GH-40557: [C++] Use PutObject request for S3 in OutputStream when only uploading small data

[OliLay]

Rationale for this change

See #40557. The previous implementation would always issue multi part uploads which come with 3x RTT to S3 instead of just 1x RTT with a PutObject request.

What changes are included in this PR?

Implement logic in the S3 OutputStream to use a PutObject request if data is below a certain threshold (5 MB) and the output stream is closed. If more data is written, a multi part upload is triggered. Note: Previously, opening the output stream was already expensive because the CreateMultipartUpload request was triggered then. With this change opening the output stream becomes cheap, as we rather wait until some data is written to decide which upload method to use. This required some more state-keeping in the output stream class.

Are these changes tested?

No new tests were added, as there are already tests for very small writes and very large writes, which will trigger both ways of uploading. Everything should therefore be covered by existing tests.

Are there any user-facing changes?

• Previously, we would fail when opening the output stream if the bucket doesn't exist. We inferred that by sending the CreateMultipartUpload request, which we now do not send anymore upon opening the stream. We now rather fail at closing, or at writing (when >5MB have accumulated). Replicating the old behavior is not possible without sending another request which defeats the purpose of this performance optimization. I hope this is fine.

• GitHub Issue: [C++] S3Filesystem always initiates multipart uploads, regardless of input size #40557

[github-actions]

⚠️ GitHub issue #40557 has been automatically assigned in GitHub to PR creator.

[OliLay]

From the log output, it seems like the failing CI jobs are not related to this change. Correct me if I am wrong though. Should I rebase (in case the flaky tests are already fixed on main)?

[orf]

I think it’s worth rebasing to see?

[OliLay]

Rebased to current main, now waiting for the CI approval again :)

[pitrou]

Previously, we would fail when opening the output stream if the bucket doesn't exist. We inferred that by sending the CreateMultipartUpload request, which we now do not send anymore upon opening the stream. We now rather fail at closing, or at writing (when >5MB have accumulated).

Hmm, I'm not sure that is ok. Usually, when opening a file for writing, you expect the initial open to fail if the path cannot be written to. I have no idea how much code relies on that, but that's a common expectation due to how filesystems usually work (e.g. when accessing local storage).

[orf]

Previously, we would fail when opening the output stream if the bucket doesn't exist. We inferred that by sending the CreateMultipartUpload request, which we now do not send anymore upon opening the stream. We now rather fail at closing, or at writing (when >5MB have accumulated).

Hmm, I'm not sure that is ok. Usually, when opening a file for writing, you expect the initial open to fail if the path cannot be written to. I have no idea how much code relies on that, but that's a common expectation due to how filesystems usually work (e.g. when accessing local storage).

This isn’t guaranteed with the current implementation though? Putting a part, or completing a multipart upload, can fail in various ways? An obvious one would be a checksum failure.

[pitrou]

My point is that if the path cannot be written to, the error happens when opening the file, not later on.

[OliLay]

My point is that if the path cannot be written to, the error happens when opening the file, not later on.

That is true. I guess the question is if arrow's OutputStream API makes an explicit guarantee that Open should throw if the target does not exist. My guess would be that you shouldn't built code upon this assumption if it isn't explicitly stated in arrow's API/docs (which it is not), but of course real-world usage deviates from that (Hyrum's Law).
But checking if the bucket exists would at least come with another 1x RTT to S3 and the goal of the PR was to reduce the amount of blocking calls to S3 to reduce overall latency. If we add another check here, we'll have a total 2x RTT to S3 for small uploads, which is better than the initial 3x RTT without this change, but still not optimal from a performance-view. (and we would probably have 4x RTT for multipart uploads)

[pitrou]

That is true. I guess the question is if arrow's OutputStream API makes an explicit guarantee that Open should throw if the target does not exist. My guess would be that you shouldn't built code upon this assumption if it isn't explicitly stated in arrow's API/docs (which it is not), but of course real-world usage deviates from that (Hyrum's Law).

The API docs generally do not go into that level of detail. However, it is a general assumption that a filesystem "looks like" a local filesystem API-wise.

It is also much more convenient to get an error early, than after you have already "written" multiple megabytes of data to the file.

A compromise would be to add a dedicated option in S3Options, but of course the optimization would only benefit those users that enable the option.

[OliLay]

A compromise would be to add a dedicated option in S3Options, but of course the optimization would only benefit those users that enable the option.

We can do that. I would propose that if the optimization is disabled, we directly use multi-part uploads (basically replicating the old behavior). I don't think it makes sense to explicitly issue a HeadBucket request because that will lead to minimum 4 requests with multi-part uploads then. (although we would only have 2 requests for small writes without the optimization compared to current main)
What do you think?

[pitrou]

We can do that. I would propose that if the optimization is disabled, we directly use multi-part uploads (basically replicating the old behavior).

That sounds reasonable to me.

[orf]

Just to note, issuing HeadBucket doesn't guarantee that a write will succeed - there isn't really a good way to check without actually writing. A HeadObject on the key and failing on any 403 is probably ok though? However there are valid cases where you'd want to write to a key that your principal is not able to read from. HeadBucket also requires full s3:ListBucket permissions, policies that restrict listing to specific prefixes would need to be updated.

I think an optimization flag is appropriate as the behaviour is technically changing. Does it make sense to make the flag a somewhat generic one, rather than specific to this case?

There are a few other optimizations that might also fall into the "more performant, slightly different semantics" category. If I was to contribute a PR to improve one of the linked areas, would we want to add a new specific flag for this case or bundle it under a single "optimized" flag?

The upside would be that it becomes more configurable, whereas the downside is that the testing and support matrix explodes. Perhaps it's better to just have a single optimized=True flag, vs receiving bug reports when specifically optimize_put_object=True, optimize_delete_dir=False, optimize_move=True, optimize_delete=False, optimize_ensure_parents_exist=True, optimize_foobar=True are set?

Edit: i guess this is only relevant for higher-level Python bindings, we'd still want internal flags for individual features.

[OliLay]

I added a sanitize_bucket_on_open_ flag to the S3Options, adjusted the logic and also instantiated tests with this flag enabled.
I guess the Python bindings can be tackled in a separate PR, right?

[kou]

Suggested change

	if (metadata == nullptr ||
	if (!metadata ||

[kou]

How about swapping these clauses for easy to read?

if (metadata && metadata->Contains(ObjectMetadataSetter<ObjectRequest>::CONTENT_TYPE_KEY)) {
  RETURN_NOT_OK(SetObjectMetadata(metadata, request));
} else {
  request->SetContentType("application/octet-stream");
}

[OliLay]

92aa434

[pitrou]

Perhaps we should make this more general, to open up other potential optimizations?

  /// Whether to allow file-open methods to return before the actual open
  ///
  /// Enabling this true may reduce the latency of `OpenInputStream`, `OpenOutpuStream`,
  /// and similar methods, by reducing the number of roundtrips necessary. It may also
  /// allow usage of more efficient S3 APIs for small files.
  /// The downside is that failure conditions such as attempting to open a file in a
  /// non-existing bucket will only be reported when actual I/O is done (at worse,
  /// when attempting to close the file).
  bool allow_delayed_open = false;

[OliLay]

Yes, I like this much more 👍

[pitrou]

Instead of adding more test methods for every combinatorial expansion, perhaps we should instead use a for loop on the various tested parameter values?

[OliLay]

I added a struct which abstracts the parameter combinations. 7748824

[pitrou]

Nit: naming conventions for constants

Suggested change

	static constexpr std::string_view CONTENT_TYPE_KEY = "Content-Type";
	static constexpr std::string_view kContentTypeKey = "Content-Type";

[pitrou]

Should this be named CleanupAfterClose?

[pitrou]

The comment is misleading: this always uploads the current buffer, right?

[pitrou]

I mean, CommitCurrentPart starts by calling CreateMultipartUpload.

[OliLay]

You're right, I just wanted to make the point that we won't call this when we haven't accumulated enough data. I've clarified the comment. 7748824

[pitrou]

Nit, but std::make_shared<Buffer>("", 0) looks simpler to me.

[pitrou]

I don't think this declaration is actually necessary? i.e. TriggerUploadRequest doesn't need to be a template method, it can be a regular overloaded method.

[pitrou]

Let's make this signature more informative

Suggested change

	template <typename RequestType, typename OutcomeType>
	using UploadResultCallbackFunction =
	std::function<Status(const RequestType& request, std::shared_ptr<UploadState>,
	int32_t, OutcomeType outcome)>;
	template <typename RequestType, typename OutcomeType>
	using UploadResultCallbackFunction =
	std::function<Status(const RequestType& request, std::shared_ptr<UploadState>,
	int32_t part_number, OutcomeType outcome)>;

[pitrou]

Nits: move more arguments

Suggested change

	return Upload<Aws::S3::Model::PutObjectRequest, Aws::S3::Model::PutObjectOutcome>(
	std::move(req), sync_result_callback, async_result_callback, data, nbytes,
	owned_buffer);
	return Upload<Aws::S3::Model::PutObjectRequest, Aws::S3::Model::PutObjectOutcome>(
	std::move(req), std::move(sync_result_callback), std::move(async_result_callback),
	data, nbytes, std::move(owned_buffer));

[pitrou]

Same here: more arguments can be moved.

[mapleFU]

Sorry for delaying review! Would merge after other committers approve

[pitrou]

Thanks for this @OliLay ! I have some questions and suggestions below.

[pitrou]

"Content-Type" is still used as a literal above. Should we move this at the top-level and use it everywhere?
Or, conversely, just undo this, since the "Content-Type" literal is unlikely to change value...

[OliLay]

I reverted the change to move it to a constant and rather have it inline now everywhere again.

[pitrou]

So metadata is ignored if it doesn't contain a "Content-Type" key? Or am I missing something here?

[OliLay]

Good catch, I think this was an issue, I fixed it and made the code also a bit clearer.

[pitrou]

Why not instead

Suggested change

	bool ShouldBeMultipartUpload() const { return pos_ > kMultiPartUploadThresholdSize; }
	bool ShouldBeMultipartUpload() const {
	return pos_ > kMultiPartUploadThresholdSize || !allow_delayed_open_;
	}

[pitrou]

Why add is_multipart_created_ here? Is there any situation where is_multipart_created_ would be true but ShouldBeMultipartUpload() would be false?

[OliLay]

There is probably no reason, I think it evolved to be like this during the PR review and also before we had the feature flag. I streamlined the handling now to use the upload id instead of this additional boolean.

[pitrou]

Perhaps call this UploadUsingSingleRequestError?

[pitrou]

Same here.

[pitrou]

For the record, is_multipart_created_ == true iff !upload_id_.empty(), right? Perhaps this can be consolidated and we can rename upload_id_ to something more explicit, such as multipart_upload_id.

[pitrou]

Coding style nit: 1) use CamelCase for function names, 2) avoid mutable refs; therefore:

Suggested change

	void apply_to_s3_options(S3Options& options) const {
	options.background_writes = background_writes;
	options.allow_delayed_open = allow_delayed_open;
	}
	void ApplyToS3Options(S3Options* options) const {
	options->background_writes = background_writes;
	options->allow_delayed_open = allow_delayed_open;
	}

[pitrou]

I don't think this is deleting the files currently on the filesystem, which means the tests might succeed even if the write path doesn't work for some options.

[OliLay]

Good catch, I implemented cleanup (i.e. emptying the test bucket and restoring the test files again) after each test run.

[pitrou]

Ideally we would also leave a trace in the test log to make diagnosing failures easier (see the ARROW_SCOPED_TRACE macro somewhere).

[OliLay]

I also merged main into this branch due to a conflict. Should be free of conflicts now.