Ensure calls to OOP for source-generator purposes see the exact same Solution-snapshot-instances across all calls they make

[CyrusNajmabadi]

Fixes #81527

This one was a bit of a doozy. While investigating, it seemed like the only possible way for us to hit this crash on the OOP side was if the calls within TryComputeNewGeneratorInfoInRemoteProcessAsync to GetSourceGeneratedDocumentInfoAsync and GetContentsAsync were operating on different solution instances.

However, that was supposed to not happen, due to us creating an OOP KeepAliveSession prior to both calls to 'pin' that solution on the OOP side.

However, looking more closely at KeepAliveSession, i realized there were two major problems with how we were using it.

First, the solution we were asking it to pin in OOP wasn't hte same as the solution we were then asking for in those two calls. Specifically, the KeepAliveSession was pinning the full solution, while the individual calls were asking for Project-Cone subsets of hte solution. As nothing was pinning those, it was possible for the individual calls to get different instances, allowing them to be out of sync.

Second, KeepAliveSession was originally written as a 'best effort' helper. It would make a call over to OOP to pin the solution, but then return immediately, prior to the actual solution being fully remoted and actually pinned. This was fine for most features, as this was only intended to help speed things up. But it was not ok for the source-gen case as we are depending on the invariant that the project-cone actually be pinned, so that the next two calls must see that exact instance.

This PR fixes both. First, the KeepAliveSession we now make is specific to the project-cone we need pinned. Second, the KeepAliveSession system has been fixed up so that now it only returns back to the caller once the actual solution is pinned on the OOP side, ensuring that it must be there.

[CyrusNajmabadi]

@jasonmalinowski @dibarbet ptal. IN particular, with a strong eye towards raceyness and invariants.

[CyrusNajmabadi]

note: the first thing this helper does is yield, ensuring we do proceed and concurrently kick off the call to WaitForSessionIdAsync.

[CyrusNajmabadi]

note the subtlety of using callerCancellationToken here, but keepAliveCancellationTokenSource.Token in the first OOP call this is concurrent with. The KeepAliveSession (The value we return) controls the lifetime of that first call), whereas the client calling into KeepAliveSession.CreateAsync controls this call to wait for the session to be established.

[CyrusNajmabadi]

i considered using a NoThrowAwaitable here and returning a new RemoteKeepAliveSession that would dispose teh cancellation token controlling KeepAliveAsync. However, i didn't like that as it meant the caller could cancel, and have this return normally, making it so that it would then execute the next statement after using var session = KeepAliveSession.Create(..., ct);. I don't like apis that return gracefully on cancellation as that means the caller must then immediately check the ct afterwards.

But we had to be delicate here. Because the caller could cancel, we def need to make sure that we cancel the work to sync the solution over. If we don't do that, and we bubbled out the cancellation exception, we would never release that solution on the OOP side, which would be super bad :)

[CyrusNajmabadi]

tried to be very clear in docs what is going on.

[jasonmalinowski]

These docs are fantastic.

[CyrusNajmabadi]

intentionally naked catch. Any exception makes us Dispose the session. and since we return 'false' from DisposeKeepAliveSession, we'll just bubble that exception up.

[CyrusNajmabadi]

@jasonmalinowski @dibarbet ptal.

[dibarbet]

could this function be replaced by InvokeKeepAliveAsync?

[CyrusNajmabadi]

No. The way "keep alive" works (at a high level" is that we send a call over to oop that effectively "hangs" on the oop side (waiting for cancellation) and does NOT return.

So we can't await it since it truly doesn't return (until the entire keep alive session is disposed).

The change here is to allow a second call to be made (and returned) to know that enough of the first call has gone through to hydrate and pin the solution on the oop side.

[dibarbet]

is it all OOP calls, or call using the same keep alive session?

[CyrusNajmabadi]

It is calls that want to get the solution instance that the keep alive session is pinning.

[dibarbet]

What is the scenario where you'd call KeepAliveAsync, but not WaitForSessionIdAsync (could they be combined into one)?

Wouldn't any keep alive session need to wait for the solution to be hydrated?

[CyrusNajmabadi]

There's just one (rename), and I'll look into fixing it up. Rename has a synchronous startup. So we can't use async/await.

But rename is only using this to speed things up. Not for correctness. So it's ok if it might see a more than one solution instance in different oop calls. It just won't be as efficient. It won't be wrong.

[dibarbet]

resolved offline - KeepAliveAsync hangs until the session is disposed of (intentionally), but the caller also needs to observe when the keepalive is 'ready' while the session is in progress - so it needs a separate method to ask this.

[CyrusNajmabadi]

@dibarbet another way to think about it. The initial 'keep alive' call (which, again, hangs on the OOP side), effectively takes the snapshot for the requested solution/project-cone, and pins it on the OOP side (effectively it has a ref-count of at least one due to that 'in flight call').

Because of that, the oop snapshot cannot be released, and all subsequent calls will necessarily see that pinned snapshot, increaseing/decreasing its refcount as they proceed (but never going below the ref-count of 1).

Then when the keep-alive-session is disposed, it will cancel the CT on the host side. THis transfers over to the OOP side, which then allows the hung OOP call to finally return. This drops taht ref-count on the OOP side, which means the ref-count can reach zero, and the pinned snapshot can be released in OOP.

[jasonmalinowski]

I think there is one bug here around the fact we're disposing the CancellationTokenSource we create in the session on the client side -- there's a sequence of events that might touch that token when it's disposed. I believe it's just safe to remove the Dispose() but might have to check with the runtime folks.

Overall the comments here are fantastic and it made it very easy to understand this PR from a perspective of what you're trying to do. The time I had to spend on this was just thinking for races, not understanding the code.

[jasonmalinowski]

These docs are fantastic.

[jasonmalinowski]

If this fails, what prevents the WaitForSessionIdAsync() from not hanging forever?

[CyrusNajmabadi]

This is a very good point. Fixing up.

[jasonmalinowski]

I think there's a potential race here. Consider this sequence of events:

1. Client starts off a keep-alive session, and InvokeKeepAliveAsync runs and does the Yield(). The rest of this method is in the queue, but not running yet.
2. Client continues and hits the WaitForSessionIdAsync call.
3. Client triggers it's cancellation token.
4. The RemoteKeepAliveSession is disposed.
5. This method finally gets off the queue, and runs. We try to access .Token, but that throws since the CancellationTokenSource is disposed.

Do we need the dispose? Or do we know that at some point the cancellation token will get cancelled in all cases? AFAIK Disposal is only needed if you know you're not going to cancel the token.

[CyrusNajmabadi]

AFAIK Disposal is only needed if you know you're not going to cancel the token.

That's good advice. I didn't realize that was a general way to clean things up. Based on that, i'm getting rid of all disposal and documenting accordingly.

[jasonmalinowski]

Nit: add a comment the bool isn't being used, this is just to work around the fact this project compiles with netstandard2.0 and we can't use the non-generic form. I'm also not sure if TaskCompletionSource is better for the JIT, since there's always a risk this has to JIT a specialization here rather than using the System.__Canon one.

[CyrusNajmabadi]

Done.

[jasonmalinowski]

Isn't there a Timeout.Infinite we can use somewhere for this?

[CyrusNajmabadi]

yes there is :)

[CyrusNajmabadi]

Cleaned this up slightly. Easier to see (imo) what's going on by making this two calls. One fire-and-forget, one-awaited.

[CyrusNajmabadi]

this part was subtle. Ensuring that if we fail for a non-cancellation reason to send the initiak KeepAliveAsync call, that we properly shutdown this session. This ensures cleaning up the WaitForSessionIdAsync call happens and the caller doesn't hang.

[CyrusNajmabadi]

this also changed. We want to make sure that cleanup (which can now happen from KeepAliveAsync) ensures that WaitForSessionIdAsync cleans up too. Mixing the two cancellation tokens together ensures that happens.