[core] Use an actor model for tile worker concurrency

[jfirebaugh]

GeometryTile and RasterTile now communicate with their asynchronous worker according to the actor model.

This has the following benefits:

• Source-specific processing lives in source-specific worker classes (GeometryTileWorker and RasterTileWorker).
• No need to spawn a new set of worker threads when the style changes. We could switch to a process-wide worker pool easily.
• No need to write Worker wrappers for every TileWorker method.
• Impossible to access worker state from the tile object.
• "Invocation" is now 100% fire-and-forget: there is no support for cancelling a previous message and thus no possibility of unexpectedly blocking on cancellation.
• Introduces a more flexible model for asynchronous messaging, making Remove concurrent access to objects from worker threads #667 more tractable.
• Provides a clear path for using the built-in thread pool on node (worker usage should be customizable #3982).
• Fixes Worker pool should share queue instead of round-robin distribution #1471.
• Fixes Move WorkTask callback invocation after task invocation #3722.
• Fixes Fix race condition with GeometryTile::redoLayout #6263 and removes the band-aids ([core] Band-aid to prevent GeometryTile::redoLayout race condition from causing a crash #6322, [core] Another band-aid (#6322) #6333).

Code docs

An Actor<O> is an owning reference to an asynchronous object of type O: an "actor".
Communication with an actor happens via message passing: you send a message to the object
(using invoke), passing a pointer to the member function to call and arguments which
are then forwarded to the actor.

The actor receives messages sent to it asynchronously, in a manner defined its Scheduler.
To store incoming messages before their receipt, each actor has a Mailbox, which acts as
a FIFO queue. Messages sent from actor S to actor R are guaranteed to be processed in the
order sent. However, relative order of messages sent by two different actors S1 and S2
to R is not guaranteed (and can't be: S1 and S2 may be acting asynchronously with respect
to each other).

Construction and destruction of an actor is currently synchronous: the corresponding O
object is constructed synchronously by the Actor constructor, and destructed synchronously
by the ~Actor destructor, after ensuring that the O is not currently receiving an
asynchronous message. (Construction and destruction may change to be asynchronous in the
future.)

An Actor<O> can be converted to an ActorRef<O>, a non-owning value object representing
a (weak) reference to the actor. Messages can be sent via the Ref as well.

It's safe -- and encouraged -- to pass Refs between actors via messages. This is how two-way
communication and other forms of collaboration between multiple actors is accomplished.

It's safe for a Ref to outlive its Actor -- the reference is "weak", and does not extend
the lifetime of the owning Actor, and sending a message to a Ref whose Actor has died is
a no-op. (In the future, a dead-letters queue or log may be implemented.)

Please don't send messages that contain shared pointers or references. That subverts the
purpose of the actor model: prohibiting direct concurrent access to shared state.

A Scheduler is responsible for coordinating the processing of messages by
one or more actors via their mailboxes. It's an abstract interface. Currently,
the following concrete implementations exist:

• ThreadPool can coordinate an unlimited number of actors over any number of
  threads via a pool, preserving the following behaviors:

  • Messages from each individual mailbox are processed in order
  • Only a single message from a mailbox is processed at a time; there is no
    concurrency within a mailbox

  Subject to these constraints, processing can happen on whatever thread in the
  pool is available.

• RunLoop is a Scheduler that is typically used to create a mailbox and
  ActorRef for an object that lives on the main thread and is not itself wrapped
  as an Actor:

    auto mailbox = std::make_shared<Mailbox>(*util::RunLoop::Get());
    Actor<Worker> worker(threadPool, ActorRef<Foo>(*this, mailbox));
  

Notes on implementation patterns

The actor model is a constrained environment. All you can do is send messages! Implementing behaviors that would be easy in a single threaded or shared memory environment takes a degree of cleverness, or at least knowledge of certain patterns.

Here are the patterns that GeometryTile / GeometryTileWorker use to get their job done:

• Correlation Identifier allows GeometryTile to know when the worker has finished processing the most recent data it's been sent, such that the tile can be considered "fully loaded".
• GeometryTileWorker is a State Machine: it transitions between states depending on which messages it receives, and its behavior for messages of a certain type depends on what state it's in.
• GeometryTileWorker creates a Self-Sent Message: a message it sends to itself, asynchronously. Its state transitions are defined in such a way that this allows it to coalesce the other messages it receives, to avoid doing obsolete work.

If we use actors more, which I think we should, we'll probably reuse these patterns and more.

TODO

Now:

• Write unit tests for the new types. They're integration tested via existing tests, but should be independently tested.

Future:

• Convert Thread users to actors, and remove Thread. This is a strictly better model.
• Think about adding a "supervisor" concept/type and more clearly defined exception handling behavior.

[mention-bot]

@jfirebaugh, thanks for your PR! By analyzing this pull request, we identified @ansis, @tmpsantos and @mikemorris to be potential reviewers.

[kkaefer]

\o/

[jfirebaugh]

Added unit tests and did some high-intensity panning, zooming, rotating, and style switching on my iPhone. Everything is looking good.

@tmpsantos, @kkaefer, want to review?

[tmpsantos]

Good job with this refactoring.

[tmpsantos]

Is this safe? If all threads are busy will this cause the message on the mailbox to starve because no thread will be waiting on the synchronization point?

[jfirebaugh]

It's safe because we use the version of condition_variable::wait which accepts a predicate. If all threads are busy, on the subsequent loop whichever thread obtains the mutex first will check the predicate !queue.empty() || terminate.load(), see that it's true, and not wait on the condition variable.

[tmpsantos]

I particularly find using a = b inside an if confusing as I tend to think it was a typo.

[jfirebaugh]

This is the idiomatic use of weak_ptr; see e.g. here. In general, declaring on a separate line would require an extra set of braces and indentation to preserve the same region of locking:

{
    auto locked = mailbox.lock();
    if (locked) {
        ...
    }
}

[tmpsantos]

Maybe we should move the number of works to constants.hpp

[jfirebaugh]

Agreed. I think we can target that for a followup that also makes the thread pool global, instead of per-Map.

[tmpsantos]

Nice, so when we get rid of util::Thread we can get rid of all the locking and complexity of the RunLoop, I suppose.

[tmpsantos]

I love this abstraction. It could be used for creating a out-of-process worker if ever needed.

[tmpsantos]

It is not clear to me what is the first parameter on this constructor used for.

[jfirebaugh]

Good point, I'll document this.

[tmpsantos]

@kkaefer can you also 👀 before we merge?