-
Notifications
You must be signed in to change notification settings - Fork 271
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Use heap indirection to manage type signatures #2510
Conversation
Codecov ReportAttention:
Additional details and impacted files@@ Coverage Diff @@
## main #2510 +/- ##
==========================================
+ Coverage 58.06% 58.94% +0.88%
==========================================
Files 293 324 +31
Lines 12956 15324 +2368
==========================================
+ Hits 7523 9033 +1510
- Misses 5433 6291 +858
☔ View full report in Codecov by Sentry. |
The proxy's release debug symbols are currently >6GB. It doesn't appear to even be possible to build the proxy with debuginfo=2, as we overflow u32::MAX and violate the restrictions of DWARF32. To fix this, we more aggressively use dynamic dispatch via the new `Stack::arc_new_box` helpers. This helps reduce our largest type signatures from >700KB to ~50KB. We'll want to follow up with changes that monitor the size of these signatures to prevent regressions. This allows us to minimize many type assertions, etc. There are no functional changes in this PR. Release builds will now produce full debug information with file:line annotations.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
this looks good to me!
i was a bit curious about the change from using one push_on_service
calls with multiple layers to using a separate push_on_service
for each layer --- does that impact symbol size, or was it just a refactor?
i suspect this won't have too big of a latency impact, since the boxing is mostly at the NewService
level, and not at the level of individual request/response futures. i'm still curious about potential perf testing, though!
let http = svc::stack(move |_| admin.clone()) | ||
.push( | ||
metrics | ||
.proxy | ||
.http_endpoint | ||
.to_layer::<classify::Response, _, Permitted>(), | ||
) | ||
.push(classify::NewClassify::layer_default()) | ||
.push_map_target(|(permit, http)| Permitted { permit, http }) | ||
.push(inbound::policy::NewHttpPolicy::layer(metrics.http_authz.clone())) | ||
.push(inbound::policy::NewHttpPolicy::layer( | ||
metrics.http_authz.clone(), | ||
)) |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
this looks like just Rustfmt, right?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
yeah
// This box is needed to reduce compile times on recent | ||
// (2021-10-17) nightlies, though this may be fixed by | ||
// https://github.com/rust-lang/rust/pull/89831. It should | ||
// be removed when possible. | ||
.push(svc::BoxService::layer()) |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
i'm assuming this BoxService
was obviated by the boxing added in this PR?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
We're just doing this everywhere now, so this place isn't all that special. The boxing is now included in the arc_ helper
// Downgrades the protocol if upgraded by an outbound proxy. | ||
.push_on_service(http::orig_proto::Downgrade::layer()) | ||
// Limit the number of in-flight inbound requests. | ||
// | ||
// TODO(ver) This concurrency limit applies only to | ||
// requests that do not yet have responses, but ignores | ||
// streaming bodies. We should change this to an | ||
// HTTP-specific imlementation that tracks request and | ||
// response bodies. | ||
.push_on_service(svc::ConcurrencyLimitLayer::new(max_in_flight_requests)) | ||
// Shed load by failing requests when the concurrency | ||
// limit is reached. | ||
.push_on_service(svc::LoadShed::layer()) |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
out of curiosity: does separating these into multiple push_on_service
calls also have an impact on symbol size? or, was it just a drive-by refactor?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
The additional layer types don't help anything when we're looking at the type signatures. This keeps them a little simpler. Also the added benefit of outdenting things...
* Include server address in server error logs (linkerd/linkerd2-proxy#2500) * dev: v42 (linkerd/linkerd2-proxy#2501) * Separate tls::ServerName and identity::Id types (linkerd/linkerd2-proxy#2506) * Use reference-counted strings in dns::Name (linkerd/linkerd2-proxy#2509) * build(deps): bump tj-actions/changed-files from 39.2.0 to 40.1.1 (linkerd/linkerd2-proxy#2508) * build(deps): bump actions/checkout from 4.1.0 to 4.1.1 (linkerd/linkerd2-proxy#2485) * ci: Fix check-each workflow (linkerd/linkerd2-proxy#2511) * ci: Turn off debuginfo in ci test builds (linkerd/linkerd2-proxy#2512) * ci: Fix fuzzer listing (linkerd/linkerd2-proxy#2513) * Use heap indirection to manage type signatures (linkerd/linkerd2-proxy#2510) * dev: optimize image build (linkerd/linkerd2-proxy#2452) * dev: Disable nightly install for now (linkerd/linkerd2-proxy#2515) * meshtls: Extract TLS id verification out of TLS backends (linkerd/linkerd2-proxy#2507) * Update DEFAULT_OUTBOUND_TCP_QUEUE_CAPACITY to 10K (linkerd/linkerd2-proxy#2521) * admin: Add optional /debug/pprof/profile endpoint (linkerd/linkerd2-proxy#2516) Signed-off-by: Oliver Gould <[email protected]>
* Include server address in server error logs (linkerd/linkerd2-proxy#2500) * dev: v42 (linkerd/linkerd2-proxy#2501) * Separate tls::ServerName and identity::Id types (linkerd/linkerd2-proxy#2506) * Use reference-counted strings in dns::Name (linkerd/linkerd2-proxy#2509) * build(deps): bump tj-actions/changed-files from 39.2.0 to 40.1.1 (linkerd/linkerd2-proxy#2508) * build(deps): bump actions/checkout from 4.1.0 to 4.1.1 (linkerd/linkerd2-proxy#2485) * ci: Fix check-each workflow (linkerd/linkerd2-proxy#2511) * ci: Turn off debuginfo in ci test builds (linkerd/linkerd2-proxy#2512) * ci: Fix fuzzer listing (linkerd/linkerd2-proxy#2513) * Use heap indirection to manage type signatures (linkerd/linkerd2-proxy#2510) * dev: optimize image build (linkerd/linkerd2-proxy#2452) * dev: Disable nightly install for now (linkerd/linkerd2-proxy#2515) * meshtls: Extract TLS id verification out of TLS backends (linkerd/linkerd2-proxy#2507) * Update DEFAULT_OUTBOUND_TCP_QUEUE_CAPACITY to 10K (linkerd/linkerd2-proxy#2521) * admin: Add optional /debug/pprof/profile endpoint (linkerd/linkerd2-proxy#2516) * proxy: Use debian12 distroless base image Signed-off-by: Oliver Gould <[email protected]>
The proxy's release debug symbols are currently >6GB. It doesn't appear
to even be possible to build the proxy with debuginfo=2, as we overflow
u32::MAX and violate the restrictions of DWARF32.
To fix this, we more aggressively use dynamic dispatch via the new
Stack::arc_new_box
helpers. This helps reduce our largest typesignatures from >700KB to ~50KB. We'll want to follow up with changes
that monitor the size of these signatures to prevent regressions.
This allows us to minimize many type assertions, etc.
There are no functional changes in this PR. Release builds will now
produce full debug information with file:line annotations.