Skip to content

A safer core: remove Obj.magic in promise state update #1084

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
wants to merge 5 commits into
base: master
Choose a base branch
from
Open

A safer core: remove Obj.magic in promise state update #1084

wants to merge 5 commits into from

Conversation

@gasche
Copy link
Contributor

@gasche gasche commented Oct 16, 2025

This is a proposal to fix #1079. I removed the fine-grained typing of the mutable state of a promise, so that the unsafe casts that were previously used are unnecessary. This should remove the crash observed under multicore usage.

gasche added 3 commits October 16, 2025 05:39
@gasche
core: factorize 'let Pending callbacks = p.state' in a helper function
c2fbe5b
@gasche
core/lwt.ml: simplify [run_callback_or_defer_it] as it never defers
faff340
@gasche
core/lwt.ml: box resolved states
621bba6 
This commit guarantees that, even if we later weaken the type
information available on `state`, we keep precise guarantees on
`result` values -- they are not a subset of possible states anymore,
but a separate type.

There may be a performance impact to this change, so running
benchmarks would be useful.
@gasche gasche mentioned this pull request Oct 16, 2025
Open
@gasche
Copy link
Contributor Author

gasche commented Oct 16, 2025

Some of the static discipline in the code is moved around instead of removed entirely.

  1. I keep the distinction between promise states that may be proxies and those that may not.
  2. To preserve the distinction between "pending" states and general states, I boxed the pending states into a result type.

Point (2) may have an impact on performance. (I think that it will be neglectible, but I don't understand which parts of the Lwt core are performance-critical so I am not sure.) Do you know how to run benchmarks to measure the performance impact of this PR?

gasche added 2 commits October 16, 2025 09:47
@gasche
remove the (unsound) static disipline on promise states
79ce02a 
The static discipline on promise states requires an `Obj.magic` in
promise state update. This appears to work correctly under OCaml 4,
but is known to cause segfaults under concurrent usage with OCaml 5.
@gasche
minor: drop the now-useless [packed_promise] type
044773b
@raphael-proust
Copy link
Collaborator

raphael-proust commented Oct 22, 2025

thanks for the contribution :)
I'll try to review in depth it soon

re: perf & bench

The part that needs to be real cheap is the non-cooperating binds. That is the binds (and maps and such) where the promise is already resolved and even more so the binds where the promise is already resolved and the function returns an already resolved promise. These correspond to the part of the program where the user code doesn't do any I/O.

gasche
gasche commented Nov 20, 2025
View reviewed changes
src/core/lwt.ml
| Error _ as p_result ->
let State_may_now_be_pending_proxy p'' = may_now_be_proxy p'' in
let p'' = underlying p'' in
let _state, p'' = underlying p'' in
Copy link
Contributor Author

@gasche gasche Nov 20, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Self-review note: this could be let p'' = underlying_promise p'' (same for the other occurrence of let _state, ... = underlying .. below).

@gasche
Copy link
Contributor Author

gasche commented Nov 20, 2025
edited
Loading

I understand from #1079 (comment) that this PR proved difficult to review. I wondered if it's worth having if multi-domain gets temporarily removed from Lwt. I have mixed opinions on this:

  • Following the "if it ain't broke, don't fix it" adage, I would support keeping the code as-is instead of making a non-trivial change to the very core of the implementation.
  • On the other hand the change in fact simplifies the code a bit compared to what was there before. It is not just slightly worse in various places due to a loss of static type information (as I initially would have expected); the change in representation avoids any loss in readability. And on the other hand the scary detailed comments about why Obj.magic is acceptable are gone. I think that if I was a maintainer of Lwt, I would first run benchmarks to see if there are performance regressions, and if the performance is preserved (or improved!) consider reviewing and merging just to make the codebase simpler.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

6.0.0-beta00: domainworkers fails with Assertion failed or SIGSEGV sometimes

2 participants

@gasche @raphael-proust