Guard against late-arriving polls after worker shutdown#9330
Closed
Guard against late-arriving polls after worker shutdown#9330
Conversation
When CancelOutstandingWorkerPolls is called, the WorkerInstanceKey is cached in a TTL cache (60s default). Any subsequent poll arriving with this key returns empty immediately, preventing task dispatch to a shutting-down worker. This handles the edge case where a poll request was in-flight (already sent by SDK) when ShutdownWorker was called, arriving at the server after the cancellation logic has completed. - Add ShutdownWorkerCacheTTL dynamic config (60s default) - Add shutdownWorkers TTL cache to matchingEngineImpl - Check cache early in PollWorkflowTaskQueue/PollActivityTaskQueue - Add unit tests for cache behavior
rkannan82
force-pushed
the
kannan/shutdown-worker-poll-guard
branch
from
441d5b6 to
5c1df05
Compare
dnr
reviewed
Feb 18, 2026
| `ShutdownWorkerCacheTTL is the time to live for entries in the shutdown worker cache. When a worker calls | ||
| ShutdownWorker, its WorkerInstanceKey is cached for this duration. Any poll arriving with a cached | ||
| WorkerInstanceKey returns empty immediately, preventing task dispatch to a shutting-down worker. | ||
| This should be longer than MatchingLongPollExpirationInterval (1 min default) to catch in-flight polls.`, |
Contributor
There was a problem hiding this comment.
This isn't related to the length of a long poll at all, it about the interval where rpcs can get reordered on the network. Which is unbounded in theory but practically something like 10s-30s should be fine. The SDK isn't waiting that long anyway between calling ShutdownWorker and actually exiting, right?
| outstandingPollers: collection.NewSyncMap[string, context.CancelFunc](), | ||
| workerInstancePollers: workerPollerTracker{pollers: make(map[string]map[string]context.CancelFunc)}, | ||
| // 50000 entries ≈ 10MB (each entry ~200 bytes: UUID key + cache overhead) | ||
| shutdownWorkers: cache.New(50000, &cache.Options{TTL: config.ShutdownWorkerCacheTTL()}), |
Contributor
There was a problem hiding this comment.
If you're going to use dynamic config, why not the cache size too? (I'm fine with neither being dynamic, actually)
| `PollerHistoryTTL is the time to live for poller histories in the pollerHistory cache of a physical task queue. Poller histories are fetched when | ||
| requiring a list of pollers that polled a given task queue.`, | ||
| ) | ||
| ShutdownWorkerCacheTTL = NewGlobalDurationSetting( |
Contributor
There was a problem hiding this comment.
Note that this requires a process restart to take effect
| // This guards against polls that arrive after CancelOutstandingWorkerPolls completed. | ||
| if workerInstanceKey := request.GetWorkerInstanceKey(); workerInstanceKey != "" { | ||
| if e.shutdownWorkers.Get(workerInstanceKey) != nil { | ||
| return emptyPollWorkflowTaskQueueResponse, nil |
Contributor
There was a problem hiding this comment.
I would think it should return nil, serviceerror.NewCanceled("worker shutdown") or something like that
Contributor
Author
|
Already implemented in #9545. |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
What changed?
When
CancelOutstandingWorkerPollsis called, theWorkerInstanceKeyis cached in a TTL cache (70s default). Any subsequent poll arriving with this key returns empty immediately, preventing task dispatch to a shutting-down worker.Why?
This handles the edge case where a poll request was in-flight (already sent by SDK) when
ShutdownWorkerwas called, arriving at the server after the cancellation logic has completed. Without this guard, such polls could receive tasks that would never be processed.How did you test it?
Potential risks