LSM: Revert groove to use update + insert and vendor hasUniqueRepresentation

[cb22]

Motivation

Whenever we update an object, we always have the old object around. Previously, we used to do a lookup to find the old one in any case, to give a simpler upsert function signature to the state machine - but this was resulting in duplicated work.

Changes

Revert that, going back to having an explicit update and insert with the state machine choosing which is better for its needs. Additionally, switch to using stdx.equal_bytes in the Groove update hot path. This required vendoring a small fix for ziglang/zig#17592.

Benchmarks

These two things combined give a nice performance bump:

# on tmpfs
./scripts/benchmark.sh --print-batch-timings --transfer-count=10_000_000 --account-count=10 --id-order=sequential

Before:

1362 batches in 29.25 s
load offered = 1000000 tx/s
load accepted = 341867 tx/s

After:

1356 batches in 25.52 s
load offered = 1000000 tx/s
load accepted = 391846 tx/s

[cb22]

If a struct is packed, we don't need to recursively check it like the unpacked case below, since Zig ensures packed structs can only contain other packed structsa.

[matklad]

Let's add a couple of tests here though, just to sanity-check things.

[matklad]

Also, for a good measure, let's assert that the bitsize of all fields adds up to the sizeof the whole struct (that is, that we don't have padding bits).

I am thinking about cases like

const S = packed struct {
    x: u24,
    y: u3,
};

I think the language may work both as "the spare bits after y are zeroed" and "the spare bits after y are arbitrary". I think they are actually zeroed, but let's assert that we just don't have such weird structs altogether.

[batiati]

Can we add hasUniqueRepresentation to tidy.banned(...)?

[matklad]

Let's add a couple of tests here though, just to sanity-check things.

[matklad]

Also, for a good measure, let's assert that the bitsize of all fields adds up to the sizeof the whole struct (that is, that we don't have padding bits).

I am thinking about cases like

const S = packed struct {
    x: u24,
    y: u3,
};

I think the language may work both as "the spare bits after y are zeroed" and "the spare bits after y are arbitrary". I think they are actually zeroed, but let's assert that we just don't have such weird structs altogether.

[matklad]

This makes my my Rust eye twitch a bit. Isn't this shared mutable aliasing? I think the old object might be the object from the cache (maybe(old == old_from_cache) in the if above). If that's the case, I think we might be clobbering old here, in which case the inline for below would get wrong results when accessing old fields?

[cb22]

We have an explicit guard against this above; since I've been bitten by this before here 😄:

assert(new != old);

I think that's enough to prevent it from happening?

[matklad]

No, I think that's different. The new is an object on state_machine stack:

tigerbeetle/src/state_machine.zig

Line 870 in c367d1d

var dr_account_new = dr_account.*;

the old is an object from the cache:

tigerbeetle/src/state_machine.zig

Line 813 in c367d1d

const dr_account = self.forest.grooves.accounts.get(t.debit_account_id) orelse return .debit_account_not_found;

So new and old are different.

However, when we do groove.objects_cache.upsert(new); this might invalidate old still, if it was in the cache. That is, after this line I would expect new.* and old.* to be equal, because the old memory was overwritten when we upserted new.

Not 100% sure that this could happen, but I think it does?

[cb22]

Ahhh yes, that is the case. Good catch!

In the past, I took an explicit stack copy of old within the function which prevented that. We could move the object cache upsert to the end - there's no reason it needs to be done before the index trees - with an explicit comment explaining the above. That way we can get correct behaviour without a stack copy, but it still feels a bit fragile...

[matklad]

I think that's ok, as long as we document that with a maybe.

I wonder if we even can require that this is the object from the cache? It must be, if we are updating, right?

[matklad]

I am also reeeeeally wondering why CI is green here 🤔 in release, I can see compiler hoisting the loads to before the cache update, which would give the correct behavior.

But in debug, I expect the overwrite to be reflected robustly. Could you also take a look what's up with tests passing here? Either my theory about the overwrite is wrong (good case), or we somehow don't test this case at all (which would be pretty scary).

[cb22]

Could you also take a look what's up with tests passing here? Either my theory about the overwrite is wrong (good case), or we somehow don't test this case at all (which would be pretty scary).

As far as I can tell, we don't have any tests (unit or fuzz) that actually check the result of the secondary index trees, and in this case, if old.* == new.* it'll just skip updating the secondary index so there's nothing that's hit on the way down 😬...

Also just noticed the forest fuzz (which I forgot to run / update in this PR) has also been broken for a few weeks. I need to look at proper infra for fuzzing ASAP, but maybe as a workaround for now we can just run each fuzz for a fixed time on CI?

We previously did run some more fuzzes in CI, but with a fixed seed for a single iteration.

[cb22]

I wonder if we even can require that this is the object from the cache? It must be, if we are updating, right?

It could in theory be a stack copy, but we don't have an explicit use case for that yet so I've made the check assert(old_from_cache == old);.

[sentientwaffle]

Also just noticed the forest fuzz (which I forgot to run / update in this PR) has also been broken for a few weeks.

I think that is fixed as part of #1234, which merged this morning.

[sentientwaffle]

Can you assert that stdx.bytes_equal(Object, old, old_from_cache);?

[cb22]

I'm now aserting they're actually one and the same: #1239 (comment)

[matklad]

For an extra tripple check, can we assert here that now old & new contents is the same?

[cb22]

Ok - so that won't actually hold; if the old value comes from the stash of the cache_map, and we insert a new value, it'll go into the cache - so now old.* != new.*.

The assertion at the start, assert(old_from_cache == old); will still hold because if it comes from the stash from the caller, it should still come from the stash inside.

[matklad]

@sizeOf(T) would be simpler I think?

[cb22]

... yes, I haven't had my Monster yet. 🤣

[jorangreef]

I think it's time to go pull an espresso too... ☕

[matklad]

👍 I actually do line one-line without braces form quite a bit more, when it works

[jorangreef]

Yes, we don't need to use kernel style indented returns etc.