Add Lease Timestamps

[fsamuel-bs]

General

Before this PR:
Workflows that attempted to implement a queue-like behavior with atlas timestamps did not perform well. The main issue was that they needed to scan from the immutable timestamp to account for written timestamps for ongoing transactions.

After this PR:
There's a new feature, called leased timestamps. With it, we know, for a given workflow, the minimum timestamp of open transactions. With this information, the range of timestamps we need to scan is significantly reduced.

==COMMIT_MSG==
==COMMIT_MSG==

Priority:

Concerns / possible downsides (what feedback would you like?):

Is documentation needed?:

Compatibility

Does this PR create any API breaks (e.g. at the Java or HTTP layers) - if so, do we have compatibility?:

Does this PR change the persisted format of any data - if so, do we have forward and backward compatibility?:

The code in this PR may be part of a blue-green deploy. Can upgrades from previous versions safely coexist? (Consider restarts of blue or green nodes.):

Does this PR rely on statements being true about other products at a deployment - if so, do we have correct product dependencies on these products (or other ways of verifying that these statements are true)?:

Does this PR need a schema migration?

Testing and Correctness

What, if any, assumptions are made about the current state of the world? If they change over time, how will we find out?:

What was existing testing like? What have you done to improve it?:

If this PR contains complex concurrent or asynchronous code, is it correct? The onus is on the PR writer to demonstrate this.:

If this PR involves acquiring locks or other shared resources, how do we ensure that these are always released?:

Execution

How would I tell this PR works in production? (Metrics, logs, etc.):

Has the safety of all log arguments been decided correctly?:

Will this change significantly affect our spending on metrics or logs?:

How would I tell that this PR does not work in production? (monitors, etc.):

If this PR does not work as expected, how do I fix that state? Would rollback be straightforward?:

If the above plan is more complex than “recall and rollback”, please tag the support PoC here (if it is the end of the week, tag both the current and next PoC):

Scale

Would this PR be expected to pose a risk at scale? Think of the shopping product at our largest stack.:

Would this PR be expected to perform a large number of database calls, and/or expensive database calls (e.g., row range scans, concurrent CAS)?:

Would this PR ever, with time and scale, become the wrong thing to do - and if so, how would we know that we need to do something differently?:

Development Process

Where should we start reviewing?:

If this PR is in excess of 500 lines excluding versions lock-files, why does it not make sense to split it?:

Please tag any other people who should be aware of this PR:
@jeremyk-91
@sverma30
@raiju

[changelog-app]

Generate changelog in changelog/@unreleased

What do the change types mean?

• feature: A new feature of the service.
• improvement: An incremental improvement in the functionality or operation of the service.
• fix: Remedies the incorrect behaviour of a component of the service in a backwards-compatible way.
• break: Has the potential to break consumers of this service's API, inclusive of both Palantir services
  and external consumers of the service's API (e.g. customer-written software or integrations).
• deprecation: Advertises the intention to remove service functionality without any change to the
  operation of the service itself.
• manualTask: Requires the possibility of manual intervention (running a script, eyeballing configuration,
  performing database surgery, ...) at the time of upgrade for it to succeed.
• migration: A fully automatic upgrade migration task with no engineer input required.

Note: only one type should be chosen.

How are new versions calculated?

• ❗The break and manual task changelog types will result in a major release!
• 🐛 The fix changelog type will result in a minor release in most cases, and a patch release version for patch branches. This behaviour is configurable in autorelease.
• ✨ All others will result in a minor version release.

Type

• Feature
• Improvement
• Fix
• Break
• Deprecation
• Manual task
• Migration

Description

Add leased timestamps to TimestampLeaseAwareTransaction and TimestampLeaseAwareTransactionManager APIs.

Check the box to generate changelog(s)

• Generate changelog entry

[jkozlowski]

PreCommitCondition is already a thing in AtlasDB, does the naming not clash here?

[jkozlowski]

As discussed: the consequence of this API is that you EXPECT the user to just call into their stores (and by extension the Transaction in AtlasDB) so this NEEDs to happen before the code in SnapshotTransaction#commitWrites or something.

Is there a usecase that you had for this style of work outside of this workstream? Because I struggle to understand why this is better than the more generic idea of "delayed-writes" (and not allowing people to interact with their Transaction object at the point where that function is ran).

[jkozlowski]

Additional concern I'd have is: would people expect that, if they happen to use their Transaction object from multiple threads, that there's an ordering between all interactions with the transaction object happened AND THEN these runnables are ran?

So concretely, would we want to have another state in https://github.com/palantir/atlasdb/blob/develop/atlasdb-impl-shared/src/main/java/com/palantir/atlasdb/transaction/impl/SnapshotTransaction.java#L243 or something?

[fsamuel-bs]

These ideally should be records, but Atlas is not on java 17 yet.

[fsamuel-bs]

Feels a bit wrong to be accessing nested elements like this. :/

[jkozlowski]

Adding this here will break upgrades for people, I suspect? or be a runtime failure?

[jkozlowski]

Should we consider the same underhanded trick you're doing for TimestampLeaseAwareTransaction?

[fsamuel-bs]

:(. Ya, there are some internal dependencies. Let me fix this then.

[jkozlowski]

I would say this is maybe a useful warning, but it assumes a lot about how this is used, therefore possibly making it not worth putting in here?

[fsamuel-bs]

Let's be bias towards over-communicating - this feature is too complex already.

[jkozlowski]

Should we add a warning that this is a very advanced feature and nobody should use this without TS involvement. Also, a warning that this timestamp MAY sometimes go back (if observed globally)

[fsamuel-bs]

I'll just do the RestrictedApi thing then.

[jkozlowski]

Yeah. Understood where this comes from, and I think in general this is fine, but I also don't understand exactly how these subprojects are decomped. Specifically, at least in the past, internal products would run without timelock.

Should we duplicate TimestampLeaseName in atlasdb-api instead of doing this?

[fsamuel-bs]

No, it's too confusing internally. It's a pet peeve of mine to not have duplicate things flying around.

[jkozlowski]

I understand that, but libraries are hard

[autorelease3]

Released 0.1180.0

[jeremyk-91]

The general design looks right, though I think some things were rushed in the name of speed, and we should probably come back to them.

Some of the implementation details of TPCA also seem a bit unexpected, so would be worth checking if they need to be exactly as written as well.

Also, please write a description! I know there is a lot of context on this feature currently, but given some of the other constraints we have, that might change.

[jeremyk-91]

There's probably a reason we need this, but it's not immediately obvious to me why this is necessary over and above, e.g. timelock-api.

This really should be in the description.

[fsamuel-bs]

We moved TimestampLeaseName to :atlasdb-commons-api, which is used in lock-impl. Our gradle plugin orchestration requires all dependencies to be explicitly declared.

[jeremyk-91]

👍

[jeremyk-91]

question: we have the 0 case for some internal usage? It seems that to add an action via preCommit, you're not allowed for this to be zero

[fsamuel-bs]

We have theoretical ones, but I'll expose it as a new public method in Transaction with simpler signature - only preCommit(Runnable).