@ivanpauno

thanks for enlighten me, could you check once again?

using atomic is not exactly thread safe, but expecting good enough for this case. besides we do not really want to introduce mutex in here.

I think that in this case (doing an atomic fetch add followed by a guard that ensures that the following code is executed only under an specific previous value of the atomic) should be thread safe, right?

@ivanpauno

i did reconsider the code with expectation with rcl logging init/fini always succeed.
i believe that this should be good enough, but if you want to have 100% exclusive including rcl_logging_init/fini failure cases, i need either rwlock or mutext to keep the other threads wait.

could you share your thoughts?

i did reconsider the code with expectation with rcl logging init/fini always succeed.

I think that's fine, I'm not sure if we should log something or in some cases indicate an error.
@hidmic @wjwwood for more feedback.

i believe that this should be good enough, but if you want to have 100% exclusive including rcl_logging_init/fini failure cases, i need either rwlock or mutext to keep the other threads wait.

I think there is no need of an extra rwlock/mutex, but a second reviewer may think different.

@wjwwood I suggested doing reference counting, because the creation/destruction of each context calls rcl_logging_configure and rcl_logging_fini:

If in rclcpp you do:

rclcpp::init(argc, argv);
...
{
  auto context1 = std::make_shared<rclcpp::Context >();
  context1->init(0, nullptr);
}
RCLCPP_INFO(...); // Logging was finished when the above context shutdown.
...

I think that's a problem.

Also, out of scope for this pr, but logging should probably not require the use of global... This is only a problem because we're mapping non-globals (multiple context) to the initialization of a global. If each context could create its own logging instance this would not be a problem.

I agree, but that would modify completly the logging API. e.g:

RCLCPP_INFO(context.get_logger(), ...);

And we wouldn't necessary want a logger per Context, so having an independent object for it would be reasonable. Something like having a singleton logger that's used automatically, and you can create a new one manually. Logging initialization should probably be decoupled of context initialization.

The question is: who is responsible of configuring the logger?
Currently, each context can "configure" logging, but it's kind of not working as the same globals are shared between different contexts.
I think that doing reference counting is a clever way of fixing the problem without modifying the API, but we should probably reconsider the API later.

About the above solution proposed, I think that solving the problem in an upper layer is fine, though we will have to solve the problem independently in each client.
My idea was to solve it in rcl, to avoid duplication. I think there are two ways of solving the problem:

• rcl_logging_configure and rcl_logging_fini do reference counting internally.
• The usual caller of rcl_logging_configure and rcl_logging_fini do reference counting, avoiding to call them more than once (the usual caller is rcl_init and rcl_shutdown).

I think that the second option is probable more reasonable, as the caller should be responsible of not initing the logger more than once.
If we solve the problem in rcl, the reference counting should be thread-safe, if not, the upper layer needs a global logging lock (that's fine too, but IMO it's a bit confusing).

So, my idea is something like this:

atomic_uint_least64_t g_logging_ref_count = ATOMIC_VAR_INIT(0);

rcl_init(...)
{
  ...
  if (0u == rcutils_atomic_fetch_add_uint64_t(&g_logging_ref_count, 1)) {
     rcl_logging_configure(...);
  } else {
    // log a warn if logging arguments were passed again.
  }
  ...
} 

rcl_shutdown(...)
{
  ...
  if (1u == rcutils_atomic_fetch_add_uint64_t(&g_logging_ref_count, -1)) {
     rcl_logging_fini(...);
  }
  ...
}

@wjwwood Is that a reasonable solution?

My idea was to solve it in rcl, to avoid duplication.

That's fine, but...

If we solve the problem in rcl, the reference counting should be thread-safe...

I don't think that can be done safely without a mutex, and rcl should not ever use OS primitives like a mutex, which is part of the design goal of rcl to not do threading, and other OS related tasks (see: https://docs.ros2.org/eloquent/developer_overview.html#internal-api-architecture-overview).

Using just atomics will not be sufficient in my opinion, or at least I haven't seen a patch that achieves that.

If you think it can be done, then that's fine I'll review a patch for that, but then the documentation needs to be updated to indicate that it is thread-safe.

the reference counting should be thread-safe, if not, the upper layer needs a global logging lock (that's fine too, but IMO it's a bit confusing).

My opinion is that this will be required, regardless of whether or not it is confusing, though I don't see why it is confusing to be honest.

Using just atomics will not be sufficient in my opinion, or at least I haven't seen a patch that achieves that.

I don't see why an atomic counter would not ensure thread-safety in this case, though it's arguable whether we should be using them at all, along with other global state, instead of pushing loggers inside contexts. But then the question becomes, does it make sense to have a logger per context? If not, why are contexts initializing logging in the first place? Should logging initialization be done once per process, like signal handlers?

I don't see why an atomic counter would not ensure thread-safety in this case,

Well, if you're mutating global state then fini and init cannot be called concurrently. I don't see how the atomic counter can protect you. We can review and discuss a concrete pull request more easily. Do you guys think the current patch is thread-safe? If so I'll re-review it with that in mind, though the doc strings still claim that they are not thread-safe.

But then the question becomes, does it make sense to have a logger per context?

The implications are annoying, but I think it makes sense. Alternatively, perhaps the context should not initialize the logging, as you suggest.

If not, why are contexts initializing logging in the first place?

As to "why", init (rcl_init) used to be global, and it asked the user to pass the argv/argc too. When it was refactored to allow for non-global init, the argv/argc were kept, so they could be used (optionally) for standard ROS command line stuff, even for non-global context usage. Therefore I guess it made sense to initialize logging in the context since initializing logging also needed argv/argc. However, I don't think it's required for that to be the case, i.e. I think logging could be initialized separately from the context if needed.

Should logging initialization be done once per process, like signal handlers?

Maybe. The signal handlers are initialized only if the global rclcpp::init() is used, otherwise it is up to the user to "install the signal handler". So it would be similar, if the user wanted to avoid globals with the context (rclcpp::init()), then they would need to initialize logging manually.

If having library globals is an issue for the user (e.g. due to destruction order issues) then they would just have to forego using our signal handlers and make their own and avoid using the global versions of our functions. For logging this isn't as easy for the user to do since logging calls are made through out the code, so they cannot easily avoid them all.

Also, in my opinion, comparing logging to signal handling is kind of flawed, because the logger could technically be used without globals (think about our deliberations over log4cxx vs spdlog) and ideally our logging API would allow for non-global usage. Conversely, I do not believe the signal handling is technically feasible without using globals.

While important, I think this is well out of scope for this pull request. For this pull request we just need to decide how to make it thread-safe, either in rcl or rclcpp depending on how the atomic issue is resolved.

because the logger could technically be used without globals (think about our deliberations over log4cxx vs spdlog) and ideally our logging API would allow for non-global usage. Conversely, I do not believe the signal handling is technically feasible without using globals.

For sure. I meant "...to be initialized on a per process basis". But that doesn't have to be the case really. Logging could be initialized separately, against either global or non-global storage, and made available globally or associated explicitly with contexts or nodes, or simply passed around. Not all of those combinations are sane though.

For this pull request we just need to decide how to make it thread-safe, either in rcl or rclcpp depending on how the atomic issue is resolved.

Fully agreed.

@wjwwood

Do you guys think the current patch is thread-safe?

No, atomic counter is atomic access, it cannot take care of the failure cases. for supporting failure cases, we surely will need mutex or rwlock to keep the everyone else exclusive in specific time window.

@ivanpauno @wjwwood @hidmic

How you guys really want to proceed? Taking care of thread-safe via rclcpp?

IMO, i believe that current implementation is reasonable at certain level but expecting logging init and fini never fails.

Well, if you're mutating global state then fini and init cannot be called concurrently. I don't see how the atomic counter can protect you. We can review and discuss a concrete pull request more easily. Do you guys think the current patch is thread-safe? If so I'll re-review it with that in mind, though the doc strings still claim that they are not thread-safe.

I proposed an altarnative in #573, just to clarify my idea with code.
I think it's not a definitive solution, rcl_init should probably not be responsible of initializing the loggers. But it's just an easy way to avoid the double initialization/early finishing, and warn the user when they tried to configure the logger more than once.

I've merged the alternative PRs, sorry for the delay.
Thanks for having work on this @fujitatomoya !