Implement a query engine for incremental compilation

[mcy]

This change adds a new experimental/incremental package, which provides a generic dependency memoization framework, intended for parallelization of compilation operations. It follows the current design for parallelization in the compiler but has the following new features:

1. Dynamic scheduling of dependency queries.
2. Persistence of intermediate results within and across queries.
3. Partial invalidation of results (e.g. for when files change).

This is intended to be used for parallelization and memoization in the LSP and throughout the compiler.

[mcy]

One thing to consider: incremental.Executor leaks memory (in the situation where the executor is long-lived, which is expected). I am contemplating a tradeoff:

1. Make Invalidate() also evict entries. It currently does not do this because write operations to sync.Map are slow.
   a. Incidentally, we can replace sync.Map with a hand-rolled sharded map instead (because sync.Map kinda sucks lol).
2. Add something like Evict() to explicitly evict a URL and its dependencies. (or an evict bool to Invalidate().
3. Do some kind of funny LRU thing to evict old entries?

[jhump]

Is this just for testing? Seems like this could potentially be a big slice to copy. Maybe instead of returning a slice, it should return a iter.Seq[string], and you could push making a sorted slice to the caller.

[mcy]

It's kind of intended as a general debugging aid. I'm not sure we really need an iterator for this, because you really do want to sort them first and that requires buffering regardless.

[jhump]

Wha?? If any single query fails, the whole goroutine disappears? That seems like a very dangerous API. This would be simpler to use if it just used standard error-return control flow. If a query fails, seems like it should return a correspond failed Result. And if the whole task is cancelled, it should return the cancellation cause.

[jhump]

Also, my gut reaction is "why is this even exported"? I now see it's because it really wants to be a method of Task (like Run wants to be a method of Executor), but it needs to be generic for type safety. Maybe mention something to that effect in the Go docs for each of these, to make their use more clear. In this case, this is expected to be called from Query.Execute to gather dependencies.

[mcy]

Yeah you know I thought about it and this is kinda nuts. The new API instead has really scary "hey you need to return this error or something will explode".

I also added the docs you suggested.

[jhump]

What does "non-failed" mean in this regard? The loop has no conditional that looks like it's filtering out failed items.

Also, why would we exclude the errors from failed results?

[mcy]

This no longer makes sense with the new error propagation convention.

[jhump]

If we were to introduce a limit on the size of the cached results, this could potentially create a new task instead since the one created above might have been evicted. Maybe we instead need to associate these tasks as deps of root, so you can instead iterate root's deps and not worry about concurrent/near-immediate eviction.

[jhump]

Or at the least, pass a flag to getTask to tell it to not create a task and instead return nil. Then update this to ignore nil return values?

[mcy]

Can we punt automatic eviction to a followup?

[jhump]

Sure, but it would be nice to first drop a TODO right here so we don't forget that there is a potential risk here.

[jhump]

I see this is borrowing heavily from testing.T, but I think we could make it more clear, since this is not test code. Maybe instead this signature could be NonFatalError(...error). Also, it's a little confusing that it allows zero errors to be provided, so maybe even NonFatalError(error, ...error).

[mcy]

It's NonFatal now.

[jhump]

One thing I had to add to the main executor in the root protocompile package (since the existing compiler is somewhat similar in how it compiles files) is cycle detection. If, for example, there were incorrect cyclic imports between files, we need to be able to detect that in order to prevent deadlock in this execution engine (where a task is indirectly blocked on itself).

The current compiler does not do this very efficiently (it recursively crawls the entire dependency graph of the caller task to see if it finds the newly requested file). I think a better approach would be to add to each task a "path" of its ancestor tasks, and if we ever see a request to resolve a dependency that already exists in the caller's path (or is equal to the caller), the task should fail fast.

[jhump]

We should also clearly document that Query.Execute should never call Run, only Resolve. (Otherwise, we'd lose the trail of callers and not be able to detect cycles.)

[mcy]

Implemented cycle tracking. There's even a test!

In the process I found a deadlock due to resource starvation. There's some fussiness in Resolve to drop the hold on exec.sema in the right place to avoid starvation.

[jhump]

I think this needs to be in a defer. Otherwise, if a query fails, the goroutine will exit, but since the context is not yet cancelled and this channel not closed, the select below would hang.

(Having said that, I've left other remarks about how I think the use of runtime.Goexit is dangerous and we should probably revisit how failures are communicated. But this probably needs to be a deferred function no matter how those changes play out.)

[mcy]

You're right regardless, if a panic comes crashing through for whatever reason, it will get swallowed.

[jhump]

While internal panics are okay, they would be categorically bad if they happened in the BSR. Since this is running in a separate goroutine, the calling application (such as BSR code) would have no way of recovering.

The current compiler has a top-level deferred function (in the equivalent of this package's Run function, in the go function that launches these goroutines) that catches any panic and reports it as a fatal error, specifically for scenarios like this. That way compiler bugs don't turn into serious operational issues.

[jhump]

Though I also think it would be better to just return an error here. (Sorry to keep harping on that. But it's much more straight-forward control flow.)

[mcy]

I would generally consider this type of panic to be on the same level as a random nil deref. Avoiding panics is not as simple as "never panic"; in this case, it indicates a fairly catastrophic bug on the part of query writers.

How to handle such errors should generally be done by the people who are panic-intolerant, such as with a recover. We can't prevent query authors from panicking out of Execute, after all (unless we try catching that, too).

[jhump]

How to handle such errors should generally be done by the people who are panic-intolerant, such as with a recover. We can't prevent query authors from panicking out of Execute, after all (unless we try catching that, too).

The problem with this is that they can only recover from panics on their (callng) goroutine. If the library function they call spawns a goroutine and the panic happens there (like with this), then there is no ability to catch it and prevent it from crashing the app.

So while I understand that we can't eliminate all panics, since nil-deref/index-out-of-range/etc could still occur, we can and should recover from any panic that happens in a goroutine that is created as an internal detail of this package. The existing compiler in the protocompile package does that here.

[jhump]

I see you call it wg, like "wait group". I guess you are using a semaphore because it is context-aware? Maybe a little comment that we use this instead of sync.WaitGroup specifically because waiting can be interrupted via context cancellation?

[mcy]

I actually added such a comment before I even noticed your comment here!

[jhump]

we can replace sync.Map with a hand-rolled sharded map instead (because sync.Map kinda sucks lol).

Yeah, I am not a fan of sync.Map at all. Its interface is okay, but its internal behavior feels a bit unpredictable and some things are slow (even though have "amortized" reasoable complexity). I expect a map with simple RWLock will be adequate for our use, and we could move to a sharded data structure if we find there's too much contention on the lock. But I have a feeling that keeping things simple will be fine and sharding now may be premature optimization.

FWIW, there are other open-source cache implementations that are decent and handle the size limits with evicting LRU entries.

[jhump]

Maybe a TODO that we could do a best-effort validation of this by providing a context to Query.Execute. The package could add a context value to it to indicate we're executing a query, and this function could check for that context value and, if present, fail fast.

[mcy]

I went ahead and did the validation :)

[jhump]

Could instead use |= up on line 98.

[mcy]

Go does not provide |= for bools. I know, right?!

[jhump]

Ah, right, I've run into this before, too. 🤮

[jhump]

Oops, I suspect this was in here (and a couple of lines above) for debugging and accidentally left in?

[mcy]

oops

[jhump]

FWIW, this is where I think we need to put a recover call. That way, panics in user-provided code (i.e. Query.Execute) but also bugs in compiler/library code won't cause the calling application to crash.

[mcy]

ErrPanic!

[jhump]

Since Resolve now returns an error, I think it would be better to have this function return an error that can be propagated, instead of panic.

[mcy]

I somewhat disagree that this should be an error, but I don't think it deeply matters.

[mcy]

Actually no it has to be a panic, otherwise e.g. callers need to check for an error in NonFatal too. I think a panic is better, because it should only ever happen if you do something nasty like escape a Task into a global.

[jhump]

Could use a multi-statement for loop to make this a little more concise:

for node := &caller.path; node.Query != nil; node = node.Prev {

[mcy]

Better yet: path.Walk.

[jhump]

I think this would be a little more intuitively expressed with an unconditional close(r.done). I think the only places it gets closed are here and then after q.Execute is called.

Then, to detect panics, a construct like this is effective and a little less code/easier to follow IMO:

didPanic := true
defer func() { /* ... */ }()
r.Value, r.Fatal = q.Execute(callee)
didPanic = false

So the deferred function just inspect didPanic.

[mcy]

I simplified this significantly another way, please take a look at run and runAsync

[jhump]

Is it safe to do this before the mutation to the task below (line 277, task.result.Store(nil))?

I think after this is called, the calling task may immediately "wake up" and could potentially observe a partial result before the code below clears it.

[mcy]

not only is callee.done incorrect, I got rid of Task.done altogether.

[jhump]

This doesn't seem like a real "builder" pattern. Instead, this seems like a URI, not a builder, and the Build() method could just as reasonably be String().

Also, not sure this pays its freight -- it's extra surface area to maintain if/when we make it exported/non-experimental, and it doesn't seem hugely valuable.

[mcy]

Deleted it :)

[jhump]

I left a few comments, but I think this is really close. So LGTM modulo the few remarks.

[jhump]

This needs to also set actual: q.

[mcy]

oopies

[jhump]

I think this and the one below are confusingly named. runAny actually blocks for the result and isn't really async. This is the async version, since it returns immediately and can spawn a goroutine to actually invoke done.

Maybe rename this one to start and the other to run?