-
-
Notifications
You must be signed in to change notification settings - Fork 1.5k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Assertion quasi-derivations #11955
Comments
@emilazy tells me about https://ninja-build.org/manual.html#validations, great prior art! |
This would be an complement or alternative to #7662, which proposes to track validation using the string context, i.e. something handled above the store+build layer. It would only be a complete alternative if it provides speculative building for increased concurrency, as mentioned in the issue, but also echoed in the ninja docs:
A small amount of extra concurrency could be extracted by allowing to evaluate these validation nodes after evaluating the main derivation and after its dependents. An combination of validation nodes and dynamic derivations may be of interest as well, as previously raised by amjoseph-nixpkgs: (This would be independent of aforementioned evaluation optimization, unless we perform Nixpkgs evaluation as part of a set of (generated) dynamic derivations, which would require making Nixpkgs available to the builder (ie the store)) |
How exactly do these quasi-derivations fit into a build graph, and does that allow for speculative execution of dependent builds, i.e. assuming that the validation succeeds? |
@roberth I initially wasn't thinking of fancier checks, and not speculative execution either. But it would also work for that. (Indeed, doing a speculative build of an unverified impure floating CA derivation is a bit scary, but we can simply say there is no speculation if the input is impure.) I would still have the validation nodes between the dependency and dependent, because otherwise we are scooping validations globally (which I don't think makes sense store-wide). But yes the scheduler can simply "rewrite" the graph so that the validations don't block anything, but it doesn't declare things finished until they pass. |
While that is true in a mechanical sense, Nix does impose extra restrictions on builders that don't have such a strong validation, notably isolating the builder from the network. Also the uniqueness of store paths that can pass a hash check lets us optimize away the FOD derivation, and perform a lookup instead. |
In order to be able to test fetchers (FOD-producing functions), I have previously added a function to Nixpkgs to work around this missing feature. It calls the fetcher for the first time to get a hash that is unique for the fetcher implementation (i.e. taken from This requires the current Nix implementation to perform the fetch uniquely for each "version" of the implementation, but this is not guaranteed. A more clever store could detect that the required hash is already available somewhere based on the content address instead of the whole path that includes a name and this would be a natural way to implement this necessary optimization if the store implementation is layered atop a purely content addressed data store (e.g. how tvix does it). |
A fixed-output derivation is nothing but a regular "floating" content-addressing derivation, along with an assertion that the output is in fact a certain content-address.
Other "output checks" can likewise be turned into assertions that the input satisfies the checks.
It would be conceptually cleaner to instead of making these checks part of a derivation (and thus have more knobs on what is a derivation) instead decompose them to special assertion nodes / in the derivation dependency graph --- or equivalently, special quasi derivations.
I had long thought this would be conceptually more elegant, but hadn't yet found a real tangible concrete use-case they would make things better from the user's perspective. But in #11954 I believe I finally found one. The short version of that is that for CA derivations, it is impossible simultaneously satisfy all of these:
Assertion quasi-derivations however provide a way out of that:
This nicely gets us all 4 desiderata, plus the separation of concerns (building vs linting), with minimal extra complexity.
The text was updated successfully, but these errors were encountered: