// Copyright 2015 The Chromium OS Authors. All rights reserved. // Use of this source code is governed by a BSD-style license that can be // found in the LICENSE file. #include <brillo/backoff_entry.h> #include <algorithm> #include <cmath> #include <limits> #include <base/logging.h> #include <base/numerics/safe_math.h> #include <base/rand_util.h> namespace brillo { BackoffEntry::BackoffEntry(const BackoffEntry::Policy* const policy) : policy_(policy) { DCHECK(policy_); Reset(); } void BackoffEntry::InformOfRequest(bool succeeded) { if (!succeeded) { ++failure_count_; exponential_backoff_release_time_ = CalculateReleaseTime(); } else { // We slowly decay the number of times delayed instead of // resetting it to 0 in order to stay stable if we receive // successes interleaved between lots of failures. Note that in // the normal case, the calculated release time (in the next // statement) will be in the past once the method returns. if (failure_count_ > 0) --failure_count_; // The reason why we are not just cutting the release time to // ImplGetTimeNow() is on the one hand, it would unset a release // time set by SetCustomReleaseTime and on the other we would like // to push every request up to our "horizon" when dealing with // multiple in-flight requests. Ex: If we send three requests and // we receive 2 failures and 1 success. The success that follows // those failures will not reset the release time, further // requests will then need to wait the delay caused by the 2 // failures. base::TimeDelta delay; if (policy_->always_use_initial_delay) delay = base::TimeDelta::FromMilliseconds(policy_->initial_delay_ms); exponential_backoff_release_time_ = std::max( ImplGetTimeNow() + delay, exponential_backoff_release_time_); } } bool BackoffEntry::ShouldRejectRequest() const { return exponential_backoff_release_time_ > ImplGetTimeNow(); } base::TimeDelta BackoffEntry::GetTimeUntilRelease() const { base::TimeTicks now = ImplGetTimeNow(); if (exponential_backoff_release_time_ <= now) return base::TimeDelta(); return exponential_backoff_release_time_ - now; } base::TimeTicks BackoffEntry::GetReleaseTime() const { return exponential_backoff_release_time_; } void BackoffEntry::SetCustomReleaseTime(const base::TimeTicks& release_time) { exponential_backoff_release_time_ = release_time; } bool BackoffEntry::CanDiscard() const { if (policy_->entry_lifetime_ms == -1) return false; base::TimeTicks now = ImplGetTimeNow(); int64_t unused_since_ms = (now - exponential_backoff_release_time_).InMilliseconds(); // Release time is further than now, we are managing it. if (unused_since_ms < 0) return false; if (failure_count_ > 0) { // Need to keep track of failures until maximum back-off period // has passed (since further failures can add to back-off). return unused_since_ms >= std::max(policy_->maximum_backoff_ms, policy_->entry_lifetime_ms); } // Otherwise, consider the entry is outdated if it hasn't been used for the // specified lifetime period. return unused_since_ms >= policy_->entry_lifetime_ms; } void BackoffEntry::Reset() { failure_count_ = 0; // We leave exponential_backoff_release_time_ unset, meaning 0. We could // initialize to ImplGetTimeNow() but because it's a virtual method it's // not safe to call in the constructor (and the constructor calls Reset()). // The effects are the same, i.e. ShouldRejectRequest() will return false // right after Reset(). exponential_backoff_release_time_ = base::TimeTicks(); } base::TimeTicks BackoffEntry::ImplGetTimeNow() const { return base::TimeTicks::Now(); } base::TimeTicks BackoffEntry::CalculateReleaseTime() const { int effective_failure_count = std::max(0, failure_count_ - policy_->num_errors_to_ignore); // If always_use_initial_delay is true, it's equivalent to // the effective_failure_count always being one greater than when it's false. if (policy_->always_use_initial_delay) ++effective_failure_count; if (effective_failure_count == 0) { // Never reduce previously set release horizon, e.g. due to Retry-After // header. return std::max(ImplGetTimeNow(), exponential_backoff_release_time_); } // The delay is calculated with this formula: // delay = initial_backoff * multiply_factor^( // effective_failure_count - 1) * Uniform(1 - jitter_factor, 1] // Note: if the failure count is too high, |delay_ms| will become infinity // after the exponential calculation, and then NaN after the jitter is // accounted for. Both cases are handled by using CheckedNumeric<int64_t> to // perform the conversion to integers. double delay_ms = policy_->initial_delay_ms; delay_ms *= pow(policy_->multiply_factor, effective_failure_count - 1); delay_ms -= base::RandDouble() * policy_->jitter_factor * delay_ms; // Do overflow checking in microseconds, the internal unit of TimeTicks. const int64_t kTimeTicksNowUs = (ImplGetTimeNow() - base::TimeTicks()).InMicroseconds(); base::internal::CheckedNumeric<int64_t> calculated_release_time_us = delay_ms + 0.5; calculated_release_time_us *= base::Time::kMicrosecondsPerMillisecond; calculated_release_time_us += kTimeTicksNowUs; const int64_t kMaxTime = std::numeric_limits<int64_t>::max(); base::internal::CheckedNumeric<int64_t> maximum_release_time_us = kMaxTime; if (policy_->maximum_backoff_ms >= 0) { maximum_release_time_us = policy_->maximum_backoff_ms; maximum_release_time_us *= base::Time::kMicrosecondsPerMillisecond; maximum_release_time_us += kTimeTicksNowUs; } // Decide between maximum release time and calculated release time, accounting // for overflow with both. int64_t release_time_us = std::min( calculated_release_time_us.ValueOrDefault(kMaxTime), maximum_release_time_us.ValueOrDefault(kMaxTime)); // Never reduce previously set release horizon, e.g. due to Retry-After // header. return std::max( base::TimeTicks() + base::TimeDelta::FromMicroseconds(release_time_us), exponential_backoff_release_time_); } } // namespace brillo