[WIP] Add node-local wakeups to ProcessorInbox

[lquerel]

Not ready for review. #2469 must be merged first to reduce the scope of this PR

Change Summary

Add a node-local wakeup API for processors and integrate it into ProcessorInbox.

This PR introduces keyed, cancelable wakeups that let a processor schedule local wakeup work without sending dummy pdata back through the old delayed data path. Due wakeups are surfaced through ProcessorInbox as control
messages.

This is the next step in the redesign tracked in #2465. The goal is to split two different behaviors that were previously mixed together:

• wakeup-style local scheduling
• delayed pdata resume

This PR handles the first one only. It migrates the wakeup-style usages in batch_processor and durable_buffer_processor, while intentionally leaving retry and the old global delayed-data path in place for the next PRs.

What issue does this PR close?

• Part of Improve control delivery, shutdown robustness, and local deferred work #2465

How are these changes tested?

• Added/updated engine tests covering:
  • local wakeup scheduling
  • wakeup replacement and cancellation
  • ProcessorInbox delivery of due wakeups
  • shutdown behavior for pending wakeups
• Added/updated processor tests covering:
  • batch wakeup-driven flush behavior
  • durable-buffer wakeup-driven retry/resume behavior
• Verified with:
  • cargo xtask check

Are there any user-facing changes?

No user-facing changes.

This PR is an internal runtime change only.

[codecov]

Codecov Report

❌ Patch coverage is 91.71447% with 130 lines in your changes missing coverage. Please review.
✅ Project coverage is 88.38%. Comparing base (d8e64e0) to head (4a0338d).

Additional details and impacted files

@@            Coverage Diff             @@
##             main    #2470      +/-   ##
==========================================
+ Coverage   88.34%   88.38%   +0.03%     
==========================================
  Files         613      615       +2     
  Lines      222675   224019    +1344     
==========================================
+ Hits       196731   198005    +1274     
- Misses      25420    25490      +70     
  Partials      524      524              

Components	Coverage Δ
otap-dataflow	90.28% <91.71%> (+0.03%)	⬆️
query_abstraction	80.61% <ø> (ø)
query_engine	90.74% <ø> (ø)
syslog_cef_receivers	∅ <ø> (∅)
otel-arrow-go	52.45% <ø> (ø)
quiver	91.92% <ø> (ø)

🚀 New features to boost your workflow:

• ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.
• 📦 JS Bundle Analysis: Save yourself from yourself by tracking and limiting bundle sizes in JS merges.

[jmacd]

Does Rust really not have a crate for this? Hmm (thinking like Golang https://pkg.go.dev/container/heap). Don't get me wrong-- I love heaps! I would put this heap-helper stuff in a new data structure-only file.

[AaronRM]

I know this is still a WIP, so not leaving detailed comments yet. Just wanted to chime in early on the approach to hopefully reduce overwork.

My general concern in the durable_buffer changes specifically (not the general mechanism) is that we'd be doing something relatively complex with the 'many wakeup slots + OverflowRetry' approach at a time when we can least afford to do so (i.e. under heavy NACK pressure from a network outage).

Instead of one wakeup slot per bundle, could we simplify by only maintaining a single WakeupSlot that tracks the earliest pending retry deadline. When a NACK arrives (or the wakeup fires and we need to reschedule), we compute the backoff time and call set_wakeup(slot, min(current_scheduled, new_retry_at)). When the wakeup fires, scan Quiver for all bundles whose backoff has elapsed and resend them. We still get exact timing for the next retry without per-bundle slot management. The state the durable_buffer_processor maintains reduces to one Instant and one wakeup slot. The OverflowRetry mechanism goes away in the durable buffer (no longer needed) and we don't need to coordinate between multiple scheduling methods.

[lquerel]

That sounds reasonable, I'll take a look at what I can do.

[lquerel]

Please take a look at the updated code.

[lquerel]

@AaronRM and @JakeDern , could you each review the integration I made of the new wakeup API, respectively in the durable buffer processor and the batch processor, replacing the delayed data control message that was used before?

[lquerel]

@AaronRM At the durable buffer retry state level, there is still a potential issue with unbounded heap memory usage. With the new wakeup API, I think the situation is better than before, but the heap footprint can still grow with the number of deferred bundles.

During a prolonged transient outage with small bundles, the durable backlog can become large in terms of in-memory retry metadata. I did not try to fix this because it goes well beyond the integration of the wakeup API, but I think a long-term solution would be to move the retry_at metadata directly into durable storage so that retry bookkeeping remains bounded in memory.

That said, I don't have your full design in mind, and this may not be the best approach. In any case, I'll leave it to you to take a look.

[JakeDern]

Batch processor changes look reasonable to me. I assume we'll remove the DelayedData handling code before merge since it's obsolete now

[JakeDern]

Very nice!

[JakeDern]

I'm glad this is part of the engine! I was wondering if I'd have to do a similar thing at the processor level

[AaronRM]

@AaronRM At the durable buffer retry state level, there is still a potential issue with unbounded heap memory usage. With the new wakeup API, I think the situation is better than before, but the heap footprint can still grow with the number of deferred bundles.

Thanks @lquerel. The changes with the single slot redesign now look good to me from the durable_buffer perspective. 👍

To your concern re: unbounded heap growth, I filed #2552 to track that separately. I agree that it's not something your PR should address, although as you note, your changes already improve the situation slightly.