#!/usr/bin/env python3
# Copyright (c) Facebook, Inc. and its affiliates. All Rights Reserved.
from __future__ import absolute_import , division , print_function , unicode_literals
import argparse
import os
import random
import shutil
import subprocess
import sys
import tempfile
import time
# params overwrite priority:
# for default:
# default_params < {blackbox,whitebox}_default_params < args
# for simple:
# default_params < {blackbox,whitebox}_default_params <
# simple_default_params <
# {blackbox,whitebox}_simple_default_params < args
# for cf_consistency:
# default_params < {blackbox,whitebox}_default_params <
# cf_consistency_params < args
# for txn:
# default_params < {blackbox,whitebox}_default_params < txn_params < args
# for ts:
# default_params < {blackbox,whitebox}_default_params < ts_params < args
# for multiops_txn:
# default_params < {blackbox,whitebox}_default_params < multiops_txn_params < args
default_params = {
" acquire_snapshot_one_in " : 10000 ,
" backup_max_size " : 100 * 1024 * 1024 ,
# Consider larger number when backups considered more stable
" backup_one_in " : 100000 ,
Integrity protection for live updates to WriteBatch (#7748)
Summary:
This PR adds the foundation classes for key-value integrity protection and the first use case: protecting live updates from the source buffers added to `WriteBatch` through the destination buffer in `MemTable`. The width of the protection info is not yet configurable -- only eight bytes per key is supported. This PR allows users to enable protection by constructing `WriteBatch` with `protection_bytes_per_key == 8`. It does not yet expose a way for users to get integrity protection via other write APIs (e.g., `Put()`, `Merge()`, `Delete()`, etc.).
The foundation classes (`ProtectionInfo.*`) embed the coverage info in their type, and provide `Protect.*()` and `Strip.*()` functions to navigate between types with different coverage. For making bytes per key configurable (for powers of two up to eight) in the future, these classes are templated on the unsigned integer type used to store the protection info. That integer contains the XOR'd result of hashes with independent seeds for all covered fields. For integer fields, the hash is computed on the raw unadjusted bytes, so the result is endian-dependent. The most significant bytes are truncated when the hash value (8 bytes) is wider than the protection integer.
When `WriteBatch` is constructed with `protection_bytes_per_key == 8`, we hold a `ProtectionInfoKVOTC` (i.e., one that covers key, value, optype aka `ValueType`, timestamp, and CF ID) for each entry added to the batch. The protection info is generated from the original buffers passed by the user, as well as the original metadata generated internally. When writing to memtable, each entry is transformed to a `ProtectionInfoKVOTS` (i.e., dropping coverage of CF ID and adding coverage of sequence number), since at that point we know the sequence number, and have already selected a memtable corresponding to a particular CF. This protection info is verified once the entry is encoded in the `MemTable` buffer.
Pull Request resolved: https://github.com/facebook/rocksdb/pull/7748
Test Plan:
- an integration test to verify a wide variety of single-byte changes to the encoded `MemTable` buffer are caught
- add to stress/crash test to verify it works in variety of configs/operations without intentional corruption
- [deferred] unit tests for `ProtectionInfo.*` classes for edge cases like KV swap, `SliceParts` and `Slice` APIs are interchangeable, etc.
Reviewed By: pdillinger
Differential Revision: D25754492
Pulled By: ajkr
fbshipit-source-id: e481bac6c03c2ab268be41359730f1ceb9964866
4 years ago
" batch_protection_bytes_per_key " : lambda : random . choice ( [ 0 , 8 ] ) ,
" memtable_protection_bytes_per_key " : lambda : random . choice ( [ 0 , 1 , 2 , 4 , 8 ] ) ,
" block_size " : 16384 ,
" bloom_bits " : lambda : random . choice (
[ random . randint ( 0 , 19 ) , random . lognormvariate ( 2.3 , 1.3 ) ]
) ,
" cache_index_and_filter_blocks " : lambda : random . randint ( 0 , 1 ) ,
" cache_size " : 8388608 ,
" charge_compression_dictionary_building_buffer " : lambda : random . choice ( [ 0 , 1 ] ) ,
" charge_filter_construction " : lambda : random . choice ( [ 0 , 1 ] ) ,
" charge_table_reader " : lambda : random . choice ( [ 0 , 1 ] ) ,
Account memory of FileMetaData in global memory limit (#9924)
Summary:
**Context/Summary:**
As revealed by heap profiling, allocation of `FileMetaData` for [newly created file added to a Version](https://github.com/facebook/rocksdb/pull/9924/files#diff-a6aa385940793f95a2c5b39cc670bd440c4547fa54fd44622f756382d5e47e43R774) can consume significant heap memory. This PR is to account that toward our global memory limit based on block cache capacity.
Pull Request resolved: https://github.com/facebook/rocksdb/pull/9924
Test Plan:
- Previous `make check` verified there are only 2 places where the memory of the allocated `FileMetaData` can be released
- New unit test `TEST_P(ChargeFileMetadataTestWithParam, Basic)`
- db bench (CPU cost of `charge_file_metadata` in write and compact)
- **write micros/op: -0.24%** : `TEST_TMPDIR=/dev/shm/testdb ./db_bench -benchmarks=fillseq -db=$TEST_TMPDIR -charge_file_metadata=1 (remove this option for pre-PR) -disable_auto_compactions=1 -write_buffer_size=100000 -num=4000000 | egrep 'fillseq'`
- **compact micros/op -0.87%** : `TEST_TMPDIR=/dev/shm/testdb ./db_bench -benchmarks=fillseq -db=$TEST_TMPDIR -charge_file_metadata=1 -disable_auto_compactions=1 -write_buffer_size=100000 -num=4000000 -numdistinct=1000 && ./db_bench -benchmarks=compact -db=$TEST_TMPDIR -use_existing_db=1 -charge_file_metadata=1 -disable_auto_compactions=1 | egrep 'compact'`
table 1 - write
#-run | (pre-PR) avg micros/op | std micros/op | (post-PR) micros/op | std micros/op | change (%)
-- | -- | -- | -- | -- | --
10 | 3.9711 | 0.264408 | 3.9914 | 0.254563 | 0.5111933721
20 | 3.83905 | 0.0664488 | 3.8251 | 0.0695456 | -0.3633711465
40 | 3.86625 | 0.136669 | 3.8867 | 0.143765 | 0.5289363078
80 | 3.87828 | 0.119007 | 3.86791 | 0.115674 | **-0.2673865734**
160 | 3.87677 | 0.162231 | 3.86739 | 0.16663 | **-0.2419539978**
table 2 - compact
#-run | (pre-PR) avg micros/op | std micros/op | (post-PR) micros/op | std micros/op | change (%)
-- | -- | -- | -- | -- | --
10 | 2,399,650.00 | 96,375.80 | 2,359,537.00 | 53,243.60 | -1.67
20 | 2,410,480.00 | 89,988.00 | 2,433,580.00 | 91,121.20 | 0.96
40 | 2.41E+06 | 121811 | 2.39E+06 | 131525 | **-0.96**
80 | 2.40E+06 | 134503 | 2.39E+06 | 108799 | **-0.78**
- stress test: `python3 tools/db_crashtest.py blackbox --charge_file_metadata=1 --cache_size=1` killed as normal
Reviewed By: ajkr
Differential Revision: D36055583
Pulled By: hx235
fbshipit-source-id: b60eab94707103cb1322cf815f05810ef0232625
2 years ago
" charge_file_metadata " : lambda : random . choice ( [ 0 , 1 ] ) ,
" checkpoint_one_in " : 1000000 ,
" compression_type " : lambda : random . choice (
[ " none " , " snappy " , " zlib " , " lz4 " , " lz4hc " , " xpress " , " zstd " ]
) ,
" bottommost_compression_type " : lambda : " disable "
if random . randint ( 0 , 1 ) == 0
else random . choice ( [ " none " , " snappy " , " zlib " , " lz4 " , " lz4hc " , " xpress " , " zstd " ] ) ,
" checksum_type " : lambda : random . choice (
[ " kCRC32c " , " kxxHash " , " kxxHash64 " , " kXXH3 " ]
) ,
" compression_max_dict_bytes " : lambda : 16384 * random . randint ( 0 , 1 ) ,
" compression_zstd_max_train_bytes " : lambda : 65536 * random . randint ( 0 , 1 ) ,
# Disabled compression_parallel_threads as the feature is not stable
# lambda: random.choice([1] * 9 + [4])
" compression_parallel_threads " : 1 ,
Limit buffering for collecting samples for compression dictionary (#7970)
Summary:
For dictionary compression, we need to collect some representative samples of the data to be compressed, which we use to either generate or train (when `CompressionOptions::zstd_max_train_bytes > 0`) a dictionary. Previously, the strategy was to buffer all the data blocks during flush, and up to the target file size during compaction. That strategy allowed us to randomly pick samples from as wide a range as possible that'd be guaranteed to land in a single output file.
However, some users try to make huge files in memory-constrained environments, where this strategy can cause OOM. This PR introduces an option, `CompressionOptions::max_dict_buffer_bytes`, that limits how much data blocks are buffered before we switch to unbuffered mode (which means creating the per-SST dictionary, writing out the buffered data, and compressing/writing new blocks as soon as they are built). It is not strict as we currently buffer more than just data blocks -- also keys are buffered. But it does make a step towards giving users predictable memory usage.
Related changes include:
- Changed sampling for dictionary compression to select unique data blocks when there is limited availability of data blocks
- Made use of `BlockBuilder::SwapAndReset()` to save an allocation+memcpy when buffering data blocks for building a dictionary
- Changed `ParseBoolean()` to accept an input containing characters after the boolean. This is necessary since, with this PR, a value for `CompressionOptions::enabled` is no longer necessarily the final component in the `CompressionOptions` string.
Pull Request resolved: https://github.com/facebook/rocksdb/pull/7970
Test Plan:
- updated `CompressionOptions` unit tests to verify limit is respected (to the extent expected in the current implementation) in various scenarios of flush/compaction to bottommost/non-bottommost level
- looked at jemalloc heap profiles right before and after switching to unbuffered mode during flush/compaction. Verified memory usage in buffering is proportional to the limit set.
Reviewed By: pdillinger
Differential Revision: D26467994
Pulled By: ajkr
fbshipit-source-id: 3da4ef9fba59974e4ef40e40c01611002c861465
4 years ago
" compression_max_dict_buffer_bytes " : lambda : ( 1 << random . randint ( 0 , 40 ) ) - 1 ,
Support using ZDICT_finalizeDictionary to generate zstd dictionary (#9857)
Summary:
An untrained dictionary is currently simply the concatenation of several samples. The ZSTD API, ZDICT_finalizeDictionary(), can improve such a dictionary's effectiveness at low cost. This PR changes how dictionary is created by calling the ZSTD ZDICT_finalizeDictionary() API instead of creating raw content dictionary (when max_dict_buffer_bytes > 0), and pass in all buffered uncompressed data blocks as samples.
Pull Request resolved: https://github.com/facebook/rocksdb/pull/9857
Test Plan:
#### db_bench test for cpu/memory of compression+decompression and space saving on synthetic data:
Set up: change the parameter [here](https://github.com/facebook/rocksdb/blob/fb9a167a55e0970b1ef6f67c1600c8d9c4c6114f/tools/db_bench_tool.cc#L1766) to 16384 to make synthetic data more compressible.
```
# linked local ZSTD with version 1.5.2
# DEBUG_LEVEL=0 ROCKSDB_NO_FBCODE=1 ROCKSDB_DISABLE_ZSTD=1 EXTRA_CXXFLAGS="-DZSTD_STATIC_LINKING_ONLY -DZSTD -I/data/users/changyubi/install/include/" EXTRA_LDFLAGS="-L/data/users/changyubi/install/lib/ -l:libzstd.a" make -j32 db_bench
dict_bytes=16384
train_bytes=1048576
echo "========== No Dictionary =========="
TEST_TMPDIR=/dev/shm ./db_bench -benchmarks=filluniquerandom,compact -num=10000000 -compression_type=zstd -compression_max_dict_bytes=0 -block_size=4096 -max_background_jobs=24 -memtablerep=vector -allow_concurrent_memtable_write=false -disable_wal=true -max_write_buffer_number=8 >/dev/null 2>&1
TEST_TMPDIR=/dev/shm /usr/bin/time ./db_bench -use_existing_db=true -benchmarks=compact -compression_type=zstd -compression_max_dict_bytes=0 -block_size=4096 2>&1 | grep elapsed
du -hc /dev/shm/dbbench/*sst | grep total
echo "========== Raw Content Dictionary =========="
TEST_TMPDIR=/dev/shm ./db_bench_main -benchmarks=filluniquerandom,compact -num=10000000 -compression_type=zstd -compression_max_dict_bytes=$dict_bytes -block_size=4096 -max_background_jobs=24 -memtablerep=vector -allow_concurrent_memtable_write=false -disable_wal=true -max_write_buffer_number=8 >/dev/null 2>&1
TEST_TMPDIR=/dev/shm /usr/bin/time ./db_bench_main -use_existing_db=true -benchmarks=compact -compression_type=zstd -compression_max_dict_bytes=$dict_bytes -block_size=4096 2>&1 | grep elapsed
du -hc /dev/shm/dbbench/*sst | grep total
echo "========== FinalizeDictionary =========="
TEST_TMPDIR=/dev/shm ./db_bench -benchmarks=filluniquerandom,compact -num=10000000 -compression_type=zstd -compression_max_dict_bytes=$dict_bytes -compression_zstd_max_train_bytes=$train_bytes -compression_use_zstd_dict_trainer=false -block_size=4096 -max_background_jobs=24 -memtablerep=vector -allow_concurrent_memtable_write=false -disable_wal=true -max_write_buffer_number=8 >/dev/null 2>&1
TEST_TMPDIR=/dev/shm /usr/bin/time ./db_bench -use_existing_db=true -benchmarks=compact -compression_type=zstd -compression_max_dict_bytes=$dict_bytes -compression_zstd_max_train_bytes=$train_bytes -compression_use_zstd_dict_trainer=false -block_size=4096 2>&1 | grep elapsed
du -hc /dev/shm/dbbench/*sst | grep total
echo "========== TrainDictionary =========="
TEST_TMPDIR=/dev/shm ./db_bench -benchmarks=filluniquerandom,compact -num=10000000 -compression_type=zstd -compression_max_dict_bytes=$dict_bytes -compression_zstd_max_train_bytes=$train_bytes -block_size=4096 -max_background_jobs=24 -memtablerep=vector -allow_concurrent_memtable_write=false -disable_wal=true -max_write_buffer_number=8 >/dev/null 2>&1
TEST_TMPDIR=/dev/shm /usr/bin/time ./db_bench -use_existing_db=true -benchmarks=compact -compression_type=zstd -compression_max_dict_bytes=$dict_bytes -compression_zstd_max_train_bytes=$train_bytes -block_size=4096 2>&1 | grep elapsed
du -hc /dev/shm/dbbench/*sst | grep total
# Result: TrainDictionary is much better on space saving, but FinalizeDictionary seems to use less memory.
# before compression data size: 1.2GB
dict_bytes=16384
max_dict_buffer_bytes = 1048576
space cpu/memory
No Dictionary 468M 14.93user 1.00system 0:15.92elapsed 100%CPU (0avgtext+0avgdata 23904maxresident)k
Raw Dictionary 251M 15.81user 0.80system 0:16.56elapsed 100%CPU (0avgtext+0avgdata 156808maxresident)k
FinalizeDictionary 236M 11.93user 0.64system 0:12.56elapsed 100%CPU (0avgtext+0avgdata 89548maxresident)k
TrainDictionary 84M 7.29user 0.45system 0:07.75elapsed 100%CPU (0avgtext+0avgdata 97288maxresident)k
```
#### Benchmark on 10 sample SST files for spacing saving and CPU time on compression:
FinalizeDictionary is comparable to TrainDictionary in terms of space saving, and takes less time in compression.
```
dict_bytes=16384
train_bytes=1048576
for sst_file in `ls ../temp/myrock-sst/`
do
echo "********** $sst_file **********"
echo "========== No Dictionary =========="
./sst_dump --file="../temp/myrock-sst/$sst_file" --command=recompress --compression_level_from=6 --compression_level_to=6 --compression_types=kZSTD
echo "========== Raw Content Dictionary =========="
./sst_dump --file="../temp/myrock-sst/$sst_file" --command=recompress --compression_level_from=6 --compression_level_to=6 --compression_types=kZSTD --compression_max_dict_bytes=$dict_bytes
echo "========== FinalizeDictionary =========="
./sst_dump --file="../temp/myrock-sst/$sst_file" --command=recompress --compression_level_from=6 --compression_level_to=6 --compression_types=kZSTD --compression_max_dict_bytes=$dict_bytes --compression_zstd_max_train_bytes=$train_bytes --compression_use_zstd_finalize_dict
echo "========== TrainDictionary =========="
./sst_dump --file="../temp/myrock-sst/$sst_file" --command=recompress --compression_level_from=6 --compression_level_to=6 --compression_types=kZSTD --compression_max_dict_bytes=$dict_bytes --compression_zstd_max_train_bytes=$train_bytes
done
010240.sst (Size/Time) 011029.sst 013184.sst 021552.sst 185054.sst 185137.sst 191666.sst 7560381.sst 7604174.sst 7635312.sst
No Dictionary 28165569 / 2614419 32899411 / 2976832 32977848 / 3055542 31966329 / 2004590 33614351 / 1755877 33429029 / 1717042 33611933 / 1776936 33634045 / 2771417 33789721 / 2205414 33592194 / 388254
Raw Content Dictionary 28019950 / 2697961 33748665 / 3572422 33896373 / 3534701 26418431 / 2259658 28560825 / 1839168 28455030 / 1846039 28494319 / 1861349 32391599 / 3095649 33772142 / 2407843 33592230 / 474523
FinalizeDictionary 27896012 / 2650029 33763886 / 3719427 33904283 / 3552793 26008225 / 2198033 28111872 / 1869530 28014374 / 1789771 28047706 / 1848300 32296254 / 3204027 33698698 / 2381468 33592344 / 517433
TrainDictionary 28046089 / 2740037 33706480 / 3679019 33885741 / 3629351 25087123 / 2204558 27194353 / 1970207 27234229 / 1896811 27166710 / 1903119 32011041 / 3322315 32730692 / 2406146 33608631 / 570593
```
#### Decompression/Read test:
With FinalizeDictionary/TrainDictionary, some data structure used for decompression are in stored in dictionary, so they are expected to be faster in terms of decompression/reads.
```
dict_bytes=16384
train_bytes=1048576
echo "No Dictionary"
TEST_TMPDIR=/dev/shm/ ./db_bench -benchmarks=filluniquerandom,compact -compression_type=zstd -compression_max_dict_bytes=0 > /dev/null 2>&1
TEST_TMPDIR=/dev/shm/ ./db_bench -use_existing_db=true -benchmarks=readrandom -cache_size=0 -compression_type=zstd -compression_max_dict_bytes=0 2>&1 | grep MB/s
echo "Raw Dictionary"
TEST_TMPDIR=/dev/shm/ ./db_bench -benchmarks=filluniquerandom,compact -compression_type=zstd -compression_max_dict_bytes=$dict_bytes > /dev/null 2>&1
TEST_TMPDIR=/dev/shm/ ./db_bench -use_existing_db=true -benchmarks=readrandom -cache_size=0 -compression_type=zstd -compression_max_dict_bytes=$dict_bytes 2>&1 | grep MB/s
echo "FinalizeDict"
TEST_TMPDIR=/dev/shm/ ./db_bench -benchmarks=filluniquerandom,compact -compression_type=zstd -compression_max_dict_bytes=$dict_bytes -compression_zstd_max_train_bytes=$train_bytes -compression_use_zstd_dict_trainer=false > /dev/null 2>&1
TEST_TMPDIR=/dev/shm/ ./db_bench -use_existing_db=true -benchmarks=readrandom -cache_size=0 -compression_type=zstd -compression_max_dict_bytes=$dict_bytes -compression_zstd_max_train_bytes=$train_bytes -compression_use_zstd_dict_trainer=false 2>&1 | grep MB/s
echo "Train Dictionary"
TEST_TMPDIR=/dev/shm/ ./db_bench -benchmarks=filluniquerandom,compact -compression_type=zstd -compression_max_dict_bytes=$dict_bytes -compression_zstd_max_train_bytes=$train_bytes > /dev/null 2>&1
TEST_TMPDIR=/dev/shm/ ./db_bench -use_existing_db=true -benchmarks=readrandom -cache_size=0 -compression_type=zstd -compression_max_dict_bytes=$dict_bytes -compression_zstd_max_train_bytes=$train_bytes 2>&1 | grep MB/s
No Dictionary
readrandom : 12.183 micros/op 82082 ops/sec 12.183 seconds 1000000 operations; 9.1 MB/s (1000000 of 1000000 found)
Raw Dictionary
readrandom : 12.314 micros/op 81205 ops/sec 12.314 seconds 1000000 operations; 9.0 MB/s (1000000 of 1000000 found)
FinalizeDict
readrandom : 9.787 micros/op 102180 ops/sec 9.787 seconds 1000000 operations; 11.3 MB/s (1000000 of 1000000 found)
Train Dictionary
readrandom : 9.698 micros/op 103108 ops/sec 9.699 seconds 1000000 operations; 11.4 MB/s (1000000 of 1000000 found)
```
Reviewed By: ajkr
Differential Revision: D35720026
Pulled By: cbi42
fbshipit-source-id: 24d230fdff0fd28a1bb650658798f00dfcfb2a1f
2 years ago
" compression_use_zstd_dict_trainer " : lambda : random . randint ( 0 , 1 ) ,
" clear_column_family_one_in " : 0 ,
" compact_files_one_in " : 1000000 ,
" compact_range_one_in " : 1000000 ,
" compaction_pri " : random . randint ( 0 , 4 ) ,
" data_block_index_type " : lambda : random . choice ( [ 0 , 1 ] ) ,
" delpercent " : 4 ,
" delrangepercent " : 1 ,
" destroy_db_initially " : 0 ,
" enable_pipelined_write " : lambda : random . randint ( 0 , 1 ) ,
" enable_compaction_filter " : lambda : random . choice ( [ 0 , 0 , 0 , 1 ] ) ,
" expected_values_dir " : lambda : setup_expected_values_dir ( ) ,
" fail_if_options_file_error " : lambda : random . randint ( 0 , 1 ) ,
" flush_one_in " : 1000000 ,
Add manual_wal_flush, FlushWAL() to stress/crash test (#10698)
Summary:
**Context/Summary:**
Introduce `manual_wal_flush_one_in` as titled.
- When `manual_wal_flush_one_in > 0`, we also need tracing to correctly verify recovery because WAL data can be lost in this case when `FlushWAL()` is not explicitly called by users of RocksDB (in our case, db stress) and the recovery from such potential WAL data loss is a prefix recovery that requires tracing to verify. As another consequence, we need to disable features can't run under unsync data loss with `manual_wal_flush_one_in`
Incompatibilities fixed along the way:
```
db_stress: db/db_impl/db_impl_open.cc:2063: static rocksdb::Status rocksdb::DBImpl::Open(const rocksdb::DBOptions&, const string&, const std::vector<rocksdb::ColumnFamilyDescriptor>&, std::vector<rocksdb::ColumnFamilyHandle*>*, rocksdb::DB**, bool, bool): Assertion `impl->TEST_WALBufferIsEmpty()' failed.
```
- It turns out that `Writer::AddCompressionTypeRecord` before this assertion `EmitPhysicalRecord(kSetCompressionType, encode.data(), encode.size());` but do not trigger flush if `manual_wal_flush` is set . This leads to `impl->TEST_WALBufferIsEmpty()' is false.
- As suggested, assertion is removed and violation case is handled by `FlushWAL(sync=true)` along with refactoring `TEST_WALBufferIsEmpty()` to be `WALBufferIsEmpty()` since it is used in prod code now.
Pull Request resolved: https://github.com/facebook/rocksdb/pull/10698
Test Plan:
- Locally running `python3 tools/db_crashtest.py blackbox --manual_wal_flush_one_in=1 --manual_wal_flush=1 --sync_wal_one_in=100 --atomic_flush=1 --flush_one_in=100 --column_families=3`
- Joined https://github.com/facebook/rocksdb/pull/10624 in auto CI testings with all RocksDB stress/crash test jobs
Reviewed By: ajkr
Differential Revision: D39593752
Pulled By: ajkr
fbshipit-source-id: 3a2135bb792c52d2ffa60257d4fbc557fb04d2ce
2 years ago
" manual_wal_flush_one_in " : lambda : random . choice ( [ 0 , 0 , 1000 , 1000000 ] ) ,
" file_checksum_impl " : lambda : random . choice ( [ " none " , " crc32c " , " xxh64 " , " big " ] ) ,
" get_live_files_one_in " : 1000000 ,
# Note: the following two are intentionally disabled as the corresponding
# APIs are not guaranteed to succeed.
" get_sorted_wal_files_one_in " : 0 ,
" get_current_wal_file_one_in " : 0 ,
# Temporarily disable hash index
" index_type " : lambda : random . choice ( [ 0 , 0 , 0 , 2 , 2 , 3 ] ) ,
" ingest_external_file_one_in " : 1000000 ,
" iterpercent " : 10 ,
" mark_for_compaction_one_file_in " : lambda : 10 * random . randint ( 0 , 1 ) ,
" max_background_compactions " : 20 ,
" max_bytes_for_level_base " : 10485760 ,
" max_key " : 25000000 ,
" max_write_buffer_number " : 3 ,
" mmap_read " : lambda : random . randint ( 0 , 1 ) ,
# Setting `nooverwritepercent > 0` is only possible because we do not vary
# the random seed, so the same keys are chosen by every run for disallowing
# overwrites.
" nooverwritepercent " : 1 ,
" open_files " : lambda : random . choice ( [ - 1 , - 1 , 100 , 500000 ] ) ,
Minimize memory internal fragmentation for Bloom filters (#6427)
Summary:
New experimental option BBTO::optimize_filters_for_memory builds
filters that maximize their use of "usable size" from malloc_usable_size,
which is also used to compute block cache charges.
Rather than always "rounding up," we track state in the
BloomFilterPolicy object to mix essentially "rounding down" and
"rounding up" so that the average FP rate of all generated filters is
the same as without the option. (YMMV as heavily accessed filters might
be unluckily lower accuracy.)
Thus, the option near-minimizes what the block cache considers as
"memory used" for a given target Bloom filter false positive rate and
Bloom filter implementation. There are no forward or backward
compatibility issues with this change, though it only works on the
format_version=5 Bloom filter.
With Jemalloc, we see about 10% reduction in memory footprint (and block
cache charge) for Bloom filters, but 1-2% increase in storage footprint,
due to encoding efficiency losses (FP rate is non-linear with bits/key).
Why not weighted random round up/down rather than state tracking? By
only requiring malloc_usable_size, we don't actually know what the next
larger and next smaller usable sizes for the allocator are. We pick a
requested size, accept and use whatever usable size it has, and use the
difference to inform our next choice. This allows us to narrow in on the
right balance without tracking/predicting usable sizes.
Why not weight history of generated filter false positive rates by
number of keys? This could lead to excess skew in small filters after
generating a large filter.
Results from filter_bench with jemalloc (irrelevant details omitted):
(normal keys/filter, but high variance)
$ ./filter_bench -quick -impl=2 -average_keys_per_filter=30000 -vary_key_count_ratio=0.9
Build avg ns/key: 29.6278
Number of filters: 5516
Total size (MB): 200.046
Reported total allocated memory (MB): 220.597
Reported internal fragmentation: 10.2732%
Bits/key stored: 10.0097
Average FP rate %: 0.965228
$ ./filter_bench -quick -impl=2 -average_keys_per_filter=30000 -vary_key_count_ratio=0.9 -optimize_filters_for_memory
Build avg ns/key: 30.5104
Number of filters: 5464
Total size (MB): 200.015
Reported total allocated memory (MB): 200.322
Reported internal fragmentation: 0.153709%
Bits/key stored: 10.1011
Average FP rate %: 0.966313
(very few keys / filter, optimization not as effective due to ~59 byte
internal fragmentation in blocked Bloom filter representation)
$ ./filter_bench -quick -impl=2 -average_keys_per_filter=1000 -vary_key_count_ratio=0.9
Build avg ns/key: 29.5649
Number of filters: 162950
Total size (MB): 200.001
Reported total allocated memory (MB): 224.624
Reported internal fragmentation: 12.3117%
Bits/key stored: 10.2951
Average FP rate %: 0.821534
$ ./filter_bench -quick -impl=2 -average_keys_per_filter=1000 -vary_key_count_ratio=0.9 -optimize_filters_for_memory
Build avg ns/key: 31.8057
Number of filters: 159849
Total size (MB): 200
Reported total allocated memory (MB): 208.846
Reported internal fragmentation: 4.42297%
Bits/key stored: 10.4948
Average FP rate %: 0.811006
(high keys/filter)
$ ./filter_bench -quick -impl=2 -average_keys_per_filter=1000000 -vary_key_count_ratio=0.9
Build avg ns/key: 29.7017
Number of filters: 164
Total size (MB): 200.352
Reported total allocated memory (MB): 221.5
Reported internal fragmentation: 10.5552%
Bits/key stored: 10.0003
Average FP rate %: 0.969358
$ ./filter_bench -quick -impl=2 -average_keys_per_filter=1000000 -vary_key_count_ratio=0.9 -optimize_filters_for_memory
Build avg ns/key: 30.7131
Number of filters: 160
Total size (MB): 200.928
Reported total allocated memory (MB): 200.938
Reported internal fragmentation: 0.00448054%
Bits/key stored: 10.1852
Average FP rate %: 0.963387
And from db_bench (block cache) with jemalloc:
$ ./db_bench -db=/dev/shm/dbbench.no_optimize -benchmarks=fillrandom -format_version=5 -value_size=90 -bloom_bits=10 -num=2000000 -threads=8 -compaction_style=2 -fifo_compaction_max_table_files_size_mb=10000 -fifo_compaction_allow_compaction=false
$ ./db_bench -db=/dev/shm/dbbench -benchmarks=fillrandom -format_version=5 -value_size=90 -bloom_bits=10 -num=2000000 -threads=8 -optimize_filters_for_memory -compaction_style=2 -fifo_compaction_max_table_files_size_mb=10000 -fifo_compaction_allow_compaction=false
$ (for FILE in /dev/shm/dbbench.no_optimize/*.sst; do ./sst_dump --file=$FILE --show_properties | grep 'filter block' ; done) | awk '{ t += $4; } END { print t; }'
17063835
$ (for FILE in /dev/shm/dbbench/*.sst; do ./sst_dump --file=$FILE --show_properties | grep 'filter block' ; done) | awk '{ t += $4; } END { print t; }'
17430747
$ #^ 2.1% additional filter storage
$ ./db_bench -db=/dev/shm/dbbench.no_optimize -use_existing_db -benchmarks=readrandom,stats -statistics -bloom_bits=10 -num=2000000 -compaction_style=2 -fifo_compaction_max_table_files_size_mb=10000 -fifo_compaction_allow_compaction=false -duration=10 -cache_index_and_filter_blocks -cache_size=1000000000
rocksdb.block.cache.index.add COUNT : 33
rocksdb.block.cache.index.bytes.insert COUNT : 8440400
rocksdb.block.cache.filter.add COUNT : 33
rocksdb.block.cache.filter.bytes.insert COUNT : 21087528
rocksdb.bloom.filter.useful COUNT : 4963889
rocksdb.bloom.filter.full.positive COUNT : 1214081
rocksdb.bloom.filter.full.true.positive COUNT : 1161999
$ #^ 1.04 % observed FP rate
$ ./db_bench -db=/dev/shm/dbbench -use_existing_db -benchmarks=readrandom,stats -statistics -bloom_bits=10 -num=2000000 -compaction_style=2 -fifo_compaction_max_table_files_size_mb=10000 -fifo_compaction_allow_compaction=false -optimize_filters_for_memory -duration=10 -cache_index_and_filter_blocks -cache_size=1000000000
rocksdb.block.cache.index.add COUNT : 33
rocksdb.block.cache.index.bytes.insert COUNT : 8448592
rocksdb.block.cache.filter.add COUNT : 33
rocksdb.block.cache.filter.bytes.insert COUNT : 18220328
rocksdb.bloom.filter.useful COUNT : 5360933
rocksdb.bloom.filter.full.positive COUNT : 1321315
rocksdb.bloom.filter.full.true.positive COUNT : 1262999
$ #^ 1.08 % observed FP rate, 13.6% less memory usage for filters
(Due to specific key density, this example tends to generate filters that are "worse than average" for internal fragmentation. "Better than average" cases can show little or no improvement.)
Pull Request resolved: https://github.com/facebook/rocksdb/pull/6427
Test Plan: unit test added, 'make check' with gcc, clang and valgrind
Reviewed By: siying
Differential Revision: D22124374
Pulled By: pdillinger
fbshipit-source-id: f3e3aa152f9043ddf4fae25799e76341d0d8714e
4 years ago
" optimize_filters_for_memory " : lambda : random . randint ( 0 , 1 ) ,
" partition_filters " : lambda : random . randint ( 0 , 1 ) ,
" partition_pinning " : lambda : random . randint ( 0 , 3 ) ,
" pause_background_one_in " : 1000000 ,
" prefix_size " : lambda : random . choice ( [ - 1 , 1 , 5 , 7 , 8 ] ) ,
" prefixpercent " : 5 ,
" progress_reports " : 0 ,
" readpercent " : 45 ,
" recycle_log_file_num " : lambda : random . randint ( 0 , 1 ) ,
" snapshot_hold_ops " : 100000 ,
" sst_file_manager_bytes_per_sec " : lambda : random . choice ( [ 0 , 104857600 ] ) ,
" sst_file_manager_bytes_per_truncate " : lambda : random . choice ( [ 0 , 1048576 ] ) ,
" long_running_snapshots " : lambda : random . randint ( 0 , 1 ) ,
" subcompactions " : lambda : random . randint ( 1 , 4 ) ,
" target_file_size_base " : 2097152 ,
" target_file_size_multiplier " : 2 ,
" test_batches_snapshots " : random . randint ( 0 , 1 ) ,
" top_level_index_pinning " : lambda : random . randint ( 0 , 3 ) ,
" unpartitioned_pinning " : lambda : random . randint ( 0 , 3 ) ,
" use_direct_reads " : lambda : random . randint ( 0 , 1 ) ,
" use_direct_io_for_flush_and_compaction " : lambda : random . randint ( 0 , 1 ) ,
" mock_direct_io " : False ,
" cache_type " : lambda : random . choice ( [ " lru_cache " , " hyper_clock_cache " ] ) ,
" use_full_merge_v1 " : lambda : random . randint ( 0 , 1 ) ,
" use_merge " : lambda : random . randint ( 0 , 1 ) ,
Add the PutEntity API to the stress/crash tests (#10760)
Summary:
The patch adds the `PutEntity` API to the non-batched, batched, and
CF consistency stress tests. Namely, when the new `db_stress` command
line parameter `use_put_entity_one_in` is greater than zero, one in
N writes on average is performed using `PutEntity` rather than `Put`.
The wide-column entity written has the generated value in its default
column; in addition, it contains up to three additional columns where
the original generated value is divided up between the column name and the
column value (with the column name containing the first k characters of
the generated value, and the column value containing the rest). Whether
`PutEntity` is used (and if so, how many columns the entity has) is completely
determined by the "value base" used to generate the value (that is, there is
no randomness involved). Assuming the same `use_put_entity_one_in` setting
is used across `db_stress` invocations, this enables us to reconstruct and
validate the entity during subsequent `db_stress` runs.
Note that `PutEntity` is currently incompatible with `Merge`, transactions, and
user-defined timestamps; these combinations are currently disabled/disallowed.
Pull Request resolved: https://github.com/facebook/rocksdb/pull/10760
Test Plan: Ran some batched, non-batched, and CF consistency stress tests using the script.
Reviewed By: riversand963
Differential Revision: D39939032
Pulled By: ltamasi
fbshipit-source-id: eafdf124e95993fb7d73158e3b006d11819f7fa9
2 years ago
# use_put_entity_one_in has to be the same across invocations for verification to work, hence no lambda
" use_put_entity_one_in " : random . choice ( [ 0 ] * 7 + [ 1 , 5 , 10 ] ) ,
Add Bloom/Ribbon hybrid API support (#8679)
Summary:
This is essentially resurrection and fixing of the part of
https://github.com/facebook/rocksdb/issues/8198 that was reverted in https://github.com/facebook/rocksdb/issues/8212, using data added in https://github.com/facebook/rocksdb/issues/8246. Basically,
when configuring Ribbon filter, you can specify an LSM level before which
Bloom will be used instead of Ribbon. But Bloom is only considered for
Leveled and Universal compaction styles and file going into a known LSM
level. This way, SST file writer, FIFO compaction, etc. use Ribbon filter as
you would expect with NewRibbonFilterPolicy.
So that this can be controlled with a single int value and so that flushes
can be distinguished from intra-L0, we consider flush to go to level -1 for
the purposes of this option. (Explained in API comment.)
I also expect the most common and recommended Ribbon configuration to
use Bloom during flush, to minimize slowing down writes and because according
to my estimates, Ribbon only pays off if the structure lives in memory for
more than an hour. Thus, I have changed the default for NewRibbonFilterPolicy
to be this mild hybrid configuration. I don't really want to add something like
NewHybridFilterPolicy because at least the mild hybrid configuration (Bloom for
flush, Ribbon otherwise) should be considered a natural choice.
C APIs also updated, but because they don't support overloading,
rocksdb_filterpolicy_create_ribbon is kept pure ribbon for clarity and
rocksdb_filterpolicy_create_ribbon_hybrid must be called for a hybrid
configuration. While touching C API, I changed bits per key options from
int to double.
BuiltinFilterPolicy is needed so that LevelThresholdFilterPolicy doesn't inherit
unused fields from BloomFilterPolicy.
Pull Request resolved: https://github.com/facebook/rocksdb/pull/8679
Test Plan: new + updated tests, including crash test
Reviewed By: jay-zhuang
Differential Revision: D30445797
Pulled By: pdillinger
fbshipit-source-id: 6f5aeddfd6d79f7e55493b563c2d1d2d568892e1
3 years ago
# 999 -> use Bloom API
" ribbon_starting_level " : lambda : random . choice ( [ random . randint ( - 1 , 10 ) , 999 ] ) ,
" value_size_mult " : 32 ,
" verify_checksum " : 1 ,
" write_buffer_size " : 4 * 1024 * 1024 ,
" writepercent " : 35 ,
" format_version " : lambda : random . choice ( [ 2 , 3 , 4 , 5 , 5 ] ) ,
" index_block_restart_interval " : lambda : random . choice ( range ( 1 , 16 ) ) ,
" use_multiget " : lambda : random . randint ( 0 , 1 ) ,
" periodic_compaction_seconds " : lambda : random . choice ( [ 0 , 0 , 1 , 2 , 10 , 100 , 1000 ] ) ,
# 0 = never (used by some), 10 = often (for threading bugs), 600 = default
" stats_dump_period_sec " : lambda : random . choice ( [ 0 , 10 , 600 ] ) ,
" compaction_ttl " : lambda : random . choice ( [ 0 , 0 , 1 , 2 , 10 , 100 , 1000 ] ) ,
# Test small max_manifest_file_size in a smaller chance, as most of the
# time we wnat manifest history to be preserved to help debug
" max_manifest_file_size " : lambda : random . choice (
[ t * 16384 if t < 3 else 1024 * 1024 * 1024 for t in range ( 1 , 30 ) ]
) ,
# Sync mode might make test runs slower so running it in a smaller chance
" sync " : lambda : random . choice ( [ 1 if t == 0 else 0 for t in range ( 0 , 20 ) ] ) ,
" bytes_per_sync " : lambda : random . choice ( [ 0 , 262144 ] ) ,
" wal_bytes_per_sync " : lambda : random . choice ( [ 0 , 524288 ] ) ,
# Disable compaction_readahead_size because the test is not passing.
# "compaction_readahead_size" : lambda : random.choice(
# [0, 0, 1024 * 1024]),
" db_write_buffer_size " : lambda : random . choice (
[ 0 , 0 , 0 , 1024 * 1024 , 8 * 1024 * 1024 , 128 * 1024 * 1024 ]
) ,
" avoid_unnecessary_blocking_io " : random . randint ( 0 , 1 ) ,
" write_dbid_to_manifest " : random . randint ( 0 , 1 ) ,
" avoid_flush_during_recovery " : lambda : random . choice (
[ 1 if t == 0 else 0 for t in range ( 0 , 8 ) ]
) ,
" max_write_batch_group_size_bytes " : lambda : random . choice (
[ 16 , 64 , 1024 * 1024 , 16 * 1024 * 1024 ]
) ,
" level_compaction_dynamic_level_bytes " : True ,
" verify_checksum_one_in " : 1000000 ,
" verify_db_one_in " : 100000 ,
" continuous_verification_interval " : 0 ,
" max_key_len " : 3 ,
" key_len_percent_dist " : " 1,30,69 " ,
" read_fault_one_in " : lambda : random . choice ( [ 0 , 32 , 1000 ] ) ,
" open_metadata_write_fault_one_in " : lambda : random . choice ( [ 0 , 0 , 8 ] ) ,
" open_write_fault_one_in " : lambda : random . choice ( [ 0 , 0 , 16 ] ) ,
" open_read_fault_one_in " : lambda : random . choice ( [ 0 , 0 , 32 ] ) ,
" sync_fault_injection " : lambda : random . randint ( 0 , 1 ) ,
" get_property_one_in " : 1000000 ,
" paranoid_file_checks " : lambda : random . choice ( [ 0 , 1 , 1 , 1 ] ) ,
" max_write_buffer_size_to_maintain " : lambda : random . choice (
[ 0 , 1024 * 1024 , 2 * 1024 * 1024 , 4 * 1024 * 1024 , 8 * 1024 * 1024 ]
) ,
Fix an error while running db_crashtest for non-user-ts tests (#8091)
Summary:
Fix the following error while running `make crash_test`
```
Traceback (most recent call last):
File "tools/db_crashtest.py", line 705, in <module>
main()
File "tools/db_crashtest.py", line 696, in main
blackbox_crash_main(args, unknown_args)
File "tools/db_crashtest.py", line 479, in blackbox_crash_main
+ list({'db': dbname}.items())), unknown_args)
File "tools/db_crashtest.py", line 414, in gen_cmd
finalzied_params = finalize_and_sanitize(params)
File "tools/db_crashtest.py", line 331, in finalize_and_sanitize
dest_params.get("user_timestamp_size") > 0):
TypeError: '>' not supported between instances of 'NoneType' and 'int'
```
Pull Request resolved: https://github.com/facebook/rocksdb/pull/8091
Test Plan: make crash_test
Reviewed By: ltamasi
Differential Revision: D27268276
Pulled By: riversand963
fbshipit-source-id: ed2873b9587ecc51e24abc35ef2bd3d91fb1ed1b
4 years ago
" user_timestamp_size " : 0 ,
" secondary_cache_fault_one_in " : lambda : random . choice ( [ 0 , 0 , 32 ] ) ,
" prepopulate_block_cache " : lambda : random . choice ( [ 0 , 1 ] ) ,
" memtable_prefix_bloom_size_ratio " : lambda : random . choice ( [ 0.001 , 0.01 , 0.1 , 0.5 ] ) ,
" memtable_whole_key_filtering " : lambda : random . randint ( 0 , 1 ) ,
Detect (new) Bloom/Ribbon Filter construction corruption (#9342)
Summary:
Note: rebase on and merge after https://github.com/facebook/rocksdb/pull/9349, https://github.com/facebook/rocksdb/pull/9345, (optional) https://github.com/facebook/rocksdb/pull/9393
**Context:**
(Quoted from pdillinger) Layers of information during new Bloom/Ribbon Filter construction in building block-based tables includes the following:
a) set of keys to add to filter
b) set of hashes to add to filter (64-bit hash applied to each key)
c) set of Bloom indices to set in filter, with duplicates
d) set of Bloom indices to set in filter, deduplicated
e) final filter and its checksum
This PR aims to detect corruption (e.g, unexpected hardware/software corruption on data structures residing in the memory for a long time) from b) to e) and leave a) as future works for application level.
- b)'s corruption is detected by verifying the xor checksum of the hash entries calculated as the entries accumulate before being added to the filter. (i.e, `XXPH3FilterBitsBuilder::MaybeVerifyHashEntriesChecksum()`)
- c) - e)'s corruption is detected by verifying the hash entries indeed exists in the constructed filter by re-querying these hash entries in the filter (i.e, `FilterBitsBuilder::MaybePostVerify()`) after computing the block checksum (except for PartitionFilter, which is done right after each `FilterBitsBuilder::Finish` for impl simplicity - see code comment for more). For this stage of detection, we assume hash entries are not corrupted after checking on b) since the time interval from b) to c) is relatively short IMO.
Option to enable this feature of detection is `BlockBasedTableOptions::detect_filter_construct_corruption` which is false by default.
**Summary:**
- Implemented new functions `XXPH3FilterBitsBuilder::MaybeVerifyHashEntriesChecksum()` and `FilterBitsBuilder::MaybePostVerify()`
- Ensured hash entries, final filter and banding and their [cache reservation ](https://github.com/facebook/rocksdb/issues/9073) are released properly despite corruption
- See [Filter.construction.artifacts.release.point.pdf ](https://github.com/facebook/rocksdb/files/7923487/Design.Filter.construction.artifacts.release.point.pdf) for high-level design
- Bundled and refactored hash entries's related artifact in XXPH3FilterBitsBuilder into `HashEntriesInfo` for better control on lifetime of these artifact during `SwapEntires`, `ResetEntries`
- Ensured RocksDB block-based table builder calls `FilterBitsBuilder::MaybePostVerify()` after constructing the filter by `FilterBitsBuilder::Finish()`
- When encountering such filter construction corruption, stop writing the filter content to files and mark such a block-based table building non-ok by storing the corruption status in the builder.
Pull Request resolved: https://github.com/facebook/rocksdb/pull/9342
Test Plan:
- Added new unit test `DBFilterConstructionCorruptionTestWithParam.DetectCorruption`
- Included this new feature in `DBFilterConstructionReserveMemoryTestWithParam.ReserveMemory` as this feature heavily touch ReserveMemory's impl
- For fallback case, I run `./filter_bench -impl=3 -detect_filter_construct_corruption=true -reserve_table_builder_memory=true -strict_capacity_limit=true -quick -runs 10 | grep 'Build avg'` to make sure nothing break.
- Added to `filter_bench`: increased filter construction time by **30%**, mostly by `MaybePostVerify()`
- FastLocalBloom
- Before change: `./filter_bench -impl=2 -quick -runs 10 | grep 'Build avg'`: **28.86643s**
- After change:
- `./filter_bench -impl=2 -detect_filter_construct_corruption=false -quick -runs 10 | grep 'Build avg'` (expect a tiny increase due to MaybePostVerify is always called regardless): **27.6644s (-4% perf improvement might be due to now we don't drop bloom hash entry in `AddAllEntries` along iteration but in bulk later, same with the bypassing-MaybePostVerify case below)**
- `./filter_bench -impl=2 -detect_filter_construct_corruption=true -quick -runs 10 | grep 'Build avg'` (expect acceptable increase): **34.41159s (+20%)**
- `./filter_bench -impl=2 -detect_filter_construct_corruption=true -quick -runs 10 | grep 'Build avg'` (by-passing MaybePostVerify, expect minor increase): **27.13431s (-6%)**
- Standard128Ribbon
- Before change: `./filter_bench -impl=3 -quick -runs 10 | grep 'Build avg'`: **122.5384s**
- After change:
- `./filter_bench -impl=3 -detect_filter_construct_corruption=false -quick -runs 10 | grep 'Build avg'` (expect a tiny increase due to MaybePostVerify is always called regardless - verified by removing MaybePostVerify under this case and found only +-1ns difference): **124.3588s (+2%)**
- `./filter_bench -impl=3 -detect_filter_construct_corruption=true -quick -runs 10 | grep 'Build avg'`(expect acceptable increase): **159.4946s (+30%)**
- `./filter_bench -impl=3 -detect_filter_construct_corruption=true -quick -runs 10 | grep 'Build avg'`(by-passing MaybePostVerify, expect minor increase) : **125.258s (+2%)**
- Added to `db_stress`: `make crash_test`, `./db_stress --detect_filter_construct_corruption=true`
- Manually smoke-tested: manually corrupted the filter construction in some db level tests with basic PUT and background flush. As expected, the error did get returned to users in subsequent PUT and Flush status.
Reviewed By: pdillinger
Differential Revision: D33746928
Pulled By: hx235
fbshipit-source-id: cb056426be5a7debc1cd16f23bc250f36a08ca57
3 years ago
" detect_filter_construct_corruption " : lambda : random . choice ( [ 0 , 1 ] ) ,
" adaptive_readahead " : lambda : random . choice ( [ 0 , 1 ] ) ,
" async_io " : lambda : random . choice ( [ 0 , 1 ] ) ,
" wal_compression " : lambda : random . choice ( [ " none " , " zstd " ] ) ,
" verify_sst_unique_id_in_manifest " : 1 , # always do unique_id verification
" secondary_cache_uri " : lambda : random . choice (
[
" " ,
" compressed_secondary_cache://capacity=8388608 " ,
" compressed_secondary_cache://capacity=8388608;enable_custom_split_merge=true " ,
]
) ,
" allow_data_in_errors " : True ,
" readahead_size " : lambda : random . choice ( [ 0 , 16384 , 524288 ] ) ,
" initial_auto_readahead_size " : lambda : random . choice ( [ 0 , 16384 , 524288 ] ) ,
" max_auto_readahead_size " : lambda : random . choice ( [ 0 , 16384 , 524288 ] ) ,
" num_file_reads_for_auto_readahead " : lambda : random . choice ( [ 0 , 1 , 2 ] ) ,
" min_write_buffer_number_to_merge " : lambda : random . choice ( [ 1 , 2 ] ) ,
" preserve_internal_time_seconds " : lambda : random . choice ( [ 0 , 60 , 3600 , 36000 ] ) ,
}
_TEST_DIR_ENV_VAR = " TEST_TMPDIR "
_DEBUG_LEVEL_ENV_VAR = " DEBUG_LEVEL "
stress_cmd = " ./db_stress "
cleanup_cmd = None
def is_release_mode ( ) :
return os . environ . get ( _DEBUG_LEVEL_ENV_VAR ) == " 0 "
def get_dbname ( test_name ) :
test_dir_name = " rocksdb_crashtest_ " + test_name
test_tmpdir = os . environ . get ( _TEST_DIR_ENV_VAR )
if test_tmpdir is None or test_tmpdir == " " :
dbname = tempfile . mkdtemp ( prefix = test_dir_name )
else :
dbname = test_tmpdir + " / " + test_dir_name
shutil . rmtree ( dbname , True )
if cleanup_cmd is not None :
print ( " Running DB cleanup command - %s \n " % cleanup_cmd )
# Ignore failure
os . system ( cleanup_cmd )
os . mkdir ( dbname )
return dbname
expected_values_dir = None
def setup_expected_values_dir ( ) :
global expected_values_dir
if expected_values_dir is not None :
return expected_values_dir
expected_dir_prefix = " rocksdb_crashtest_expected_ "
test_tmpdir = os . environ . get ( _TEST_DIR_ENV_VAR )
if test_tmpdir is None or test_tmpdir == " " :
expected_values_dir = tempfile . mkdtemp ( prefix = expected_dir_prefix )
else :
# if tmpdir is specified, store the expected_values_dir under that dir
expected_values_dir = test_tmpdir + " /rocksdb_crashtest_expected "
if os . path . exists ( expected_values_dir ) :
shutil . rmtree ( expected_values_dir )
os . mkdir ( expected_values_dir )
return expected_values_dir
multiops_txn_key_spaces_file = None
def setup_multiops_txn_key_spaces_file ( ) :
global multiops_txn_key_spaces_file
if multiops_txn_key_spaces_file is not None :
return multiops_txn_key_spaces_file
key_spaces_file_prefix = " rocksdb_crashtest_multiops_txn_key_spaces "
test_tmpdir = os . environ . get ( _TEST_DIR_ENV_VAR )
if test_tmpdir is None or test_tmpdir == " " :
multiops_txn_key_spaces_file = tempfile . mkstemp ( prefix = key_spaces_file_prefix ) [
1
]
else :
if not os . path . exists ( test_tmpdir ) :
os . mkdir ( test_tmpdir )
multiops_txn_key_spaces_file = tempfile . mkstemp (
prefix = key_spaces_file_prefix , dir = test_tmpdir
) [ 1 ]
return multiops_txn_key_spaces_file
def is_direct_io_supported ( dbname ) :
with tempfile . NamedTemporaryFile ( dir = dbname ) as f :
try :
os . open ( f . name , os . O_DIRECT )
except BaseException :
return False
return True
blackbox_default_params = {
" disable_wal " : lambda : random . choice ( [ 0 , 0 , 0 , 1 ] ) ,
# total time for this script to test db_stress
" duration " : 6000 ,
# time for one db_stress instance to run
" interval " : 120 ,
# since we will be killing anyway, use large value for ops_per_thread
" ops_per_thread " : 100000000 ,
" reopen " : 0 ,
" set_options_one_in " : 10000 ,
}
whitebox_default_params = {
# TODO: enable this once we figure out how to adjust kill odds for WAL-
# disabled runs, and either (1) separate full `db_stress` runs out of
# whitebox crash or (2) support verification at end of `db_stress` runs
# that ran with WAL disabled.
" disable_wal " : 0 ,
" duration " : 10000 ,
" log2_keys_per_lock " : 10 ,
" ops_per_thread " : 200000 ,
" random_kill_odd " : 888887 ,
" reopen " : 20 ,
}
simple_default_params = {
" allow_concurrent_memtable_write " : lambda : random . randint ( 0 , 1 ) ,
" column_families " : 1 ,
# TODO: re-enable once internal task T124324915 is fixed.
# "experimental_mempurge_threshold": lambda: 10.0*random.random(),
" max_background_compactions " : 1 ,
" max_bytes_for_level_base " : 67108864 ,
" memtablerep " : " skip_list " ,
" target_file_size_base " : 16777216 ,
" target_file_size_multiplier " : 1 ,
" test_batches_snapshots " : 0 ,
" write_buffer_size " : 32 * 1024 * 1024 ,
" level_compaction_dynamic_level_bytes " : False ,
" paranoid_file_checks " : lambda : random . choice ( [ 0 , 1 , 1 , 1 ] ) ,
" verify_iterator_with_expected_state_one_in " : 5 , # this locks a range of keys
}
blackbox_simple_default_params = {
" open_files " : - 1 ,
" set_options_one_in " : 0 ,
}
whitebox_simple_default_params = { }
cf_consistency_params = {
" disable_wal " : lambda : random . randint ( 0 , 1 ) ,
" reopen " : 0 ,
" test_cf_consistency " : 1 ,
# use small value for write_buffer_size so that RocksDB triggers flush
# more frequently
" write_buffer_size " : 1024 * 1024 ,
" enable_pipelined_write " : lambda : random . randint ( 0 , 1 ) ,
# Snapshots are used heavily in this test mode, while they are incompatible
# with compaction filter.
" enable_compaction_filter " : 0 ,
# `CfConsistencyStressTest::TestIngestExternalFile()` is not implemented.
" ingest_external_file_one_in " : 0 ,
}
txn_params = {
" use_txn " : 1 ,
# Avoid lambda to set it once for the entire test
" txn_write_policy " : random . randint ( 0 , 2 ) ,
" unordered_write " : random . randint ( 0 , 1 ) ,
# TODO: there is such a thing as transactions with WAL disabled. We should
# cover that case.
" disable_wal " : 0 ,
# OpenReadOnly after checkpoint is not currnetly compatible with WritePrepared txns
" checkpoint_one_in " : 0 ,
# pipeline write is not currnetly compatible with WritePrepared txns
" enable_pipelined_write " : 0 ,
Snapshots with user-specified timestamps (#9879)
Summary:
In RocksDB, keys are associated with (internal) sequence numbers which denote when the keys are written
to the database. Sequence numbers in different RocksDB instances are unrelated, thus not comparable.
It is nice if we can associate sequence numbers with their corresponding actual timestamps. One thing we can
do is to support user-defined timestamp, which allows the applications to specify the format of custom timestamps
and encode a timestamp with each key. More details can be found at https://github.com/facebook/rocksdb/wiki/User-defined-Timestamp-%28Experimental%29.
This PR provides a different but complementary approach. We can associate rocksdb snapshots (defined in
https://github.com/facebook/rocksdb/blob/7.2.fb/include/rocksdb/snapshot.h#L20) with **user-specified** timestamps.
Since a snapshot is essentially an object representing a sequence number, this PR establishes a bi-directional mapping between sequence numbers and timestamps.
In the past, snapshots are usually taken by readers. The current super-version is grabbed, and a `rocksdb::Snapshot`
object is created with the last published sequence number of the super-version. You can see that the reader actually
has no good idea of what timestamp to assign to this snapshot, because by the time the `GetSnapshot()` is called,
an arbitrarily long period of time may have already elapsed since the last write, which is when the last published
sequence number is written.
This observation motivates the creation of "timestamped" snapshots on the write path. Currently, this functionality is
exposed only to the layer of `TransactionDB`. Application can tell RocksDB to create a snapshot when a transaction
commits, effectively associating the last sequence number with a timestamp. It is also assumed that application will
ensure any two snapshots with timestamps should satisfy the following:
```
snapshot1.seq < snapshot2.seq iff. snapshot1.ts < snapshot2.ts
```
If the application can guarantee that when a reader takes a timestamped snapshot, there is no active writes going on
in the database, then we also allow the user to use a new API `TransactionDB::CreateTimestampedSnapshot()` to create
a snapshot with associated timestamp.
Code example
```cpp
// Create a timestamped snapshot when committing transaction.
txn->SetCommitTimestamp(100);
txn->SetSnapshotOnNextOperation();
txn->Commit();
// A wrapper API for convenience
Status Transaction::CommitAndTryCreateSnapshot(
std::shared_ptr<TransactionNotifier> notifier,
TxnTimestamp ts,
std::shared_ptr<const Snapshot>* ret);
// Create a timestamped snapshot if caller guarantees no concurrent writes
std::pair<Status, std::shared_ptr<const Snapshot>> snapshot = txn_db->CreateTimestampedSnapshot(100);
```
The snapshots created in this way will be managed by RocksDB with ref-counting and potentially shared with
other readers. We provide the following APIs for readers to retrieve a snapshot given a timestamp.
```cpp
// Return the timestamped snapshot correponding to given timestamp. If ts is
// kMaxTxnTimestamp, then we return the latest timestamped snapshot if present.
// Othersise, we return the snapshot whose timestamp is equal to `ts`. If no
// such snapshot exists, then we return null.
std::shared_ptr<const Snapshot> TransactionDB::GetTimestampedSnapshot(TxnTimestamp ts) const;
// Return the latest timestamped snapshot if present.
std::shared_ptr<const Snapshot> TransactionDB::GetLatestTimestampedSnapshot() const;
```
We also provide two additional APIs for stats collection and reporting purposes.
```cpp
Status TransactionDB::GetAllTimestampedSnapshots(
std::vector<std::shared_ptr<const Snapshot>>& snapshots) const;
// Return timestamped snapshots whose timestamps fall in [ts_lb, ts_ub) and store them in `snapshots`.
Status TransactionDB::GetTimestampedSnapshots(
TxnTimestamp ts_lb,
TxnTimestamp ts_ub,
std::vector<std::shared_ptr<const Snapshot>>& snapshots) const;
```
To prevent the number of timestamped snapshots from growing infinitely, we provide the following API to release
timestamped snapshots whose timestamps are older than or equal to a given threshold.
```cpp
void TransactionDB::ReleaseTimestampedSnapshotsOlderThan(TxnTimestamp ts);
```
Before shutdown, RocksDB will release all timestamped snapshots.
Comparison with user-defined timestamp and how they can be combined:
User-defined timestamp persists every key with a timestamp, while timestamped snapshots maintain a volatile
mapping between snapshots (sequence numbers) and timestamps.
Different internal keys with the same user key but different timestamps will be treated as different by compaction,
thus a newer version will not hide older versions (with smaller timestamps) unless they are eligible for garbage collection.
In contrast, taking a timestamped snapshot at a certain sequence number and timestamp prevents all the keys visible in
this snapshot from been dropped by compaction. Here, visible means (seq < snapshot and most recent).
The timestamped snapshot supports the semantics of reading at an exact point in time.
Timestamped snapshots can also be used with user-defined timestamp.
Pull Request resolved: https://github.com/facebook/rocksdb/pull/9879
Test Plan:
```
make check
TEST_TMPDIR=/dev/shm make crash_test_with_txn
```
Reviewed By: siying
Differential Revision: D35783919
Pulled By: riversand963
fbshipit-source-id: 586ad905e169189e19d3bfc0cb0177a7239d1bd4
2 years ago
" create_timestamped_snapshot_one_in " : random . choice ( [ 0 , 20 ] ) ,
Add the PutEntity API to the stress/crash tests (#10760)
Summary:
The patch adds the `PutEntity` API to the non-batched, batched, and
CF consistency stress tests. Namely, when the new `db_stress` command
line parameter `use_put_entity_one_in` is greater than zero, one in
N writes on average is performed using `PutEntity` rather than `Put`.
The wide-column entity written has the generated value in its default
column; in addition, it contains up to three additional columns where
the original generated value is divided up between the column name and the
column value (with the column name containing the first k characters of
the generated value, and the column value containing the rest). Whether
`PutEntity` is used (and if so, how many columns the entity has) is completely
determined by the "value base" used to generate the value (that is, there is
no randomness involved). Assuming the same `use_put_entity_one_in` setting
is used across `db_stress` invocations, this enables us to reconstruct and
validate the entity during subsequent `db_stress` runs.
Note that `PutEntity` is currently incompatible with `Merge`, transactions, and
user-defined timestamps; these combinations are currently disabled/disallowed.
Pull Request resolved: https://github.com/facebook/rocksdb/pull/10760
Test Plan: Ran some batched, non-batched, and CF consistency stress tests using the script.
Reviewed By: riversand963
Differential Revision: D39939032
Pulled By: ltamasi
fbshipit-source-id: eafdf124e95993fb7d73158e3b006d11819f7fa9
2 years ago
# PutEntity in transactions is not yet implemented
" use_put_entity_one_in " : 0 ,
}
best_efforts_recovery_params = {
" best_efforts_recovery " : 1 ,
" atomic_flush " : 0 ,
" disable_wal " : 1 ,
" column_families " : 1 ,
}
blob_params = {
" allow_setting_blob_options_dynamically " : 1 ,
# Enable blob files and GC with a 75% chance initially; note that they might still be
# enabled/disabled during the test via SetOptions
" enable_blob_files " : lambda : random . choice ( [ 0 ] + [ 1 ] * 3 ) ,
" min_blob_size " : lambda : random . choice ( [ 0 , 8 , 16 ] ) ,
" blob_file_size " : lambda : random . choice ( [ 1048576 , 16777216 , 268435456 , 1073741824 ] ) ,
" blob_compression_type " : lambda : random . choice ( [ " none " , " snappy " , " lz4 " , " zstd " ] ) ,
" enable_blob_garbage_collection " : lambda : random . choice ( [ 0 ] + [ 1 ] * 3 ) ,
" blob_garbage_collection_age_cutoff " : lambda : random . choice (
[ 0.0 , 0.25 , 0.5 , 0.75 , 1.0 ]
) ,
Make it possible to force the garbage collection of the oldest blob files (#8994)
Summary:
The current BlobDB garbage collection logic works by relocating the valid
blobs from the oldest blob files as they are encountered during compaction,
and cleaning up blob files once they contain nothing but garbage. However,
with sufficiently skewed workloads, it is theoretically possible to end up in a
situation when few or no compactions get scheduled for the SST files that contain
references to the oldest blob files, which can lead to increased space amp due
to the lack of GC.
In order to efficiently handle such workloads, the patch adds a new BlobDB
configuration option called `blob_garbage_collection_force_threshold`,
which signals to BlobDB to schedule targeted compactions for the SST files
that keep alive the oldest batch of blob files if the overall ratio of garbage in
the given blob files meets the threshold *and* all the given blob files are
eligible for GC based on `blob_garbage_collection_age_cutoff`. (For example,
if the new option is set to 0.9, targeted compactions will get scheduled if the
sum of garbage bytes meets or exceeds 90% of the sum of total bytes in the
oldest blob files, assuming all affected blob files are below the age-based cutoff.)
The net result of these targeted compactions is that the valid blobs in the oldest
blob files are relocated and the oldest blob files themselves cleaned up (since
*all* SST files that rely on them get compacted away).
These targeted compactions are similar to periodic compactions in the sense
that they force certain SST files that otherwise would not get picked up to undergo
compaction and also in the sense that instead of merging files from multiple levels,
they target a single file. (Note: such compactions might still include neighboring files
from the same level due to the need of having a "clean cut" boundary but they never
include any files from any other level.)
This functionality is currently only supported with the leveled compaction style
and is inactive by default (since the default value is set to 1.0, i.e. 100%).
Pull Request resolved: https://github.com/facebook/rocksdb/pull/8994
Test Plan: Ran `make check` and tested using `db_bench` and the stress/crash tests.
Reviewed By: riversand963
Differential Revision: D31489850
Pulled By: ltamasi
fbshipit-source-id: 44057d511726a0e2a03c5d9313d7511b3f0c4eab
3 years ago
" blob_garbage_collection_force_threshold " : lambda : random . choice ( [ 0.5 , 0.75 , 1.0 ] ) ,
" blob_compaction_readahead_size " : lambda : random . choice ( [ 0 , 1048576 , 4194304 ] ) ,
" blob_file_starting_level " : lambda : random . choice (
[ 0 ] * 4 + [ 1 ] * 3 + [ 2 ] * 2 + [ 3 ]
) ,
" use_blob_cache " : lambda : random . randint ( 0 , 1 ) ,
" use_shared_block_and_blob_cache " : lambda : random . randint ( 0 , 1 ) ,
" blob_cache_size " : lambda : random . choice ( [ 1048576 , 2097152 , 4194304 , 8388608 ] ) ,
" prepopulate_blob_cache " : lambda : random . randint ( 0 , 1 ) ,
}
Add user-defined timestamps to db_stress (#8061)
Summary:
Add some basic test for user-defined timestamp to db_stress. Currently,
read with timestamp always tries to read using the current timestamp.
Due to the per-key timestamp-sequence ordering constraint, we only add timestamp-
related tests to the `NonBatchedOpsStressTest` since this test serializes accesses
to the same key and uses a file to cross-check data correctness.
The timestamp feature is not supported in a number of components, e.g. Merge, SingleDelete,
DeleteRange, CompactionFilter, Readonly instance, secondary instance, SST file ingestion, transaction,
etc. Therefore, db_stress should exit if user enables both timestamp and these features at the same
time. The (currently) incompatible features can be found in
`CheckAndSetOptionsForUserTimestamp`.
This PR also fixes a bug triggered when timestamp is enabled together with
`index_type=kBinarySearchWithFirstKey`. This bug fix will also be in another separate PR
with more unit tests coverage. Fixing it here because I do not want to exclude the index type
from crash test.
Pull Request resolved: https://github.com/facebook/rocksdb/pull/8061
Test Plan: make crash_test_with_ts
Reviewed By: jay-zhuang
Differential Revision: D27056282
Pulled By: riversand963
fbshipit-source-id: c3e00ad1023fdb9ebbdf9601ec18270c5e2925a9
4 years ago
ts_params = {
" test_cf_consistency " : 0 ,
" test_batches_snapshots " : 0 ,
" user_timestamp_size " : 8 ,
" use_merge " : 0 ,
" use_full_merge_v1 " : 0 ,
" use_txn " : 0 ,
" enable_blob_files " : 0 ,
" use_blob_db " : 0 ,
" ingest_external_file_one_in " : 0 ,
Add the PutEntity API to the stress/crash tests (#10760)
Summary:
The patch adds the `PutEntity` API to the non-batched, batched, and
CF consistency stress tests. Namely, when the new `db_stress` command
line parameter `use_put_entity_one_in` is greater than zero, one in
N writes on average is performed using `PutEntity` rather than `Put`.
The wide-column entity written has the generated value in its default
column; in addition, it contains up to three additional columns where
the original generated value is divided up between the column name and the
column value (with the column name containing the first k characters of
the generated value, and the column value containing the rest). Whether
`PutEntity` is used (and if so, how many columns the entity has) is completely
determined by the "value base" used to generate the value (that is, there is
no randomness involved). Assuming the same `use_put_entity_one_in` setting
is used across `db_stress` invocations, this enables us to reconstruct and
validate the entity during subsequent `db_stress` runs.
Note that `PutEntity` is currently incompatible with `Merge`, transactions, and
user-defined timestamps; these combinations are currently disabled/disallowed.
Pull Request resolved: https://github.com/facebook/rocksdb/pull/10760
Test Plan: Ran some batched, non-batched, and CF consistency stress tests using the script.
Reviewed By: riversand963
Differential Revision: D39939032
Pulled By: ltamasi
fbshipit-source-id: eafdf124e95993fb7d73158e3b006d11819f7fa9
2 years ago
# PutEntity with timestamps is not yet implemented
" use_put_entity_one_in " : 0 ,
Add user-defined timestamps to db_stress (#8061)
Summary:
Add some basic test for user-defined timestamp to db_stress. Currently,
read with timestamp always tries to read using the current timestamp.
Due to the per-key timestamp-sequence ordering constraint, we only add timestamp-
related tests to the `NonBatchedOpsStressTest` since this test serializes accesses
to the same key and uses a file to cross-check data correctness.
The timestamp feature is not supported in a number of components, e.g. Merge, SingleDelete,
DeleteRange, CompactionFilter, Readonly instance, secondary instance, SST file ingestion, transaction,
etc. Therefore, db_stress should exit if user enables both timestamp and these features at the same
time. The (currently) incompatible features can be found in
`CheckAndSetOptionsForUserTimestamp`.
This PR also fixes a bug triggered when timestamp is enabled together with
`index_type=kBinarySearchWithFirstKey`. This bug fix will also be in another separate PR
with more unit tests coverage. Fixing it here because I do not want to exclude the index type
from crash test.
Pull Request resolved: https://github.com/facebook/rocksdb/pull/8061
Test Plan: make crash_test_with_ts
Reviewed By: jay-zhuang
Differential Revision: D27056282
Pulled By: riversand963
fbshipit-source-id: c3e00ad1023fdb9ebbdf9601ec18270c5e2925a9
4 years ago
}
tiered_params = {
" enable_tiered_storage " : 1 ,
# Set tiered compaction hot data time as: 1 minute, 1 hour, 10 hour
" preclude_last_level_data_seconds " : lambda : random . choice ( [ 60 , 3600 , 36000 ] ) ,
# only test universal compaction for now, level has known issue of
# endless compaction
" compaction_style " : 1 ,
# tiered storage doesn't support blob db yet
" enable_blob_files " : 0 ,
" use_blob_db " : 0 ,
}
multiops_txn_default_params = {
" test_cf_consistency " : 0 ,
" test_batches_snapshots " : 0 ,
" test_multi_ops_txns " : 1 ,
" use_txn " : 1 ,
" two_write_queues " : lambda : random . choice ( [ 0 , 1 ] ) ,
# TODO: enable write-prepared
" disable_wal " : 0 ,
" use_only_the_last_commit_time_batch_for_recovery " : lambda : random . choice ( [ 0 , 1 ] ) ,
" clear_column_family_one_in " : 0 ,
" column_families " : 1 ,
" enable_pipelined_write " : lambda : random . choice ( [ 0 , 1 ] ) ,
# This test already acquires snapshots in reads
" acquire_snapshot_one_in " : 0 ,
" backup_one_in " : 0 ,
" writepercent " : 0 ,
" delpercent " : 0 ,
" delrangepercent " : 0 ,
" customopspercent " : 80 ,
" readpercent " : 5 ,
" iterpercent " : 15 ,
" prefixpercent " : 0 ,
" verify_db_one_in " : 1000 ,
" continuous_verification_interval " : 1000 ,
" delay_snapshot_read_one_in " : 3 ,
# 65536 is the smallest possible value for write_buffer_size. Smaller
# values will be sanitized to 65536 during db open. SetOptions currently
# does not sanitize options, but very small write_buffer_size may cause
# assertion failure in
# https://github.com/facebook/rocksdb/blob/7.0.fb/db/memtable.cc#L117.
" write_buffer_size " : 65536 ,
# flush more frequently to generate more files, thus trigger more
# compactions.
" flush_one_in " : 1000 ,
" key_spaces_path " : setup_multiops_txn_key_spaces_file ( ) ,
" rollback_one_in " : 4 ,
# Re-enable once we have a compaction for MultiOpsTxnStressTest
" enable_compaction_filter " : 0 ,
" create_timestamped_snapshot_one_in " : 50 ,
Support WriteCommit policy with sync_fault_injection=1 (#10624)
Summary:
**Context:**
Prior to this PR, correctness testing with un-sync data loss [disabled](https://github.com/facebook/rocksdb/pull/10605) transaction (`use_txn=1`) thus all of the `txn_write_policy` . This PR improved that by adding support for one policy - WriteCommit (`txn_write_policy=0`).
**Summary:**
They key to this support is (a) handle Mark{Begin, End}Prepare/MarkCommit/MarkRollback in constructing ExpectedState under WriteCommit policy correctly and (b) monitor CI jobs and solve any test incompatibility issue till jobs are stable. (b) will be part of the test plan.
For (a)
- During prepare (i.e, between `MarkBeginPrepare()` and `MarkEndPrepare(xid)`), `ExpectedStateTraceRecordHandler` will buffer all writes by adding all writes to an internal `WriteBatch`.
- On `MarkEndPrepare()`, that `WriteBatch` will be associated with the transaction's `xid`.
- During the commit (i.e, on `MarkCommit(xid)`), `ExpectedStateTraceRecordHandler` will retrieve and iterate the internal `WriteBatch` and finally apply those writes to `ExpectedState`
- During the rollback (i.e, on `MarkRollback(xid)`), `ExpectedStateTraceRecordHandler` will erase the internal `WriteBatch` from the map.
For (b) - one major issue described below:
- TransactionsDB in db stress recovers prepared-but-not-committed txns from the previous crashed run by randomly committing or rolling back it at the start of the current run, see a historical [PR](https://github.com/facebook/rocksdb/commit/6d06be22c083ccf185fd38dba49fde73b644b4c1) predated correctness testing.
- And we will verify those processed keys in a recovered db against their expected state.
- However since now we turn on `sync_fault_injection=1` where the expected state is constructed from the trace instead of using the LATEST.state from previous run. The expected state now used to verify those processed keys won't contain UNKNOWN_SENTINEL as they should - see test 1 for a failed case.
- Therefore, we decided to manually update its expected state to be UNKNOWN_SENTINEL as part of the processing.
Pull Request resolved: https://github.com/facebook/rocksdb/pull/10624
Test Plan:
1. Test exposed the major issue described above. This test will fail without setting UNKNOWN_SENTINEL in expected state during the processing and pass after
```
db=/dev/shm/rocksdb_crashtest_blackbox
exp=/dev/shm/rocksdb_crashtest_expected
dbt=$db.tmp
expt=$exp.tmp
rm -rf $db $exp
mkdir -p $exp
echo "RUN 1"
./db_stress \
--clear_column_family_one_in=0 --column_families=1 --db=$db --delpercent=10 --delrangepercent=0 --destroy_db_initially=0 --expected_values_dir=$exp --iterpercent=0 --key_len_percent_dist=1,30,69 --max_key=1000000 --max_key_len=3 --prefixpercent=0 --readpercent=0 --reopen=0 --ops_per_thread=100000000 --test_batches_snapshots=0 --value_size_mult=32 --writepercent=90 \
--use_txn=1 --txn_write_policy=0 --sync_fault_injection=1 &
pid=$!
sleep 0.2
sleep 20
kill $pid
sleep 0.2
echo "RUN 2"
./db_stress \
--clear_column_family_one_in=0 --column_families=1 --db=$db --delpercent=10 --delrangepercent=0 --destroy_db_initially=0 --expected_values_dir=$exp --iterpercent=0 --key_len_percent_dist=1,30,69 --max_key=1000000 --max_key_len=3 --prefixpercent=0 --readpercent=0 --reopen=0 --ops_per_thread=100000000 --test_batches_snapshots=0 --value_size_mult=32 --writepercent=90 \
--use_txn=1 --txn_write_policy=0 --sync_fault_injection=1 &
pid=$!
sleep 0.2
sleep 20
kill $pid
sleep 0.2
echo "RUN 3"
./db_stress \
--clear_column_family_one_in=0 --column_families=1 --db=$db --delpercent=10 --delrangepercent=0 --destroy_db_initially=0 --expected_values_dir=$exp --iterpercent=0 --key_len_percent_dist=1,30,69 --max_key=1000000 --max_key_len=3 --prefixpercent=0 --readpercent=0 --reopen=0 --ops_per_thread=100000000 --test_batches_snapshots=0 --value_size_mult=32 --writepercent=90 \
--use_txn=1 --txn_write_policy=0 --sync_fault_injection=1
```
2. Manual testing to ensure ExpectedState is constructed correctly during recovery by verifying it against previously crashed TransactionDB's WAL.
- Run the following command to crash a TransactionDB with WriteCommit policy. Then `./ldb dump_wal` on its WAL file
```
db=/dev/shm/rocksdb_crashtest_blackbox
exp=/dev/shm/rocksdb_crashtest_expected
rm -rf $db $exp
mkdir -p $exp
./db_stress \
--clear_column_family_one_in=0 --column_families=1 --db=$db --delpercent=10 --delrangepercent=0 --destroy_db_initially=0 --expected_values_dir=$exp --iterpercent=0 --key_len_percent_dist=1,30,69 --max_key=1000000 --max_key_len=3 --prefixpercent=0 --readpercent=0 --reopen=0 --ops_per_thread=100000000 --test_batches_snapshots=0 --value_size_mult=32 --writepercent=90 \
--use_txn=1 --txn_write_policy=0 --sync_fault_injection=1 &
pid=$!
sleep 30
kill $pid
sleep 1
```
- Run the following command to verify recovery of the crashed db under debugger. Compare the step-wise result with WAL records (e.g, WriteBatch content, xid, prepare/commit/rollback marker)
```
./db_stress \
--clear_column_family_one_in=0 --column_families=1 --db=$db --delpercent=10 --delrangepercent=0 --destroy_db_initially=0 --expected_values_dir=$exp --iterpercent=0 --key_len_percent_dist=1,30,69 --max_key=1000000 --max_key_len=3 --prefixpercent=0 --readpercent=0 --reopen=0 --ops_per_thread=100000000 --test_batches_snapshots=0 --value_size_mult=32 --writepercent=90 \
--use_txn=1 --txn_write_policy=0 --sync_fault_injection=1
```
3. Automatic testing by triggering all RocksDB stress/crash test jobs for 3 rounds with no failure.
Reviewed By: ajkr, riversand963
Differential Revision: D39199373
Pulled By: hx235
fbshipit-source-id: 7a1dec0e3e2ee6ea86ddf5dd19ceb5543a3d6f0c
2 years ago
" sync_fault_injection " : 0 ,
Add the PutEntity API to the stress/crash tests (#10760)
Summary:
The patch adds the `PutEntity` API to the non-batched, batched, and
CF consistency stress tests. Namely, when the new `db_stress` command
line parameter `use_put_entity_one_in` is greater than zero, one in
N writes on average is performed using `PutEntity` rather than `Put`.
The wide-column entity written has the generated value in its default
column; in addition, it contains up to three additional columns where
the original generated value is divided up between the column name and the
column value (with the column name containing the first k characters of
the generated value, and the column value containing the rest). Whether
`PutEntity` is used (and if so, how many columns the entity has) is completely
determined by the "value base" used to generate the value (that is, there is
no randomness involved). Assuming the same `use_put_entity_one_in` setting
is used across `db_stress` invocations, this enables us to reconstruct and
validate the entity during subsequent `db_stress` runs.
Note that `PutEntity` is currently incompatible with `Merge`, transactions, and
user-defined timestamps; these combinations are currently disabled/disallowed.
Pull Request resolved: https://github.com/facebook/rocksdb/pull/10760
Test Plan: Ran some batched, non-batched, and CF consistency stress tests using the script.
Reviewed By: riversand963
Differential Revision: D39939032
Pulled By: ltamasi
fbshipit-source-id: eafdf124e95993fb7d73158e3b006d11819f7fa9
2 years ago
# PutEntity in transactions is not yet implemented
" use_put_entity_one_in " : 0 ,
}
multiops_wc_txn_params = {
" txn_write_policy " : 0 ,
# TODO re-enable pipelined write. Not well tested atm
" enable_pipelined_write " : 0 ,
}
multiops_wp_txn_params = {
" txn_write_policy " : 1 ,
" wp_snapshot_cache_bits " : 1 ,
# try small wp_commit_cache_bits, e.g. 0 once we explore storing full
# commit sequence numbers in commit cache
" wp_commit_cache_bits " : 10 ,
# pipeline write is not currnetly compatible with WritePrepared txns
" enable_pipelined_write " : 0 ,
# OpenReadOnly after checkpoint is not currnetly compatible with WritePrepared txns
" checkpoint_one_in " : 0 ,
# Required to be 1 in order to use commit-time-batch
" use_only_the_last_commit_time_batch_for_recovery " : 1 ,
" clear_wp_commit_cache_one_in " : 10 ,
" create_timestamped_snapshot_one_in " : 0 ,
}
def finalize_and_sanitize ( src_params ) :
dest_params = { k : v ( ) if callable ( v ) else v for ( k , v ) in src_params . items ( ) }
if is_release_mode ( ) :
dest_params [ " read_fault_one_in " ] = 0
Limit buffering for collecting samples for compression dictionary (#7970)
Summary:
For dictionary compression, we need to collect some representative samples of the data to be compressed, which we use to either generate or train (when `CompressionOptions::zstd_max_train_bytes > 0`) a dictionary. Previously, the strategy was to buffer all the data blocks during flush, and up to the target file size during compaction. That strategy allowed us to randomly pick samples from as wide a range as possible that'd be guaranteed to land in a single output file.
However, some users try to make huge files in memory-constrained environments, where this strategy can cause OOM. This PR introduces an option, `CompressionOptions::max_dict_buffer_bytes`, that limits how much data blocks are buffered before we switch to unbuffered mode (which means creating the per-SST dictionary, writing out the buffered data, and compressing/writing new blocks as soon as they are built). It is not strict as we currently buffer more than just data blocks -- also keys are buffered. But it does make a step towards giving users predictable memory usage.
Related changes include:
- Changed sampling for dictionary compression to select unique data blocks when there is limited availability of data blocks
- Made use of `BlockBuilder::SwapAndReset()` to save an allocation+memcpy when buffering data blocks for building a dictionary
- Changed `ParseBoolean()` to accept an input containing characters after the boolean. This is necessary since, with this PR, a value for `CompressionOptions::enabled` is no longer necessarily the final component in the `CompressionOptions` string.
Pull Request resolved: https://github.com/facebook/rocksdb/pull/7970
Test Plan:
- updated `CompressionOptions` unit tests to verify limit is respected (to the extent expected in the current implementation) in various scenarios of flush/compaction to bottommost/non-bottommost level
- looked at jemalloc heap profiles right before and after switching to unbuffered mode during flush/compaction. Verified memory usage in buffering is proportional to the limit set.
Reviewed By: pdillinger
Differential Revision: D26467994
Pulled By: ajkr
fbshipit-source-id: 3da4ef9fba59974e4ef40e40c01611002c861465
4 years ago
if dest_params . get ( " compression_max_dict_bytes " ) == 0 :
dest_params [ " compression_zstd_max_train_bytes " ] = 0
dest_params [ " compression_max_dict_buffer_bytes " ] = 0
if dest_params . get ( " compression_type " ) != " zstd " :
dest_params [ " compression_zstd_max_train_bytes " ] = 0
if dest_params . get ( " allow_concurrent_memtable_write " , 1 ) == 1 :
dest_params [ " memtablerep " ] = " skip_list "
if dest_params [ " mmap_read " ] == 1 :
dest_params [ " use_direct_io_for_flush_and_compaction " ] = 0
dest_params [ " use_direct_reads " ] = 0
if dest_params [ " file_checksum_impl " ] != " none " :
# TODO(T109283569): there is a bug in `GenerateOneFileChecksum()`,
# used by `IngestExternalFile()`, causing it to fail with mmap
# reads. Remove this once it is fixed.
dest_params [ " ingest_external_file_one_in " ] = 0
if (
dest_params [ " use_direct_io_for_flush_and_compaction " ] == 1
or dest_params [ " use_direct_reads " ] == 1
) and not is_direct_io_supported ( dest_params [ " db " ] ) :
if is_release_mode ( ) :
print (
" {} does not support direct IO. Disabling use_direct_reads and "
" use_direct_io_for_flush_and_compaction. \n " . format ( dest_params [ " db " ] )
)
dest_params [ " use_direct_reads " ] = 0
dest_params [ " use_direct_io_for_flush_and_compaction " ] = 0
else :
dest_params [ " mock_direct_io " ] = True
if dest_params [ " test_batches_snapshots " ] == 1 :
dest_params [ " enable_compaction_filter " ] = 0
if dest_params [ " prefix_size " ] < 0 :
dest_params [ " prefix_size " ] = 1
# Multi-key operations are not currently compatible with transactions or
# timestamp.
if ( dest_params . get ( " test_batches_snapshots " ) == 1 or
dest_params . get ( " use_txn " ) == 1 or
dest_params . get ( " user_timestamp_size " ) > 0 ) :
dest_params [ " ingest_external_file_one_in " ] = 0
if ( dest_params . get ( " test_batches_snapshots " ) == 1 or
dest_params . get ( " use_txn " ) == 1 ) :
dest_params [ " delpercent " ] + = dest_params [ " delrangepercent " ]
dest_params [ " delrangepercent " ] = 0
if (
dest_params . get ( " disable_wal " ) == 1
or dest_params . get ( " sync_fault_injection " ) == 1
Add manual_wal_flush, FlushWAL() to stress/crash test (#10698)
Summary:
**Context/Summary:**
Introduce `manual_wal_flush_one_in` as titled.
- When `manual_wal_flush_one_in > 0`, we also need tracing to correctly verify recovery because WAL data can be lost in this case when `FlushWAL()` is not explicitly called by users of RocksDB (in our case, db stress) and the recovery from such potential WAL data loss is a prefix recovery that requires tracing to verify. As another consequence, we need to disable features can't run under unsync data loss with `manual_wal_flush_one_in`
Incompatibilities fixed along the way:
```
db_stress: db/db_impl/db_impl_open.cc:2063: static rocksdb::Status rocksdb::DBImpl::Open(const rocksdb::DBOptions&, const string&, const std::vector<rocksdb::ColumnFamilyDescriptor>&, std::vector<rocksdb::ColumnFamilyHandle*>*, rocksdb::DB**, bool, bool): Assertion `impl->TEST_WALBufferIsEmpty()' failed.
```
- It turns out that `Writer::AddCompressionTypeRecord` before this assertion `EmitPhysicalRecord(kSetCompressionType, encode.data(), encode.size());` but do not trigger flush if `manual_wal_flush` is set . This leads to `impl->TEST_WALBufferIsEmpty()' is false.
- As suggested, assertion is removed and violation case is handled by `FlushWAL(sync=true)` along with refactoring `TEST_WALBufferIsEmpty()` to be `WALBufferIsEmpty()` since it is used in prod code now.
Pull Request resolved: https://github.com/facebook/rocksdb/pull/10698
Test Plan:
- Locally running `python3 tools/db_crashtest.py blackbox --manual_wal_flush_one_in=1 --manual_wal_flush=1 --sync_wal_one_in=100 --atomic_flush=1 --flush_one_in=100 --column_families=3`
- Joined https://github.com/facebook/rocksdb/pull/10624 in auto CI testings with all RocksDB stress/crash test jobs
Reviewed By: ajkr
Differential Revision: D39593752
Pulled By: ajkr
fbshipit-source-id: 3a2135bb792c52d2ffa60257d4fbc557fb04d2ce
2 years ago
or dest_params . get ( " manual_wal_flush_one_in " ) > 0
) :
# File ingestion does not guarantee prefix-recoverability when unsynced
# data can be lost. Ingesting a file syncs data immediately that is
# newer than unsynced memtable data that can be lost on restart.
#
# Even if the above issue is fixed or worked around, our
# trace-and-replay does not trace file ingestion, so in its current form
# it would not recover the expected state to the correct point in time.
dest_params [ " ingest_external_file_one_in " ] = 0
# The `DbStressCompactionFilter` can apply memtable updates to SST
# files, which would be problematic when unsynced data can be lost in
# crash recoveries.
dest_params [ " enable_compaction_filter " ] = 0
# Only under WritePrepared txns, unordered_write would provide the same guarnatees as vanilla rocksdb
if dest_params . get ( " unordered_write " , 0 ) == 1 :
dest_params [ " txn_write_policy " ] = 1
dest_params [ " allow_concurrent_memtable_write " ] = 1
if dest_params . get ( " disable_wal " , 0 ) == 1 :
dest_params [ " atomic_flush " ] = 1
dest_params [ " sync " ] = 0
dest_params [ " write_fault_one_in " ] = 0
if dest_params . get ( " open_files " , 1 ) != - 1 :
# Compaction TTL and periodic compactions are only compatible
# with open_files = -1
dest_params [ " compaction_ttl " ] = 0
dest_params [ " periodic_compaction_seconds " ] = 0
if dest_params . get ( " compaction_style " , 0 ) == 2 :
# Disable compaction TTL in FIFO compaction, because right
# now assertion failures are triggered.
dest_params [ " compaction_ttl " ] = 0
dest_params [ " periodic_compaction_seconds " ] = 0
if dest_params [ " partition_filters " ] == 1 :
if dest_params [ " index_type " ] != 2 :
dest_params [ " partition_filters " ] = 0
if dest_params . get ( " atomic_flush " , 0 ) == 1 :
# disable pipelined write when atomic flush is used.
dest_params [ " enable_pipelined_write " ] = 0
if dest_params . get ( " sst_file_manager_bytes_per_sec " , 0 ) == 0 :
dest_params [ " sst_file_manager_bytes_per_truncate " ] = 0
if dest_params . get ( " enable_compaction_filter " , 0 ) == 1 :
# Compaction filter is incompatible with snapshots. Need to avoid taking
# snapshots, as well as avoid operations that use snapshots for
# verification.
dest_params [ " acquire_snapshot_one_in " ] = 0
dest_params [ " compact_range_one_in " ] = 0
# Give the iterator ops away to reads.
dest_params [ " readpercent " ] + = dest_params . get ( " iterpercent " , 10 )
dest_params [ " iterpercent " ] = 0
if dest_params . get ( " prefix_size " ) == - 1 :
dest_params [ " readpercent " ] + = dest_params . get ( " prefixpercent " , 20 )
dest_params [ " prefixpercent " ] = 0
if (
dest_params . get ( " prefix_size " ) == - 1
and dest_params . get ( " memtable_whole_key_filtering " ) == 0
) :
dest_params [ " memtable_prefix_bloom_size_ratio " ] = 0
if dest_params . get ( " two_write_queues " ) == 1 :
dest_params [ " enable_pipelined_write " ] = 0
if dest_params . get ( " best_efforts_recovery " ) == 1 :
dest_params [ " disable_wal " ] = 1
dest_params [ " atomic_flush " ] = 0
dest_params [ " enable_compaction_filter " ] = 0
dest_params [ " sync " ] = 0
dest_params [ " write_fault_one_in " ] = 0
if dest_params [ " secondary_cache_uri " ] != " " :
# Currently the only cache type compatible with a secondary cache is LRUCache
dest_params [ " cache_type " ] = " lru_cache "
Snapshots with user-specified timestamps (#9879)
Summary:
In RocksDB, keys are associated with (internal) sequence numbers which denote when the keys are written
to the database. Sequence numbers in different RocksDB instances are unrelated, thus not comparable.
It is nice if we can associate sequence numbers with their corresponding actual timestamps. One thing we can
do is to support user-defined timestamp, which allows the applications to specify the format of custom timestamps
and encode a timestamp with each key. More details can be found at https://github.com/facebook/rocksdb/wiki/User-defined-Timestamp-%28Experimental%29.
This PR provides a different but complementary approach. We can associate rocksdb snapshots (defined in
https://github.com/facebook/rocksdb/blob/7.2.fb/include/rocksdb/snapshot.h#L20) with **user-specified** timestamps.
Since a snapshot is essentially an object representing a sequence number, this PR establishes a bi-directional mapping between sequence numbers and timestamps.
In the past, snapshots are usually taken by readers. The current super-version is grabbed, and a `rocksdb::Snapshot`
object is created with the last published sequence number of the super-version. You can see that the reader actually
has no good idea of what timestamp to assign to this snapshot, because by the time the `GetSnapshot()` is called,
an arbitrarily long period of time may have already elapsed since the last write, which is when the last published
sequence number is written.
This observation motivates the creation of "timestamped" snapshots on the write path. Currently, this functionality is
exposed only to the layer of `TransactionDB`. Application can tell RocksDB to create a snapshot when a transaction
commits, effectively associating the last sequence number with a timestamp. It is also assumed that application will
ensure any two snapshots with timestamps should satisfy the following:
```
snapshot1.seq < snapshot2.seq iff. snapshot1.ts < snapshot2.ts
```
If the application can guarantee that when a reader takes a timestamped snapshot, there is no active writes going on
in the database, then we also allow the user to use a new API `TransactionDB::CreateTimestampedSnapshot()` to create
a snapshot with associated timestamp.
Code example
```cpp
// Create a timestamped snapshot when committing transaction.
txn->SetCommitTimestamp(100);
txn->SetSnapshotOnNextOperation();
txn->Commit();
// A wrapper API for convenience
Status Transaction::CommitAndTryCreateSnapshot(
std::shared_ptr<TransactionNotifier> notifier,
TxnTimestamp ts,
std::shared_ptr<const Snapshot>* ret);
// Create a timestamped snapshot if caller guarantees no concurrent writes
std::pair<Status, std::shared_ptr<const Snapshot>> snapshot = txn_db->CreateTimestampedSnapshot(100);
```
The snapshots created in this way will be managed by RocksDB with ref-counting and potentially shared with
other readers. We provide the following APIs for readers to retrieve a snapshot given a timestamp.
```cpp
// Return the timestamped snapshot correponding to given timestamp. If ts is
// kMaxTxnTimestamp, then we return the latest timestamped snapshot if present.
// Othersise, we return the snapshot whose timestamp is equal to `ts`. If no
// such snapshot exists, then we return null.
std::shared_ptr<const Snapshot> TransactionDB::GetTimestampedSnapshot(TxnTimestamp ts) const;
// Return the latest timestamped snapshot if present.
std::shared_ptr<const Snapshot> TransactionDB::GetLatestTimestampedSnapshot() const;
```
We also provide two additional APIs for stats collection and reporting purposes.
```cpp
Status TransactionDB::GetAllTimestampedSnapshots(
std::vector<std::shared_ptr<const Snapshot>>& snapshots) const;
// Return timestamped snapshots whose timestamps fall in [ts_lb, ts_ub) and store them in `snapshots`.
Status TransactionDB::GetTimestampedSnapshots(
TxnTimestamp ts_lb,
TxnTimestamp ts_ub,
std::vector<std::shared_ptr<const Snapshot>>& snapshots) const;
```
To prevent the number of timestamped snapshots from growing infinitely, we provide the following API to release
timestamped snapshots whose timestamps are older than or equal to a given threshold.
```cpp
void TransactionDB::ReleaseTimestampedSnapshotsOlderThan(TxnTimestamp ts);
```
Before shutdown, RocksDB will release all timestamped snapshots.
Comparison with user-defined timestamp and how they can be combined:
User-defined timestamp persists every key with a timestamp, while timestamped snapshots maintain a volatile
mapping between snapshots (sequence numbers) and timestamps.
Different internal keys with the same user key but different timestamps will be treated as different by compaction,
thus a newer version will not hide older versions (with smaller timestamps) unless they are eligible for garbage collection.
In contrast, taking a timestamped snapshot at a certain sequence number and timestamp prevents all the keys visible in
this snapshot from been dropped by compaction. Here, visible means (seq < snapshot and most recent).
The timestamped snapshot supports the semantics of reading at an exact point in time.
Timestamped snapshots can also be used with user-defined timestamp.
Pull Request resolved: https://github.com/facebook/rocksdb/pull/9879
Test Plan:
```
make check
TEST_TMPDIR=/dev/shm make crash_test_with_txn
```
Reviewed By: siying
Differential Revision: D35783919
Pulled By: riversand963
fbshipit-source-id: 586ad905e169189e19d3bfc0cb0177a7239d1bd4
2 years ago
# Remove the following once write-prepared/write-unprepared with/without
# unordered write supports timestamped snapshots
if dest_params . get ( " create_timestamped_snapshot_one_in " , 0 ) > 0 :
dest_params [ " txn_write_policy " ] = 0
dest_params [ " unordered_write " ] = 0
Support WriteCommit policy with sync_fault_injection=1 (#10624)
Summary:
**Context:**
Prior to this PR, correctness testing with un-sync data loss [disabled](https://github.com/facebook/rocksdb/pull/10605) transaction (`use_txn=1`) thus all of the `txn_write_policy` . This PR improved that by adding support for one policy - WriteCommit (`txn_write_policy=0`).
**Summary:**
They key to this support is (a) handle Mark{Begin, End}Prepare/MarkCommit/MarkRollback in constructing ExpectedState under WriteCommit policy correctly and (b) monitor CI jobs and solve any test incompatibility issue till jobs are stable. (b) will be part of the test plan.
For (a)
- During prepare (i.e, between `MarkBeginPrepare()` and `MarkEndPrepare(xid)`), `ExpectedStateTraceRecordHandler` will buffer all writes by adding all writes to an internal `WriteBatch`.
- On `MarkEndPrepare()`, that `WriteBatch` will be associated with the transaction's `xid`.
- During the commit (i.e, on `MarkCommit(xid)`), `ExpectedStateTraceRecordHandler` will retrieve and iterate the internal `WriteBatch` and finally apply those writes to `ExpectedState`
- During the rollback (i.e, on `MarkRollback(xid)`), `ExpectedStateTraceRecordHandler` will erase the internal `WriteBatch` from the map.
For (b) - one major issue described below:
- TransactionsDB in db stress recovers prepared-but-not-committed txns from the previous crashed run by randomly committing or rolling back it at the start of the current run, see a historical [PR](https://github.com/facebook/rocksdb/commit/6d06be22c083ccf185fd38dba49fde73b644b4c1) predated correctness testing.
- And we will verify those processed keys in a recovered db against their expected state.
- However since now we turn on `sync_fault_injection=1` where the expected state is constructed from the trace instead of using the LATEST.state from previous run. The expected state now used to verify those processed keys won't contain UNKNOWN_SENTINEL as they should - see test 1 for a failed case.
- Therefore, we decided to manually update its expected state to be UNKNOWN_SENTINEL as part of the processing.
Pull Request resolved: https://github.com/facebook/rocksdb/pull/10624
Test Plan:
1. Test exposed the major issue described above. This test will fail without setting UNKNOWN_SENTINEL in expected state during the processing and pass after
```
db=/dev/shm/rocksdb_crashtest_blackbox
exp=/dev/shm/rocksdb_crashtest_expected
dbt=$db.tmp
expt=$exp.tmp
rm -rf $db $exp
mkdir -p $exp
echo "RUN 1"
./db_stress \
--clear_column_family_one_in=0 --column_families=1 --db=$db --delpercent=10 --delrangepercent=0 --destroy_db_initially=0 --expected_values_dir=$exp --iterpercent=0 --key_len_percent_dist=1,30,69 --max_key=1000000 --max_key_len=3 --prefixpercent=0 --readpercent=0 --reopen=0 --ops_per_thread=100000000 --test_batches_snapshots=0 --value_size_mult=32 --writepercent=90 \
--use_txn=1 --txn_write_policy=0 --sync_fault_injection=1 &
pid=$!
sleep 0.2
sleep 20
kill $pid
sleep 0.2
echo "RUN 2"
./db_stress \
--clear_column_family_one_in=0 --column_families=1 --db=$db --delpercent=10 --delrangepercent=0 --destroy_db_initially=0 --expected_values_dir=$exp --iterpercent=0 --key_len_percent_dist=1,30,69 --max_key=1000000 --max_key_len=3 --prefixpercent=0 --readpercent=0 --reopen=0 --ops_per_thread=100000000 --test_batches_snapshots=0 --value_size_mult=32 --writepercent=90 \
--use_txn=1 --txn_write_policy=0 --sync_fault_injection=1 &
pid=$!
sleep 0.2
sleep 20
kill $pid
sleep 0.2
echo "RUN 3"
./db_stress \
--clear_column_family_one_in=0 --column_families=1 --db=$db --delpercent=10 --delrangepercent=0 --destroy_db_initially=0 --expected_values_dir=$exp --iterpercent=0 --key_len_percent_dist=1,30,69 --max_key=1000000 --max_key_len=3 --prefixpercent=0 --readpercent=0 --reopen=0 --ops_per_thread=100000000 --test_batches_snapshots=0 --value_size_mult=32 --writepercent=90 \
--use_txn=1 --txn_write_policy=0 --sync_fault_injection=1
```
2. Manual testing to ensure ExpectedState is constructed correctly during recovery by verifying it against previously crashed TransactionDB's WAL.
- Run the following command to crash a TransactionDB with WriteCommit policy. Then `./ldb dump_wal` on its WAL file
```
db=/dev/shm/rocksdb_crashtest_blackbox
exp=/dev/shm/rocksdb_crashtest_expected
rm -rf $db $exp
mkdir -p $exp
./db_stress \
--clear_column_family_one_in=0 --column_families=1 --db=$db --delpercent=10 --delrangepercent=0 --destroy_db_initially=0 --expected_values_dir=$exp --iterpercent=0 --key_len_percent_dist=1,30,69 --max_key=1000000 --max_key_len=3 --prefixpercent=0 --readpercent=0 --reopen=0 --ops_per_thread=100000000 --test_batches_snapshots=0 --value_size_mult=32 --writepercent=90 \
--use_txn=1 --txn_write_policy=0 --sync_fault_injection=1 &
pid=$!
sleep 30
kill $pid
sleep 1
```
- Run the following command to verify recovery of the crashed db under debugger. Compare the step-wise result with WAL records (e.g, WriteBatch content, xid, prepare/commit/rollback marker)
```
./db_stress \
--clear_column_family_one_in=0 --column_families=1 --db=$db --delpercent=10 --delrangepercent=0 --destroy_db_initially=0 --expected_values_dir=$exp --iterpercent=0 --key_len_percent_dist=1,30,69 --max_key=1000000 --max_key_len=3 --prefixpercent=0 --readpercent=0 --reopen=0 --ops_per_thread=100000000 --test_batches_snapshots=0 --value_size_mult=32 --writepercent=90 \
--use_txn=1 --txn_write_policy=0 --sync_fault_injection=1
```
3. Automatic testing by triggering all RocksDB stress/crash test jobs for 3 rounds with no failure.
Reviewed By: ajkr, riversand963
Differential Revision: D39199373
Pulled By: hx235
fbshipit-source-id: 7a1dec0e3e2ee6ea86ddf5dd19ceb5543a3d6f0c
2 years ago
# For TransactionDB, correctness testing with unsync data loss is currently
# compatible with only write committed policy
if ( dest_params . get ( " use_txn " ) == 1 and dest_params . get ( " txn_write_policy " ) != 0 ) :
dest_params [ " sync_fault_injection " ] = 0
Add manual_wal_flush, FlushWAL() to stress/crash test (#10698)
Summary:
**Context/Summary:**
Introduce `manual_wal_flush_one_in` as titled.
- When `manual_wal_flush_one_in > 0`, we also need tracing to correctly verify recovery because WAL data can be lost in this case when `FlushWAL()` is not explicitly called by users of RocksDB (in our case, db stress) and the recovery from such potential WAL data loss is a prefix recovery that requires tracing to verify. As another consequence, we need to disable features can't run under unsync data loss with `manual_wal_flush_one_in`
Incompatibilities fixed along the way:
```
db_stress: db/db_impl/db_impl_open.cc:2063: static rocksdb::Status rocksdb::DBImpl::Open(const rocksdb::DBOptions&, const string&, const std::vector<rocksdb::ColumnFamilyDescriptor>&, std::vector<rocksdb::ColumnFamilyHandle*>*, rocksdb::DB**, bool, bool): Assertion `impl->TEST_WALBufferIsEmpty()' failed.
```
- It turns out that `Writer::AddCompressionTypeRecord` before this assertion `EmitPhysicalRecord(kSetCompressionType, encode.data(), encode.size());` but do not trigger flush if `manual_wal_flush` is set . This leads to `impl->TEST_WALBufferIsEmpty()' is false.
- As suggested, assertion is removed and violation case is handled by `FlushWAL(sync=true)` along with refactoring `TEST_WALBufferIsEmpty()` to be `WALBufferIsEmpty()` since it is used in prod code now.
Pull Request resolved: https://github.com/facebook/rocksdb/pull/10698
Test Plan:
- Locally running `python3 tools/db_crashtest.py blackbox --manual_wal_flush_one_in=1 --manual_wal_flush=1 --sync_wal_one_in=100 --atomic_flush=1 --flush_one_in=100 --column_families=3`
- Joined https://github.com/facebook/rocksdb/pull/10624 in auto CI testings with all RocksDB stress/crash test jobs
Reviewed By: ajkr
Differential Revision: D39593752
Pulled By: ajkr
fbshipit-source-id: 3a2135bb792c52d2ffa60257d4fbc557fb04d2ce
2 years ago
dest_params [ " manual_wal_flush_one_in " ] = 0
# PutEntity is currently not supported by SstFileWriter or in conjunction with Merge
Add the PutEntity API to the stress/crash tests (#10760)
Summary:
The patch adds the `PutEntity` API to the non-batched, batched, and
CF consistency stress tests. Namely, when the new `db_stress` command
line parameter `use_put_entity_one_in` is greater than zero, one in
N writes on average is performed using `PutEntity` rather than `Put`.
The wide-column entity written has the generated value in its default
column; in addition, it contains up to three additional columns where
the original generated value is divided up between the column name and the
column value (with the column name containing the first k characters of
the generated value, and the column value containing the rest). Whether
`PutEntity` is used (and if so, how many columns the entity has) is completely
determined by the "value base" used to generate the value (that is, there is
no randomness involved). Assuming the same `use_put_entity_one_in` setting
is used across `db_stress` invocations, this enables us to reconstruct and
validate the entity during subsequent `db_stress` runs.
Note that `PutEntity` is currently incompatible with `Merge`, transactions, and
user-defined timestamps; these combinations are currently disabled/disallowed.
Pull Request resolved: https://github.com/facebook/rocksdb/pull/10760
Test Plan: Ran some batched, non-batched, and CF consistency stress tests using the script.
Reviewed By: riversand963
Differential Revision: D39939032
Pulled By: ltamasi
fbshipit-source-id: eafdf124e95993fb7d73158e3b006d11819f7fa9
2 years ago
if dest_params [ " use_put_entity_one_in " ] != 0 :
dest_params [ " ingest_external_file_one_in " ] = 0
Add the PutEntity API to the stress/crash tests (#10760)
Summary:
The patch adds the `PutEntity` API to the non-batched, batched, and
CF consistency stress tests. Namely, when the new `db_stress` command
line parameter `use_put_entity_one_in` is greater than zero, one in
N writes on average is performed using `PutEntity` rather than `Put`.
The wide-column entity written has the generated value in its default
column; in addition, it contains up to three additional columns where
the original generated value is divided up between the column name and the
column value (with the column name containing the first k characters of
the generated value, and the column value containing the rest). Whether
`PutEntity` is used (and if so, how many columns the entity has) is completely
determined by the "value base" used to generate the value (that is, there is
no randomness involved). Assuming the same `use_put_entity_one_in` setting
is used across `db_stress` invocations, this enables us to reconstruct and
validate the entity during subsequent `db_stress` runs.
Note that `PutEntity` is currently incompatible with `Merge`, transactions, and
user-defined timestamps; these combinations are currently disabled/disallowed.
Pull Request resolved: https://github.com/facebook/rocksdb/pull/10760
Test Plan: Ran some batched, non-batched, and CF consistency stress tests using the script.
Reviewed By: riversand963
Differential Revision: D39939032
Pulled By: ltamasi
fbshipit-source-id: eafdf124e95993fb7d73158e3b006d11819f7fa9
2 years ago
dest_params [ " use_merge " ] = 0
dest_params [ " use_full_merge_v1 " ] = 0
return dest_params
def gen_cmd_params ( args ) :
params = { }
params . update ( default_params )
if args . test_type == " blackbox " :
params . update ( blackbox_default_params )
if args . test_type == " whitebox " :
params . update ( whitebox_default_params )
if args . simple :
params . update ( simple_default_params )
if args . test_type == " blackbox " :
params . update ( blackbox_simple_default_params )
if args . test_type == " whitebox " :
params . update ( whitebox_simple_default_params )
if args . cf_consistency :
params . update ( cf_consistency_params )
if args . txn :
params . update ( txn_params )
if args . test_best_efforts_recovery :
params . update ( best_efforts_recovery_params )
Add user-defined timestamps to db_stress (#8061)
Summary:
Add some basic test for user-defined timestamp to db_stress. Currently,
read with timestamp always tries to read using the current timestamp.
Due to the per-key timestamp-sequence ordering constraint, we only add timestamp-
related tests to the `NonBatchedOpsStressTest` since this test serializes accesses
to the same key and uses a file to cross-check data correctness.
The timestamp feature is not supported in a number of components, e.g. Merge, SingleDelete,
DeleteRange, CompactionFilter, Readonly instance, secondary instance, SST file ingestion, transaction,
etc. Therefore, db_stress should exit if user enables both timestamp and these features at the same
time. The (currently) incompatible features can be found in
`CheckAndSetOptionsForUserTimestamp`.
This PR also fixes a bug triggered when timestamp is enabled together with
`index_type=kBinarySearchWithFirstKey`. This bug fix will also be in another separate PR
with more unit tests coverage. Fixing it here because I do not want to exclude the index type
from crash test.
Pull Request resolved: https://github.com/facebook/rocksdb/pull/8061
Test Plan: make crash_test_with_ts
Reviewed By: jay-zhuang
Differential Revision: D27056282
Pulled By: riversand963
fbshipit-source-id: c3e00ad1023fdb9ebbdf9601ec18270c5e2925a9
4 years ago
if args . enable_ts :
params . update ( ts_params )
if args . test_multiops_txn :
params . update ( multiops_txn_default_params )
if args . write_policy == " write_committed " :
params . update ( multiops_wc_txn_params )
elif args . write_policy == " write_prepared " :
params . update ( multiops_wp_txn_params )
if args . test_tiered_storage :
params . update ( tiered_params )
# Best-effort recovery, user defined timestamp, tiered storage are currently
# incompatible with BlobDB. Test BE recovery if specified on the command
# line; otherwise, apply BlobDB related overrides with a 10% chance.
if (
not args . test_best_efforts_recovery
and not args . enable_ts
and not args . test_tiered_storage
and random . choice ( [ 0 ] * 9 + [ 1 ] ) == 1
) :
params . update ( blob_params )
for k , v in vars ( args ) . items ( ) :
if v is not None :
params [ k ] = v
return params
def gen_cmd ( params , unknown_params ) :
finalzied_params = finalize_and_sanitize ( params )
cmd = (
[ stress_cmd ]
+ [
" -- {0} = {1} " . format ( k , v )
for k , v in [ ( k , finalzied_params [ k ] ) for k in sorted ( finalzied_params ) ]
if k
not in {
" test_type " ,
" simple " ,
" duration " ,
" interval " ,
" random_kill_odd " ,
" cf_consistency " ,
" txn " ,
" test_best_efforts_recovery " ,
" enable_ts " ,
" test_multiops_txn " ,
" write_policy " ,
" stress_cmd " ,
" test_tiered_storage " ,
" cleanup_cmd " ,
}
and v is not None
]
+ unknown_params
)
return cmd
def execute_cmd ( cmd , timeout ) :
child = subprocess . Popen ( cmd , stderr = subprocess . PIPE , stdout = subprocess . PIPE )
print ( " Running db_stress with pid= %d : %s \n \n " % ( child . pid , " " . join ( cmd ) ) )
try :
outs , errs = child . communicate ( timeout = timeout )
hit_timeout = False
print ( " WARNING: db_stress ended before kill: exitcode= %d \n " % child . returncode )
except subprocess . TimeoutExpired :
hit_timeout = True
child . kill ( )
print ( " KILLED %d \n " % child . pid )
outs , errs = child . communicate ( )
return hit_timeout , child . returncode , outs . decode ( " utf-8 " ) , errs . decode ( " utf-8 " )
# This script runs and kills db_stress multiple times. It checks consistency
# in case of unsafe crashes in RocksDB.
def blackbox_crash_main ( args , unknown_args ) :
cmd_params = gen_cmd_params ( args )
dbname = get_dbname ( " blackbox " )
exit_time = time . time ( ) + cmd_params [ " duration " ]
print (
" Running blackbox-crash-test with \n "
+ " interval_between_crash= "
+ str ( cmd_params [ " interval " ] )
+ " \n "
+ " total-duration= "
+ str ( cmd_params [ " duration " ] )
+ " \n "
)
while time . time ( ) < exit_time :
cmd = gen_cmd (
dict ( list ( cmd_params . items ( ) ) + list ( { " db " : dbname } . items ( ) ) ) , unknown_args
)
hit_timeout , retcode , outs , errs = execute_cmd ( cmd , cmd_params [ " interval " ] )
if not hit_timeout :
print ( " Exit Before Killing " )
print ( " stdout: " )
print ( outs )
print ( " stderr: " )
print ( errs )
sys . exit ( 2 )
for line in errs . split ( " \n " ) :
if line != " " and not line . startswith ( " WARNING " ) :
print ( " stderr has error message: " )
print ( " *** " + line + " *** " )
time . sleep ( 1 ) # time to stabilize before the next run
time . sleep ( 1 ) # time to stabilize before the next run
# we need to clean up after ourselves -- only do this on test success
shutil . rmtree ( dbname , True )
# This python script runs db_stress multiple times. Some runs with
# kill_random_test that causes rocksdb to crash at various points in code.
def whitebox_crash_main ( args , unknown_args ) :
cmd_params = gen_cmd_params ( args )
dbname = get_dbname ( " whitebox " )
cur_time = time . time ( )
exit_time = cur_time + cmd_params [ " duration " ]
half_time = cur_time + cmd_params [ " duration " ] / / 2
print (
" Running whitebox-crash-test with \n "
+ " total-duration= "
+ str ( cmd_params [ " duration " ] )
+ " \n "
)
total_check_mode = 4
check_mode = 0
kill_random_test = cmd_params [ " random_kill_odd " ]
kill_mode = 0
prev_compaction_style = - 1
while time . time ( ) < exit_time :
if check_mode == 0 :
additional_opts = {
# use large ops per thread since we will kill it anyway
" ops_per_thread " : 100
* cmd_params [ " ops_per_thread " ] ,
}
# run with kill_random_test, with three modes.
# Mode 0 covers all kill points. Mode 1 covers less kill points but
# increases change of triggering them. Mode 2 covers even less
# frequent kill points and further increases triggering change.
if kill_mode == 0 :
additional_opts . update (
{
" kill_random_test " : kill_random_test ,
}
)
elif kill_mode == 1 :
if cmd_params . get ( " disable_wal " , 0 ) == 1 :
my_kill_odd = kill_random_test / / 50 + 1
else :
my_kill_odd = kill_random_test / / 10 + 1
additional_opts . update (
{
" kill_random_test " : my_kill_odd ,
" kill_exclude_prefixes " : " WritableFileWriter::Append, "
+ " WritableFileWriter::WriteBuffered " ,
}
)
elif kill_mode == 2 :
# TODO: May need to adjust random odds if kill_random_test
# is too small.
additional_opts . update (
{
" kill_random_test " : ( kill_random_test / / 5000 + 1 ) ,
" kill_exclude_prefixes " : " WritableFileWriter::Append, "
" WritableFileWriter::WriteBuffered, "
" PosixMmapFile::Allocate,WritableFileWriter::Flush " ,
}
)
# Run kill mode 0, 1 and 2 by turn.
kill_mode = ( kill_mode + 1 ) % 3
elif check_mode == 1 :
# normal run with universal compaction mode
additional_opts = {
" kill_random_test " : None ,
" ops_per_thread " : cmd_params [ " ops_per_thread " ] ,
" compaction_style " : 1 ,
}
# Single level universal has a lot of special logic. Ensure we cover
# it sometimes.
if random . randint ( 0 , 1 ) == 1 :
additional_opts . update (
{
" num_levels " : 1 ,
}
)
elif check_mode == 2 :
# normal run with FIFO compaction mode
# ops_per_thread is divided by 5 because FIFO compaction
# style is quite a bit slower on reads with lot of files
additional_opts = {
" kill_random_test " : None ,
" ops_per_thread " : cmd_params [ " ops_per_thread " ] / / 5 ,
" compaction_style " : 2 ,
}
else :
# normal run
additional_opts = {
" kill_random_test " : None ,
" ops_per_thread " : cmd_params [ " ops_per_thread " ] ,
}
cur_compaction_style = additional_opts . get ( " compaction_style " , cmd_params . get ( " compaction_style " , 0 ) )
if prev_compaction_style != - 1 and prev_compaction_style != cur_compaction_style :
print ( " `compaction_style` is changed in current run so `destroy_db_initially` is set to 1 as a short-term solution to avoid cycling through previous db of different compaction style. " + " \n " )
additional_opts [ " destroy_db_initially " ] = 1
prev_compaction_style = cur_compaction_style
cmd = gen_cmd (
dict (
list ( cmd_params . items ( ) )
+ list ( additional_opts . items ( ) )
+ list ( { " db " : dbname } . items ( ) )
) ,
unknown_args ,
)
print (
" Running: " + " " . join ( cmd ) + " \n "
) # noqa: E999 T25377293 Grandfathered in
# If the running time is 15 minutes over the run time, explicit kill and
# exit even if white box kill didn't hit. This is to guarantee run time
# limit, as if it runs as a job, running too long will create problems
# for job scheduling or execution.
# TODO detect a hanging condition. The job might run too long as RocksDB
# hits a hanging bug.
hit_timeout , retncode , stdoutdata , stderrdata = execute_cmd (
cmd , exit_time - time . time ( ) + 900
)
msg = " check_mode= {0} , kill option= {1} , exitcode= {2} \n " . format (
check_mode , additional_opts [ " kill_random_test " ] , retncode
)
print ( msg )
print ( stdoutdata )
print ( stderrdata )
if hit_timeout :
print ( " Killing the run for running too long " )
break
expected = False
if additional_opts [ " kill_random_test " ] is None and ( retncode == 0 ) :
# we expect zero retncode if no kill option
expected = True
elif additional_opts [ " kill_random_test " ] is not None and retncode < = 0 :
# When kill option is given, the test MIGHT kill itself.
# If it does, negative retncode is expected. Otherwise 0.
expected = True
if not expected :
print ( " TEST FAILED. See kill option and exit code above!!! \n " )
sys . exit ( 1 )
stderrdata = stderrdata . lower ( )
errorcount = stderrdata . count ( " error " ) - stderrdata . count ( " got errors 0 times " )
print ( " #times error occurred in output is " + str ( errorcount ) + " \n " )
if errorcount > 0 :
print ( " TEST FAILED. Output has ' error ' !!! \n " )
sys . exit ( 2 )
if stderrdata . find ( " fail " ) > = 0 :
print ( " TEST FAILED. Output has ' fail ' !!! \n " )
sys . exit ( 2 )
# First half of the duration, keep doing kill test. For the next half,
# try different modes.
if time . time ( ) > half_time :
# we need to clean up after ourselves -- only do this on test
# success
shutil . rmtree ( dbname , True )
if cleanup_cmd is not None :
print ( " Running DB cleanup command - %s \n " % cleanup_cmd )
ret = os . system ( cleanup_cmd )
if ret != 0 :
print ( " TEST FAILED. DB cleanup returned error %d \n " % ret )
sys . exit ( 1 )
os . mkdir ( dbname )
if ( expected_values_dir is not None ) :
shutil . rmtree ( expected_values_dir , True )
os . mkdir ( expected_values_dir )
check_mode = ( check_mode + 1 ) % total_check_mode
time . sleep ( 1 ) # time to stabilize after a kill
def main ( ) :
global stress_cmd
global cleanup_cmd
parser = argparse . ArgumentParser (
description = " This script runs and kills \
db_stress multiple times "
)
parser . add_argument ( " test_type " , choices = [ " blackbox " , " whitebox " ] )
parser . add_argument ( " --simple " , action = " store_true " )
parser . add_argument ( " --cf_consistency " , action = " store_true " )
parser . add_argument ( " --txn " , action = " store_true " )
parser . add_argument ( " --test_best_efforts_recovery " , action = " store_true " )
parser . add_argument ( " --enable_ts " , action = " store_true " )
parser . add_argument ( " --test_multiops_txn " , action = " store_true " )
parser . add_argument ( " --write_policy " , choices = [ " write_committed " , " write_prepared " ] )
parser . add_argument ( " --stress_cmd " )
parser . add_argument ( " --test_tiered_storage " , action = " store_true " )
parser . add_argument ( " --cleanup_cmd " )
all_params = dict (
list ( default_params . items ( ) )
+ list ( blackbox_default_params . items ( ) )
+ list ( whitebox_default_params . items ( ) )
+ list ( simple_default_params . items ( ) )
+ list ( blackbox_simple_default_params . items ( ) )
+ list ( whitebox_simple_default_params . items ( ) )
+ list ( blob_params . items ( ) )
+ list ( ts_params . items ( ) )
+ list ( multiops_txn_default_params . items ( ) )
+ list ( multiops_wc_txn_params . items ( ) )
+ list ( multiops_wp_txn_params . items ( ) )
+ list ( best_efforts_recovery_params . items ( ) )
+ list ( cf_consistency_params . items ( ) )
+ list ( tiered_params . items ( ) )
+ list ( txn_params . items ( ) )
)
for k , v in all_params . items ( ) :
parser . add_argument ( " -- " + k , type = type ( v ( ) if callable ( v ) else v ) )
# unknown_args are passed directly to db_stress
args , unknown_args = parser . parse_known_args ( )
test_tmpdir = os . environ . get ( _TEST_DIR_ENV_VAR )
if test_tmpdir is not None and not os . path . isdir ( test_tmpdir ) :
print (
" %s env var is set to a non-existent directory: %s "
% ( _TEST_DIR_ENV_VAR , test_tmpdir )
)
sys . exit ( 1 )
if args . stress_cmd :
stress_cmd = args . stress_cmd
if args . cleanup_cmd :
cleanup_cmd = args . cleanup_cmd
if args . test_type == " blackbox " :
blackbox_crash_main ( args , unknown_args )
if args . test_type == " whitebox " :
whitebox_crash_main ( args , unknown_args )
# Only delete the `expected_values_dir` if test passes
if expected_values_dir is not None :
shutil . rmtree ( expected_values_dir )
if multiops_txn_key_spaces_file is not None :
os . remove ( multiops_txn_key_spaces_file )
if __name__ == " __main__ " :
main ( )
