Page MenuHomePhabricator
Create Task
Maniphest T103886

Translation cache exhaustion caused by changes to PHP code in file scope
Closed, ResolvedPublic
Actions

Description

(My understanding of this problem is still inexact, so my language is imprecise. Feel free to edit this task as we gain some clarity.)

Problem statement

  • The broader the scope, the harder it is for a JIT to reason about invariants and to optimize code.
  • HHVM does not deal with code in file scope all that well. It doesn't optimize it thoroughly, it translates it into the cold translation cache, and it does not always pick up code changes in top-scope.
  • We have a lot of code in file scope. InitialiseSettings.php alone is five times longer than the Bhagavad-Gita.
  • HHVM's translation cache does not have an eviction mechanism, or its eviction mechanism does not work for the cold cache, or it has some unspecified bug.

Consequences of the above for us are:

  • We don't benefit from HHVM as much as we could, because so much of our code is in file scope. (This is a relatively minor issue.)
  • Certain code changes require that HHVM be restarted before the change is picked up. Changes to StartProfile.php seem particularly susceptible to this.
  • Changes to code in file scope are more likely than other changes to lead to a sharp increase in the size of the translation cache. When the translation cache is full, HHVM restarts with a SIGABRT, aborting any current requests, causing an outage until enough servers have recovered.

Plan of action

Short-term

  • Make it possible to restart HHVM on all app servers without running scap, as @bd808 proposed in T103008: Scap should restart HHVM.
  • Do this at least once on any day in which deployments occur.
  • Avoid deploying changes to StartProfile.php and wikitech.php in quiet hours.

Mid-term

  • Ensure that these issues are reported upstream and poke the HHVM team periodically for status updates.
  • Iterate on the graceful restart procedure until it no longer generates alerts or spikes of 5xxs.

Long term

Details

Related Changes in Gerrit:
SubjectRepoBranchLines +/-
profile::mediawiki::hhvm: enable TC garbage collection everywhereoperations/puppetproduction+6 -10
Enable reusable TC on HHVM on canary appserversoperations/puppetproduction+1 -0
deployment-prep: enable reusable TC on HHVMoperations/puppetproduction+1 -0
Add an hhvm-graceful-all commandmediawiki/tools/scapmaster+52 -1
Customize query in gerrit

Related Objects
Search...

Event Timeline

There are a very large number of changes, so older changes are hidden. Show Older Changes
Krenair updated the task description. (Show Details)Jun 25 2015, 6:31 PM
Krenair set Security to None.
ori merged tasks: T103008: Scap should restart HHVM, T99232: configuration not picked up after deploy.Jun 25 2015, 6:34 PM
ori added subscribers: gerritbot, MoritzMuehlenhoff, thcipriani, fgiunchedi.
Legoktm updated the task description. (Show Details)Jun 25 2015, 6:38 PM
Manybubbles subscribed.Jun 25 2015, 6:47 PM

Do you mean:
HHVM's translation cache does *not* have an eviction mechanism, or its eviction mechanism does not work for the cold cache, or it has some unspecified bug.

ori updated the task description. (Show Details)Jun 25 2015, 6:51 PM
ori merged a task: T99525: HHVM 3.6 leaks memory.
ori added subscribers: faidon, tstarling.
Joe added a comment.Jun 25 2015, 7:11 PM

@Manybubbles it does not have an eviction mechanism at all.

Manybubbles added a comment.Jun 25 2015, 7:12 PM
In T103886#1401821, @Joe wrote:

@Manybubbles it does not have an eviction mechanism at all.

Like the pcre cache didn't. I see a common theme!

bd808 added a comment.Jun 25 2015, 7:29 PM

Avoid deploying changes to StartProfile.php and wikitech.php in quiet hours.

I'm not sure that wikitech.php is in any way a trigger. What seems more likely to me based on the global scope hypothesis is that any scap or sync-* runs a percentage chance of setting off the TC exhaustion cascade. All sync operations include a post-rsync step that touches InitializeSettings.php to trigger the local serialized setting cache to be rebuilt. This will trigger each host to reconstruct the global variable caches for each version+wiki combination as they are requested.

gerritbot added a comment.Jun 25 2015, 7:30 PM

Change 220941 had a related patch set uploaded (by BryanDavis):
Add an hhvm-graceful-all command

https://gerrit.wikimedia.org/r/220941

gerritbot added a project: Patch-For-Review.Jun 25 2015, 7:30 PM
greg edited subscribers, added: mmodell, demon, dduvall; removed: Release-Engineering-Team.Jun 25 2015, 7:36 PM
ori mentioned this in rOPUPe8c417522110: Set hhvm.jit_pseudomain = false on canary app and API servers.Jun 25 2015, 8:10 PM
Quiddity updated the task description. (Show Details)Jun 25 2015, 9:32 PM
faidon added a comment.EditedJun 25 2015, 10:31 PM

Iterate on the graceful restart procedure until it no longer generates alerts or spikes of 5xxs.

This is listed under mid-term but I think it should be more of a priority. Last time we tried this, we got both internal and external alerts. The internal alert catches big spikes in 500s/503s, while the external alert thresholds is catching user-visible errors (repeated failures to load a page using Chrome). In other words, this was an actual outage (albeit, short).

Krenair mentioned this in T75939: Merge as many configuration hacks in wikitech.php configuration file as possible into InitialiseSettings.php.Jun 25 2015, 11:34 PM
gerritbot added a comment.Jun 25 2015, 11:55 PM

Change 220941 merged by jenkins-bot:
Add an hhvm-graceful-all command

https://gerrit.wikimedia.org/r/220941

bd808 mentioned this in rMSCA045ecfa8ff3f: Add an hhvm-graceful-all command.Jun 25 2015, 11:57 PM
MZMcBride subscribed.Jun 29 2015, 4:30 AM
Krinkle moved this task from Inbox, needs triage to Backlog: Maintenance, non-prioritized on the Performance-Team board.Jul 2 2015, 5:21 AM
faidon mentioned this in T104769: HHVM memory leaks result in OOMs & 500 spikes.Jul 4 2015, 3:04 PM
mmodell lowered the priority of this task from High to Medium.Jul 6 2015, 6:40 PM
mmodell moved this task from To Triage to In-progress on the Deployments board.
Krinkle removed a project: Patch-For-Review.Sep 4 2015, 2:33 AM
greg added a comment.Sep 24 2015, 6:23 AM

The plan of action in this task is good, but can we get subtasks for the things that still need doing? I, at least, am having a hard time figuring out where we are along this plan.

mmodell added a comment.Sep 24 2015, 5:08 PM
In T103886#1402775, @faidon wrote:

Iterate on the graceful restart procedure until it no longer generates alerts or spikes of 5xxs.

This is listed under mid-term but I think it should be more of a priority. Last time we tried this, we got both internal and external alerts. The internal alert catches big spikes in 500s/503s, while the external alert thresholds is catching user-visible errors (repeated failures to load a page using Chrome). In other words, this was an actual outage (albeit, short).

So what can be done to improve the graceful restart scenario? Does it just need to be less aggressive about it? Depooling?

bd808 added a comment.Nov 11 2015, 5:06 PM
In T103886#1671438, @mmodell wrote:
In T103886#1402775, @faidon wrote:

Iterate on the graceful restart procedure until it no longer generates alerts or spikes of 5xxs.

This is listed under mid-term but I think it should be more of a priority. Last time we tried this, we got both internal and external alerts. The internal alert catches big spikes in 500s/503s, while the external alert thresholds is catching user-visible errors (repeated failures to load a page using Chrome). In other words, this was an actual outage (albeit, short).

So what can be done to improve the graceful restart scenario? Does it just need to be less aggressive about it? Depooling?

Scap has most of the parts needed for restarting HHVM implemented for T103008, but the process for communicating with pybal by messing with the Apache process doesn't work so we disabled it (T74366). There is a comprehensive list of steps for a safe restart in the comments on T74366.

The open task for fixing the pybal interaction with scap is T104352: Make scap able to depool/repool servers via the conftool API.

Legoktm mentioned this in T119117: Get rid of $wg = $wmg hack for extensions that have been converted to using extension.json.Nov 19 2015, 8:43 PM
ori added a comment.Nov 25 2015, 5:09 PM

Recent releases of HHVM can reclaim TC space.

ori added a subtask: T119637: Update HHVM package to recent release.Nov 25 2015, 5:09 PM
mmodell added a comment.Nov 25 2015, 5:32 PM
In T103886#1831783, @ori wrote:

Recent releases of HHVM can reclaim TC space.

That's awesome! How difficult do you think it would be to upgrade?

ori mentioned this in T119637: Update HHVM package to recent release.Dec 7 2015, 4:59 AM
Krinkle added a parent task: T121913: Enable HHVM Repo Authoritative mode.Dec 18 2015, 9:38 PM
Reedy mentioned this in T99740: Use static php array files for l10n cache at WMF (instead of CDB).Dec 19 2015, 11:25 AM
Krinkle added a parent task: T99740: Use static php array files for l10n cache at WMF (instead of CDB).Jan 5 2016, 3:58 AM
bd808 mentioned this in T125685: refreshCdbJsonFiles should be rewritten in python.Feb 4 2016, 5:35 PM
alex-mashin subscribed.Mar 9 2016, 4:19 AM
Joe closed subtask T119637: Update HHVM package to recent release as Resolved.Mar 16 2016, 7:08 AM

Athough we upgraded fleet-wide, I think the tests @ori did showed a great deal of instabilities in this functionality

ori added a comment.Mar 16 2016, 7:10 AM

https://github.com/facebook/hhvm/issues/6911

Ricordisamoa subscribed.Apr 5 2016, 4:54 AM
Krinkle mentioned this in T134912: vagrant git-update error "could not allocate 218103807 bytes for translation cache".May 10 2016, 6:03 PM
Krinkle subscribed.Nov 17 2016, 1:21 AM
In T103886#2125417, @ori wrote:

https://github.com/facebook/hhvm/issues/6911

This issue was fixed in July 2016, released in HHVM 3.15.0.

Can we try again with T99740: Use static php array files for l10n cache at WMF (instead of CDB)?

Gilles raised the priority of this task from Medium to Needs Triage.Dec 7 2016, 7:11 PM
Gilles moved this task from Backlog: Maintenance, non-prioritized to Radar on the Performance-Team board.
Krinkle triaged this task as High priority.May 26 2017, 4:59 PM
thcipriani mentioned this in T166384: scap: Investigate scaps handling of InitialiseSettings.php.Jul 5 2017, 4:52 PM
greg edited projects, added Release-Engineering-Team (Next); removed Release-Engineering-Team.Jul 8 2017, 12:00 AM
Joe added a comment.Jul 10 2017, 6:19 AM

@Krinkle sure, we can enable reusing TC in beta for now and test if the feature is stable and working as expected.

gerritbot added a comment.Jul 10 2017, 6:23 AM

Change 364148 had a related patch set uploaded (by Giuseppe Lavagetto; owner: Giuseppe Lavagetto):
[operations/puppet@production] deployment-prep: enable reusable TC on HHVM

https://gerrit.wikimedia.org/r/364148

gerritbot added a project: Patch-For-Review.Jul 10 2017, 6:23 AM
mmodell awarded a token.Jul 10 2017, 4:20 PM
greg edited projects, added Release-Engineering-Team (Watching / External); removed Release-Engineering-Team (Next).Jul 10 2017, 4:23 PM
Krinkle added a comment.Jul 11 2017, 4:23 AM
In T103886#3419367, @Joe wrote:

@Krinkle sure, we can enable reusing TC in beta for now and test if the feature is stable and working as expected.

My understand of the problem is as follows:

  • We generally do use translation cache (compilation cache?), but changes to files in which most statements are in the global scope, trigger a memory leak in the translation cache.
  • We do have various files like this (most things in wmf-config), but changes to them are relatively infrequently and only affect a few files at a time. That, plus our regular restarts keep things "fine".
  • Localisation cache was too big to be part of this cache while actively leaking, trying so resulted in OOM and crashed HHVM.

Looking at enable_reusable_tc a bit, it's a bit unclear to me what this option is actually for. I assumed the memory leak we found was a bug, but reading about this option makes me thing HHVM just unconditionally holds on to everything it compiled, even when a newer version of the file has been compiled since. And enabling this option would make it actually start garbage collecting stale TC data.

Questions:

  • Is the above accurate?
  • Do we (still) perform daily restarts?
MoritzMuehlenhoff added a comment.Jul 11 2017, 8:16 AM
In T103886#3423647, @Krinkle wrote:

Looking at enable_reusable_tc a bit, it's a bit unclear to me what this option is actually for. I assumed the memory leak we found was a bug, but reading about this option makes me thing HHVM just unconditionally holds on to everything it compiled, even when a newer version of the file has been compiled since. And enabling this option would make it actually start garbage collecting stale TC data.

Questions:

  • Is the above accurate?

That's my understanding as well, and it's also confirmed by the original announcement: http://hhvm.com/blog/9995/hhvm-3-9-0

  • Do we (still) perform daily restarts?

We do, HHVM is restarted after three days or when reaching 50% memory usage

gerritbot added a comment.Aug 1 2017, 4:36 PM

Change 364148 merged by Giuseppe Lavagetto:
[operations/puppet@production] deployment-prep: enable reusable TC on HHVM

https://gerrit.wikimedia.org/r/364148

Krinkle removed a project: Patch-For-Review.Aug 3 2017, 4:01 AM
Krinkle edited projects, added Performance-Team (Radar); removed Performance-Team.Aug 8 2017, 3:15 AM
Krinkle moved this task from Limbo to Watching on the Performance-Team (Radar) board.Aug 16 2017, 6:55 PM
Phabricator_maintenance moved this task from In-progress to Localization on the Deployments board.Sep 26 2017, 11:02 PM
demon added a comment.Oct 23 2017, 5:22 PM

We've been running the reusable TC in beta for over 2 months, I don't think we've had any issues. Should we move forward with a limited production test?

gerritbot added a comment.Feb 27 2018, 12:57 AM

Change 414876 had a related patch set uploaded (by Chad; owner: Chad):
[operations/puppet@production] mwdebug1001/1002: enable reusable TC on HHVM

https://gerrit.wikimedia.org/r/414876

gerritbot added a project: Patch-For-Review.Feb 27 2018, 12:57 AM
gerritbot added a comment.Mar 7 2018, 6:49 PM

Change 414876 merged by Dzahn:
[operations/puppet@production] Enable reusable TC on HHVM on canary appservers

https://gerrit.wikimedia.org/r/414876

Dzahn subscribed.EditedMar 7 2018, 6:54 PM

applied on mwdebug1001 via puppet, other canary appservers to follow within 30 min

gerritbot added a comment.Jun 18 2018, 8:26 AM

Change 440823 had a related patch set uploaded (by Giuseppe Lavagetto; owner: Giuseppe Lavagetto):
[operations/puppet@production] profile::mediawiki::hhvm: enable TC garbage collection everywhere

https://gerrit.wikimedia.org/r/440823

Joe claimed this task.Jun 18 2018, 8:27 AM
Joe added a project: User-Joe.

will merge this change once we're out of the deployment freeze.

MoritzMuehlenhoff added a comment.Jun 22 2018, 11:56 AM

Does that actually still make sense at this point? We'll get rid of HHVM in 6-9 months and we don't have current issues with the TC cache, while enabling it in general could actually expose some subtle bugs. Not opposing it per se, but wondering whether the benefit warrants the potential risks.

Krinkle added a comment.Jun 24 2018, 3:29 AM

@MoritzMuehlenhoff The alternative is to post-pone the switching of MediaWiki localisation cache from CDB to PHP by 9 months (see T99740).

This change is not simple, which means delaying the start of this work would require us to either push it back more than 9 months or otherwise ensure the same resources are available then to monitor and address issues. (Various parts of the deployment workflow may need to adapt to it, and there may be other issues we'll find and address we as go.) Also, it'd be nice to finish T99740 sooner than that so that we may start reaping its benefits.

MoritzMuehlenhoff added a comment.Jun 24 2018, 5:41 PM

@Krinkle Ok, that piece of context was missing. Makes sense, then.

Joe added a comment.Jun 25 2018, 6:33 AM
In T103886#4307439, @MoritzMuehlenhoff wrote:

Does that actually still make sense at this point? We'll get rid of HHVM in 6-9 months and we don't have current issues with the TC cache, while enabling it in general could actually expose some subtle bugs. Not opposing it per se, but wondering whether the benefit warrants the potential risks.

It's been active for months on the canaries, I don't see many potential risks to be honest.

gerritbot added a comment.Aug 1 2018, 4:52 AM

Change 440823 merged by Giuseppe Lavagetto:
[operations/puppet@production] profile::mediawiki::hhvm: enable TC garbage collection everywhere

https://gerrit.wikimedia.org/r/440823

Krinkle removed a project: Patch-For-Review.Aug 1 2018, 10:38 PM
Krinkle moved this task from Watching to Perf recommendation on the Performance-Team (Radar) board.Jan 21 2019, 1:08 AM
Phabricator_maintenance moved this task from Backlog to Acknowledged on the SRE board.Jan 26 2019, 8:10 PM
bd808 mentioned this in rMSCA5155281de8a0: Add an hhvm-graceful-all command.Feb 7 2019, 12:10 PM
Krinkle closed this task as Resolved.Apr 12 2019, 2:50 PM
Krinkle removed a subtask: T104352: Make scap able to depool/repool servers via the conftool API.

Seems fine. We'll find out for sure when we continue work on T99740 for localisation cache.

Content licensed under Creative Commons Attribution-ShareAlike (CC BY-SA) 4.0 unless otherwise noted; code licensed under GNU General Public License (GPL) 2.0 or later and other open source licenses. By using this site, you agree to the Terms of Use, Privacy Policy, and Code of Conduct. · Wikimedia Foundation · Privacy Policy · Code of Conduct · Terms of Use · Disclaimer · CC-BY-SA · GPL · Credits