[
https://issues.apache.org/jira/browse/DRILL-5808?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16187259#comment-16187259
]
ASF GitHub Bot commented on DRILL-5808:
---------------------------------------
Github user paul-rogers commented on the issue:
https://github.com/apache/drill/pull/958
@Ben-Zvi, you are right that, in the worst case, this change will allow
operators to exceed the memory allotment. But, that is actually the purpose.
As we know, it is *very* difficult to get memory management just right at
present due to the wildly varying memory layouts for vectors, power-of-two
rounding of buffer sizes, unexpected doubling of vectors, and lack of control
over the size of incoming batches. We'd love to fix these, but doing so will
take time.
In the meanwhile, we have the choice of failing queries because the calcs
are off by a bit, or being more flexible and letting queries succeed at the
risk of running out of memory. The change here does log each "excess"
allocation so we can find them and fix any remaining issues. Also, in a test
environment, strict limits are enforced to find bugs.
All of this is set against the backdrop of the exchange operators, hash
join, and other operators that have an unlimited appetite for memory. Until we
reign in those operators, seems silly to kill user queries because those
operators that *do* manage memory make a small mistake here or there.
Once all operators are under control, and Drill's internal memory
allocation is under better control, we can back out this change and be much
more strict about enforcing memory limits.
Bottom line: should we fail user queries because of remaining rough spots
in the "managed" operators? Or, should we allow user queries to succeed at a
very small additional risk of running out of memory?
> Reduce memory allocator strictness for "managed" operators
> ----------------------------------------------------------
>
> Key: DRILL-5808
> URL: https://issues.apache.org/jira/browse/DRILL-5808
> Project: Apache Drill
> Issue Type: Improvement
> Affects Versions: 1.11.0
> Reporter: Paul Rogers
> Assignee: Paul Rogers
> Fix For: 1.12.0
>
> Original Estimate: 24h
> Remaining Estimate: 24h
>
> Drill 1.11 and 1.12 introduce new "managed" versions of the sort and hash agg
> that enforce memory limits, spilling to disk when necessary.
> Drill's internal memory system is very "lumpy" and unpredictable. The
> operators have no control over the incoming batch size; an overly large batch
> can cause the operator to exceed its memory limit before it has a chance to
> do any work.
> Vector allocations grow in power-of-two sizes. Adding a single record can
> double the memory allocated to a vector.
> Drill has no metadata, so operators cannot predict the size of VarChar
> columns nor the cardinality of arrays. The "Record Batch Sizer" tries to
> extract this information on each batch, but it works with averages, and
> specific column patterns can still throw off the memory calculations. (For
> example, having a series of very wide columns for A-M and very narrow columns
> for N-Z will cause a moderate average. But, once sorted, the A-M rows, and
> batches, will be much larger than expected, causing out-of-memory errors.)
> At present, if an operator is wrong in its memory usage by a single byte, the
> entire query is killed. That is, the user pays the death penalty (of queries)
> for poor design decisions within Drill. This leads to a less-than-optimal
> user experience.
> The proposal here is to make the memory allocator less strict for "managed"
> operators.
> First, we recognize that the managed operators do attempt to control memory
> and, if designed well, will, on average hit their targets.
> Second, we recognize that, due to the lumpiness issues above, any single
> operator may exceed, or be under, the configured maximum memory.
> Given this, the proposal here is:
> 1. An operator identifies itself as managed to the memory allocator.
> 2. In managed mode, the allocator has soft limits. It emits a warning to the
> log when the limit is exceeded.
> 3. For safety, in managed mode, the allocator enforces a hard limit larger
> than the configured limit.
> The enforcement limit might be:
> * For memory sizes < 100MB, up to 2x the configured limit.
> * For larger memory sizes, no more than 100MB over the configured limit.
> The exact numbers can be made configurable.
> Now, during testing, scripts should look for over-memory warnings. Each
> should be fixed as we fix OOM issues today. But, during production, user
> queries are far less likely to fail due to any remaining corner cases that
> throw off the memory calculations.
--
This message was sent by Atlassian JIRA
(v6.4.14#64029)
