Limit the scope of forgotten reference checks #781
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
jorisdral
force-pushed
the
jdral/refctx
branch
2 times, most recently
from
d48fa4a to
30b4c36
Compare
jorisdral
changed the title
We do this to check for forgotten references in isolation from other parts of a program. For example, if we have two separate properties that we want to run in the same test suite, then we don't want a forgotten reference from one property show up in the other property.
jorisdral
requested review from
dcoutts,
mheinzel,
recursion-ninja and
wenkokke
as code owners
dcoutts
reviewed
Jul 14, 2025
| @@ -352,22 +362,23 @@ mkWeakRefFromRaw obj = WeakRef obj | |||
| deRefWeak :: | |||
| (RefCounted m obj, PrimMonad m) | |||
| => HasCallStackIfDebug | |||
| => WeakRef obj | |||
| => RefCtx | |||
There was a problem hiding this comment.
I was initially thinking that this arg should not need to be here since we can (in debug mode) store the RefCtx in the WeakRef.
However, on reflection I think this is the right approach even though it is asymmetric with newRef. The choice is to supply the RefCtx when creating the WeakRef or when dereferencing it. We create WeakRefs more often than we dereference them, so supplying it at the latter point should be better.
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Resolves #752
The
RefNeverReleasedexception appears relatively often nowadays while running tests in CI (see #752). I've been able to narrow down the cause of these exceptions to theprop_noSwallowedExceptionsproperty test. Forgotten references in that property test causeRefNeverReleasedexceptions in other tests, for example theunit_union_blobref_invalidationtest that is mentioned in #752. The thing is that we expect to forget references inprop_noSwallowedExceptionsbecause in that property test we are injecting disk faults in code that is not always exceptionsafe, which may lead to such forgotten references. We've gone to some lengths to ensure thatprop_noSwallowedExceptionsruns in isolation from other property tests with respect to forgotten references by turning off forgotten reference checks locally. As the test failures illustrate, it is tricky to do right, and the problem is persistent. So, we'll try to modify the forgotten refs checks approach a bit to get rid of the bug once and for all. First, some contents about the mechanism of checking forgotten refs:IORef(the "forgotten refs variable") that we create usingunsafePerformIOandNOINLINEtrickery.RefNeverReleasedexceptions. These assertions run both as part of other reference operations (likedupRef), or they can be run manually. Depending on the RTS/GC scheduling, this exception can be raised at many points in the code even in other property tests than the one that the reference was created in, though eachRefNeverReleasedexception will be raised only precisely once.We cant really do 2 differently because only the RTS/GC can detect whether a value becomes unused. We shouldn't change 3 because we should probably report forgotten references as promptly as possible. We can do 1 differently and provide some isolation of the "forgotten refs variable" that is more granular than per program.
A natural candidate for the scope in which references could be tracked is the
Sessioncontext. References do not appear outside of sessions. They are stored in tables and cursors, but tables and cursors are always stored in a session context, and their lifetimes are also limited by the lifetime of their parent session. So, this PR introduces a newRefCtxthat is created anew and stored in a session once a new session is created. ThisRefCtxholds a "forgotten refs variable", which would previously have been a globalIORef. Now, the variable is scoped only to the lifetime of theRefCtxand therefore the lifetime of the parentSession. Once a session is closed, we "close" theRefCtx, which means that we check if any forgotten refs were recorded.The addition of
RefCtxcauses some churn in the library, because values of the type have to be threaded from top-level code (that uses aSession) through to code that creates/destroys/modifies references. The upside is that the public API remains unchanged, only internal code changes. Moreover, forgotten reference checking is still compiled away in non-debug mode. The change also does not seem to impact performance, as demonstrated using some runs of theutxo-benchbenchmark in non-debug mode:The differences in measurement I would attribute to noise, seeing as the differences are so small. All other metrics, like allocated bytes, are also nearly identical.
Finally, we fix our issue with forgotten references from
prop_noSwallowedExceptionscausingRefNeverReleasedexceptions in other tests. Inprop_noSwallowedExceptions, we turn off forgotten reference checks by reaching into theSessionto get out theRefCtxand disable its forgotten reference mechanism.