add a config field that allows us to mlock() module mmaps into RAM #3820
Conversation
github-actions
bot
added
wasmtime:api
Subscribe to Label Actioncc @peterhuene
This issue or pull request has been labeled: "wasmtime:api", "wasmtime:config"
Thus the following users have been cc'd because of the following labels:
To subscribe or unsubscribe from this label, edit the |
Label Messager: wasmtime:configIt looks like you are changing Wasmtime's configuration options. Make sure to
To modify this label's message, edit the To add new label messages or remove existing label messages, edit the |
There was a problem hiding this comment.
With copy-on-write initialization of memories another thing we may wish to measure and/or learn about is the behavior here with respect to new mappings. For example with Module::deserialize_file we mmap the whole file into memory and use that for a Module, but then we'll also mmap the memory image part of the file into new linear memories for each instance. Even if we mlock the original Module into memory we might still run the risk that the kernel page cache doesn't have entries for the module's memory image.
One naive way we might be able to fix that is to mmap the memory image as read-only into some random address in the process, mlock it in place, and then ignore it. Theoretically whenever a future mmap of the memory image happens the kernel could realize that there's a readonly-page mapped into the address space which can be reused as the source of bytes for copy-on-write. I don't know if that's how Linux behaves though as it seems somewhat magical, but otherwise I'm not sure if we can eat the cost of possibly-slow-to-disk page faults on new memory maps at startup and ensure there's no cost in the future.
@alexcrichton by this, do you mean that the very first time a module is instantiated / a particular mapped page is accessed in an instance, it needs to be mapped in from disk? If so, that's the intended behavior for this patch: basically, the idea is to not have to read all pages of all modules at startup, with the associated increases in startup time and RSS. Instead, we'd still map pages in lazily, but once we have them, we keep them around for sure. Eagerly mapping in pages is a separate thing that we might also want to introduce support for, but I think it's best to have these be separate. |
|
Ah I see. I did indeed mean during instantiation and while I don't think we want to eagerly pay the cost of initializing memory (as that defeats the original purpose of lazy init) there could be a theoretical case made for the first page fault on each page should be not as slow as going to disk. That being said I don't think we can guarantee that because we can't guarantee membership in the kernel's page cache with If we still want to lazily page things in, though, then I think this may want to use |
|
The macOS failure here is because |
|
What would exactly be the benefit of this change? Once a module is instantiated and run, all necessary pages should already be in memory, right? The only thing that can kick them back out again is a low memory condition, in which case |
|
@bjorn3 you're right that in most contexts this doesn't make much sense. It can be useful however in settings where the goal is to have close to full memory usage at all times, but with most data being evictable because it's just there for caching purposes. In such a setting, there's often more information available on the application level than on the kernel level about which data is more important to retain, and this is an attempt to make use of that information in a better way. |
In bytecodealliance#3820 we see an issue with the new heuristics that control use of memfd: it's entirely possible for a reasonable Wasm module produced by a snapshotting system to have a relatively sparse heap (less than 50% filled). A system that avoids memfd because of this would have an undesirable performance reduction on such modules. Ultimately we should try to implement a hybrid scheme where we support outlier/leftover initializers, but for now this PR makes the "always allow dense" limit configurable. This way, embedders that want to ensure that memfd is used can do so, if they have other knowledge about the maximum heap size allowed in their system. (Partially addresses bytecodealliance#3820 but let's leave it open to track the hybrid idea)
In bytecodealliance#3820 we see an issue with the new heuristics that control use of memfd: it's entirely possible for a reasonable Wasm module produced by a snapshotting system to have a relatively sparse heap (less than 50% filled). A system that avoids memfd because of this would have an undesirable performance reduction on such modules. Ultimately we should try to implement a hybrid scheme where we support outlier/leftover initializers, but for now this PR makes the "always allow dense" limit configurable. This way, embedders that want to ensure that memfd is used can do so, if they have other knowledge about the maximum heap size allowed in their system. (Partially addresses bytecodealliance#3820 but let's leave it open to track the hybrid idea)
In bytecodealliance#3820 we see an issue with the new heuristics that control use of memfd: it's entirely possible for a reasonable Wasm module produced by a snapshotting system to have a relatively sparse heap (less than 50% filled). A system that avoids memfd because of this would have an undesirable performance reduction on such modules. Ultimately we should try to implement a hybrid scheme where we support outlier/leftover initializers, but for now this PR makes the "always allow dense" limit configurable. This way, embedders that want to ensure that memfd is used can do so, if they have other knowledge about the maximum heap size allowed in their system. (Partially addresses bytecodealliance#3820 but let's leave it open to track the hybrid idea)
In #3820 we see an issue with the new heuristics that control use of memfd: it's entirely possible for a reasonable Wasm module produced by a snapshotting system to have a relatively sparse heap (less than 50% filled). A system that avoids memfd because of this would have an undesirable performance reduction on such modules. Ultimately we should try to implement a hybrid scheme where we support outlier/leftover initializers, but for now this PR makes the "always allow dense" limit configurable. This way, embedders that want to ensure that memfd is used can do so, if they have other knowledge about the maximum heap size allowed in their system. (Partially addresses #3820 but let's leave it open to track the hybrid idea)
…ance#3831) In bytecodealliance#3820 we see an issue with the new heuristics that control use of memfd: it's entirely possible for a reasonable Wasm module produced by a snapshotting system to have a relatively sparse heap (less than 50% filled). A system that avoids memfd because of this would have an undesirable performance reduction on such modules. Ultimately we should try to implement a hybrid scheme where we support outlier/leftover initializers, but for now this PR makes the "always allow dense" limit configurable. This way, embedders that want to ensure that memfd is used can do so, if they have other knowledge about the maximum heap size allowed in their system. (Partially addresses bytecodealliance#3820 but let's leave it open to track the hybrid idea)
which eliminates special cases nicely
Also factor in the mlock hint into the initial image for a module's memory by forcing memfd to be used instead of reusing the existing mapping.
alexcrichton
force-pushed
the
pch/mlock_experiment
branch
from
561f325 to
ba97602
Compare
|
As a heads up @pchickey I just pushed to this branch. I rebased it and tweaked things a bit, but this is still not in a landable state I think. |
Needs benchmarking before this is considered seriously.