-
Notifications
You must be signed in to change notification settings - Fork 114
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
[Feature Request] allow opt-out of workflow isolation #1557
Comments
I'd like to echo this sentiment - while the fact that determinism can be "enforced" is very helpful early on, there are other mechanisms (such as replay testing) that more mature orgs can use that are less rigid at runtime. Integrating the workflow isolation with a projects build stack is also quite painful. |
I totally understand the feeling, and I would personally also like to explore making sandboxing optional. That is, however, a much larger effort than it may appear, which we can't prioritize just now. I would also point out that it is not clear to me at this point either getting rid of the Workflow sandbox would effectively result in less restrictions and lower technical complexity than what we have now. It may actually have the opposite effect. The thing is that even though we generally present the sandbox as a way of isolating imports and global variables for determinism reasons, the sandbox also plays a second, more subtle but actually more important role: each Node's VMs come with a distinct event loop. That means that when the worker makes a call into the VM context, it is guaranteed that by the time that call returns, all outstanding microtasks belonging to that context will have been settled. This is how we know that a Workflow Task has completed, and how we know that operations are always replayed in the correct order. Some languages make it possible to somehow customize scheduling of async completions; for example, in .Net, we created a custom task scheduler; for Python, that's a custom Node doesn't allow us to interfere with how its event loop works, like we do in .Net and Python. To some extent, it may be possible to rely on Given those uncertainties, I think it is better for now to focus on making the sandbox better and more transparent, rather than avoiding it completely. |
The bug #1432 just caused a lot of pain for us. It made our workers consume a lot of memory over time (and go OOM repeatedly) and made them go really slow over time, since every (implicit) call to
new Promise
was affected. It took me several weeks of investigating, giving up and then trying again on a different day to track down this root cause. This is because the issue only happened in production and most metrics that I could get from production did not clearly point to the issue. Even diffs on heap snapshots did not clearly point toAsyncLocalStorage
because it contained a huge amount of other heap differences andAsyncLocalStorage
did not catch my attention. I only got lucky that a CPU profile seemed odd and I noticed that the internals ofPromise
took much too long.Our code was using
new AsyncLocalStorage
as a constant at the toplevel of a module. Normally such a constant only gets initialised once. It is quite unintuitive that with workflow isolation one has to consider that this code gets executed multiple times and thus reason through performance implications. #1432 plans to hide these implications, but it also mentions thatmaxCachedWorkflow
might still be a performance issue.This is not the first issue that we have due to the workflow isolation feature and I'm sorry, but I doubt that it will be the last. In theory workflow isolation seems like a good idea, but in practice it adds complexity that causes very uncommon issues. I want to point out that for example the Go SDK does not try to apply workflow isolation. Instead it expects the developer to write proper workflow code that respects deterministic execution requirements. I would rather teach my team to handle a transparent nondeterminism-error due to bad workflow code than to have issues like the one above. Therefore I would like to request the option to opt-out of workflow isolation (and instead opt-in to simplicity). I still appreciate the effort you've put into workflow isolation and its performance optimisations like reusable VMs.
The text was updated successfully, but these errors were encountered: