adding retryable to scan

[limbooverlambda]

solve: #455

We were running into an issue with scans where periodically we noticed scans returning empty results for datasets that were present in a cluster. The hypothesis was that the scans were returning empties when the regions are undergoing splits. While trying to reproduce the issue (by issuing splits from pd-ctl), we found out that when there's a region error (epoch_version_mismatch et al), the scan_inner is not triggering any cache invalidations and subsequent retries. The scan simply returns an empty. This PR is fixing the issue by triggering the invalidations and retry for such issues.

@pingyu @ekexium @andylokandy.

[pingyu]

Thanks for your contribution !

The PR overall looks good. And I left some minor suggestions.

Besides, If you would like to verify the correctness when region error happens, consider to use failpoint. Please refer to failpoint_test.rs. It's not a must before the PR is accepted.

[pingyu]

Suggest to eliminate the recursion and let caller do the retry, to reduce overhead.

[limbooverlambda]

Removed the recursion, in the initial implementation, I followed the pattern as outlined in

client-rust/src/request/plan.rs

Line 109 in 54fd720

async fn single_plan_handler(

where a mutual recursion is being performed to retry the flow. The idea was to shield the caller from performing the retries. In subsequent PRs I would have proposed some enhancements to control the retry logic. I can remove the retry if that seems more prudent.

[limbooverlambda]

Hi @pingyu, are there any more changes you need me to make before this change can be merged? Thanks for taking the time to look at this.

[pingyu]

Nit:

Suggested change

	if end_key
	if end_key.is_some_and(|ek| ek <= next_key.as_ref())

[limbooverlambda]

Thanks. Changed. end_key had to be cloned however.

[pingyu]

end_key.as_ref().is_some_and(|ek| ek <= &next_key) should work.

[pingyu]

I think we should scan from start_key. Otherwise if there is region merge during scan, we would get duplicated kv paires, and lose some others if limit is reached.

[limbooverlambda]

I was trying to trace through the logic and from what I understand, we will only be looping if the limit of the scan has not been exhausted. So regardless of a split or merge, won't we be resuming the next scan from the end_key returned by the previous scan call? So if the first scan result returns an end_key "foo", doesn't the system guarantee that if we start the next scan starting from "foo", we are guaranteed to return all results that are lexicographically larger than "foo" and smaller than whatever end_key has been provided. This is regardless of whether the underlying regions are undergoing any churn(due to any splits or merges). There may be gaps in my understanding so will be more than happy to get some more feedback here.

[pingyu]

I was trying to trace through the logic and from what I understand, we will only be looping if the limit of the scan has not been exhausted. So regardless of a split or merge, won't we be resuming the next scan from the end_key returned by the previous scan call? So if the first scan result returns an end_key "foo", doesn't the system guarantee that if we start the next scan starting from "foo", we are guaranteed to return all results that are lexicographically larger than "foo" and smaller than whatever end_key has been provided. This is regardless of whether the underlying regions are undergoing any churn(due to any splits or merges). There may be gaps in my understanding so will be more than happy to get some more feedback here.

You are right. But I think the issue is here in retryable_scan:

        let request = new_raw_scan_request(
            scan_args.range.clone(),
            scan_args.limit,
            scan_args.key_only,
            scan_args.reverse,
            self.cf.clone(),
        );

As the start key in scan_args.range is not the end key of previous loop.

[pingyu]

@limbooverlambda

[limbooverlambda]

Hi @pingyu. Apologies for not getting to this comment earlier, got caught up with some other deliverables. From the way I understand it, the retryable scan may not need to change the ranges since it is simply retrying the same ranges after the cache has been invalidated. The caller of retryable_scan should be changing the ranges as new regions are encountered. Let me know if that makes sense. I have however tried to simplify the logic using the loop and gotten rid of the pinned future.

[pingyu]

retryable_scan should scan from current_key.

Assume that we scan from key000 to key100. And there are two regions: region1: key000 ~ key050, region2: key050 ~ key100.

First iteration, we scan kvs from region1.
Second iteration, current_key = key050, but this time we get an error of EpochNotMatch because region1 is just merged to region2, and now region2 is key000 ~ key100.
Then we retry, and we should scan from current_key, which is key050, instead of key000. Otherwise, we will get duplicated kvs of frist iteration.

[limbooverlambda]

If you look at the logic, I am. scanning from current_key in the retry instead of the start_key. Let me break down the logic:

The very first call is from the start key:

let mut current_key: Key = start_key; //line 166

Then we try scanning from this start key to scan:

let scan_args = ScanInnerArgs {
                start_key: **current_key.clone(),** // This is mutated for every iteration
                range: range.clone(),
                limit: current_limit,
                key_only,
                reverse,
                backoff: backoff.clone(),
            };
let (res, next_key) = self.retryable_scan(scan_args).await?; //This is retried with the **current state of scan_args**

In the retryable_scan method we are encapsulating the calls to the scan for the start_key (which is the current_key), now in this call if we encounter the EpochNotMatch, we will be retrying from current_key, not from the start_key. The retry is taking place within the function. So, no duplicate will be returned in this scenario.

If you scroll further down in scan_inner, we change the current_key with the end_key returned by the retryable_scan function.

 if end_key.clone().is_some_and(|ek| ek <= next_key) {
                break;
            } else {
              current_key = next_key;
   }

I understand your concern but given the logic, I am having a hard time seeing how duplicates will be returned. Maybe a good way to address your concern will be to write a test that injects a fault and then change the region mappings in the mock pd and see if the test passes.

[pingyu]

But the start_key (or from) we pass to new_raw_scan_request through range argument is not the scan_args.start_key, but the start_key from the very beginning, the range argument of scan_inner.

            let request = new_raw_scan_request(
                scan_args.range.clone(),
                scan_args.limit,
                scan_args.key_only,
                scan_args.reverse,
                self.cf.clone(),
            );

[limbooverlambda]

Thanks @pingyu. Now I see where the issue is. Made the change.

[limbooverlambda]

@pingyu Thanks for your feedback. It will be great if you could take another look.

[limbooverlambda]

Hi @pingyu , the integration tests pass locally. Not sure why they failed on CI. Please let me know if you need me to make any other change to this PR.

[zhangjinpeng87]

@limbooverlambda Please click the "Details" item on the right side of failed CI to check why CI failed. For example:

 Compiling tikv-client v0.3.0 (/home/runner/work/client-rust/client-rust)
error: unexpected `cfg` condition value: `protobuf-codec`
   --> src/transaction/requests.rs:907:12
    |
907 | #[cfg_attr(feature = "protobuf-codec", allow(clippy::useless_conversion))]
    |            ^^^^^^^^^^^^^^^^^^^^^^^^^^
    |
    = note: expected values for `feature` are: `default`, `integration-tests`, and `prometheus`
    = help: consider adding `protobuf-codec` as a feature in `Cargo.toml`
    = note: see <https://doc.rust-lang.org/nightly/rustc/check-cfg/cargo-specifics.html> for more information about checking conditional configuration
    = note: `-D unexpected-cfgs` implied by `-D warnings`
    = help: to override `-D warnings` add `#[allow(unexpected_cfgs)]`

error: could not compile `tikv-client` (lib test) due to 1 previous error
warning: build failed, waiting for other jobs to finish...
make: *** [Makefile:26: integration-test] Error 101
Error: Process completed with exit code 2.

[pingyu]

It's not a good idea to add --fix --allow-dirty, as the fix will be done in CI only and not applied to code base. Besides, some automatic change may not be correct, we need to have a check.

I will open another PR in these few days to fix the errors introduced by the latest toolchain.

[limbooverlambda]

Thanks @pingyu . It seems like the toolchain upgrade started flagging the autogenerated docs. --fix --allow-dirty is a workaround to make the build go through. I did't want to pin the toolchain to a certain version, so this was a quick way to bypass the clippy errors. I agree with you on not using --fix --allow-dirty. Do you have any suggestion on how I can get this PR merged? Looks like all the tests are passing.

[pingyu]

It's not a good idea to add --fix --allow-dirty, as the fix will be done in CI only and not applied to code base. Besides, some automatic change may not be correct, we need to have a check.

I will open another PR in these few days to fix the errors introduced by the latest toolchain.

The check errors for latest toolchain will be fixed by #460.

[limbooverlambda]

@pingyu The problem might be over here, we are not retrieving the new regions or stores once it is updated. This may need to be moved into the loop.

[pingyu]

This feature can be removed. We don't have it.

[limbooverlambda]

Done

[hbisheng]

I agree with @pingyu and IIUC the problem is that scan_args.range never changes across iterations.

scan_args.start_key is totally fine; it moves forward as the scan makes progress. But since scan_args.range doesn't change, it's possible for retryable_scan to have scan_args.range=(key000, key100) scan_args.start_key=key050. In this case, if we encounter a region merge, the raw scan request constructed here will scan the new region from key000 again, getting duplicate KVs.

I think one way to fix it is to gradually shrink the current range in the loop of scan_inner, similar to what the old code did:

cur_range = BoundRange::new(
    std::ops::Bound::Included(region_store.region_with_leader.range().1),
    cur_range.to,
);

[limbooverlambda]

Yes, now I see it. The scan request is being constructed on the range but the range itself is not being changed for every iteration. So essentially, mutating the range with the updated start_key will fix the issue. Thanks @hbisheng and @pingyu for being so patient with the explanation. Adding the fix.

[pingyu]

Suggested change

	range: BoundRange,
	end_key: Option<Key>,

As start_key and range.from are always the same, I think we can keep only one from them. And as it's easier to convert start_key and end_key to range than opposite, I suggest to have start_key and end_key in ScanInnerArgs.

Rest LGTM.

[limbooverlambda]

Changed! Thanks for the review.

[pingyu]

LGTM~

[pingyu]

Suggested change

range = BoundRange::new(std::ops::Bound::Included(current_key.clone()), range.to);

[pingyu]

/cc @iosmanthus

[pingyu]

/cc @iosmanthus

PTAL~

[pingyu]

@limbooverlambda Thanks for your contribution !