[core] Make WaitForActorRefDeleted RPC Fault Tolerant

[Sparks0219]

Why are these changes needed?

Making WaitForActorRefDeleted RPC Fault Tolerant. Added c++ unit tests to verify idempotency of HandleWaitForActorRefDeleted, and added a python integration test.

Related issue number

Closes #53797

Checks

• I've signed off every commit(by using the -s flag, i.e., git commit -s) in this PR.
• I've run pre-commit jobs to lint the changes in this PR. (pre-commit setup)
• I've included any doc changes needed for https://docs.ray.io/en/master/.
  • I've added any new APIs to the API Reference. For example, if I added a
    method in Tune, I've added it in doc/source/tune/api/ under the
    corresponding .rst file.
• I've made sure the tests are passing. Note that there might be a few flaky tests, see the recent failures at https://flakey-tests.ray.io/
• Testing Strategy
  • Unit tests
  • Release tests
  • This PR is not tested :(

---

Note

^{Cursor Bugbot is generating a summary for commit e3234ca. Configure here.}

[gemini-code-assist]

Code Review

This pull request makes the WaitForActorRefDeleted RPC fault-tolerant by enabling retries. This is a good improvement for the robustness of actor lifecycle management. The changes include updating the RPC client to be retryable, modifying the WaitForActorRefDeleted method signature to use move semantics for better performance, and adding comprehensive tests. The new C++ tests for idempotency on the server side are well-structured. I've suggested a small improvement to the new Python test to cover response failures in addition to request failures, and a minor style improvement in the C++ tests to mark unused lambda parameters for better readability. Overall, this is a solid contribution to Ray's fault tolerance.

[gemini-code-assist]

The test test_wait_for_actor_ref_deleted_rpc_retry_and_idempotency is only parameterized to test request failures. For better test coverage, it should also be parameterized to test response failures, similar to test_get_object_status_rpc_retry_and_idempotency.

Additionally, the deterministic_failure parameter is currently unused in the test body.

Suggested change

	@pytest.mark.parametrize("deterministic_failure", ["request"])
	def test_wait_for_actor_ref_deleted_rpc_retry_and_idempotency(
	monkeypatch, shutdown_only, deterministic_failure
	):
	"""Test that WaitForActorRefDeleted RPC retries work correctly.
	Verify that the RPC is idempotent when network failures occur.
	The GCS actor manager will trigger this RPC during actor initialization
	to monitor when the actor handles have gone out of scope and the actor should be destroyed.
	"""
	monkeypatch.setenv(
	"RAY_testing_rpc_failure",
	"CoreWorkerService.grpc_client.WaitForActorRefDeleted=1:100:0",
	)
	@pytest.mark.parametrize("deterministic_failure", ["request", "response"])
	def test_wait_for_actor_ref_deleted_rpc_retry_and_idempotency(
	monkeypatch, shutdown_only, deterministic_failure
	):
	"""Test that WaitForActorRefDeleted RPC retries work correctly.
	Verify that the RPC is idempotent when network failures occur.
	The GCS actor manager will trigger this RPC during actor initialization
	to monitor when the actor handles have gone out of scope and the actor should be destroyed.
	"""
	monkeypatch.setenv(
	"RAY_testing_rpc_failure",
	"CoreWorkerService.grpc_client.WaitForActorRefDeleted=1:"
	+ ("100:0" if deterministic_failure == "request" else "0:100"),
	)

[gemini-code-assist]

The lambda parameters s, success, and failure are unused. It's good practice to either omit their names or mark them as unused to improve readability and signal intent.

Suggested change

	[&callback_count](Status s,
	std::function<void()> success,
	std::function<void()> failure) { callback_count++; });
	[&callback_count](Status /*s*/,
	std::function<void()> /*success*/,
	std::function<void()> /*failure*/) { callback_count++; });

[gemini-code-assist]

The lambda parameters s, success, and failure are unused. It's good practice to either omit their names or mark them as unused to improve readability and signal intent.

Suggested change

	[&callback_count](Status s,
	std::function<void()> success,
	std::function<void()> failure) { callback_count++; });
	[&callback_count](Status /*s*/,
	std::function<void()> /*success*/,
	std::function<void()> /*failure*/) { callback_count++; });

[dayshah]

should assert false in the first callback and assert true in the second callback

[Sparks0219]

Put an ASSERT_TRUE(false) in the first callback since I wanted to guarantee it wouldn't be called.

[jjyao]

why not also response?

[Sparks0219]

I think it's a bit tricky to test response because there's another RPC that the owner uses to notify the GCS that the actor goes out of scope: AsyncReportActorOutOfScope so even if the response is lost the GCS will still deallocate the actor.

Request is easy because if it's lost the callback immediately calls DestroyActor so we get an "actor creation cancelled" error

[dayshah]

can you put a comment there so the person after knows

[jjyao]

we should do

del actor
// check to make sure actor is marked as dead with cause equals REF_DELETED

[Sparks0219]

AsyncReportActorOutOfScope will report this, note the prior comment

[jjyao]

I mean we should add some checks to make sure actor is marked as dead with cause equals REF_DELETED

[jjyao]

LGTM

[jjyao]

Suggested change

	it->second.object_ref_deleted_callbacks.push_back(callback);
	it->second.object_ref_deleted_callbacks.push_back(std::move(callback));

[Sparks0219]

Makes sense, done

[jjyao]

Update docstring

[Sparks0219]

Ah shoot, thanks for catching

[cursor]

Bug: RPC Client Pooling Breaks Retry Mechanism

The WaitForActorRefDeleted RPC now fetches a new client from the pool for each call. This breaks the retryable RPC mechanism, which relies on the same client instance to maintain state across retries.

 

[cursor]

Bug: Missing `const` Qualifier in Callback Parameter

The AddObjectRefDeletedCallback override in ReferenceCounter has a callback parameter that's missing the const qualifier, which differs from the virtual method in ReferenceCounterInterface. This signature mismatch prevents proper overriding and will cause compilation errors.

src/ray/core_worker/reference_counter.h#L48-L51

ray/src/ray/core_worker/reference_counter.h

Lines 48 to 51 in ad1cdd2

	bool foreign_owner_already_monitoring = false) = 0;
	virtual void AddOwnedObject(
	const ObjectID &object_id,
	const std::vector<ObjectID> &contained_ids,

 

---

[cursor]

Bug: Moved Object Access Causes Undefined Behavior

Moving wait_request invalidates the object. While the lambda doesn't use it, accessing a moved-from object can lead to undefined behavior.

 

[dayshah]

omg cursor hates the moves

[Sparks0219]

yea and the client pool too, chill AI

[cursor]

Bug: RPC Retry Fails Due to Empty Request

The wait_request is moved into the RPC call, making it empty for any retry attempts. This, combined with fetching a new client from the pool for each call, can lead to failed or inconsistent RPC retries.

 

[cursor]

Bug: Double Move of respond Causes Undefined Behavior

The respond callback is moved into the AsyncWaitForActorRegisterFinish lambda capture. If actor registration succeeds, the respond object, already in a moved-from state, is moved a second time into WaitForActorRefDeleted, causing undefined behavior.

 

[dayshah]

it got the problem wrong, the problem is actually just that the second move doesn't really move because function captures are const by default

[dayshah]

also update the Failure line in the .proto file, not sure if we've missed that for more rpc's...

just a nit

[dayshah]

why do you need this if, it's the same without it

[Sparks0219]

oh bleh good catch thanks

[dayshah]

omg cursor hates the moves

[Sparks0219]

also update the Failure line in the .proto file, not sure if we've missed that for more rpc's...

UHHH yea it's a little outdated lol, I went through the list on the doc and updated all the missing ones