fix: proper flat storage deltas removal

[Longarithm]

Proper deltas removal during flat storage creation and normal operation. Resolves #8655.

The original issue was that we removed deltas exactly twice. It was already resolved around #8683. Reason: we cached blocks and deltas separately, and flat head was cached whereas flat head delta was not - as we don't need it. But we still iterated over all blocks during GC and executed store_helper::remove_delta for each block hash. This means that remove_delta was called twice: 1) when we move TO flat head; 2) when we move FROM flat head.

Now we call get_all_deltas_metadata on flat storage creation, guarantee that all cached deltas exist, and iterate over existing metadatas, not blocks.

However, now we need to GC deltas created during background creation. We do it in two steps:

1. once we caught up single block - its delta is not needed
2. when we create FS object - there can be some fork blocks remaining. We don't even want to load deltas for them anytime, so it's better do to cleanup right now. Theoretical estimation on their metadatas size is fairly small, and in practice we have 2-10 such blocks - so this step is actually needed. After cleanup, on my experiments there were only 2 deltas remaining on DB, as expected.

Side fix: tests revealed that when flat storage is removed, we don't remove deltas and it's better to do it.

At the same time I introduce CACHED_CHANGES_LIMIT and CACHED_CHANGES_SIZE_LIMIT to warn users that there is too much data cached in flat storage.

Testing

Adjusting test_flat_storage_creation_sanity to check that behaviour: create fork block in the meantime; check in logs that it is actually GC-d; check that previous behaviour fails the test.

[pugachAG]

what if key_to[7] is u8::MAX_VALUE?
I suggest implementing fn next_shard_prefix(cur: &[u8]) -> Vec<u8> function which does +1 with proper carry over handling. Then we can re-use it for flat state removal as well.

[Longarithm]

I see. There would be no impact because we have < 256 shards, but I don't want it to suddenly fail at some point. Introduced ShardUId::next_shard_prefix(bytes) because it makes more sense as slice operation.

Side note: little-endian is quite annoying here, because I can't just increment shard id. Still we can rely on the fact that all shard uids are unique.

[pugachAG]

Why do we want to track this separately? As far as I understand there is no risk of having more than 50 small deltas cached and producing warn in this case is a false-alarm, at least in the context in flat storage. I suggest removing that and only tracking the total size of cached changes.

[Longarithm]

As far as I remember, there is a risk of node slowdown if there are too many deltas, even if they are small, so it is also worth a warning.

[pugachAG]

Please elaborate on what those risks are. In my understanding the bottleneck is hash map access, but then this value should be much larger: I expect main memory access to be ~100ns (which is a pessimistic case with processor cache miss). Even assuming we need 2 memory accesses for each hash map access and acceptable flat storage latency is 100us then we can still support 500 deltas without major performance degradation.
In general I'm against unnecessary tracking/warn because it introduces maintenance overhead for the future. If you insist on keeping that then please make sure to write an elaborate comment describing calculation behind the value as well as what could happen when we exceed it. For example current comment eventually it can cause OOM error. behind CACHED_CHANGES_LIMIT is very misleading, because that is only applicable to CACHED_CHANGES_SIZE_LIMIT

[pugachAG]

ah, looks like @jakmeier has just proven me wrong: #8006 (comment) and we can reasonable support around only around 100 deltas 😞

[Longarithm]

Tbh I didn't know exact numbers, but now I can happily add them to comments

[pugachAG]

Let's keep it at 100 and add a link to Jakob's table in the comment

[pugachAG]

Please elaborate on what those risks are. In my understanding the bottleneck is hash map access, but then this value should be much larger: I expect main memory access to be ~100ns (which is a pessimistic case with processor cache miss). Even assuming we need 2 memory accesses for each hash map access and acceptable flat storage latency is 100us then we can still support 500 deltas without major performance degradation.
In general I'm against unnecessary tracking/warn because it introduces maintenance overhead for the future. If you insist on keeping that then please make sure to write an elaborate comment describing calculation behind the value as well as what could happen when we exceed it. For example current comment eventually it can cause OOM error. behind CACHED_CHANGES_LIMIT is very misleading, because that is only applicable to CACHED_CHANGES_SIZE_LIMIT

[pugachAG]

please don't use prometheus metrics data source, that is super hacky :) use cached_changes.len() and cached_changes.total_size() instead

[Longarithm]

Btw this line was even wrong. I wanted to count number of deltas, not number of items in them - fixed.

[pugachAG]

update_delta_metrics is pretty neat!
overall LGTM, thanks for addressing my comments.

[pugachAG]

super nit: for changes in self.deltas.values() should work