[GitHub] [spark] xuanyuanking commented on a change in pull request #28707: [SPARK-31894][SS] Introduce UnsafeRow format validation for streaming state store
xuanyuanking commented on a change in pull request #28707:
URL: https://github.com/apache/spark/pull/28707#discussion_r463426200
##
File path:
sql/catalyst/src/main/scala/org/apache/spark/sql/internal/SQLConf.scala
##
@@ -1237,6 +1237,16 @@ object SQLConf {
.intConf
.createWithDefault(10)
+ val STATE_STORE_FORMAT_VALIDATION_ENABLED =
+buildConf("spark.sql.streaming.stateStore.formatValidation.enabled")
+ .internal()
+ .doc("When true, check if the UnsafeRow from the state store is valid or
not when running " +
Review comment:
Sure, will submit a follow-up PR today.
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
us...@infra.apache.org
-
To unsubscribe, e-mail: reviews-unsubscr...@spark.apache.org
For additional commands, e-mail: reviews-h...@spark.apache.org
[GitHub] [spark] xuanyuanking commented on a change in pull request #28707: [SPARK-31894][SS] Introduce UnsafeRow format validation for streaming state store
xuanyuanking commented on a change in pull request #28707:
URL: https://github.com/apache/spark/pull/28707#discussion_r441919301
##
File path:
sql/catalyst/src/main/scala/org/apache/spark/sql/internal/SQLConf.scala
##
@@ -1237,6 +1237,15 @@ object SQLConf {
.intConf
.createWithDefault(10)
+ val STATE_STORE_FORMAT_VALIDATION_ENABLED =
+buildConf("spark.sql.streaming.stateStore.formatValidation.enabled")
+ .internal()
+ .doc("When true, check if the UnsafeRow from the state store is valid or
not when running " +
+"streaming queries. This can happen if the state store format has been
changed.")
Review comment:
Make senes, done in 557eb30.
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
us...@infra.apache.org
-
To unsubscribe, e-mail: reviews-unsubscr...@spark.apache.org
For additional commands, e-mail: reviews-h...@spark.apache.org
[GitHub] [spark] xuanyuanking commented on a change in pull request #28707: [SPARK-31894][SS] Introduce UnsafeRow format validation for streaming state store
xuanyuanking commented on a change in pull request #28707:
URL: https://github.com/apache/spark/pull/28707#discussion_r441919193
##
File path:
sql/catalyst/src/main/scala/org/apache/spark/sql/catalyst/util/UnsafeRowUtils.scala
##
@@ -0,0 +1,86 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements. See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License. You may obtain a copy of the License at
+ *
+ *http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.apache.spark.sql.catalyst.util
+
+import org.apache.spark.sql.catalyst.expressions.UnsafeRow
+import org.apache.spark.sql.types._
+
+object UnsafeRowUtils {
+
+ /**
+ * Use the following rules to check the integrity of the UnsafeRow:
+ * - schema.fields.length == row.numFields should always be true
+ * - UnsafeRow.calculateBitSetWidthInBytes(row.numFields) <
row.getSizeInBytes should always be
+ * true if the expectedSchema contains at least one field.
+ * - For variable-length fields: if null bit says it's null then don't do
anything, else extract
+ * offset and size:
+ * 1) 0 <= size < row.getSizeInBytes should always be true. We can be even
more precise than
+ * this, where the upper bound of size can only be as big as the
variable length part of
+ * the row.
+ * 2) offset should be >= fixed sized part of the row.
+ * 3) offset + size should be within the row bounds.
+ * - For fixed-length fields that are narrower than 8 bytes
(boolean/byte/short/int/float), if
+ * null bit says it's null then don't do anything, else:
+ * check if the unused bits in the field are all zeros. The
UnsafeRowWriter's write() methods
+ * make this guarantee.
+ * - Check the total length of the row.
+ */
+ def validateStructuralIntegrity(row: UnsafeRow, expectedSchema: StructType):
Boolean = {
+if (expectedSchema.fields.length != row.numFields) {
+ return false
+}
+val bitSetWidthInBytes =
UnsafeRow.calculateBitSetWidthInBytes(row.numFields)
+val rowSizeInBytes = row.getSizeInBytes
+if (expectedSchema.fields.length > 0 && bitSetWidthInBytes >=
rowSizeInBytes) {
+ return false
+}
+var varLenFieldsSizeInBytes = 0
+expectedSchema.fields.zipWithIndex.foreach {
+ case (field, index) if !UnsafeRow.isFixedLength(field.dataType) &&
!row.isNullAt(index) =>
+val offsetAndSize = row.getLong(index)
+val offset = (offsetAndSize >> 32).toInt
+val size = offsetAndSize.toInt
+if (size < 0 ||
+offset < bitSetWidthInBytes + 8 * row.numFields || offset + size >
rowSizeInBytes) {
+ return false
+}
+varLenFieldsSizeInBytes += size
+ case (field, index) if UnsafeRow.isFixedLength(field.dataType) &&
!row.isNullAt(index) =>
+field.dataType match {
+ case BooleanType =>
+if ((row.getLong(index) >> 1) != 0L) return false
+ case ByteType =>
+if ((row.getLong(index) >> 8) != 0L) return false
+ case ShortType =>
+if ((row.getLong(index) >> 16) != 0L) return false
+ case IntegerType =>
+if ((row.getLong(index) >> 32) != 0L) return false
+ case FloatType =>
+if ((row.getLong(index) >> 32) != 0L) return false
+ case _ =>
+}
+ case (field, index) if field.dataType == NullType =>
Review comment:
Thanks for the explanation, done in 557eb30.
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
us...@infra.apache.org
-
To unsubscribe, e-mail: reviews-unsubscr...@spark.apache.org
For additional commands, e-mail: reviews-h...@spark.apache.org
[GitHub] [spark] xuanyuanking commented on a change in pull request #28707: [SPARK-31894][SS] Introduce UnsafeRow format validation for streaming state store
xuanyuanking commented on a change in pull request #28707: URL: https://github.com/apache/spark/pull/28707#discussion_r441618274 ## File path: sql/core/src/main/scala/org/apache/spark/sql/execution/streaming/state/HDFSBackedStateStoreProvider.scala ## @@ -259,6 +259,7 @@ private[state] class HDFSBackedStateStoreProvider extends StateStoreProvider wit @volatile private var storeConf: StateStoreConf = _ @volatile private var hadoopConf: Configuration = _ @volatile private var numberOfVersionsToRetainInMemory: Int = _ + @volatile private var isValidated = false Review comment: Thanks, add the TODO in fd74ff9. This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. For queries about this service, please contact Infrastructure at: us...@infra.apache.org - To unsubscribe, e-mail: reviews-unsubscr...@spark.apache.org For additional commands, e-mail: reviews-h...@spark.apache.org
[GitHub] [spark] xuanyuanking commented on a change in pull request #28707: [SPARK-31894][SS] Introduce UnsafeRow format validation for streaming state store
xuanyuanking commented on a change in pull request #28707:
URL: https://github.com/apache/spark/pull/28707#discussion_r441618110
##
File path:
sql/core/src/main/scala/org/apache/spark/sql/execution/streaming/state/StateStore.scala
##
@@ -143,6 +145,16 @@ case class StateStoreCustomSumMetric(name: String, desc:
String) extends StateSt
case class StateStoreCustomSizeMetric(name: String, desc: String) extends
StateStoreCustomMetric
case class StateStoreCustomTimingMetric(name: String, desc: String) extends
StateStoreCustomMetric
+/**
+ * An exception thrown when an invalid UnsafeRow is detected in state store.
+ */
+class InvalidUnsafeRowException
+ extends SparkException("The streaming query failed by state format
invalidation. " +
Review comment:
No, change it to RuntimeException. Done in fd74ff9.
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
us...@infra.apache.org
-
To unsubscribe, e-mail: reviews-unsubscr...@spark.apache.org
For additional commands, e-mail: reviews-h...@spark.apache.org
[GitHub] [spark] xuanyuanking commented on a change in pull request #28707: [SPARK-31894][SS] Introduce UnsafeRow format validation for streaming state store
xuanyuanking commented on a change in pull request #28707:
URL: https://github.com/apache/spark/pull/28707#discussion_r441617572
##
File path:
sql/core/src/main/scala/org/apache/spark/sql/execution/streaming/state/StateStore.scala
##
@@ -143,6 +145,16 @@ case class StateStoreCustomSumMetric(name: String, desc:
String) extends StateSt
case class StateStoreCustomSizeMetric(name: String, desc: String) extends
StateStoreCustomMetric
case class StateStoreCustomTimingMetric(name: String, desc: String) extends
StateStoreCustomMetric
+/**
+ * An exception thrown when an invalid UnsafeRow is detected in state store.
+ */
+class InvalidUnsafeRowException
+ extends SparkException("The streaming query failed by state format
invalidation. " +
+"The following reasons may cause this: 1. An old Spark version wrote the
checkpoint that is " +
+"incompatible with the current one; 2. Broken checkpoint files; 3. The
query is changed " +
+"among restart. For the first case, you can try to restart the application
without " +
Review comment:
The resolution is for the first case. For the rest cases listing, they
should be considered as user problems.
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
us...@infra.apache.org
-
To unsubscribe, e-mail: reviews-unsubscr...@spark.apache.org
For additional commands, e-mail: reviews-h...@spark.apache.org
[GitHub] [spark] xuanyuanking commented on a change in pull request #28707: [SPARK-31894][SS] Introduce UnsafeRow format validation for streaming state store
xuanyuanking commented on a change in pull request #28707:
URL: https://github.com/apache/spark/pull/28707#discussion_r441615184
##
File path:
sql/catalyst/src/main/scala/org/apache/spark/sql/catalyst/util/UnsafeRowUtils.scala
##
@@ -0,0 +1,84 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements. See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License. You may obtain a copy of the License at
+ *
+ *http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.apache.spark.sql.catalyst.util
+
+import org.apache.spark.sql.catalyst.expressions.UnsafeRow
+import org.apache.spark.sql.types._
+
+object UnsafeRowUtils {
+
+ /**
+ * Use the following rules to check the integrity of the UnsafeRow:
+ * - schema.fields.length == row.numFields should always be true
+ * - UnsafeRow.calculateBitSetWidthInBytes(row.numFields) <
row.getSizeInBytes should always be
+ * true if the expectedSchema contains at least one field.
+ * - For variable-length fields: if null bit says it's null then don't do
anything, else extract
+ * offset and size:
+ * 1) 0 <= size < row.getSizeInBytes should always be true. We can be even
more precise than
+ * this, where the upper bound of size can only be as big as the
variable length part of
+ * the row.
+ * 2) offset should be >= fixed sized part of the row.
+ * 3) offset + size should be within the row bounds.
+ * - For fixed-length fields that are narrower than 8 bytes
(boolean/byte/short/int/float), if
+ * null bit says it's null then don't do anything, else:
+ * check if the unused bits in the field are all zeros. The
UnsafeRowWriter's write() methods
+ * make this guarantee.
+ * - Check the total length of the row.
+ */
+ def validateStructuralIntegrity(row: UnsafeRow, expectedSchema: StructType):
Boolean = {
+if (expectedSchema.fields.length != row.numFields) {
+ return false
+}
+val bitSetWidthInBytes =
UnsafeRow.calculateBitSetWidthInBytes(row.numFields)
+val rowSizeInBytes = row.getSizeInBytes
+if (expectedSchema.fields.length > 0 && bitSetWidthInBytes >=
rowSizeInBytes) {
+ return false
+}
+var varLenFieldsSizeInBytes = 0
+expectedSchema.fields.zipWithIndex.foreach {
+ case (field, index) if !UnsafeRow.isFixedLength(field.dataType) &&
!row.isNullAt(index) =>
+val offsetAndSize = row.getLong(index)
+val offset = (offsetAndSize >> 32).toInt
+val size = offsetAndSize.toInt
+if (size < 0 ||
+offset < bitSetWidthInBytes + 8 * row.numFields || offset + size >
rowSizeInBytes) {
+ return false
+}
+varLenFieldsSizeInBytes += size
+ case (field, index) if UnsafeRow.isFixedLength(field.dataType) &&
!row.isNullAt(index) =>
+field.dataType match {
+ case BooleanType =>
+if ((row.getLong(index) >> 1) != 0L) return false
+ case ByteType =>
+if ((row.getLong(index) >> 8) != 0L) return false
+ case ShortType =>
+if ((row.getLong(index) >> 16) != 0L) return false
+ case IntegerType =>
+if ((row.getLong(index) >> 32) != 0L) return false
+ case FloatType =>
+if ((row.getLong(index) >> 32) != 0L) return false
+ case _ =>
+}
+ case _ =>
Review comment:
Thanks, done in fd74ff9.
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
us...@infra.apache.org
-
To unsubscribe, e-mail: reviews-unsubscr...@spark.apache.org
For additional commands, e-mail: reviews-h...@spark.apache.org
[GitHub] [spark] xuanyuanking commented on a change in pull request #28707: [SPARK-31894][SS] Introduce UnsafeRow format validation for streaming state store
xuanyuanking commented on a change in pull request #28707:
URL: https://github.com/apache/spark/pull/28707#discussion_r434429538
##
File path:
sql/catalyst/src/main/scala/org/apache/spark/sql/internal/SQLConf.scala
##
@@ -1545,6 +1545,15 @@ object SQLConf {
.booleanConf
.createWithDefault(true)
+ val STREAMING_AGGREGATION_STATE_FORMAT_CHECK_ENABLED =
+buildConf("spark.sql.streaming.aggregationStateFormatCheck.enabled")
+ .doc("Whether to detect a streaming aggregation query may try to use an
invalid UnsafeRow " +
+"in the state store.")
+ .version("3.1.0")
+ .internal()
Review comment:
Thanks, done in 10a7980.
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
us...@infra.apache.org
-
To unsubscribe, e-mail: reviews-unsubscr...@spark.apache.org
For additional commands, e-mail: reviews-h...@spark.apache.org
[GitHub] [spark] xuanyuanking commented on a change in pull request #28707: [SPARK-31894][SS] Introduce UnsafeRow format validation for streaming state store
xuanyuanking commented on a change in pull request #28707:
URL: https://github.com/apache/spark/pull/28707#discussion_r434429391
##
File path:
sql/catalyst/src/main/scala/org/apache/spark/sql/internal/SQLConf.scala
##
@@ -1545,6 +1545,15 @@ object SQLConf {
.booleanConf
.createWithDefault(true)
+ val STREAMING_AGGREGATION_STATE_FORMAT_CHECK_ENABLED =
+buildConf("spark.sql.streaming.aggregationStateFormatCheck.enabled")
+ .doc("Whether to detect a streaming aggregation query may try to use an
invalid UnsafeRow " +
Review comment:
Thanks, rephrase in 10a7980.
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
us...@infra.apache.org
-
To unsubscribe, e-mail: reviews-unsubscr...@spark.apache.org
For additional commands, e-mail: reviews-h...@spark.apache.org
[GitHub] [spark] xuanyuanking commented on a change in pull request #28707: [SPARK-31894][SS] Introduce UnsafeRow format validation for streaming state store
xuanyuanking commented on a change in pull request #28707:
URL: https://github.com/apache/spark/pull/28707#discussion_r434420491
##
File path:
sql/catalyst/src/main/scala/org/apache/spark/sql/internal/SQLConf.scala
##
@@ -1545,6 +1545,15 @@ object SQLConf {
.booleanConf
.createWithDefault(true)
+ val STREAMING_STATE_FORMAT_CHECK_ENABLED =
Review comment:
Thanks, rename it in ee048bc. Considering it's an extra checking and
still have overhead, I keep the feature flag for safety.
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
us...@infra.apache.org
-
To unsubscribe, e-mail: reviews-unsubscr...@spark.apache.org
For additional commands, e-mail: reviews-h...@spark.apache.org
[GitHub] [spark] xuanyuanking commented on a change in pull request #28707: [SPARK-31894][SS] Introduce UnsafeRow format validation for streaming state store
xuanyuanking commented on a change in pull request #28707:
URL: https://github.com/apache/spark/pull/28707#discussion_r434419336
##
File path:
sql/core/src/main/scala/org/apache/spark/sql/execution/streaming/state/StreamingAggregationStateManager.scala
##
@@ -77,13 +82,24 @@ object StreamingAggregationStateManager extends Logging {
}
}
+/**
+ * An exception thrown when an invalid UnsafeRow is detected.
+ */
+class InvalidUnsafeRowException
+ extends SparkException("The UnsafeRow format is invalid. This may happen
when using the old " +
+"version or broken checkpoint file. To resolve this problem, you can try
to restart the " +
Review comment:
Thanks for the comments, I rephrase the error message to make it
clearer. Yep, there are several ways that can lead to the invalid format and we
need to list them all. Done in ee048bc
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
us...@infra.apache.org
-
To unsubscribe, e-mail: reviews-unsubscr...@spark.apache.org
For additional commands, e-mail: reviews-h...@spark.apache.org
[GitHub] [spark] xuanyuanking commented on a change in pull request #28707: [SPARK-31894][SS] Introduce UnsafeRow format validation for streaming state store
xuanyuanking commented on a change in pull request #28707:
URL: https://github.com/apache/spark/pull/28707#discussion_r434418012
##
File path:
sql/core/src/main/scala/org/apache/spark/sql/execution/streaming/state/StreamingAggregationStateManager.scala
##
@@ -94,6 +110,28 @@ abstract class StreamingAggregationStateManagerBaseImpl(
// discard and don't convert values to avoid computation
store.getRange(None, None).map(_.key)
}
+
+ override def unsafeRowFormatValidation(row: UnsafeRow, schema: StructType):
Unit = {
+if (checkFormat && SQLConf.get.getConf(
+SQLConf.STREAMING_STATE_FORMAT_CHECK_ENABLED) && row != null) {
+ if (schema.fields.length != row.numFields) {
Review comment:
Actually that's the first version I did. Since the checking logic is
only used for streaming aggregation query and also depends on the streaming
config, I choose to put it in StreamingAggregationStateManager, WDYT?
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
us...@infra.apache.org
-
To unsubscribe, e-mail: reviews-unsubscr...@spark.apache.org
For additional commands, e-mail: reviews-h...@spark.apache.org
