| ▲ | Helmut10001 21 hours ago |
| I don't understand why ECC memory is not the norm these days. It is only slightly more expensive, but solves all these problems. Some consumer mainboards even support it already. |
|
| ▲ | Agingcoder 19 hours ago | parent | next [-] |
| No it doesn’t :-) I’ve had plenty of servers with faulty ecc dimms that didn’t trigger , and would only show faults when actual memory testing. I had a hard time convincing some of our admins the first time ( ‘no ecc faults you can’t be right ‘ ) but I won the bet. Edit: very old paper by google on these topics. My issues were 6-7 years ago probably. https://www.cs.toronto.edu/~bianca/papers/sigmetrics09.pdf |
| |
| ▲ | thebruce87m 18 hours ago | parent | next [-] | | That shouldn’t make sense. It’s not like the ECC info is stored in additional bits separate from the data, it’s built in with the data so you can’t “ignore” it. Hmm, off to read the paper. | | |
| ▲ | smalley 5 hours ago | parent | next [-] | | The ECC information is stored in separate DRAM devices on the DIMM. This is responsible for some of the increased cost of DIMMs with ECC at a given size. When marketed the extra memory for ECC are typically not included in the size for DIMMs so a 32GB DIMM with and without ECC will have differing numbers of total DRAM devices. There's a pretty good set of diagrams and descriptions of the faults in this paper https://dl.acm.org/doi/10.1145/3725843.3756089. Also to the parent: there's an updated public paper on DDR4 era fault observations https://ieeexplore.ieee.org/document/10071066 | | |
| ▲ | thebruce87m 3 hours ago | parent [-] | | I think you responded to the wrong person, unless you think I was implying that the extra bits needed for ECC didn’t need extra space at all? I wasn’t suggesting that - just that they aren’t like a checksum that is stored elsewhere or something that can be ignored - the whole 72 bits are needed to decode the 64 bits of data and the 64 bits of data cannot be read independently. | | |
| ▲ | smalley an hour ago | parent [-] | | If we're talking about standard server RDIMMs with ECC (or the prosumer stuff) the CPU visible ECC (excluding DDR5's on-die ECC) is typically implemented as a sideband value you could ignore if you disabled the correction logic. I suppose what winds up where is up to the memory controller but (for DDR5) in each BL16 transaction beat you're usually getting 32 bits of data value and 8 bits of ECC (per sub channel). Those ECC bits are usually called check bits CB[7:0] and they accompany the data bits DQ[31:0] . If you're talking about transactions for LPDDR things are a bit different there, though as that has to be transmitted inband with your data |
|
| |
| ▲ | Agingcoder 14 hours ago | parent | prev [-] | | I fully agree with you ! Neither soft nor hard memory errors, nothing… but but flips ,and reproducible at that. We scanned all our machines following this ( a few thousand servers ) and found out that ram issues were actually quite common, as said in the paper. |
| |
| ▲ | close04 15 hours ago | parent | prev | next [-] | | If we’re being pragmatic, it solves enough problems that you could still call it an undisputed win for stability. | |
| ▲ | RealityVoid 12 hours ago | parent | prev | next [-] | | I'm sorry, but I, just like your admins, don't believe this. It's theoretically possible to have "undetectable" errors, but it's very unlikely and you'd see a much higher than this incidence of detected unrecoverable errors and you'd see a much higher incidence than this of repaired errors. I just don't buy the argument of "invisible errors". EDIT: took a look on the paper you linked and it basically says the same thing I did. The probability of these cases becomes increasingly and increasingly small and while ECC would indeed, not reduce it to _zero_ it would greatly greatly reduce it. | | |
| ▲ | Agingcoder 11 hours ago | parent [-] | | Well my admins eventually believed me , so I’m fairly comfortable with what I said. We also had a few thousands of physical servers with about of terabyte of ram each. You are right : we did see repaired errors, but we also saw (indirectly, and after testing ) unrepaired ones | | |
| ▲ | RealityVoid 9 hours ago | parent [-] | | Ok, I am sure there is _some_ amount of unrepairable errors. But the initial discussion was that ECC ram makes it go away and your point that it doesn't. And the vast vast majority of the errors, according to my understanding and to the paper you pointed to, are repairable. About 1 out of 400 ish errors are non-repairable. That's a huge improvement! If you had ECC ram, the failures Firefox sees here would drop from 10% to 0.025%! That is highly significant! Even more! 2 bit errors now you would be informed of! You would _know_ what is wrong. You could have 3(!) bit errors and this you might not see, but they'd be several orders of magnitude even rarer. So yes, it would not 100% go away, but 99.9 % go away. That's... Making it go away in my book. And last but not least, this paper mentions uncorrectable errors. It says nothing of undetectable ecc errors! You said _undetectable_ errors. I'm sure they happen, but would be surprised if you have any meaningful incidence of this, even at terabytes of data. It's probay on the order of 0.000625 of errors you can get ( but if you want I can do more solid math) | | |
| ▲ | Agingcoder 9 hours ago | parent [-] | | We’re in agreement. I think we diverge on ‘making it go away in my book’. When you’re the one having to debug all these bizarre things ( there were real money numbers involved so these things mattered ), over millions of jobs every day , rare events with low probability don’t disappear - they just happen and take time to diagnose and fix. So in my book ecc improves the situation, but I still had to deal with bad dimms, and ecc wasn’t enough. We used not to see these issues because we already had too many software bugs, but as we got increasingly reliable, hardware issues slowly became a problem, just like compiler bugs or other elements of the chain usually considered reliable. I fully agree that there are lots of other cases where this doesn’t matter and ecc is good enough. Thanks for taking the time to reply ! | | |
| ▲ | RealityVoid 7 hours ago | parent [-] | | Oh, I get this point. If you have a sufficiently large amount of data an you monitor the errors and your software gets better and better even low probability cases will happen and will stand out. But this is sort of the march of nines. My knee jerk reaction to blaming ECC is "naaah". Mostly because it's such a convenient scapegoat. It happens, I'm sure, but it would not be the first explanation I reach for. I once heard someone blame "cosmic rays" on a bug that happened multiple times. You can imagine how irked I was on the dang cosmic rays hitting the same data with such consistency! Anyways, I'm sorry if my tone sounded abrasive, I, too, have appreciated the discussion. | | |
| ▲ | Agingcoder 4 hours ago | parent [-] | | :-) never forget Occam’s razor ! No you were not abrasive at all - I’ve learned to assume good faith in forum conversations. In retrospect I should have started by giving the context ( march of 9s is a good description) actually, which would have made everything a lot clearer for everyone. |
|
|
|
|
| |
| ▲ | kasabali 18 hours ago | parent | prev [-] | | were they 3-bit flips? | | |
| ▲ | thfuran 13 hours ago | parent [-] | | It seems extremely unlikely that you’d end up with a lot of those but no smaller detectable errors. |
|
|
|
| ▲ | hurfdurf 17 hours ago | parent | prev | next [-] |
| Why? Intel making and keeping it workstation/Xeon-exclusive for a premium for too long. And AMD is still playing along not forcing the issue with their weird "yeah, Zen supports it, but your mainboard may or may not, no idea, don't care, do your own research" stance. These days it's a chicken and egg problem re: price and availability and demand. See also https://news.ycombinator.com/item?id=29838403 |
| |
| ▲ | m000 17 hours ago | parent | next [-] | | Maybe it's high time for some regulation? E.g. EU enforced mandatory USB-C charging from 2025, and pushes for ending production of combustion engine cars by 2035. Why not just make ECC RAM mandatory in new computers starting e.g. from 2030? AMD is already one step away from being compliant. So, it's not an outlandish requirement. And regulating will also force Intel to cut their BS, or risk losing the market. | | |
| ▲ | funcDropShadow 14 hours ago | parent | next [-] | | OMG no. Politician have no business making technological decisions. They make it harder to innovate, i.e. to invent the next generation of ECC with a different name. | | |
| ▲ | m000 13 hours ago | parent | next [-] | | I would argue that in the present conditions, regulation can actually foster and guide real innovation. With no regulations in place, companies would rather innovate in profit extraction rather improving technology. And if they have enough market capture, they may actually prefer to not innovate, if that would hurt profits. | |
| ▲ | cestith 11 hours ago | parent | prev | next [-] | | ECC is like Ethernet. The name doesn’t have to change for the technology to update. | |
| ▲ | saagarjha 13 hours ago | parent | prev [-] | | Politicians don’t have to be dumb. |
| |
| ▲ | free652 14 hours ago | parent | prev [-] | | Cost. You are about to making computers 10-20% more expensive. Computers also aren't used much these days, and phones and tables don't have ECC | | |
| ▲ | m000 13 hours ago | parent [-] | | ECC has only 10-15% more transistor count. So you're only making one component of the computer 15% more expensive. This should have been a non-brainer, at least before the recent DRAM price hikes. Also, while computers may not be used much for cosmic rays to be a risk factor, but they're still susceptible to rowhammer-style attacks, which ECC memory makes much harder. Finally, if you account for the current performance loss due to rowhammer counter-measures, the extra cost of ECC memory is partially offset. |
|
| |
| ▲ | Helmut10001 17 hours ago | parent | prev [-] | | Thanks for the details. I agree and had the same experience, trying to figure out if an AMB motherboard supports ECC or not. It is almost impossible to know ahead of trying it. At least we have ZFS now for parity checks on cold storage. |
|
|
| ▲ | Dylan16807 19 hours ago | parent | prev | next [-] |
| Well for DDR5 that's 25% more chips which isn't great even if you don't get ripped off by market segmentation. It's possible DDR6 will help. If it gets the ability to do ECC over an entire memory access like LPDDR, that could be implemented with as little as 3% extra chip space. |
| |
|
| ▲ | epx 14 hours ago | parent | prev | next [-] |
| And checksummed filesystems. |
|
| ▲ | PunchyHamster 17 hours ago | parent | prev | next [-] |
| In case of Intel it's mostly coz they want to sell it as enterprise/workstation feature and make people pay extra. AMD has been better on it but BIOS/mobo vendors not so much |
|
| ▲ | sznio 16 hours ago | parent | prev | next [-] |
| What I'm wondering, even without ECC, afaik standard ram still has a parity bit, so a single flip should be detected. With ECC it would be fixed, without ECC it would crash the system. For it to get through and cause an app to malfunction you need two bit flips at least. |
| |
| ▲ | ciupicri 15 hours ago | parent | next [-] | | I think standard RAM used to have long long time ago, but not anymore. DDR5 finally readd it sort of. | | |
| ▲ | roryirvine 11 hours ago | parent [-] | | Yes, 30 pin SIMMs (the most common memory format from the mid-80s to the mid-90s) came in either '8 chip' or '9 chip' variants - the 9th chip being for the parity bit. Most motherboards supported both, and the choice of which to use came down to the cost differential at the time of building a particular machine. The wild swings in DRAM prices meant that this could go from being negligible to significant within the course of a year or two! When 72 pin SIMMs were introduced, they could in theory also come in a parity version but in reality that was fairly rare (full ECC was much better, and only a little more expensive). I don't think I ever saw an EDO 72 pin SIMM with parity, and it simply wasn't an option for DIMMs and later. |
| |
| ▲ | meindnoch 15 hours ago | parent | prev [-] | | Wrong. Regular RAM has no parity bit. |
|
|
| ▲ | colechristensen 21 hours ago | parent | prev | next [-] |
| Bit flips do not only happen inside RAM Also, in a game, there is a tremendously large chance that any particular bit flip will have exactly 0 effect on anything. Sure you can detect them, but one pixel being wrong for 1/60th of a second isn't exactly ... concerning. The chance for a bit flip to affect a critical path that is noticeable by the player is very low, and quite a bit lower if you design your game to react gracefully. There's a whole practice of writing code for radiation hardened environments that largely consists of strategies for recovering from an impossible to reach state. |
| |
| ▲ | PunchyHamster 17 hours ago | parent | next [-] | | > The chance for a bit flip to affect a critical path that is noticeable by the player is very low, and quite a bit lower if you design your game to react gracefully. Nobody does > There's a whole practice of writing code for radiation hardened environments that largely consists of strategies for recovering from an impossible to reach state. And again, nobody except stuff that goes to space and few critical machines does. The closest normal user will get to code written like that are probably car ECUs, there are even automotive targeted MCUs that not only run ecc but also 2 cores in parallel and crash if they disagree | | |
| ▲ | colechristensen 8 hours ago | parent [-] | | Sure they do, you just have to think about it a different way. It boils down to exception handling, you don't expect all of your bugs or security vulnerabilities to be known and write your code to be able to react to unplanned states without crashing. Bugs or security vulnerabilities can look a lot like a cosmic ray... a buffer overflow putting garbage in unexpected memory locations vs a cosmic ray putting garbage in unexpected memory locations... a lot of the mitigations are quite the same. |
| |
| ▲ | colinb 19 hours ago | parent | prev | next [-] | | > code for radiation hardened environments I’m aware of code that detects bit flips via unreasonable value detection (“this counter cannot be this high so quickly”). What else is there? | | |
| ▲ | gmueckl 19 hours ago | parent | next [-] | | For safety critical systems, one strategy is to store at least two copies of important data and compare them regularly. If they don't match, you either try to recover somehow or go into a safe state, depending on the context. | | |
| ▲ | d1sxeyes 19 hours ago | parent | next [-] | | At least three copies, so you can recover based on consensus. | | |
| ▲ | Dylan16807 19 hours ago | parent | next [-] | | If your pieces of important data are very tiny, that's probably your best option. If they're hundreds of bytes or more, then two copies plus two hashes will do a better job. | | |
| ▲ | d1sxeyes 14 hours ago | parent | next [-] | | Ah, true! You just restore the one that matches its hash. Elegant. | |
| ▲ | rixed 10 hours ago | parent | prev [-] | | A single hash should be enough. | | |
| ▲ | Dylan16807 7 hours ago | parent [-] | | Yes, but what's easier depends on layout. "Consensus" makes me think of multiple entire nodes, and in that situation you can have a nice symmetry by making each node store one copy and one small hash. If you're doing something that's more centralized then one hash might be simpler, but if you're centralized then you should probably use your own error correction codes instead of having multiple copies. |
|
| |
| ▲ | qznc 10 hours ago | parent | prev | next [-] | | In many cases the system is perfectly safe when it shuts off. Two is enough for that. | |
| ▲ | pizza 15 hours ago | parent | prev [-] | | “never go to sea with two chronometers, take one or three” | | |
| ▲ | DennisP 10 hours ago | parent [-] | | Seems like chronometers would be a case where two are better than one, because the mistakes are analog. If they don't exactly agree, just take the average. You'll have more error than if you were lucky enough to take the better chronometer, but less than if you had taken only the worse one. Minimizing the worst case is probably the best way to stay off the rocks. |
|
| |
| ▲ | Helmut10001 17 hours ago | parent | prev [-] | | I use ZFS even on consumer devices, these days. Parity checks all the way! |
| |
| ▲ | vntok 19 hours ago | parent | prev | next [-] | | You can have voting systems in place, where at least 2 out of 3 different code paths have to produce the same output for it to be accepted. This can be done with multiple systems (by multiple teams/vendors) or more simply with multiple tries of the same path, provided you fully reload the input in between. | |
| ▲ | qznc 19 hours ago | parent | prev [-] | | The simplest one is a watchdog: If something stops with regular notifications, then restart stuff. | | |
| ▲ | gmueckl 19 hours ago | parent [-] | | A watchdog guards against unresponsive software. It doesn't protect against bad data directly. Not all bad data makes a system freeze. |
|
| |
| ▲ | 21 hours ago | parent | prev | next [-] | | [deleted] | |
| ▲ | Helmut10001 21 hours ago | parent | prev [-] | | Interesting, I was not aware! Do you have a statistics for the bit flips in RAM %? My feeling would be its the majority of bit flips that happen, but I can be wrong. | | |
| ▲ | Tomte 19 hours ago | parent | next [-] | | IEC 61508 estimates a soft error rate of about 700 to 1200 FIT (Failure in Time, i.e. 1E-9 failures/hour). That was in the 2000s though, and for embedded memory above 65nm. I would expect smaller sizes to be more error-prone. | |
| ▲ | colechristensen 21 hours ago | parent | prev [-] | | It would be quite hard to gather that data and would be highly dependent on hardware and source of bit flip. But there's volatile and nonvolatile memory all over in a computer and anywhere data is in flight be it inside the CPU or in any wires, traces, or other chips along the data path can be subject to interference, cosmic rays, heat or voltage related errors, etc. | | |
| ▲ | ZiiS 20 hours ago | parent [-] | | It should be fairly easy to see statistically if ECC helps, people do run Firefox on it. The number of bits in registers, busses, cache layers is very small compared to the number in RAM. Obviously they might be hotter or more likely to flip. | | |
| ▲ | bpye 19 hours ago | parent [-] | | I believe caches and maybe registers often have ECC too though I'm sure there are still gaps. |
|
|
|
|
|
| ▲ | bell-cot 16 hours ago | parent | prev [-] |
| Talk to someone in consumer sales about customer priorities. A bit-cheaper computer? Or one which which is, in theory, more resilient against some rare random sort of problem which customers do not see as affecting them. |
