[BUG] [Hotspot] ThrottlingTrafficShapingController Burst Handling Defect (Pulsed Traffic Bypass)

[kongchengzhuge]

Issue Description

Type: bug report

Describe what happened

Hotspot Parameter Rate Limiting - Queuing Strategy Batch Count Explosion
In the queuing waiting strategy for hotspot parameter rate limiting:

1. The first request is default allowed (no waiting)
2. Subsequent requests are scheduled based on lastPassTime. When lastPassTime is stale (long elapsed), the rate limiter may allow a massive batchCount (far exceeding Threshold)

Describe what you expected to happen

I expect that under this strategy, if batchCount exceeds the threshold, it needs to be rejected, and maxQueuingTime can also be taken into account to increase the threshold.

How to reproduce it (as minimally and precisely as possible)

modify hotspot_params_qps_throttling_example.go

func main() {
	conf := config.NewDefaultConfig()
	// for testing, logging output to console
	conf.Sentinel.Log.Logger = logging.NewConsoleLogger()
	err := sentinel.InitWithConfig(conf)
	if err != nil {
		log.Fatal(err)
	}

	_, err = hotspot.LoadRules([]*hotspot.Rule{
		{
			Resource:          "def",
			MetricType:        hotspot.QPS,
			ControlBehavior:   hotspot.Throttling,
			ParamIndex:        1,
			Threshold:         1000,
			MaxQueueingTimeMs: 5,
			DurationInSec:     1,
		},
	})
	if err != nil {
		log.Fatalf("Unexpected error: %+v", err)
		return
	}

	logging.Info("[HotSpot Throttling] Sentinel Go hot-spot param flow control demo is running. You may see the pass/block metric in the metric log.")

	for {
		e, b := sentinel.Entry("def", sentinel.WithArgs(false, uint32(9), "ahas", fooStruct{rand.Int63() % 5}), sentinel.WithBatchCount(2000))
		if b != nil {
			// Blocked. We could get the block reason from the BlockError.
		} else {
			// Passed, wrap the logic here.
			// Be sure the entry is exited finally.
			e.Exit()
		}

		time.Sleep(time.Duration(3) * time.Second)
	}
	// The QPS of abc is about: 15000
	// The QPS of def is about: 950
}

output

1743003825000|2025-03-26 23:43:45|def|2000|0|2000|0|0|0|1|0
1743003828000|2025-03-26 23:43:48|def|2000|0|2000|0|0|0|1|0
1743003831000|2025-03-26 23:43:51|def|2000|0|2000|0|0|0|1|0
1743003834000|2025-03-26 23:43:54|def|2000|0|2000|0|0|0|1|0
1743003837000|2025-03-26 23:43:57|def|2000|0|2000|0|0|0|1|0
1743003840000|2025-03-26 23:44:00|def|2000|0|2000|0|0|0|1|0
1743003843000|2025-03-26 23:44:03|def|2000|0|2000|0|0|0|1|0

Tell us your environment

Anything else we need to know?

[kongchengzhuge]

I want to discuss whether this situation is in line with expectations. I understand that the batchCount that exceeds the threshold should be limited, which is also what users expect. If necessary, I can submit a PR to fix this problem.

[LearningGp]

Thank you for the detailed analysis! I agree that when the first request arrives (or after lastPassTime expires), sentinel should evaluate the request against the threshold and maximum wait time. We welcome your PR to implement this fix – please let me know if you need any context or guidance!

[kongchengzhuge]

You can assign this issue to me and I will submit a PR as soon as possible.

Thank you for the detailed analysis! I agree that when the first request arrives (or after lastPassTime expires), sentinel should evaluate the request against the threshold and maximum wait time. We welcome your PR to implement this fix – please let me know if you need any context or guidance!