Fix segfault caused by unsafe garbage collection optimization #4256
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
ponylang-main
added
the
discuss during sync
SeanTAllen
commented
Nov 23, 2022
| @@ -10,6 +10,11 @@ | |||
|
|
|||
| DEFINE_STACK(ponyint_gcstack, gcstack_t, void); | |||
|
|
|||
| static bool might_reference_actor(pony_type_t* t) | |||
| { | |||
| return t != NULL && t->might_reference_actor; | |||
There was a problem hiding this comment.
sometimes type is NULL because we are looking at an opaque object (for example pony_trace sends NULL for type).
Sending everything through this rather than playing whack-a-mole with finding anything where type might be NULL seems like a much better idea.
|
We discussed this in great detail during our sync call. We decided to merge this without any optimizations in place yet. |
|
I will work on getting this mergeable by next week. |
SeanTAllen
removed
the
discuss during sync
SeanTAllen
changed the title
ponylang-main
added
the
discuss during sync
SeanTAllen
force-pushed
the
issue-1118-2
branch
from
5895042 to
0b180b1
Compare
SeanTAllen
added
do not merge
So that we are less likely to time out on lower powered systems.
jemc
approved these changes
Dec 13, 2022
SeanTAllen
removed
do not merge
Merged
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Prior to this commit, there was an unsafe optimization in the Pony runtime. The
optimization is detailed in the ORCA paper on the garbage collection protocol
and is usually safe, but sadly not always.
The optimization cuts down on the amount of tracing that is done when an object
is sent from one actor to another. It is based on the observation that for the
sake of reference counting, we don't need to count every object in a graph that
is sent from actor A to actor B so long as the root of the graph being sent is
immutable. This optimization provides a large performance boost over tracing
all objects sent from one actor to another. It also will from time to time,
introduce a segfault that takes down the runtime.
Issue #1118 is the most
obvious instance of the bug caused by the optimization. The core of the problem
is that when an actor's reference count hits 0, it should be able to be reaped.
However, if a reference to an actor is sent to another actor inside an
immutable object, the actor will not be traced on send and might get reaped
while references to it exist. Once that happens, a segfault is guaranteed.
We have fixed the safety problem by tracing every object sent between actors.
In not very rigorous testing using a modified version of
message-ubench,
we saw a 1/3 drop in performance compared to running with the
safety problem/optimization enabled. It should be noted that the 1/3 drop in
performance is probably the high-end in terms of performance hit and many Pony
programs will see little to no performance change.
Additionally, it was observed that overall memory usage for a given program increased when this change was applied. It doesn't look like there's a memory leak, rather, that there is some emergent behavior from the change that results
in more memory being allocated overall. I don't believe it is from a bug but
would not swear that is the case.
Our plan moving forward is to start adding smarts to the compiler in an
incremental fashion so that we can turn the "problematic optimization" back on
when it isn't problematic. We will never recover "all lost performance" because
there are times when the optimization is unsafe and no amount of compiler
smarts will allow us to turn the optimization on in those situations. We can
however, over time, turn the optimization back on for more and more types.
In this commit, we have the early groundwork for change where we add a new
field to all pony type descriptors that holds a boolean for whether a given
type might contain a reference to an actor. If it might, we have to trace. If
the compiler can prove that it doesn't, then sending an immutable version of
the class inter-actor won't require tracing.