Re: Permissible states for extension frames #591

Greg Wilkins <gregw@intalio.com> Tue, 12 August 2014 23:55 UTC

Return-Path: <ietf-http-wg-request@listhub.w3.org>
X-Original-To: ietfarch-httpbisa-archive-bis2Juki@ietfa.amsl.com
Delivered-To: ietfarch-httpbisa-archive-bis2Juki@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id CA8371A079F for <ietfarch-httpbisa-archive-bis2Juki@ietfa.amsl.com>; Tue, 12 Aug 2014 16:55:01 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -6.947
X-Spam-Level:
X-Spam-Status: No, score=-6.947 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, FM_FORGED_GMAIL=0.622, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_HI=-5, RP_MATCHES_RCVD=-0.668, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id So6tYmlj19NC for <ietfarch-httpbisa-archive-bis2Juki@ietfa.amsl.com>; Tue, 12 Aug 2014 16:54:59 -0700 (PDT)
Received: from frink.w3.org (frink.w3.org [128.30.52.56]) (using TLSv1 with cipher AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 1CDA51A02E6 for <httpbisa-archive-bis2Juki@lists.ietf.org>; Tue, 12 Aug 2014 16:54:58 -0700 (PDT)
Received: from lists by frink.w3.org with local (Exim 4.72) (envelope-from <ietf-http-wg-request@listhub.w3.org>) id 1XHLqj-0007D9-1a for ietf-http-wg-dist@listhub.w3.org; Tue, 12 Aug 2014 23:51:29 +0000
Resent-Date: Tue, 12 Aug 2014 23:51:29 +0000
Resent-Message-Id: <E1XHLqj-0007D9-1a@frink.w3.org>
Received: from lisa.w3.org ([128.30.52.41]) by frink.w3.org with esmtp (Exim 4.72) (envelope-from <gregw@intalio.com>) id 1XHLqI-0007BD-09 for ietf-http-wg@listhub.w3.org; Tue, 12 Aug 2014 23:51:02 +0000
Received: from mail-we0-f180.google.com ([74.125.82.180]) by lisa.w3.org with esmtps (TLS1.0:RSA_ARCFOUR_SHA1:16) (Exim 4.72) (envelope-from <gregw@intalio.com>) id 1XHLqG-0004FA-B8 for ietf-http-wg@w3.org; Tue, 12 Aug 2014 23:51:01 +0000
Received: by mail-we0-f180.google.com with SMTP id w61so10545222wes.25 for <ietf-http-wg@w3.org>; Tue, 12 Aug 2014 16:50:33 -0700 (PDT)
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:mime-version:in-reply-to:references:date :message-id:subject:from:to:cc:content-type; bh=quH6Z+4sO543zLBRY51wMulQUQnzpTMkVoTd2CnDHOM=; b=MJlFmLTJsI5H+YfgAEYEywpzdQqHYGbPSVOyS3ZOOJDPKAu2uJxP8PTLTq6QXFt0dl kufbNTrJl4ovd9IL6kp7yUpH3SeNNNrwXcYpwPchMm80FgElhWYvdmZ3c2gv5CFEK1Ha qXvmPIPaoRt1va9h72BvJpJcZPlvwEdEo77+6rZudtgN0yZTnL+YGCiMCgxaIM5ZnjnJ y4pFcoI5G/vNz65gRqycl7gaidLWGDW6fEsn49dUWaolchAHiNpMHOPPbYkPOq/m7QWX rnAdkbBJ0vdK34qu1FzUHaDywXoE/UmMjkUTzE7O8g4d97zG++gBvuHgT+R0H9pd885n kWJA==
X-Gm-Message-State: ALoCoQn9c7wPB6bJ191ov01+Nlepdn6C/t1PwNORaFqlPcAg5h5jY31FRPVcZesgJBaiprJzaRZK
MIME-Version: 1.0
X-Received: by 10.194.119.193 with SMTP id kw1mr875420wjb.82.1407887433275; Tue, 12 Aug 2014 16:50:33 -0700 (PDT)
Received: by 10.194.169.98 with HTTP; Tue, 12 Aug 2014 16:50:33 -0700 (PDT)
In-Reply-To: <53E9E30C.1020500@treenet.co.nz>
References: <CABkgnnVgnJSmJW2B4nJ8Vb-Nwi3EF2pra7D_m8uqZfQ8H1a2eA@mail.gmail.com> <CAH_y2NGofk6bsLOr510MuSVuh9=EhTVBYROGBnAdeie-YQS-8Q@mail.gmail.com> <CABkgnnUZxaVnSOEf8D2HQGZRWc0K1UNs99FswdFYUz8Wg9cq=w@mail.gmail.com> <CAH_y2NGkitE9Ow+rhxL4a2U+hVJu=QN2C=Wy5ZrvWaLA3H9cXQ@mail.gmail.com> <53E9E30C.1020500@treenet.co.nz>
Date: Wed, 13 Aug 2014 09:50:33 +1000
Message-ID: <CAH_y2NGy5esJGBjdOrgqJoyQCrWOswvW3HeaeMLe3OdPR_vCSg@mail.gmail.com>
From: Greg Wilkins <gregw@intalio.com>
To: Amos Jeffries <squid3@treenet.co.nz>
Cc: HTTP Working Group <ietf-http-wg@w3.org>
Content-Type: multipart/alternative; boundary="089e012286265833c1050077561b"
Received-SPF: permerror client-ip=74.125.82.180; envelope-from=gregw@intalio.com; helo=mail-we0-f180.google.com
X-W3C-Hub-Spam-Status: No, score=-3.8
X-W3C-Hub-Spam-Report: AWL=-3.100, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_LOW=-0.7
X-W3C-Scan-Sig: lisa.w3.org 1XHLqG-0004FA-B8 2f085404122c118a840263a2e7736ad4
X-Original-To: ietf-http-wg@w3.org
Subject: Re: Permissible states for extension frames #591
Archived-At: <http://www.w3.org/mid/CAH_y2NGy5esJGBjdOrgqJoyQCrWOswvW3HeaeMLe3OdPR_vCSg@mail.gmail.com>
Resent-From: ietf-http-wg@w3.org
X-Mailing-List: <ietf-http-wg@w3.org> archive/latest/26594
X-Loop: ietf-http-wg@w3.org
Resent-Sender: ietf-http-wg-request@w3.org
Precedence: list
List-Id: <ietf-http-wg.w3.org>
List-Help: <http://www.w3.org/Mail/>
List-Post: <mailto:ietf-http-wg@w3.org>
List-Unsubscribe: <mailto:ietf-http-wg-request@w3.org?subject=unsubscribe>

On 12 August 2014 19:49, Amos Jeffries <squid3@treenet.co.nz> wrote:

> I dont see why we need to do that at all.


The problem is that we have a very strict definition of no interleaving of
frames between continuations.  Not even control frames can be
interleaved.   This allows implementations to treat continuations as simply
an atomically arriving jumbo.

In fact when we discussed the more complete version of the state machine
https://github.com/http2/http2-spec/issues/484 that could handle non atomic
arrival of end_stream and  end_headers, the argument was made that the
state machine should not be complicated in that way.  It was said that
nobody would implement the proposed 1/4 closed and 3/4
<http://lists.w3.org/Archives/Public/ietf-http-wg/2014AprJun/att-0720/http2state.txt>
closed states because you can effectively treat the arrival of an
end_stream and the following end_headers as atomic.

If we allow arbitrary interleaving of extension frames, then we will have
extension frames arriving in the middle of these supposed atomic stream
state transitions that every implementation is going to have elided in some
not specified private way.    Thus it is highly unlikely that portable
extensions that interact with stream state will be able to be developed as
there is not a common definition for non-atomic leap between two defined
stream states.

Also any implementation that wishes to some day support the any extension
frames, cannot be written with the simplified state machine and must treat
headers and continuations as non atomic events.  This is not an impossible
task and if we supported interleaving of continuations frames by other
protocol frames, then it would have to be done anyway.  But unfortunately
because we don't support any interleaving in the default protocol, that
means that any impl that does support the full state machine cannot
actually be tested with the un extended protocol. So there are going to be
a lot of undiscovered bugs that might be exploitable once a few extensions
are implemented long after the more rigorous testing of the stream states
has been done.

The best solution would of been to have a framing layer that was entirely
independent of frame types, so it could have handles stream control without
even needing to know what an extension was.   But that horse bolted long
ago.

We could have taken a step towards that optimum solution by removing
continuations and supporting fragmentable interleavable headers with a
simple stream state machine where end_stream is on the last frame. Sure it
is more complex, but at least it can be tested in a normal use case.  But
we didn't get consensus for that.

So next best would be to allow interleaving of at least control frames
between continuation frames.  This would at least allow  testing the
complexities of 1/4 and 3/4 closed streams but without having many benefits
for this complexity.  Kind of the worst of all worlds, but probably
necessary if we want extensions able to be arbitrarily interleaved.

Failing that, all we can continue to treat continuations as a very special
case and that nothing can interleave, not even extension frames.   Only
then can implementations implement the simplified state machine that was
explicitly used to justify many design decisions.  Unfortunately this means
that all extensions, even ones that don't care about stream state, have to
known about this special case so they don't interleave at the wrong time.

Sorry for the essay, but it is really important to not allow WG fatigue to
let some less-precise wording through.  We've been told that "ugliness" is
not a technical reason for rejecting a design, so we have some ugly parts
in the specification.  The cost of ugliness comes now as every single thing
you add/extend to the specification has to be run past all the ugliness and
we have to make sure that we don't break any of the fragile reasoning or
fictional state machine used to support it.   Non-ugly design is more
robust in the face of change/extension.

regards




















-- 
Greg Wilkins <gregw@intalio.com>
http://eclipse.org/jetty HTTP, SPDY, Websocket server and client that scales
http://www.webtide.com  advice and support for jetty and cometd.