Get/Return pooled connections

[mdaigle]

Description

This PR adds Get and Return functionality to the new ChannelDbConnectionPool class.
A channel and corresponding channel reader and writer are added to underpin these operations.
An array is added to hold references to all connections managed by the pool.
Logic is included to respect max pool size in all cases.

Not included: pool warm up (including respecting min pool size), pool pruning, transactions, tracing/logs. These will come in follow-up PRs.

Also includes extensive unit test coverage for the implemented functionality. Integration testing is reserved for a later state when more of the pool functionality is available.

Issues

#3356

Testing

Tests focus on the Get and Return flows with special focus on the following:

• async behavior
• max pool size respected
• connections successfully reused
• requests successfully queued and queue order respected
• stress testing with many parallel operations

[mdaigle]

Exposes creation time for load balancing and max connection lifetime enforcement.

[imasud00]

Why to make getter and setter internal ?

It looks like this class DbConnectionInternal is managing its creation time, and this value isn’t exposed to derived classes.

If there’s any chance that this responsibility might shift in the future, or if derived classes may need to update the creation time, I recommend adding a protected method (e.g., UpdateCreationTime(DateTime newTime)) rather than exposing a protected setter or property.

My reasoning is:

Updating creation time should be an explicit, intentional action, not just a simple property assignment. An explicit method makes this clear in the API and signals that it’s a special operation as most of the logic is still in the base.

Let me know your thoughts.

[mdaigle]

Agreed. Other classes shouldn't be updating this property. This syntax will only expose a getter for the property: https://learn.microsoft.com/en-us/dotnet/csharp/programming-guide/classes-and-structs/properties#expression-body-definitions

[mdaigle]

@roji tagging you here if you have any time to review. Thanks!

[benrr101]

In general, it looks good. A bunch of things I'd like addressed, but you know I'll accept valid arguments against fixing them :)

[paulmedynski]

I have reviewed the ChannelDbConnectionPool changes. I will look at the tests once we have converged on an implementation. It might be a good idea to host another meeting to walk through the commentary here.

[paulmedynski]

This is complicated enough to warrant an English explanation of what's happening.

[paulmedynski]

Catch only what is documented to be thrown.

[imasud00]

Interlocked.Increment(ref _instanceCount);

does it matter if it becomes negative ?

[benrr101]

it starts at zero and only ever goes up

[paulmedynski]

Counters are naturally unsigned, so can we use uint or ulong instead? I'd be proud if those ever wrapped :)

[paulmedynski]

Also, should this be _instanceId ?

[mdaigle]

There's no Interlocked.Increment() overload for uint. It doesn't matter if it goes negative. It's only used for identification of unique pools in trace messages.

[imasud00]

ChannelDbConnectionPool

it might be good to add some documentation on how this class works and how this is different than the WaitHandleDbConnectionPool.

[benrr101]

Sorry, needs another round... But the other first round was pretty good!

[benrr101]

nit: these can/should be on the same line

[benrr101]

it starts at zero and only ever goes up

[benrr101]

Ok I rescind my Nit designation - let's get these on the same line

[benrr101]

nit: I think your indentation got messed up here

[benrr101]

Please chomp this biggie of a line :)

[benrr101]

.... true is completely redundant now, lol

I'd rather have a while(true) than while(!finalToken.IsCancellationRequested). At least I know intuitively that while(true) implies we'll break out somewhere inside. The latter implies we run this code until timeout... And the combination is just, well redundant 😂

It would be nice if there was a way to have the condition of the while be while(connection is null && finalToken.IsCancellationRequested). Which I think is what we were working towards by suggesting a do/while loop - basically make at least one attempt to get a connection, and loop around if we haven't. I'd suggest then making it like:

do {
  finalToken.ThrowIfCancelled();

  // do stuff to set connection
} while(connection is null);

return connection;

[mdaigle]

the latest refactor should help with this. coming soon!

[samsharma2700]

When will this be different than the size of _connections array?

[mdaigle]

This counts the number of slots in the array that have actually been reserved. It starts at 0 and increments each time a connection is added to the pool for tracking. It's decremented every time a connection is destroyed and removed from the pool. The only time it will equal the size of the _connections array is when we're at max pool size.

[samsharma2700]

I agree with the efficiency argument but have we compared the difference in performance for our specific use case implementation for Bounded vs Unbounded Channel. Bounded channel can offload the part of us worrying about Max/Min poolsize, flooding and starvation in exchange for some throughput loss.

[mdaigle]

With a bounded channel alone, we won't respect max pool size. The channel only stores connections that are "idle" (sitting unused in the pool). Connections that are in active use are not represented in the channel. So, if we used the bounded size of the channel to enforce max pool size, we wouldn't take into account any connections that are in active use.

[samsharma2700]

So in essence _numConnections is doing the reservation part for us. Does the array itself provide any thing that Concurrent Bag/Dictionary/Queue will not provide. SemaphoreSlim does look seem to be the lightest, thread-safe solution here.

[paulmedynski]

A new round of comments, questions, and suggestions :)

[paulmedynski]

Counters are naturally unsigned, so can we use uint or ulong instead? I'd be proud if those ever wrapped :)

[paulmedynski]

What's our take on initializing fields/properties that don't depend on a constructor body? Do we prefer to do it in each constructor, or do it on the field/property declaration? I prefer the latter. We've got a mix in this class so far (see _instanceID line 40).

[benrr101]

I don't really have a preference here. Maybe a slight preference towards doing it in the constructor for instance variables, doing it outside the constructor (where possible) for statics. But I think I have more of a preference for not having a preference :)

[paulmedynski]

Also, should this be _instanceId ?

[mdaigle]

This was only used inside the constructor while fields were being initialized. You can't get a reference to a pool until the constructor completes, so we don't need this state.

[mdaigle]

State should only be modifiable by the pool itself.

[mdaigle]

The System.Threading.Channels namespace isn't included in the netstandard API, but the package provided System.Threading.Channels targets netstandard2.0

[vonzshik]

Any particular reason to not use TrySetResult and TrySetException to avoid unnecessary exceptions?

[mdaigle]

I like this idea, done!

[vonzshik]

Looking at the current source code of WaitHandleDbConnectionPool, it seems like everything between ADP.SetCurrentTransaction and taskCompletionSource.SetResult is synchronous, unlike here, where GetInternalConnection can go async. I wonder whether it's to make the default TransactionScope work (you have to pass a parameter to support async) with OpenAsync, although it's kinda weird to do so anyway.

[mdaigle]

Thanks, this is an important point. I haven't included transaction support in the scope of work for this PR and included this line prematurely. This line is incorrect for the reason you stated. When we go down the async path, we may end up creating/retrieving a connection in a continuation and that continuation would have no reference to the ambient transaction.

This does make me wonder whether we need any additional hygiene measures to make sure we reset ambient transaction state on threads. We wouldn't want a managed thread to hold onto the ambient transaction state and incorrectly enlist other connections.

[paulmedynski]

We're getting closer!

[paulmedynski]

I don't think we need this check.

[mdaigle]

I refactored this a bit so that it makes sense based on the nullability constraints and to remove the side effects from this method.

[paulmedynski]

init means "Must be assigned during construction", but doesn't restrict that assignment to a constructor body. A caller could do this:

DbConnectionInternal conn = new(...) { CreateTime = DateTime.UnixEpoch; }

The initializer body runs after the constructor body, but still during construction. This isn't what we want.

I think all you need is:

internal DateTime CreateTime { get; }

That will make CrateTime immutable - you will be forced to assign it in all constructor bodies, and then prohibited from assigning to it anywhere else.

I suspect this applies to all of your use of init in this PR.

[mdaigle]

Makes sense, I didn't realize the init properties could be set in that way.

[paulmedynski]

Is this an array or a collection? Let's use the most precise term consistently.

[paulmedynski]

Are you trying to explain that callers must release a reservation if adding a connection via that reservation fails?

I'll have to see how this works. Leaving a breadcrumb for myself...

[paulmedynski]

Missing }.

[paulmedynski]

Stale comment - does this belong inside ValidatOwnershipAndSetPoolingState() ?

[paulmedynski]

Do we need this. here?

[paulmedynski]

It seems fragile to separate the reservation and un-reservation across methods.

Could we make a reservation a first-class object and use disposal to have it un-reserve itself? And then have a Reservation.Keep() method that you call if you want to keep it (this would just ignore disposal). In fact, maybe only ConnectionSlots.Add() is allowed to call Reservation.Keep(), then all the paperwork is done for you by IDisposable and ConnectionSlots.

There is usually a single "keep" path, and multiple "don't keep" paths, so its safer to let the compiler worry about the "don't keep" ones for you.

I prefer this failsafe-by-default approach when acquiring resources.

You could go one step further, and only allow Add()inga connection to its reserved slot via a method on Reservation. Then you avoid the problem where you can call Add() on ConnectionSlots without having made a reservation. And once it's impossible to Add without a Reservation, you can just always decrement _reservations when you Remove() a connection that you found in the slots.

Essentially, you're using the lifetime of a Reservation object to:
a) guarantee you can Add(), and
b) guarentee someone else can't add if there are no free slots.

[mdaigle]

👍 I'll take a look at this and see what I can do. A failsafe API definitely sounds nicer, I just want to make sure we don't force extra allocations if we can avoid it. It's probably fine as long as we only allocate when opening and closing connections and not every time we get/return.

[mdaigle]

it wouldn't be a big allocation anyway

[paulmedynski]

Hmm, is this parameter worth it? Now I can make a mistake and pass trackedInSlots = false when the connection is indeed in a slot.

In the false case, isn't that an exceptional condition anyway (i.e. we couldn't do some part of the "make a new connection" flow)? Does it really matter if we spin through our slots just to find out it wasn't there?

[mdaigle]

I think I agree. Like you mentioned, it's on an exception path anyway, so not as critical.

[paulmedynski]

These ??= comments are a bit misleading. At line 466 we don't know whether or not we got an idle connection. We only know that if we hit the await part. Maybe this would be clearer as If we didn't find ..., then try to ....