Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Questions about FailureInjector.p #691

Open
dtornow opened this issue Feb 2, 2024 · 2 comments
Open

Questions about FailureInjector.p #691

dtornow opened this issue Feb 2, 2024 · 2 comments

Comments

@dtornow
Copy link

dtornow commented Feb 2, 2024

Hello,

I have two questions about the FailureInjector, specifically about the FailOneState

state FailOneNode 
{
    entry 
    {

        var fail: machine;

        if(nFailures == 0)
        {
            raise halt; // done with all failures
        }
        else
        {
            if($)
            {
                fail = choose(nodes);
                send fail, eShutDown, fail;
                nodes -= (fail);
                nFailures = nFailures - 1;
            }
            else 
            {
                send this, eDelayNodeFailure;
            }
        }
    }

    on eDelayNodeFailure goto FailOneNode;
  
}

Missing Loop

AFAIU the state machine does not loop i.e. if the FailureInjector fails one node it will never fail another node again. We could rectify this situation by raising another eDelayNodeFailure in the if($) clause.

That leads me to my second, more nuanced question

Unnecessary Requeue

AFAIU a p state machine has its own inbox, the delivery of events is managed by the p runtime to control the interleaving of messages.

Looks to me like the code implements the idea of "randomly fail or do not fail".

Since the p runtime delivers event "randomly", we are encoding on an application level what is already encoded on a runtime level, increasing the state space exploration necessary without increasing the coverage?

Conclusion

Would this code be sufficient?

state FailOneNode 
{
    entry 
    {

        var fail: machine;

        if(nFailures == 0)
        {
            raise halt; // done with all failures
        }
        else
        {
            fail = choose(nodes);
            send fail, eShutDown, fail;
            // nodes -= (fail); // uncomment to ensure a node may failure at most once
            nFailures = nFailures - 1;

            // the p runtime already ensures this will be delivered sometimes in the future, no need to "busy loop"
            send this, eDelayNodeFailure;
        }
    }

    on eDelayNodeFailure goto FailOneNode;
  
}
@ankushdesai
Copy link
Member

The way this code was written is that to inject only one node failure. Hence, it either fails a node and if didnt fail a node then it loops back by using the delay event.

@ankushdesai
Copy link
Member

@ababber19 Please update here after you have addressed the tutorial documentation to make this explicit.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@dtornow @ankushdesai