Improve activity log throttling check (#34244)

Rather than throttle on the first Prepare+Bind+Execution execution, we
throttle on all statement executions similar to the sampling check. Key
differences being:

- `throttled_count` column is no longer the number of unique prepared
statements throttled before it. It now includes all throttled statement
executions too (i.e. multiple Executes of a prepared statement).

See commit messages for details. 

<!--
Describe the contents of the PR briefly but completely.

If you write detailed commit messages, it is acceptable to copy/paste
them
here, or write "see commit messages for details." If there is only one
commit
in the PR, GitHub will have already added its commit message above.
-->

### Motivation

  * This PR fixes a recognized bug.
- [ ] MaterializeInc/database-issues#9922
- [ ] MaterializeInc/database-issues#9604
<!--
Which of the following best describes the motivation behind this PR?



    [Ensure issue is linked somewhere.]

  * This PR adds a known-desirable feature.

    [Ensure issue is linked somewhere.]

  * This PR fixes a previously unreported bug.

    [Describe the bug in detail, as if you were filing a bug report.]

  * This PR adds a feature that has not yet been specified.

[Write a brief specification for the feature, including justification
for its inclusion in Materialize, as if you were writing the original
     feature specification.]

   * This PR refactors existing code.

[Describe what was wrong with the existing code, if it is not obvious.]
-->

### Tips for reviewer

<!--
Leave some tips for your reviewer, like:

    * The diff is much smaller if viewed with whitespace hidden.
    * [Some function/module/file] deserves extra attention.
* [Some function/module/file] is pure code movement and only needs a
skim.

Delete this section if no tips.
-->

### Checklist

- [ ] This PR has adequate test coverage / QA involvement has been duly
considered. ([trigger-ci for additional test/nightly
runs](https://trigger-ci.dev.materialize.com/))
- [ ] This PR has an associated up-to-date [design
doc](https://github.com/MaterializeInc/materialize/blob/main/doc/developer/design/README.md),
is a design doc
([template](https://github.com/MaterializeInc/materialize/blob/main/doc/developer/design/00000000_template.md)),
or is sufficiently small to not require a design.
  <!-- Reference the design in the description. -->
- [ ] If this PR evolves [an existing `$T ⇔ Proto$T`
mapping](https://github.com/MaterializeInc/materialize/blob/main/doc/developer/command-and-response-binary-encoding.md)
(possibly in a backwards-incompatible way), then it is tagged with a
`T-proto` label.
- [ ] If this PR will require changes to cloud orchestration or tests,
there is a companion cloud PR to account for those changes that is
tagged with the release-blocker label
([example](MaterializeInc/cloud#5021)).
<!-- Ask in #team-cloud on Slack if you need help preparing the cloud
PR. -->
- [ ] If this PR includes major [user-facing behavior
changes](https://github.com/MaterializeInc/materialize/blob/main/doc/developer/guide-changes.md#what-changes-require-a-release-note),
I have pinged the relevant PM to schedule a changelog post.

Author: SangJunBak

doc/user/content/sql/system-catalog/mz_internal.md

@@ -87,7 +87,7 @@ granted the [`mz_monitor` role](/security/appendix/appendix-built-in-roles/#syst
 | `session_id`               | [`uuid`]                     | An ID that is unique for each session. Corresponds to [mz_sessions.id](#mz_sessions). |
 | `prepared_at`              | [`timestamp with time zone`] | The time at which the statement was prepared.                                                                                                                                                                                                                                 |
 | `statement_type`           | [`text`]                     | The _type_ of the statement, e.g. `select` for a `SELECT` query, or `NULL` if the statement was empty.                                                                                                                                                                        |
-| `throttled_count`          | [`uint8`]                    | The number of statements that were dropped due to throttling before the current one was seen. If you have a very high volume of queries and need to log them without throttling, [contact our team](/support/).                                   |
+| `throttled_count`          | [`uint8`]                    | The number of statement executions that were dropped due to throttling before the current one was seen. If you have a very high volume of queries and need to log them without throttling, [contact our team](/support/).                                   |
 | `connected_at`       | [`timestamp with time zone`]                     | The time at which the session was established.                                                                                                                                                                                                                   |
 | `initial_application_name` | [`text`]                     | The initial value of `application_name` at the beginning of the session.                                                                                                                                                                                                      |
 | `authenticated_user`       | [`text`]                     | The name of the user for which the session was established.                                                                                                                                                                                                                   |
@@ -726,21 +726,27 @@ have one or more corresponding executions in
 | `prepared_at` | [`timestamp with time zone`] | The time at which the statement was prepared.                                                                                     |
 -->
 
-<!--
+
 ## `mz_session_history`
 
 The `mz_session_history` table contains all the sessions that have
 been established in the last 30 days, or (even if older) that are
 referenced from
-[`mz_prepared_statement_history`](#mz_prepared_statement_history).
+[`mz_recent_activity_log`](#mz_recent_activity_log).
+
+{{< warning >}}
+Do not rely on all sessions being logged in this view. Materialize
+controls the maximum rate at which statements are sampled, and may change
+this rate at any time.
+{{< /warning >}}
 
+<!-- RELATION_SPEC mz_internal.mz_session_history -->
 | Field                | Type                         | Meaning                                                                                                                           |
 |----------------------|------------------------------|-----------------------------------------------------------------------------------------------------------------------------------|
 | `session_id`         | [`uuid`]                     | The globally unique ID of the session. Corresponds to [`mz_sessions.id`](#mz_sessions).                                           |
 | `connected_at`       | [`timestamp with time zone`] | The time at which the session was established.                                                                                    |
-| `application_name`   | [`text`]                     | The `application_name` session metadata field.                                                                                    |
+| `initial_application_name`   | [`text`]                     | The `application_name` session metadata field.                                                                                    |
 | `authenticated_user` | [`text`]                     | The name of the user for which the session was established.                                                                       |
--->
 
 {{< if-unreleased "v0.113" >}}
 ### `mz_recent_storage_usage`
@@ -1338,7 +1344,6 @@ The `mz_webhook_sources` table contains a row for each webhook source in the sys
 <!-- RELATION_SPEC_UNDOCUMENTED mz_internal.mz_prepared_statement_history -->
 <!-- RELATION_SPEC_UNDOCUMENTED mz_internal.mz_recent_sql_text -->
 <!-- RELATION_SPEC_UNDOCUMENTED mz_internal.mz_recent_sql_text_redacted -->
-<!-- RELATION_SPEC_UNDOCUMENTED mz_internal.mz_session_history -->
 <!-- RELATION_SPEC_UNDOCUMENTED mz_internal.mz_show_all_objects -->
 <!-- RELATION_SPEC_UNDOCUMENTED mz_internal.mz_show_clusters -->
 <!-- RELATION_SPEC_UNDOCUMENTED mz_internal.mz_show_cluster_replicas -->

src/adapter/src/coord/statement_logging.rs

@@ -178,16 +178,15 @@ impl StatementLogging {
     }
 
     /// Check if we need to drop a statement
-    /// due to throttling, and update internal data structures appropriately.
+    /// due to throttling, and update the number of available tokens appropriately.
     ///
-    /// Returns `None` if we must throttle this statement, and `Some(n)` otherwise, where `n`
-    /// is the number of statements that were dropped due to throttling before this one.
+    /// Returns `false` if we must throttle this statement, and `true` otherwise.
     fn throttling_check(
         &mut self,
         cost: u64,
         target_data_rate: u64,
         max_data_credit: Option<u64>,
-    ) -> Option<usize> {
+    ) -> bool {
         let ts = (self.now)() / 1000;
         // We use saturating_sub here because system time isn't monotonic, causing cases
         // when last_logged_ts_seconds is greater than ts.
@@ -202,14 +201,13 @@ impl StatementLogging {
         if let Some(remaining) = self.tokens.checked_sub(cost) {
             debug!("throttling check passed. tokens remaining: {remaining}; cost: {cost}");
             self.tokens = remaining;
-            Some(std::mem::take(&mut self.throttled_count))
+            true
         } else {
             debug!(
                 "throttling check failed. tokens available: {}; cost: {cost}",
                 self.tokens
             );
-            self.throttled_count += 1;
-            None
+            false
         }
     }
 }
@@ -276,15 +274,25 @@ impl Coordinator {
     /// Check whether we need to do throttling (i.e., whether `STATEMENT_LOGGING_TARGET_DATA_RATE` is set).
     /// If so, actually do the check.
     ///
-    /// Returns `None` if we must throttle this statement, and `Some(n)` otherwise, where `n`
-    /// is the number of statements that were dropped due to throttling before this one.
-    fn statement_logging_throttling_check(&mut self, cost: usize) -> Option<usize> {
+    /// We expect `rows` to be the list of rows we intend to record and calculate the cost by summing the
+    /// byte lengths of the rows.
+    ///
+    /// Returns `false` if we must throttle this statement, and `true` otherwise.
+    fn statement_logging_throttling_check<'a, I>(&mut self, rows: I) -> bool
+    where
+        I: IntoIterator<Item = Option<&'a Row>>,
+    {
+        let cost = rows
+            .into_iter()
+            .filter_map(|row_opt| row_opt.map(|row| row.byte_len()))
+            .fold(0_usize, |acc, x| acc.saturating_add(x));
+
         let Some(target_data_rate) = self
             .catalog
             .system_config()
             .statement_logging_target_data_rate()
         else {
-            return Some(std::mem::take(&mut self.statement_logging.throttled_count));
+            return true;
         };
         let max_data_credit = self
             .catalog
@@ -297,25 +305,43 @@ impl Coordinator {
         )
     }
 
+    /// Marks a prepared statement as "already logged".
+    /// Mutates the `PreparedStatementLoggingInfo` metadata.
+    fn record_prepared_statement_as_logged(
+        &self,
+        uuid: Uuid,
+        session: &mut Session,
+        logging: &Arc<QCell<PreparedStatementLoggingInfo>>,
+    ) {
+        let logging = session.qcell_rw(&*logging);
+        if let PreparedStatementLoggingInfo::StillToLog { .. } = logging {
+            *logging = PreparedStatementLoggingInfo::AlreadyLogged { uuid };
+        }
+    }
+
     /// Returns any statement logging events needed for a particular
     /// prepared statement. Possibly mutates the `PreparedStatementLoggingInfo` metadata.
     ///
     /// This function does not do a sampling check, and assumes we did so in a higher layer.
     ///
-    /// It _does_ do a throttling check, and returns `None` if we must not log due to throttling.
-    pub(crate) fn log_prepared_statement(
-        &mut self,
-        session: &mut Session,
+    ///
+    /// Returns A tuple containing:
+    /// - `Option<(StatementPreparedRecord, PreparedStatementEvent)>`: If the prepared statement
+    ///   has not yet been logged, returns the prepared statement record, the packed row of the
+    ///   prepared statement record, and a row for the SQL text.
+    /// - `Uuid`: The UUID of the prepared statement if the prepared statement has been logged
+    pub(crate) fn get_prepared_statement_info(
+        &self,
+        session: &Session,
         logging: &Arc<QCell<PreparedStatementLoggingInfo>>,
-    ) -> Option<(
+    ) -> (
         Option<(StatementPreparedRecord, PreparedStatementEvent)>,
         Uuid,
-    )> {
-        let logging = session.qcell_rw(&*logging);
-        let mut out = None;
+    ) {
+        let logging = session.qcell_ro(&*logging);
 
-        let uuid = match logging {
-            PreparedStatementLoggingInfo::AlreadyLogged { uuid } => *uuid,
+        match logging {
+            PreparedStatementLoggingInfo::AlreadyLogged { uuid } => (None, *uuid),
             PreparedStatementLoggingInfo::StillToLog {
                 sql,
                 redacted_sql,
@@ -331,13 +357,11 @@ impl Coordinator {
                     "accounting for logging should be done in `begin_statement_execution`"
                 );
                 let uuid = epoch_to_uuid_v7(prepared_at);
-                let sql = std::mem::take(sql);
-                let redacted_sql = std::mem::take(redacted_sql);
                 let sql_hash: [u8; 32] = Sha256::digest(sql.as_bytes()).into();
                 let record = StatementPreparedRecord {
                     id: uuid,
                     sql_hash,
-                    name: std::mem::take(name),
+                    name: name.to_string(),
                     session_id: *session_id,
                     prepared_at: *prepared_at,
                     kind: *kind,
@@ -357,22 +381,21 @@ impl Coordinator {
                     Datum::String(redacted_sql.as_str()),
                 ]);
 
-                let cost = mpsh_packer.byte_len() + sql_row.byte_len();
-                let throttled_count = self.statement_logging_throttling_check(cost)?;
+                let throttled_count = self.statement_logging.throttled_count;
                 mpsh_packer.push(Datum::UInt64(throttled_count.try_into().expect("must fit")));
-                out = Some((
-                    record,
-                    PreparedStatementEvent {
-                        prepared_statement: mpsh_row,
-                        sql_text: sql_row,
-                    },
-                ));
 
-                *logging = PreparedStatementLoggingInfo::AlreadyLogged { uuid };
-                uuid
+                (
+                    Some((
+                        record,
+                        PreparedStatementEvent {
+                            prepared_statement: mpsh_row,
+                            sql_text: sql_row,
+                        },
+                    )),
+                    uuid,
+                )
             }
-        };
-        Some((out, uuid))
+        }
     }
     /// The rate at which statement execution should be sampled.
     /// This is the value of the session var `statement_logging_sample_rate`,
@@ -700,6 +723,8 @@ impl Coordinator {
             distribution.sample(&mut rand::rng())
         };
 
+        // Figure out the cost of everything before we log.
+
         // Track how many statements we're recording.
         let sampled_label = sample.then_some("true").unwrap_or("false");
         self.metrics
@@ -728,7 +753,8 @@ impl Coordinator {
         if !sample {
             return None;
         }
-        let (ps_record, ps_uuid) = self.log_prepared_statement(session, logging)?;
+
+        let (maybe_ps, ps_uuid) = self.get_prepared_statement_info(session, logging);
 
         let began_at = if let Some(lifecycle_timestamps) = lifecycle_timestamps {
             lifecycle_timestamps.received
@@ -737,11 +763,6 @@ impl Coordinator {
         };
         let now = self.now();
         let execution_uuid = epoch_to_uuid_v7(&now);
-        self.record_statement_lifecycle_event(
-            &StatementLoggingId(execution_uuid),
-            &StatementLifecycleEvent::ExecutionBegan,
-            began_at,
-        );
 
         let params = std::iter::zip(params.execute_types.iter(), params.datums.iter())
             .map(|(r#type, datum)| {
@@ -786,26 +807,70 @@ impl Coordinator {
                 .collect(),
         };
         let mseh_update = Self::pack_statement_began_execution_update(&record);
+
+        let (maybe_ps_event, maybe_sh_event) = if let Some((ps_record, ps_event)) = maybe_ps {
+            if let Some(sh) = self
+                .statement_logging
+                .unlogged_sessions
+                .get(&ps_record.session_id)
+            {
+                (
+                    Some(ps_event),
+                    Some((Self::pack_session_history_update(sh), ps_record.session_id)),
+                )
+            } else {
+                (Some(ps_event), None)
+            }
+        } else {
+            (None, None)
+        };
+
+        let maybe_ps_prepared_statement = maybe_ps_event.as_ref().map(|e| &e.prepared_statement);
+        let maybe_ps_sql_text = maybe_ps_event.as_ref().map(|e| &e.sql_text);
+
+        if !self.statement_logging_throttling_check([
+            Some(&mseh_update),
+            maybe_ps_prepared_statement,
+            maybe_ps_sql_text,
+            maybe_sh_event.as_ref().map(|(row, _)| row),
+        ]) {
+            self.statement_logging.throttled_count += 1;
+            return None;
+        }
+        // When we successfully log the first instance of a prepared statement
+        // (i.e., it is not throttled), we also capture the number of previously
+        // throttled statement executions in the builtin prepared statement history table above,
+        // and then reset the throttled count for future tracking.
+        else if let PreparedStatementLoggingInfo::StillToLog { .. } = session.qcell_ro(logging) {
+            self.statement_logging.throttled_count = 0;
+        }
+
+        self.record_prepared_statement_as_logged(ps_uuid, session, logging);
+
+        self.record_statement_lifecycle_event(
+            &StatementLoggingId(execution_uuid),
+            &StatementLifecycleEvent::ExecutionBegan,
+            began_at,
+        );
+
         self.statement_logging
             .pending_statement_execution_events
             .push((mseh_update, Diff::ONE));
         self.statement_logging
             .executions_begun
             .insert(execution_uuid, record);
-        if let Some((ps_record, ps_update)) = ps_record {
+
+        if let Some((sh_update, session_id)) = maybe_sh_event {
+            self.statement_logging
+                .pending_session_events
+                .push(sh_update);
+            // Mark the session as logged to avoid logging it again in the future
+            self.statement_logging.unlogged_sessions.remove(&session_id);
+        }
+        if let Some(ps_event) = maybe_ps_event {
             self.statement_logging
                 .pending_prepared_statement_events
-                .push(ps_update);
-            if let Some(sh) = self
-                .statement_logging
-                .unlogged_sessions
-                .remove(&ps_record.session_id)
-            {
-                let sh_update = Self::pack_session_history_update(&sh);
-                self.statement_logging
-                    .pending_session_events
-                    .push(sh_update);
-            }
+                .push(ps_event);
         }
         Some(StatementLoggingId(execution_uuid))
     }

src/adapter/src/session.rs

@@ -269,6 +269,10 @@ impl<T: TimestampManipulation> Session<T> {
         ))
     }
 
+    pub(crate) fn qcell_ro<'a, T2: 'a>(&'a self, cell: &'a Arc<QCell<T2>>) -> &'a T2 {
+        self.qcell_owner.ro(&*cell)
+    }
+
     pub(crate) fn qcell_rw<'a, T2: 'a>(&'a mut self, cell: &'a Arc<QCell<T2>>) -> &'a mut T2 {
         self.qcell_owner.rw(&*cell)
     }