Recently, we at Franz have been seeing weird failures when building a certain ASDF system on NFS: We were intermittently getting redefinition warnings when loading a system - not all the time, but more often when we compiled during certain timeslots.
This was a weird one, and I think it would be nice to record what this is, and how we figured out what’s going on (and how we arrived at our work-around).
Update 2011-10-11: Faré informs me that this problem is fixed (all the way, no need for a workaround) in ASDF 2.017.9!
We have a system and a specialized operation (
generates a single loadable .fasl we can ship) that depends on
asdf:load-op. In our build process, we first load the system, then
generate some data with the loaded system, and then perform the custom
operation on the system.
When performing that operation with a source tree that was checked out
on NFS, the
load-op that it depends on sometimes got performed a
second time: The lisp loaded all the .fasls again, and for some
constructs in some .fasls, signaled a
WARNING, which made the build
Oddly enough, the failure happened only during certain time slots - we would see the build work between 3pm and 4:30pm, and starting at 4:30 it failed consistently until it was time to go home. Huh.
Aside: How ASDF Operates
Not everyone might be familiar with how ASDF works (if you are, feel
free to skip to the next section, or stay and nitpick (-:), so here’s
a small primer on what happens when you type
Here’s a little walkthrough:
ASDF runs the generic function
traversewith the system and the operation as parameters.
traversewalks the dependencies of the system and the contents of the system itself, and determines which operations are not yet done.
load-opon a CL source file,
traversewill try to generate a
load-opfor the input-file of that load-op (the .fasl file), check if that .fasl file exists, and if it doesn’t, then it will also generate a
compile-opfor the corresponding .lisp file.
As a result,
traversereturns a list of operations that must be performed on each component (or module, or system). For a clean source tree, that list looks something like: ((compile-op . source-1) (load-op . source-1) (compile-op . source-2) (load-op . source-2) …)
operatetakes that list and just performes each operation on its component in order.
All this means that ASDF takes a two-step approach: It first
determines what needs to be done, then does it. All the smarts in ASDF
are in that
traverse operation and the underlying mechanisms. The
rest is just a dolist.
OK, with that out of the way:
I’d gotten this error before, but that was when I was running on a source tree checked out on an NFS-mounted file system on Windows. I didn’t pay it much mind, because, hey, it’s the NFS client on Windows.
But then this exact same problem started happening to a client using two Linux machines as the client and the server. We had a problem.
At first, we suspected that there was an issue with build order (that
result list of
traverse). This was a blind alley: The files were
loaded in exactly the same order in the failing and working
scenarios. No luck.
The next thing was to instrument
operation-done-p before performing
the operation, and there we saw what happened:
load-op had not been performed on a file. But that
file had been loaded into this very same image just minutes before!
operation-done-p a generic function and has a method that attempts
to handle the most common cases of operations on ASDF components: the
method specialized on
(operation component), which does the
following in the branch that applies to
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16
This consults a registry of times when an operation was performed on a
component-operation-time returns a
that is a number of seconds, and compares that to the
- also a universal-time - of the input file (the .fasl). After some
tracing, we determined that for some reason, the .fasl file was one
second younger than the time that ASDF thought the
load-op had been
performed on it. In other words, the compiler had written the file
had had a chance to read it. ASDF was reading a file from the future.
This was the time when we started scratching our heads.
First, we wrote a little test program to verify we weren’t crazy:
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50
When we ran it, after a while, at timestamps very close to the boundary to the next second, we’d get “mtime after close has a future timestamp”. What. The.
We checked that all machines were synchronized with NTP. They were, to the same machine on the local network. What is going on?
Luckily, my colleague Ahmon has a lot of experience with NFS. His expertise and ample use of tcpdump finally provided the final puzzle piece: NFS protocol 3 on Linux has a feature called “weak cache consistency”: information can be supplied by servers after most NFS calls (e.g., WRITE) and has the server’s take on file attributes (such as mtime). So if the time on the server is just a tiny bit ahead of the client, the server will report the file that the client just wrote is from the client’s future.
When one apparently time-traveling file appears in the source tree,
traverse method will consider the system to not have been
loaded, and will reload the .fasl files starting at the time-traveling
file. Anything after that file in the build order could (and did!)
potentially mess up the lisp image. In the best case, it would just
slow down the build a lot by re-loading a ton of .fasl files. Argh.
Fixing this Mess (aka, the Workaround)
Since ASDF consults a registry of times that a file was loaded, we decided it would be easiest to alter the method that records this timestamp: Instead of the current time, it should record whichever is later: the current time or the timestamp of the file that it loaded.
1 2 3 4
And that’s it - with this method in place, asdf can now accurately build our system repeatedly, on NFS, even if wtf.c triggers.
That was a pretty fun afternoon spent debugging our build process. As a result, we got a working build, and a few shiny new ideas in our heads:
One, a program should never rely on the system time and some file’s creation time being comparable. This just doesn’t work anymore in a distributed system, especially if you’re using full seconds to represent time.
Two, ASDF is pretty flexible (almost to the point of being too flexible). To diagnose ASDF’s internal state, all we had to do was trace some functions it defines, and we managed to put this workaround in without having to deeply modify any of its sources: All it takes is an additional :after method. Sweet.
And three, the Allegro CL fasl loader is very fast (at least it feels so to me, coming from SBCL): In that tiny window (less than 0.07 seconds of real time) it would load a pretty substantial .fasl file and asdf would register it as loaded. That’s pretty impressive! (-: