Mercurial > hg > sv-dependency-builds

annotate src/capnproto-0.6.0/doc/cxxrpc.md @ 84:08ae793730bd

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
Add null config files
author Chris Cannam
date Mon, 02 Mar 2020 14:03:47 +0000
parents 0994c39f1e94
children
rev   line source
cannam@62 1 ---
cannam@62 2 layout: page
cannam@62 3 title: C++ RPC
cannam@62 4 ---
cannam@62 5
cannam@62 6 # C++ RPC
cannam@62 7
cannam@62 8 The Cap'n Proto C++ RPC layer sits on top of the [serialization layer](cxx.html) and implements
cannam@62 9 the [RPC protocol](rpc.html).
cannam@62 10
cannam@62 11 ## Current Status
cannam@62 12
cannam@62 13 As of version 0.4, Cap'n Proto's C++ RPC implementation is a [Level 1](rpc.html#protocol-features)
cannam@62 14 implementation. Persistent capabilities, three-way introductions, and distributed equality are
cannam@62 15 not yet implemented.
cannam@62 16
cannam@62 17 ## Sample Code
cannam@62 18
cannam@62 19 The [Calculator example](https://github.com/sandstorm-io/capnproto/tree/master/c++/samples) implements
cannam@62 20 a fully-functional Cap'n Proto client and server.
cannam@62 21
cannam@62 22 ## KJ Concurrency Framework
cannam@62 23
cannam@62 24 RPC naturally requires a notion of concurrency. Unfortunately,
cannam@62 25 [all concurrency models suck](https://plus.google.com/u/0/+KentonVarda/posts/D95XKtB5DhK).
cannam@62 26
cannam@62 27 Cap'n Proto's RPC is based on the [KJ library](cxx.html#kj-library)'s event-driven concurrency
cannam@62 28 framework. The core of the KJ asynchronous framework (events, promises, callbacks) is defined in
cannam@62 29 `kj/async.h`, with I/O interfaces (streams, sockets, networks) defined in `kj/async-io.h`.
cannam@62 30
cannam@62 31 ### Event Loop Concurrency
cannam@62 32
cannam@62 33 KJ's concurrency model is based on event loops. While multiple threads are allowed, each thread
cannam@62 34 must have its own event loop. KJ discourages fine-grained interaction between threads as
cannam@62 35 synchronization is expensive and error-prone. Instead, threads are encouraged to communicate
cannam@62 36 through Cap'n Proto RPC.
cannam@62 37
cannam@62 38 KJ's event loop model bears a lot of similarity to the Javascript concurrency model. Experienced
cannam@62 39 Javascript hackers -- especially node.js hackers -- will feel right at home.
cannam@62 40
cannam@62 41 _As of version 0.4, the only supported way to communicate between threads is over pipes or
cannam@62 42 socketpairs. This will be improved in future versions. For now, just set up an RPC connection
cannam@62 43 over that socketpair. :)_
cannam@62 44
cannam@62 45 ### Promises
cannam@62 46
cannam@62 47 Function calls that do I/O must do so asynchronously, and must return a "promise" for the
cannam@62 48 result. Promises -- also known as "futures" in some systems -- are placeholders for the results
cannam@62 49 of operations that have not yet completed. When the operation completes, we say that the promise
cannam@62 50 "resolves" to a value, or is "fulfilled". A promise can also be "rejected", which means an
cannam@62 51 exception occurred.
cannam@62 52
cannam@62 53 {% highlight c++ %}
cannam@62 54 // Example promise-based interfaces.
cannam@62 55
cannam@62 56 kj::Promise<kj::String> fetchHttp(kj::StringPtr url);
cannam@62 57 // Asynchronously fetches an HTTP document and returns
cannam@62 58 // the content as a string.
cannam@62 59
cannam@62 60 kj::Promise<void> sendEmail(kj::StringPtr address,
cannam@62 61 kj::StringPtr title, kj::StringPtr body);
cannam@62 62 // Sends an e-mail to the given address with the given title
cannam@62 63 // and body. The returned promise resolves (to nothing) when
cannam@62 64 // the message has been successfully sent.
cannam@62 65 {% endhighlight %}
cannam@62 66
cannam@62 67 As you will see, KJ promises are very similar to the evolving Javascript promise standard, and
cannam@62 68 much of the [wisdom around it](https://www.google.com/search?q=javascript+promises) can be directly
cannam@62 69 applied to KJ promises.
cannam@62 70
cannam@62 71 ### Callbacks
cannam@62 72
cannam@62 73 If you want to do something with the result of a promise, you must first wait for it to complete.
cannam@62 74 This is normally done by registering a callback to execute on completion. Luckily, C++11 just
cannam@62 75 introduced lambdas, which makes this far more pleasant than it would have been a few years ago!
cannam@62 76
cannam@62 77 {% highlight c++ %}
cannam@62 78 kj::Promise<kj::String> contentPromise =
cannam@62 79 fetchHttp("http://example.com");
cannam@62 80
cannam@62 81 kj::Promise<int> lineCountPromise =
cannam@62 82 contentPromise.then([](kj::String&& content) {
cannam@62 83 return countChars(content, '\n');
cannam@62 84 });
cannam@62 85 {% endhighlight %}
cannam@62 86
cannam@62 87 The callback passed to `then()` takes the promised result as its parameter and returns a new value.
cannam@62 88 `then()` itself returns a new promise for that value which the callback will eventually return.
cannam@62 89 If the callback itself returns a promise, then `then()` actually returns a promise for the
cannam@62 90 resolution of the latter promise -- that is, `Promise<Promise<T>>` is automatically reduced to
cannam@62 91 `Promise<T>`.
cannam@62 92
cannam@62 93 Note that `then()` consumes the original promise: you can only call `then()` once. This is true
cannam@62 94 of all of the methods of `Promise`. The only way to consume a promise in multiple places is to
cannam@62 95 first "fork" it with the `fork()` method, which we don't get into here. Relatedly, promises
cannam@62 96 are linear types, which means they have move constructors but not copy constructors.
cannam@62 97
cannam@62 98 ### Error Propagation
cannam@62 99
cannam@62 100 `then()` takes an optional second parameter for handling errors. Think of this like a `catch`
cannam@62 101 block.
cannam@62 102
cannam@62 103 {% highlight c++ %}
cannam@62 104 kj::Promise<int> lineCountPromise =
cannam@62 105 promise.then([](kj::String&& content) {
cannam@62 106 return countChars(content, '\n');
cannam@62 107 }, [](kj::Exception&& exception) {
cannam@62 108 // Error! Pretend the document was empty.
cannam@62 109 return 0;
cannam@62 110 });
cannam@62 111 {% endhighlight %}
cannam@62 112
cannam@62 113 Note that the KJ framework coerces all exceptions to `kj::Exception` -- the exception's description
cannam@62 114 (as returned by `what()`) will be retained, but any type-specific information is lost. Under KJ
cannam@62 115 exception philosophy, exceptions always represent an error that should not occur under normal
cannam@62 116 operation, and the only purpose of exceptions is to make software fault-tolerant. In particular,
cannam@62 117 the only reasonable ways to handle an exception are to try again, tell a human, and/or propagate
cannam@62 118 to the caller. To that end, `kj::Exception` contains information useful for reporting purposes
cannam@62 119 and to help decide if trying again is reasonable, but typed exception hierarchies are not useful
cannam@62 120 and not supported.
cannam@62 121
cannam@62 122 It is recommended that Cap'n Proto code use the assertion macros in `kj/debug.h` to throw
cannam@62 123 exceptions rather than use the C++ `throw` keyword. These macros make it easy to add useful
cannam@62 124 debug information to an exception and generally play nicely with the KJ framework. In fact, you
cannam@62 125 can even use these macros -- and propagate exceptions through promises -- if you compile your code
cannam@62 126 with exceptions disabled. See the headers for more information.
cannam@62 127
cannam@62 128 ### Waiting
cannam@62 129
cannam@62 130 It is illegal for code running in an event callback to wait, since this would stall the event loop.
cannam@62 131 However, if you are the one responsible for starting the event loop in the first place, then KJ
cannam@62 132 makes it easy to say "run the event loop until this promise resolves, then return the result".
cannam@62 133
cannam@62 134 {% highlight c++ %}
cannam@62 135 kj::EventLoop loop;
cannam@62 136 kj::WaitScope waitScope(loop);
cannam@62 137
cannam@62 138 kj::Promise<kj::String> contentPromise =
cannam@62 139 fetchHttp("http://example.com");
cannam@62 140
cannam@62 141 kj::String content = contentPromise.wait(waitScope);
cannam@62 142
cannam@62 143 int lineCount = countChars(content, '\n');
cannam@62 144 {% endhighlight %}
cannam@62 145
cannam@62 146 Using `wait()` is common in high-level client-side code. On the other hand, it is almost never
cannam@62 147 used in servers.
cannam@62 148
cannam@62 149 ### Cancellation
cannam@62 150
cannam@62 151 If you discard a `Promise` without calling any of its methods, the operation it was waiting for
cannam@62 152 is canceled, because the `Promise` itself owns that operation. This means than any pending
cannam@62 153 callbacks simply won't be executed. If you need explicit notification when a promise is canceled,
cannam@62 154 you can use its `attach()` method to attach an object with a destructor -- the destructor will be
cannam@62 155 called when the promise either completes or is canceled.
cannam@62 156
cannam@62 157 ### Lazy Execution
cannam@62 158
cannam@62 159 Callbacks registered with `.then()` which aren't themselves asynchronous (i.e. they return a value,
cannam@62 160 not a promise) by default won't execute unless the result is actually used -- they are executed
cannam@62 161 "lazily". This allows the runtime to optimize by combining a series of .then() callbacks into one.
cannam@62 162
cannam@62 163 To force a `.then()` callback to execute as soon as its input is available, do one of the
cannam@62 164 following:
cannam@62 165
cannam@62 166 * Add it to a `kj::TaskSet` -- this is usually the best choice. You can cancel all tasks in the set
cannam@62 167 by destroying the `TaskSet`.
cannam@62 168 * `.wait()` on it -- but this only works in a top-level wait scope, typically your program's main
cannam@62 169 function.
cannam@62 170 * Call `.eagerlyEvaluate()` on it. This returns a new `Promise`. You can cancel the task by
cannam@62 171 destroying this `Promise` (without otherwise consuming it).
cannam@62 172 * `.detach()` it. **WARNING:** `.detach()` is dangerous because there is no way to cancel a promise
cannam@62 173 once it has been detached. This can make it impossible to safely tear down the execution
cannam@62 174 environment, e.g. if the callback has captured references to other objects. It is therefore
cannam@62 175 recommended to avoid `.detach()` except in carefully-controlled circumstances.
cannam@62 176
cannam@62 177 ### Other Features
cannam@62 178
cannam@62 179 KJ supports a number of primitive operations that can be performed on promises. The complete API
cannam@62 180 is documented directly in the `kj/async.h` header. Additionally, see the `kj/async-io.h` header
cannam@62 181 for APIs for performing basic network I/O -- although Cap'n Proto RPC users typically won't need
cannam@62 182 to use these APIs directly.
cannam@62 183
cannam@62 184 ## Generated Code
cannam@62 185
cannam@62 186 Imagine the following interface:
cannam@62 187
cannam@62 188 {% highlight capnp %}
cannam@62 189 interface Directory {
cannam@62 190 create @0 (name :Text) -> (file :File);
cannam@62 191 open @1 (name :Text) -> (file :File);
cannam@62 192 remove @2 (name :Text);
cannam@62 193 }
cannam@62 194 {% endhighlight %}
cannam@62 195
cannam@62 196 `capnp compile` will generate code that looks like this (edited for readability):
cannam@62 197
cannam@62 198 {% highlight c++ %}
cannam@62 199 struct Directory {
cannam@62 200 Directory() = delete;
cannam@62 201
cannam@62 202 class Client;
cannam@62 203 class Server;
cannam@62 204
cannam@62 205 struct CreateParams;
cannam@62 206 struct CreateResults;
cannam@62 207 struct OpenParams;
cannam@62 208 struct OpenResults;
cannam@62 209 struct RemoveParams;
cannam@62 210 struct RemoveResults;
cannam@62 211 // Each of these is equivalent to what would be generated for
cannam@62 212 // a Cap'n Proto struct with one field for each parameter /
cannam@62 213 // result.
cannam@62 214 };
cannam@62 215
cannam@62 216 class Directory::Client
cannam@62 217 : public virtual capnp::Capability::Client {
cannam@62 218 public:
cannam@62 219 Client(std::nullptr_t);
cannam@62 220 Client(kj::Own<Directory::Server> server);
cannam@62 221 Client(kj::Promise<Client> promise);
cannam@62 222 Client(kj::Exception exception);
cannam@62 223
cannam@62 224 capnp::Request<CreateParams, CreateResults> createRequest();
cannam@62 225 capnp::Request<OpenParams, OpenResults> openRequest();
cannam@62 226 capnp::Request<RemoveParams, RemoveResults> removeRequest();
cannam@62 227 };
cannam@62 228
cannam@62 229 class Directory::Server
cannam@62 230 : public virtual capnp::Capability::Server {
cannam@62 231 protected:
cannam@62 232 typedef capnp::CallContext<CreateParams, CreateResults> CreateContext;
cannam@62 233 typedef capnp::CallContext<OpenParams, OpenResults> OpenContext;
cannam@62 234 typedef capnp::CallContext<RemoveParams, RemoveResults> RemoveContext;
cannam@62 235 // Convenience typedefs.
cannam@62 236
cannam@62 237 virtual kj::Promise<void> create(CreateContext context);
cannam@62 238 virtual kj::Promise<void> open(OpenContext context);
cannam@62 239 virtual kj::Promise<void> remove(RemoveContext context);
cannam@62 240 // Methods for you to implement.
cannam@62 241 };
cannam@62 242 {% endhighlight %}
cannam@62 243
cannam@62 244 ### Clients
cannam@62 245
cannam@62 246 The generated `Client` type represents a reference to a remote `Server`. `Client`s are
cannam@62 247 pass-by-value types that use reference counting under the hood. (Warning: For performance
cannam@62 248 reasons, the reference counting used by `Client`s is not thread-safe, so you must not copy a
cannam@62 249 `Client` to another thread, unless you do it by means of an inter-thread RPC.)
cannam@62 250
cannam@62 251 A `Client` can be implicitly constructed from any of:
cannam@62 252
cannam@62 253 * A `kj::Own<Server>`, which takes ownership of the server object and creates a client that
cannam@62 254 calls it. (You can get a `kj::Own<T>` to a newly-allocated heap object using
cannam@62 255 `kj::heap<T>(constructorParams)`; see `kj/memory.h`.)
cannam@62 256 * A `kj::Promise<Client>`, which creates a client whose methods first wait for the promise to
cannam@62 257 resolve, then forward the call to the resulting client.
cannam@62 258 * A `kj::Exception`, which creates a client whose methods always throw that exception.
cannam@62 259 * `nullptr`, which creates a client whose methods always throw. This is meant to be used to
cannam@62 260 initialize variables that will be initialized to a real value later on.
cannam@62 261
cannam@62 262 For each interface method `foo()`, the `Client` has a method `fooRequest()` which creates a new
cannam@62 263 request to call `foo()`. The returned `capnp::Request` object has methods equivalent to a
cannam@62 264 `Builder` for the parameter struct (`FooParams`), with the addition of a method `send()`.
cannam@62 265 `send()` sends the RPC and returns a `capnp::RemotePromise<FooResults>`.
cannam@62 266
cannam@62 267 This `RemotePromise` is equivalent to `kj::Promise<capnp::Response<FooResults>>`, but also has
cannam@62 268 methods that allow pipelining. Namely:
cannam@62 269
cannam@62 270 * For each interface-typed result, it has a getter method which returns a `Client` of that type.
cannam@62 271 Calling this client will send a pipelined call to the server.
cannam@62 272 * For each struct-typed result, it has a getter method which returns an object containing pipeline
cannam@62 273 getters for that struct's fields.
cannam@62 274
cannam@62 275 In other words, the `RemotePromise` effectively implements a subset of the eventual results'
cannam@62 276 `Reader` interface -- one that only allows access to interfaces and sub-structs.
cannam@62 277
cannam@62 278 The `RemotePromise` eventually resolves to `capnp::Response<FooResults>`, which behaves like a
cannam@62 279 `Reader` for the result struct except that it also owns the result message.
cannam@62 280
cannam@62 281 {% highlight c++ %}
cannam@62 282 Directory::Client dir = ...;
cannam@62 283
cannam@62 284 // Create a new request for the `open()` method.
cannam@62 285 auto request = dir.openRequest();
cannam@62 286 request.setName("foo");
cannam@62 287
cannam@62 288 // Send the request.
cannam@62 289 auto promise = request.send();
cannam@62 290
cannam@62 291 // Make a pipelined request.
cannam@62 292 auto promise2 = promise.getFile().getSizeRequest().send();
cannam@62 293
cannam@62 294 // Wait for the full results.
cannam@62 295 auto promise3 = promise2.then(
cannam@62 296 [](capnp::Response<File::GetSizeResults>&& response) {
cannam@62 297 cout << "File size is: " << response.getSize() << endl;
cannam@62 298 });
cannam@62 299 {% endhighlight %}
cannam@62 300
cannam@62 301 For [generic methods](language.html#generic-methods), the `fooRequest()` method will be a template;
cannam@62 302 you must explicitly specify type parameters.
cannam@62 303
cannam@62 304 ### Servers
cannam@62 305
cannam@62 306 The generated `Server` type is an abstract interface which may be subclassed to implement a
cannam@62 307 capability. Each method takes a `context` argument and returns a `kj::Promise<void>` which
cannam@62 308 resolves when the call is finished. The parameter and result structures are accessed through the
cannam@62 309 context -- `context.getParams()` returns a `Reader` for the parameters, and `context.getResults()`
cannam@62 310 returns a `Builder` for the results. The context also has methods for controlling RPC logistics,
cannam@62 311 such as cancellation -- see `capnp::CallContext` in `capnp/capability.h` for details.
cannam@62 312
cannam@62 313 Accessing the results through the context (rather than by returning them) is unintuitive, but
cannam@62 314 necessary because the underlying RPC transport needs to have control over where the results are
cannam@62 315 allocated. For example, a zero-copy shared memory transport would need to allocate the results in
cannam@62 316 the shared memory segment. Hence, the method implementation cannot just create its own
cannam@62 317 `MessageBuilder`.
cannam@62 318
cannam@62 319 {% highlight c++ %}
cannam@62 320 class DirectoryImpl final: public Directory::Server {
cannam@62 321 public:
cannam@62 322 kj::Promise<void> open(OpenContext context) override {
cannam@62 323 auto iter = files.find(context.getParams().getName());
cannam@62 324
cannam@62 325 // Throw an exception if not found.
cannam@62 326 KJ_REQUIRE(iter != files.end(), "File not found.");
cannam@62 327
cannam@62 328 context.getResults().setFile(iter->second);
cannam@62 329
cannam@62 330 return kj::READY_NOW;
cannam@62 331 }
cannam@62 332
cannam@62 333 // Any method which we don't implement will simply throw
cannam@62 334 // an exception by default.
cannam@62 335
cannam@62 336 private:
cannam@62 337 std::map<kj::StringPtr, File::Client> files;
cannam@62 338 };
cannam@62 339 {% endhighlight %}
cannam@62 340
cannam@62 341 On the server side, [generic methods](language.html#generic-methods) are NOT templates. Instead,
cannam@62 342 the generated code is exactly as if all of the generic parameters were bound to `AnyPointer`. The
cannam@62 343 server generally does not get to know exactly what type the client requested; it must be designed
cannam@62 344 to be correct for any parameterization.
cannam@62 345
cannam@62 346 ## Initializing RPC
cannam@62 347
cannam@62 348 Cap'n Proto makes it easy to start up an RPC client or server using the "EZ RPC" classes,
cannam@62 349 defined in `capnp/ez-rpc.h`. These classes get you up and running quickly, but they hide a lot
cannam@62 350 of details that power users will likely want to manipulate. Check out the comments in `ez-rpc.h`
cannam@62 351 to understand exactly what you get and what you miss. For the purpose of this overview, we'll
cannam@62 352 show you how to use EZ RPC to get started.
cannam@62 353
cannam@62 354 ### Starting a client
cannam@62 355
cannam@62 356 A client should typically look like this:
cannam@62 357
cannam@62 358 {% highlight c++ %}
cannam@62 359 #include <capnp/ez-rpc.h>
cannam@62 360 #include "my-interface.capnp.h"
cannam@62 361 #include <iostream>
cannam@62 362
cannam@62 363 int main(int argc, const char* argv[]) {
cannam@62 364 // We expect one argument specifying the server address.
cannam@62 365 if (argc != 2) {
cannam@62 366 std::cerr << "usage: " << argv[0] << " HOST[:PORT]" << std::endl;
cannam@62 367 return 1;
cannam@62 368 }
cannam@62 369
cannam@62 370 // Set up the EzRpcClient, connecting to the server on port
cannam@62 371 // 5923 unless a different port was specified by the user.
cannam@62 372 capnp::EzRpcClient client(argv[1], 5923);
cannam@62 373 auto& waitScope = client.getWaitScope();
cannam@62 374
cannam@62 375 // Request the bootstrap capability from the server.
cannam@62 376 MyInterface::Client cap = client.getMain<MyInterface>();
cannam@62 377
cannam@62 378 // Make a call to the capability.
cannam@62 379 auto request = cap.fooRequest();
cannam@62 380 request.setParam(123);
cannam@62 381 auto promise = request.send();
cannam@62 382
cannam@62 383 // Wait for the result. This is the only line that blocks.
cannam@62 384 auto response = promise.wait(waitScope);
cannam@62 385
cannam@62 386 // All done.
cannam@62 387 std::cout << response.getResult() << std::endl;
cannam@62 388 return 0;
cannam@62 389 }
cannam@62 390 {% endhighlight %}
cannam@62 391
cannam@62 392 Note that for the connect address, Cap'n Proto supports DNS host names as well as IPv4 and IPv6
cannam@62 393 addresses. Additionally, a Unix domain socket can be specified as `unix:` followed by a path name.
cannam@62 394
cannam@62 395 For a more complete example, see the
cannam@62 396 [calculator client sample](https://github.com/sandstorm-io/capnproto/tree/master/c++/samples/calculator-client.c++).
cannam@62 397
cannam@62 398 ### Starting a server
cannam@62 399
cannam@62 400 A server might look something like this:
cannam@62 401
cannam@62 402 {% highlight c++ %}
cannam@62 403 #include <capnp/ez-rpc.h>
cannam@62 404 #include "my-interface-impl.h"
cannam@62 405 #include <iostream>
cannam@62 406
cannam@62 407 int main(int argc, const char* argv[]) {
cannam@62 408 // We expect one argument specifying the address to which
cannam@62 409 // to bind and accept connections.
cannam@62 410 if (argc != 2) {
cannam@62 411 std::cerr << "usage: " << argv[0] << " ADDRESS[:PORT]"
cannam@62 412 << std::endl;
cannam@62 413 return 1;
cannam@62 414 }
cannam@62 415
cannam@62 416 // Set up the EzRpcServer, binding to port 5923 unless a
cannam@62 417 // different port was specified by the user. Note that the
cannam@62 418 // first parameter here can be any "Client" object or anything
cannam@62 419 // that can implicitly cast to a "Client" object. You can even
cannam@62 420 // re-export a capability imported from another server.
cannam@62 421 capnp::EzRpcServer server(kj::heap<MyInterfaceImpl>(), argv[1], 5923);
cannam@62 422 auto& waitScope = server.getWaitScope();
cannam@62 423
cannam@62 424 // Run forever, accepting connections and handling requests.
cannam@62 425 kj::NEVER_DONE.wait(waitScope);
cannam@62 426 }
cannam@62 427 {% endhighlight %}
cannam@62 428
cannam@62 429 Note that for the bind address, Cap'n Proto supports DNS host names as well as IPv4 and IPv6
cannam@62 430 addresses. The special address `*` can be used to bind to the same port on all local IPv4 and
cannam@62 431 IPv6 interfaces. Additionally, a Unix domain socket can be specified as `unix:` followed by a
cannam@62 432 path name.
cannam@62 433
cannam@62 434 For a more complete example, see the
cannam@62 435 [calculator server sample](https://github.com/sandstorm-io/capnproto/tree/master/c++/samples/calculator-server.c++).
cannam@62 436
cannam@62 437 ## Debugging
cannam@62 438
cannam@62 439 If you've written a server and you want to connect to it to issue some calls for debugging, perhaps
cannam@62 440 interactively, the easiest way to do it is to use [pycapnp](http://jparyani.github.io/pycapnp/).
cannam@62 441 We have decided not to add RPC functionality to the `capnp` command-line tool because pycapnp is
cannam@62 442 better than anything we might provide.