[EP] In-place Member Update

[ympcMark]

Description

Part of #1225.

When a process fails and rejoins, we used to recreate all EP buffer.
This means we need to capture CUDA graph again, causing longer service interruption times.
Now for the process already exists, we just recreate its QP.
Then all processes exchange their own metadata and establish a connection with other processes.
To recycle old QPs, we also modify the implement of memheap.

Module

• Transfer Engine (mooncake-transfer-engine)
• Mooncake Store (mooncake-store)
• Mooncake EP (mooncake-ep)
• Integration (mooncake-integration)
• P2P Store (mooncake-p2p-store)
• Python Wheel (mooncake-wheel)
• PyTorch Backend (mooncake-pg)
• Mooncake RL (mooncake-rl)
• CI/CD
• Docs
• Other

Type of Change

• Bug fix
• New feature
• Refactor
• Breaking change
• Documentation update
• Other

How Has This Been Tested?

Checklist

• I have performed a self-review of my own code.
• I have formatted my own code using ./scripts/code_format.sh before submitting.
• I have updated the documentation.
• I have added tests to prove my changes are effective.

[gemini-code-assist]

Summary of Changes

Hello, I'm Gemini Code Assist¹! I'm currently reviewing this pull request and will post my feedback shortly. In the meantime, here's a summary to help you and other reviewers quickly get up to speed!

This pull request significantly enhances the resilience and efficiency of the Mooncake EP system by optimizing the process rejoin mechanism. Instead of a full recreation of all EP buffers and subsequent CUDA graph recaptures, which led to notable service interruptions, the system now intelligently recreates only the necessary Queue Pairs (QPs) for existing processes. This change, coupled with a refined memory management strategy that allows for the recycling of old QPs, ensures faster recovery and reduced downtime when processes fail and rejoin the cluster.

Highlights

• Optimized Process Rejoin: The system now recreates only the necessary Queue Pairs (QPs) for existing processes when a process fails and rejoins, significantly reducing service interruption compared to recreating all EP buffers and recapturing CUDA graphs.
• Enhanced Memory Management: The memheap implementation has been modified to support the recycling of old QPs, improving resource efficiency.
• Dynamic Connection Establishment: Processes are now able to exchange their metadata and re-establish connections after QP recreation, ensuring seamless operation post-rejoin.

🧠 New Feature in Public Preview: You can now enable Memory to help Gemini Code Assist learn from your team's feedback. This makes future code reviews more consistent and personalized to your project's style. Click here to enable Memory in your admin console.

Activity

• No specific activity (comments, reviews, or progress updates) was provided in the context for this pull request.

Using Gemini Code Assist

The full guide for Gemini Code Assist can be found on our documentation page, here are some quick tips.

Invoking Gemini

You can request assistance from Gemini at any point by creating a comment using either /gemini <command> or @gemini-code-assist <command>. Below is a summary of the supported commands on the current page.

Feature	Command	Description
Code Review	/gemini review	Performs a code review for the current pull request in its current state.
Pull Request Summary	/gemini summary	Provides a summary of the current pull request in its current state.
Comment	@gemini-code-assist	Responds in comments when explicitly tagged, both in pull request comments and review comments.
Help	/gemini help	Displays a list of available commands.

Customization

To customize Gemini Code Assist for GitHub experience, repository maintainers can create a configuration file and/or provide a custom code review style guide (such as PEP-8 for Python) by creating and adding files to a .gemini/ folder in the base of the repository. Detailed instructions can be found here.

Limitations & Feedback

Gemini Code Assist may make mistakes. Please leave feedback on any instances where its feedback is incorrect or counter productive. You can react with 👍 and 👎 on @gemini-code-assist comments. If you're interested in giving your feedback about your experience with Gemini Code Assist for Github and other Google products, sign up here.

You can also get AI-powered code generation, chat, as well as code reviews directly in the IDE at no cost with the Gemini Code Assist IDE Extension.

Footnotes

1. Review the Privacy Notices, Generative AI Prohibited Use Policy, Terms of Service, and learn how to configure Gemini Code Assist in GitHub here. Gemini can make mistakes, so double check it and use code with caution. ↩

[gemini-code-assist]

Code Review

This pull request refactors the EP member update process to reduce service interruption time by only recreating QPs for existing processes. However, the implementation introduces several critical security and stability issues. The custom memheap allocator is fundamentally broken, leading to memory overlap and corruption of RDMA hardware structures. Additionally, the QP update logic contains out-of-bounds vector accesses, and cleanup routines are vulnerable to null pointer dereferences. Further areas for improvement include addressing code duplication, enhancing robustness in a destructor function, and improving clarity in a test case.

[gemini-code-assist]

The memheap implementation incorrectly manages the allocated field, which is used as a watermark for new allocations. In memheap_free, heap->allocated is decremented by the size of the freed block regardless of its position. If the freed block is not the last one allocated, this moves the watermark backward into already occupied memory. Conversely, in memheap_aligned_alloc, reusing a free block increments heap->allocated, moving the watermark forward unnecessarily. When a new allocation is needed, it starts at the current heap->allocated offset. This logic will inevitably lead to overlapping memory allocations and corruption of critical hardware structures (CQs, WQs, DBRs), causing unpredictable behavior or system crashes.

[gemini-code-assist]

The update_local_qpns function iterates up to MAX_QP_COUNT and accesses the qps vector using the subscript operator. However, the qps vector is populated in init_ibgda using push_back, and its size may be less than MAX_QP_COUNT if initialization partially failed. Accessing qps[i] when i >= qps.size() is an out-of-bounds operation that leads to undefined behavior, including potential crashes or memory corruption during the assignment at line 497.

[gemini-code-assist]

The memheap allocator has a permanent memory leak. If heap->alloc_count reaches MEMHEAP_MAX_ALLOCATIONS, allocations are not recorded in the allocs array, preventing them from being reclaimed by memheap_free. Additionally, the allocation logic has a critical issue where heap->allocated is used for conflicting purposes (tracking total size and high-water mark), which, after memheap_free decrements it, can lead to new allocations overlapping with existing ones and causing memory corruption. A separate member should track the high-water mark for the bump allocator logic.

[gemini-code-assist]

The function mlx5gda_destroy_qp dereferences the qp pointer (e.g., qp->mqp, qp->uar) before checking for NULL at line 366. This can lead to a null pointer dereference and application crash if qp is NULL. A null check should be added at the beginning of the function for robustness.

[gemini-code-assist]

The new method update_ep_member has a large amount of code that is duplicated from the __init__ method (lines 77-161). This includes logic for exchanging RDMA metadata, QP numbers, GID/LID information, and IPC handles.

To improve maintainability and reduce redundancy, this common logic should be extracted into a private helper method that can be called from both __init__ and update_ep_member.

[gemini-code-assist]

The test logic here is confusing and potentially brittle. It appears to be testing a scenario where rank 0 calls update_ep_member() while other ranks re-initialize the Buffer object. Since both update_ep_member and Buffer.__init__ contain collective communication calls, this relies on the sequence of collectives being identical in both paths.

While this might work for now, it's not a clear or robust way to test the functionality. A small change in either __init__ or update_ep_member could break this test in subtle ways.

A clearer approach would be to have all ranks call update_ep_member() to test its correctness collectively. If the goal is to test a mixed-state scenario, the test should be documented clearly to explain the scenario it's simulating.

A more direct test for update_ep_member would be:

buffer = Buffer(group, num_ep_buffer_bytes=num_ep_buffer_bytes)
# ... any operations ...
# All ranks call update_ep_member to resynchronize
group.barrier() # if needed
buffer.update_ep_member()
# ... continue testing ...

[codecov-commenter]

⚠️ Please install the to ensure uploads and comments are reliably processed by Codecov.

Codecov Report

✅ All modified and coverable lines are covered by tests.

📢 Thoughts on this report? Let us know!

[UNIDY2002]

Overall LGTM. Need to update some code.

[UNIDY2002]

This method has duplicated code with init

Consider merging?

[UNIDY2002]

As I remembered, the CI does not check format regarding Python code.

So, I think it would be better if you keep unrelated lines unchanged, or it might increase chances of conflicts with other collaborators.

[ympcMark]

I used black to format it. And if leaving init untouched, I don't know how to merge?

[UNIDY2002]

You should add a comment here.