Add HTTP/3

[scalablecory]

This adds HTTP/3 (draft 24) support to SocketsHttpHandler.

Marked NO MERGE for now because it a) depends on some QUIC APIs that don't exist yet, and b) due to that hasn't been tested against a live server.

This adds the APIs in #1293.

There are some minor optimization opportunities (mostly in removing some async allocations) that will be investigated once things are in a state that we can benchmark.

Some of the initial H3 code from Kestrel is shared and thus included in this PR. @jkotalik this code has had some changes mostly to support Span, but also some optimizations.

[jkotalik]

Move IntegerEncoder out of Http2 (as it's used by Http3)?

[scalablecory]

Need to figure out the sharing script for this. Maybe just merge the http/2 and http/3 into a single shared directory structure.

[Tratcher]

It looks like this is the only type that's shared between Http2 and Http3? If so then having Http3 reference the Http2 class/file should be fine. I'd like to keep the other files separate for clarity.

How about this new dir structure? No need to duplicate the scripts.

• src/libraries/Common/src/System/Net/Http/AspShared
  • /Http2
  • /Http3
  • Copy scripts, readme, etc.

[scalablecory]

Yep, that's in line with what I was thinking.

[jkotalik]

Probably swap these copyrights to MIT as that's what is being used in corefx.

[scalablecory]

I agree, but I'm not sure enough of the technicalities to know if it's legal for us to change it. Our strategy with HPACK was to keep the original license from ASP.NET. @terrajobst any opinions?

[stephentoub]

cc: @richlander

[richlander]

Go ahead ... make the license change.

[jkotalik]

Suggested change

	public static bool TryReadIntegerPair(ReadOnlySpan<byte> buffer, out long a, out long b, out int bytesRead)
	public static bool TryReadVariableLengthIntegerPair(ReadOnlySpan<byte> buffer, out long a, out long b, out int bytesRead)

as the out params are longs, either we should consistently say VariableLengthInteger or Long instead of Integer.

[Tratcher]

TryReadVLIPair? 😁
VariableLengthInteger is the spec term, but it's a bit of a mouthful.

[scalablecory]

I feel like the current name is fine, but if others express a strong opinion I'm not opposed to changes.

[jkotalik]

I'd keep this task around and await it in some cleanup code.

[scalablecory]

There's no need here; the process is cleaned up when the connection is disposed, and errors are only observed through SendAsync(). Will add a comment though.

[gfoidl]

Suggested change

	throw new QPackDecodingException("TODO sync with corefx" /*CoreStrings.QPackHuffmanError, */, ex);
	throw new QPackDecodingException("TODO sync with runtime/libraries" /*CoreStrings.QPackHuffmanError, */, ex);

?

[scalablecory]

Ultimately these strings need to be put into resources.

[Tratcher]

I have shared resources mostly working in the Http2 code.

[jkotalik]

Let's leave this as a follow up item.

[gfoidl]

Suggested change

	byte[] dataFrame = _dataFrame;
	byte[] dataFrame = _dataFrame ??= new byte[9];

Saves some C# code when the following if is removed. More or less a matter of taste.

[scalablecory]

I'm fine with it now; will update if there are strong opinions.

[jkotalik]

nit: ValueTask all the things?

[scalablecory]

For now, only the things I expect to finish synchronously.

In the future, depending on the outcome of @stephentoub's ValueTask caching patch, maybe ValueTask all the things.

[stephentoub]

I think it's reasonable to use ValueTask<T> for any of these that are internal/private, as long as we're only ever awaiting them at the call sites. That will help us to better evaluate the ValueTask opt-in change I made.

[scalablecory]

@stephentoub I'm open to it, but how will it help us evaluate things when there's no baseline to compare to?

[stephentoub]

The comparison I'm referring to is when lots of stuff uses ValueTask<T>, and we flip the switch to enable automatic pooling (if very little is using ValueTask<T> in our code, then flipping that switch won't produce any meaningful results). If the method completes synchronously, then using ValueTask<T> was a good idea, and if it completes asynchronously, then the overhead compared to the allocation/state management/etc. is minimal, so I'm not particularly concerned with a comparison about HTTP/3's implementation with ValueTask<T> vs Task<T> here.

[scalablecory]

Thanks. I'll leave this for a post-merge update.

[jkotalik]

nit: scrap the goto 😄

[scalablecory]

why?

[jkotalik]

It's more of a personal opinion. I think it generally makes code less readable and usually can be fixed via refactoring. We avoid them in AspNetCore, not sure if it varies in the runtime repo.

[scalablecory]

I'll take another look to see if they can reasonably be removed without a size/perf penalty.

[Tratcher]

Does the goto mess up the lock statement? I'd rather not find out.
A local method or just inlining the code seems more appropriate here.

[benaadams]

Does the goto mess up the lock statement?

C# doesn't let you create irreducible control-flow graphs with goto; so no. (i.e. you can't jump into a different scope).

It outputs a leave.s il instruction inside a lock, executing the finally first, undoing the lock

The leave.s instruction is similar to the br instruction, but it can be used to exit a try, filter, or catch block whereas the ordinary branch instructions can only be used in such a block to > transfer control within it. The leave.s instruction empties the evaluation stack and ensures that the appropriate surrounding finally blocks are executed.

tl;dr C# won't compile if your goto use is unsound (unlike other languages)

[benaadams]

Aside, the C# compiler on the other hand... does create irreducible control-flow graphs in il, in certain circumstances dotnet/roslyn#39814

[scalablecory]

Leaving this as a post-merge TODO. I'm not worried about the goto specifically but I'm going to go over the entire locking strategy, which was made a bit coarse to start with, and goto might naturally go away as part of that -- either way, once I get to this method I'll see if it's reasonable to get rid of it.

[jkotalik]

I'm a bit confused by the _waitingRequests queue here. This looks like it is draining all pending calls to SendAsync. Why do we need to do this?

[scalablecory]

This is to respond to new MAX_STREAMS events from QUIC. _waitingRequests are any requests waiting for a new stream to open up.

[jkotalik]

I think you need another place where you dequeue when a request is finished. Ex: max request stream count is 100, someone makes 101 requests, so one request is waiting. When a request finishes, it needs to call TryDequeue to start the next request, correct?

[scalablecory]

MAX_STREAMS is a cumulative maximum, not a maximum concurrent streams:

Note that these frames (and the corresponding transport parameters) do not describe the number of streams that can be opened concurrently. The limit includes streams that have been closed as well as those that are open.
https://quicwg.org/base-drafts/draft-ietf-quic-transport.html#section-19.11-8

[jkotalik]

This seems inefficient. This is only growing the buffer by one each time, which causes TryRead and ReadAsync to be called multiple times if we are reading a large integer.

[MihaZupan]

It looks like ArrayBuffer grows by doubling even if only 1 byte is needed

[jkotalik]

Okay not as bad as I initially thought. Maybe something should be renamed to make it more clear that we are increasing the space by more than just 1 (at least double).

I still think this pattern of growing the buffer is prone to smaller reads though.

[scalablecory]

Current strategy is to: read in just enough to parse headers in one I/O, and then let user control read pattern through Content.

Once we get implementation finished, we'll want to tune this. It's not clear what buffer size will be optimal just yet, but it will be trivial to change when we're ready.

[jkotalik]

These small reads don't seem like they would be good for perf. Do you think it may be better to preemptively allocate some amount in the buffer s.t. future calls that use the payload length already have it?

[scalablecory]

AvailableMemory will typically be much larger here. 2 is just the minimum that we need for two integers.

[jkotalik]

I see this called from Read(), why does response need to be null?

[scalablecory]

Once the response headers are read, HttpRequestStream._response will be nulled out to avoid circular references. By the time we're reading content, this should already have happened. I'll see about improving the comment.

[jkotalik]

I see, what circular references are you worried about?

[scalablecory]

stream -> response -> content -> stream

[jkotalik]

This will probably need to change eventually to no do sync over async.

[scalablecory]

Yea, I had same thought -- leaving as a TODO until we firm up the behavior of QuicStream.

[jkotalik]

Codeshare between ReadResponseContent/ReadResponseContentAsync

[scalablecory]

Any ideas?

[jkotalik]

Maybe I'm mistaken, but the only difference I see is that ReadNextDataFrameAsync is called sync in ReadResponseContent and async in ReadResponseContentAsync.

At a minimum, you can share the logic to calculate the totalBytesRead and update the buffers.

[scalablecory]

Stream.Read vs Stream.ReadAsync as well. I can share the exception handling; I'll do that.

[jkotalik]

Can Http3RequestStream derive from HttpBaseStream s.t. you can avoid allocating an extra object per request?

[scalablecory]

Possibly, but it gets weird as the users can dispose the stream. I will leave this for future TODO to look into.

[jkotalik]

Same here, can Http3WriteStream be removed and part of Http3RequestStream?

[Tratcher]

More accurately these are the HPack and QPack static tables, not the H2 and H2 tables. How about calling them HPack.StaticTable in the few places both namespaces are in scope?

[scalablecory]

It's easier to disambiguate them this way, without having to see what using is in effect. I'd like them to have separate names.

[jkotalik]

Maybe rename to HPackStaticTable and QPackStaticTable?

[Tratcher]

It looks like this is the only type that's shared between Http2 and Http3? If so then having Http3 reference the Http2 class/file should be fine. I'd like to keep the other files separate for clarity.

How about this new dir structure? No need to duplicate the scripts.

• src/libraries/Common/src/System/Net/Http/AspShared
  • /Http2
  • /Http3
  • Copy scripts, readme, etc.

[Tratcher]

We don't need this kestrel namespace, the internal shared types can be in System.Net.Http. Only IHttpHeadersHandler needed to preserve the namespace because it's public.

[jkotalik]

Yeah go ahead and make the changes here, we will react in Kestrel to the namespace changes.

[stephentoub]

Only IHttpHeadersHandler needed to preserve the namespace because it's public.

We're adding new methods to the interface. That's similarly breaking, no? I thought the purpose of the pubternals approach was that API changes were permitted.

[jkotalik]

I think we can change IHttpHeadersHandler to be in the System.Net.Http namespace, but IIRC we use IHttpHeadersHandler in our benchmarks repo. cc @sebastienros we may update a namespace that we'd need to react to in benchmarks, that okay?

[sebastienros]

Always ok if you apply the change in the benchmarks too ;)

[Tratcher]

IHttpHeadersHandler is an internal type in System.Net.Http.dll, it doesn't matter what the namespace is there.

IHttpHeadersHandler is a public (pubternal) type in Kestrel. Yes we can make API changes to pubternal types, that's not the question here. We should not use the System.Net.Http namespace for public types in Kestrel.

[Tratcher]

TryReadVLIPair? 😁
VariableLengthInteger is the spec term, but it's a bit of a mouthful.

[Tratcher]

Duplicated from VariableLengthIntegerHelper?

[scalablecory]

Intentional -- our loopback code does not share product code.

[jkotalik]

eek. That seems like an odd decision to me. What are the main reasons for not sharing "product code". Can you do internals visible to?

[scalablecory]

What are the main reasons for not sharing "product code".

Two implementations of something make it easier to find bugs, and the test implementation often sacrifices perf for flexibility or simplicity.

Can you do internals visible to?

If we did anything it would be to include the source directly; InternalsVisibleTo is a hard no per various discussions on its goodness.

[Tratcher]

Incremental review

[stephentoub]

I'm disappointed there's no "EnhanceYourCalm" 😄

[scalablecory]

Alas, it was renamed to H3_EXCESSIVE_LOAD. 😢

[stephentoub]

Nit: "Either"?

[stephentoub]

Rather than writing out the number, could we instead write this as something like (long)((1UL << 62) - 1)? Same goes for the others. The comment at that point isn't necessary, and it's clear how the value is derived rather than having a magic value.

[jkotalik]

In the spec it's listed as the entire integer, so it was easier to copy like that. https://tools.ietf.org/html/draft-ietf-quic-transport-24#section-16

[stephentoub]

Nit: LengthTwoBytes, LengthFourBytes, etc.?

[stephentoub]

Why do we need to slice it?

[scalablecory]

(stackalloc byte[8])[..length] has marginally better codegen than stackalloc byte[length].

[stephentoub]

I wasn't questioning that part, but rather why does it need to be perfectly sized at all. Why not just stackalloc byte[8]?

[scalablecory]

Oh. SequenceReader.TryCopyTo reads in the full buffer or fails, so 8 would cause EOF scenario to fail.

[stephentoub]

I don't understand. temp here is the target of TryCopyTo, not the source. What am I missing?

[stephentoub]

It's about L121 with TryRead(temp, out ...)

What about it? That TryRead is taking a span, not a reader, and it's not using a reader internally.

[gfoidl]

Ah, with the current implementation of TryRead it will work with any large enough size. So you're correct, slicing to actual size isn't needed.

(I believe to remember there were a version of TryRead expecting the actual size to work -- but irrelevant right now.)

[scalablecory]

Slice is required here because of reader.TryCopyTo:

• Our stream has reach EOF and the reader has exactly 2 bytes left, containing a 2-byte integer.
• reader.TryCopyTo -- which succeeds only if it can fill the entire span -- fails because there are not 8 bytes available.
• Upstream we see EOF but VariableLengthIntegerHelper.TryRead fails, so it throws something indicating an incomplete stream.

[stephentoub]

which succeeds only if it can fill the entire buffer

Ugh. That is not an intuitive design. That's not how any other "CopyTo" I'm aware of behaves.

[scalablecory]

It got @GrabYourPitchforks too. Somehow nobody caught it during API review.

[stephentoub]

Does using in for ReadOnlySequence<byte> measurably help? On Linux, too?

[jkotalik]

I would need to dig up the benchmark, but my general policy with in is based on the size of the struct. ROS is a relatively large struct, so my policy has to pass it via in.

@benaadams do you happen to have concrete numbers on passing ROS via in?

[stephentoub]

value is already declared as long. Why are we casting to long?

[scalablecory]

Leftover from me trying to use proper unsigned types. Will remove.

[stephentoub]

Nit: in other places like https://github.com/dotnet/runtime/pull/1294/files#diff-fb1bdc75c84ead7a94a9c379a52f6230R46, we've used buffer.Length != 0. It'd be nice to be consistent one way or the other. Personally I prefer the Length comparison in cases like this where we're writing out, simply because an "empty" check makes me think we're trying to read something from it, as we're checking to see if anything is there.

[jkotalik]

@gfoidl IIRC you mentioned that checking buffer.Length != 0 is faster than buffer.IsEmpty. Is that correct?

[gfoidl]

It results in the same codegen -- so no perf-difference. My suggestion was about readability / expressiveness, and IMHO buffer.IsEmpty does a good job therefore.

Edit: I'm also fine with @stephentoub rationale for the length-check for the "output side". We should be consistent accross the board. When the rule is "input -> IsEmpty, output -> length-check" then it's good and clear.

[stephentoub]

Is there an issue link for all of these TODOs?

[jkotalik]

I wasn't sure which repo to file issues in (these are ported from aspnetcore). I think we can start filing issues in the runtime repo now :)

[stephentoub]

s_instance

[scalablecory]

This whole class needs to be made static. Going to leave a comment and do post-merge.

[jkotalik]

We should probably sync about how the QPackDecoder references the DynamicTable. From what I can tell, the Dynamic table will be per connection, so it may be tricky to get that all correct.

[scalablecory]

I'm leaning towards removing DynamicTable from H3 completely. It's complex and not MVP -- we can add later once everything else is working.

[jkotalik]

If you can confirm we can remove it entirely on both the client and server, then let's do it.

[jkotalik]

I don't think this should be a debug fail.

[scalablecory]

ReadFrameEnvelopeAsync does its own checks; the cases here are the only ones it should see.

[jkotalik]

nit: CommitHeaders? We use this terminology when we write the headers to a buffer and don't flush them.

[jkotalik]

Same with these names: Buffer => Commit.

[jkotalik]

I thought we had a table for this in H3StaticTable?

[scalablecory]

I believe we had the reverse table, but I could be wrong.

[jkotalik]

Alright, I did a second round of review and this is making great progress.

We should discuss what our timeline is for merging this. Ideally, I'd like to start reacting to this in Kestrel somewhat soon.

[Tratcher]

This PR has gotten too large to effectively review. At 7K lines it's literally lagging my browser. What can be done to reduce the scope so we can get the core reviewed and merged before further iterating? E.g. can we skip all of the QPack optimizations?

[Tratcher]

Revert

[Tratcher]

In draft 24 (https://tools.ietf.org/html/draft-ietf-quic-http-24#section-8.1) these were renamed to H3_NO_ERROR

[Tratcher]

Document the expected encoding state here, these must be respectively pre-encoded or it will affect the lengths.

[Tratcher]

Suggested change

	maxAge = Math.Min(maxAge.GetValueOrDefault(), maxAgeTmp);
	maxAge = Math.Min(maxAge.Value, maxAgeTmp);

You already checked for null. Default would never work here anyways.

[scalablecory]

This is an optimization. Value is implemented as HasValue ? GetValueOrDefault() : throw, and JIT isn't yet smart enough to remove the dead branch.

[Tratcher]

Upper case here only too.

[Tratcher]

Style: use long? and HasValue rather than a sentinel value -1.

[scalablecory]

I'm fine with this as it's not a public API and saves some space. Our HTTP/2 code does the same.

[Tratcher]

Does the goto mess up the lock statement? I'd rather not find out.
A local method or just inlining the code seems more appropriate here.

[Tratcher]

This is a useful optimization for known fields, but it's leaking H/Qpack implementation details into the request streams. I think there's a way to do this without leaking, and in a way that gives us more opportunities for optimizations.

1. Define a KnownHeaderId enum for any header names we care about. This aligns closely with the KnownHeader(s) classes you already have. This doesn't need to be restricted to the ones defined in H/Qpack's static tables, we could also use it for dynamic compression optimizations later.
2. Have H/Qpack decoders map static values to the KnownHeaderId enum. The decoders should also handle the known values mapping internally. This abstracts out the compression details early and allows for more unified code paths later in the flow.
3. Replace IHttpHeadersHandler.OnStaticIndexedHeader(int index) and IHttpHeadersHandler.OnStaticIndexedHeader(int index, ReadOnlySpan value) with IHttpHeadersHandler.OnKnownHeader(KnownHeaderId knownHeader, ReadOnlySpan value). This implementation can share most code across H2 and H3 since it uses unified ids.

This means HeaderDescriptor doesn't have to know about H/QPack implementation details, only a KnownHeaderId enum value and a unified lookup table for KnownHeaders.

[scalablecory]

Lets chat about this next week. I'm not as concerned about leaking some of QPack into H3 as they are tightly intertwined already, but I'd like to hear more about what other optimizations you feel we can get out of this abstraction.

[Tratcher]

Initially I flagged this as a testing/maintenance issue. QPack can't be reviewed or tested in isolation because this chunk of it has been implemented directly inside the H3RequestStream.

Looking over this again I see a bigger problem. IHttpHeadersHandler is the boundary between the shared code (QPack) and the non-shared code (Http3RequestStream). All of the QPack logic you implement inside Http3RequestStream is code we have to duplicate in Kestrel. We should be able to share all of the QPack logic but to do so it needs to be factored appropriately.

[scalablecory]

Follow-up on offline convo:

There's still concern that the abstraction as proposed will not provide real maintainability benefit and will be inefficient due to extra LUTs. We're going to give it a look post-merge to see if maintainability is improved.

There's a 2nd option we can keep in our back pocket of sharing type names between the two repos that would give the same level of abstraction without the added inefficiency.

[Tratcher]

IHttpHeadersHandler is an internal type in System.Net.Http.dll, it doesn't matter what the namespace is there.

IHttpHeadersHandler is a public (pubternal) type in Kestrel. Yes we can make API changes to pubternal types, that's not the question here. We should not use the System.Net.Http namespace for public types in Kestrel.

[Tratcher]

Reminder, please get rid of the Kestrel namespace for all internal types.

[carlossanlop]

@scalablecory I noticed you're adding new APIs in the ref files. Please make sure to have all these new public API documented in the implementation (src files) with triple slash comments so that we can automatically port them in the future.

[Tratcher]

Encoding?

[jkotalik]

Did @Tratcher chat with you about the issues with these added interface definitions?

[scalablecory]

/azp list

[azure-pipelines]

CI/CD Pipelines for this repository:

• coreclr-gc-longrunning
• coreclr-gc-simulator
• runtime-coreclr outerloop
• runtime-coreclr crossgen2
• runtime-libraries outerloop
• runtime-libraries outerloop-windows
• runtime-libraries outerloop-linux
• runtime-libraries outerloop-osx
• runtime
• runtime-libraries enterprise-linux
• runtime-libraries stress-http
• runtime-libraries stress-ssl
• runtime-live-build
• runtime-coreclr crossgen2 outerloop
• coreclr-release-outerloop-nightly
• sync-runtime-to-mono

[scalablecory]

/azp run runtime-libraries outerloop

[azure-pipelines]

Azure Pipelines successfully started running 1 pipeline(s).

[scalablecory]

CI failures appear to be an unrelated mix of flakey CI and #2131