Meta-issue for OCaml 5.0 release goals #11013
Comments
|
The technical documentation for the memory model (updated PLDI paper with object publication) task is unlikely to be doable for 5.0 - are there objections to doing that update after 5.0 is released (but before 5.1)? |
|
I think people were agreeing that #10915 was important for 5.0, and we only proposed that it was delayable because we had no idea how long it would take. Now #11057 is there to fix it, and new bugs in the current implementation were discovered in the process, so I propose to put it on the list. Can you please also add #10832? (Or maybe it is implicit as a sub-goal of #10960 even if it is not mentioned there?) @dra27 For the technical documentation, there is not much to do and it is useful for experts of the community to understand how the memory models works. I don't think it would be very hard to adapt Stephen's post into documentation. A bigger chunk of this task is #10992, and it looks important for 5.0 (it directly affects how users are going to write and port C code). On the other hand, while I suggested the update to the PLDI benchmarks (thinking that it is easy to do), I would be surprised if an updated PLDI paper was necessary for 5.0. |
|
Concerning the flambda side, I think that it would be nice to have some written confirmation that flambda optimisation have been reviewed as safe? This is mostly to confirm that the initial assessment that flambda optimisations are safe holds (ping @lthls , @mshinwell ?). |
|
I'm not sure what "reviewed as safe" means. I haven't seen much work on reviewing non-flambda optimisations (for example, |
|
The OCaml memory model is different from the C memory model in that it indeed explicitly restricts the valid transformations in sequential programs in known ways in order to reason about data races, for instance preserving load-to-store ordering. So naively I would think too that there is something to check, but maybe it is obvious for flambda authors that the memory model is respected. Out of curiosity I went to see Regarding Lazy, my takeaway was that there is another issue than the one you describe due to the following polling critical section: ocaml/stdlib/camlinternalLazy.ml Lines 94 to 102 in 77fee60 My conclusion was that the [@poll error] attribute is not expressive-enough as it stands to express this, as previously discussed in this thread. (On the other hand, the slightly more expressive variant that was previously proposed would be enough.)
|
Yes. Effects cannot be moved around anything that has effects or coeffects, and coeffects cannot be moved around anything that has effects. There's no location associated to the effects either: if you update two different references in sequence, even if the compiler could prove that the references do not alias it wouldn't be allowed to swap the updates (unless the references are transformed into mutable variables, but that's another story, and I don't think Flambda 1 does anything clever with mutable variables anyway). One thing you may want to take into account is that our model for Flambda has always assumed that an interrupt (signal, GC or whatever) can occur at any time, running arbitrary code. So in a way, our model was already adapted for multicore as it expected even sequential code to be potentially interleaved with anything. However, lots of OCaml programs use immutable data structures that can still be optimised, so that still left us a lot of interesting things to do.
From what I read in the thread you linked, it seems that you assume that Flambda understands let allocate () = Array.make 10 0
let g () =
((fun _ -> allocate ())[@poll error]) 0
let h () = (fun _ -> allocate ())[@poll error]You won't get any errors on this code, because the attributes were dropped during translation to If you want to be serious about critical sections, you should introduce primitives in the compiler for that. Right now, the code is safe only because there's no part of the current compiler (except afl instrumentation, but it is disabled on this file) that would insert a poll there. But it would be quite easy for a future patch to break this without anyone noticing. |
I assume Flambda should understand Regarding the code in question, I take note that it is safe currently (albeit fragile).
|
|
I don't seem to be getting my point across. The Flambda team has made a more-or-less formal model of the behaviour of OCaml programs. This model is based on our understanding of the compiler's other passes and optimisations, and is usually stricter than what we are seeing in other parts of the compiler. So whenever I point out that something might break with Flambda, it means that it might also be broken without Flambda. But it's easier to show how to break it with hypothetical Flambda transformations, because it's well-defined which transformations are permitted and which are not. let r : float ref = ref 0.
let rec push_this x =
let old_val = r.contents in
let new_val = x +. old_val in
let success =
if r.contents == old_val
then (r.contents <- new_val; true)
else false
in
if not success then push_this xSo, my estimation is that Flambda as safe as the alternative, and that shouldn't block a 5.0 release. Regarding Finally, a few more examples of (slightly more realistic) code using let[@poll error] f1 (x : int) (a : int array) =
a.(x)
module Array = struct
let[@inline] get x a = Array.get x a
(* Note: the following definition gives the same result *)
(* let get = Array.get *)
end
let[@poll error] f2 (x : int) (a : int array) =
a.(x)
let[@inline] (let*) x f =
match x with
| None -> None
| Some y -> f y
let[@poll error] f3 (x : int option) =
let* y = x in
if y > 0 then x else NoneThe function |
|
@lthls : First, thank you for your answer . I mostly wanted to assess that Flambda is deemed safe by the Flambda team (in the sense that there is no expected difficulty ahead) outside of the time pressure of a meeting. I am personally convinced by your argument that |
|
@lthls Reading carefully your examples, I think this is working as intended since it is not meant to remove polls. I agree about the limitations especially in terms of forward-compatibility wrt. reasoning about polling locations, but I do not think this is something that was meant to be addressed by |
|
Reg |
|
Linking to the manual in the API documentation is indeed not that straightforward. I will have a look at adding a link with the right ocamldoc incantation and html post-processing to the |
|
Regarding the manual, we probably want to update this section https://v2.ocaml.org/manual/intfc.html#s%3Ac-gc-harmony, which still talks about the master lock. |
|
Rereading this meta-issue, the only remaining high-level items are the documentation issue and the last part of the stdlib audit (mostly |
This is a meta-issue checklist to keep tracks of the issues that ought to be resolved before branching OCaml 5.0 .
(for maintainers: please feel free to edit this post to update the status (or descriptions) of the various items on this list.)
Platforms
32-bits:
(patches accepted for word-size independence)
Arm 64
runtime/arm64.Sto support stack backtraces by 3rd-party tools (ARM64 CFI support #11099).- [ ] technical documentation for the memory model (updated PLDI paper with object publication)(to be done later)(see also OCaml multicore memory model and C (runtime, FFI, VM) #10992, Wrong memory order constraint in caml_modify #10886)
runtime/$ARCH.S(Documentation improvements for native stack switching functions #11059)Windows
Middle-end
Tooling
Runtime
caml_ensure_stack_capacity, causing a slowdown #11062)Stdlib
Documentation
CI
Thread Sanitizer (see ThreadSanitizer issues #11040)(removed, hopeless)The text was updated successfully, but these errors were encountered: