Archival bucketlist

[SirTyson]

Description

Resolves #4394

Depends on XDR changes in stellar/stellar-xdr#200.

This change refactors the BucketList so that we can have multiple Bucket Lists simultaneously. This is necessary for State Archival, where validators will maintain a live BucketList, hot archive BucketList, and cold archive BucketList. This change does not yet support writing the new archival BucketLists to history,

Each BucketList has small differences wrt to the entry types it stores, merge logic, and how lookups are done, but the overall BucketList level logic is the same. Because of this, it seemed easiest to template the Bucket related classes and specialize a few functions. The difference are as follows (I'll be updating the Archival CAP with this info soon)

Entry Types:
Live BucketList: BucketEntry
Hot Archive BucketList: HotArchiveBucketEntry.

This change was necessary due to how LedgerKeys are stored. In the Live BucketList, only DEADENTRY store plain LedgerKey. DEADENTRY is equivalent to null, so these LedgerKeys are dropped at the bottom level bucket.

Hot Archives require two types that store LedgerKeys: HA_LIVE and HA_DELETED. HA_LIVE is equivalent to the "null" type in the Live BucketList, and is dropped in the bottom bucket. However, HA_DELETED needs to be persisted.

Merging:
In the hot archive, LedgerEntry are never updated. They may be overwritten by another HotArchiveBucketEntry type, but the LedgerEntry contents itself never change. This means that the INITENTRY, LIVEENTRY, and DEADENTRY abstraction doesn't really make sense. This makes the merge logic for Hot Archive buckets very simple, the newer entry always overwrites the older entry.

This PR adds the concept of a "Tombstone" entry. A tombstone entry essentially represents null in the given BucketList and can be dropped once it reaches the bottom bucket. On the live BucketList, DEADENTRY is the tombstone type. On the Hot Archive BucketList, HA_LIVE is the tombstone.

BucketListDB lookup:
The live BucketList only ever returns LedgerEntry types when queried. Any DEADENTRY LedgerKey is simply omitted from the return, as this is the "null" tombstone type.

Hot archive lookups must return both LedgerKey and LedgerEntry types. HA_LIVE entries are of type LedgerKey and can be omitted from the return since they are the tombstone type. However, HA_ARCHIVED entries are not tombstone entries and must be returned when found. Do to this, Hot Archive lookups return HotArchiveBucketEntry instead of LedgerEntry when queried.

Future updates will add more functionality to Hot Archives, further distinguishing it from the live BucketList, and add a third BucketList type called the cold archive. This cold archive will add a third BucketEntry type and have different merge logic as well, so I think the templated Bucket classes, while verbose, are warranted.

This is currently a draft until the XDR changes are merged.

Checklist

• Reviewed the contributing document
• Rebased on top of master (no merge commits)
• Ran clang-format v8.0.0 (via make format or the Visual Studio extension)
• Compiles
• Ran all tests
• If change impacts performance, include supporting evidence per the performance document

[dmkozh]

We need to bump this to the most recent revision and wrap all the new XDR uses into the next version macro (or wait until the protocol release)

[dmkozh]

Don't forget to revert this

[dmkozh]

Just curious, can we actually change this value at runtime in-between ledgers?

[SirTyson]

No. We will probably end up making this a config setting at which point I'll change it to a dynamic runtime value, but for now it's easier just to inherit the older BucketList's global const value for this refactor.

[dmkozh]

Don't forget to remove this (or uncomment if that's universally useful for debuggin)

[dmkozh]

What's the status of this TODO? I.e. is the PR blocked on this?

[dmkozh]

What about this TODO?

[SirTyson]

The outstanding TODOs are outside the scope of this PR. I've added some additional context on their dependencies. They require changing the history archive structure, which is a pretty big endeavor.

[dmkozh]

Let's maybe open an issue or a few issues for these - in general, Core codebase avoids TODOs merged, and if we do have some, I would prefer to have them point at the issues.

[SirTyson]

We do, the master issue has most of these covered in sub-issues: #4392. I agree it's a little messy but there's a lot of changes that are all kinda have dependencies and I'm trying to merge them in small pieces

[dmkozh]

Please remove

[dmkozh]

We don't have 'RESTORED' key category, do we?

[dmkozh]

Don't forget to update this to include v23 and use it where appropriate.
I also would suggest using a named constant instead of the direct version checks in order to make changes easier.

[marta-lokhova]

Note: changes in this PR impact BucketListDB quite a bit, I think we need to resolve #4433 to make sure we have good coverage. Wdyt?

[dmkozh]

LGTM on the surface level. The code looks fine for now. It would be nicer if this PR was smaller, but I'm not sure if there is a way to stage this change. Rebasing should at least help getting rid of meta diffs.

[dmkozh]

Live/Hot buckets/bucket lists would benefit from at least top-level doc comments.

[SirTyson]

Added some comments and rebased.

[graydon]

Sorry for slow review. Mostly all makes sense and looks .. well, a little gnarly, but good! Especially in light of recent chat.

Requested changes fall into 3 groups:

1. A handful of "definite" changes (like I think one or two little typo-sized bugs)
2. A handful of "maybe you could refactor/dedupe this new duplication" cases
3. An even-more-general / open-ended "is this really the best way to do the type parameterization" questions.

I'd like to at least see cases 1 fixed and 2 attempted (or explained why not to, if you have already tried and the result is worse). Case 3 is more a latent request for discussion / exploration of the alternative parameterization patterns, like maybe it all relates to the impl pattern or something? I'm curious but won't block on the issue either way. I can also try some sketching alternative parameterization patterns on my own.

I guess I would like, if nothing else, for all the function bodies that contain a branch on "if-constexpr type-A-or-B" to also contain the "static-assert-type-is-either-A-or-B" call (and for it to be factored out into a named helper). It seems to be true in many cases, but I'd like it to at least be true in all cases where the if-constexpr thing is employed. Just like so we can get a static list of places to fix when A-or-B becomes A-or-B-or-C in the future.

[graydon]

Should this not read meta.ext = ni.getMetadata().ext? Like take from ni not oi?

[graydon]

I have a vague recollection that the maxProtocolVersion threaded into this function can sometimes be higher or lower than one might expect, due to some approximation in it's derivation, but I can't remember the details; I would just suggest researching it if you haven't yet to be sure this assert is going to always hold.

[SirTyson]

So the relevant function here is calculateMergeProtocolVersion. The current protocol version always gets fed in as maxProtocolVersion in Bucket::merge (the relevant entry points are the FutureBucket constructions in BucketLevel<BucketT>::prepare). calculateMergeProtocolVersion just takes the max protocol of the input buckets, then makes sure it's not greater than maxProtocolVersion. The funkiness comes in when shadows are involved, which will never happen in the archival buckets.

[graydon]

I feel like this could be accomplished slightly less-awkwardly by defining BucketEntryT as a member-type of the type parameter? Or have I forgotten how templates even work?

[graydon]

Again this feels a bit like it could be a member of BucketEntryT?

[graydon]

Not entirely sure what this TODO means but .. should it be done still? If not, perhaps file a followup bug or something?

[SirTyson]

The problem here is that we need to pipe the Bucket type into IndexBucketsWork so we can replace this LiveBucket with the proper templated BucketT. The problem is, IndexBucketsWork gets called on raw HAS reference files. The HAS doesn't currently support HotArchiveBucketList, so we can't pipe in the types yet. The umbrella issue is #4398.

Sorry if the outstanding TODOs aren't super clear, they're intended to be reminders for me in the not-so-obvious places I'll need to fix when I work on the assumeState path later.

[graydon]

Aha! Is the need for the amount of explicit code duplication (rather than type-parametricity) all related to the impl-class pattern? This might actually answer 9/10 of my comments.

[graydon]

Also .. is this safe? I mean: you could in theory wind up with the same bucket file (identified by hash) in both lists, and thereby mis-identify the type of the wrapper class owning it, thinking it was a live bucket when it is actually an archive bucket? I guess it's nearly impossible since the bits would differ in structural ways. But I wonder if it might be better/safer (and avoid the cast) to have two separate mSharedBuckets variables, one per bucket list type?

[SirTyson]

Yeah unfortunately templated virtual functions are against the c++ spec, so the impl-class pattern is inconvenient here. I templated the inner BucketManagerImpl version, but we can only either have explicit return types with a messy dynamic cast, or just return a BucketT type in the BucketManager interface and have to cast on the caller side. I think I might be able to get by with a BucketT level interface for futures and get rid of some of the constexpr branching, but we definitely need to be able to return LiveBucket explicitly in the getBucketByHash case.

I'm fairly confident this is safe, since we have the Bucket type as part of meta so we're guaranteed to not have hash collision (except for empty buckets, but that should be fine). All that being said, I think separate mSharedBuckets would be useful so we could at least get rid of the dynamic cast, but we're stuck with the split getLiveBucketByHash interface I'm afraid.

[SirTyson]

Hmm so I can't actually use a BucketT interface for futures either, but I can still have separate storage types in BucketManager to remove the cast. I think I can get rid of all the constexpr branching by changing the getBucket and getFutures interface to static getter that takes a BucketManager&. It's not a very elegant interface, but avoids removing the impl construct and removes most constexpr branching, so it's probably the least evil approach.

[marta-lokhova]

+1 on splitting shared buckets to ensure safety. Regarding the bucketlist/manager interface, do we actually need the impl-class pattern and the abstract BucketManager? I'm just wondering if the old patterns we're stuck with might be causing more harm than good at this point. Like, can we just have concrete bm/bl templated classes? yes we'd lose some encapsulation and probably degrade compile-time perf, but maybe that's a lesser evil? Right now the interface if quite difficult to follow, and I'm afraid maintenance is going to be a burden.

[marta-lokhova]

note that this approach might be a bit annoying in tests, if we implement BucketList stub subclasses and such, but probably still worth exploring

[graydon]

Likewise here, would this go away if you had two separate sets of futures, separated by bucket type?

[graydon]

Hmm, is the duplication necessary on this one (relative to the earlier very-similar live-bucketlist version of loadKeysFromLedger?)

[graydon]

I think the only differences between the two variants of this function are the presence of shadows, and how they pass their 3 arguments to the fresh-bucket routine. Do you think these differences could be factored out?

[SirTyson]

Good idea. A note for the reader, I used a parameter pack for the base class addBatch. While this isn't really necessary right now since both the HotArchiveBucketList and LiveBucketList have 3 input vector types, this is not true for the upcoming ColdArchiveBucketList::addBatch variant.

[graydon]

Why are the excluded CONFIG_SETTINGS not excluded anymore?

[SirTyson]

We can't have CONFIG_SETTINGS types as a deadEntry or initEntry due to invariants. CONFIG_SETTING can't be deleted, and since it is guaranteed to already exist, it can't be initialized either. However, it can (and does) get updated periodically, so I adjusted the test accordingly for slightly better coverage.

[SirTyson]

I should have addressed all the comments. I was able to refactor out almost all the constexpr branching, but had to use an ugly templated static interface for some BucketManager functions due to the impl construct. While it's not particularly pretty, this is probably the least worst option available given template constraints on virtual functions.

[marta-lokhova]

Checkpointing here, as I'm still reviewing the change. Overall, really cool to see us getting closer to state archival! Thanks for putting it together. I left a few comments, mostly echoing @graydon's concerns about potential maintenance burden, and code readability. I think it's important we agree on the interface before we land this change.

[marta-lokhova]

This worries me a bit, since there could be other Bucket types. Can we explicitly require hot archive bucket here?

[marta-lokhova]

This condition should not be the case for hot archive buckets, right?

[marta-lokhova]

Does the archive bucketlist have a different number of levels?

[marta-lokhova]

please try to extract classes into separate files, as bucket-related classes are getting pretty bloated

[marta-lokhova]

= default?

[marta-lokhova]

+1 on splitting shared buckets to ensure safety. Regarding the bucketlist/manager interface, do we actually need the impl-class pattern and the abstract BucketManager? I'm just wondering if the old patterns we're stuck with might be causing more harm than good at this point. Like, can we just have concrete bm/bl templated classes? yes we'd lose some encapsulation and probably degrade compile-time perf, but maybe that's a lesser evil? Right now the interface if quite difficult to follow, and I'm afraid maintenance is going to be a burden.

[marta-lokhova]

agreed, if possible, we should try to make the interface as readable and easy to reason about as possible

[marta-lokhova]

i think we wouldn't need to do this if we didn't follow the impl-class pattern right?

[marta-lokhova]

note that this approach might be a bit annoying in tests, if we implement BucketList stub subclasses and such, but probably still worth exploring