Core: Detect and merge duplicate DVs for a data file and merge them before committing

[amogh-jahagirdar]

While generally, writers are expected to merge DVs for a given data file before attempting to commit, we probably want to have a safeguard in the commit path in case this assumption is violated. This has been observed when AQE is enabled in Spark and a data file is split across multiple tasks (really just depends on how files and deletes are split); then multiple DVs are produced for a given data file, and then committed. Currently, after that commit reads would fail since the DeleteFileIndex detects the duplicates and fails on read.

Arguably, there should be a safeguard on the commit path which detects duplicates and fixes them up to prevent any invalid table states. Doing this behind the API covers any engine integration using the library.

This change updates MergingSnapshotProducer to track duplicate DVs for a datafile, and then merge them and produces a Puffin file per DV. Note that since we generally expect duplicates to be rare, we don't expect there to be too many small Puffins produced, and we don't add the additional logic to coalesce into larger files. Furthermore, these can later be compacted. In case of large scale duplicates, then engines should arguably fix those up before handing off to the commit path.

[amogh-jahagirdar]

Still cleaning some stuff up, so leaving in draft but feel free to comment. But basically there are some cases in Spark where a file can be split across multiple tasks, and if deletes happen to touch every single part in the task we'd incorrectly produce multiple DVs for a given data file (discovered this recently with a user when they had Spark AQE enabled, but I think file splitting can happen in more cases).

We currently throw on read in such cases, but ideally we can try and prevent this on write by detecting and merging pre-commit.

The reason this is done behind the API is largely so that we are defensive from a library perspective that in case an engine/integration happens to produce multiple DVs, we can at least fix it up pre-commit.

In the case there are too many to reasonably rewrite on a single node, then engines could do distributed writes to fix up before handing off the files to the API, but arguably from a library perspective it seems reasonable to pay this overhead to prevent bad commits across any integration.

[amogh-jahagirdar]

Probably keep a boolean in-case we detect a duplicate. That way we don't have to pay the price of grouping by referenced file everytime to detect possible duplicates; only if we detect it at the time of adding it, we can do the dedupe/merge

[amogh-jahagirdar]

We also could just keep a mapping specific for duplicates. That shrinks down how much work we need to do because instead of trying to group by every referenced data file in case of duplicates, we just go through the duplicates set. It's maybe a little more memory but if we consider that we expect duplicates to generally be rare it feels like a generally better solution

[amogh-jahagirdar]

because we may be merging duplicates, we don't update the summary for delete files until after we dedupe and are just about to write the new manifests

[amogh-jahagirdar]

This fix surfaced an issue in some of the TestPositionDeletesTable tests where we were setting the wrong data file for delete file; we'd just add a DV for the same data file, and then it'd get merged with the new logic , and break some of the later assertions.

[amogh-jahagirdar]

This test had to be fixed after the recent changes because the file paths for data file B and B2 were set to the same before, so the DVs for both referenced the same file (but that probably wasn't the intention of these tests) so it was a duplicate. After this change we'd merge the DVs in the commit, and then it'd actually get treated as a dangling delete and fail some of the assertions.

Since these tests are just testing the eq. delete case we could just simplify it by removing the usage of fileB deletes, it's a more minimal test that tests the same thing.

Also note, generally I'd take this in a separate PR but I think there's a good argument that this change should be in a 1.10.2 patch release to prevent invalid table states; in that case we'd need to keep these changes together.

[RussellSpitzer]

LIttle weird that we are now writing delete vectors on the driver?

[RussellSpitzer]

Probably doesn't matter but in the real world these could also potentitally have existing overlapping deletes
Ie
Task 1 has existing DV and merges a few new Deletes
Task 2 has existing DV and merges a few new deletes

I think the logic is fine though

[RussellSpitzer]

I'm mostly on board here but I have a few concerns,

1. I Think the implementation here is trying to be efficient with memory usage by populating the map only if a duplicate is found, but I'm not sure it's really saving us all that much when every time we do hit a match we have to scan the entire list dv's again to find the dv which is the duplicate. I'd consider whether just keeping a mapping of reference data files to delete vectors is that much more expensive. It would make the lookup much simpler

2. Intrinsically we are cleaning up after something which shouldn't be happening. Given that we know fixing this behavior in spark may take a while or ... may just be impossible without further mods, I think having a fix here is better than throwing an exception (which could be another solution) but It feels weird that we are rewriting things from the driver here. I think this is now the first time that the Spark integration writes data/delete files from the driver and that feels a little weird to me.

3. I agree with the requests for logging, this is probably really not good for performance and we should have some notes that it is happening for users although that's not really important now unless we have a way to avoid it from spark.

[rdblue]

These tests are failing with the fix to core, right? I think we generally try to update one Spark version per commit unless there are failures that would leave main in a broken state.

[amogh-jahagirdar]

Yeah that's right, it's failing with the changes to core in this PR because the test was setting up duplicates (unintentionally as far as I can tell) and now we'd be merging them and breaking some of the assertions in the test.

[amogh-jahagirdar]

I commented this elsehwere but the reason this field is a LinkedHashMap is because there's quite a lot of tests which verify the exact ordering of entries in a manifest. I do think we should change those tests because we really shouldn't be guaranteeing any ordering in the entries in the output manifests but that's a larger change. The current implementation which tracks newDeleteFilesBySpec uses a DeleteFileSet which is an insertion-ordering preserving structure.

[RussellSpitzer]

I am not sure about the ordering here, since I think that is something we may want to guarentee or at least make determinsitic in the future. We can always talk about that later though.

No problems with this usage here of LinkedHashMap

[rdblue]

Should this be here or in DVUtil?

Deletes seems to be utilities for working with position delete structs coming from an engine. DVUtil seems more appropriate to me.

[rdblue]

Missing quite a few params here.

[rdblue]

Since this has a FileIO, it's a little awkward to have a Supplier<OutputFile> passed in since a big part of that is the job of FileIO. Also, if this supplier is only called once then it doesn't need to be a supplier. What about passing a string location instead?

[rdblue]

dvsByReferencedFile?

[rdblue]

I think this is correct, but I find a more straightforward implementation that uses get instead of merge easier to read:

    Map<String, PositionDeleteIndex> mergedDVs = Maps.newHashMap();
    for  (int i = 0; i < duplicatedDVPositions.length; i++) {
      PositionDeleteIndex previousDV = mergedDVs.get(duplicateDVs.get(i).referencedDataFile());
      if (previousDV != null) {
        previousDV.merge(duplicatedDVPositions[i]);
      } else {
        mergedDVs.put(delete.referencedDataFile(), duplicatedDVPositions[i]);
      }
    }

[rdblue]

Rather than 2 maps and lookups, why not use Map<String, Pair<PartitionSpec, StructLike>>?

[rdblue]

There are a couple of things that make this method fairly complicated. First, using a map of lists ends up causing this to do a fair amount of stream manipulation. Using a Guava multimap cleans that up quite a bit.

Second, this doesn't need to process the input map multiple times. This is cleaner if you process it once, keep the DVs that don't need to be merged in an output list, and also accumulate the partition and sequence number info for later at the same time. Doing that also simplifies the write and validate methods because you can identify the expected data sequence number and partition information here rather than complicating the loops in later methods.

Here's what I came up with:

  static List<DeleteFile> mergeAndWriteDVsIfRequired(
      Map<String, List<DeleteFile>> dvsByFile,
      Supplier<OutputFile> dvOutputFile,
      FileIO fileIO,
      Map<Integer, PartitionSpec> specs,
      ExecutorService pool) {

    List<DeleteFile> finalDVs = Lists.newArrayList();
    Multimap<String, DeleteFile> duplicates =
        Multimaps.newListMultimap(Maps.newHashMap(), Lists::newArrayList);
    Map<String, Pair<PartitionSpec, StructLike>> partitions = Maps.newHashMap();

    for (Map.Entry<String, List<DeleteFile>> entry : dvsByFile.entrySet()) {
      if (entry.getValue().size() > 1) {
        duplicates.putAll(entry.getKey(), entry.getValue());
        DeleteFile first = entry.getValue().get(0);
        partitions.put(entry.getKey(), Pair.of(specs.get(first.specId()), first.partition()));
      } else {
        finalDVs.addAll(entry.getValue());
      }
    }

    if (duplicates.isEmpty()) {
      return finalDVs;
    }

    validateCanMerge(duplicates, partitions);

    Map<String, PositionDeleteIndex> deletes =
        readAndMergeDVs(duplicates.values().toArray(DeleteFile[]::new), fileIO, pool);

    finalDVs.addAll(writeDVs(deletes, partitions, dvOutputFile));

    return finalDVs;
  }

[rdblue]

Is this an added files summary, or is it a commit summary? Maybe we should change the name to be more clear.

[rdblue]

I think it would be better not to handle data files in newDeleteFilesAsManifests. It isn't obvious that this method is going to clear the data file summary and no one would look here for it. Why not keep a separate summary for data files and merge it with the deletes for the final summary? The data file one doesn't need to change.

[rdblue]

I think we should add a little more to this path. This doesn't show what the file is and will overwrite the same file name on each retry.

I would use an instance field so that we can embed a file counter:

private final AtomicInteger dvMergeAttempt = new AtomicInteger(0);

String filename = FileFormat.PUFFIN.addExtension(String.format("merged-dvs-%s-%s", snapshotId(), dvMergeAttempt.incrementAndGet()));

[rdblue]

As I noted, I'd prefer to remove the wrapper here.

[rdblue]

I think there's an existing problem with this class. It doesn't need to be fixed right now but we should follow up.

The issue is that this doesn't handle encryption key metadata when it creates DeleteFile instances in createDV. I would expect this to pass the output file's encryption key metadata (if it is an EncryptedOutputFile) to the delete file builder via withEncryptionKeyMetadata. But that isn't called.

I think that this class will still create encrypted streams because it calls EncryptedOutputFile#encryptingOutputFile to produce output streams. It just doesn't get the key metadata and pass it on.

This isn't a blocker for this commit since it's an existing bug, but we shouldn't leave it this way because it could create DVs that are encrypted and unrecoverable.

@aokolnychyi, you may want to take a look.

[RussellSpitzer]

How do we get empty "dvs" here? Shouldn't it always have contents?

[rdblue]

Yes, it should. This is a defensive check.

[RussellSpitzer]

There are a few other validations we could test here as well, (since we spent the time to add them)

Same file name different specs
Sequence number mismatch

I forgot what else you added :)

[RussellSpitzer]

Asked claude,

Mismatched sequence numbers -- two DVs for the same data file have different dataSequenceNumber() values. The validation at line 110-115 should throw IllegalArgumentException but this is never exercised.

Mismatched spec IDs -- two DVs for the same data file reference different partition specs (line 117-122). Not tested.

Mismatched partition tuples -- same spec but different partition values (line 124-129). Not tested.

[rdblue]

Nit: unnecessary whitespace change.

[rdblue]

I think this comment is obvious from the call below. I think the idea is right to have a comment here: why is it necessary to clear the summary? That's because the summary can't be generated until after DV merge happens and any new DV could require a merge. So the summary is built each time DV manifests are written.

[rdblue]

Looks good to me! Russell pointed out some test cases that should be added and I found a couple of minor things that are nice-to-have.