[Object spilling] Queue failed object creation requests until objects have been spilled

[stephanie-wang]

Why are these changes needed?

This adds a queue for object creation requests at the plasma store, so that the store can choose to respond to the client later. Currently, requests are added to the queue if there is likely to be enough space for the object once pending object spills to external storage complete. Requests are removed from the queue once spilling completes, whether successful or not. The plasma store will respond to the client once creation succeeds or fails (because the object store still does not have enough space after both eviction and spilling). In the latter case, the client will follow the existing codepath to retry the request after some time or throw an OutOfMemory error to the application.

Eventually, we should think about removing client retries entirely and handling failed object creation requests in the plasma store, since the plasma store and raylet threads have a better idea of when space may become available than the client.

Related issue number

Closes #11772.

Checks

• I've run scripts/format.sh to lint the changes in this PR.
• I've included any doc changes needed for https://docs.ray.io/en/master/.
• I've made sure the tests are passing. Note that there might be a few flaky tests, see the recent failures at https://flakey-tests.ray.io/
• Testing Strategy
  • Unit tests
  • Release tests
  • This PR is not tested :(

Unfortunately, the plasma store does not have any existing unit tests, so this PR is a bit hard to test without a major refactor of the plasma store. This PR relies on the Python tests for now.

[rkooo567]

Before reviewing the PR, Why don't we add this test? #11673 (comment). Is there any other blocker that makes this still fail?

[stephanie-wang]

Before reviewing the PR, Why don't we add this test? #11673 (comment). Is there any other blocker that makes this still fail?

I already added that test in #11673.

[rkooo567]

I wonder if we need some timeout or max_requeue to avoid hanging forever when there's an issue with spilling itself.

[rkooo567]

Suggested change

	for (auto request = create_request_queue_.begin();
	for (auto request_it = create_request_queue_.begin();

[rkooo567]

Great idea!

[ericl]

Seems this hangs for me, is it expected?

import json
import numpy as np
import ray

ray.init(
    num_cpus=1,
    object_store_memory=100 * 1024 * 1024,
    _system_config={
        "automatic_object_spilling_enabled": True,
        "object_spilling_config": json.dumps(
            {"type": "filesystem", "params": {"directory_path": "/tmp/spill"}},
            separators=(",", ":")
        )
    },
)

@ray.remote
def f():
    return np.zeros(10 * 1024 * 1024)

ids = []
for _ in range(2):
    x = f.remote()
    ids.append(x)

print("GET")
print(ray.get(ids))

[ericl]

Looks pretty good, left some comments. Another thought was that now that we have a creation queue, we should (later) change the spilling mechanism to calculate spilling based on the creation queue size / contents, rather than have an explicit Spill(n) call. Then the object creation flow becomes pretty simple:

enqueue(createRequest)
TriggerSpillingIfNeeded()
ProcessCreateRequests()

[ericl]

I think we also need to queue further requests if create_request_queue_.size() > 0, to prevent starvation. No objects should be allowed to be created directly while spilling is in progress.

[stephanie-wang]

Can you explain more? I think it's actually okay for other objects to get created, such as if they're smaller than the objects that couldn't fit.

[ericl]

Well, if there is a flood of small objects, that can prevent enough space from ever being created for large objects (e.g., a 10GB chunk).

While it may make sense to allow those to get created in the future as an optimization, how about we simplify the queueing behavior by enforcing FIFO priority for all objects?

[stephanie-wang]

Anyway, I think your suggestion about just queuing all requests will address this, right?

[ericl]

This TODO is already done right? Since you're deferring responses

[stephanie-wang]

Maybe it's not clear from the comment, but there are now two types of OutOfMemory errors, transient (but we expect there to be space once spilling is done) or definite (unless some objects get released, there's definitely no space). Right now we only queue requests for the former.

[ericl]

Can we remove the TODO then? I think it doesn't make sense to queue the latter (should just raise OOM if only mmaped objects are in the store).

[stephanie-wang]

Actually I think it does make sense to eventually queue the latter too. Right now we have to retry from the client on OOM, but that can add unnecessary delays in cases where other objects will actually get released soon. If we queue on the plasma store (with a timeout), we can create the object as soon as there's enough space. Also we could potentially reduce false positives if the plasma store makes the decision instead of the client.

[ericl]

Right yeah, I think eventually we want all decision making to be centralized in this queue (including trigger of global gc, etc.).

[rkooo567]

The latter is possible after we make create asynchronous right?

[ericl]

Would the code be simplified if we always pushed new requests into the queue and called ProcessCreateRequests(), rather than only enqueueing conditionally? The overhead of pushing into a list and immediately popping should be very small.

[stephanie-wang]

Sure, I can try that.

[ericl]

The plasma store will respond to the client once creation succeeds or fails (because the object store still does not have enough space after both eviction and spilling)

Btw this is incorrect right? IIUC requests get queued indefinitely until space is available (which is probably fine, unless we can detect that no further spilling is possible)

[stephanie-wang]

Seems this hangs for me, is it expected?

import json
import numpy as np
import ray

ray.init(
    num_cpus=1,
    object_store_memory=100 * 1024 * 1024,
    _system_config={
        "automatic_object_spilling_enabled": True,
        "object_spilling_config": json.dumps(
            {"type": "filesystem", "params": {"directory_path": "/tmp/spill"}},
            separators=(",", ":")
        )
    },
)

@ray.remote
def f():
    return np.zeros(10 * 1024 * 1024)

ids = []
for _ in range(2):
    x = f.remote()
    ids.append(x)

print("GET")
print(ray.get(ids))

Probably because the default number of workers is 1 (#11789).

[stephanie-wang]

The plasma store will respond to the client once creation succeeds or fails (because the object store still does not have enough space after both eviction and spilling)

Btw this is incorrect right? IIUC requests get queued indefinitely until space is available (which is probably fine, unless we can detect that no further spilling is possible)

No, the requests will get queued until spilling either succeeded or failed. In both cases, the raylet will callback to the plasma store. From there, the plasma store will try the creation request again, and then there are three possibilities:

1. Creation succeeds.
2. Not enough space even after eviction and considering objects that could be spilled.
3. Trigger more spilling, which would create enough space for the request once complete. Requeue the request and repeat.

[ericl]

Not enough space even after eviction and considering objects that could be spilled.

Where's the code that determines "even after eviction"? It seems to me the retry of the creation request is the same the second time so it would get queued up again even in that case.

Trigger more spilling, which would create enough space for the request once complete. Requeue the request and repeat.

I believe the current code doesn't re-queue; the request stays at the head of the queue since we break out of the loop before calling erase(). Is this not the case?

[ericl]

import json
import numpy as np
import ray

ray.init(
    num_cpus=1,
    object_store_memory=100 * 1024 * 1024,
    _system_config={
        "automatic_object_spilling_enabled": True,
        "max_io_workers": 10,
        "object_spilling_config": json.dumps(
            {"type": "filesystem", "params": {"directory_path": "/tmp/spill"}},
            separators=(",", ":")
        )
    },
)

@ray.remote
def f():
    return np.zeros(10 * 1024 * 1024)

ids = []
for _ in range(2):
    x = f.remote()
    ids.append(x)

print("GET")
print(ray.get(ids))

This still fails (10 io workers).

[stephanie-wang]

Not enough space even after eviction and considering objects that could be spilled.

Where's the code that determines "even after eviction"? It seems to me the retry of the creation request is the same the second time so it would get queued up again even in that case.

Trigger more spilling, which would create enough space for the request once complete. Requeue the request and repeat.

I believe the current code doesn't re-queue; the request stays at the head of the queue since we break out of the loop before calling erase(). Is this not the case?

import json
import numpy as np
import ray

ray.init(
    num_cpus=1,
    object_store_memory=100 * 1024 * 1024,
    _system_config={
        "automatic_object_spilling_enabled": True,
        "max_io_workers": 10,
        "object_spilling_config": json.dumps(
            {"type": "filesystem", "params": {"directory_path": "/tmp/spill"}},
            separators=(",", ":")
        )
    },
)

@ray.remote
def f():
    return np.zeros(10 * 1024 * 1024)

ids = []
for _ in range(2):
    x = f.remote()
    ids.append(x)

print("GET")
print(ray.get(ids))

This still fails (10 io workers).

Isn't this expected to fail? We can't fit both of the ids in the plasma store at the same time.

[stephanie-wang]

Not enough space even after eviction and considering objects that could be spilled.

Where's the code that determines "even after eviction"? It seems to me the retry of the creation request is the same the second time so it would get queued up again even in that case.

1. Creation succeeds.
2. Not enough space even after eviction and considering objects that could be spilled. => This will return an OutOfMemory error code, which the plasma store returns to the client. The client can either retry after some time or throw the exception.
3. Trigger more spilling, which would create enough space for the request once complete. Requeue the request and repeat. => This will return a TransientOutOfMemory error. The plasma store will then break and wait for objects to get spilled before retrying the request.

Trigger more spilling, which would create enough space for the request once complete. Requeue the request and repeat.

I believe the current code doesn't re-queue; the request stays at the head of the queue since we break out of the loop before calling erase(). Is this not the case?

Ah that's right, I meant that the request stays at the head of the queue but will get retried later once a round of spilling succeeds or fails.

[ericl]

Isn't this expected to fail? We can't fit both of the ids in the plasma store at the same time.

Yep good catch.

Trigger more spilling, which would create enough space for the request once complete.

Got it. I forgot the spill decision is within the plasma create call itself.

[ericl]

This argument isn't actually used, can we remove it?

[stephanie-wang]

It turns out that Travis is failing because of the same problem that I came across earlier in #11673:

Since there are multiple clients trying to create an object at the same time, only one of them will succeed after an object has been spilled. But then since all the clients retry at around the same time, the others retry while the one that succeeded is still creating its object (so its object can't be evicted or spilled). I managed to get this to work by resetting the normal OutOfMemory retries if the client ever receives the transient error, but I don't think that will work in all cases.

I think we can fix this by moving the OutOfMemory client-side timer into the plasma store, like we talked about in this PR.

@ekl, @rkooo567 are you guys okay with just disabling that unit test for now, and I can get started on a more comprehensive refactor/fix next? I'm worried about adding it to this PR because we're already adding a lot of logic to the plasma store that isn't getting unit-tested at all.

[rkooo567]

Sounds good to me. I think we can add this logic (and disable core worker retry) when we develop the diagram we discussed today?

[stephanie-wang]

Sounds good to me. I think we can add this logic (and disable core worker retry) when we develop the diagram we discussed today?

Yeah, I think we should just do the refactor to pull the queue out of the PlasmaStore and remove the client-side retry in the same PR.