Put context.Context arguments on almost everything

[novas0x2a]

This is a pretty huge change, and it breaks api, so consider this first steps :)

After this change:

• Network IO paths should react to cancels now.
• File IO paths generally still won't.
• SystemContext objects have been renamed to sys to leave ctx available for the stdlib context objects.

[mtrmac]

One-minute look, will review in detail later:

• ^^ This seems unexpected.
• Overall having a context.Context in most places is definitely valuable.
• I’m not sure about passing types.SystemContext and context.Context by a single parameter, notably because SystemContext currently intentionally violates the “Do not store Contexts inside a struct type” rule. Combining them may still be the right thing to do, I’ll need to take a deeper look.

[novas0x2a]

Just replying to the first point; the first line of the trash vendor.conf identifies the package root (e.g.); trash gives me a warning without it (presumably because I use a multiple-GOPATH and it can't identify the canonical parent on its own).

[mtrmac]

Ah, I had no idea that was a thing. Thanks.

[mtrmac]

that's slightly gauche to pass a nil to something that takes a context.Context, but in this case (because the type system can't catch it) I've made it so passing a nil to GetSystemContext behaves the way passing a nil as a SystemContext used to.

That’s not sufficient; if anything actually tries to use the context.Context as a context.Context (e.g. calling Done() or WithCancel(), it will crash on nil.

[mtrmac]

Overall, I don’t think transferring types.SystemContext as a Value in context.Context makes sense; the two should remain separate.

• Looking at how copy.Image uses separate types.SystemContext values for the source and destination (copy.Options.{SourceCtx,DestinationCtx}), it’s clear that the two are not semantically close enough: types.SystemContext is an options storage mechanism, which is propagated along with the relevant data structures; context.Context is a control flow management mechanism, which is propagated along the call stacks and goroutine creations. A single value can’t cleanly be both.
• As mentioned earlier, the way SystemContext is stored in ImageSource/ImageDestination implementations violates the context.Context rules (though, arguably, so does the cancelation behavior of http.Request/http.Response).
• (types.SystemContext is commonly nil for programs which don’t need non-default behavior, and supporting that for context.Context values is not cleanly possible, nor even desirable—linters which validate the context.Context usage rules should warn about using nil.)

So, I think the two parameters should stay separate, like the current docker.CheckAuth.

We might consider renaming SystemContext to make the two easier to distinguish (CIOptions?), but that’s really a separate discussion and probably a separate PR, if we should do this at all.

Cc: @runcom if he disagrees.

---

If this PR adds the context.Context parameters, they should actually be used. This is most important for the blocking <- channel operations.

Similarly, though perhaps less urgently, I think many of the local-filesystem operations should be cancelable if they work on layers or whole images; copying a multi-gigabyte image may well take long enough that the caller may realize in the middle that the operation is not needed after all. AFAICT having a cancelable io.Copy helper would make this reasonably easy. OTOH the local disks tend to still be reasonably fast and the most important local storage mechanisms (containers-storage:) seem to not have implemented cancelation/interruptible operations so far, so this is not completely blocking for me; adding FIXME notes to the relevant places would be nice, though.

---

https://golang.org/pkg/context/#Background documents context.Background as “typically used by…tests”; if we are not actually trying to test cancelation, that’s what we should do. context.TODO is pretty much equivalent to context.Background, and exists primarily to make missing handling easy to find; cluttering the results with all our tests would not be helpful.

[mtrmac]

The blocking

		diffIDResult = <-diffIDChan

needs to abort if ctx is canceled.

[mtrmac]

(Non-blocking: It would be nice to have diffIDComputationGoroutine reliably terminate if ctx is canceled.

It does terminate, ultimately due to the defer…pipeWriter.CloseWithError, but that’s a bit convoluted.

E.g. if a cancelable io.Copy helper were created, using it in the goroutine would be nice.)

[mtrmac]

(Non-blocking: It would be nice to have compressGoroutine reliably terminate if ctx is canceled, just like diffIDComputationGoroutine.

Same for the

		_, err := io.Copy(ioutil.Discard, originalLayerReader)

In all these cases, having the ctx cancelation abort future reads from the Readers should be sufficient, but it’s convoluted.)

[mtrmac]

(Nit: The alignment is inconsistent.)

[mtrmac]

This really should be actually cancelable, in the tarfile.NewSourceFromFile→NewSourceFromStream:

_, err := io.Copy(tarCopyFile, inputStream)

part at least, which, although does not do anything over the network, may be copying many gigabytes of data and take several seconds.

[mtrmac]

importBlob, fixFiles, generateTarSplitMetadata, and maybe more, can handle many-gigabyte files or directory structures and should be cancelable.

[mtrmac]

The goroutine should probably be canceled by ctx.

[mtrmac]

The

	_, err = io.Copy(diffID.Hash(), decompressed)

can copy many gigabytes of data and should be cancelable.

[mtrmac]

The

		layer, _, err := s.imageRef.transport.store.PutLayer(id, lastLayer, nil, "", false, diff)

line can copy many gigabytes of data, and should be cancelable. (I’m not sure that can be done right now.)

[mtrmac]

The

		n, err := io.Copy(ioutil.Discard, reader)

can copy many gigabytes of data and should be cancelable.

[novas0x2a]

Hm, I'm willing to follow through with changes like splitting SystemContext and Context apart (which would also resolve the nil problem by making it a compile failure), and I can easily use Background instead of TODO in the tests (generally, I use TODO because those tests are the ones that would catch failures to use ctx in the code, but if you prefer Background, that's fine, too).

I'm probably not willing to take on the task of fixing the whole library re: context behavior, although there's clear value in that, my PR was basically me scratching my itch along the code paths I needed, and then propagating those changes as needed :)

Does that work for you?

[mtrmac]

I’m fine with not handling the local FS copies; in the worst case I can add the FIXMEs in there myself.

I’d insist on having the two cases of blocking on a channel handled; that should be roughly

select {
case <-ctx.Done():
	return ctx.Err()
case theVariable <- theChannel:
}

but I guess I can trade that: if you are willing to split the SystemContext and Context, I’ll add the FIXMEs and the channel aborts — and the skopeo updates needed so that tests pass :). Does that make sense?

---

(generally, I use TODO because those tests are the ones that would catch failures to use ctx in the code, but if you prefer Background, that's fine, too)

I’m not sure what you mean; looking at the implementation, TODO and Background are instances of the same object that differ only in their String() return value. How does using TODO help catch failures to use ctx in the code?

[novas0x2a]

Yeah, SGTM. It'll probably take me a few days, but I'll get to it.

I’m not sure what you mean; looking at the implementation, TODO and Background are instances of the same object that differ only in their String() return value. How does using TODO help catch failures to use ctx in the code?

Ah, sorry, I didn't mean the TODOs would, I meant that that they're real TODOs in the sense of indicating the need for future work; the tests they're in would be the things meant to catch failures to use the context. The next step on those TODOs might be to have a test-specific context in the suite that makes sure it cancels the context after each test, so you can't leak threads during the test (for example). But, either way, grepping for context.Background in the tests is just as easy as context.TODO; context.TODO is more for real code to indicate a booby-trap for people debugging something that landed there :)

[novas0x2a]

I think I've handled all the comments now, except for the file io paths. How's it look?

[mtrmac]

@runcom RFC, please at least ACK the general direction and types.go.

[mtrmac]

👍 Thanks!

I have prepared a skopeo PR at containers/skopeo#493 .

Note to self: also check a few of the newImage* for unnecessary parameters.

[runcom]

LGTM (just checked types/types.go, it's awesome!)

[runcom]

skopeo's PR passing, so merging here