Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Update memory configurations and simplify specification #494

Merged
merged 3 commits into from
Jun 17, 2024

Conversation

cmickeyb
Copy link
Contributor

Several changes to make memory allocation cleaner:

  1. enable build-time configuration of the memory configuration for the eservice enclave (the pservice enclave does not have dynamic memory requirements so they remain fixed).

  2. a single variable now controls the allocation for enclave and interpreter memory; PDO_MEMORY_CONFIG may be set to SMALL, MEDIUM, or LARGE. this replaces the old WASM_MEM_CONFIG which was used for interpreter memory configuration. The SMALL configuration sets up the enclave and the interpreter for 4MB, MEDIUM is for 8MB and LARGE is for 16MB.

  3. remove the stack and heap configuration from the contract build scripts; this appears to be unnecessary though further testing is warranted.

cmickeyb added 3 commits June 14, 2024 13:54
Several changes to make memory allocation cleaner:

1) enable build-time configuration of the memory configuration for the
eservice enclave (the pservice enclave does not have dynamic memory
requirements so they remain fixed).

2) a single variable now controls the allocation for enclave and
interpreter memory; PDO_MEMORY_CONFIG may be set to SMALL, MEDIUM, or
LARGE. this replaces the old WASM_MEM_CONFIG which was used for
interpreter memory configuration. The SMALL configuration sets up the
enclave and the interpreter for 4MB, MEDIUM is for 8MB and LARGE is
for 16MB.

3) remove the stack and heap configuration from the contract build
scripts; this appears to be unnecessary though further testing is
warranted.

Signed-off-by: Mic Bowman <mic.bowman@intel.com>
…build variable

Signed-off-by: Mic Bowman <mic.bowman@intel.com>
Signed-off-by: Mic Bowman <mic.bowman@intel.com>
Copy link
Member

@marcelamelara marcelamelara left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM! Thanks @cmickeyb . I only have a couple of non-blocking questions regarding some of the test cases. We probably also want to open an new issue so we don't forget to do more testing/add more test cases.

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Why are these test cases being removed?

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

mostly because they no longer fail and are redundant with other tests already in place.

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I suppose this is where we'd add more tests to push the higher memory size limits?

@cmickeyb
Copy link
Contributor Author

LGTM! Thanks @cmickeyb . I only have a couple of non-blocking questions regarding some of the test cases. We probably also want to open an new issue so we don't forget to do more testing/add more test cases.

Writing the "negative" memory tests turns out to be harder than it looks.

  • Since the memory configurations can change, no "fixed" allocation test (e.g. check that we can allocate a 4MB buffer) will be sufficient since some times it will succeed and sometimes it will fail (and that's what it should do).
  • Figuring out the "correct" big buffer allocation for a memory configuration is also challenging because the overhead in the WAMR interpreter does not seem to be consistent. So even if we know how much memory is allocated to the interpreter we can't easily figure out how much should fail or succeed.

At best we can say "the CI will pass only for the medium memory configuration". Figure out through trial & error what works and what fails. And then update the what works/what fails every time we make a change to the interpreter.

Anyway... i removed the negative tests for out of memory because I couldn't get failure to be consistent. Would love to have another set of eyes on the problem.

Copy link
Member

@bvavala bvavala left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Here some comments -- testing it

Comment on lines -83 to -85
LIST(APPEND WASM_LINK_OPTIONS "-Wl,--initial-memory=${LINEAR_MEMORY}")
LIST(APPEND WASM_LINK_OPTIONS "-Wl,--max-memory=${LINEAR_MEMORY}")
LIST(APPEND WASM_LINK_OPTIONS "-z stack-size=${INTERNAL_STACK_SIZE}")
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I cannot find much documentation about this (i.e., how memory is handled initially and at runtime).
Can it be that the default settings make WAMR allocate static chunks of memory as the interpreter is instantiated?
If that's the case, this would raise the startup cost for any contract execution -- this similarly holds for the enclave as well, but that's a one-time cost.

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

i think this was a requirement for earlier versions of clang. this was necessary for the combination of the compiler and the interpreter. the wamr documentation no longer talks about this as a requirement.
AND
making this explicit tend to make the contracts themselves very unstable.

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Regarding the allocation... this effectively has nothing to do with the allocation in the interpreter. The fields in the common/interpreter/wawaka cmake file are the only ones that matter for actual allocation.

<StackMaxSize>${ENCLAVE_STACK_SIZE}</StackMaxSize>
<HeapMaxSize>${ENCLAVE_HEAP_SIZE}</HeapMaxSize>
<ReservedMemMaxSize>${ENCLAVE_RESERVED_SIZE}</ReservedMemMaxSize>
<ReservedMemInitSize>${ENCLAVE_RESERVED_SIZE}</ReservedMemInitSize>
<ReservedMemExecutable>1</ReservedMemExecutable>
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Should we switch this to 0?

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

i think thats a deeper discussion and requires additional research on its impact for different WAMR settings. this has been our setting all along. i would suggest that we add an issue to investigate the implications.

@@ -80,11 +51,7 @@ LIST(APPEND WASM_BUILD_OPTIONS "-std=c++11")
LIST(APPEND WASM_BUILD_OPTIONS "-DUSE_WASI_SDK=1")

SET(WASM_LINK_OPTIONS)
LIST(APPEND WASM_LINK_OPTIONS "-Wl,--initial-memory=${LINEAR_MEMORY}")
LIST(APPEND WASM_LINK_OPTIONS "-Wl,--max-memory=${LINEAR_MEMORY}")
LIST(APPEND WASM_LINK_OPTIONS "-z stack-size=${INTERNAL_STACK_SIZE}")
LIST(APPEND WASM_LINK_OPTIONS "-Wl,--allow-undefined")
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

These are build/link-time memory options, hence under the control of developers/users. I am wondering if any of these should be checked (somehow) by the eservice before running the related contract for safety or efficiency reasons.
The interpreter's memory configuration should define the boundaries of a contract's memory configuration, so safety should not be an issue. However, contracts could still always max out memory. Does that determine an efficiency issue for the eservice or an unfair allocation w.r.t. other contracts?

Copy link
Contributor Author

@cmickeyb cmickeyb Jun 17, 2024

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

if the numbers are too big then the interpreter will throw the error. and... in fact... i have a hard time making anything other than the default work with the current version of WAMR.

and to be clear... these are contract allocations. any developer can set them to whatever is required.

@cmickeyb
Copy link
Contributor Author

@bvavala FYI... I plan to add another PR shortly that puts memory configuration in the interpreter information string in the enclave. its not part of this PR because it isn't required.

Copy link
Member

@bvavala bvavala left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

tested

@bvavala bvavala merged commit 1fb32e8 into hyperledger-labs:main Jun 17, 2024
4 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

3 participants