i only do unsafe vs safe ffi, most things i do i make sure that a c call running to completion (and associated system calls) dont prevent other work from happening. Interrupts can require resource cleanup. what sort of examples do you have in mind?

you *could* do interruptable in lieu of safe as long as you have some way to cleanup memory allocations i guess?

https://downloads.haskell.org/~ghc/latest/docs/html/users_guide/ffi-chap.html#interruptible-foreign-calls

to quote the documentation

interruptible behaves exactly as safe, except that when a throwTo is directed at a thread in an interruptible foreign call, an OS-specific mechanism will be used to attempt to cause the foreign call to return:

Unix systems: The thread making the foreign call is sent a SIGPIPE signal using pthread_kill(). This is usually enough to cause a blocking system call to return with EINTR (GHC by default installs an empty signal handler for SIGPIPE, to override the default behaviour which is to terminate the process immediately).
Windows systems: [Vista and later only] The RTS calls the Win32 function CancelSynchronousIo, which will cause a blocking I/O operation to return with the error ERROR_OPERATION_ABORTED.

i dont know if the cffi overheads differ when doing an interruptable call, and you really do have to think carefully about state cleanup... I like avoiding needing to do state cleanup personally.

if you mean to ask about SAFE vs UNSAFE, its mostly about often the code i'm binding has VERY predictable complexity / runtime behavior as a function of input size, and i choose an input size threshold thats more than ~ 1 microsecond and less than 10 microseconds. smaller stuff gets unsafe and larger gets safe.

Last time i measure stuff years ago, safe ffi calls had ~ 200 nanosecond overhead on the applicable laptop, so as long as youre not doing scribbles to unpinned memory, you should always always use the SAFE ffi for operations that will likely take >= 1-10 microseconds ALWAYS. (theres lots of math C code on hackage which does unsafe FFI and yet the input sizes of interest will likely take several second to compute, a nasty combo in a server/networked env).

tl;dr any network api / file system api, pretty safe to do safe api calls always, afaik few to none of those are sub microsecond, heck just a memory read from ram is 5-10 microseconds right?

On Tue, Dec 4, 2018 at 1:08 PM Andrew Martin <andrew.thaddeus@gmail.com> wrote:

What's your heuristic for deciding between safe and interruptible? I find that every time something takes long enough to warrant using the safe FFI, I also want to be able to kill it from a separate thread.

On Tue, Dec 4, 2018 at 9:58 AM Carter Schonwald <carter.schonwald@gmail.com> wrote:
yup! (this is also kinda related to how the IO manager only runs on -threaded built applications)

I actually do the following pattern in some libraries i've written: bind both unsafe and safe versions of a functions, and when work input is below some size that i think will be less than ~ 1-10 microseconds, i do an unsafe call, otherwise i do a safe call! (unsafe calls block the GC, which is bad in say a server app, as you can well guess)

the most recent and tiny example of this is a tiny sha3 implementation (still need to tweak it, i think i left another 4-6x performance on the table https://hackage.haskell.org/package/SecureHash-SHA3)

On Tue, Dec 4, 2018 at 8:26 AM Andrew Martin <andrew.thaddeus@gmail.com> wrote:
Sorry. I just found the answer to this in the manual:

"When you call a foreign imported function that is annotated as safe (the default), and the program was linked using -threaded, then the call will run concurrently with other running Haskell threads. If the program was linked without -threaded, then the other Haskell threads will be blocked until the call returns."

"This means that if you need to make a foreign call to a function that takes a long time or blocks indefinitely, then you should mark it safe and use -threaded. Some library functions make such calls internally; their documentation should indicate when this is the case."

On Tue, Dec 4, 2018 at 8:23 AM Andrew Martin <andrew.thaddeus@gmail.com> wrote:
According to the FFI chapter [1] in the GHC manual, the safe FFI is useful when you need to call a C function that can call back into haskell code. I had always assumed that the scheduler could somehow interrupt safe FFI calls, but the manual does not indicate this, and in some recent testing I did in the posix library [2], I found that scheduling interrupts definitely do not happen. With the non-threaded runtime, the following test always hangs:

testSocketsD :: IO ()
testSocketsD = do
(a,b) <- demand =<< S.socketPair P.unix P.datagram P.defaultProtocol
_ <- forkIO $ do
bytesSent <- demand =<< S.sendByteArray b sample 0 5 mempty
when (bytesSent /= 5) (fail "testSocketsD: bytesSent was wrong")
actual <- demand =<< S.receiveByteArray a 5 mempty
actual @=? sample

sample :: ByteArray
sample = E.fromList [1,2,3,4,5]

demand :: Either Errno a -> IO a
demand = either (\e -> ioError (errnoToIOError "test" e Nothing Nothing)) pure

In the above example, sendByteArray and receiveByteArray are safe FFI wrappers around send and recv. It is necessary to use threadWaitRead and threadWaitWrite before these calls to predictably get the correct behavior.

This brings to my question. In issue #34 on the github library for the unix package [3], there is a discussion about whether to use the safe or unsafe FFI for various POSIX system calls. On the issue there is strong consensus that the safe FFI calls lead to better performance.

Simon Marlow writes [4] that "Unsafe foreign imports which can block for unpredictable amounts of time cause performance problems that only emerge when scaling to multiple cores, because they delay the GC sync. This is a really annoying problem if it happens to you, because it's almost impossible to diagnose, and if it happens due to an unsafe call in a library then it's also really hard to fix."

And Gregory Collins adds that "If the call would ever block (and that includes most filesystem functions) that means you want 'safe'."

There's something I'm definitely missing. My experience is that safe FFI calls do not help with blocking IO (again, I've been using the non-threaded runtime, but I doubt this makes a difference), that they only help with C functions that call back into haskell. However, a lot of other people seem to have a difference experience.

[1] https://downloads.haskell.org/~ghc/latest/docs/html/users_guide/ffi-chap.html#foreign-function-interface-ffi
[2] https://github.com/andrewthad/posix
[3] https://github.com/haskell/unix/issues/34
[4] https://github.com/haskell/unix/issues/34#issuecomment-68683424

--
-Andrew Thaddeus Martin

--
-Andrew Thaddeus Martin
_______________________________________________
Libraries mailing list
Libraries@haskell.org
http://mail.haskell.org/cgi-bin/mailman/listinfo/libraries

--
-Andrew Thaddeus Martin