feat(storage): wake up memory acquire request in order

[Little-Wallace]

I hereby agree to the terms of the RisingWave Labs, Inc. Contributor License Agreement.

What's changed and what's your intention?

close #15786
See design details in issue

Checklist

• I have written necessary rustdoc comments
• I have added necessary unit tests and integration tests
• I have added test labels as necessary. See details.
• I have added fuzzing tests or opened an issue to track them. (Optional, recommended for new SQL features Sqlsmith: Sql feature generation #7934).
• My PR contains breaking changes. (If it deprecates some features, please create a tracking issue to remove them in the future).
• All checks passed in ./risedev check (or alias, ./risedev c)
• My PR changes performance-critical code. (Please run macro/micro-benchmarks and show the results.)

• My PR contains critical fixes that are necessary to be merged into the latest release. (Please check out the details)

Documentation

• My PR needs documentation updates. (Please use the Release note section below to summarize the impact on users)

Release note

If this PR includes changes that directly affect users or other significant modifications relevant to the community, kindly draft a release note to provide a concise summary of these changes. Please prioritize highlighting the impact these changes will have on users.

[wenym1]

The current memory limiter is very similar to tokio::sync::Semaphore. Maybe we can try borrowing some implementation details from it.

[wenym1]

Can we move this fast path code self.try_require_memory_in_capacity(quota, self.fast_quota) to before acquiring the lock? In this way, if we successfully acquire the quota via CAS, we can avoid locking and writing the atomic variable.

[Little-Wallace]

This method is always called before try_require_memory, it means that has a failed try by CAS without lock

[Little-Wallace]

We must try to acquire with lock, because if there is no tracker hold by other threads, we can not notify this waiter forever.

[wenym1]

Maybe we can optimize the case when there are concurrent drops in multiple threads.

A rough idea will be, each thread will try to set the pending_request_count to 0 via CAS in a loop, and the only one that successfully sets it to 0 will do the notification.

[wenym1]

Can we have some unit tests to test the correctness and performance? In unit test we can launch a multi-threaded tokio runtime and spawn many tasks to keep doing require_memory, sleep for a while and then drop the tracker, in this way we may find out some uncovered corner case.

[wenym1]

Rest LGTM

[hzxa21]

I think it is simpler and easier to understand if we make this an atomic boolean and rename it to has_waiters

[Little-Wallace]

ok

[MrCroxx]

LGTM

[wenym1]

LGTM

[Li0k]

typo: “set it one”

[hzxa21]

The MemoryTrackerImpl and the newly added PendingRequestCancelGuard seem to be an over-design for the corner case mentioned above. Let's analyze all the cases when quota is acquired:

1. When the quota is acquired via MemoryRequest::Ready (L287), we need to release the quota and notify waiters.
2. When the quota is acquired here in may_notify_waiters in L243, there are two sub-cases:
   a. tx.send here succeeds, regardless of whether the rx is dropped or not, we need to release quota and notify waiter.
   b. tx.send here fails (due to rx has been dropped before tx.send). we only need to release quota but not notify watier (Otherwise, it will deadlock).

Therefore, the implementation can be greatly simplified without introducing MemoryTrackerImpl and PendingRequestCancelGuard.

// MemoryTrackerImpl is not needed.
struct MemoryTracker {
    limiter: Arc<MemoryLimiterInner>,
    quota: Option<u64>,
}

// MemoryTracker::drop will release quota + notifier waiters if quota is not None (1 + 2.a)
impl Drop for MemoryTracker {
    fn drop(&mut self) {
        if let Some(quota) = self.quota.take() {
            self.limiter.release_quota(quota);
            self.limiter.may_notify_waiters();
        }
    }
}

// Add a new method to releae quota without notify waiters.
impl MemoryTracker {
  fn release_quota(self) {
      if let Some(quota) = self.quota.take() {
            self.limiter.release_quota(quota);
      }
  }
}

...

// MemoryRequest takes MemoryTracker
enum MemoryRequest {
    Ready(MemoryTracker),
    Pending(Receiver<MemoryTracker>),
}

...

impl MemoryLimiterInner {
    ...
    fn may_notify_waiters(self: &Arc<Self>) {
        ...
        let mut waiters = self.controller.lock();
        while let Some((_, quota)) = waiters.front() {
            if !self.try_require_memory(*quota) {
                break;
            }
            ...
            if let Err(SendError(tracker)) = tx.send(MemoryTracker::new(self.clone(), quota)) {
                // 2.b
                tracker.release_quota(quota);
            }
    }
    ...
}

...

impl MemoryLimiter {
    pub async fn require_memory(&self, quota: u64) -> MemoryTracker {
        // PendingRequestCancelGuard is not needed
        match self.inner.require_memory(quota) {
            MemoryRequest::Ready(tracker) => tracker,
            MemoryRequest::Pending(rx) => rx.await
    }
}

[Little-Wallace]

We can not send MemoryTracker with in lock of controller because if it drops in this method, it may call may_notify_waiters again, which would acquire one lock twice.

[Little-Wallace]

We met this bug in #6634

[wenym1]

If tokio-rs/tokio#6558 looks good from the tokio community, we can have a patch on the tokio version we are using, and then we can adopt the code in this comment.

[wenym1]

I found loom, an interesting framework to test concurrent utilities. It provides mocked atomic variable and mutex, and block_on to support future.await, which covers all functionalities we use to sync between multiple parallelisms in our memory limiter. Shall we have some test written with the loom framework? It will be really helpful to prove the correctness of our implementation. You may refer to the loom test written for tokio::sync.

[hzxa21]

LGTM

[Li0k]

Rest LGTM

[Li0k]

typo: doc