store: Have UpdateMachine.load check account still exists after async gaps

[chrisbobbe]

Fixes: #1354

[PIG208]

Thanks for working on this! I like the new UpdateMachineTestGlobalStore. Left some thoughts and comments.

[PIG208]

Making this explicit in dartdocs seems useful; I think this also applies to removeAccount?

[PIG208]

Thinking about the validity of the accountId, I feel that this is analogous to memory management — an object is allocated some memory, and we have pointers to it in the data store; freeing that object leaves the pointers dangling, hence the need for null-checks and assertions.

I vaguely feel that we can make stopAndThrowIfNoAccount available as a helper similar to getAccount where the account is required, and only check for its existence on use, not after async gaps, but I'm not sure if that will be cleaner/easier to maintain.

[chrisbobbe]

Hmm, I think I wouldn't be satisfied with an approach like that.

Within some synchronous code, say point A is where we retrieve the Account data (getAccount), and points B, C, and D are where we need to make decisions about it or pass it across some boundary where point A couldn't go (like if we call a platform API). I'd be happier if we could freely put point A where it makes the most sense for code organization, which will depend on the context; maybe we want to shorten the paths to B, C, and D, or maybe to put it neatly at the top of a function body. If the placement of point A affects behavior (because that's where we do the null-check), It feels much less flexible and harder to reason about. We can get that flexibility by doing stopAndThrowIfNoAccount after the async gaps.

only check for its existence on use

This wouldn't answer the need to interrupt the retry loop in _registerQueueWithRetry (the symptom I mentioned at #1354 (comment) ). We need to know if the account has been logged out, to stop retrying in that case, but we don't actually use the account's data.

[PIG208]

Bumping #1386 (comment); I guess we still want to mention the constraint to its dartdoc?

---

Thanks for the explanation. I think Account will go well with a version of use_build_context_synchronously, if we have a way to annotate this type somehow.

[PIG208]

This is pretty cool! I think the layout of these mixins will probably be helpful guidance to later break down GlobalStore itself as well; similar to what we did with ChannelStore, etc.

[PIG208]

nit: is the extra "." intentional here?

[PIG208]

I'm not sure if I understand how this works. We prepare an error with the current connection, but call clearCachedApiConnections immediately after.

Is it expected that the update machine still has the connection with the prepared response when polling, but it won't be after reloading?

[chrisbobbe]

Yeah, thanks for pointing out that this is confusing. I wasn't sure where would be the least confusing place to put globalStore.clearCachedApiConnections();.

My idea in putting it here was that it's right next to the globalStore.prepareRegisterQueueResponse =(newConnection) { /* … */ }.

The "cache" is test infrastructure; see _ApiConnectionsMixin.useCachedApiConnections. When we look at app code that runs during a test, the cache is only relevant when the code asks to create a new ApiConnection, which it does with GlobalStore.apiConnection or GlobalStore.apiConnectionFromAccount.

In the app code exercised by these tests, that happens twice:

1. When the test calls await globalStore.perAccount (near the top of prepareReload)
2. When the UpdateMachine responds to the bad-event-queue error by re-registering.

The test 'user logged out before new store is loaded' would break if step 2 picked up a connection that was cached in step 1, because the one from step 1 gets disposed on logout.

The UpdateMachineTestGlobalStore uses the caching behavior to make doLoadPerAccount work, but it's still fine to clear the cache between calls to doLoadPerAccount.

[chrisbobbe]

I'll try to make it more clear in my next revision :)

[gnprice]

I think a good comment on this clearCachedApiConnections call can probably replace the need for this bit below:

        // Assert this is actually a new connection, not the one on
        // globalStore._perAccountStores, which at least one test will close
        // via logOutAccount.
        assert(!identical(connection, newConnection));

(Because that assert is basically checking that this clearCached… happened, right?)

[PIG208]

Thanks! The new ordering and block of comments makes it quite clear to me.

[PIG208]

Because both UpdateMachineTestGlobalStore and TestGlobalStore share removeAccountDuration through _DatabaseMixin, perhaps we should find a new home to this constant. Maybe a "k"-prefixed const?

[chrisbobbe]

Maybe; let's see if @gnprice has thoughts on that. I showed him in the office that a static _DatabaseMixin.removeAccountDuration wouldn't work (callers would have to access it using the mixin's name, like FooMixin.removeAccountDuration, and it doesn't make sense for the mixin to be public). Greg suggested just leaving it as a static on TestGlobalStore.

[gnprice]

Yeah, I think this is fine. If we find ourselves with more items like this, maybe we'll find some other way to organize them.

[PIG208]

Further down there is another async gap at await globalStore.updateAccount; should we call stopAndThrowIfNoAccount there as well?

[chrisbobbe]

I believe there isn't a bug that we could catch by doing so.

1. We hope and expect that await globalStore.updateAccount always fails if the account is removed concurrently. If it doesn't, that's a bug in the database implementation.
2. If await globalStore.updateAccount succeeds, that means there's still an Account object in GlobalStore._accounts. Since stopAndThrowIfNoAccount looks at GlobalStore._accounts too, it would find it there and wouldn't throw. So even if the (1) bug exists, stopAndThrowIfNoAccount wouldn't help us catch it.

[gnprice]

Should this poll call be here? It looks like it now duplicates one that UpdateMachine.load makes.

[chrisbobbe]

Indeed; thanks.

[gnprice]

I spent some time staring at this vs. TestGlobalStore and thinking about the relationship between them. I didn't see any big changes I'd want to make; but the updateMachines field over on that other class was one thing that was a bit incongruous with the naming of the classes, and I realized it wasn't needed.

I'll push an extra commit that cuts that out, as well as a prep commit in a different area that this brought up:
dd9b29b test [nfc]: Simplify out TestGlobalStore.updateMachines
247bf7f store test [nfc]: Clarify what prepareReload is doing

[chrisbobbe]

Great; thanks!

[chrisbobbe]

Thanks for the reviews! Revision pushed, but GitHub seems stuck and I'm not sure if it took—the branch should be at 1ea55a9.

[PIG208]

I haven't seen this message before. Looks like it's just taking longer than usual: https://github.blog/changelog/2023-09-26-more-details-provided-when-a-pull-request-is-merged-indirectly-or-is-still-processing-updates/#pushed-commits-are-still-being-processed

[gnprice]

Weird — that's a long delay at this point (40 minutes since Chris's comment above).

Try pushing again (with some trivial change)? Possibly that'd unwedge it.

[PIG208]

Looks good to me other than a nit. Thanks for the updates!

[gnprice]

I fetched 1ea55a9 from Chris's fork, made a no-op change, and pushed that. This time the push seems to have worked.

[gnprice]

Thanks! Generally this looks great. One added test I'd like to see, and otherwise nits.

[gnprice]

nit: I think "given account" is right — the per-account data is for the account, not for the account ID. (Or it's "for" the account ID only indirectly, via the account ID identifying an account.)

The "given" account is the one identified by the parameter accountId. The name says it's an ID for an account, so I think that doesn't require elaboration in the doc.

[gnprice]

(This is fine to add, though.)

[gnprice]

nit:

Suggested change

	globalStore.prepareRegisterQueueResponse = (newConnection) {
	prepareRegisterQueueResponse(newConnection);
	};
	globalStore.prepareRegisterQueueResponse = prepareRegisterQueueResponse;

[gnprice]

Can you make a positive version of these tests, to put just above these negative versions, for contrast?

Doesn't need to get into the details of the poll, server-emoji-data, etc. requests — just .length.equals(3) would be enough to make a contrast with this .isEmpty(). Plus checking isOpen is still true for a contrast with the isOpen-false check.

[chrisbobbe]

these tests

You mean a test where the loading succeeds, right, so just one test? That's the only condition where the poll, server-emoji-data, and register-token requests are made.

[gnprice]

Right, exactly.

[gnprice]

nit: just call it connection as we typically do; also can make a bit more compact:

Suggested change

	await prepareReload(async,
	prepareRegisterQueueResponse: (newConnection) {
	newConnection.prepare(
	await prepareReload(async, prepareRegisterQueueResponse: (connection) {
	connection.prepare(

[gnprice]

The situation this comment was explaining felt like a bit of a signal that our old test setup here wasn't quite simulating things right. Glad to see we get to delete it.

[gnprice]

Suggested change

	/// Throws [AccountNotFoundException] after an async gap
	/// if the account has been removed.
	/// Throws [AccountNotFoundException] if after any async gap
	/// the account has been removed.

Otherwise it sounds like it's saying: if the account has been removed, throws said exception, but first causes an async gap.

[chrisbobbe]

Thanks for the reviews! Revision pushed.

[gnprice]

Thanks! Small comments below.

[gnprice]

🙂

[gnprice]

This is probably a good sign that the globalSettings parameter can be made optional on these test classes, defaulting to eg.globalSettings().

With maybe a prep commit to do that for TestGlobalStore. (FYI @PIG208 since we just introduced this in #1167.)

It differs from accounts in that almost every test that interacts with the store at all cares what set of tests exist on it, so there's no good default for that even in tests; but most tests don't care about the specific values of the settings.

[gnprice]

Sent #1403 with that prep commit as a quick PR.

[gnprice]

nit: let's tighten the comparison with the tests below by rearranging slightly, like so:

Suggested change

	final globalStore = UpdateMachineTestGlobalStore(
	globalSettings: eg.globalSettings(), accounts: [eg.selfAccount]);
	final connection = globalStore.apiConnectionFromAccount(eg.selfAccount) as FakeApiConnection;
	NotificationService.instance.token = ValueNotifier('asdf');
	addTearDown(NotificationService.debugReset);
	final future = globalStore.perAccount(eg.selfAccount.id);
	check(connection.takeRequests()).length.equals(1); // register request
	await future;
	NotificationService.instance.token = ValueNotifier('asdf');
	addTearDown(NotificationService.debugReset);
	final globalStore = UpdateMachineTestGlobalStore(
	globalSettings: eg.globalSettings(), accounts: [eg.selfAccount]);
	final connection = globalStore.apiConnectionFromAccount(eg.selfAccount) as FakeApiConnection;
	final future = globalStore.perAccount(eg.selfAccount.id);
	check(connection.takeRequests()).length.equals(1); // register request
	await future;

[chrisbobbe]

Thanks for the review! Revision pushed.

[gnprice]

Thanks! Looks good; merging.