persistence.runTransaction('read document', true, txn => {
+    return this.persistence.runTransaction('read document', false, txn => {
       return this.localDocuments.getDocument(txn, key);
     });
   }

packages/firestore/src/remote/remote_store.ts

@@ -558,12 +558,23 @@ export class RemoteStore implements TargetMetadataProvider {
     // Record the stream token.
     return this.localStore
       .setLastStreamToken(this.writeStream.lastStreamToken)
-      .then(() => {
-        // Send the write pipeline now that the stream is established.
-        for (const batch of this.writePipeline) {
-          this.writeStream.writeMutations(batch.mutations);
+      .then(
+        () => {
+          // Send the write pipeline now that the stream is established.
+          for (const batch of this.writePipeline) {
+            this.writeStream.writeMutations(batch.mutations);
+          }
+        },
+        err => {
+          if (err.code === Code.FAILED_PRECONDITION) {
+            // We have temporarily lost our primary lease. If we recover,
+            // Sync Engine will re-enable the network.
+            return this.disableNetwork();
+          } else {
+            return Promise.reject(err);
+          }
         }
-      });
+      );
   }
 
   private onMutationResult(
@@ -633,7 +644,17 @@ export class RemoteStore implements TargetMetadataProvider {
       );
       this.writeStream.lastStreamToken = emptyByteString();
 
-      return this.localStore.setLastStreamToken(emptyByteString());
+      return this.localStore
+        .setLastStreamToken(emptyByteString())
+        .catch(err => {
+          if (err.code === Code.FAILED_PRECONDITION) {
+            // We have temporarily lost our primary lease. If we recover,
+            // Sync Engine will re-enable the network.
+            return this.disableNetwork();
+          } else {
+            return Promise.reject(err);
+          }
+        });
     } else {
       // Some other error, don't reset stream token. Our stream logic will
       // just retry with exponential backoff.

packages/firestore/test/unit/specs/listen_spec.test.ts

@@ -785,4 +785,62 @@ describeSpec('Listens:', [], () => {
       .client(2)
       .expectEvents(query, { added: [docB] });
   });
+
+  specTest('Query recovers after primary takeover', ['multi-client'], () => {
+    const query = Query.atPath(path('collection'));
+    const docA = doc('collection/a', 1000, { key: 'a' });
+    const docB = doc('collection/b', 2000, { key: 'b' });
+
+    return (
+      client(0)
+        .expectPrimaryState(true)
+        .userListens(query)
+        .watchAcksFull(query, 1000, docA)
+        .expectEvents(query, { added: [docA] })
+        .client(1)
+        .userListens(query)
+        .expectEvents(query, { added: [docA] })
+        .stealPrimaryLease()
+        .expectListen(query, 'resume-token-1000')
+        .watchAcksFull(query, 2000, docB)
+        .expectEvents(query, { added: [docB] })
+        .client(0)
+        .expectPrimaryState(false)
+        // TODO(multitab): Suppres the additional `fromCache`, which is raised
+        // locally because we disable the network when we lose the primary
+        // lease.
+        .expectEvents(query, { fromCache: true })
+        .expectEvents(query, { added: [docB] })
+    );
+  });
+
+  specTest(
+    'Unresponsive primary ignores watch update',
+    ['multi-client'],
+    () => {
+      const query = Query.atPath(path('collection'));
+      const docA = doc('collection/a', 1000, { key: 'a' });
+
+      return (
+        client(0)
+          .expectPrimaryState(true)
+          .client(1)
+          .userListens(query)
+          .expectEvents(query, { fromCache: true })
+          .client(0)
+          .expectListen(query)
+          .client(1)
+          .stealPrimaryLease()
+          .client(0)
+          // Send a watch update to client 0, who is longer primary (but doesn't
+          // it yet). The watch update gets ignored.
+          .watchAcksFull(query, 1000, docA)
+          .expectPrimaryState(false)
+          .client(1)
+          .expectListen(query)
+          .watchAcksFull(query, 1000, docA)
+          .expectEvents(query, { added: [docA] })
+      );
+    }
+  );
 });

packages/firestore/test/unit/specs/spec_builder.ts

@@ -24,7 +24,11 @@ import {
 } from '../../../src/model/document';
 import { DocumentKey } from '../../../src/model/document_key';
 import { JsonObject } from '../../../src/model/field_value';
-import { mapRpcCodeFromCode } from '../../../src/remote/rpc_error';
+import {
+  isPermanentError,
+  mapCodeFromRpcCode,
+  mapRpcCodeFromCode
+} from '../../../src/remote/rpc_error';
 import { assert } from '../../../src/util/assert';
 import { fail } from '../../../src/util/assert';
 import { Code } from '../../../src/util/error';
@@ -457,12 +461,16 @@ export class SpecBuilder {
   writeAcks(
     doc: string,
     version: TestSnapshotVersion,
-    options?: { expectUserCallback: boolean }
+    options?: { expectUserCallback?: boolean; keepInQueue?: boolean }
   ): this {
     this.nextStep();
-    this.currentStep = { writeAck: { version } };
+    options = options || {};
+
+    this.currentStep = {
+      writeAck: { version, keepInQueue: !!options.keepInQueue }
+    };
 
-    if (!options || options.expectUserCallback) {
+    if (options.expectUserCallback) {
       return this.expectUserCallbacks({ acknowledged: [doc] });
     } else {
       return this;
@@ -476,13 +484,23 @@ export class SpecBuilder {
    */
   failWrite(
     doc: string,
-    err: RpcError,
-    options?: { expectUserCallback: boolean }
+    error: RpcError,
+    options?: { expectUserCallback?: boolean; keepInQueue?: boolean }
   ): this {
     this.nextStep();
-    this.currentStep = { failWrite: { error: err } };
+    options = options || {};
 
-    if (!options || options.expectUserCallback) {
+    // If this is a permanent error, the write is not expected to be sent
+    // again.
+    const isPermanentFailure = isPermanentError(mapCodeFromRpcCode(error.code));
+    const keepInQueue =
+      options.keepInQueue !== undefined
+        ? options.keepInQueue
+        : !isPermanentFailure;
+
+    this.currentStep = { failWrite: { error, keepInQueue } };
+
+    if (options.expectUserCallback) {
       return this.expectUserCallbacks({ rejected: [doc] });
     } else {
       return this;
@@ -899,6 +917,23 @@ export class MultiClientSpecBuilder extends SpecBuilder {
     return this;
   }
 
+  /**
+   * Take the primary lease, even if another client has already obtained the
+   * lease.
+   */
+  stealPrimaryLease(): this {
+    this.nextStep();
+    this.currentStep = {
+      applyClientState: {
+        primary: true
+      },
+      stateExpect: {
+        isPrimary: true
+      }
+    };
+    return this;
+  }
+
   protected nextStep(): void {
     if (this.currentStep !== null) {
       this.currentStep.clientIndex = this.activeClientIndex;