Extract pool blocking-period error state into BlockingPeriodErrorState

[mdaigle]

Summary

This is Part 1 of 3 splitting #4376 ("Dev/mdaigle/pool rate limit") into stacked, reviewable PRs.

This PR extracts the connection pool's blocking-period (error backoff) logic out of WaitHandleDbConnectionPool into a reusable, testable BlockingPeriodErrorState class. This keeps the pool's connection-acquisition path focused on capacity/queue concerns. Part 2 will use the new class to implement blocking period support in the ChannelDbConnectionPool.

Changes

• New BlockingPeriodErrorState — encapsulates cached-exception fast-fail, exponential backoff (5s → 60s cap), exit timer, and synchronization. Takes an injectable TimeProvider so timer scheduling is deterministic in tests.
• WaitHandleDbConnectionPool — refactored to use BlockingPeriodErrorState instead of inline error-state fields/logic.
• DbConnectionPoolGroup.IsBlockingPeriodEnabled() — new helper centralizing the PoolBlockingPeriod decision (Auto → not an Azure SQL endpoint, AlwaysBlock → true, NeverBlock → false). Consumed by Part 2.
• ADP.UnsafeCreateTimer(TimeProvider, ...) — new overload returning ITimer that suppresses ExecutionContext flow while honoring the injected TimeProvider; required by BlockingPeriodErrorState.
• BlockingPeriodErrorStateTest — unit tests using FakeTimeProvider (29 tests).

Stacking

• Part 1 (this PR) → main
• Part 2 (channel-pool rate limiting) → this branch
• Part 3 (GitHub instructions) → Part 2

Checklist

• Tests added (29 passing via FakeTimeProvider)
• No public API changes
• No breaking changes
• Verified against customer repro (n/a — internal refactor)

[Copilot]

Pull request overview

Refactors the legacy wait-handle connection pool’s blocking-period (error backoff) logic into a dedicated BlockingPeriodErrorState component, adds a pool-group helper for determining when blocking is enabled, and introduces a TimeProvider-based timer factory to enable deterministic unit testing.

Changes:

• Added BlockingPeriodErrorState (cached exception + exponential backoff + exit timer) and corresponding unit tests using FakeTimeProvider.
• Refactored WaitHandleDbConnectionPool to delegate blocking-period logic to the new state object and moved the blocking-period enablement decision into DbConnectionPoolGroup.
• Added an ADP.UnsafeCreateTimer(TimeProvider, ...) overload returning ITimer to support TimeProvider-driven timers.

Reviewed changes

Copilot reviewed 5 out of 5 changed files in this pull request and generated 4 comments.

Show a summary per file

File	Description
src/Microsoft.Data.SqlClient/tests/UnitTests/ConnectionPool/BlockingPeriodErrorStateTest.cs	Adds comprehensive unit tests for the new blocking-period state logic using FakeTimeProvider.
src/Microsoft.Data.SqlClient/src/Microsoft/Data/SqlClient/ConnectionPool/WaitHandleDbConnectionPool.cs	Replaces inlined error/backoff fields and timer logic with BlockingPeriodErrorState.
src/Microsoft.Data.SqlClient/src/Microsoft/Data/SqlClient/ConnectionPool/DbConnectionPoolGroup.cs	Centralizes the PoolBlockingPeriod decision into IsBlockingPeriodEnabled().
src/Microsoft.Data.SqlClient/src/Microsoft/Data/SqlClient/ConnectionPool/BlockingPeriodErrorState.cs	Introduces the new reusable blocking-period error state implementation.
src/Microsoft.Data.SqlClient/src/Microsoft/Data/Common/AdapterUtil.cs	Adds a TimeProvider-aware UnsafeCreateTimer overload returning ITimer.

[codecov]

Codecov Report

❌ Patch coverage is 94.87179% with 6 lines in your changes missing coverage. Please review.
✅ Project coverage is 63.67%. Comparing base (44e1b72) to head (b7dbf34).
⚠️ Report is 2 commits behind head on main.

Files with missing lines	Patch %	Lines
...SqlClient/src/Microsoft/Data/Common/AdapterUtil.cs	75.00%	2 Missing ⚠️
.../SqlClient/ConnectionPool/DbConnectionPoolGroup.cs	75.00%	2 Missing ⚠️
...lient/ConnectionPool/WaitHandleDbConnectionPool.cs	88.23%	2 Missing ⚠️

Additional details and impacted files

@@            Coverage Diff             @@
##             main    #4395      +/-   ##
==========================================
- Coverage   65.32%   63.67%   -1.66%     
==========================================
  Files         285      281       -4     
  Lines       43373    66403   +23030     
==========================================
+ Hits        28335    42279   +13944     
- Misses      15038    24124    +9086     

Flag	Coverage Δ
CI-SqlClient	?
PR-SqlClient-Project	63.67% <94.87%> (?)

Flags with carried forward coverage won't be shown. Click here to find out more.

☔ View full report in Codecov by Harness.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:

• ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.

[mdaigle]

Creating a timer via a TimeProvider allows for faking time in unit tests. I chose not to change existing overloads to feed into this one because there are many spots already use them and it would be a more extensive refactor.

[mdaigle]

There was a check/act race condition here. The new class uses a local variable to check and throw.

[mdaigle]

There is a chance this may not throw, in which case, loop back around to check available wait handles.

[mdaigle]

This behavior was missing before. If we somehow successfully create a connection while in the blocking period (via some race condition with checking the error state), then we should reset the whole error state including the ManualResetEvent and the cached exception, not just the wait period. There's no need to wait until the timer fires to allow more creates if we know we're succeeding now.

[mdaigle]

Lots of race conditions possible here. I decided to move this all under a lock so that all of the relevant values are updated atomically.

[mdaigle]

This was the existing cloning logic

[Copilot]

Pull request overview

Copilot reviewed 5 out of 5 changed files in this pull request and generated 5 comments.

[paulmedynski]

Agreed - let's put this new code inside a nullable block.

[paulmedynski]

It's a shame TimerCallback<State> doesn't exist. Would it be worth adding to allow our calling code to be strongly typed?

[paulmedynski]

The default here hides a problem where we add/remove an enum member and forget to update this switch statement. This is a programming error in code we own (wherever _connectionOptions.PoolBlockingPeriod is assigned). Let's let the compiler tell us we're missing an enum member by omitting the default branch entirely.

I believe using a switch expression (rather than a switch statement) gives us the best exhaustiveness checking for enum member switches.

return _connectionOptions.PoolBlockingPeriod switch
{
  PoolBlockingPeriod.Auto => ...,
  PoolBlockingPeriod.AlwaysBlock => ...,
  PoolBlockingPeriod.NeverBlock => ...
}

ConnectionOptions should be guaranteeing that PoolBlockingPeriod is always a well-defined enum member value. Add that guarantee if it is missing.

[paulmedynski]

I would put this last to avoid one of the operations below from failing and then never being able to re-run disposal to completion (i.e. keep IDisposable's idempotency promise). Obviously the actual operations here aren't going to fail (in a non-catastrophic way), but you never know who will be here next adding things.

[paulmedynski]

I like to put Dispose() (and the finalizer if it exists) beside the constructors since it's essentially the opposite operation, and it's nice to be able to see both together. And I try to remember to use a #region Construction. Just a style suggestion.

[paulmedynski]

I wouldn't mention who supplies it or why. But I would add what null means. And I would specify that these callbacks must not throw.

[paulmedynski]

Just > is sufficient here.

[paulmedynski]

Guard against misbehaving callbacks and Dispose() with try/catch that swallows. Same for Clear(), ExitCallback(), and our Dispose().

[paulmedynski]

There's definitely some overlap between Clear, ExitCallback, and Dispose. I'm having trouble understanding why they aren't all the same. It seems like _cachedException, _inElevatedState, _exitTimer, and _nextWait could all live/die together in a helper class.