Use a DFS to compare CTFE snapshots #66946
Conversation
rust-highfive
added
the
S-waiting-on-review
ecstatic-morse
force-pushed
the
better-infinite-loop
branch
2 times, most recently
from
56a760c
to
077a810
Compare
ecstatic-morse
changed the title
| /// Erase any allocation IDs. | ||
| /// | ||
| /// Used when comparing heap snapshots. | ||
| pub fn erase_id(self) -> Pointer<Tag, ()> { |
There was a problem hiding this comment.
Please rename to erase_alloc_id.
But isn't it easier to just say ptr1.offset == ptr2.offset? Pointers with AllocId type () are kind of pointless (all puns intended).
There was a problem hiding this comment.
Oh, you are recursively doing through even for Place. But how can that make any sense, given that all AllocIds are considered equal at this point...?
There was a problem hiding this comment.
👍 to erase_alloc_id.
This is the part that makes AllocIds compare as equal. It means we can use the derived PartialEq impl. The alternative is to overload AllocIdInvariant for more types, which would also be fine.
There was a problem hiding this comment.
But why does it make any sense to compare just the offsets?
There was a problem hiding this comment.
Other code is responsible for comparing the allocation that each AllocId references, specifically the PartialEq implementation of InterpRef. Am I misunderstanding the question?
src/librustc_mir/const_eval.rs
Outdated
| if ecx.machine.loop_detector.is_empty() { | ||
| // FIXME(#49980): make this warning a lint | ||
| ecx.tcx.sess.span_warn(span, | ||
| "Constant evaluating a complex constant, this might take some time"); | ||
| } |
There was a problem hiding this comment.
Why did you move this out? Seems like a layering violation for this code to care about "emptiness" of the loop detector.
There was a problem hiding this comment.
Oh I see, you could remove the tcx and span arguments then. That is a good argument, but is_empty is not a great name.
There was a problem hiding this comment.
has_been_invoked?
There was a problem hiding this comment.
No that's negated... is_unused?
There was a problem hiding this comment.
!has_been_invoked is negated but is_unused isn't?
There was a problem hiding this comment.
is_being_invoked_the_first_time() 🙃
There was a problem hiding this comment.
!has_been_invoked is negated but is_unused isn't?
Well I wanted to avoid the ! is all. It's way too easy to miss.
| type Item = FrameSnapshot<'a, 'tcx>; | ||
| /// A wrapper type for the various interpreter data structures that compares them without | ||
| /// considering the numeric value of `AllocId`s. | ||
| struct AllocIdInvariant<'a, T>(&'a T); |
There was a problem hiding this comment.
"invariant" is an odd term here, that indicates that something doesn't change.
IgnoreAllocId sounds more accurate? But I have no idea why it even makes any sense to do this.^^
There was a problem hiding this comment.
Yeah, I would not be opposed to reverting to the AllocId-sensitive method, or removing this entirely. It is pretty cool when you accidentally omit a break and you're told there's a provably infinite loop in your program, and I have some sentimental connection to this code since it was my first real rust PR. However, I think a configurable instruction limit (with a low default) coupled with a real lint would have basically the same effect.
Once loops are implemented, people will actually start hitting bugs/performance issues in this code. I wanted to make sure I understood what's going on now. I'm worried people will see long-running constant evaluations grind to a halt because of this machinery and have no way to turn it off.
cc @oli-obk
This means we have a dangling pointer, right? |
| let id = stack.pop()?; | ||
| let alloc = memory.get_raw(id); | ||
|
|
||
| if let Ok(alloc) = alloc { |
There was a problem hiding this comment.
Is this where you are ignoring InterpError? This seems reasonable.
We should make sure that we don't catch errors requiring allocation though, similar to this. Maybe create a new helper method at the error type for this?
There was a problem hiding this comment.
I'm not sure what you mean by "errors requiring allocation". Are there certain errors that we should bug on instead of ignoring? Is Ub one of these?
There was a problem hiding this comment.
Any error type that has a String or other heap types in their fields will allocate when being thrown, and the catching will then destroy the allocated values. If this allocate->throw->catch->destroy happens in a high frequency we're wasting a lot of cycles with all the allocating/deallocating.
So, the idea is to make sure that any error that is caught and acted upon (and not just rethrown) does not allocate
There was a problem hiding this comment.
Idea: Should we make the set of errors that Memory can emit a separate type (with appropriate Into impls) so we know the set of errors that Memory methods can emit and can make sure all of them don't allocate?
There was a problem hiding this comment.
That makes sense. I'll probably wait for someone else to do this? It feels like y'all have a decent idea of what you want here.
| // dependencies. | ||
| let bytes = self.inspect_with_undef_and_ptr_outside_interpreter(all_bytes); | ||
| live_allocs.map(|(_, alloc)| alloc.ok().map(AllocIdInvariant)) | ||
| .eq(other_live_allocs.map(|(_, alloc)| alloc.ok().map(AllocIdInvariant))) |
There was a problem hiding this comment.
@RalfJung. I discard the contents of the InterpError with ok. Do you think we can differentiate between null pointers, pointers to ZSTs and dangling pointers by looking at InterpError like you mentioned above? Do ZST pointers have zero-sized backing allocations?
src/librustc_mir/const_eval.rs
Outdated
| if ecx.machine.loop_detector.is_empty() { | ||
| // FIXME(#49980): make this warning a lint | ||
| ecx.tcx.sess.span_warn(span, | ||
| "Constant evaluating a complex constant, this might take some time"); | ||
| } |
There was a problem hiding this comment.
is_being_invoked_the_first_time() 🙃
ecstatic-morse
force-pushed
the
better-infinite-loop
branch
4 times, most recently
from
4027611
to
baac4af
Compare
ecstatic-morse
changed the title
| //! | ||
| //! ```rust,ignore(const-loop) | ||
| //! const fn inf_loop() { | ||
| //! // Function call to prevent promotion. |
There was a problem hiding this comment.
inside const fns promotion is not prevented for const fns, also memoization will memoize this 🙃
You'll want const fn zeros(_: &i32) -> [isize; 4] { [0; 4] } and pass a local variable as a reference at the call site.
There was a problem hiding this comment.
Doh! Can't believe I missed this. My worry is that the test for issue 52475 isn't really creating new AllocIds, since the &0 is getting promoted out.
This method is based on `erase_tag`, and replaces `AllocId`s with `()`.
Co-Authored-By: Oliver Scherer <[email protected]>
ecstatic-morse
force-pushed
the
better-infinite-loop
branch
from
a168d70
to
afb4faa
Compare
|
☔ The latest upstream changes (presumably #67216) made this pull request unmergeable. Please resolve the merge conflicts. |
|
What is the long-term plan here? From other conversation, it seems like one plan was to remove the loop checker entirely. So we probably should finish that discussion before spending more time on this PR? Also I got quite a backlog of PRs to handle so @oli-obk if you could take over review that would be much appreciated. |
| //! Instead of comparing `AllocId`s between snapshots, we first map `AllocId`s in each snapshot to | ||
| //! their DFS index, then compare those instead. |
There was a problem hiding this comment.
That makes sense. However, what I would have expected then is to see Pointer<Tag, DfsIndex> instead of Pointer<Tag, AllocId>, and then one would compare those. What I still don't get is why we have a way to compare pointers ignoring the AllocId. That means we must have a magic scheme somewhere to figure out all the AllocId we ignored and compare their DfsIndex instead? That sounds quite round-about and fragile, on first sight. (I didn't read the code, though.)
|
r? @oli-obk |
This was discussed in https://rust-lang.zulipchat.com/#narrow/stream/146212-t-compiler.2Fconst-eval/topic/Time.20limits.20during.20const-eval/near/183588492 and from the last comment
I am assuming that we can close this PR |
…op-detector, r=RalfJung Remove const eval loop detector Now that there is a configurable instruction limit for CTFE (see rust-lang#67260), we can replace the loop detector with something much simpler. See rust-lang#66946 for more discussion about this. Although the instruction limit is nightly-only, the only practical way to reach the default limit uses nightly-only features as well (although CTFE will still execute code using such features inside an array initializer on stable). This will at the very least require a crater run, since it will result in an error wherever the "long running const eval" warning appeared before. We may need to increase the default for `const_eval_limit` to work around this. Resolves rust-lang#54384 cc rust-lang#49980 r? @oli-obk cc @RalfJung
…op-detector, r=RalfJung Remove const eval loop detector Now that there is a configurable instruction limit for CTFE (see rust-lang#67260), we can replace the loop detector with something much simpler. See rust-lang#66946 for more discussion about this. Although the instruction limit is nightly-only, the only practical way to reach the default limit uses nightly-only features as well (although CTFE will still execute code using such features inside an array initializer on stable). This will at the very least require a crater run, since it will result in an error wherever the "long running const eval" warning appeared before. We may need to increase the default for `const_eval_limit` to work around this. Resolves rust-lang#54384 cc rust-lang#49980 r? @oli-obk cc @RalfJung
This is an alternative fix to #52475 that hopes to address some parts of #54384.
The major development in this PR is the use of an actual depth-first search to compare the heap between snapshots, instead of the current recursive method. We treat the set of pointers on the stack as an ordered list of "roots". Using this as the initial search stack, a DFS can enumerate all reachable memory in a predictable order. This is important, since without a stable ordering, we would need to compute an isomorphism for the allocation graph of each snapshot to compare them.
Equality between snapshots is checked by iterating in lock-step over their allocation graphs and comparing each
Allocationusing anIgnoreAllocIdwrapper with customPartialEqandHashimpls. If the allocations are equivalent but forAllocIds, all pointers in the allocation are mapped to a DFS index and then compared.I find the existing implementation pretty inscrutable, so I'm not equipped to speculate on performance differences. At the very least, my method will use less memory when a collision does occur, since we no longer clone
Memoryin full, just the reachable portions.Some aspects of #54384 remain unaddressed, most notably what to do when we fail to resolve an
AllocId. My PR takes what I believe is the same approach as the existing implementation; it converts theInterpErrorinto aNoneand continues traversing the allocation graph. I don't know what the correct behavior would be.r? @RalfJung
cc @oli-obk