Make metrics collection optional/faster

[QuerthDP]

This patch contains:

• Implementation of lock-free histogram with hot and cold bucket pools
• Introduction of crate feature "metrics" to make using them optional
• Functionality to gather latency statistics via histogram snapshots
• Implementation of rates of queries per second based on cpp-driver implementation.
• Initial implementation of connection metrics (changes required after review)

Fixes: #330

Pre-review checklist

• I have split my patch into logically separate commits.
• All commit messages clearly explain what they change and why.
• I added relevant tests for new features and bug fixes.
• All commits compile, pass static checks and pass test.
• PR description sums up the changes and reasons why they should be introduced.
• I have provided docstrings for the public items that I want to introduce.
• I have adjusted the documentation in ./docs/source/.
• I added appropriate Fixes: annotations to PR description.

[github-actions]

cargo semver-checks detected some API incompatibilities in this PR.
Checked commit: 4392cb8

See the following report for details:

cargo semver-checks output

./scripts/semver-checks.sh --baseline-rev f9f0940dec71b0c6762d813af2da6b4a2578058e
+ cargo semver-checks -p scylla -p scylla-cql --baseline-rev f9f0940dec71b0c6762d813af2da6b4a2578058e
     Cloning f9f0940dec71b0c6762d813af2da6b4a2578058e
    Building scylla v0.15.0 (current)
       Built [  23.383s] (current)
     Parsing scylla v0.15.0 (current)
      Parsed [   0.053s] (current)
    Building scylla v0.15.0 (baseline)
       Built [  22.814s] (baseline)
     Parsing scylla v0.15.0 (baseline)
      Parsed [   0.049s] (baseline)
    Checking scylla v0.15.0 -> v0.15.0 (no change)
     Checked [   0.107s] 107 checks: 106 pass, 1 fail, 0 warn, 0 skip

--- failure struct_with_no_pub_fields_changed_type: public API struct with no public fields is no longer a struct ---

Description:
A struct without pub fields became an enum or union, breaking pattern matching.
        ref: https://internals.rust-lang.org/t/rest-patterns-foo-should-match-non-struct-types/21607
       impl: https://github.com/obi1kenobi/cargo-semver-checks/tree/v0.38.0/src/lints/struct_with_no_pub_fields_changed_type.ron

Failed in:
  struct scylla::observability::metrics::MetricsError became enum in file /home/runner/work/scylla-rust-driver/scylla-rust-driver/scylla/src/observability/metrics.rs:10

     Summary semver requires new major version: 1 major and 0 minor checks failed
    Finished [  47.407s] scylla
    Building scylla-cql v0.4.0 (current)
       Built [  11.449s] (current)
     Parsing scylla-cql v0.4.0 (current)
      Parsed [   0.034s] (current)
    Building scylla-cql v0.4.0 (baseline)
       Built [  11.431s] (baseline)
     Parsing scylla-cql v0.4.0 (baseline)
      Parsed [   0.033s] (baseline)
    Checking scylla-cql v0.4.0 -> v0.4.0 (no change)
     Checked [   0.112s] 107 checks: 107 pass, 0 skip
     Summary no semver update required
    Finished [  24.010s] scylla-cql
make: *** [Makefile:61: semver-rev] Error 1

[QuerthDP]

Changelog:

• rebased on main

[muzarski]

I still need to review commits that introduce Meter and connection metrics. Posting this review early, because there are some matters to discuss.

[muzarski]

1. Please add a docstring. Even the simplest one - mentioning that it indicates some failure during LockFreeHistogram's operation
2. I don't like the name. Since this is a public type, the error name should be more descriptive (current version would be fine for driver's internal error type). I suggest a verbose name such as LockFreeHistogramError (WDYT @wprzytula ?)
3. The additional context is not displayed for the variants. You can display it via {0}, such as #[error("Invalid use of histogram: {0}")]. Also, please begin the error messages with capital letter (this is a convention we currently use in the driver).
4. HistogramErr -> HistogramError (variant name)
5. HistogramErr variant currently has a type from a pre-1.0.0 crate. We need to think what to do with this. Corresponding issue: Remove types from pre-1.0 crates from the public API, or hide them behind features #771. I see that later in this PR, you introuce a metrics feature, so I assume that this error type will be hidden behind it as well. Is it OK if feature name does not directly correspond to the unstable crate's name? In this case, the unstable crate is histogram, and feature name is metrics. I'm not sure how this interacts with API stability. cc: @piodul @Lorak-mmk

[muzarski]

This needs a docstring as well. Not only this is a public type (does it need to be public?), but its methods contain some very complex logic, which could be briefly explained here.

Also, it would be nice to mention the motivation behind this struct. I understand the logic (after reviewing the methods), but I still don't quite get WHY we need it. Why can't we just use the AtomicHistogram from histogram crate? Are there any races that can occur without this additional layer of synchronization?

[NikodemGapski]

Okay, so there are a couple of things to mention here, but I'll start from the beginning.

In the issue description here it is noted that no suitable solution for the problem was found on crates.io (I believe AtomicHistogram already existed by the time of writing of that issue), so I assumed it must have had a flaw. And, as it turned out, it did.

I highly recommend reading through the issue I opened up on the crate histogram repo, where I explain all of the motivation in detail, but in short: the .load() method has no synchronisation with increments, which causes a logical race (the state of the loaded histogram is dependent on the speed at which it is loaded).

The idea of some sort of a lock-free algorithm was also proposed in the "Make metrics optional" issue, along with sharding, which I considered potentially harder to implement, thus I went with a lock-free algorithm.

However (!), the LockFreeHistogram's implementation comes with potential drawbacks in terms of performance (in comparison to AtomicHistogram, not a global mutex) due to global atomic counters accessed upon each bucket increment.

I haven't managed to run any benchmarks in this regard, nor do I have concrete examples of cases when AtomicHistogram's implementation yields a very significant error in results (though I did come up with some ideas and calculations; they can be found on my linked issue on crate histogram's repo). Therefore, the decision of which histogram implementation to incorporate into this driver is up to you. I've just provided a safe alternative and done some research.

Also, should you choose to go with AtomicHistogram, the change will be rather effortless, as I maintained the API schema used in crate histogram for my implementation.

[muzarski]

Thank you for the explanation! I think part of this deserves to be put in the docstring.

Also, should you choose to go with AtomicHistogram, the change will be rather effortless, as I maintained the API schema used in crate histogram for my implementation.

This is great. Also, please unpub (pub(crate)) the LockFreeHistogram and its methods. Only then will we be 100% sure that if we ever decide to drop/modify LockFreeHistogram, such change will not be API breaking.

Which histogram implementation we want to incorporate to the driver? Well, this needs to be discussed. I'd wait until @Lorak-mmk and @wprzytula review the code.

[NikodemGapski]

I unpubbed LockFreeHistogram and its methods, but now I can see it might be difficult to make such a change completely non-API-breaking. That's because LockFreeHistogramError is propagated as MetricsError's cause and thus needs to be pub. Upon change to AtomicHistogram this error struct would be removed entirely.

I'm not yet sure how we could go around this issue.

[muzarski]

Ah, good catch. There are some workarounds for this, however. For example, we could always hide underlying LockFreeHistogramError under Arc<dyn Error>. I wouldn't worry about this now. Let's wait for others to join the discussion.

[brayniac]

For what it's worth, while .load() is not atomic wrt concurrent increments into the histogram. I'd still consider using the AtomicHistogram which is used in metrics for both rpc-perf and Pelikan.

As I said in the issue opened in rustcommon, I'm not sure that the potential skew here would be meaningful. But I do welcome some concrete details if such skew does prove to be meaningful.

The TLDR is I'm not sure how much it matters whether it's on one side or the other of loading a histogram. If you envision periodically snapshotting the histogram, it seems you have to accept that the latency is already being recorded at the tail end of the event. Imagine a request that takes a long time, that latency gets incremented after the fact, when the service might be back to responding quickly.

My feeling is that ultimately this is all an approximation and I've found the AtomicHistogram as in the histogram crate to be satisfactory for projects I work on.

[muzarski]

Where are these defaults taken from?

[NikodemGapski]

Since the histogram crate no longer provides defaults, I had to come up with some choice here. It was my best guess at what might be needed, though that is obviously to be discussed and modified if needed.

[brayniac]

You may find our calculator useful while evaluating what parameters are appropriate: https://observablehq.com/@iopsystems/h2-histogram

[muzarski]

ditto: same comments as in regards to LFError

[muzarski]

I know that previous MetricsError was not documented, but we will appreciate this change as a bonus :). This will make a progress towards #519

[muzarski]

I wonder why they decided to remove Histogram::mean() method

[brayniac]

The histogram has no way of providing a true mean. Do we use the lower or upper end of the bucket range while calculating? Somewhere in the middle? It seems more appropriate to let the caller decide how they want to deal with this detail. Same when determining a percentile, the best we can do is return the Bucket where the percentile falls into its range. It may depend on your use-case on what value to report. Previous assumptions of over-reporting latencies by using the upper-edge of the bucket might not be appropriate for all use-cases.

[wprzytula]

🔧 IIUC, this is intended to be a module docstring. In such case, this should use //! instead of ///. Also, let's leave an empty line after the module docstring.

[wprzytula]

⛏️ typo: histgorams

[wprzytula]

🔧 I think [debug_struct](https://doc.rust-lang.org/std/fmt/struct.Formatter.html#method.debug_struct) could aid here.

[wprzytula]

❓ What's lambda? Is it something related to histogram maths?

[NikodemGapski]

Oh, not at all 😆 . I just used it as a synonym for a closure. I can change it to closure if you believe it will improve understandability. 👍

[wprzytula]

😄 Yes, please. Apparently the Rust world tries so hard to cut itself off C++ that I didn't think of it.

[wprzytula]

🤔 Although it makes no sense to me, the creators of histogram crate implemented IntoIterator for &Histogram! The idiomatic way would be to implement an iter() method, just like it's done on owned collections to construct an iterator of references to the collection.

🔧 This means that you should never clone a Histogram, but simply pass it by a shared reference and call .into_iter() on that reference. Weird, but no cloning involved.

[brayniac]

I believe that IntoIterator is needed for the for loop syntax to work so here you could do:

for bucket in &h {
        // some code here
}

But there's no reason not to have .iter() as well, so I've added that in histogram-0.11.2 which is now live on crates.io

[wprzytula]

I believe that IntoIterator is needed for the for loop syntax to work so here you could do:

for bucket in &h {
        // some code here
}

You're right, actually the standard library defines IntoIterator on references to collections as well. TIL, thank you! 🙇

But there's no reason not to have .iter() as well, so I've added that in histogram-0.11.2 which is now live on crates.io

Great! 🚀

[wprzytula]

🔧 For future compatibility, let's either:

• make this struct #[non_exhaustive] to allow adding more fields in the future without breaking the API;
• or make all those fields private and expose a getter for each field.

Which one do you find a more suitable solution? @Lorak-mmk @muzarski

[wprzytula]

🔧 I can see that there are barely any comments in the cpp-driver's implementation of this, but still I'd love to see more explanation of what's going on here.

Docstrings/comments on ExponentiallyWeightedMovingAverage's fields would be much appreciated.

[wprzytula]

❓ Is this counter intented to measure client-side request timeouts, server-side request timeouts, or both?

[QuerthDP]

AFAIK this metric was used in cpp-driver to count client timeouts on requests to the database.
So is this method called in our implementation (alongside returning QueryError::RequestTimeout, the docstring of which mentions that it regards the client side).

I think it should be specified in the docstring of our inc method as well, so I will adjust it.

[wprzytula]

❓ These docstrings pretty much repeat what's said in the functions' names, but they don't tell me when I should call those.

[QuerthDP]

Those functions are not meant to be called by the user.

Nevertheless I surely will adjust the docstrings to better describe the logic behind those functions for devs to understand and use properly if needed in other places in the future.

[wprzytula]

for devs to understand and use properly if needed in other places in the future.

That's what I had in mind - internal usage.

[wprzytula]

🏕️ Not related to what you've done, but I can see Metrics::new being a pub method, whereas it's only intended for in-crate use. If you could, please make it pub(crate) as a bonus.