Skip to content

A safer core: remove Obj.magic in promise state update#1084

Open
gasche wants to merge 5 commits intoocsigen:masterfrom
gasche:safer-core
Open

A safer core: remove Obj.magic in promise state update#1084
gasche wants to merge 5 commits intoocsigen:masterfrom
gasche:safer-core

Conversation

@gasche
Copy link
Copy Markdown
Contributor

@gasche gasche commented Oct 16, 2025

This is a proposal to fix #1079. I removed the fine-grained typing of the mutable state of a promise, so that the unsafe casts that were previously used are unnecessary. This should remove the crash observed under multicore usage.

gasche added 3 commits October 16, 2025 05:39
@gasche
core: factorize 'let Pending callbacks = p.state' in a helper function
c2fbe5b
@gasche
core/lwt.ml: simplify [run_callback_or_defer_it] as it never defers
faff340
@gasche
core/lwt.ml: box resolved states
621bba6 
This commit guarantees that, even if we later weaken the type
information available on `state`, we keep precise guarantees on
`result` values -- they are not a subset of possible states anymore,
but a separate type.

There may be a performance impact to this change, so running
benchmarks would be useful.
@gasche gasche mentioned this pull request Oct 16, 2025
Closed
@gasche
Copy link
Copy Markdown
Contributor Author

gasche commented Oct 16, 2025

Some of the static discipline in the code is moved around instead of removed entirely.

  1. I keep the distinction between promise states that may be proxies and those that may not.
  2. To preserve the distinction between "pending" states and general states, I boxed the pending states into a result type.

Point (2) may have an impact on performance. (I think that it will be neglectible, but I don't understand which parts of the Lwt core are performance-critical so I am not sure.) Do you know how to run benchmarks to measure the performance impact of this PR?

gasche added 2 commits October 16, 2025 09:47
@gasche
remove the (unsound) static disipline on promise states
79ce02a 
The static discipline on promise states requires an `Obj.magic` in
promise state update. This appears to work correctly under OCaml 4,
but is known to cause segfaults under concurrent usage with OCaml 5.
@gasche
minor: drop the now-useless [packed_promise] type
044773b
@raphael-proust
Copy link
Copy Markdown
Collaborator

raphael-proust commented Oct 22, 2025

thanks for the contribution :)
I'll try to review in depth it soon

re: perf & bench

The part that needs to be real cheap is the non-cooperating binds. That is the binds (and maps and such) where the promise is already resolved and even more so the binds where the promise is already resolved and the function returns an already resolved promise. These correspond to the part of the program where the user code doesn't do any I/O.

gasche
gasche commented Nov 20, 2025
View reviewed changes
src/core/lwt.ml
| Error _ as p_result ->
let State_may_now_be_pending_proxy p'' = may_now_be_proxy p'' in
let p'' = underlying p'' in
let _state, p'' = underlying p'' in
Copy link
Copy Markdown
Contributor Author

@gasche gasche Nov 20, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Self-review note: this could be let p'' = underlying_promise p'' (same for the other occurrence of let _state, ... = underlying .. below).

@gasche
Copy link
Copy Markdown
Contributor Author

gasche commented Nov 20, 2025
edited
Loading

I understand from #1079 (comment) that this PR proved difficult to review. I wondered if it's worth having if multi-domain gets temporarily removed from Lwt. I have mixed opinions on this:

  • Following the "if it ain't broke, don't fix it" adage, I would support keeping the code as-is instead of making a non-trivial change to the very core of the implementation.
  • On the other hand the change in fact simplifies the code a bit compared to what was there before. It is not just slightly worse in various places due to a loss of static type information (as I initially would have expected); the change in representation avoids any loss in readability. And on the other hand the scary detailed comments about why Obj.magic is acceptable are gone. I think that if I was a maintainer of Lwt, I would first run benchmarks to see if there are performance regressions, and if the performance is preserved (or improved!) consider reviewing and merging just to make the codebase simpler.

@raphael-proust
Copy link
Copy Markdown
Collaborator

raphael-proust commented Dec 4, 2025

I think that it's worth me doing a proper review of this PR. But I'm not going to do it in parallel to the lwt6 effort because

  • lwt6 is a lot of effort which i need to get back to already
  • i want to keep 5.9 as still as possible (5.9 ain't broke, well not too broke) to avoid having to deal with multiple bugfix branches

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

6.0.0-beta00: domainworkers fails with Assertion failed or SIGSEGV sometimes

2 participants

@gasche @raphael-proust