Elixir/Ports and external process wiring: Difference between revisions
No edit summary |
→Asynchronous call and communication: link to doc heading |
||
| (6 intermediate revisions by the same user not shown) | |||
| Line 8: | Line 8: | ||
I was excited to learn how to interface with long-lived external processes—and this project offered more than I hoped for. | I was excited to learn how to interface with long-lived external processes—and this project offered more than I hoped for. | ||
{{Aside|text=<p>[[w:rsync|Rsync]] is the standard utility for file transfers, locally or over a network. It can resume incomplete transfers and synchronize directories efficiently, and after almost 30 years of usage | {{Aside|text=<p>[[w:rsync|Rsync]] is the standard utility for file transfers, locally or over a network. It can resume incomplete transfers and synchronize directories efficiently, and after almost 30 years of usage rsync can be trusted to handle any edge case.</p> | ||
<p>BEAM is a fairly unique ecosystem in which it's not considered deviant to reinvent a rounder wheel: an external dependency like "cron" | <p>BEAM<ref>The virtual machine shared by Erlang, Elixir, Gleam, Ash, and so on: [https://blog.stenmans.org/theBeamBook/ the BEAM Book]</ref> is a fairly unique ecosystem in which it's not considered deviant to reinvent a rounder wheel: an external dependency like "cron" will often be ported into native Erlang—but the complexity of rsync and its dependence on a matching remote daemon makes it unlikely that it will be rewritten any time soon, which is why I've decided to wrap external command execution in a library.</p>}} | ||
[[File:Monkey eating.jpg|alt=A Toque macaque (Macaca radiata) Monkey eating peanuts. Pictured in Bangalore, India|right|300x300px]] | [[File:Monkey eating.jpg|alt=A Toque macaque (Macaca radiata) Monkey eating peanuts. Pictured in Bangalore, India|right|300x300px]] | ||
=== | === Naïve shelling === | ||
Starting rsync should be as easy as calling out to a shell:<syntaxhighlight lang="elixir"> | Starting rsync should be as easy as calling out to a shell:<syntaxhighlight lang="elixir"> | ||
System.shell("rsync -a source target") | System.shell("rsync -a source target") | ||
</syntaxhighlight> | </syntaxhighlight> | ||
This has a few shortcomings, starting with how | This has a few shortcomings, starting with how one would pass it dynamic paths. It's unsafe to use string interpolation (<code>"#{source}"</code> ): consider what could happen if the filenames include unescaped whitespace or special shell characters such as ";". | ||
=== Safe path handling === | === Safe path handling === | ||
| Line 27: | Line 27: | ||
=== Asynchronous call and communication === | === Asynchronous call and communication === | ||
To run a external process asynchronously we reach for Elixir's low-level <code>Port.open</code>, nothing but a one-line wrapper<ref>See the [https://github.com/elixir-lang/elixir/blob/809b035dccf046b7b7b4422f42cfb6d075df71d2/lib/elixir/lib/port.ex#L232 port.ex source code]</ref> | To run a external process asynchronously we reach for Elixir's low-level <code>Port.open</code>, nothing but a one-line wrapper<ref>See the [https://github.com/elixir-lang/elixir/blob/809b035dccf046b7b7b4422f42cfb6d075df71d2/lib/elixir/lib/port.ex#L232 port.ex source code]</ref> passing its parameters directly to ERTS <code>open_port</code><ref>[https://www.erlang.org/doc/apps/erts/erlang.html#open_port/2 Erlang <code>open_port</code> docs]</ref>. This function is tremendously flexible, here we turn a few knobs:<syntaxhighlight lang="elixir"> | ||
Port.open( | Port.open( | ||
{:spawn_executable, rsync_path}, | {:spawn_executable, rsync_path}, | ||
| Line 52: | Line 52: | ||
; <code>-v</code> : list each filename as it's transferred | ; <code>-v</code> : list each filename as it's transferred | ||
; <code>--progress</code> : report statistics per file | |||
; <code>--info=progress2</code> : report overall progress | ; <code>--info=progress2</code> : report overall progress | ||
; <code>--itemize-changes</code> : list the operations taken on each file | ; <code>--itemize-changes</code> : list the operations taken on each file | ||
; <code>--out-format=FORMAT</code> : any format | ; <code>--out-format=FORMAT</code> : any custom format string following rsyncd.conf's <code>log format</code><ref>[https://man.archlinux.org/man/rsyncd.conf.5#log~2 rsyncd.conf log format] docs</ref> | ||
}} | }} | ||
Rsync outputs <code>--info=progress2</code> lines like so:<syntaxhighlight lang="text"> | |||
overall percent complete time remaining | |||
bytes transferred | transfer speed | | bytes transferred | transfer speed | | ||
| | | | | | | | | | ||
| Line 69: | Line 69: | ||
</syntaxhighlight> | </syntaxhighlight> | ||
The controlling Port captures these lines is sent to the library's <code>handle_info</code> callback as <code>{:data, line}</code>. After the transfer is finished we receive a conclusive <code>{:exit_status, status_code}</code> message. | |||
As a first step, we extract the | As a first step, we extract the overall_percent_done column and flag any unrecognized output: | ||
<syntaxhighlight lang="elixir"> | <syntaxhighlight lang="elixir"> | ||
with terms when terms != [] <- String.split(line, ~r"\s", trim: true), | with terms when terms != [] <- String.split(line, ~r"\s", trim: true), | ||
| Line 81: | Line 81: | ||
{:unknown, line} | {:unknown, line} | ||
end | end | ||
</syntaxhighlight>The <code>trim</code> is lifting more than its weight here: it lets us completely ignore spacing and newline | </syntaxhighlight>The <code>trim</code> is lifting more than its weight here: it lets us completely ignore spacing and newline trickery—and ignores the leading carriage return before each line, seen in the rsync source code:<ref>[https://github.com/RsyncProject/rsync/blob/797e17fc4a6f15e3b1756538a9f812b63942686f/progress.c#L129 rsync/progress.c] source code</ref> | ||
<syntaxhighlight lang="c"> | <syntaxhighlight lang="c"> | ||
rprintf(FCLIENT, "\r%15s %3d%% %7.2f%s %s%s", ...); | rprintf(FCLIENT, "\r%15s %3d%% %7.2f%s %s%s", ...); | ||
</syntaxhighlight>Carriage return <code>\r</code> deserves special mention: this "control" character | </syntaxhighlight>Carriage return <code>\r</code> deserves special mention: this is the first "control" character we come across and it looks the same as an ordinary byte in the binary data coming over the pipe from rsync, similar to newline <code>\n</code>. Its normal role is to control the terminal emulator, rewinding the cursor so that the current line can be overwritten! And like newline, carriage return can be ignored. Control signaling is exactly what goes haywire about this project, and the leaky category distinction between data and control seems to be a repeated theme in inter-process communication. The reality is not so much data vs. control, as it seems to be a sequence of layers like with [[w:OSI model|networking]]. | ||
{{Aside|text= | {{Aside|text= | ||
| Line 97: | Line 95: | ||
You'll have to use <control>-v <control>-m to type a literal carriage return, copy-and-paste won't work. | You'll have to use <control>-v <control>-m to type a literal carriage return, copy-and-paste won't work. | ||
The character | The character is named after the pushing of a physical typewriter carriage to return to the beginning of the current line without feeding the roller to a new line. | ||
[[File: | [[File:Baboons Playing in Chobe National Park-crlf.jpg|left|300x300px|Three young baboons playing on a rock ledge. Two are on the ridge and one below, grabbing the tail of another. A meme font shows "\r", "\n", and "\r\n" personified as each baboon.]] | ||
[[w:https://en.wikipedia.org/wiki/Newline#Issues_with_different_newline_formats|Disagreement about carriage return]] vs. line feed has caused eye-rolling since the dawn of personal computing. | [[w:https://en.wikipedia.org/wiki/Newline#Issues_with_different_newline_formats|Disagreement about carriage return]] vs. line feed has caused eye-rolling since the dawn of personal computing. | ||
}} | }} | ||
| Line 112: | Line 110: | ||
The unpleasant real-world consequence is that rsync transfers will continue to run in the background even after Elixir kills our gen_server or shuts down, because the BEAM has no way of stopping the external process. | The unpleasant real-world consequence is that rsync transfers will continue to run in the background even after Elixir kills our gen_server or shuts down, because the BEAM has no way of stopping the external process. | ||
It's possible to send a signal by shelling out to unix <code>kill PID</code>, but BEAM | It's possible to find the operating system PID of the child process with <code>Port.info(port, :os_pid)</code> and send it a signal by shelling out to unix <code>kill PID</code>, but BEAM doesn't include built-in functions to send a signal to an OS process, and there is an ugly race condition between closing the port and sending this signal. We'll keep looking for another way to "link" the processes. | ||
To debug what happens during <code>port_close</code> and to eliminate variables, I tried | To debug what happens during <code>port_close</code> and to eliminate variables, I tried spawning <code>sleep 60</code> instead of rsync and I found that it behaves in exactly the same way: hanging until <code>sleep</code> ends naturally regardless of what happened in Elixir or whether its pipes are still open. This happens to have been a lucky choice as I learned later: "sleep" is daemon-like so similar to rsync, but its behavior is much simpler to reason about. | ||
== Bad assumption: pipe-like processes == | == Bad assumption: pipe-like processes == | ||
A pipeline like <code>gzip</code> or <code>cat</code> it built to read from its input and write to its output. We can roughly group the different styles of command-line application into "pipeline" programs which read and write, "interactive" programs which require user input, and "daemon" programs which are designed to run in the background. Some programs support multiple modes depending on the arguments given at launch, or by detecting the terminal using <code>isatty</code><ref>[https://man.archlinux.org/man/isatty.3.en docs for <code>isatty</code>]</ref>. The BEAM is currently optimized to interface with pipeline programs and it assumes that the external process will stop when its "standard input" is closed. | A pipeline like <code>gzip</code> or <code>cat</code> it built to read from its input and write to its output. We can roughly group the different styles of command-line application into "pipeline" programs which read and write, "interactive" programs which require user input, and "daemon" programs which are designed to run in the background. Some programs support multiple modes depending on the arguments given at launch, or by detecting the terminal using <code>isatty</code><ref>[https://man.archlinux.org/man/isatty.3.en docs for <code>isatty</code>]</ref>. The BEAM is currently optimized to interface with pipeline programs and it assumes that the external process will stop when its "standard input" is closed. | ||
A typical pipeline program will stop once it detects that input has ended, by | A typical pipeline program will stop once it detects that input has ended, for example by calling <code>read</code><ref>[https://man.archlinux.org/man/read.2 libc <code>read</code> docs]</ref> in a loop:<syntaxhighlight lang="c"> | ||
size_read = read (input_desc, buf, bufsize); | |||
if ( | if (size_read < 0) { error... } | ||
if ( | if (size_read == 0) { end of file... } | ||
</syntaxhighlight> | </syntaxhighlight> | ||
If the program does blocking I/O, then a zero-byte <code>read</code> indicates the end of file condition. A program which does asynchronous I/O with <code>O_NONBLOCK</code><ref>[https://man.archlinux.org/man/open.2.en#O_NONBLOCK O_NONBLOCK docs]</ref> might instead detect EOF by listening for the <code>HUP</code> hang-up signal which is can be arranged (TODO: document how this can be done with <code>prctl</code>, and on which platforms). | |||
But here we'll focus on how processes can more generally affect each other through pipes. Surprising answer: without much effect! You can experiment with the <code>/dev/null</code> device which behaves like a closed pipe, for example compare these two commands:<syntaxhighlight lang="shell"> | But here we'll focus on how processes can more generally affect each other through pipes. Surprising answer: without much effect! You can experiment with the <code>/dev/null</code> device which behaves like a closed pipe, for example compare these two commands: | ||
<syntaxhighlight lang="shell"> | |||
cat < /dev/null | cat < /dev/null | ||
| Line 140: | Line 142: | ||
A small shim can adapt a daemon-like program to behave more like a pipeline. The shim is sensitive to stdin closing or SIGHUP, and when this is detected it converts this into a stronger signal like SIGTERM which it forwards to its own child. This is the idea behind a suggested shell script<ref>[https://hexdocs.pm/elixir/1.19.0/Port.html#module-orphan-operating-system-processes Elixir Port docs showing a shim script]</ref> for Elixir, and the <code>erlexec</code><ref name=":0">[https://hexdocs.pm/erlexec/readme.html <code>erlexec</code> library]</ref> library. The opposite adapter can be found in the [[w:nohup|nohup]] shell command and the grimsby<ref>[https://github.com/shortishly/grimsby <code>grimsby</code> library]</ref> library: these will keep standard in and/or standard out open for the child process even after the parent exits, so that a pipe-like program can behave more like a daemon. | A small shim can adapt a daemon-like program to behave more like a pipeline. The shim is sensitive to stdin closing or SIGHUP, and when this is detected it converts this into a stronger signal like SIGTERM which it forwards to its own child. This is the idea behind a suggested shell script<ref>[https://hexdocs.pm/elixir/1.19.0/Port.html#module-orphan-operating-system-processes Elixir Port docs showing a shim script]</ref> for Elixir, and the <code>erlexec</code><ref name=":0">[https://hexdocs.pm/erlexec/readme.html <code>erlexec</code> library]</ref> library. The opposite adapter can be found in the [[w:nohup|nohup]] shell command and the grimsby<ref>[https://github.com/shortishly/grimsby <code>grimsby</code> library]</ref> library: these will keep standard in and/or standard out open for the child process even after the parent exits, so that a pipe-like program can behave more like a daemon. | ||
I used the shim approach in my rsync library and it includes a small C program<ref>[https://gitlab.com/adamwight/rsync_ex/-/blob/main/src/main.c?ref_type=heads rsync_ex C shim program]</ref> which wraps rsync and makes it sensitive to BEAM <code>port_close</code>. It's featherweight, leaving pipes unchanged as it passes control to | I used the shim approach in my rsync library and it includes a small C program<ref>[https://gitlab.com/adamwight/rsync_ex/-/blob/main/src/main.c?ref_type=heads rsync_ex C shim program]</ref> which wraps rsync and makes it sensitive to BEAM <code>port_close</code>. It's featherweight, leaving pipes unchanged as it passes control to rsync, here are the business parts:<syntaxhighlight lang="c">// Set up a fail-safe to self-signal with HUP if the controlling process dies. | ||
prctl(PR_SET_PDEATHSIG, SIGHUP);</syntaxhighlight><syntaxhighlight lang="c"> | |||
void handle_signal(int signum) { | |||
if (signum == SIGHUP && child_pid > 0) { | |||
// Send the child TERM so that rsync can perform clean-up such as shutting down a remote server. | |||
kill(child_pid, SIGTERM); | |||
} | |||
} | |||
</syntaxhighlight> | |||
== Reliable clean up == | == Reliable clean up == | ||
{{Project|status=in review|url=https://erlangforums.com/t/open-port-and-zombie-processes|source=https://github.com/erlang/otp/pull/9453}} | {{Project|status=in review|url=https://erlangforums.com/t/open-port-and-zombie-processes|source=https://github.com/erlang/otp/pull/9453}} | ||
It's always a pleasure to ask questions in the BEAM communities, they deserve their reputation for being friendly and open. The first big tip was to look at the third-party library <code>erlexec</code><ref name=":0" />, which demonstrates emerging best practices which could be backported into the language itself. Everyone speaking on the problem generally agrees that the fragile clean up of external processes is a bug, and supports the idea that some flavor of "terminate" signal should be sent to spawned programs when the port is closed. | It's always a pleasure to ask questions in the BEAM communities, they deserve their reputation for being friendly and open. The first big tip was to look at the third-party library <code>erlexec</code><ref name=":0" />, which demonstrates emerging best practices which could be backported into the language itself. Everyone speaking on the problem generally agrees that the fragile clean up of external processes is a bug, and supports the idea that some flavor of "terminate" signal should be sent to spawned programs when the port is closed. | ||
[[File:Itinerant glassworker exhibition with spinning wheel and steam engine.jpg|thumb]] | |||
I would be lying to hide my disappointment that the required core changes are mostly in an auxiliary C program and not written in Erlang or even in the BEAM itself, but it was still fascinating to open such an elegant black box and find the technological equivalent of a steam engine inside. All of the futuristic, high-level features we've come to know actually map closely to a few scraps of wizardry with ordinary pipes<ref>[https://man.archlinux.org/man/pipe.7.en Overview of unix pipes]</ref>, using libc's pipe<ref>[https://man.archlinux.org/man/pipe.2.en Docs for the <code>pipe</code> syscall]</ref>, read, write, and select<ref>[https://man.archlinux.org/man/select.2.en libc <code>select</code> docs]</ref>. | I would be lying to hide my disappointment that the required core changes are mostly in an auxiliary C program and not written in Erlang or even in the BEAM itself, but it was still fascinating to open such an elegant black box and find the technological equivalent of a steam engine inside. All of the futuristic, high-level features we've come to know actually map closely to a few scraps of wizardry with ordinary pipes<ref>[https://man.archlinux.org/man/pipe.7.en Overview of unix pipes]</ref>, using libc's pipe<ref>[https://man.archlinux.org/man/pipe.2.en Docs for the <code>pipe</code> syscall]</ref>, read, write, and select<ref>[https://man.archlinux.org/man/select.2.en libc <code>select</code> docs]</ref>. | ||
| Line 158: | Line 168: | ||
Which signal to use is still an open question: | Which signal to use is still an open question: | ||
; <code>HUP</code> : sent to a process when its standard input stream is closed<ref>[https://pubs.opengroup.org/onlinepubs/9799919799/basedefs/V1_chap11.html#tag_11_01_10 POSIX standard "General Terminal Interface: Modem Disconnect"</ref> | ; <code>HUP</code> : sent to a process when its standard input stream is closed<ref>[https://pubs.opengroup.org/onlinepubs/9799919799/basedefs/V1_chap11.html#tag_11_01_10 POSIX standard "General Terminal Interface: Modem Disconnect"]</ref> | ||
; <code>TERM</code> : has a clear intention of "kill this thing" but still possible to trap at the target and handle in a customized way | ; <code>TERM</code> : has a clear intention of "kill this thing" but still possible to trap at the target and handle in a customized way | ||
| Line 166: | Line 176: | ||
There is a refreshing diversity of opinion, so it could be worthwhile to make the signal configurable for each port. | There is a refreshing diversity of opinion, so it could be worthwhile to make the signal configurable for each port. | ||
}} | }} | ||
== TODO: consistency with unix process groups == | |||
... there is something fun here about how unix already has process tree behaviors which are close analogues to a BEAM supervisor tree. | |||
== Future directions == | == Future directions == | ||