[RFC] PAL memory bookkeeping #741
Comments
|
Another small issue: Any idea how to make a test which tests this logic? I.e. uses huge amounts of PAL internal memory. |
Nothing clean and robust. I think we could leverage the LibOS testing function calling mechanism. We would test some normal stuff, call that function which would allocate a lot of PAL objects (handles? anything else?) and then test some more normal stuff, then check these objects still work. No other idea. |
|
This was fixed by #839. Closing. |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Description
For description of the issue and current workaround please check: #50
Solution
The idea is to use an "upcall" mechanism (similar to what we have for exceptions handling). We would have a function pointer in PAL, that would be used to request a memory range (e.g.
request_memory(size_t size)), this pointer would be set by LibOS. This would work differently, depending on the runtime phase:g_pal_public_state->preloaded_ranges.request_memoryfunction pointer. From now on if PAL requires new memory, it first requests a range where it should be allocated (usingrequest_memoryupcall).Note that the above mechanism is rather simple - we already have all building blocks (i.e. VMA bookkeeping should be ready for such changes and has all primitives already implemented).
Also note that freeing memory is not described here. The idea is that PAL would rarely call it (as the mechanism above is only for allocating whole pages, PAL has a dedicated memory allocator implemented on top of it anyway) and creating similar interface for freeing would be cumbersome (it would need to happen in two steps, for details please check bkeep_munmap). If it turns out we need it after all, we can implement it then (there are no fundamental blockers here).
With the above changes, we could remove VMA tracking from PAL completely.
Potential issues
mallochas some internal locking. I've verified we mostly adhere to this, with two exceptions: possiblemallocinsnprintf(called bylog_*) - this would require using precision in format string ("%.3d", notice the.) which we never do - and describing fault location - this would require the fault to happen insidemallocitself. There might be more places wemallocin exception handlers, but I couldn't find any.This also requires that LibOS VMA bookkeping does not call any PAL function, but it's already the case.
No flexibility on allocated memory. I assumed that PAL would allocate only RW "heap" memory via this mechanism (all other memory is already allocated upfront inActually this is not a problem, if needed we can augment the upcall with requested memory permissions.preloaded_ranges).fork. Due to the dynamic nature of this mechanism, there might be differences between addresses allocated by PAL depending on whether it's the first (initial) process. The only problem that could happen here is that PAL gets initially some memory that would later need to be allocated for user when it's restored from checkpointing blob. < begin of hand-waving > If the child process uses less memory than the initial until the point of checkpoint restore, then we should be all fine, thanks to the top-down algorithm of VMA allocation (basically they are allocated from the highest address down to the lowest) and the lack of ASLR for internal allocations (which is the case, I believe). If the child process uses more memory, then we are kind of doomed, but intuitively it should use less? This part is tricky...The text was updated successfully, but these errors were encountered: