feat: transaction files and commit conflict resolution

[wjones127]

This PR introduces a new file: Transaction files. These describe the incremental changes a commit is attempting to make or has made. They are described entirely by a protobuf message. These files are considered optional, and thus these changes are backwards compatible. No feature flags are needed.

The commit flow has been refactored based around the transaction files. Writers that find a conflicting writer has beaten them to a commit will now retry up to 5 times, using their transaction data to re-build the manifest. Importantly, before retrying writers will validate that their changes are compatible with the changes that have been committed concurrently.

[wjones127]

We might also refactor the low-level Commit API to use transactions at the interface. I'll leave that for a follow up PR.

[chebbyChefNEQ]

This looks amazing. Will do a second pass tmr.

[chebbyChefNEQ]

nit: I wonder if it'd be a good idea to keep track of a sliding window of transaction_file pointers here.

From the start of the commit attempt (V) to the retry (V +n), more than version could have past. This means we will have to read the manifest for each of V+1..V+n just for the transaction file path.

[wjones127]

Yeah I suppose we could do something like this. A time-based window would probably be most appropriate. One really only cares what happened in the last 5 minutes or so, I think.

But this would add quite a bit of complexity.

[chebbyChefNEQ]

I see. Let's skip it then. We can add it later if it's truly a problem

[chebbyChefNEQ]

nit: let's keep track of the index type here and column here. If a dataset has multiple index to rebuild, we might want to have parallel index builds

[wjones127]

Oh I should test that. There might be an issue with how we handle indices.

[wjones127]

Good call out here. I've added the full index metadata here and realized I forgot to write the CreateIndex path. So that's there now and there's a test for concurrent CreateIndex operations.

[chebbyChefNEQ]

ooc, is there any reason to prefer having a transaction file over just putting the transaction directly in the manifest?

[wjones127]

The main reason is that outside of the commit loop, which only happens in a narrow time range, this information is mostly redundant. In theory this can be quite large, so I didn’t want us to have to pay the IO cost every time the version was loaded.

[wjones127]

I suppose since many times it's small, a classic compromise would be to allow it to be inlined if it isn't too large. Does that sounds better?

[chebbyChefNEQ]

I think either way is fine tbh. Write txs should be able to endure one additional IO. We can keep it as is for simplicity.

[wjones127]

I'm going to forgo this for now, since I think we can add this in the future.

[westonpace]

Some questions / comments but from what I understand this looks like a very clever addition!

[westonpace]

Suggested change

	serialize ``Transaction`` protobuf message. See the ``transaction.proto`` file
	serialized ``Transaction`` protobuf message. See the ``transaction.proto`` file

[westonpace]

Suggested change

	This files describes the operation that was performed, which is used for two
	This files describes the operation that were performed, which is used for two

[westonpace]

What do you have in mind for this field? It doesn't seem to be used currently.

[wjones127]

This is to eventually support #588

But you're right it isn't used currently.

[westonpace]

What if two threads try to create a dataset with the same name at the same time? Actually, it looks like write_manifest_file will return a conflict?

[wjones127]

Yeah that's a good question. I think the commit mechanism should protect us, and the remainder of files shouldn't collide.

[westonpace]

Minor nit: This "fragments intersect" logic is reused a lot. Might be worth pulling into a helper function for readability.

[westonpace]

Not a real comment. Just bleh, rust protobuf seems to require quite a bit of boilerplate code.

[wjones127]

Ha. I think if we want to operate directly off of the generated message structs we could, it's just then we'd have to deal with all the optional fields throughout the code base. So I think we create these conversions to stricter structs just to keep the validation in one place. But it does involve some boilerplate.

[chebbyChefNEQ]

this is amazing! ❤️

[chebbyChefNEQ]

minor: multiple version could have passed here, we should pull till the latest one.

Let's just add a ticket for this? No need to fix it right now.

[wjones127]

#1139

[chebbyChefNEQ]

nit: maybe extract this to a function so we can reuse in below. (ticket okay)

[chebbyChefNEQ]

nit: let's add a todo to do in with two sorted lists instead of brute force?

[chebbyChefNEQ]

do we need to retain the frags that aren't rewritten?

[wjones127]

I'll be fixing this as part of the compaction implementation.

[chebbyChefNEQ]

Just one blocking question (w.r.t. rewrite conflict resolution)

General comment (non-blocking):

• We have many kinds of transactions and the combination of interaction is O(N^2). I wonder if it would be cleaner to keep a smaller set of "core txs". Say
  • Rewrite is actually Delete { old_frags } + Append { new_frags }
  • Overwrite is Delete { all_frags } + ChangeSchema { .. } + Append { .. }
  • I can also see the flip side that this could hide interactions. Happy to take this to a ticket.

[wjones127]

We have many kinds of transactions and the combination of interaction is O(N^2). I wonder if it would be cleaner to keep a smaller set of "core txs". Say
Rewrite is actually Delete { old_frags } + Append { new_frags }
Overwrite is Delete { all_frags } + ChangeSchema { .. } + Append { .. }
I can also see the flip side that this could hide interactions. Happy to take this to a ticket.

Originally I was thinking I could represent these with some generic struct like:

struct Transaction {
   updated_metadata: Option<Metadata>,
   new_fragments: Vec<Fragment>,
   updated_fragments: Vec<Fragment>,
   removed_fragment_ids: Vec<u32>,
}

But I realized there's operations like delete where we also want to check the predicate itself. And then there's probably additional cases I'm not yet thinking of. Delta Lake originally had things just expressed in terms of new files and removed files, but then the conflict resolution ended up relying more and more on the unstructured metadata left in the log about transactions. So I'm thinking it might be safer to write these transaction types in the message.

I think, though, we should be free to transform these internally into something that easier to resolve, if we end up finding patterns in the implementation.