Fix buffer capacity race condition in spatial

[pranavbhole]

Description

This PR has potential fix for the following exception, found that we are creating immutable node and passing the mutable data buffer to immutable node.

java.lang.IllegalArgumentException: newLimit > capacity: (20 > 18)
	at java.base/java.nio.Buffer.createLimitException(Buffer.java:372) ~[?:?]
	at java.base/java.nio.Buffer.limit(Buffer.java:346) ~[?:?]
	at java.base/java.nio.ByteBuffer.limit(ByteBuffer.java:1107) ~[?:?]
	at java.base/java.nio.MappedByteBuffer.limit(MappedByteBuffer.java:235) ~[?:?]
	at java.base/java.nio.MappedByteBuffer.limit(MappedByteBuffer.java:67) ~[?:?]
	at org.roaringbitmap.buffer.ImmutableRoaringArray.<init>(ImmutableRoaringArray.java:52) ~[RoaringBitmap-0.9.49.jar:?]
	at org.roaringbitmap.buffer.ImmutableRoaringBitmap.<init>(ImmutableRoaringBitmap.java:1057) ~[RoaringBitmap-0.9.49.jar:?]
	at org.apache.druid.collections.bitmap.WrappedImmutableRoaringBitmap.<init>(WrappedImmutableRoaringBitmap.java:38) ~[druid-processing-2024.07.0-iap.jar:2024.07.0-iap]
	at org.apache.druid.collections.bitmap.RoaringBitmapFactory.mapImmutableBitmap(RoaringBitmapFactory.java:126) ~[druid-processing-2024.07.0-iap.jar:2024.07.0-iap]
	at org.apache.druid.collections.spatial.ImmutableFloatNode.getImmutableBitmap(ImmutableFloatNode.java:155) ~[druid-processing-2024.07.0-iap.jar:2024.07.0-iap]
	at org.apache.druid.collections.spatial.search.GutmanSearchStrategy$2.apply(GutmanSearchStrategy.java:57) ~[druid-processing-2024.07.0-iap.jar:2024.07.0-iap]
	at org.apache.druid.collections.spatial.search.GutmanSearchStrategy$2.apply(GutmanSearchStrategy.java:53) ~[druid-processing-2024.07.0-iap.jar:2024.07.0-iap]
	at com.google.common.collect.Iterators$6.transform(Iterators.java:828) ~[guava-32.0.1-jre.jar:?]
	at com.google.common.collect.TransformedIterator.next(TransformedIterator.java:52) ~[guava-32.0.1-jre.jar:?]
	at org.apache.druid.collections.bitmap.RoaringBitmapFactory$1$1.next(RoaringBitmapFactory.java:84) ~[druid-processing-2024.07.0-iap.jar:2024.07.0-iap]
	at org.apache.druid.collections.bitmap.RoaringBitmapFactory$1$1.next(RoaringBitmapFactory.java:68) ~[druid-processing-2024.07.0-iap.jar:2024.07.0-iap]
	at org.roaringbitmap.buffer.BufferFastAggregation.naive_or(BufferFastAggregation.java:782) ~[RoaringBitmap-0.9.49.jar:?]
	at org.roaringbitmap.buffer.BufferFastAggregation.or(BufferFastAggregation.java:875) ~[RoaringBitmap-0.9.49.jar:?]
	at org.roaringbitmap.buffer.ImmutableRoaringBitmap.or(ImmutableRoaringBitmap.java:875) ~[RoaringBitmap-0.9.49.jar:?]
	at org.apache.druid.collections.bitmap.RoaringBitmapFactory.union(RoaringBitmapFactory.java:142) ~[druid-processing-2024.07.0-iap.jar:2024.07.0-iap]
	at org.apache.druid.query.DefaultBitmapResultFactory.unionDimensionValueBitmaps(DefaultBitmapResultFactory.java:73) ~[druid-processing-2024.07.0-iap.jar:2024.07.0-iap]
	at org.apache.druid.query.DefaultBitmapResultFactory.unionDimensionValueBitmaps(DefaultBitmapResultFactory.java:25) ~[druid-processing-2024.07.0-iap.jar:2024.07.0-iap]

This PR has:

• been self-reviewed.
  • using the concurrency checklist (Remove this item if the PR doesn't have any relation to concurrency.)
• added documentation for new or modified features or behaviors.
• a release note entry in the PR description.
• added Javadocs for most classes and all non-trivial methods. Linked related entities via Javadoc links.
• added or updated version, license, or notice information in licenses.yaml
• added comments explaining the "why" and the intent of the code wherever would not be obvious for an unfamiliar reader.
• added unit tests or modified existing tests to cover new code paths, ensuring the threshold for code coverage is met.
• added integration tests.
• been tested in a test Druid cluster.

[clintropolis]

it looks like most of the usages of ByteBuffer by ImmutableFloatNode use calls that specify the offset in the buffer except for getImmutableBitmap(), which sets the position and slices it (for some reason, it seems like this method in general could be cleaned up). I wonder if we just change that instead of calling duplicate inside the iterator, so that way it is a bit lazier?

  @Override
  public ImmutableBitmap getImmutableBitmap()
  {
    final int sizePosition = initialOffset + offsetFromInitial + HEADER_NUM_BYTES + 2 * numDims * Float.BYTES;
    int numBytes = data.getInt(sizePosition);
    final ByteBuffer readOnlyBuffer = data.asReadOnlyBuffer();
    readOnlyBuffer.position(sizePosition + Integer.BYTES);
    readOnlyBuffer.limit(readOnlyBuffer.position() + numBytes);
    return bitmapFactory.mapImmutableBitmap(readOnlyBuffer);
  }

This is consistent with how getCoords works, which also does something similar of making a readonly copy.

[abhishekagarwal87]

Though the current way, also avoids any potential misuse of the buffer in this class.

[clintropolis]

yea, but it would call duplicate for every entry instead of just the ones that satisfy the bounds check that we decided to use the bitmap

[pranavbhole]

@clintropolis Thank you Clint, I liked the suggestion as well as it can avoid creating duplicate references on each tree node and sometimes tree can be really big.

[pranavbhole]

@clintropolis @abhishekagarwal87 Can you please review the additional instrumentations?
Thank you

[clintropolis]

hmm, if buffer is mmap file then i think array() will not work, afaik it only works for buffers that wrap a byte[]. Also is this log message displaying the buffer contents that useful? Why does this need to be in a try/catch at all?

[pranavbhole]

As per discussion with Clint, instrumentation is not really helpful here. We can not print buffer as it can be really big (roughly speaking sometimes 100MB as well).
cc @clintropolis @abhishekagarwal87

Can you please +1 ?

[abhishekagarwal87]

I really wasn’t suggesting to print the whole buffer. We know that the code think it needs to read 20 bytes while only 18 were left. So we can print those 18 bytes and can inspect that.

One other thing we can also do is copy the offending sequence to a temporary location so it can be downloaded for offline inspection.