feat: on low wasm memory hook #3761
Conversation
This property is not established by the implementation. |
|
The implementation only considers stable memory and ignores, e.g., the chunk store and snapshot size, when deriving the wasm memory capacity. |
|
The hook should not run after an upgrade/reinstall/uninstall/install if the condition is not satisfied after the upgrade (although the condition was satisfied before the upgrade and the hook did not execute yet). |
|
🤖 Here's your preview: https://xaml7-fiaaa-aaaam-abdka-cai.icp0.io |
|
Regarding the point: |
Yes, e.g., if the canister does not have any pre- and post-upgrade hooks (in which case there's no wasm execution during canister installation). |
Dfinity-Bjoern
changed the title
…#2864) To support `on_low_wasm_memory` hook we are adding `wasm_memory_threshold` to `NNS` so it allows users to update its value using `NNS` proposal. We are as well adding `wasm_memory_threshold` to canister settings to canisters in `IC` repo. The `wasm_memory_threshold` will be added to the interface specification in dfinity/portal#3761 --------- Co-authored-by: Andre Popovitch <[email protected]> Co-authored-by: Arshavir Ter-Gabrielyan <[email protected]>
…3195) Problem: @mraszyk pointed out [here](dfinity/portal#3761 (comment)): > The hook should not run after an upgrade/reinstall/uninstall/install if the condition is not satisfied after the upgrade (although the condition was satisfied before the upgrade and the hook did not execute yet). Solution: This PR should enforce that the status of the hook condition is updated each time we `upgrade/reinstall/uninstall/install` code.
…3195) Problem: @mraszyk pointed out [here](dfinity/portal#3761 (comment)): > The hook should not run after an upgrade/reinstall/uninstall/install if the condition is not satisfied after the upgrade (although the condition was satisfied before the upgrade and the hook did not execute yet). Solution: This PR should enforce that the status of the hook condition is updated each time we `upgrade/reinstall/uninstall/install` code.
| :::note | ||
|
|
||
| While the above function is scheduled immediately once the condition above is triggered, it may not necessarily be executed immediately if the canister does not have enough cycles. | ||
| If the canister gets frozen immediately after the function is scheduled for execution, the function will run once the canister's unfrozen _if_ the canister's wasm memory remains above the threshold `t`. |
There was a problem hiding this comment.
It should indeed be rephrased, but I'd suggest: if the canister's remaining wasm memory size in bytes remains below the threshold t.
|
In slack conversation:
Luc found out about this mistake, and I am going to implement the fix for it. After the
The difference can be observed in the case if, before the update of the I am leaning towards the latter option but I do not have a strong opinion. Do you have an opinion on this? |
…rozen if it was scheduled before freezing (#3455) Problem: @mraszyk noticed [here](dfinity/portal#3761 (comment)) that property: ”If the canister gets frozen immediately after the function is scheduled for execution, the function will run once the canister's unfrozen if the canister's wasm memory remains above the threshold t.” is missing. Solution: When execution of the hook is stopped because of the freezing canister, add the hook again to the task queue.
## Supporting Low Memory Hook in Motoko The IC allows to implement a low memory hook, which is a warning trigger when main memory is becoming scarce. For this purpose, a Motoko actor or actor class instance can implement the system function `lowmemory()`. This system function is scheduled when canister's free main memory space has fallen below the defined threshold `wasm_memory_threshold`, that is is part of the canister settings. In Motoko, `lowmemory()` implements the `canister_on_low_wasm_memory` hook defined in the IC specification. Reference: dfinity/portal#3761 Example of implementing the low memory hook: ``` actor { system func lowmemory() : async* () { Debug.print("Low memory!"); } } ``` The following properties should be considered when using the low memory hook: * The execution of `lowmemory` happens with a certain delay, as it is scheduled as a separate asynchronous message that runs after the message in which the threshold was crossed. * Once executed, `lowmemory` will only be triggered again when the main memory free space grows above the threshold (e.g. by lowering the threshold or shrinking the main memory through canister reinstallation) and then again falls below the threshold. * Traps or unhandled errors in `lowmemory` are ignored. They only revert the changes done in `lowmemory`. * Due to its `async*` return type, the `lowmemory` function may send further messages and `await` results.
mraszyk
changed the title
Personally, I prefer the former approach because it is consistent in terms of updating the hook status. If we decide to potentially rerun an already executed hook after updating canister settings, then it is not clear why not rerun an already executed hook also in other special cases. |
This proposal is based on this forum post and has already been approved by motion proposal 106146.
Canister developers have to actively monitor their canisters to know if they are low on wasm memory. If detected too late, a canister can be completely stuck and forever un-upgradable.
To address this, we introduce a hook called on_low_wasm_memory. When defined, it is triggered whenever the canister's memory usage exceeds some developer-defined threshold.