Persona destruction semantics are incomplete

Dan Bonachea

assigned issue to

Amir Kamil

New persona destructor added by Amir in f89f055:

Destructs this persona object. Operations that are currently enqueued on this persona are discarded.

Are we sure we want to provide this drop-it-on-the-floor semantics? Is there a motivation to provide that guarantee?

In particular, if the persona has incoming lpc's enqueued that were sent via persona::lpc(), the initiator now has a future, associated promise, and possibly a chain of cascaded futures that can never be fulfilled and are essentially permanently leaked. Similar problems if the destroyed persona initiated some RMA that is still in-flight or awaiting a call to progress for notification - in that case the memory covered by the RMA is also effectively unusable for the remainder of the job. Finally, it raises the semantic question of whether those "discarded" operations constitute "in-flight" operations that technically violate quiescence and prevent well-defined calls to finalize() for the rest of the job.

I think we could avoid all this by specifying that destroying a persona that is not fully quiesced (ie no outgoing or incoming operations in flight) has undefined behavior.

Additionally, I think we may also want to state that destroying a persona while it is part of a live persona_scope implies UB.

2017-09-20T18:42:00+00:00

Comments (3)

Dan Bonachea
- changed component to Personas
- 2017-09-14T05:16:09+00:00
Dan Bonachea
- assigned issue to
  
  Amir Kamil
New persona destructor added by Amir in f89f055:

Destructs this persona object. Operations that are currently enqueued on this persona are discarded.

Are we sure we want to provide this drop-it-on-the-floor semantics? Is there a motivation to provide that guarantee?

In particular, if the persona has incoming lpc's enqueued that were sent via persona::lpc(), the initiator now has a future, associated promise, and possibly a chain of cascaded futures that can never be fulfilled and are essentially permanently leaked. Similar problems if the destroyed persona initiated some RMA that is still in-flight or awaiting a call to progress for notification - in that case the memory covered by the RMA is also effectively unusable for the remainder of the job. Finally, it raises the semantic question of whether those "discarded" operations constitute "in-flight" operations that technically violate quiescence and prevent well-defined calls to finalize() for the rest of the job.

I think we could avoid all this by specifying that destroying a persona that is not fully quiesced (ie no outgoing or incoming operations in flight) has undefined behavior.

Additionally, I think we may also want to state that destroying a persona while it is part of a live persona_scope implies UB.
- 2017-09-20T18:42:00+00:00
Amir Kamil reporter
- changed status to resolved
Resolved by 549ced8 and 56fd9f8.
- 2017-09-27T19:33:40+00:00
Log in to comment