fix(swingset): disable metering around GC-sensitive operations #3583
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
warner
force-pushed
the
3458-unmetered-box
branch
from
5c3e902 to
bd30a24
Compare
When a swingset kernel is part of a consensus machine, the visible state must be a deterministic function of userspace activity. Every member kernel must perform the same set of operations. However we are not yet confident that the timing of garbage collection will remain identical between kernels that experience different patterns of snapshot+restart. In particular, up until recently, the amount of "headroom" in the XS memory allocator was reset upon snapshot reload: the new XS engine only allocates as much RAM as the snapshot needs, whereas before the snapshot was taken, the RAM footprint could have been larger (e.g. if a large number of objects we allocated and then released), leading to more "headroom". Automatic GC is triggered by an attempt to allocate space which cannot be satisfied by this headroom, so it will happen more frequently in the post-reload engine than before the snapshot. To accommodate differences in GC timing between kernels that are otherwise operating in consensus, this commit introduces the "unmetered box": a span of execution that does not count against the meter. We take all of the liveslots operations that might be sensitive to the engine's GC behavior and put them "in" the box. This includes any code that calls `deref()` on the WeakRefs used in `slotToVal`, because the WeakRef can change state from "live" to "dead" when GC is provoked, which is sensitive to more than just userspace behavior. closes #3458
warner
force-pushed
the
3458-unmetered-box
branch
from
bd30a24 to
9d5d652
Compare
|
This seems pretty terrible from a legibility perspective, and so I have to wonder if a notationally less awkward approach is possible (can't think of one, but we are collectively very clever...). Further, I'm more than a little concerned by the somewhat ad hoc nature of the selection of things to be wrapped. I'm wondering if there's some way to just meter user code and leave everything that's part of liveslots unmetered. |
|
abandoned in favor of #3667 |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
When a swingset kernel is part of a consensus machine, the visible state must
be a deterministic function of userspace activity. Every member kernel must
perform the same set of operations.
However we are not yet confident that the timing of garbage collection will
remain identical between kernels that experience different patterns of
snapshot+restart. In particular, up until recently, the amount of "headroom"
in the XS memory allocator was reset upon snapshot reload: the new XS engine
only allocates as much RAM as the snapshot needs, whereas before the snapshot
was taken, the RAM footprint could have been larger (e.g. if a large number
of objects we allocated and then released), leading to more "headroom".
Automatic GC is triggered by an attempt to allocate space which cannot be
satisfied by this headroom, so it will happen more frequently in the
post-reload engine than before the snapshot.
To accommodate differences in GC timing between kernels that are otherwise
operating in consensus, this commit introduces the "unmetered box": a span of
execution that does not count against the meter. We take all of the liveslots
operations that might be sensitive to the engine's GC behavior and put them
"in" the box.
This includes any code that calls
deref()on the WeakRefs used inslotToVal, because the WeakRef can change state from "live" to "dead" whenGC is provoked, which is sensitive to more than just userspace behavior.
closes #3458