Resource limits for Haskell

Alexander Kjeldaas alexander.kjeldaas at gmail.com
Fri Mar 8 11:06:07 CET 2013 

On Fri, Mar 8, 2013 at 10:40 AM, Edward Z. Yang <ezyang at mit.edu> wrote:

> Excerpts from Alexander Kjeldaas's message of Fri Mar 08 01:32:50 -0800
> 2013:
> > Regarding "timely", can this be exploited by a Safe Haskell "tenant" to
> > obstruct invocation of the listener to exceed resource limits?  Are there
> > any guarantees that can be given?
>
> With the current scheduler implementation, the tenant will get at most one
> more scheduled quantum to use lots of resources before the listener
> actually
> manages to kill it.  If you are working with soft limits, this might be
> good enough.
>
> > Here are some random thoughts:
> > During a GC, maybe the thunk attached to the cost centre stack could be
> put
> > behind the listener on the same capability.
>
> Yes. Actually, it's simpler than that; just put the listener in the front
> of the queue. You will be sad if the listener takes too long to figure out
> what
> to do though!
>
>
With this scheduling trick, it seems that it should be possible to
guarantee that at most one scheduled quantum + one nursery of memory is
used. (The non-allocating process is still a problem if I understand
correctly).

Another API semantics that comes to mind is limit the resident size in a
tree-like fashion so that whoever does forkIO will get the child resident
size attached to his own process.  This requires a listener to be able to
kill off whole process-trees (think cgroups in linux).

> Or with the tickets system, maybe the listener could steal tickets from
the

> > thunk at every GC until it has executed, or something like that.
>
> Yes, this is a good synergy with stride scheduling.  An even simpler
> measure
> is to give the listener max number of tickets, so it will get scheduled
> before
> the tenant.
>
> > Or a thunk could be associated with an allocation budget, independent of
> > the resident size, and when the allocation budget is exceeded, it will
> > block on an MVar.  The listener/monitor has to run to increase the
> > allocation budget.
>
> This would correspond to the ability to "freeze" Haskell threads in
> mid-execution; no MVar blocking necessary.  This is not possible with
> the current RTS. I don't know how hard it would be to do.
>
>
Random idea: Maybe there could be a never-executed capability in the RTS.
Schedule the frozen process on that capability.  This seems to be doable
from the RTS side of things.  When some condition arises, schedule it on
the frozen capability.  Then notify something in Haskell land.  I don't
know how to do the notification - when I looked at notifying through MVars
for the event log it wasn't as easy as pie.

Alexander


> Edward
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.haskell.org/pipermail/ghc-devs/attachments/20130308/d1816470/attachment-0001.htm>

More information about the ghc-devs mailing list