sufficiently-deterministic GC #2615
Assignees
Labels
Milestone
Comments
This was referenced Mar 14, 2021
warner
added a commit
that referenced
this issue
Mar 15, 2021
This removes `vatDecref` from manager-local, which will be replaced by a syscall-based mechanism as part of #2615.
warner
added a commit
that referenced
this issue
Mar 15, 2021
This removes `vatDecref` from manager-local, which will be replaced by a syscall-based mechanism as part of #2615.
warner
added a commit
that referenced
this issue
Mar 15, 2021
This removes `vatDecref` from manager-local, which will be replaced by a syscall-based mechanism as part of #2615.
warner
added a commit
that referenced
this issue
Mar 15, 2021
This removes `vatDecref` from manager-local, which will be replaced by a syscall-based mechanism as part of #2615.
warner
added a commit
that referenced
this issue
Mar 15, 2021
This removes `vatDecref` from manager-local, which will be replaced by a syscall-based mechanism as part of #2615.
warner
added a commit
that referenced
this issue
Mar 15, 2021
This removes `vatDecref` from manager-local, which will be replaced by a syscall-based mechanism as part of #2615.
This was referenced Mar 16, 2021
Closed
warner
added a commit
that referenced
this issue
Mar 19, 2021
Modify xsnap.c to add a `gc()` function to the globals of the
initial ("start") Compartment. This function should trigger an immediate,
synchronous, full GC sweep. As a non-standard global, the `gc()` function
will be filtered out of the globals in all child Compartments by SES as
usual.
Note that this changes the snapshot format: heap snapshots written before
this change cannot be read by code after this change. This happens because
`gc()` (which is implemented in C) is a new "callback" (a C function made
available to JS code), which is an "exit" from the reference graph. It must
be recognized during serialization, and re-attached during reload, and xsnap
cannot handle loading snapshots with a different set of exits, even purely
additive changes.
closes #2682
refs #2660
refs #2615
warner
added a commit
that referenced
this issue
Mar 19, 2021
Modify xsnap.c to add a `gc()` function to the globals of the
initial ("start") Compartment. This function should trigger an immediate,
synchronous, full GC sweep. As a non-standard global, the `gc()` function
will be filtered out of the globals in all child Compartments by SES as
usual.
Note that this changes the snapshot format: heap snapshots written before
this change cannot be read by code after this change. This happens because
`gc()` (which is implemented in C) is a new "callback" (a C function made
available to JS code), which is an "exit" from the reference graph. It must
be recognized during serialization, and re-attached during reload, and xsnap
cannot handle loading snapshots with a different set of exits, even purely
additive changes.
closes #2682
refs #2660
refs #2615
This was referenced Mar 19, 2021
9 tasks
warner
added a commit
that referenced
this issue
May 21, 2021
Consensus mode will depend upon GC being deterministic, but solo mode does not. Solo mode requires GC be "sufficiently deterministic", which means a finalizer may or may not run in any given crank. To support this, we must not record the GC-related syscalls (dropImport, retireImport, retireExport) in the transcript. When replaying a transcript, we ignore these syscalls as well. closes #3146 refs #2615 refs #2660 refs #2724
warner
added a commit
that referenced
this issue
May 21, 2021
Consensus mode will depend upon GC being deterministic, but solo mode does not. Solo mode requires GC be "sufficiently deterministic", which means a finalizer may or may not run in any given crank. To support this, we must not record the GC-related syscalls (dropImport, retireImport, retireExport) in the transcript. When replaying a transcript, we ignore these syscalls as well. closes #3146 refs #2615 refs #2660 refs #2724
warner
added a commit
that referenced
this issue
May 21, 2021
Consensus mode will depend upon GC being deterministic, but solo mode does not. Solo mode requires GC be "sufficiently deterministic", which means a finalizer may or may not run in any given crank. To support this, we must not record the GC-related syscalls (dropImport, retireImport, retireExport) in the transcript. When replaying a transcript, we ignore these syscalls as well. closes #3146 refs #2615 refs #2660 refs #2724
warner
added a commit
that referenced
this issue
May 24, 2021
Change liveslots to provoke GC at mid-crank, then process the "dead set" and emit `syscall.dropImports` for everything we can. For now, we conservatively assume that everything remains recognizable, so we do *not* emit `syscall.retireImport` for anything. The vref might be used as a WeakMap/WeakSet key, and the VOM isn't yet tracking those. When #3161 is done, we'll change liveslots to ask the VOM about each vref, and retire the ones it does not know how to recognize (which will hopefully be the majority of them). closes #3147 refs #2615 refs #2660
warner
added a commit
that referenced
this issue
May 25, 2021
Change liveslots to provoke GC at mid-crank, then process the "dead set" and emit `syscall.dropImports` for everything we can. For now, we conservatively assume that everything remains recognizable, so we do *not* emit `syscall.retireImport` for anything. The vref might be used as a WeakMap/WeakSet key, and the VOM isn't yet tracking those. When #3161 is done, we'll change liveslots to ask the VOM about each vref, and retire the ones it does not know how to recognize (which will hopefully be the majority of them). closes #3147 refs #2615 refs #2660
|
This was sufficiently implemented in #3106 . We still have remaining tasks to handle virtual objects and virtualized data completely, but normal Remotables and Presences ought to be collected now, both in the kernel and over comms. |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
What is the Problem Being Solved?
#1872 was about how swingset should approach GC given the lack of engine-level determinism. In #1872 (comment) we figured that we can get enough deterministic behavior out of the engine we're using to use a somewhat simpler design. This ticket captures that subset and replaces #1872.
The checklist of subtasks is:
syscall.dropImportsto the vat-to-kernel pathway, so liveslots can charge ahead without waiting for the kernel add no-op syscall.dropImports to vat-kernel protocol #2635dispatch.dropExportsto the kernel-to-vat pathway, so the kernel can charge ahead without waiting for liveslots. This needs to be added to the comms vat too. add a no-op dispatch.dropExports to the kernel-to-vat pathway #2653dispatch.dropExportmake liveSlots honor dropExports #2664syscall.dropImportsat the right time, based on finalizers running change liveslots to use WeakRefs to track objects and report their disuse #2660syscall.dropImportsin the transcript, or expecting a replay to match those callsdispatch.dropExportsas soon as the refcount drops to zero GC: implement full kernel-side refcount management #2646lastMentionedmechanism described in Cope with asynchrony in remote retirement of promise IDs #2509 (comment)Description of the Design
On the export side, liveslots will change
slotToValto holdWeakRefvalues instead of strong references to Remotables. A separateSetnamedexportswill hold strong references until adispatch.dropExportsrelieves the vat of that duty.On the import side, the
slotToValweakref allows liveslots to sense when an import (Presence) becomes unreferenced. Liveslots will use aFinalizationRegistryto detect this. Acting upon the callbacks (callingsyscall.dropImports) is deferred to the end of the crank, which liveslots needs to be able to sense internally. Liveslots is also responsible for calling a platform-provided "force GC" function, and giving it time to fire the callbacks. A flag should tell liveslots to enable all this behavior.We'll have one mode we use on-chain, which requires determinism. It will run vats under XS, trigger a single worker's GC at the end of each crank, and call
dropImportright away.There will be a different mode for solo machines, which need hangover-consistency but not determinism. This can run vats under Node.js, and doesn't need to trigger GC deliberately. If/when finalizers fire, vats will notice it at the end of crank and invoke
syscall.dropImportsat the right time (we must still make suredropImportsonly happens at the end of crank, and only for the vat being invoked). We might need some extra mechanism to make sure infrequently-called vats have a chance to shed their imports.The text was updated successfully, but these errors were encountered: