feat(storage): sync shared buffer based on threshold

[StrikeW]

What's changed and what's your intention?

Add a threshold size to hummock shared buffer and sync batches to S3 if there is no enough space for incoming batches

• add shared_buffer_cur_size and shared_buffer_threshold_size to SharedBufferManager
• write_batch() will first allocate space for the incoming batch
• if there is no enough space, we will trigger a sync(None) to flush the shared buffer
• use tokio watch channel to prevent sending multiple messages for flush

Checklist

• I have written necessary docs and comments
• I have added necessary unit tests and integration tests

Refer to a related PR or issue link (optional)

close #990

[StrikeW]

I will append the e2e benchmark results later.

[hzxa21]

We already printed all configs in L74 so I think there is no need to print shared_buffer_threshold_mb here.

[hzxa21]

These two fields are used solely by SharedBufferFlusher and not exposed. Should we track shared_buffer_cur_size in SharedBufferManager instead?

[BugenZhao]

+1.

[StrikeW]

Will fix

[hzxa21]

Passively waiting for shared buffer (can wait for up to the SharedBufferFlusher check interval 10ms) to free up in a while loop is less optimal than proactively triggering a sync immediately. Also I think we should have two thresholds for shared buffer size:

• size_low_watermark: start syncing to S3 when shared_buffer_cur_size > size_low_watermark
• size_high_watermark halt ingest_batch when shared_buffer_cur_size > size_high_watermark. Moreover, ingest_batch should trigger a sync when there is no ongoing sync happening at the moment.

[StrikeW]

Very helpful! You are right. With low and high watermark can achieve a more smooth strategy.

[StrikeW]

It's weird. The Grafana diagram reflects that executors can still ingest batch even reach shared buffer threshold.

If use an older version as baseline (ae9222d, the version I first implement the code), the sync throughput is higher than the ingest. But the compute node still get killed due to OOM in both cases (minIO as storage).

[BugenZhao]

This doesn't seem to have a guarantee about scheduling. In the worst cases, this will become a busy spin-loop. Suggest using watch notifier here.

[BugenZhao]

Just to mention, the shared_buffer_ prefix here seems to be redundant. 🤣

[BugenZhao]

No need to assert this since sub-overflow will cause panic in L122.

[BugenZhao]

+1.

[BugenZhao]

Consider updating the doc for ingest_batch as well.

[BugenZhao]

It's weird. The Grafana diagram reflects that executors can still ingest batch even reach shared buffer threshold.

If use an older version as baseline (ae9222d, the version I first implement the code), the sync throughput is higher than the ingest. But the compute node still get killed due to OOM in both cases (minIO as storage).

Once the threshold is not reached, all waiting writers seem to have chances for writing their chunks. So this may also lead to OOM.

A simple design might be to use a semaphore with initial permits reflecting the size threshold. When a writer needs to ingest a batch, it can try acquiring some permits according to the size of the batch. 🤣

[StrikeW]

After I fixed the problem (a concurrency bug), the diagram shows that the trend of the two curves appear to be the same. And the compute node doesn't consume much memory. I will refine the PR later.

[CLAassistant]

All committers have signed the CLA.

[codecov]

Codecov Report

Merging #1671 (ff21261) into main (5575b70) will increase coverage by 0.10%.
The diff coverage is 86.56%.

@@            Coverage Diff             @@
##             main    #1671      +/-   ##
==========================================
+ Coverage   71.33%   71.43%   +0.10%     
==========================================
  Files         605      606       +1     
  Lines       79168    79481     +313     
==========================================
+ Hits        56474    56778     +304     
- Misses      22694    22703       +9     

Flag	Coverage Δ
rust	71.43% <86.56%> (+0.10%)	⬆️

Flags with carried forward coverage won't be shown. Click here to find out more.

Impacted Files	Coverage Δ
src/bench/ss_bench/main.rs	0.80% <0.00%> (-0.01%)	⬇️
src/compute/src/server.rs	0.00% <0.00%> (ø)
src/storage/src/hummock/local_version_manager.rs	83.00% <0.00%> (-0.62%)	⬇️
src/storage/src/monitor/monitored_store.rs	2.81% <0.00%> (+0.13%)	⬆️
src/storage/src/store.rs	100.00% <ø> (ø)
...src/hummock/shared_buffer/shared_buffer_manager.rs	93.53% <79.23%> (-3.61%)	⬇️
...rc/hummock/shared_buffer/shared_buffer_uploader.rs	87.06% <91.66%> (+7.97%)	⬆️
src/common/src/config.rs	78.44% <100.00%> (+0.76%)	⬆️
src/storage/src/hummock/mod.rs	75.00% <100.00%> (+0.70%)	⬆️
...e/src/hummock/shared_buffer/shared_buffer_batch.rs	95.94% <100.00%> (+0.18%)	⬆️
... and 17 more

📣 Codecov can now indicate which changes are the most critical in Pull Requests. Learn more

[StrikeW]

Benchmark results of two compute nodes on a single EC2 instance.
Workload: select * from lineitem;
Setup: shared_buffer_threshold_size 128MB

[hzxa21]

LGTM. Great work! Thanks for the PR.

[skyzh]

Can we have more complicated test setups, like TPC-H with joins? I'd like to see if barrier can successfully pass through the system compared with the status before this PR.

[BugenZhao]

Why not let sync_size = rx.await.unwrap()?; here?

[BugenZhao]

No need for this assertion.

[BugenZhao]

What if there're two coroutines running here at the same time? Seems this will panic on assertion. The subscribe and init should be executed atomically.

[StrikeW]

That's a problem.

[BugenZhao]

Directly return here.

[BugenZhao]

What if the inner implementation of HummockValue changes in the future? IIRC, there is a function of encoded_len.

[StrikeW]

encoded_len seems to be the length in the SST file. But we need the size of kv pair in memory. May be there is a sizeof(HummockValue) in Rust?

[MrCroxx]

Consider that there are 3 writers entering L181. Writer 1 exceeded the threshold and triggered flush, writer 2 advanced the current size by some number, then writer 3 exceeded the threshold and triggered flush again. But none of the 3 writers stepped to L183 at the time. It seems that in this case the shared buffer will be flushed twice (the second time flushed an empty buffer), and the shared buffer will still OOM.

[StrikeW]

For the multiple flush concern, in the flush() method, only the first writer will send the flush request, and other writers will see there is an ongoing flush and subscribe to the flush notification.
And for the scenario in your case, I assume all three writers are on the same compute node. Then writer 2 cannot advance the size until writer 1 finished the flush.

[MrCroxx]

But after writer 1 finish flushing and before writing shared buffer, there is still a chance that writer 2 and 3 can call flush again.

[StrikeW]

Can we have more complicated test setups, like TPC-H with joins? I'd like to see if barrier can successfully pass through the system compared with the status before this PR.

Sure, but the tpch-bench cannot run against risingwave now. The java frontend complains "could not find source catalog for x". It seems that the support of kafka source is broken now (maybe under refactoring).

[skyzh]

Rust frontend should have supported it. May join #proj-connector for more information.