[POC] Key blocking for dirty writes

[jjuleslasarte]

This draft PR is a POC for a dirty key blocking and tracking mechanism to support durability implemented with WBL approach, as outlined in the durablily HLD. It implements 'blocking' of:

• acknowledgement of a write until there's consensus
• dirty reads in the primary node.

Dirty key tracking implementation

Blocking of dirty reads and delaying ack of writes is centered around the ability to determine the set of keys that are dirty or uncommitted by the "quorum" of nodes in the cluster.

This can be realized by keeping track of the list of items that are dirty in the some data-structure (a radix tree in this draft) where each key is corresponded with the byte offset it is currently waiting on acknowledgements from replicas. An incoming read operation can quickly determine whether the keys it tries to access are dirty or not, and if dirty, what offset is required to unblock its responses. This mechanism can also serve if we want to allow a configurable "tail data loss" (i.e allow up to x seconds / x amount of data to be acked before consensus)

The downside of this approach is that the response message gets buffered in memory on the valkey server. This creates certain amount of memory pressure on the server for 2 categories of scenarios: 

• The incoming reader client tries to read a very large item (i.e. a composite item that contains many fields) thus generates a large response buffer in memory
• Many incoming clients try to access dirty items (i.e. hot items) and accumulates a large amount of responses buffered in memory.

For those cases, we could implement a throttling mechanism in the valkey server.

Hooks/touchpoints

This POC hooks into the processing of the command in the following places. The existing flow for most commands is

processCommand -> call() -> c->cmnd->proc()

This PR adds the following hooks:

• processCommand
  • preCommandExec: track the pre-execution positions in the reply cob of the client (and, eventually, connected monitors)
  • call
    • preCall: record the starting replication offset of the command about to be executed.
    • cmd->cmnd->proc()
    • postCall : here, we detect whether we have a command that has made a key dirty (by comparing the replication offset from preCall with the current one), or if the command has accessed a dirty key.
      • In the write path, the blocking offset is the current offset.
      • In the read path, we get the offset by searching for the key in the rax tree.
  • postCommandExec
    • block the client for the given offset

The separation of preCall/postCall and preCommandExect and postCommandExect is so that we can handle multi and lua.

In multi/exec, the individual commands in a transaction

MULTI 
SET a b
SET b c
EXEC

don't go trough processCommand - and get directly called() in the exec command, but form part of the same command, so client needs to block at the position pre-execution of multi. I had included the support for multi (you can see it here) in this PR to better show this, but it was a bit too long for one draft, so I decided to leave that for the next PR.

example

client sends SET FOO BAR

primary

27121:M 23 Nov 2025 15:59:42.820 b postCommandExec hook entered for command 'set'
27121:M 23 Nov 2025 15:59:42.820 b client should be blocked at offset 5509,
// ...
// replica one acks
27121:M 23 Nov 2025 15:59:44.404 b preCall hook: pre_call_replication_offset=5523, pre_call_num_ops_pending_propagation=0

// replica two acks
27121:M 23 Nov 2025 15:59:44.802 b preCall hook: pre_call_replication_offset=5523, pre_call_num_ops_pending_propagation=0

// ...client unblocked
27121:M 23 Nov 2025 15:59:44.802 b unblocking clients for consensus offset 5523,

TODO

• testing
• handling of multi/exec (see here)
• handling of lua
• handling of db level commands
• performance testing
• configs and handling of turning on / off
• telemetry

Looking for feedback on the general approach, the touchpoints with the major codepaths and naming. I will edit this PR

[zuiderkwast]

Very nice to see this PoC!

I'm posting some random comments. I know it's not really ready for review yet so there's no need to reply to them at this point.

There are many TODOs throughout the code which is nice to see. We obviously don't need everything in the PoC, but still good to have them written down. We can convert them to issues or something later.

When we do raft-based replication later, each replica will need to be added to the quorum in some explicit way and only these replicas in the quorum actually count when we count acks. We can keep this in mind and modify how we count what's "committed" and not, later.

[hpatro]

Few things @jjuleslasarte and I had discussed and would need to revisit at a later point:

1. Move from offset tracking mechanism to raft's term/index/commit for consensus (modify getConsensusOffset).
2. Figure out throttling mechanism on accumulation of buffer. Dropping COB on overrun isn't feasible.
3. RAX to be replaced with hashtable (if deemed not efficient). Note: This is only ephemeral data though i.e. during the blocking phase.

Hook points to discuss:

• server.c:3794: preCall(); - Capture replication offset (pre execution)
• server.c:3994: postCall(); - Determine if write command got executed and handles special blocking (scripts)
• server.c:4528: preCommandExec(); - Prepares individual client for blocking
• server.c:4533: postCommandExec(); - Blocks individual client
• networking.c:1680: isClientReplyBufferLimited(c) - Response buffering and limited
• replication.c:1426: postReplicaAck(); Processes acknowledgment and allows clients to progress to certain offset.

[hpatro]

@ranshid Do we remove the read handler callback while the client is blocked?

[hpatro]

@allenss-amazon @yairgott @madolson @rjd15372 Could you folks take a look and provide your feedback?

[hpatro]

When would it be not recorded?

[hpatro]

This might as well be a callback

size_t getConsensusOffset();

[sarthakaggarwal97]

can this be very expensive for write heavy workloads?

[sarthakaggarwal97]

maybe we can find ways to optimize it later on.

[sarthakaggarwal97]

Suggested change

	int isPrimaryDurabilityEnabled(void) {
	int durabilityEnabledOnPrimary(void) {

[sarthakaggarwal97]

I am still in the process of absorbing this change. Leaving some minor thoughts. I will keep on taking a look the next few days.

[sarthakaggarwal97]

probably a server config?

[sarthakaggarwal97]

should this be created lazily for short lived clients which may not need it?

[sarthakaggarwal97]

maybe we can find ways to optimize it later on.

[sarthakaggarwal97]

maybe a min heap type structure might help to avoid sorting always?

[jjuleslasarte]

closing this DRAFT - I'm incorporating @zuiderkwast @hpatro and @sarthakaggarwal97 's feedback into the work in progress in the durability branch. Tracking issue will be #3037 - I'll open up an in progress draft PR against durability branch.