Conversation
Codecov ReportAttention:
Additional details and impacted files@@ Coverage Diff @@
## main #2510 +/- ##
==========================================
+ Coverage 58.06% 58.94% +0.88%
==========================================
Files 293 324 +31
Lines 12956 15324 +2368
==========================================
+ Hits 7523 9033 +1510
- Misses 5433 6291 +858
☔ View full report in Codecov by Sentry. |
The proxy's release debug symbols are currently >6GB. It doesn't appear to even be possible to build the proxy with debuginfo=2, as we overflow u32::MAX and violate the restrictions of DWARF32. To fix this, we more aggressively use dynamic dispatch via the new `Stack::arc_new_box` helpers. This helps reduce our largest type signatures from >700KB to ~50KB. We'll want to follow up with changes that monitor the size of these signatures to prevent regressions. This allows us to minimize many type assertions, etc. There are no functional changes in this PR. Release builds will now produce full debug information with file:line annotations.
hawkw
approved these changes
Nov 10, 2023
Contributor
hawkw
left a comment
hawkw
left a comment
There was a problem hiding this comment.
this looks good to me!
i was a bit curious about the change from using one push_on_service calls with multiple layers to using a separate push_on_service for each layer --- does that impact symbol size, or was it just a refactor?
i suspect this won't have too big of a latency impact, since the boxing is mostly at the NewService level, and not at the level of individual request/response futures. i'm still curious about potential perf testing, though!
Comment on lines
+100
to
+111
| let http = svc::stack(move |_| admin.clone()) | ||
| .push( | ||
| metrics | ||
| .proxy | ||
| .http_endpoint | ||
| .to_layer::<classify::Response, _, Permitted>(), | ||
| ) | ||
| .push(classify::NewClassify::layer_default()) | ||
| .push_map_target(|(permit, http)| Permitted { permit, http }) | ||
| .push(inbound::policy::NewHttpPolicy::layer(metrics.http_authz.clone())) | ||
| .push(inbound::policy::NewHttpPolicy::layer( | ||
| metrics.http_authz.clone(), | ||
| )) |
Contributor
There was a problem hiding this comment.
this looks like just Rustfmt, right?
Comment on lines
-141
to
-145
| // This box is needed to reduce compile times on recent | ||
| // (2021-10-17) nightlies, though this may be fixed by | ||
| // https://github.com/rust-lang/rust/pull/89831. It should | ||
| // be removed when possible. | ||
| .push(svc::BoxService::layer()) |
Contributor
There was a problem hiding this comment.
i'm assuming this BoxService was obviated by the boxing added in this PR?
Member
Author
There was a problem hiding this comment.
We're just doing this everywhere now, so this place isn't all that special. The boxing is now included in the arc_ helper
Comment on lines
+63
to
+75
| // Downgrades the protocol if upgraded by an outbound proxy. | ||
| .push_on_service(http::orig_proto::Downgrade::layer()) | ||
| // Limit the number of in-flight inbound requests. | ||
| // | ||
| // TODO(ver) This concurrency limit applies only to | ||
| // requests that do not yet have responses, but ignores | ||
| // streaming bodies. We should change this to an | ||
| // HTTP-specific imlementation that tracks request and | ||
| // response bodies. | ||
| .push_on_service(svc::ConcurrencyLimitLayer::new(max_in_flight_requests)) | ||
| // Shed load by failing requests when the concurrency | ||
| // limit is reached. | ||
| .push_on_service(svc::LoadShed::layer()) |
Contributor
There was a problem hiding this comment.
out of curiosity: does separating these into multiple push_on_service calls also have an impact on symbol size? or, was it just a drive-by refactor?
Member
Author
There was a problem hiding this comment.
The additional layer types don't help anything when we're looking at the type signatures. This keeps them a little simpler. Also the added benefit of outdenting things...
olix0r
added a commit
to linkerd/linkerd2
that referenced
this pull request
Nov 17, 2023
* Include server address in server error logs (linkerd/linkerd2-proxy#2500) * dev: v42 (linkerd/linkerd2-proxy#2501) * Separate tls::ServerName and identity::Id types (linkerd/linkerd2-proxy#2506) * Use reference-counted strings in dns::Name (linkerd/linkerd2-proxy#2509) * build(deps): bump tj-actions/changed-files from 39.2.0 to 40.1.1 (linkerd/linkerd2-proxy#2508) * build(deps): bump actions/checkout from 4.1.0 to 4.1.1 (linkerd/linkerd2-proxy#2485) * ci: Fix check-each workflow (linkerd/linkerd2-proxy#2511) * ci: Turn off debuginfo in ci test builds (linkerd/linkerd2-proxy#2512) * ci: Fix fuzzer listing (linkerd/linkerd2-proxy#2513) * Use heap indirection to manage type signatures (linkerd/linkerd2-proxy#2510) * dev: optimize image build (linkerd/linkerd2-proxy#2452) * dev: Disable nightly install for now (linkerd/linkerd2-proxy#2515) * meshtls: Extract TLS id verification out of TLS backends (linkerd/linkerd2-proxy#2507) * Update DEFAULT_OUTBOUND_TCP_QUEUE_CAPACITY to 10K (linkerd/linkerd2-proxy#2521) * admin: Add optional /debug/pprof/profile endpoint (linkerd/linkerd2-proxy#2516) Signed-off-by: Oliver Gould <[email protected]>
olix0r
added a commit
to linkerd/linkerd2
that referenced
this pull request
Nov 17, 2023
* Include server address in server error logs (linkerd/linkerd2-proxy#2500) * dev: v42 (linkerd/linkerd2-proxy#2501) * Separate tls::ServerName and identity::Id types (linkerd/linkerd2-proxy#2506) * Use reference-counted strings in dns::Name (linkerd/linkerd2-proxy#2509) * build(deps): bump tj-actions/changed-files from 39.2.0 to 40.1.1 (linkerd/linkerd2-proxy#2508) * build(deps): bump actions/checkout from 4.1.0 to 4.1.1 (linkerd/linkerd2-proxy#2485) * ci: Fix check-each workflow (linkerd/linkerd2-proxy#2511) * ci: Turn off debuginfo in ci test builds (linkerd/linkerd2-proxy#2512) * ci: Fix fuzzer listing (linkerd/linkerd2-proxy#2513) * Use heap indirection to manage type signatures (linkerd/linkerd2-proxy#2510) * dev: optimize image build (linkerd/linkerd2-proxy#2452) * dev: Disable nightly install for now (linkerd/linkerd2-proxy#2515) * meshtls: Extract TLS id verification out of TLS backends (linkerd/linkerd2-proxy#2507) * Update DEFAULT_OUTBOUND_TCP_QUEUE_CAPACITY to 10K (linkerd/linkerd2-proxy#2521) * admin: Add optional /debug/pprof/profile endpoint (linkerd/linkerd2-proxy#2516) * proxy: Use debian12 distroless base image Signed-off-by: Oliver Gould <[email protected]>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
3 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
The proxy's release debug symbols are currently >6GB. It doesn't appear
to even be possible to build the proxy with debuginfo=2, as we overflow
u32::MAX and violate the restrictions of DWARF32.
To fix this, we more aggressively use dynamic dispatch via the new
Stack::arc_new_boxhelpers. This helps reduce our largest typesignatures from >700KB to ~50KB. We'll want to follow up with changes
that monitor the size of these signatures to prevent regressions.
This allows us to minimize many type assertions, etc.
There are no functional changes in this PR. Release builds will now
produce full debug information with file:line annotations.