Make empty CQ init faster in case of clean shutdown#13856
Merged
michaelklishin merged 1 commit intorabbitmq:mainfrom May 8, 2025
Merged
Make empty CQ init faster in case of clean shutdown#13856michaelklishin merged 1 commit intorabbitmq:mainfrom
michaelklishin merged 1 commit intorabbitmq:mainfrom
Conversation
gomoripeti
commented
May 5, 2025
| bounds/2, next_segment_boundary/1]). | ||
|
|
||
| %% Only used by tests | ||
| -export([bounds/1]). |
Contributor
Author
There was a problem hiding this comment.
only backing_queue_SUITE:bq_queue_index test case uses bounds/1. If I understand correctly this test case tests the index module itself. I kept bounds/1 as the v1 index also has a function with the same signature (although that is not tested any more by backing_queue_SUITE and it will go away eventually) Maybe bq_queue_index should be modified to test bounds/2 instead, sometimes the NextSeqIdHint being undefined and sometimes an integer?
Collaborator
There was a problem hiding this comment.
@gomoripeti that sounds reasonable to me. Let's do that in a follow-up PR?
michaelklishin
requested changes
May 6, 2025
Collaborator
michaelklishin
left a comment
There was a problem hiding this comment.
The Dialyzer failure is reproducible:
done (warnings were emitted)
Checking whether the PLT /home/runner/work/rabbitmq-server/rabbitmq-server/deps/rabbit/.rabbit.plt is up-to-date... yes
Proceeding with analysis...
rabbit_classic_queue_index_v2.erl:439:1: Function recover_index_v1_clean/6 has no local return
rabbit_classic_queue_index_v2.erl:455:1: Function recover_index_v1_dirty/7 has no local return
rabbit_classic_queue_index_v2.erl:476:1: Function recover_index_v1_common/3 has no local return
rabbit_classic_queue_index_v2.erl:486:40: The call rabbit_classic_queue_index_v2:bounds
(State0 ::
#qi{queue_name :: #resource{},
dir :: nonempty_binary(),
write_buffer ::
#{non_neg_integer() =>
'ack' |
{binary(),
non_neg_integer(),
'memory' | 'rabbit_msg_store' |
'rabbit_queue_index' |
{'rabbit_classic_queue_store_v2',
non_neg_integer(),
non_neg_integer()},
#message_properties{expiry ::
'undefined' |
pos_integer(),
needs_confirming ::
boolean()},
boolean()}},
write_buffer_updates :: 0,
cache ::
#{non_neg_integer() =>
'ack' |
{binary(),
non_neg_integer(),
'memory' | 'rabbit_msg_store' |
'rabbit_queue_index' |
{'rabbit_classic_queue_store_v2',
non_neg_integer(),
non_neg_integer()},
#message_properties{expiry ::
'undefined' |
pos_integer(),
needs_confirming ::
boolean()},
boolean()}},
confirms :: sets:set(_),
segments :: #{non_neg_integer() => pos_integer()},
fds ::
#{non_neg_integer() =>
{'file_descriptor', atom(), _}},
on_sync :: fun((sets:set(_)) -> 'ok'),
on_sync_msg :: fun()},
'undefined') breaks the contract
(State, non_neg_integer() | 'undefiend') ->
{non_neg_integer(), non_neg_integer(), State}
when State :: state()
rabbit_classic_queue_index_v2.erl:1198:1: Function bounds/1 has no local return
rabbit_classic_queue_index_v2.erl:1199:19: The call rabbit_classic_queue_index_v2:bounds
(State :: any(),
'undefined') breaks the contract
(State, non_neg_integer() | 'undefiend') ->
{non_neg_integer(), non_neg_integer(), State}
when State :: state()
done in 0m13.12s
done (warnings were emitted)
Contributor
Author
|
thanks for the heads up, indeed there is a typo |
At CQ startup variable_queue went through each seqid from 0 to next_seq_id looking for the first message even if there were no messages in the queue (no segment files). In case of a clean shutdown the value next_seq_id is stored in recovery terms. This value can be utilized by the queue index to provide better seqid bounds in absence of segment files. Before this patch starting an empty classic queue with next_seq_id = 100_000_000 used to take about 26 seconds. With this patch it takes less than 1ms.
ea2e5d2 to
150172f
Compare
12 tasks
michaelklishin
added a commit
that referenced
this pull request
May 8, 2025
Make empty CQ init faster in case of clean shutdown (backport #13856)
lhoguin
reviewed
May 9, 2025
|
|
||
| %% set a very high next_seq_id as if 100M messages have been | ||
| %% published and consumed | ||
| Terms2 = lists:keyreplace(next_seq_id, 1, Terms, {next_seq_id, 100_000_000}), |
Contributor
There was a problem hiding this comment.
We should probably test that the bounds returned by the index are correct.
Contributor
Author
There was a problem hiding this comment.
I will work on a follow-up PR to update backing_queue_SUITE:bq_queue_index to test bounds/2 when there are messages in the queue. But what is a correct index range estimate for an empty queue? All bounds are correct overestimations. Maybe one property that can be checked that both LowSeqId and HighSeqId are '=< NextSeqId`?
Contributor
There was a problem hiding this comment.
We only care about v2 so Low = High = Next?
12 tasks
12 tasks
lukebakken
pushed a commit
to lukebakken/rmq-rabbitmq-server
that referenced
this pull request
Mar 17, 2026
Make empty CQ init faster in case of clean shutdown (cherry picked from commit d27d5c4)
lukebakken
added a commit
to lukebakken/rmq-rabbitmq-server
that referenced
this pull request
Mar 17, 2026
This commit completes the backport of two upstream fixes for a startup hang that caused a 1h46m maintenance window outage on a single-node broker (b-fd0b2082, 2026-03-08). Root cause: `maybe_deltas_to_betas/4` in `rabbit_variable_queue` enters an effectively infinite recursive loop when recovering an empty classic queue after a clean shutdown if `next_seq_id` is large. The loop iterates once per historical seq_id entirely in memory (no disk I/O), producing 100% CPU with near-zero EBS reads. The loop becomes truly infinite once `DeltaSeqId` reaches `DeltaSeqIdEnd` because `d()` accepts `start_seq_id = end_seq_id` with `count = 0`, and `read/3` returns `[]` immediately, causing unconditional recursion. PR rabbitmq#13856 (primary fix, `rabbit_classic_queue_index_v2`): When `Segments = #{}` (no segment files) and `NextSeqIdHint` is available from clean shutdown Terms, `bounds/2` now returns `{NextSeqIdHint, NextSeqIdHint}` instead of `{0, 0}`, producing a blank delta immediately so the loop never starts. PR rabbitmq#15595 (safety net, `rabbit_variable_queue`): Adds a termination guard `0 when DeltaSeqId1 >= DeltaSeqIdEnd` to `maybe_deltas_to_betas` that returns `?BLANK_DELTA` instead of recursing when the end of the range is reached with an empty result. Conflict resolution for PR rabbitmq#13856: The upstream diff hardcodes `rabbit_classic_queue_index_v2:bounds(IndexState, NextSeqIdHint)` because v1 index support was removed in main before this fix was written. In 3.13.7, the call site uses `IndexMod:bounds(IndexState)` to dispatch between `rabbit_queue_index` (v1) and `rabbit_classic_queue_index_v2` (v2). The resolution preserves the `IndexMod` dispatch but routes to `bounds/2` only when `IndexMod =:= rabbit_classic_queue_index_v2`, since `rabbit_queue_index` has no `bounds/2` variant and the bug only affects the v2 index path. PR rabbitmq#15595 was not cherry-picked (it targets main where `maybe_deltas_to_betas` has been renamed to `read_from_q_tail` and `BLANK_DELTA` to `BLANK_Q_TAIL`). The fix was applied manually as a single guard clause addition in 3.13.7 terminology. The `variable_queue_restart_large_seq_id` test is commented out from the `backing_queue_v1` suite. The fix is correct and complete for v2 queues (the only version used in production, enforced by the AWS managed operator policy). The v1 test fails because `rabbit_queue_index:bounds/1` still returns `{0, 0}` for empty queues -- there is no upstream precedent for patching it since v1 was removed from main before PR rabbitmq#13856 was written.
lukebakken
added a commit
to lukebakken/rmq-rabbitmq-server
that referenced
this pull request
Mar 17, 2026
…tibility fixes This commit cherry-picks PR rabbitmq#13932 (bf8fd69, 'Add tests for rabbit_classic_queue_index_v2:bounds/2') and applies the additional changes required to make it correct in 3.13.7, where the v1 index (`rabbit_queue_index`) still exists alongside the v2 index. PR rabbitmq#13932 in upstream main: - Removed the `bounds/1` shim from `rabbit_classic_queue_index_v2` (which had been added by PR rabbitmq#13856 as a compatibility wrapper) - Updated test call sites in `backing_queue_SUITE` from `IndexMod:bounds(Qi)` to `IndexMod:bounds(Qi, Hint)` Why the cherry-pick alone was insufficient for 3.13.7: In upstream main, the v1<->v2 index conversion code in `rabbit_variable_queue` and `rabbit_queue_index` had already been removed by commit ecf4600 ('Remove availability of CQv1', March 2024) before PR rabbitmq#13856 introduced `bounds/2` (May 2025). Therefore, when PR rabbitmq#13932 removed the `bounds/1` shim, there were no production call sites left that used the 1-argument form. In 3.13.7, the v1<->v2 conversion code still exists. Two production call sites were left calling the now-deleted `bounds/1`: - `rabbit_variable_queue:convert_from_v2_to_v1` called `rabbit_classic_queue_index_v2:bounds(V2Index)` - `rabbit_queue_index:recover_index_v2_common` called `rabbit_classic_queue_index_v2:bounds(V2State)` Both crashed at runtime with `{undef, {rabbit_classic_queue_index_v2, bounds, [...]}` when a queue version downgrade (v2->v1) was attempted, as exercised by `classic_queue_prop_SUITE`. Changes in this commit beyond the cherry-pick: 1. `rabbit_queue_index.erl`: Added `bounds/2` with the same `NextSeqIdHint` logic as PR rabbitmq#13856 applied to `rabbit_classic_queue_index_v2`. When `SegNums = []` (no segment files) and `NextSeqIdHint` is an integer, returns `{Hint, Hint, State}` instead of `{0, 0, State}`. The existing `bounds/1` is kept as a shim delegating to `bounds(State, undefined)`. Also updated the internal call to `rabbit_classic_queue_index_v2:bounds` in `recover_index_v2_common` to use `bounds/2`. 2. `rabbit_variable_queue.erl`: Updated the call in `convert_from_v2_to_v1` to `rabbit_classic_queue_index_v2:bounds/2`. Also simplified the `IndexMod:bounds` dispatch in `init/10` from a case expression (routing v2 to `bounds/2` and v1 to `bounds/1`) to a single `IndexMod:bounds(IndexState, NextSeqIdHint)` call, since both index modules now implement `bounds/2`. 3. `backing_queue_SUITE.erl`: Removed the comment block that had previously disabled `variable_queue_restart_large_seq_id` for the `backing_queue_v1` suite. With `rabbit_queue_index:bounds/2` now implemented, the fix is complete for both v1 and v2 queues and the test passes for both. Validation: `backing_queue_SUITE` (all groups including `backing_queue_v1` and `backing_queue_v2`) and `classic_queue_prop_SUITE` (6/6 tests) both pass cleanly.
lukebakken
pushed a commit
to lukebakken/rmq-rabbitmq-server
that referenced
this pull request
Mar 17, 2026
Make empty CQ init faster in case of clean shutdown (cherry picked from commit d27d5c4)
lukebakken
added a commit
to lukebakken/rmq-rabbitmq-server
that referenced
this pull request
Mar 17, 2026
This commit completes the backport of two upstream fixes for a startup hang that caused a 1h46m maintenance window outage on a single-node broker (b-fd0b2082, 2026-03-08). Root cause: `maybe_deltas_to_betas/4` in `rabbit_variable_queue` enters an effectively infinite recursive loop when recovering an empty classic queue after a clean shutdown if `next_seq_id` is large. The loop iterates once per historical seq_id entirely in memory (no disk I/O), producing 100% CPU with near-zero EBS reads. The loop becomes truly infinite once `DeltaSeqId` reaches `DeltaSeqIdEnd` because `d()` accepts `start_seq_id = end_seq_id` with `count = 0`, and `read/3` returns `[]` immediately, causing unconditional recursion. PR rabbitmq#13856 (primary fix, `rabbit_classic_queue_index_v2`): When `Segments = #{}` (no segment files) and `NextSeqIdHint` is available from clean shutdown Terms, `bounds/2` now returns `{NextSeqIdHint, NextSeqIdHint}` instead of `{0, 0}`, producing a blank delta immediately so the loop never starts. PR rabbitmq#15595 (safety net, `rabbit_variable_queue`): Adds a termination guard `0 when DeltaSeqId1 >= DeltaSeqIdEnd` to `maybe_deltas_to_betas` that returns `?BLANK_DELTA` instead of recursing when the end of the range is reached with an empty result. Conflict resolution for PR rabbitmq#13856: The upstream diff hardcodes `rabbit_classic_queue_index_v2:bounds(IndexState, NextSeqIdHint)` because v1 index support was removed in main before this fix was written. In 3.13.7, the call site uses `IndexMod:bounds(IndexState)` to dispatch between `rabbit_queue_index` (v1) and `rabbit_classic_queue_index_v2` (v2). The resolution preserves the `IndexMod` dispatch but routes to `bounds/2` only when `IndexMod =:= rabbit_classic_queue_index_v2`, since `rabbit_queue_index` has no `bounds/2` variant and the bug only affects the v2 index path. PR rabbitmq#15595 was not cherry-picked (it targets main where `maybe_deltas_to_betas` has been renamed to `read_from_q_tail` and `BLANK_DELTA` to `BLANK_Q_TAIL`). The fix was applied manually as a single guard clause addition in 3.13.7 terminology. The `variable_queue_restart_large_seq_id` test is commented out from the `backing_queue_v1` suite. The fix is correct and complete for v2 queues (the only version used in production, enforced by the AWS managed operator policy). The v1 test fails because `rabbit_queue_index:bounds/1` still returns `{0, 0}` for empty queues -- there is no upstream precedent for patching it since v1 was removed from main before PR rabbitmq#13856 was written.
lukebakken
added a commit
to lukebakken/rmq-rabbitmq-server
that referenced
this pull request
Mar 17, 2026
…tibility fixes This commit cherry-picks PR rabbitmq#13932 (bf8fd69, 'Add tests for rabbit_classic_queue_index_v2:bounds/2') and applies the additional changes required to make it correct in 3.13.7, where the v1 index (`rabbit_queue_index`) still exists alongside the v2 index. PR rabbitmq#13932 in upstream main: - Removed the `bounds/1` shim from `rabbit_classic_queue_index_v2` (which had been added by PR rabbitmq#13856 as a compatibility wrapper) - Updated test call sites in `backing_queue_SUITE` from `IndexMod:bounds(Qi)` to `IndexMod:bounds(Qi, Hint)` Why the cherry-pick alone was insufficient for 3.13.7: In upstream main, the v1<->v2 index conversion code in `rabbit_variable_queue` and `rabbit_queue_index` had already been removed by commit ecf4600 ('Remove availability of CQv1', March 2024) before PR rabbitmq#13856 introduced `bounds/2` (May 2025). Therefore, when PR rabbitmq#13932 removed the `bounds/1` shim, there were no production call sites left that used the 1-argument form. In 3.13.7, the v1<->v2 conversion code still exists. Two production call sites were left calling the now-deleted `bounds/1`: - `rabbit_variable_queue:convert_from_v2_to_v1` called `rabbit_classic_queue_index_v2:bounds(V2Index)` - `rabbit_queue_index:recover_index_v2_common` called `rabbit_classic_queue_index_v2:bounds(V2State)` Both crashed at runtime with `{undef, {rabbit_classic_queue_index_v2, bounds, [...]}` when a queue version downgrade (v2->v1) was attempted, as exercised by `classic_queue_prop_SUITE`. Changes in this commit beyond the cherry-pick: 1. `rabbit_queue_index.erl`: Added `bounds/2` with the same `NextSeqIdHint` logic as PR rabbitmq#13856 applied to `rabbit_classic_queue_index_v2`. When `SegNums = []` (no segment files) and `NextSeqIdHint` is an integer, returns `{Hint, Hint, State}` instead of `{0, 0, State}`. The existing `bounds/1` is kept as a shim delegating to `bounds(State, undefined)`. Also updated the internal call to `rabbit_classic_queue_index_v2:bounds` in `recover_index_v2_common` to use `bounds/2`. 2. `rabbit_variable_queue.erl`: Updated the call in `convert_from_v2_to_v1` to `rabbit_classic_queue_index_v2:bounds/2`. Also simplified the `IndexMod:bounds` dispatch in `init/10` from a case expression (routing v2 to `bounds/2` and v1 to `bounds/1`) to a single `IndexMod:bounds(IndexState, NextSeqIdHint)` call, since both index modules now implement `bounds/2`. 3. `backing_queue_SUITE.erl`: Removed the comment block that had previously disabled `variable_queue_restart_large_seq_id` for the `backing_queue_v1` suite. With `rabbit_queue_index:bounds/2` now implemented, the fix is complete for both v1 and v2 queues and the test passes for both. Validation: `backing_queue_SUITE` (all groups including `backing_queue_v1` and `backing_queue_v2`) and `classic_queue_prop_SUITE` (6/6 tests) both pass cleanly.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
3 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Proposed Changes
At CQ startup variable_queue went through each seqid from 0 to next_seq_id looking for the first message even if there were no messages in the queue (no segment files).
In case of a clean shutdown the value next_seq_id is stored in recovery terms. This value can be utilized by the queue index to provide better seqid bounds in absence of segment files.
Before this patch starting an empty classic queue with next_seq_id = 100_000_000 used to take about 26 seconds. With this patch it takes less than 1ms.
Fixes the empty classic queue part of #12848
Types of Changes
What types of changes does your code introduce to this project?
Put an
xin the boxes that applyChecklist
Put an
xin the boxes that apply.You can also fill these out after creating the PR.
If you're unsure about any of them, don't hesitate to ask on the mailing list.
We're here to help!
This is simply a reminder of what we are going to look for before merging your code.
CONTRIBUTING.mddocumentFurther Comments