Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

x/time/rate: Rate limit can be exceeded 5000x under high lock contention due to bug in advance #71360

Closed
Ingovd opened this issue Jan 21, 2025 · 1 comment
Closed

x/time/rate: Rate limit can be exceeded 5000x under high lock contention due to bug in advance #71360

Ingovd opened this issue Jan 21, 2025 · 1 comment
Labels
BugReport Issues describing a possible bug in the Go implementation.
Milestone
Unreleased

Comments

@Ingovd
Copy link

Ingovd commented Jan 21, 2025

Go version

go version go1.23.2 X:nocoverageredesign linux/amd64

Output of go env in your module/workspace:

GO111MODULE='off'
GOARCH='amd64'
GOBIN=''
GOCACHE='/home/user/.cache/go-build'
GOENV='/home/user/.config/go/env'
GOEXE=''
GOEXPERIMENT='nocoverageredesign'
GOFLAGS=''
GOHOSTARCH='amd64'
GOHOSTOS='linux'
GOINSECURE=''
GOMODCACHE='/home/user/go-code/pkg/mod'
GONOPROXY=''
GONOSUMDB=''
GOOS='linux'
GOPATH='/home/user/go-code'
GOPRIVATE=''
GOPROXY='https://proxy.golang.org,direct'
GOROOT='/home/user/.cache/bazel/_bazel_ingo/b97476d719d716accead0f2d5b93104f/external/go_sdk'
GOSUMDB='sum.golang.org'
GOTMPDIR=''
GOTOOLCHAIN='auto'
GOTOOLDIR='/home/user/.cache/bazel/_bazel_ingo/b97476d719d716accead0f2d5b93104f/external/go_sdk/pkg/tool/linux_amd64'
GOVCS=''
GOVERSION='go1.23.2 X:nocoverageredesign'
GODEBUG=''
GOTELEMETRY='local'
GOTELEMETRYDIR='/home/user/.config/go/telemetry'
GCCGO='gccgo'
GOAMD64='v1'
AR='ar'
CC='gcc'
CXX='g++'
CGO_ENABLED='1'
GOMOD=''
GOWORK=''
CGO_CFLAGS='-O2 -g'
CGO_CPPFLAGS=''
CGO_CXXFLAGS='-O2 -g'
CGO_FFLAGS='-O2 -g'
CGO_LDFLAGS='-O2 -g'
PKG_CONFIG='pkg-config'
GOGCCFLAGS='-fPIC -m64 -pthread -Wl,--no-gc-sections -fmessage-length=0 -ffile-prefix-map=/tmp/go-build1264229664=/tmp/go-build -gno-record-gcc-switches'

What did you do?

When a call to AllowN(t, n) succeeds, it always sets lim.last to t, even if t is before lim.last. This allows the rate limit to be exceeded: https://go.dev/play/p/uR8KvkVJGN8

Clearly this is a bug in line 389, where t should be updated to lim.last.

In practice, since calls to Allow call time.Now() before acquiring the limiter's lock, high lock contention increases the likelihood of AllowN being called with a time in the past, thus resetting lim.last to a past time and allowing more tokens to be acquired.

What did you see happen?

When calling Allow with many concurrent goroutines, the rate limit can easily be exceeded by a factor 5000.
For instance, 10k goroutines accessing Allow with a rate limit of 200 for 10 seconds produces something like:
Ok: 1445521
Block: 15612127
(in my test, goroutines sleep for ~25ms after Allow succeeds, and exponentially back off with 5/15/45/135/...ms on failures)

What did you expect to see?

After fixing the bug, I observed this:
Ok: 2992
Block: 16271193
I expected OK to be ~2000 (rate limit of 200 for 10 seconds), but this is much better then with the bug.
@gopherbot gopherbot added this to the Unreleased milestone Jan 21, 2025
@gabyhelp
Copy link

Related Issues

(Emoji vote if this was helpful or unhelpful; more detailed feedback welcome in this discussion.)

@gabyhelp gabyhelp added the BugReport Issues describing a possible bug in the Go implementation. label Jan 21, 2025
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
BugReport Issues describing a possible bug in the Go implementation.
Projects
None yet
Milestone
Unreleased
Development

No branches or pull requests
4 participants
@Ingovd @gopherbot @seankhliao @gabyhelp