Fix bugzilla 24524: Very slow process fork if RLIMIT_NOFILE is too high #8990
Conversation
trikko
requested review from
CyberShadow,
kyllingstad and
schveiguy
as code owners
|
Thanks for your pull request and interest in making D better, @trikko! We are looking forward to reviewing it, and you should be hearing from a maintainer soon.
Please see CONTRIBUTING.md for more information. If you have addressed all reviews or aren't sure how to proceed, don't hesitate to ping us with a simple comment. Bugzilla references
Testing this PR locallyIf you don't have a local development environment setup, you can use Digger to test this PR: dub run digger -- build "master + phobos#8990" |
Edit: I see now it falls back to the old code. |
|
1 - I think that Please notice that this code could be simplified if |
|
I see this adds a third method of doing the same thing ( Has anyone checked how other language runtimes handle this (besides being consistent about |
|
Some related examples:
libreoffice use a function from Not sure how much dirent.h is a standard, but with that function we could avoid the list and all the mallocs/frees. Probably just a over-optimization. |
|
Even docker and podman use this way to close fd: |
Great research! This is good evidence that we're on the right track.
It seems to be in POSIX: https://pubs.opengroup.org/onlinepubs/9699919799.2013edition/functions/dirfd.html I think that means it should be safe to use. It can be added to Druntime in parallel to a temporary |
|
https://en.wikibooks.org/wiki/C_Programming/POSIX_Reference/dirent.h Here they say it's a "pseudo-standard": I'm not sure that every C library implements that function. Is there a way to understand when these functions were added to posix standard? Maybe druntime is relying on a older posix standard? I don't want to mess everything up! |
Bottom of that page says issue 7, which seems to have been released in 2017.
Well, that's what CI is for :) But another way to approach this is to go through the list of OSes which are supported by DMD (which aren't many). GDC and LDC carry compatibility patches for lots of things anyway, I believe. Yet another way is to use |
|
please change the commit title to |
trikko
changed the title
|
I wonder if I should still leave the old method in the case of low limits. At that point it's probably faster to iterate and close all the fds and that's it, rather than reading a list from "/dev/fd". I guess it also depends on how many files are open. If the maximum is 1000 and all 1000 are open, obviously the old way will work better. But if only a couple of files are open the new method wins. In any case if the limit is too high, the old methods blows up. On macOS the hard limit is set to "unlimited" and this is really dangerous if someone set a high softlimit :) |
|
commit message title, not PR title |
std/process.d
Outdated
| } | ||
| foreach (i; 0 .. maxToClose) | ||
| // Try to open the directory /dev/fd or /proc/self/fd | ||
| DIR* dir = opendir("/dev/fd"); |
There was a problem hiding this comment.
This is Posix code, right? Does this exist for all posix platforms? BSDs, OSX, Cygwin, etc.
|
Hm... I was rather thinking the getrlimit would be the test, and then only if it's over a certain limit would it make sense to use the /proc/fd read. The poll mechanism has the advantage that is is only one syscall for the entire "read" operation. |
Note, both of them are Linux only. |
... and the disadvantage that allocates one struct for each possible fd so it becomes slow and eats memory. Which is the right limit? |
|
I have done some tests with a ulimit starting from 1_000_000 and going down to 100_000, in 10 steps. For each step, I tested the performance with 0, 1000, …, 9000 open file descriptors. The result is attached. Things to keep in mind: In some cases, the limit is much higher than 1,000,000 and can even reach up to 4000 times as much, even if the user then opens only one file. |
How about benchmarking the various methods, seeing which one is faster in which circumstances, and choosing the implementation to use based on that? We can use |
Even if POSIX says you must assign the smaller unused FD to a new process, it could be a good rough estimate. Or maybe we can open some "/dev/null" to fill some holes. :) Benchmark: did you se the result.txt file? Am I missing something? |
Right - will the dumb If so, I guess the rule would be something like |
|
With few FD it wins. That probably it is the common case. How many software did you write with more than a dozen of FDs open at the same time? 🙂 |
|
Yes I get it. I'm saying, the threshold can be much much lower, like 8k. 100k is too much, let alone 1 million, I don't think we should be using poll at that point. I'm sure the poll version beats the version that opens the directory with only 8k file descriptors, even with a small number of open files. If we make the threshold 8k, it will use poll on most normal systems, and be fast, and use the dev filesystem above that and be fast on e.g. docker. |
I think that values over 8k are not that uncommon. Please consider that for example machines with mongo usually has 64k limit. See the "reccomanded ulimit settings" section here. Don't you like the euristic way to determine which method to use? I can of course replace this: if (
r.rlim_cur/(forkPipeOut+1) > 120 || // ... the number of file descriptors is small ...
r.rlim_cur > 1024*1024 // ... or the soft limit is high. In this case poll would allocate a huge array)
)Simply with: if (r.rlim_cur > 8*1024) Is this what you mean? |
Test with limit == 10k, 9k, 8k, ... The dumb method seems to be still faster than poll with ~ limit/open > 120 (stdin/out/err just raise count to 3) (anyway we can set a "poll only" zone for limit < 20k or something like that, but I would keep the euristic algo) |
|
Can you post what the code you use for testing is? Is the test including the fork/exec? My interest is only to test the closing of file descriptors, not the other stuff. |
|
Just a stupid script, using a cloned version of std.process: import std.stdio;
import std.conv;
import std.datetime : Clock;
import core.stdc.stdio : fopen, fread;
import std.datetime : SysTime;
void main()
{
import core.sys.posix.sys.resource : rlimit, getrlimit, RLIMIT_NOFILE, setrlimit;
// Get the maximum number of file descriptors that could be open.
rlimit r;
getrlimit(RLIMIT_NOFILE, &r);
r.rlim_cur = 10000;
setrlimit(RLIMIT_NOFILE, &r);
for(size_t i = 0; i <= 9000; i+=1000)
{
r.rlim_cur = 10000 - i;
stderr.writeln("\n\n--- Maximum number of file descriptors: ", r.rlim_cur);
setrlimit(RLIMIT_NOFILE, &r);
for(size_t k = 0; k < 10; ++k)
{
immutable file_to_open = 80*k;
stderr.writeln("\n - FDs open: ", file_to_open);
stderr.writeln(" - Starting spawnProcess(`echo`); 10 times...");
FILE *[] fds;
foreach(x; 0 .. file_to_open)
{
fds ~= fopen("/dev/urandom", "r");
}
SysTime c;
c = Clock.currTime;
foreach(_; 0 .. 10)
{
import std.process: spawnProcess;
spawnProcess("echo");
}
stderr.writeln("Time (poll): ", Clock.currTime - c);
c = Clock.currTime;
foreach(_; 0 .. 10)
{
import pro2: spawnProcess;
spawnProcess("echo");
}
stderr.writeln("Time (/dev/fd): ", Clock.currTime - c);
foreach(fd; fds)
{
fclose(fd);
}
fds = null;
}
}
} |
|
OK, so the timings include the actual fork/exec of the other process. I think I will try and build a test to do just the fd closing. |
That's why I call the same process for 10 times. |
|
This works with a simplified logic: |
How is the tester not finding some thread symbol? Nothing is changing in druntime... |
Seems to be introduced by #8992 |
This comment was marked as outdated.
This comment was marked as outdated.
If I understand right, it introduces a second version of the compiler to the ci environment. Reverting it fixes the phobos pipelines. https://github.com/dlang/phobos/actions/workflows/main.yml?query=branch%3Amaster |
|
Oops, you're right! |
LightBender
added
the
Review:Salvage
|
I ran into this bug again, in a different form. This time I installed Ubuntu 24.10, and both dub and serve-d are extremely slow inside VSCode and consume several GB of RAM each. This is because ulimit -n inside VSCode returns a huge number. (The Ubuntu terminal, on the other hand, says 1024.) |
|
The worst thing is that, if I'm not mistaken, the tools aren't bootstrapped, so if this fix is merged, the new dub will still be compiled with the old version, and the bug will remain. I hope they either bootstrap it or, at least, add a workaround in the dub code (and other tools?) to set a maximum limit for open files, as I did here for serverino: https://github.com/trikko/serverino/blob/05c89790669fa12716918373bf7fdbfff8b34b78/source/serverino/main.d#L129 |
|
@trikko: Could you please rebase? Looks like this should have been merged half a year ago, but hit some CI issue. I'd be okay with targeting |
|
Sorry Martin, but another pull request was accepted after a few months and has partially solved the issue, which is probably sufficient in most cases. Rather than a rebase, I would need to review the code, create a new pull request, and get it approved again. If anyone wants to pick up the code, they're welcome to do so. |
|
Ah alright, thx for explaining. |
|
superseded by #9077 |
When the soft limit for NOFILE is set to a high number, the current code for
spawnProcess,pipeProcess, etc. becomes very slow and memory intensive.This is particularly evident when running a D application inside a Docker container. Docker sets the soft limit to the maximum allowed, which on some systems can be as high as 2^30.
This code reads the list of file descriptors in use from
/dev/fdor/proc/this/fd, avoiding the need to scroll through the entire list of possible file descriptors.