Improvements to the unicast-based recovery version computation algorithm

[sbodagala]

Modify the unicast-based recovery version computation algorithm the following ways:

• Make it use "max(KCV)", instead of "min(KCV)", as the default recovery version (details below)
• Make it return the <max(KCV), recovery version> pair as output
• Make the invoker use the "max(KCV)" version returned by the algorithm
• Address a bug related to the computation of recovery version (in the case where a subset of log servers have empty "unknownCommittedVersions" list)

And, make the invoker compute the max() and min() of recovery versions of primary and satellite DCs based on the recovery versions computed by the appropriate (with/without unicast) recovery version computation algorithms.

Testing:

Joshua job (with version vector feature disabled): 20241111-215149-sre-3f2cb6906ac4ea16 (no failures).

More details:

How can the "KnownCommittedVersion" advance after a log server/a subset of log servers are locked when unicast is enabled? This can happen because a commit version may get sent only to a subset of log servers when unicast is enabled and so even after a log server is/a subset of log servers are locked the remaining log servers could receive a version, commit that version, and that could cause the known committed version to advance.

Consider log servers S_a, S_b, S_c, S_d, and RF = 1. Suppose servers S_a and S_b got locked at version V_x, and known committed version on those servers be K_x (K_x < V_x). Now servers S_c and S_d could receive another version V_y (V_x < V_y) before they receive the lock message from the cluster controller, could commit V_y, could advance the known committed version to V_y on the proxy, and could receive V_y as the known committed version before they receive the lock request.

Here is a scenario from a simulation test that was causing a wrong recovery version to be selected because the known committed version was advancing after a log server is locked and we were using "min(kcv)" as the default recovery version:

Log server interfaces and their IDs:

Interface: b5c90942058a7b8c, ID: 0
Interface: ee2db35be3e7caf7, ID: 1
Interface: 727dc80e10ce7857, ID: 2

Versions and the log servers those versions were sent to:

Version 47631442 sent to and received by log server with ID: 1 and sent to and received by log server with ID: 0.

Version 49130513 sent to and received by log server with ID: 2) and sent to and received by log server with ID: 0.

Version 49771720 sent to and received by log server with ID: 2 and sent to but not received by log server with ID: 1.

Version 50985880 sent to but not received by log server with ID: 1 and sent to and received by log server with ID: 0.

Log servers with IDs 0 and 1 are reporting to cluster controller during recovery.

Log server with ID 1 gets stopped/locked at version 47631442, has known committed version 45781955 and reports unknown committed version list: 47631442

Log server with ID 0 gets stopped/locked at version 50985880, has known committed version 49130513 and reports unknown committed version list: 50985880

Note that the known committed version got advanced on log server with ID 0 after log server with ID 1 got locked.

Since the known committed version got advanced on ID 1 it won't report versions below 49130513 as unknown committed versions.

If the recovery algorithm uses "min(KCV)" as the default recovery version it will report 47631442 as the recovery version which is wrong. Using "max(KCV)" will make the algorithm pick the correct recovery version 49130513.

Code-Reviewer Section

The general pull request guidelines can be found here.

Please check each of the following things and check all boxes before accepting a PR.

• The PR has a description, explaining both the problem and the solution.
• The description mentions which forms of testing were done and the testing seems reasonable.
• Every function/class/actor that was touched is reasonably well documented.

For Release-Branches

If this PR is made against a release-branch, please also check the following:

• This change/bugfix is a cherry-pick from the next younger branch (younger release-branch or main if this is the youngest branch)
• There is a good reason why this PR needs to go into a release branch and this reason is documented (either in the description above or in a linked GitHub issue)

[sbodagala]

Please review the changes and comment on whether this PR can be merged into "main". If we can agree these changes are not disruptive and can be merged into "main" then I will take it out of the "Draft" status, thanks!

[foundationdb-ci]

Result of foundationdb-pr-clang-ide on Linux CentOS 7

• Commit ID: aa2c87e
• Duration 0:22:06
• Result: ✅ SUCCEEDED
• Error: N/A
• Build Log terminal output (available for 30 days)
• Build Workspace zip file of the working directory (available for 30 days)

[foundationdb-ci]

Result of foundationdb-pr-macos-m1 on macOS Ventura 13.x

• Commit ID: aa2c87e
• Duration 0:48:28
• Result: ✅ SUCCEEDED
• Error: N/A
• Build Log terminal output (available for 30 days)
• Build Workspace zip file of the working directory (available for 30 days)

[foundationdb-ci]

Result of foundationdb-pr-macos on macOS Ventura 13.x

• Commit ID: aa2c87e
• Duration 0:51:30
• Result: ✅ SUCCEEDED
• Error: N/A
• Build Log terminal output (available for 30 days)
• Build Workspace zip file of the working directory (available for 30 days)

[foundationdb-ci]

Result of foundationdb-pr-clang on Linux CentOS 7

• Commit ID: aa2c87e
• Duration 0:51:40
• Result: ✅ SUCCEEDED
• Error: N/A
• Build Log terminal output (available for 30 days)
• Build Workspace zip file of the working directory (available for 30 days)

[foundationdb-ci]

Result of foundationdb-pr-cluster-tests on Linux CentOS 7

• Commit ID: aa2c87e
• Duration 0:54:14
• Result: ✅ SUCCEEDED
• Error: N/A
• Build Log terminal output (available for 30 days)
• Build Workspace zip file of the working directory (available for 30 days)
• Cluster Test Logs zip file of the test logs (available for 30 days)

[foundationdb-ci]

Result of foundationdb-pr-clang-arm on Linux CentOS 7

• Commit ID: aa2c87e
• Duration 0:54:34
• Result: ✅ SUCCEEDED
• Error: N/A
• Build Log terminal output (available for 30 days)
• Build Workspace zip file of the working directory (available for 30 days)

[foundationdb-ci]

Result of foundationdb-pr on Linux CentOS 7

• Commit ID: aa2c87e
• Duration 1:00:31
• Result: ✅ SUCCEEDED
• Error: N/A
• Build Log terminal output (available for 30 days)
• Build Workspace zip file of the working directory (available for 30 days)

[foundationdb-ci]

Result of foundationdb-pr-clang-ide on Linux CentOS 7

• Commit ID: 17c16ab
• Duration 0:25:02
• Result: ✅ SUCCEEDED
• Error: N/A
• Build Log terminal output (available for 30 days)
• Build Workspace zip file of the working directory (available for 30 days)

[foundationdb-ci]

Result of foundationdb-pr-clang-arm on Linux CentOS 7

• Commit ID: 17c16ab
• Duration 0:53:28
• Result: ✅ SUCCEEDED
• Error: N/A
• Build Log terminal output (available for 30 days)
• Build Workspace zip file of the working directory (available for 30 days)

[foundationdb-ci]

Result of foundationdb-pr-cluster-tests on Linux CentOS 7

• Commit ID: 17c16ab
• Duration 0:56:32
• Result: ✅ SUCCEEDED
• Error: N/A
• Build Log terminal output (available for 30 days)
• Build Workspace zip file of the working directory (available for 30 days)
• Cluster Test Logs zip file of the test logs (available for 30 days)

[foundationdb-ci]

Result of foundationdb-pr-clang on Linux CentOS 7

• Commit ID: 17c16ab
• Duration 1:11:47
• Result: ✅ SUCCEEDED
• Error: N/A
• Build Log terminal output (available for 30 days)
• Build Workspace zip file of the working directory (available for 30 days)

[foundationdb-ci]

Result of foundationdb-pr on Linux CentOS 7

• Commit ID: 17c16ab
• Duration 1:14:08
• Result: ✅ SUCCEEDED
• Error: N/A
• Build Log terminal output (available for 30 days)
• Build Workspace zip file of the working directory (available for 30 days)