ref-fvm icon indicating copy to clipboard operation
ref-fvm copied to clipboard
verified publisher icon filecoin-project

Validate deterministic halt on OOM

Open Stebalien opened this issue 4 years ago • 1 comments

When we hit the memory limit, we need to deterministically stop executing the current actor, returning to the parent actor. We'd like to avoid simply aborting the message entirely as this could cause problems for, e.g., cron.

This means that we need to consume a consistent amount of gas by the time we OOM. The wrinkle here is that, in theory, an optimization of the wasm bytecode (by the underlying JIT engine) could combine two memory expansion calls into a single memory expansion call, leading us to run out of memory early. For example, given:

  1. Expand memory by one page.
  2. Allocate some large buffer.
  3. Expand memory by one page.
  4. Allocate a second large buffer.

A reasonable compiler might optimize this to:

  1. Expand memory by two pages.
  2. Allocate some large buffer.
  3. Allocate a second large buffer.

Ideally the compiler sees memory expansion as something that can't be re-ordered, but we need to validate that.

Stebalien avatar Mar 15 '22 20:03 Stebalien

This is only P2 because we may not limit memory in M1.

Stebalien avatar Mar 15 '22 21:03 Stebalien

Ok, so, this is unlikely to be an issue because the memory expansion instruction actually returns the expansion offset. Wasmtime can't really "combine" multiple calls.

Stebalien avatar Feb 15 '23 19:02 Stebalien