Rigorously specify and test pipeTo

[domenic]

This is a first draft at the "algorithm" for pipeTo, which contains a few concrete steps and a lot of more general requirements. I'd love feedback on whether this style of speccing is clear enough, or if I missed any important requirements, or if the way in which I grouped the requirements is confusing, or anything else. I'm kind of nervous about this part :)

Preview at https://streams.spec.whatwg.org/branch-snapshots/spec-pipe-to-omg/#rs-pipe-to

Things to do before this is merge ready:

• Factor this out into a StreamPipe() abstract op that other specs could use. (ReadableStreamPipe??) Let's wait until we have consumers first
• Factor our releasing a writable stream lock into an abstract op
• Ensure we have tests that cover all of the requirements here (and realign any existing ones to match better with the requirements' wording if they are close)
• Ensure we are not missing any requirements that are expressed in the tests
• Ensure in particular that the various error conditions are tested correctly and align with the spec, e.g. what if both the source and dest error.
• Check to make sure no asserts are violated or incorrect errors are thrown/promises are rejected, e.g. by doing something that's not supposed to be done while in a given state.
• Align the reference implementation more closely with this version of the spec, by using more internal methods and seeing if we can get better correspondence between the requirement lines here and the JS lines in the reference implementation. It's possible they can't be that close, which is fine, as long as the tests pass.

[ricea]

I like this style. I find it easy to read and easy to write tests for.

[tyoshino]

Depending on resolution of #476, we might need to mention the error situation where write() promise rejects but the destination writable stream doesn't get errored.

[tyoshino]

• Regarding that all the operations are performed by directly invoking the abstract operations:
  • I think this is great.
• The way the algorithm is specified:
  • Yeah, it's nice. The algorithm in the reference implementation is also written in the form reacting to each situation. We just have state to resolve race. The spec text is representing what we have well :)
• reviewed the code changes. left some comments but lgtm.

[domenic]

Update: I made a lot of progress on this today. In the process I discovered some contradictions in the spec text as written, which was kind of expected. E.g. races between the various error conditions, or races between performing cleanup (now renamed shutdown) and finishing a write. The spec has been amended, and also the reference implementation has been rewritten to follow the spec.

There are still a number of failing (unconverted) tests, so I guess the algorithm is probably not quite right yet.

I was still not able to remove many existing tests because we have a lot of good tests that manage to put a stream in a given state asynchronously, possibly after some chunks have already passed through it. Whereas the new tests I've written so far all put the stream in a given state synchronously or use a rejected promise returned from the start() function. I am not sure yet whether I want to solve this in some kind of generative way (maybe like the templated tests) or just by porting the existing ones individually. I'll try to work on it tomorrow.

[domenic]

This is allllmost done. Some TODOs listed in the commit message, all minor. Last time I said "tomorrow" in this thread that didn't work out, but I'm hopeful...

[ricea]

I would prefer assertGetterRejects(), to make it clear that this is an assertion.

I thought about assert_getter_rejects(), but then people might expect to find the definition in testharness.js.

I realise that testharness's "promise_rejects" doesn't include "assert", but I find that a bit counter-intuitive to be honest.

[domenic]

This whole file already exists upstream; I just am copying it here because of limitations of the test runner.

[ricea]

I see. Never mind then.

[domenic]

This is done and ready for review! It's on top of #526 so the first two commits can be ignored. Those commits are now in master so this PR only contains a single commit again.

[domenic]

Can't that be done without involving the whole pipeLoop? It doesn't really need all the shutdown infrastructure does it.

It could. I find the spec and reference implementation cleaner this way.

As we can see the source clearly based on which value we passed to the prevent.* flag, I don't strongly object to this now, but some note needed to explain this behavior.

Added some bullet points

please add some tests where two or more of prevent.* flags are set to true.

Hmm. Given that only one flag can be used in any given pipeTo, I'm not sure how valuable this would be. Could you give an example of what you'd be hoping to test?

Although, I guess I just realized we do not have any tests for multiple close/error conditions being true at once :(. So e.g. piping a closed readable stream to an errored writable stream and so on. The spec isn't even super clear about what takes precedence there. I guess that's another reasonably large chunk of work to do. I'll try to do it Monday.

[tyoshino]

Hmm. Given that only one flag can be used in any given pipeTo, I'm not sure how valuable this would be. Could you give an example of what you'd be hoping to test?

E.g. please try simply adding preventCancel: true to the Errors must be propagated forward: starts errored; preventAbort = ${String(truthy)} (truthy) test in error-propagation-forward.js and see how many times shutdown() is invoked. It's invoked twice and finalize() is also invoked twice. The second finalize() fails harmlessly on the redundant call of WritableStreamDefaultWriterRelease() which throws. It's not affecting the publicly visible behavior, but I think we should suppress the redundant invocation of finalize().

That's the background of my comment at #512 (comment).

In general, I think it's worth testing some cases where two or three of prevent.* flags are set to a truthy value (though no need to have full coverage) as it's possible and should be common to do so, in addition to what you've done which is, of course, needed and important.

Although, I guess I just realized we do not have any tests for multiple close/error conditions being true at once :(. So e.g. piping a closed readable stream to an errored writable stream and so on. The spec isn't even super clear about what takes precedence there. I guess that's another reasonably large chunk of work to do. I'll try to do it Monday.

Agreed.

[domenic]

It's not affecting the publicly visible behavior, but I think we should suppress the redundant invocation of finalize().

Why? The entire setup is designed specifically so that it's harmless and doesn't affect public behavior; we shouldn't need to do any extra bookkeeping for suppression.

[tyoshino]

Why? The entire setup is designed specifically so that it's harmless and doesn't affect public behavior; we shouldn't need to do any extra bookkeeping for suppression.

Okay. I still think we should have the if-clause and some tests with multiple prevent.* set to true, but it shouldn't block this from landing. lgtm. I'll open an issue for that.

[tyoshino]

I'll open an issue for that.

Created. Let's discuss this there.
#557

[ricea]

lgtm based on my own superficial review and tyoshino's in-depth lgtm.

[domenic]

I have to leave early today unfortunately. I want to get some good tests for multiple error/closure scenarios before merging this. So I've pushed up some WIP ones that are mostly failing. The tests might be bad or the spec or the logic; not sure yet. No need to pay them much attention unless you have extra free time. Just wanted to give an update.

I think we can also resolve #557 before merging this too.