Fix race when checking for dirty aggregations

[ryanhall07]

This fixes the following race:

1. Writer creates a new aggregation and adds it to the drity set.
2. Flusher processes dirty set.
3. Writer updates the aggregation value.

This race was introduced with the recent refactor of resending to use to
an explicit dirty set. However, this race existed historically before
resending introduced the notion of a dirty bit.

The fix is to ensure the individual aggregation lock is held when
read/writing the dirty bit.

It was starting to get really confusing what state truly needs to be guarded by the
aggregation lock. This also refactors the code to introduce an
aggFlushState of flusher local state that doesn't need any
synchronization. Now all fields on the lockedAggregation must be
accessed with the lock.

What this PR does / why we need it:

Fixes #

Special notes for your reviewer:

Does this PR introduce a user-facing and/or backwards incompatible change?:

Does this PR require updating code package or user-facing documentation?:

[ryanhall07]

aggFlushState now holds all the state that is local to the flusher which does not need to be synchronized. much easier to reason about.

[ryanhall07]

now there is a separate flushState map that is also start aligned. this removes all the nonsense of somethings are start aligned and some things are end aligned.

[ryanhall07]

flushState is kind of like the old consumedValues/previousTimeNanos. although it's much easier to reason about because those fields are scoped to a single timestamp on the flush state. if you need the previous consumed values, you just look it from the previous flush state.

[ryanhall07]

the flush state now holds a copy of the lockedAgg values, so we don't need to hold the lock when actually processing the values.

[ryanhall07]

hopefully this is simpler. now a flushState can point to a previous flushState through the prevStarTime. from there you can get the prev consumedValues.

[ryanhall07]

don't need this lock anymore because the values lock is always held when cachedSourceSets is accessed. so it's redundant.

[codecov]

Codecov Report

Merging #3886 (15e41cf) into master (b3fe0f1) will decrease coverage by 0.1%.
The diff coverage is 100.0%.

@@           Coverage Diff            @@
##           master   #3886     +/-   ##
========================================
- Coverage    56.8%   56.7%   -0.2%     
========================================
  Files         553     553             
  Lines       63440   63325    -115     
========================================
- Hits        36072   35940    -132     
- Misses      24175   24187     +12     
- Partials     3193    3198      +5     

Flag	Coverage Δ
aggregator	63.2% <100.0%> (-0.6%)	⬇️
cluster	∅ <ø> (∅)
collector	58.4% <ø> (ø)
dbnode	60.3% <ø> (-0.1%)	⬇️
m3em	46.4% <ø> (ø)
metrics	19.7% <ø> (ø)
msg	74.4% <ø> (+<0.1%)	⬆️

Flags with carried forward coverage won't be shown. Click here to find out more.

---

Continue to review full report at Codecov.

Legend - Click here to learn more
Δ = absolute <relative> (impact), ø = not affected, ? = missing data
Powered by Codecov. Last update b3fe0f1...15e41cf. Read the comment docs.

[rallen090]

Is this new behavior to prevent duplicates?

[ryanhall07]

it's not new behavior. previously we only cascaded the update if the nextAgg wasn't dirty. however again we were incorrectly reading the dirty bit of the next agg without holding the lock. I could grab the nextAgg lock here but I want to avoid more locking. this basically achieves the same thing by checking if it's already in the dirty set.

[rallen090]

Ok yeah this makes sense

[rallen090]

I think in this case we need to return false otherwise agg is empty and we'd panic on agg.lockedAgg right?

[ryanhall07]

good catch. it's hard to have test coverage for these paths that should never happen and panic in tests.

[ryanhall07]

this test does a pretty good job illustrating the race condition and leak of the dirty set.

[ryanhall07]

we actually want to run this loop for e.minStartTime so we close the aggregation.

[ryanhall07]

figured this guard would help reduce some unnecessary lookups in the common case.

[rallen090]

So this can be done since a "nextAgg" can only precede a "flushed current agg"? Might be worth commenting

[ryanhall07]

it's more we only care to cascade an update when a previously flushed value has been updated. will add a comment/example.

[ryanhall07]

this guard was dumb. it just causes a potential nil pointer when accessing the previous consumedValues above. instead of having to add a branch for nil, just add NaN which the code can already handle anyways.

[rallen090]

Ah ok this makes sense. nit: this comment wording I think is missing a "because"

[rallen090]

Why's this unnecessary now? I guess anything "previous" must have consumedVals? That'd only be the case if the previous had a binary op though right?

[ryanhall07]

the only time the consumed value of the previous aggregation could be nil, is if the consumed value was NaN. this can happen for certain aggregations like Max when there is no data yet. I removed the guard below that did not populate consumedValues if the value was NaN, so this can never happen now. The code could already handle a NaN value, so it just seemed overly complicated. Removed 2 if statements that provided no value.

"That'd only be the case if the previous had a binary op though right?" - You're in the binaryOp case so you're guaranteed the previous was a binary op as well. The pipeline can't change within an aggregation (it would create a new aggregation).

also see the other comment below.

[rallen090]

I think this is another case where not panicking here (e.g. in prod) will result in a panic below because prevFlushState will have an empty consumedValues

[rallen090]

For something like this or some other bug it might be worth still keeping around that check against a nil consumedValues - just to prevent a panic. And we could just do EmitAndLogInvariantViolation if nil

[ryanhall07]

yea good catch