Implement a new, experimental variant of LookupResources as LookupResources2

[josephschorr]

This implementation should be much faster for intersections, exclusions and caveats due to early tree shearing and check hints

This change has three major components:

1. Change to caveats expression handling to early terminate when relevant
2. Ability to specify hints to checks to avoid recompuation
3. Implementation of LR2

[josephschorr]

Moved to draft due to steelthread discovering a pagination bug

[vroldanbet]

There is a unit test error:

--- FAIL: TestSimpleLookupResources2 (0.24s)
    --- FAIL: TestSimpleLookupResources2/document#view->user:legal (0.06s)
        lookupresources2_test.go:122: 
            	Error Trace:	/home/runner/actions-runner/_work/spicedb/spicedb/internal/dispatch/graph/lookupresources2_test.go:122
            	Error:      	Not equal: 
            	            	expected: 0x3
            	            	actual  : 0x1
            	Test:       	TestSimpleLookupResources2/document#view->user:legal
            	Messages:   	Depth required mismatch

[josephschorr]

There is a unit test error:
...

Fixed

[vroldanbet]

Some early comments, still making my way through the PR

[vroldanbet]

Not a blocker, since this warrants a bigger refactor, but I thought it was worth calling this out again given what I observed under load: concurrency limits are not very useful if we don't keep a state around of the available "capacity" of the process. E.g. in non-clustered mode, this leads to large spikes in goroutines, because every local dispatch gets the same limit, and in clustered mode, it leads to the same situation, albeit lessened because there is more capacity. Ultimately this affects tail latencies, as the scheduler scrambles to handle all the scheduling spikes with whatever GOMAXPROCS it has defined. With sufficient load, and all the dispatching happening through wide relations, this can easily overload a cluster.

[josephschorr]

We could add it as a tracking field to the dispatch (since we're changing it here anyway) and decrease the counter on each dispatch

[vroldanbet]

let's do that as a follow-up, we may want to generalize it for all APIs, and this could be the foundation to what the paper describes as These safeguards include fine-grained cost accounting, quotas, and throttling. We could e.g. limit clients by the number of dispatches.

[vroldanbet]

Why are we OK with returning a partial list here?

Let's say we do an LR call, but we missed some important caveat arguments - by mistake. Now we are returning "this is the list of resources the subject has access to". The client has no way to know they missed arguments that could have augmented that list.

[josephschorr]

As the comment describes: if we find a path for the resource that is not caveated, then the result is by definition present, so we don't care about the caveated paths to that same resource.

Missed arguments don't matter if at least one of the paths to the resource has no caveats

[vroldanbet]

Suggested change

	currentResult = syntheticResult{
	value: true,
	contextValues: map[string]any{},
	exprString: "",
	missingContextParams: []string{},
	}
	currentResult.value = true

[josephschorr]

Can't; the type of the result is not a synthetic

[vroldanbet]

Then:

	var currentResult ExpressionResult = syntheticResult{
		value:                cop.Op == core.CaveatOperation_AND,
		contextValues:        map[string]any{},
		exprString:           "",
		missingContextParams: []string{},
	}

[vroldanbet]

Initializing syntheticResult.contextValues with an empty map does an unnecessary allocation to the heap. combineMap does take care of nil first argument when merging what has been found, which adds one extra unnecessary allocation.

I did some benchmarks, and combineMaps can be made faster and do one less allocation in the case one of the arguments is nil or empty.

Given the caveat is being executed for each one of the tuples coming out of ReverseQueryRelationships via redispatchOrReportOverDatabaseQuery, I thought this could lead to N unnecessary allocations in the critical path.

func combineMaps(first map[string]any, second map[string]any) map[string]any {
	if first == nil || len(first) == 0 {
		return maps.Clone(second)
	} else if second == nil || len(second) == 0 {
		return maps.Clone(first)
	}

	cloned := maps.Clone(first)
	maps.Copy(cloned, second)
	return cloned
}

[josephschorr]

No need to clone them if they aren't changing

[vroldanbet]

please write a benchmark like I did, and make sure it reduces allocations and CPU time for:

• first is nil, second is not
• first has elements, second does not

My code above moved the needle from 3 allocations to 2 and made it 50% faster

[josephschorr]

Since I don't clone now at all unless necessary, it should be 1 less even

[vroldanbet]

This seems like a potentially large payload to send over dispatch. By default it would be 100 elements but we've discussed introducing a flag, and we've observed better results as that number increases.

Why does the hint need to be represented as N hint elements, instead of a more compact/normalized representation? Each one of the resources has the same entrypoint and the same terminal subject. The result is N protos with N copies of the same subject and object namespaces and relations. The only difference by the objectID, and that is also going to be duplicated in the ComputeBulkCheck dispatch operation.

Could we normalize this information, and if necessary, have the client-side derive these N hints?

[josephschorr]

Why does the hint need to be represented as N hint elements, instead of a more compact/normalized representation?

Because they are isolated hints

Each one of the resources has the same entrypoint and the same terminal subject.

Here, but that may not apply in the future. This is a generalized hint system.

Could we normalize this information, and if necessary, have the client-side derive these N hints?

Yes, I could have each hint support taking in multiple resource IDs, but that would require more complicated code, so its a tradeoff

[vroldanbet]

Because they are isolated hints

I don't understand what this means. Please elaborate.

Yes, I could have each hint support taking in multiple resource IDs, but that would require more complicated code, so its a tradeoff

My tests indicate that under an LR2 workload, SpiceDB is spending 32% of CPU time in GC (21-23% with my optimizations in #1989) . That's almost a fourth of CPU time collecting garbage (❗). And the vast majority of it is proto allocations.

That CPU time that goes to GC means less CPU time for the massive goroutine fan out LR2 tends to do with certain data shapes and sizes. In turn, it increases tail latencies.

My advice is to make the tradeoff and reduce allocations, the impact cannot be ignored and is globally an issue across all API endpoints. This is very relevant for deployments that have low CPU requests. Feel free to do in a follow up PR so this one does not stay around opened any longer.

[josephschorr]

Okay

[vroldanbet]

hints can also be issued for tupleset-to-userset, why can we assume here it's a hint for computed usersets?

[vroldanbet]

checkInternal is going to loop over the CheckHints 2 times:

• one to filter the resources to dispatch
• another one during combination

You could return the result from the hint along side the resourceID, and build a map like the once combineWithComputedHints accepts, and call the latter instead. This means you don't have to iterate again over all the hints. This adds up, especially with wide relationships that lead to many batches of 100 elements.

[josephschorr]

why can we assume here it's a hint for computed usersets?

Because this is processing for the relation itself, and not the arrow.

You could return the result from the hint along side the resourceID...

Except when there aren't any hints, then we're doing work we don't need to do. Its also capping at maybe 1000 elements right now, which means the overhead is likely minimal. I can combine if you like, but it makes the code less readable for a very small improvement

[vroldanbet]

Except when there aren't any hints, then we're doing work we don't need to do.

What work, creating an empty map?

Its also capping at maybe 1000 elements right now, which means the overhead is likely minimal. I can combine if you like, but it makes the code less readable for a very small improvement

How is it making it less readable? You already have a method that accepts a map.
Looking at these things as 1 call with 1000 elements wouldn't be much overhead. The issue is a graph with many elements can lead to many, many dispatches. I think every little bit counts.

[vroldanbet]

please do not allocate a core.RelationReference here. Instead you can create a new AsCheckHintForComputedUserset method that receives the strings directly, and that the method with proto args can reuse

[josephschorr]

I hate breaking nicer interfaces for optimization but oh well

[vroldanbet]

You could have maintained the interface the used the proto, and just built on the new signature

[josephschorr]

Yeah, but then it would have been used in exactly one location, so not worth the overhead IMO

[vroldanbet]

LGTM, I've left some additional feedback, but we can address in a follow up