disagg: bound stream retries and reopen large forward seeks

[JaySon-Huang]

What problem does this PR solve?

Issue Number: close #10794

Problem Summary:

S3RandomAccessFile could retry forever after a retryable stream-side read() / ignore() failure. In the reported OSS case, repeated 206 range responses could keep ending with stream errors, and the unbounded outer retry loop could stall DeltaMerge GC. Forward seek was also still draining the current HTTP body with ignore(), which is fragile for large skips.

What is changed and how it works?

S3RandomAccessFile: bound stream-side retries and normalize initialize retry state
S3RandomAccessFile: use 128 KiB threshold for forward seek reopen

The change does two things:

• bounds stream-side retries in read() / seek() to max_retry = 3 total attempts, while keeping cur_retry scoped to per-initialize GetObject failures only
• adds reopenAt(...) so backward seek and stream retry recovery reopen from a committed offset with a fresh initialize budget
• changes forward seek to use a 128 KiB threshold: small skips still drain the current stream, while large skips reopen from the target offset directly
• fixes accounting so reopen-based forward seek still records logical seek bytes, but does not charge skipped bytes into remote read bytes
• extends MockS3Client to observe GetObject count and last range so the threshold split can be asserted in unit tests

Check List

Tests

• Unit test
• Integration test
• Manual test (add detailed scripts or steps below)
• No code

Side effects

• Performance regression: Consumes more CPU
• Performance regression: Consumes more Memory
• Breaking backward compatibility

Documentation

• Affects user behaviors
• Contains syntax changes
• Contains variable changes
• Contains experimental features
• Changes MySQL compatibility

Release note

None

Summary by CodeRabbit

• New Features

  • Forward seeks that jump far now reopen the remote stream at the target, avoiding draining data.

• Bug Fixes

  • Improved and bounded retry behavior for remote file read/seek operations; retry budget resets on reopen.
  • Seek/reopen logic now avoids charging skipped bytes as remote reads.

• Observability

  • Added a profiling metric to track reopen-on-seek events.

• Tests

  • Added tests covering retry, reopen-on-seek, and reopen failure scenarios.
  • Exposed test hooks to observe/reset remote GET call counts and ranges.

• Chores

  • Added a failpoint to inject seek failures for testing.

[pantheon-ai]

Review Complete

Findings: 0 issues
Posted: 0
Duplicates/Skipped: 0

_{ℹ️ Learn more details on Pantheon AI.}

[coderabbitai]

No actionable comments were generated in the recent review. 🎉

ℹ️ Recent review info

⚙️ Run configuration

Configuration used: Repository UI

Review profile: CHILL

Plan: Pro

Run ID: f9f924ea-3465-40d6-a1ac-3fe79e24f116

📥 Commits

Reviewing files that changed from the base of the PR and between 8f04ca5 and ebb4ea0.

📒 Files selected for processing (2)

• dbms/src/Storages/S3/S3RandomAccessFile.cpp
• dbms/src/Storages/S3/tests/gtest_s3file.cpp

🚧 Files skipped from review as they are similar to previous changes (2)

• dbms/src/Storages/S3/tests/gtest_s3file.cpp
• dbms/src/Storages/S3/S3RandomAccessFile.cpp

---

📝 Walkthrough

Walkthrough

Reworks S3RandomAccessFile read/seek retry logic to bound retries and reopen at target offsets for large forward seeks; adds a seek failpoint, new ProfileEvent, MockS3Client GET observation hooks, and tests exercising retry/seek semantics.

Changes

Cohort / File(s)	Summary
Failpoint Infrastructure dbms/src/Common/FailPoint.cpp	Declared new failpoint identifier force_s3_random_access_file_seek_fail.
Profile Events dbms/src/Common/ProfileEvents.cpp	Added new profiling event S3IOSeekReopen.
MockS3Client Testing Utilities dbms/src/Storages/S3/MockS3Client.h, dbms/src/Storages/S3/MockS3Client.cpp	Record GetObject observations: get_object_count, last_get_object_range; added resetGetObjectObservations(), getGetObjectCount(), getLastGetObjectRange() and update observations inside GetObject.
S3RandomAccessFile Core Logic dbms/src/Storages/S3/S3RandomAccessFile.h, dbms/src/Storages/S3/S3RandomAccessFile.cpp	Bound per-call retries, centralized retry decision (shouldRetryStreamError), added reopenAt() and recordSuccessfulSeek(), treat large forward seeks by reopening at target offset using s3_forward_seek_reopen_threshold, reset cur_retry at initialize start, integrated seek failpoint and profiling event.
S3 Tests dbms/src/Storages/S3/tests/gtest_s3file.cpp	Added tests covering read/seek retry bounds, retry-budget reset after reopen, small vs large forward-seek behavior (inspecting MockS3Client observations), profiling assertions for not charging skipped bytes, and externs for the new failpoint and S3ReadBytes event.

Sequence Diagram(s)

sequenceDiagram
    participant Reader as File consumer
    participant S3File as S3RandomAccessFile
    participant S3 as S3/HTTP backend
    participant Mock as MockS3Client (tests)

    Reader->>S3File: read()/seek(offset)
    S3File->>S3: GET (Range=cur_offset or target)
    S3-->>S3File: HTTP 200/206 stream
    alt stream error during ignore/read
        S3File->>S3File: shouldRetryStreamError? (increment cur_retry)
        alt retry within budget
            S3File->>S3File: reopenAt(target_offset) / initialize(action)
            S3File->>S3: new GET at reopened offset
        else retry exhausted
            S3File-->>Reader: fail (EOF/error)
        end
    else forward seek > threshold
        S3File->>S3File: reopenAt(target_offset)
        S3File->>S3: GET (Range=target_offset-)
    end
    S3File->>ProfileEvents: increment S3IOSeekReopen / S3ReadBytes as appropriate
    Note over Mock,S3: Tests observe GetObject calls and ranges via MockS3Client hooks

Loading

Estimated code review effort

🎯 4 (Complex) | ⏱️ ~45 minutes

Suggested labels

size/L

Suggested reviewers

• CalvinNeo
• JinheLin

Poem

🐰 I nibble bytes and hop between streams,

A reopen here, no endless reams,
Tests keep watch with a curious eye,
Seek now bounded — no more looped sky,
Hooray for logs that finally sigh.

🚥 Pre-merge checks | ✅ 4 | ❌ 1

❌ Failed checks (1 warning)

Check name	Status	Explanation	Resolution
Docstring Coverage	⚠️ Warning	Docstring coverage is 13.04% which is insufficient. The required threshold is 80.00%.	Write docstrings for the functions missing them to satisfy the coverage threshold.

✅ Passed checks (4 passed)

Check name	Status	Explanation
Title check	✅ Passed	The PR title 'disagg: bound stream retries and reopen large forward seeks' is concise, specific, and accurately summarizes the main changes to S3RandomAccessFile.
Description check	✅ Passed	The PR description comprehensively covers the problem statement, technical solution, and includes proper checklist completion with unit tests marked and appropriate checkboxes selected.
Linked Issues check	✅ Passed	All coding requirements from issue #10794 are met: stream retry bounds implemented, reopenAt() added for commit-safe reopening, forward seek threshold introduced, and accounting fixed for logical vs remote bytes.
Out of Scope Changes check	✅ Passed	All changes are directly related to issue #10794 objectives: bounding retries, reopening behavior, forward seek threshold, MockS3Client extensions for testing, and profiling event additions are all in-scope.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[pantheon-ai]

✅ Code looks good. No issues found.

[Copilot]

Copilot encountered an error and was unable to review this pull request. You can try again by re-requesting a review.

[Copilot]

Pull request overview

Copilot reviewed 6 out of 6 changed files in this pull request and generated no new comments.

---

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

[coderabbitai]

Actionable comments posted: 1

🤖 Prompt for all review comments with AI agents

Verify each finding against the current code and only fix it if needed.

Inline comments:
In `@dbms/src/Storages/S3/S3RandomAccessFile.cpp`:
- Around line 379-385: S3RandomAccessFile::reopenAt currently assigns cur_offset
before calling initialize(action), which can leave the object in an inconsistent
state if initialize() throws; change the logic to either call initialize(action)
first and only set cur_offset on success, or wrap initialize(action) in a
try/catch and restore the previous cur_offset before rethrowing; also ensure
cur_retry reset semantics remain correct (reset after a successful initialize or
restore on failure) so that members cur_offset, cur_retry and initialize(action)
are updated atomically.

🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

• Push a commit to this branch (recommended)
• Create a new PR with the fixes

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: Repository UI

Review profile: CHILL

Plan: Pro

Run ID: ce087909-16c3-4f22-9852-bf43aa66b3de

📥 Commits

Reviewing files that changed from the base of the PR and between e8a62f8 and 8f04ca5.

📒 Files selected for processing (3)

• dbms/src/Common/ProfileEvents.cpp
• dbms/src/Storages/S3/S3RandomAccessFile.cpp
• dbms/src/Storages/S3/S3RandomAccessFile.h

[JaySon-Huang]

/hold

[JaySon-Huang]

/cherry-pick release-nextgen-20251011

[ti-chi-bot]

@JaySon-Huang: once the present PR merges, I will cherry-pick it on top of release-nextgen-20251011 in the new PR and assign it to you.

Details

In response to this:

/cherry-pick release-nextgen-20251011

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the ti-community-infra/tichi repository.

[JaySon-Huang]

/cherry-pick release-nextgen-202603

[ti-chi-bot]

@JaySon-Huang: once the present PR merges, I will cherry-pick it on top of release-nextgen-202603 in the new PR and assign it to you.

Details

In response to this:

/cherry-pick release-nextgen-202603

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the ti-community-infra/tichi repository.

[JaySon-Huang]

/unhold

[ti-chi-bot]

[LGTM Timeline notifier]

Timeline:

• 2026-04-13 06:21:45.93368877 +0000 UTC m=+1369311.139048827: ☑️ agreed by JinheLin.
• 2026-04-13 06:37:11.385923893 +0000 UTC m=+1370236.591283949: ☑️ agreed by Lloyd-Pottiger.

[ti-chi-bot]

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: CalvinNeo, JinheLin, Lloyd-Pottiger

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Details

Needs approval from an approver in each of these files:

• OWNERS [CalvinNeo,JinheLin,Lloyd-Pottiger]

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

[ti-chi-bot]

@JaySon-Huang: new pull request created to branch release-nextgen-20251011: #10796.

Details

In response to this:

/cherry-pick release-nextgen-20251011

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the ti-community-infra/tichi repository.

[ti-chi-bot]

@JaySon-Huang: new pull request created to branch release-nextgen-202603: #10797.

Details

In response to this:

/cherry-pick release-nextgen-202603

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the ti-community-infra/tichi repository.