ARROW-767: [C++] Filesystem abstraction

[pitrou]

Add a FileSystem interface plus a MockFileSystem implementation (only keeping data in memory).

[pitrou]

Submitted for discussion. There are some open questions here:

1. should paths use std::string or a dedicated abstraction?
2. should filesystems be anchored on a specific folder or just at the root of the corresponding resource?

My answers:

1. std::string is more readily usable and a path abstraction is overkill for the kind of simple use cases for the filesystem API
2. filesystems should just start at the root directory of the resource

[pitrou]

@wesm @martindurant @fsaintjacques

[emkornfield]

another small nit: If we go with strings as an abstraction would it make more sense to use string_view as the api?

[pitrou]

Not in my opinion, string_view is useful for performance-critical APIs, which is not the case here. Implicit conversion between string_view and std::string does not seem to work on all compilers, which would make the API more cumbersome.

[wesm]

I think std::string is OK

[emkornfield]

what are you throughts on the implementation for this, when the underlying store doesn't support folders explicitly (e.g. S3)?

[pitrou]

I think we should perhaps emulate them using / as a standard delimiter (perhaps configurable when instantiating the S3 filesystem object).

[wesm]

Looks like TensorFlow handles this by creating an ersatz file

https://github.com/tensorflow/tensorflow/blob/master/tensorflow/core/platform/s3/s3_file_system.cc#L521

[martindurant]

This conversation has been had many times over!

Specifically for S3, there are two ideas of what a folder might mean, in the absence of a real posix-like hierarchy: the simplest, that create-folder is a no-op, and you only ever infer folders if they contain things; and that a empty key which ends with '/' is to be considered an empty folder (but it could later morph to a file if data is written). The latter is the convention used by the S3 console.

[pitrou]

Well, I've never used S3, so I can't make a choice myself. The question would be: how do people usually use buckets?

[martindurant]

Listing files with the S3 API allows for a delimiter/prefix mechanism, you say how you want to define the directory name separators (always "/") and what prefix you want to list, and you get back a list of keys with that prefix and no more delimiters and a list of "common prefixes" of keys with that prefix and more delimiters. That acts a lot like a posix list directory.

[pitrou]

Ok, so basically using / as a delimiter to simulate directories in S3 is an appropriate approach?

[martindurant]

using / as a delimiter to simulate directories in S3

Definitely, but it needs to be done with care, mindful that it isn't truly like that (and this is the case for other key-value stores too)

[pitrou]

Right, but that's more of a quality of implementation issue.

[martindurant]

Good testing, of course; but an outstanding issue on s3fs has been whether mkdir(path) followed by exists(path) should necessarily always return True. It is debatable!

[emkornfield]

Is there a concrete use-case for batch delete? I would imagine most file systems don't support transactional type deletes, so it might pay to expose this at a higher level instead of the core filesystem

[pitrou]

I suspect something like deleting a Parquet dataset with a large number of files/partitions?
The intention is not to allow transactional deletes but rather to avoid a roundtrip per each individual delete (which may hurt a lot if accessing a remote filesystem with 100+ms latencies).

[martindurant]

Yes, certainly, some file-systems will provide shortcuts for bulk operations or various types, and they will be very important in many use cases. In general, it would be exceptionally useful if file-systems provide glob and directory-tree-based operations.

[pitrou]

Do we need globbing at the filesystem level or can we give the client a complete list of directory contents and do the filtering on the client side?

[wesm]

Might want to make the default implementation of this call DeleteFile on each path. Are there any filesystems that do support multiple-deletes in a single function call / RPC?

[martindurant]

If the server can do glob, rather than having to issue many list-dir commands and filter ourselves, this would apply to that too. I'm not sure that any of the services you are thinking about here do - the only one I can think of is SSH.

[pitrou]

Note that recursively listing, in the current proposal, is possible with GetTargetStats(const Selector& select, ...).

[fsaintjacques]

I do not think that Arrow should be concerned with deleting upstream files. At least in this iteration.

[pitrou]

Pragmatically, deleting files can be useful for testing :-)

[wesm]

@fsaintjacques we need to be able to delete files to roll back incomplete writes

[wesm]

Looks like TensorFlow handles this by creating an ersatz file

https://github.com/tensorflow/tensorflow/blob/master/tensorflow/core/platform/s3/s3_file_system.cc#L521

[wesm]

Might want to make the default implementation of this call DeleteFile on each path. Are there any filesystems that do support multiple-deletes in a single function call / RPC?

[wesm]

Could call this RenameFile (as TF does) instead of Move. I note that Move operations on directories may not be natively supported and may have to be emulated for e.g. S3

[pitrou]

I don't know. Move implies that the destination could be clobbered. Rename also implies you're staying in the same directory.

[wesm]

I think std::string is OK

[pitrou]

Design question: should we aim for this to be wrappable in a Python fsspec-compliant object? @wesm

[martindurant]

should we aim for this to be wrappable in a Python fsspec-compliant object

I expect you want to surpass and replace that, which would be fine with me (except I have have probably too many biases/ideas on how it should function...)

Note that all fsspec implementations are all currently co-derived from pyarrow file-system, so they do work with the current pyarrow stack just fine. I notice that you are going exclusively with tensorF naming convention here, which is not the case for the old pyarrow file-system class, so there is room for confusion.

[pitrou]

I'm actually not really looking at the TensorFlow naming, just using whatever feels reasonable to me :-)

(the fsspec API models a bit too much on Unix naming IMHO)

[martindurant]

the fsspec API models a bit too much on Unix naming

From Wes's comment at some point, many of the methods are also aliased:
https://github.com/martindurant/filesystem_spec/blob/master/fsspec/spec.py#L7 , e.g., mv and rename are the identical.

[wesm]

@pitrou I think we should take a minimalist approach for the time being to address the use cases we have in front of us (reading and writing datasets in a variety of formats)

[aregm]

@pitrou I am not quite sure I understand the problem statement - what is the problem that you want to solve, that STL is not solving? (https://en.cppreference.com/w/cpp/filesystem)

[pitrou]

@aregm Two things:

1. The filesystem API is an abstract API that should allow to access arbitrary filesystems (e.g. S3, Hadoop...), while the C++ std::filesystem is a concrete library to access only the local filesystem.
2. std::filesystem is C++17, but Arrow remains C++11-compliant.

[wesm]

@aregm this is discussed in the Filesystems section in https://docs.google.com/document/d/1bVhzifD38qDypnSjtf8exvpP3sSB5x_Kw9m-n66FB2c/edit?usp=sharing which has been discussed on the mailing list

[aregm]

@aregm this is discussed in the Filesystems section in https://docs.google.com/document/d/1bVhzifD38qDypnSjtf8exvpP3sSB5x_Kw9m-n66FB2c/edit?usp=sharing which has been discussed on the mailing list

Then why not to expand the standard filsystem library instead of creating another abstraction layer? TensorFlow was designed before C++17, and with a different goal in mind.

[aregm]

@aregm Two things:

1. The filesystem API is an abstract API that should allow accessing arbitrary filesystems (e.g. S3, Hadoop...), while the C++ std::filesystem is a concrete library to access only the local filesystem.

It is not only concrete library, but it is also a standard API, and we are talking about the API, not implementation. The implementation in Linux is a concrete library. Basing on the standard one allows to easily derive from it and reuse whatever is needed on AWS C++ SDK, HDFS API for remote, and fallback to the STL when local. This will preserve clean and familiar API and keep LSP working, which makes things simpler, and we will not add another API.

2. std::filesystem is C++17, but Arrow remains C++11-compliant.

You can't avoid going 17. It's there, and there is no decent compiler, that does not support it. So this is not a case.

[aregm]

@pitrou

@aregm Two things:

1. The filesystem API is an abstract API that should allow accessing arbitrary filesystems (e.g. S3, Hadoop...), while the C++ std::filesystem is a concrete library to access only the local filesystem.

It is not only concrete library, but it is also a standard API, and we are talking about the API, not implementation. The implementation in Linux is a concrete library. Basing on the standard one allows to easily derive from it and reuse whatever is needed on AWS C++ SDK, HDFS API for remote, and fallback to the STL when local. This will preserve clean and familiar API and keep LSP working, which makes things simpler, and we will not add another API.

1. std::filesystem is C++17, but Arrow remains C++11-compliant.

You can't avoid going 17. It's there, and there is no decent compiler, that does not support it. So this is not a case.

[wesm]

@aregm there's a number of details in our platform design that you may be glossing over a bit. We've defined all of our own abstractions for memory management (e.g. arrow::Buffer), memory allocation, different kinds of files (see https://github.com/apache/arrow/blob/master/cpp/src/arrow/io/interfaces.h -- these are similar to TensorFlow's notion of file interfaces), etc.

At this point redesigning around std::filesystem and other STL interfaces, even if C++17 were on the table (I don't think it is), might not meet our requirements. The approach here is consistent with the general development strategy of the project so far

[martindurant]

it is also a standard API

indeed, but there are many of these to draw on. From my (biased) point of view, the Filesystem libraryAPI is incomplete (my reference, as always) and contains a lot that is unnecessary (blocks and links and such)

[aregm]

@wesm

@aregm there's a number of details in our platform design that you may be glossing over a bit. We've defined all of our own abstractions for memory management (e.g. arrow::Buffer), memory allocation, different kinds of files (see https://github.com/apache/arrow/blob/master/cpp/src/arrow/io/interfaces.h -- these are similar to TensorFlow's notion of file interfaces), etc.

At this point redesigning around std::filesystem and other STL interfaces, even if C++17 were on the table (I don't think it is), might not meet our requirements. The approach here is consistent with the general development strategy of the project so far

Wes, can you, please, point to the design and strategy docs, because there are lots of silent assumptions that you have in mind with other guys, that I am not aware of, as they implicitly assumed. One of which is the requirements for filesystem - I completely understand why memory management should be custom, Arrow is a framework for building various in-memory data analytical and database systems, which implies optimized and efficient memory management. A thing you cannot get from stdlibc++. What are the requirements or the design philosophy for the FS - I do not know, so assume that do not add more entities without need is the right strategy. So any design doc is appreciated. I'll just stack them and add links to the maillist and Confluence so everyone will be aware.

[fsaintjacques]

What's the behavior on partial failures? Return nothing with status? How does the consumer know which file failed?

[pitrou]

Depends on what failures you have in mind. A non-existent file returns successfully with the NonExistent file type. An IO error (e.g. network error to the S3 server) will probably translate into an error Status.

[fsaintjacques]

My comment is more regarding partial failures, say you want stats for [a, b, c, d] and returns [stat_a, stat_b, FAIL, stat_d]. What should be the returned array, and how do you know which of the input failed.

Usually, the return type would be Array<Result<FileStat, FileError>>, but your current signature is Result<Array<FileStat>, FileError>.

[pitrou]

Well, can you give an example of a partial failure that's not an exceptional condition?

[pitrou]

Note that, for the purposes of this API, most errors can be modelled as NonExistent.
For example, in the POSIX stat() docs, the errors EACCESS, ELOOP, ENAMETOOLONG, ENOENT, ENOTDIR can be mapped to NonExistent.
We're left with the errors EIO and EOVERFLOW (plus ENOMEM on Linux), which should be truly exceptional, and EBADF and EINVAL, which point to bugs in the code.

[fsaintjacques]

I do not think that Arrow should be concerned with deleting upstream files. At least in this iteration.

[wesm]

@aregm I don't have detailed design documents about our IO platform -- there are 3+ years worth of JIRA issues and pull requests (and associated discussions), you'll have to review the changelog / history of the project to get a more nuanced idea about how we've arrived at this point.

Broadly speaking, this is our approach in this project:

• Reference's counted memory management with encapsulated zero copy semantics, i.e. arrow::Buffer and its implementations

• File interfaces (stream and random access) that are aware of our approach to memory management and zero copy. Arrow's "serialization" interfaces are able then to interact with files with details about zero copy (or not) not leaking into their implementation

• File system encapsulation: place local filesystem, HDFS, S3, Google Cloud, Azure, and other remote file systems behind a common API. This API must use our file interfaces (which are aware of our memory model) and interoperate with other abstractions we have developed.

The STL is much more general purpose and not aware of the abstractions we've developed and specialized requirements around zero-copy semantics that we have. I do not think it is viable for our purposes.

If you disagree with the project's overall approach to memory management, IO, and interacting with remote data please start a mailing list discussion about it.

[pitrou]

I've added a RandomAccessFile-returning API. I think demanding a memory-mapped file is premature optimization.

[pitrou]

@wesm

Are there any filesystems that do support multiple-deletes in a single function call / RPC?

At least S3 does: https://docs.aws.amazon.com/AmazonS3/latest/API/multiobjectdeleteapi.html

[pitrou]

Side note: I would be inclined to create a InputFile interface that only has ReadAt, GetSize and Close (but neither Read, Seek nor Tell). RandomAccessFile would inherit from both InputStream and InputFile for compatibility.

Context: https://issues.apache.org/jira/browse/ARROW-2835

[wesm]

@pitrou let us leave the memory-mapped file question for a future PR where we can discuss it in more detail

[pitrou]

Other question still: is it a good idea to have compression as part of this API? Do we benefit by allowing filesystem-specific implementations of compression, or does it just create more work for filesystem implementors?

[pitrou]

I've started a mock filesystem implementation (in-memory) to help validate the API.

[wesm]

Overall this looks reasonable as a first pass on the API. I left a few minor comments, but I think this can be merged relatively soon and we can move on to creating some implementations

[wesm]

Should this short-circuit on the first failure? If multiple paths fail then some of the error state will get clobbered

[pitrou]

The aim here is that the user does not have to retry deleting selectively the other files.

[wesm]

are there any filesystems that provide nanosecond-level information (curious)?

[pitrou]

Apparently ext4 does.

[wesm]

set_type?

[pitrou]

Then it should be SetType? TBH, I think the Google style guide is not very helpful for such accessor methods.

[wesm]

set_$PROP is the naming style used by Protocol Buffers at least. I agree the guidance is hazy

[wesm]

set_path? And same per other attrs below

[wesm]

Are you thinking about some kind of wildcard API at some point?

[pitrou]

Yes, that's the idea, though it depends whether it's useful to have filesystem-specific implementations.

[wesm]

I guess it's OK to be both for now. In HDFS I wrote Rename for both directories and files

https://github.com/apache/arrow/blob/master/cpp/src/arrow/io/hdfs.h#L139

Some filesystems may have to stat the path to determine what it is, where some don't have to, so I think having a single API makes sense

[pitrou]

Fair enough.
Note that "stat first then choose the API" is vulnerable to race conditions. But for our purposes I'm not sure we care about such issues.

[wesm]

Yeah, I think we can leave it to the particular filesystem implementation to decide what is most appropriate to do

[wesm]

Good point, I'm not sure without thinking about it what a better way would be though (to have a with-flags and flagless version of these methods)

[wesm]

does inline have any effect here (curious)?

[pitrou]

I'm hoping that it incites the compiler to inline the implementation into its callers... @fsaintjacques am I right?

[bkietz]

Not sure if inline will have the desired effect, but if it is marked inline then this function should be private, not protected: if BufferReader is subclassed in another translation unit and the subclass calls CheckClosed then we'll get a linker error when the inline function isn't defined

[pitrou]

@wesm Do you think it's useful to keep the auto-(de)compression option and have each filesystem implementation handle it?
(of course we can provide some helpers)

[wesm]

I'm concerned the auto-decompression could be a bit too magical. It might be better to instantiate the stream decompressor explicitly

[pitrou]

Ok. So the OpenFlags will become empty...

[wesm]

Hm. Perhaps it's better to omit the Open* methods with flags for now, then

[pitrou]

Ok, I addressed the review comments and a few XXXs and TODOs as well.

[pitrou]

Will merge once CI passes.