sql: make transaction_rows_{read|written}_err and large_full_scan_rows guardrails halt query execution #70473
Labels
A-sql-execution
Relating to SQL execution.
C-enhancement
Solution expected to add code/behavior + preserve backward-compat (pg compat issues are exception)
docs-done
docs-known-limitation
O-postmortem
Originated from a Postmortem action item.
P-3
Issues/test failures with no fix SLA
T-sql-queries
SQL Queries Team
Comments
michae2
added
C-enhancement
@rytaft @jordanlewis We should revisit this issue. The motivation of these guardrails would be to protect the cluster before destabilization. |
|
This is likely a non-trivial amount of work. We need to see if it's needed. @vy-ton |
|
Note for posterity: when fixing this, we might be able to take advantage of whatever mechanism is used for transaction timeouts (though there will be more to this fix than just invoking that mechanism). |
|
When we fix this, it would be nice to use the same technique to make a full scan halt immediately if it reads more than |
rytaft
added a commit
to rytaft/cockroach
that referenced
this issue
Jun 2, 2023
Prior to this commit, setting transaction_rows_read_err to a non-zero value would cause a transaction to fail as soon as a statement caused the total number of rows read to exceed transaction_rows_read_err. However, it was possible that each statement could read many more than transaction_rows_read_err rows. This commit adds logic so that a single scan never reads more than transaction_rows_read_err+1 rows if transaction_rows_read_err is set. Informs cockroachdb#70473 Release note (performance improvement): If transaction_rows_read_err is set to a non-zero value, we now ensure that any single scan never reads more than transaction_rows_read_err+1 rows. This prevents transactions that would error due to the transaction_rows_read_err setting from causing a large performance overhead due to large scans.
rytaft
added a commit
to rytaft/cockroach
that referenced
this issue
Jun 3, 2023
Prior to this commit, setting transaction_rows_read_err to a non-zero value would cause a transaction to fail as soon as a statement caused the total number of rows read to exceed transaction_rows_read_err. However, it was possible that each statement could read many more than transaction_rows_read_err rows. This commit adds logic so that a single scan never reads more than transaction_rows_read_err+1 rows if transaction_rows_read_err is set. Informs cockroachdb#70473 Release note (performance improvement): If transaction_rows_read_err is set to a non-zero value, we now ensure that any single scan never reads more than transaction_rows_read_err+1 rows. This prevents transactions that would error due to the transaction_rows_read_err setting from causing a large performance overhead due to large scans.
craig bot
pushed a commit
that referenced
this issue
Jun 5, 2023
104290: sql: make transaction_rows_read_err prevent large scans r=rytaft a=rytaft Prior to this commit, setting `transaction_rows_read_err` to a non-zero value would cause a transaction to fail as soon as a statement caused the total number of rows read to exceed `transaction_rows_read_err`. However, it was possible that each statement could read many more than `transaction_rows_read_err` rows. This commit adds logic so that a single scan never reads more than `transaction_rows_read_err+1` rows if `transaction_rows_read_err` is set. Informs #70473 Release note (performance improvement): If `transaction_rows_read_err` is set to a non-zero value, we now ensure that any single scan never reads more than `transaction_rows_read_err+1` rows. This prevents transactions that would error due to the `transaction_rows_read_err` setting from causing a large performance overhead due to large scans. 104337: sql: fix reset_sql_stats to truncate activity tables r=j82w a=j82w Previously: The reset stats on the ui and crdb_internal.reset_sql_stats() would only reset the statement_statistics and transaction_statics tables. This would leave the sql_activity table with old data. The reset stats now truncates the sql_activity table as well. Fixes: #104321 Epic: none Release note (sql change): Fix crdb_internal.reset_sql_stats() to cleanup the sql_activity table which work as a cache for the stats. Co-authored-by: Rebecca Taft <[email protected]> Co-authored-by: j82w <[email protected]>
rytaft
added a commit
to rytaft/cockroach
that referenced
this issue
Jun 5, 2023
Prior to this commit, setting transaction_rows_read_err to a non-zero value would cause a transaction to fail as soon as a statement caused the total number of rows read to exceed transaction_rows_read_err. However, it was possible that each statement could read many more than transaction_rows_read_err rows. This commit adds logic so that a single scan never reads more than transaction_rows_read_err+1 rows if transaction_rows_read_err is set. Informs cockroachdb#70473 Release note (performance improvement): If transaction_rows_read_err is set to a non-zero value, we now ensure that any single scan never reads more than transaction_rows_read_err+1 rows. This prevents transactions that would error due to the transaction_rows_read_err setting from causing a large performance overhead due to large scans.
rytaft
added a commit
to rytaft/cockroach
that referenced
this issue
Jun 5, 2023
Prior to this commit, setting transaction_rows_read_err to a non-zero value would cause a transaction to fail as soon as a statement caused the total number of rows read to exceed transaction_rows_read_err. However, it was possible that each statement could read many more than transaction_rows_read_err rows. This commit adds logic so that a single scan never reads more than transaction_rows_read_err+1 rows if transaction_rows_read_err is set. Informs cockroachdb#70473 Release note (performance improvement): If transaction_rows_read_err is set to a non-zero value, we now ensure that any single scan never reads more than transaction_rows_read_err+1 rows. This prevents transactions that would error due to the transaction_rows_read_err setting from causing a large performance overhead due to large scans. For some queries in rare cases this change may end up disabling cross-range parallelism of the scan operation which can result in increase of query latency.
rytaft
changed the title
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
We recently added guardrails to limit the number of rows read or written by a single transaction. A transaction reading more than
transaction_rows_read_errrows (or writing more thantransaction_rows_written_errrows) now fails with an error.To simplify implementation, we chose to emit this error after the violating query has already finished executing and delivered results to the application. This is still quite useful: well-behaved applications will see the error, and the transaction will be aborted. But there is a risk that poorly written applications might not see the error after receiving results of a read-only autocommit query. There is also a risk that the violating query will have already hurt cluster performance before hitting the guardrail.
It would be more defensive for the current query execution to halt immediately upon violating one of these limits.
Here's an example:
Jira issue: CRDB-10088
The text was updated successfully, but these errors were encountered: