Snapshots are stored in the LMDB store not tar files

[illicitonion]

This has a few advantages:

1. It makes the Bazel remote execution API much easier to implement.
2. We store each unique file by content exactly one time, rather than
   once per snapshot it belongs to.

It also allows us to delete a lot of code which handles awkward
specifics of tar files.

Fixes #5106 and fixes #4394.

[illicitonion]

Note that this PR contains many TODOs with non-trivial narrative which are likely to trigger actual discussion. I will resolve all of those TODOs before merging this PR, but strongly welcome any comments/thoughts/ideas around them.

Depends on #5105

[stuhood]

Looks good! Blocked on both #4397 and #5108, methinks.

[stuhood]

Touched on this on #5105, but: I think what we'll need is an Arc to share the pool between the various members of the Core that need it, including PosixFS and Store (which isn't using it yet, but should be to take IO off the main thread). Opened #5108 about this.

But we also need the fork-safe machinery to ensure that we recreate this when necessary. So I think it will look like an Arc<ResettablePool>, with a helper fn with_pool<F: FnOnce()->T>(f: F) -> T.

[stuhood]

Implemented here: #5110

[stuhood]

Mentioned in the other PR, but: should use to create the path to the Store.

[stuhood]

Or should we be kicking off each LMDB read in parallel on the pool?

This. Although I suspect it is already faster, if it's not (due to overhead in CpuPool), it will be soon. As mentioned elsewhere: Store should hold a pool reference and expose futures.

[stuhood]

The unwraps in here should be handled, as they would indicate IO errors or someone having deleted the store out from under a running process (both of which become more likely with the daemon).

[stuhood]

...or maybe not...? I suppose a panic will be somewhat-properly handled, and would trigger the daemon killing itself with a log message. But the client connected to the daemon would not get a useful message. If you were to trigger an error here saying something like "internal error, please run ./pants kill-pantsd", the response is: "gee thanks, why didn't you just do that yourself?".

Six of one, half dozen of the other.

[stuhood]

This will have the effect of sorting too many times due to the recursion.

If you guarantee/assert that the Directory proto has sorted file and directory lists (...maybe we should push this guarantee upstream...?), this gets a bit easier. Assert sorted, and then either:

1. Always render the files in a directory before the directories in a directory.
2. Execute a linear-time merge of the sorted DirNode and FileNode lists.

[stuhood]

This is probably blocked on landing #4397, because the python code currently cheats, consumes this object, and goes looking for tar files.

[illicitonion]

Just pushed a rebase, didn't fix all the stuff that needs fixing yet.

Outstanding TODOs:

• Parallelise Snapshot::contents
• Write more tests
• Work out how to make GetNode not be public (advice welcome!)

[stuhood]

Thanks!

As mentioned previously, this won't pass the tests until #4397 ports IsolatedProcess to rust, probably.

[stuhood]

I'm really not sure why this is a trait anyway... just an artifact maybe? I think you can just move this method to impl Context.

[illicitonion]

Done in #5123

[stuhood]

Context implements Clone (cheaply): no need to wrap it in an Arc.

[stuhood]

It looks like rather than taking an Arc<GFD>, Snapshot::from_path_stats should maybe take a GFD with a Clone bound?:

-  pub fn from_path_stats<GFD: GetFileDigest<Error> + Sized, Error: fmt::Debug + 'static + Send>(
+  pub fn from_path_stats<GFD: GetFileDigest<Error> + Clone, Error: fmt::Debug + 'static + Send>(
     store: Arc<Store>,
-    file_digester: Arc<GFD>,
+    file_digester: GFD,
     mut path_stats: Vec<PathStat>,
   ) -> BoxFuture<Snapshot, String> {

[illicitonion]

Done

[stuhood]

from_path_stats returns a Future, so no need to spawn it onto a pool: can:

stats
  .and_then(move |_| {
    fs::Snapshot::from_path_stats(
      ..
    )
    .map_err(...)
  })

[illicitonion]

Done

[stuhood]

The Stat type (which needed to fake the file access) should be completely removed in favor of FileDigest (which is actually usefully memoized): just make sure that you update this codepath

pants/src/rust/engine/src/nodes.rs

Lines 1154 to 1165 in 9ebddaf

	///
	/// If this NodeKey represents an FS operation, returns its Path.
	///
	pub fn fs_subject(&self) -> Option<&Path> {
	match self {
	&NodeKey::ReadLink(ref s) => Some((s.0).0.as_path()),
	&NodeKey::Scandir(ref s) => Some((s.0).0.as_path()),
	&NodeKey::Stat(ref s) => Some(s.0.as_path()),
	_ => None,
	}
	}
	}

to link FileDigest to its canonical stat.

[illicitonion]

Done. Modified fs_subject to avoid relying on your review to do this in the future.

[stuhood]

Also, I think there are still a few cases where we are over-sorting due to recursion.

[stuhood]

It looks like there are some unhelpful panics in Travis due to #4884

[illicitonion]

This all ends up doing a kind of sad amount of copying things into intermediate Vecs... Any ideas for how to avoid this are welcome!

[stuhood]

Seems like handling this error above would simplify the type of paths_and_maybe_byteses to just Vec<FileContent>... any reason to defer it to this separate join_all call?

[illicitonion]

Much nicer indeed! :)

[stuhood]

Related: #5136

[illicitonion]

This now passes all tests which don't explicitly involve IsolatedProcess.

[stuhood]

Was this detected via benchmarking? Thread local storage sounds... like a pretty good thing in general.

[illicitonion]

Without this, our own test suite fails hard by exhausting the transaction count.

I don't think it's anywhere near as scary as its name suggests :)

I believe the mechanism here is that there is a finite number of transaction slots (default: 126), and without this flag, each time an OS thread opens a transaction, it takes up a slot, and those slots only get freed up when the OS thread dies. If you make multiple transactions sequentially from the same thread (say, you're using a thread pool), you accordingly exhaust your slots after 126 transactions, and can never read from the DB while those threads are alive.

The only down-side is that you need to make sure that any individual thread must not try to perform multiple write transactions concurrently. We don't try to run multiple write transactions concurrently on any particular OS thread, so we're fine there. (At least, that's my understanding from https://docs.rs/lmdb/0.7.0/lmdb/constant.NO_TLS.html - I guess the other interpretation is that we need a Mutex around attempts to create new write transactions, but that's not how I read it).

The Go and Python bindings turn this option on by default. It definitely feels like this should be the default behaviour in general...

[stuhood]

Great, thanks. Worth expanding the comment a tiny bit probably, as I expected that it was a performance tunable.

[stuhood]

Remind me again why we don't just put this on VFS?

[illicitonion]

I couldn't answer this question, so I tried to move it, and I learnt the answer! Which definitely points to something to improve.

There's a currently-very-implicit side-effect of calling digest, which is that after you call it, the Store will be able to answer load_file_bytes calls for it. This is an important property.

So VFS is the wrong place for the digest function, because PosixFS shouldn't have a dependency on Store.

Store would be a reasonable place for it, except that Context wants to be able to cache it rather than pass through to the underlying Store.

So I think we should probably have a standalone trait which is maybe called StoresFileByDigest, which Store implements (because it does, and is useful in tests), and which Context also implements (for the caching layer).

WDYT?

[illicitonion]

... Except Store can't implement it on its own, because it needs a VFS to actually load files.

[illicitonion]

Did the rename, added a comment.

[stuhood]

I believe that after this review Stat should be unused, since FileDigest is the only thing representing presence of a file in a Snapshot? See the comment on the Stat struct.

[illicitonion]

Nice! Done! Hurrah for replacing weird placeholders which need long comments with things which actually make standalone sense!

[illicitonion]

Squashed and rebased. Handing over to @ity to merge into #5239

[illicitonion]

@ity It looks like

pants/src/python/pants/engine/isolated_process.py

Line 47 in 4d64273

def _extract_snapshot(snapshot_archive_root, snapshot, sandbox_dir):

is still reading tar files through a side-channel, which blocks me landing this PR - do you have the clean-up for this on an un-published branch, or should I start on it?

[ity]

@illicitonion on it, will work on removing this escape hatch today.

[stuhood]

PathGlobs

[illicitonion]

Done

[stuhood]

indentation

[illicitonion]

I really dislike rustfmt :(

(I'm aware I'm the one who advocated for it... I just wasn't aware how bad it was at things...)

Done

[stuhood]

(technically it's tracking both ReadLinks and Scandirs)

[illicitonion]

Done

[kwlzn]

@ity how's the escape hatch removal looking?

[illicitonion]

This got replaced with #5496 (and several other PRs around it)