GH-40557: [C++] Use PutObject request for S3 in OutputStream when only uploading small data

[OliLay]

Rationale for this change

See #40557. The previous implementation would always issue multi part uploads which come with 3x RTT to S3 instead of just 1x RTT with a PutObject request.

What changes are included in this PR?

Implement logic in the S3 OutputStream to use a PutObject request if data is below a certain threshold (5 MB) and the output stream is closed. If more data is written, a multi part upload is triggered. Note: Previously, opening the output stream was already expensive because the CreateMultipartUpload request was triggered then. With this change opening the output stream becomes cheap, as we rather wait until some data is written to decide which upload method to use. This required some more state-keeping in the output stream class.

Are these changes tested?

No new tests were added, as there are already tests for very small writes and very large writes, which will trigger both ways of uploading. Everything should therefore be covered by existing tests.

Are there any user-facing changes?

• Previously, we would fail when opening the output stream if the bucket doesn't exist. We inferred that by sending the CreateMultipartUpload request, which we now do not send anymore upon opening the stream. We now rather fail at closing, or at writing (when >5MB have accumulated). Replicating the old behavior is not possible without sending another request which defeats the purpose of this performance optimization. I hope this is fine.

• GitHub Issue: [C++] S3Filesystem always initiates multipart uploads, regardless of input size #40557

[github-actions]

⚠️ GitHub issue #40557 has been automatically assigned in GitHub to PR creator.

[OliLay]

From the log output, it seems like the failing CI jobs are not related to this change. Correct me if I am wrong though. Should I rebase (in case the flaky tests are already fixed on main)?

[orf]

I think it’s worth rebasing to see?

[OliLay]

Rebased to current main, now waiting for the CI approval again :)

[pitrou]

Previously, we would fail when opening the output stream if the bucket doesn't exist. We inferred that by sending the CreateMultipartUpload request, which we now do not send anymore upon opening the stream. We now rather fail at closing, or at writing (when >5MB have accumulated).

Hmm, I'm not sure that is ok. Usually, when opening a file for writing, you expect the initial open to fail if the path cannot be written to. I have no idea how much code relies on that, but that's a common expectation due to how filesystems usually work (e.g. when accessing local storage).

[orf]

Previously, we would fail when opening the output stream if the bucket doesn't exist. We inferred that by sending the CreateMultipartUpload request, which we now do not send anymore upon opening the stream. We now rather fail at closing, or at writing (when >5MB have accumulated).

Hmm, I'm not sure that is ok. Usually, when opening a file for writing, you expect the initial open to fail if the path cannot be written to. I have no idea how much code relies on that, but that's a common expectation due to how filesystems usually work (e.g. when accessing local storage).

This isn’t guaranteed with the current implementation though? Putting a part, or completing a multipart upload, can fail in various ways? An obvious one would be a checksum failure.

[pitrou]

My point is that if the path cannot be written to, the error happens when opening the file, not later on.

[OliLay]

My point is that if the path cannot be written to, the error happens when opening the file, not later on.

That is true. I guess the question is if arrow's OutputStream API makes an explicit guarantee that Open should throw if the target does not exist. My guess would be that you shouldn't built code upon this assumption if it isn't explicitly stated in arrow's API/docs (which it is not), but of course real-world usage deviates from that (Hyrum's Law).
But checking if the bucket exists would at least come with another 1x RTT to S3 and the goal of the PR was to reduce the amount of blocking calls to S3 to reduce overall latency. If we add another check here, we'll have a total 2x RTT to S3 for small uploads, which is better than the initial 3x RTT without this change, but still not optimal from a performance-view. (and we would probably have 4x RTT for multipart uploads)

[pitrou]

That is true. I guess the question is if arrow's OutputStream API makes an explicit guarantee that Open should throw if the target does not exist. My guess would be that you shouldn't built code upon this assumption if it isn't explicitly stated in arrow's API/docs (which it is not), but of course real-world usage deviates from that (Hyrum's Law).

The API docs generally do not go into that level of detail. However, it is a general assumption that a filesystem "looks like" a local filesystem API-wise.

It is also much more convenient to get an error early, than after you have already "written" multiple megabytes of data to the file.

A compromise would be to add a dedicated option in S3Options, but of course the optimization would only benefit those users that enable the option.

[OliLay]

A compromise would be to add a dedicated option in S3Options, but of course the optimization would only benefit those users that enable the option.

We can do that. I would propose that if the optimization is disabled, we directly use multi-part uploads (basically replicating the old behavior). I don't think it makes sense to explicitly issue a HeadBucket request because that will lead to minimum 4 requests with multi-part uploads then. (although we would only have 2 requests for small writes without the optimization compared to current main)
What do you think?

[pitrou]

We can do that. I would propose that if the optimization is disabled, we directly use multi-part uploads (basically replicating the old behavior).

That sounds reasonable to me.

[orf]

Just to note, issuing HeadBucket doesn't guarantee that a write will succeed - there isn't really a good way to check without actually writing. A HeadObject on the key and failing on any 403 is probably ok though? However there are valid cases where you'd want to write to a key that your principal is not able to read from. HeadBucket also requires full s3:ListBucket permissions, policies that restrict listing to specific prefixes would need to be updated.

I think an optimization flag is appropriate as the behaviour is technically changing. Does it make sense to make the flag a somewhat generic one, rather than specific to this case?

There are a few other optimizations that might also fall into the "more performant, slightly different semantics" category. If I was to contribute a PR to improve one of the linked areas, would we want to add a new specific flag for this case or bundle it under a single "optimized" flag?

The upside would be that it becomes more configurable, whereas the downside is that the testing and support matrix explodes. Perhaps it's better to just have a single optimized=True flag, vs receiving bug reports when specifically optimize_put_object=True, optimize_delete_dir=False, optimize_move=True, optimize_delete=False, optimize_ensure_parents_exist=True, optimize_foobar=True are set?

Edit: i guess this is only relevant for higher-level Python bindings, we'd still want internal flags for individual features.

[OliLay]

I added a sanitize_bucket_on_open_ flag to the S3Options, adjusted the logic and also instantiated tests with this flag enabled.
I guess the Python bindings can be tackled in a separate PR, right?

[mapleFU]

A minor question: would single-part only send during closing?

[mapleFU]

Can this actually happens when part_size_ is large enough but not being uploaded?

[OliLay]

Can you elaborate more? I think we're calling EnsureReadyToFlushFromClose just to flush the data if we close the stream, hence sometimes we still have data in-flight that has to be uploaded (the "last part" which we commit in this branch, or a dummy part if no data was written at all).

[mapleFU]

Just to make it clear, since if part_size_ is larger than size-limit, it should be switch to multipart during "doWrite". During closing maybe it cannot limit the size-limit?

[OliLay]

You mean if current_part_size_ > kPartUploadSize can be true at the time we close the stream?
I think that is not possible (and also wasn't possible with the old impl). The invariant when Close() is called is that current_part_size_ < kPartUploadSize holds, because if we write to the stream and current_part_size_ >= kPartUploadSize holds, we always directly upload a part in DoWrite.

[mapleFU]

Yes, maybe simplify to has_multi_part_upload_ or other is ok, but this also looks ok to me

[OliLay]

A minor question: would single-part only send during closing?

Yes, we only issue the PutObject request if we close the stream.

[mapleFU]

I've take a round and this general looks ok to me, but maybe other reviewers would have comments on styles

[mapleFU]

(Besides, could we debug checks that multi-part will not called after single part is updated?)

[OliLay]

We would need another variable for that to save that we issued the single part upload. Considering this, not sure if is worth adding that, considering that we only issue a single part upload in Close() anyways. (+ tests would complain that the object already exists if we would trigger both requests, independent in which order I would assume)

[mapleFU]

So just to make it clear, the async_result_callback always get a UploadState and uses it. And the sync_result_callback never uses that?

[OliLay]

Yes, previously in the sync case we also directly called AddCompletedPart which just used the state to fiddle around with its completed_parts member. For a single upload request, I think we can omit this and hence do not need to modify the state at all.

[kou]

Suggested change

	if (metadata == nullptr ||
	if (!metadata ||

[kou]

How about swapping these clauses for easy to read?

if (metadata && metadata->Contains(ObjectMetadataSetter<ObjectRequest>::CONTENT_TYPE_KEY)) {
  RETURN_NOT_OK(SetObjectMetadata(metadata, request));
} else {
  request->SetContentType("application/octet-stream");
}

[OliLay]

92aa434

[pitrou]

Perhaps we should make this more general, to open up other potential optimizations?

  /// Whether to allow file-open methods to return before the actual open
  ///
  /// Enabling this true may reduce the latency of `OpenInputStream`, `OpenOutpuStream`,
  /// and similar methods, by reducing the number of roundtrips necessary. It may also
  /// allow usage of more efficient S3 APIs for small files.
  /// The downside is that failure conditions such as attempting to open a file in a
  /// non-existing bucket will only be reported when actual I/O is done (at worse,
  /// when attempting to close the file).
  bool allow_delayed_open = false;

[OliLay]

Yes, I like this much more 👍

[pitrou]

Instead of adding more test methods for every combinatorial expansion, perhaps we should instead use a for loop on the various tested parameter values?

[OliLay]

I added a struct which abstracts the parameter combinations. 7748824

[pitrou]

Nit: naming conventions for constants

Suggested change

	static constexpr std::string_view CONTENT_TYPE_KEY = "Content-Type";
	static constexpr std::string_view kContentTypeKey = "Content-Type";

[pitrou]

Should this be named CleanupAfterClose?

[pitrou]

The comment is misleading: this always uploads the current buffer, right?

[pitrou]

I mean, CommitCurrentPart starts by calling CreateMultipartUpload.

[OliLay]

You're right, I just wanted to make the point that we won't call this when we haven't accumulated enough data. I've clarified the comment. 7748824

[pitrou]

Nit, but std::make_shared<Buffer>("", 0) looks simpler to me.

[pitrou]

I don't think this declaration is actually necessary? i.e. TriggerUploadRequest doesn't need to be a template method, it can be a regular overloaded method.

[pitrou]

Let's make this signature more informative

Suggested change

	template <typename RequestType, typename OutcomeType>
	using UploadResultCallbackFunction =
	std::function<Status(const RequestType& request, std::shared_ptr<UploadState>,
	int32_t, OutcomeType outcome)>;
	template <typename RequestType, typename OutcomeType>
	using UploadResultCallbackFunction =
	std::function<Status(const RequestType& request, std::shared_ptr<UploadState>,
	int32_t part_number, OutcomeType outcome)>;

[pitrou]

Nits: move more arguments

Suggested change

	return Upload<Aws::S3::Model::PutObjectRequest, Aws::S3::Model::PutObjectOutcome>(
	std::move(req), sync_result_callback, async_result_callback, data, nbytes,
	owned_buffer);
	return Upload<Aws::S3::Model::PutObjectRequest, Aws::S3::Model::PutObjectOutcome>(
	std::move(req), std::move(sync_result_callback), std::move(async_result_callback),
	data, nbytes, std::move(owned_buffer));

[pitrou]

Same here: more arguments can be moved.

[mapleFU]

Sorry for delaying review! Would merge after other committers approve