-
Notifications
You must be signed in to change notification settings - Fork 205
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
update to latest XS, with map-iterator GC fix (also native lockdown/harden/purify) #3889
Comments
I was able to temporarily work around the
With that in place, the memory growth problem seems to be resolved by this version of XS. |
To characterize the previous problem, I instrumented XS to print const s = new Set();
let a;
for (let i=0; i<100; i++) {
a = {};
s.add(a);
s.delete(a);
gc();
} and it showed const m = new Map();
let a,b,c;
for (let i=0; i<100; i++) {
a = {}; b = {}; c = { b };
m.set(a, c);
m.delete(a);
gc();
} grows by two slots per loop. As Peter explained to me, the bug is not that the keys or values were being retained ( The new code has a much more complete implementation and appears to drop the placeholder values as soon as the number of iterators on the Map/Set drops to zero. This reveals a resource attack (which, to be fair, has been around all the time), in which the attacker obtains an iterator on your long-lived high-traffic Map and then never lets it go. If they never give it up, you can say goodbye to your ability to keep your memory footprint low, which can hurt you. We should keep this in mind for exposing iterators through the marshaller and swingset. |
We do plan to eventually expose async iterators through marshal. But not JS Maps and Sets, and thus likely not their perpetual iterators. The iteration semantics for stores is much more modest and should not create weird storage obligations. More on this later. |
NB the code I described above has been replaced again: it no longer tracks how many iterators are present, and holding onto an iterator no longer inhibits collection of deleted entries. The placeholder values are dropped as soon as the entry is deleted, however this means |
* fix a major memory leak: 64 bytes per Map `delete()`, 32 per Set `delete()` * should: closes #3839 * unfortunately Map/Set deletion is now O(N) not O(1) * possibly fix #3877 "cannot read (corrupted?) snapshot" Note that this breaks snapshot compatibility, and probably metering compatibility. closes #3889
We upgrade the XS submodule to the latest version: Moddable-OpenSource/moddable@10cc52e This fixes a major memory leak: 64 bytes per Map `delete()`, 32 per Set `delete()`. We believe this should: closes #3839 Unfortunately Map/Set deletion is now O(N) not O(1). This version of XS also fixes a bug that might be the cause of #3877 "cannot read (corrupted?) snapshot", but we're not sure. Note that this breaks snapshot compatibility (snapshots created before this version cannot be loaded by code after this version). It might also break metering compatibility, but the chances seem low enough that we decided to leave the metering version alone. closes #3889
We upgrade the XS submodule to the latest version: Moddable-OpenSource/moddable@10cc52e This fixes a major memory leak: 64 bytes per Map `delete()`, 32 per Set `delete()`. We believe this should: closes #3839 Unfortunately Map/Set deletion is now O(N) not O(1). This version of XS also fixes a bug that might be the cause of #3877 "cannot read (corrupted?) snapshot", but we're not sure. Note that this breaks snapshot compatibility (snapshots created before this version cannot be loaded by code after this version). It might also break metering compatibility, but the chances seem low enough that we decided to leave the metering version alone. closes #3889
Our #3839 memory-growth problem appears to be caused by a bug in XS: Moddable-OpenSource/moddable#701 . The Moddable crew fixed this in the recent Moddable-OpenSource/moddable@e163308 commit.
The task here is to update our XS dependency to this new commit.
This version might also include native support for
lockdown
,harden
, andpurify
(the specific commit that claims this appears mislabled, so I'm not sure). I'm told that SES should tolerate these properties being already present, and will continue to build and install its own versions, but since we don't have XS/xsnap test coverage in the SES repo, any surprises will appear first in the agoric-sdkxsnap
or SwingSet tests.And indeed, once I update
packages/xsnap/moddable
to use the new version, I see the followingxsnap
unit test failures:So once I qualify the memory-growth fix manually, we'll need to fix those problems, hopefully without resorting to a new version of SES.
cc @kriskowal
The text was updated successfully, but these errors were encountered: