VOM virtual object and vref weak key GC #3649
Conversation
FUDCo
force-pushed
the
3547-vom-weak-key-gc
branch
from
d266329
to
1cb15b2
Compare
FUDCo
force-pushed
the
3547-vom-weak-key-gc
branch
from
1cb15b2
to
42a7208
Compare
FUDCo
force-pushed
the
3547-vom-weak-key-gc
branch
4 times, most recently
from
149e3a9
to
d642528
Compare
| @@ -107,6 +107,8 @@ function build( | |||
| const pendingPromises = new Set(); // Promises | |||
| const importedDevices = new Set(); // device nodes | |||
| const deadSet = new Set(); // vrefs that are finalized but not yet reported | |||
| const possiblyDeadSet = new Set(); // vrefs that might need to be rechecked for being dead | |||
There was a problem hiding this comment.
The deadSet is managed both "up" and "down": we add things to deadSet when the finalizer runs, and we actively remove them (deadSet.delete) when creating a new Presence in convertValToSlot.
possiblyDeadSet is currently only managed "up": we add vrefs to it when the VOM sees one of the three pillars being removed, but we don't remove things from it when a pillar is reestablished (e.g. convertValToSlot, or VOM's setRefCount).
We don't necessarily need to do it now, but I'm thinking that, in general, deadSet should be for tracking things whose Object references (Representatives, for VOs) have been removed, and all the other processing for VOs should be done in the VOM.
The change would be to merge possiblyDeadSet and deadSet, actively .delete() vrefs when re-instantiating their Objects (actually we already do this, for both Presences and Representatives), and remove the now-redundant if (!getValForSlot(vref)) check in processDeadSet.
However, this probably interacts with what happens when the other two pillars are dropped. On one hand, if the only pillar keeping a VO alive is virtualized data, and userspace explicltly deletes it, that should allow the syscall.retireExport to happen immediately, rather than waiting for end-of-crank or bringOutYourDead. On the other hand, the probe to see whether the Presence pillar is up or down must query the WeakRef, and those results are not safe to use until bringOutYourDead (because organic GC could cause variance). So maybe the safest thing to do is to only allow VOs to be deleted during processDeadSet, even if it wasn't a Representative being deleted that enabled it, which means sticking with the pattern you established in this PR.
There was a problem hiding this comment.
On one hand, if the only pillar keeping a VO alive is virtualized data, and userspace explicltly deletes it, that should allow the
syscall.retireExportto happen immediately, rather than waiting for end-of-crank orbringOutYourDead. On the other hand, the probe to see whether the Presence pillar is up or down must query the WeakRef, and those results are not safe to use untilbringOutYourDead(because organic GC could cause variance). So maybe the safest thing to do is to only allow VOs to be deleted duringprocessDeadSet, even if it wasn't a Representative being deleted that enabled it, which means sticking with the pattern you established in this PR.
I'm probably out of my depth here, but why can't the check for the Presence pillar rely on a flag "there is a known Presence, it may be dead, but since we haven't reaped it yet, we don't know", without checking for the WeakRef directly.
So there's be 3 states for presences:
- Live presence (or unreachable presence that hasn't been actively collected by the engine yet)
- Dead presence, but not yet reaped. The finalizer ran, and added it to the dead set
- Dead presence, reaped. BOYD was called.
If userspace deletes virtualized data, it would only immediately retire the export if the presence was reaped. If it wasn't reaped, the export retire would happen when BOYD is called.
FUDCo
force-pushed
the
3547-vom-weak-key-gc
branch
2 times, most recently
from
c4af855
to
3680745
Compare
FUDCo
force-pushed
the
3547-vom-weak-key-gc
branch
from
134fb1c
to
70d72b5
Compare
* chore(swingset): small tweaks to GC * rename unretiredKernelRecognizableRemotables to kernelRecognizableRemotables , since they're all unretired * retireOneExport: delete from kernelRecognizableRemotables even if slotToVal was empty. I don't think this could happen, but they're logically distinct checks. * rearrange scanForDeadObjects slightly for clarity * update comment on possibleVirtualObjectDeath * comment on why we add globals to vatPowers * don't completely unpack gcTools: one-off uses can dereference directly, to let the unpack fit in a single line refs #3732 * fix: revert retireOneExport handling of kernelRecognizableRemotables I'm still uncertain that this is the right way to go, but we're going to leave this as-is and revisit it later.
FUDCo
force-pushed
the
3547-vom-weak-key-gc
branch
from
70d72b5
to
db24b39
Compare
|
Closes #3547 |
No description provided.