Update seastar submodule (json crash in describe_ring)

* seastar 0568c231cd...fd0d7c1c9a (1):
  > Merge 'stream_range_as_array: always close output stream' from Benny Halevy

Fixes #10592.

.github/CODEOWNERS

@@ -0,0 +1,87 @@
+# AUTH
+auth/* @elcallio @vladzcloudius
+
+# CACHE
+row_cache* @tgrabiec @haaawk
+*mutation* @tgrabiec @haaawk
+tests/mvcc* @tgrabiec @haaawk
+
+# CDC
+cdc/* @haaawk @kbr- @elcallio @piodul @jul-stas
+test/cql/cdc_* @haaawk @kbr- @elcallio @piodul @jul-stas
+test/boost/cdc_* @haaawk @kbr- @elcallio @piodul @jul-stas
+
+# COMMITLOG / BATCHLOG
+db/commitlog/* @elcallio
+db/batch* @elcallio
+
+# COORDINATOR
+service/storage_proxy* @gleb-cloudius
+
+# COMPACTION
+sstables/compaction* @raphaelsc @nyh
+
+# CQL TRANSPORT LAYER
+transport/* @penberg
+
+# CQL QUERY LANGUAGE
+cql3/* @tgrabiec @penberg @psarna
+
+# COUNTERS
+counters* @haaawk @jul-stas
+tests/counter_test* @haaawk @jul-stas
+
+# GOSSIP
+gms/* @tgrabiec @asias
+
+# DOCKER
+dist/docker/* @penberg
+
+# LSA
+utils/logalloc* @tgrabiec
+
+# MATERIALIZED VIEWS
+db/view/* @nyh @psarna
+cql3/statements/*view* @nyh @psarna
+test/boost/view_* @nyh @psarna
+
+# PACKAGING
+dist/* @syuu1228
+
+# REPAIR
+repair/* @tgrabiec @asias @nyh
+
+# SCHEMA MANAGEMENT
+db/schema_tables* @tgrabiec @nyh
+db/legacy_schema_migrator* @tgrabiec @nyh
+service/migration* @tgrabiec @nyh
+schema* @tgrabiec @nyh
+
+# SECONDARY INDEXES
+db/index/* @nyh @penberg @psarna
+cql3/statements/*index* @nyh @penberg @psarna
+test/boost/*index* @nyh @penberg @psarna
+
+# SSTABLES
+sstables/* @tgrabiec @raphaelsc @nyh
+
+# STREAMING
+streaming/* @tgrabiec @asias
+service/storage_service.* @tgrabiec @asias
+
+# ALTERNATOR
+alternator/* @nyh @psarna
+test/alternator/* @nyh @psarna
+
+# HINTED HANDOFF
+db/hints/* @haaawk @piodul @vladzcloudius
+
+# REDIS
+redis/* @nyh @syuu1228
+redis-test/* @nyh @syuu1228
+
+# READERS
+reader_* @denesb
+querier* @denesb
+test/boost/mutation_reader_test.cc @denesb
+test/boost/querier_cache_test.cc @denesb

.github/workflows/pages.yml

@@ -0,0 +1,33 @@
+name: "CI Docs"
+
+on:
+  push:
+    branches:
+    - master
+    paths:
+    - 'docs/**'
+jobs:
+  release:
+    name: Build
+    runs-on: ubuntu-latest
+    env:
+      LATEST_VERSION: master
+    steps:
+    - name: Checkout
+      uses: actions/checkout@v2
+      with:
+        persist-credentials: false
+        fetch-depth: 0
+    - name: Set up Python
+      uses: actions/setup-python@v1
+      with:
+        python-version: 3.7
+    - name: Build docs
+      run: |
+        export PATH=$PATH:~/.local/bin
+        cd docs
+        make multiversion
+    - name: Deploy
+      run : ./docs/_utils/deploy.sh
+      env:
+        GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}

.gitignore

@@ -22,5 +22,8 @@ resources
 .pytest_cache
 /expressions.tokens
 tags
-testlog/*
+testlog
 test/*/*.reject
+.vscode
+docs/_build
+docs/poetry.lock

.gitmodules

@@ -1,6 +1,6 @@
 [submodule "seastar"]
 	path = seastar
-	url = ../seastar
+	url = ../scylla-seastar
 	ignore = dirty
 [submodule "swagger-ui"]
 	path = swagger-ui
@@ -13,8 +13,11 @@
 	path = abseil
 	url = ../abseil-cpp
 [submodule "scylla-jmx"]
-	path = scylla-jmx
+	path = tools/jmx
 	url = ../scylla-jmx
 [submodule "scylla-tools"]
-	path = scylla-tools
+	path = tools/java
 	url = ../scylla-tools-java
+[submodule "scylla-python3"]
+	path = tools/python3
+	url = ../scylla-python3

CMakeLists.txt

@@ -1,8 +1,5 @@
-##
-## For best results, first compile the project using the Ninja build-system.
-##
+cmake_minimum_required(VERSION 3.18)
 
-cmake_minimum_required(VERSION 3.7)
 project(scylla)
 
 if(NOT CMAKE_BUILD_TYPE AND NOT CMAKE_CONFIGURATION_TYPES)
@@ -20,136 +17,740 @@ else()
     set(BUILD_TYPE "release")
 endif()
 
-if (NOT DEFINED FOR_IDE AND NOT DEFINED ENV{FOR_IDE} AND NOT DEFINED ENV{CLION_IDE})
-    message(FATAL_ERROR "This CMakeLists.txt file is only valid for use in IDEs, please define FOR_IDE to acknowledge this.")
-endif()
-
-# These paths are always available, since they're included in the repository. Additional DPDK headers are placed while
-# Seastar is built, and are captured in `SEASTAR_INCLUDE_DIRS` through parsing the Seastar pkg-config file (below).
-set(SEASTAR_DPDK_INCLUDE_DIRS
-        seastar/dpdk/lib/librte_eal/common/include
-        seastar/dpdk/lib/librte_eal/common/include/generic
-        seastar/dpdk/lib/librte_eal/common/include/x86
-        seastar/dpdk/lib/librte_ether)
-
-find_package(PkgConfig REQUIRED)
-
-set(ENV{PKG_CONFIG_PATH} "${CMAKE_SOURCE_DIR}/build/${BUILD_TYPE}/seastar:$ENV{PKG_CONFIG_PATH}")
-pkg_check_modules(SEASTAR seastar)
-
-if(NOT SEASTAR_INCLUDE_DIRS)
-    # Default value. A more accurate list is populated through `pkg-config` below if `seastar.pc` is available.
-    set(SEASTAR_INCLUDE_DIRS "seastar/include")
-endif()
-
-find_package(Boost COMPONENTS filesystem program_options system thread)
-
-##
-## Populate the names of all source and header files in the indicated paths in a designated variable.
-##
-## When RECURSIVE is specified, directories are traversed recursively.
-##
-## Use: scan_scylla_source_directories(VAR my_result_var [RECURSIVE] PATHS [path1 path2 ...])
-##
-function (scan_scylla_source_directories)
-    set(options RECURSIVE)
-    set(oneValueArgs VAR)
-    set(multiValueArgs PATHS)
-    cmake_parse_arguments(args "${options}" "${oneValueArgs}" "${multiValueArgs}" "${ARGN}")
-
-    set(globs "")
-
-    foreach (dir ${args_PATHS})
-        list(APPEND globs "${dir}/*.cc" "${dir}/*.hh")
-    endforeach()
-
-    if (args_RECURSIVE)
-        set(glob_kind GLOB_RECURSE)
+function(default_target_arch arch)
+    set(x86_instruction_sets i386 i686 x86_64)
+    if(CMAKE_SYSTEM_PROCESSOR IN_LIST x86_instruction_sets)
+        set(${arch} "westmere" PARENT_SCOPE)
+    elseif(CMAKE_SYSTEM_PROCESSOR EQUAL "aarch64")
+        set(${arch} "armv8-a+crc+crypto" PARENT_SCOPE)
     else()
-        set(glob_kind GLOB)
+        set(${arch} "" PARENT_SCOPE)
     endif()
+endfunction()
+default_target_arch(target_arch)
+if(target_arch)
+    set(target_arch_flag "-march=${target_arch}")
+endif()
 
-    file(${glob_kind} var
-            ${globs})
+# Configure Seastar compile options to align with Scylla
+set(Seastar_CXX_FLAGS -fcoroutines ${target_arch_flag} CACHE INTERNAL "" FORCE)
+set(Seastar_CXX_DIALECT gnu++20 CACHE INTERNAL "" FORCE)
 
-    set(${args_VAR} ${var} PARENT_SCOPE)
+add_subdirectory(seastar)
+add_subdirectory(abseil)
+# Exclude absl::strerror from the default "all" target since it's not
+# used in Scylla build and, moreover, makes use of deprecated glibc APIs,
+# such as sys_nerr, which are not exposed from "stdio.h" since glibc 2.32,
+# which happens to be the case for recent Fedora distribution versions.
+#
+# Need to use the internal "absl_strerror" target name instead of namespaced
+# variant because `set_target_properties` does not understand the latter form,
+# unfortunately.
+set_target_properties(absl_strerror PROPERTIES EXCLUDE_FROM_ALL TRUE)
+
+# System libraries dependencies
+find_package(Boost COMPONENTS filesystem program_options system thread regex REQUIRED)
+find_package(Lua REQUIRED)
+find_package(ZLIB REQUIRED)
+find_package(ICU COMPONENTS uc REQUIRED)
+
+set(scylla_build_dir "${CMAKE_BINARY_DIR}/build/${BUILD_TYPE}")
+set(scylla_gen_build_dir "${scylla_build_dir}/gen")
+file(MAKE_DIRECTORY "${scylla_build_dir}" "${scylla_gen_build_dir}")
+
+# Place libraries, executables and archives in ${buildroot}/build/${mode}/
+foreach(mode RUNTIME LIBRARY ARCHIVE)
+    set(CMAKE_${mode}_OUTPUT_DIRECTORY "${scylla_build_dir}")
+endforeach()
+
+# Generate C++ source files from thrift definitions
+function(scylla_generate_thrift)
+    set(one_value_args TARGET VAR IN_FILE OUT_DIR SERVICE)
+    cmake_parse_arguments(args "" "${one_value_args}" "" ${ARGN})
+
+    get_filename_component(in_file_name ${args_IN_FILE} NAME_WE)
+
+    set(aux_out_file_name ${args_OUT_DIR}/${in_file_name})
+    set(outputs
+        ${aux_out_file_name}_types.cpp
+        ${aux_out_file_name}_types.h
+        ${aux_out_file_name}_constants.cpp
+        ${aux_out_file_name}_constants.h
+        ${args_OUT_DIR}/${args_SERVICE}.cpp
+        ${args_OUT_DIR}/${args_SERVICE}.h)
+
+    add_custom_command(
+        DEPENDS
+            ${args_IN_FILE}
+            thrift
+        OUTPUT ${outputs}
+        COMMAND ${CMAKE_COMMAND} -E make_directory ${args_OUT_DIR}
+        COMMAND thrift -gen cpp:cob_style,no_skeleton -out "${args_OUT_DIR}" "${args_IN_FILE}")
+
+    add_custom_target(${args_TARGET}
+        DEPENDS ${outputs})
+
+    set(${args_VAR} ${outputs} PARENT_SCOPE)
 endfunction()
 
-## Although Seastar is an external project, it is common enough to explore the sources while doing
-## Scylla development that we'll treat the Seastar sources as part of this project for easier navigation.
-scan_scylla_source_directories(
-        VAR SEASTAR_SOURCE_FILES
-        RECURSIVE
+scylla_generate_thrift(
+    TARGET scylla_thrift_gen_cassandra
+    VAR scylla_thrift_gen_cassandra_files
+    IN_FILE interface/cassandra.thrift
+    OUT_DIR ${scylla_gen_build_dir}
+    SERVICE Cassandra)
 
-        PATHS
-          seastar/core
-          seastar/http
-          seastar/json
-          seastar/net
-          seastar/rpc
-          seastar/testing
-          seastar/util)
+# Parse antlr3 grammar files and generate C++ sources
+function(scylla_generate_antlr3)
+    set(one_value_args TARGET VAR IN_FILE OUT_DIR)
+    cmake_parse_arguments(args "" "${one_value_args}" "" ${ARGN})
 
-scan_scylla_source_directories(
-        VAR SCYLLA_ROOT_SOURCE_FILES
-        PATHS .)
+    get_filename_component(in_file_pure_name ${args_IN_FILE} NAME)
+    get_filename_component(stem ${in_file_pure_name} NAME_WE)
 
-scan_scylla_source_directories(
-        VAR SCYLLA_SUB_SOURCE_FILES
-        RECURSIVE
+    set(outputs
+        "${args_OUT_DIR}/${stem}Lexer.hpp"
+        "${args_OUT_DIR}/${stem}Lexer.cpp"
+        "${args_OUT_DIR}/${stem}Parser.hpp"
+        "${args_OUT_DIR}/${stem}Parser.cpp")
 
-        PATHS
-          api
-          auth
-          cql3
-          db
-          dht
-          exceptions
-          gms
-          index
-          io
-          locator
-          message
-          repair
-          service
-          sstables
-          streaming
-          test
-          thrift
-          tracing
-          transport
-          utils)
+    add_custom_command(
+        DEPENDS
+            ${args_IN_FILE}
+        OUTPUT ${outputs}
+        # Remove #ifdef'ed code from the grammar source code
+        COMMAND sed -e "/^#if 0/,/^#endif/d" "${args_IN_FILE}" > "${args_OUT_DIR}/${in_file_pure_name}"
+        COMMAND antlr3 "${args_OUT_DIR}/${in_file_pure_name}"
+        # We replace many local `ExceptionBaseType* ex` variables with a single function-scope one.
+        # Because we add such a variable to every function, and because `ExceptionBaseType` is not a global
+        # name, we also add a global typedef to avoid compilation errors.
+        COMMAND sed -i -e "/^.*On :.*$/d" "${args_OUT_DIR}/${stem}Lexer.hpp"
+        COMMAND sed -i -e "/^.*On :.*$/d" "${args_OUT_DIR}/${stem}Lexer.cpp"
+        COMMAND sed -i -e "/^.*On :.*$/d" "${args_OUT_DIR}/${stem}Parser.hpp"
+        COMMAND sed -i
+            -e "s/^\\( *\\)\\(ImplTraits::CommonTokenType\\* [a-zA-Z0-9_]* = NULL;\\)$/\\1const \\2/"
+            -e "/^.*On :.*$/d"
+            -e "1i using ExceptionBaseType = int;"
+            -e "s/^{/{ ExceptionBaseType\\* ex = nullptr;/; s/ExceptionBaseType\\* ex = new/ex = new/; s/exceptions::syntax_exception e/exceptions::syntax_exception\\& e/"
+            "${args_OUT_DIR}/${stem}Parser.cpp"
+        VERBATIM)
 
-scan_scylla_source_directories(
-        VAR SCYLLA_GEN_SOURCE_FILES
-        RECURSIVE
-        PATHS build/${BUILD_TYPE}/gen)
+    add_custom_target(${args_TARGET}
+        DEPENDS ${outputs})
 
-set(SCYLLA_SOURCE_FILES
-        ${SCYLLA_ROOT_SOURCE_FILES}
-        ${SCYLLA_GEN_SOURCE_FILES}
-        ${SCYLLA_SUB_SOURCE_FILES})
+    set(${args_VAR} ${outputs} PARENT_SCOPE)
+endfunction()
+
+set(antlr3_grammar_files
+    cql3/Cql.g
+    alternator/expressions.g)
+
+set(antlr3_gen_files)
+
+foreach(f ${antlr3_grammar_files})
+    get_filename_component(grammar_file_name "${f}" NAME_WE)
+    get_filename_component(f_dir "${f}" DIRECTORY)
+    scylla_generate_antlr3(
+        TARGET scylla_antlr3_gen_${grammar_file_name}
+        VAR scylla_antlr3_gen_${grammar_file_name}_files
+        IN_FILE ${f}
+        OUT_DIR ${scylla_gen_build_dir}/${f_dir})
+    list(APPEND antlr3_gen_files "${scylla_antlr3_gen_${grammar_file_name}_files}")
+endforeach()
+
+# Generate C++ sources from ragel grammar files
+seastar_generate_ragel(
+    TARGET scylla_ragel_gen_protocol_parser
+    VAR scylla_ragel_gen_protocol_parser_file
+    IN_FILE redis/protocol_parser.rl
+    OUT_FILE ${scylla_gen_build_dir}/redis/protocol_parser.hh)
+
+# Generate C++ sources from Swagger definitions
+set(swagger_files
+    api/api-doc/cache_service.json
+    api/api-doc/collectd.json
+    api/api-doc/column_family.json
+    api/api-doc/commitlog.json
+    api/api-doc/compaction_manager.json
+    api/api-doc/config.json
+    api/api-doc/endpoint_snitch_info.json
+    api/api-doc/error_injection.json
+    api/api-doc/failure_detector.json
+    api/api-doc/gossiper.json
+    api/api-doc/hinted_handoff.json
+    api/api-doc/lsa.json
+    api/api-doc/messaging_service.json
+    api/api-doc/storage_proxy.json
+    api/api-doc/storage_service.json
+    api/api-doc/stream_manager.json
+    api/api-doc/system.json
+    api/api-doc/utils.json)
+
+set(swagger_gen_files)
+
+foreach(f ${swagger_files})
+    get_filename_component(fname "${f}" NAME_WE)
+    get_filename_component(dir "${f}" DIRECTORY)
+    seastar_generate_swagger(
+        TARGET scylla_swagger_gen_${fname}
+        VAR scylla_swagger_gen_${fname}_files
+        IN_FILE "${f}"
+        OUT_DIR "${scylla_gen_build_dir}/${dir}")
+    list(APPEND swagger_gen_files "${scylla_swagger_gen_${fname}_files}")
+endforeach()
+
+# Create C++ bindings for IDL serializers
+function(scylla_generate_idl_serializer)
+    set(one_value_args TARGET VAR IN_FILE OUT_FILE)
+    cmake_parse_arguments(args "" "${one_value_args}" "" ${ARGN})
+    get_filename_component(out_dir ${args_OUT_FILE} DIRECTORY)
+    set(idl_compiler "${CMAKE_SOURCE_DIR}/idl-compiler.py")
+
+    find_package(Python3 COMPONENTS Interpreter)
+
+    add_custom_command(
+        DEPENDS
+            ${args_IN_FILE}
+            ${idl_compiler}
+        OUTPUT ${args_OUT_FILE}
+        COMMAND ${CMAKE_COMMAND} -E make_directory ${out_dir}
+        COMMAND Python3::Interpreter ${idl_compiler} --ns ser -f ${args_IN_FILE} -o ${args_OUT_FILE})
+
+    add_custom_target(${args_TARGET}
+        DEPENDS ${args_OUT_FILE})
+
+    set(${args_VAR} ${args_OUT_FILE} PARENT_SCOPE)
+endfunction()
+
+set(idl_serializers
+    idl/cache_temperature.idl.hh
+    idl/commitlog.idl.hh
+    idl/consistency_level.idl.hh
+    idl/frozen_mutation.idl.hh
+    idl/frozen_schema.idl.hh
+    idl/gossip_digest.idl.hh
+    idl/idl_test.idl.hh
+    idl/keys.idl.hh
+    idl/messaging_service.idl.hh
+    idl/mutation.idl.hh
+    idl/paging_state.idl.hh
+    idl/partition_checksum.idl.hh
+    idl/paxos.idl.hh
+    idl/query.idl.hh
+    idl/range.idl.hh
+    idl/read_command.idl.hh
+    idl/reconcilable_result.idl.hh
+    idl/replay_position.idl.hh
+    idl/result.idl.hh
+    idl/ring_position.idl.hh
+    idl/streaming.idl.hh
+    idl/token.idl.hh
+    idl/tracing.idl.hh
+    idl/truncation_record.idl.hh
+    idl/uuid.idl.hh
+    idl/view.idl.hh)
+
+set(idl_gen_files)
+
+foreach(f ${idl_serializers})
+    get_filename_component(idl_name "${f}" NAME)
+    get_filename_component(idl_target "${idl_name}" NAME_WE)
+    get_filename_component(idl_dir "${f}" DIRECTORY)
+    string(REPLACE ".idl.hh" ".dist.hh" idl_out_hdr_name "${idl_name}")
+    scylla_generate_idl_serializer(
+        TARGET scylla_idl_gen_${idl_target}
+        VAR scylla_idl_gen_${idl_target}_files
+        IN_FILE ${f}
+        OUT_FILE ${scylla_gen_build_dir}/${idl_dir}/${idl_out_hdr_name})
+    list(APPEND idl_gen_files "${scylla_idl_gen_${idl_target}_files}")
+endforeach()
+
+set(scylla_sources
+    absl-flat_hash_map.cc
+    alternator/auth.cc
+    alternator/base64.cc
+    alternator/conditions.cc
+    alternator/executor.cc
+    alternator/expressions.cc
+    alternator/serialization.cc
+    alternator/server.cc
+    alternator/stats.cc
+    alternator/streams.cc
+    api/api.cc
+    api/cache_service.cc
+    api/collectd.cc
+    api/column_family.cc
+    api/commitlog.cc
+    api/compaction_manager.cc
+    api/config.cc
+    api/endpoint_snitch.cc
+    api/error_injection.cc
+    api/failure_detector.cc
+    api/gossiper.cc
+    api/hinted_handoff.cc
+    api/lsa.cc
+    api/messaging_service.cc
+    api/storage_proxy.cc
+    api/storage_service.cc
+    api/stream_manager.cc
+    api/system.cc
+    atomic_cell.cc
+    auth/allow_all_authenticator.cc
+    auth/allow_all_authorizer.cc
+    auth/authenticated_user.cc
+    auth/authentication_options.cc
+    auth/authenticator.cc
+    auth/common.cc
+    auth/default_authorizer.cc
+    auth/password_authenticator.cc
+    auth/passwords.cc
+    auth/permission.cc
+    auth/permissions_cache.cc
+    auth/resource.cc
+    auth/role_or_anonymous.cc
+    auth/roles-metadata.cc
+    auth/sasl_challenge.cc
+    auth/service.cc
+    auth/standard_role_manager.cc
+    auth/transitional.cc
+    bytes.cc
+    canonical_mutation.cc
+    cdc/cdc_partitioner.cc
+    cdc/generation.cc
+    cdc/log.cc
+    cdc/metadata.cc
+    cdc/split.cc
+    clocks-impl.cc
+    collection_mutation.cc
+    compress.cc
+    connection_notifier.cc
+    converting_mutation_partition_applier.cc
+    counters.cc
+    cql3/abstract_marker.cc
+    cql3/attributes.cc
+    cql3/cf_name.cc
+    cql3/column_condition.cc
+    cql3/column_identifier.cc
+    cql3/column_specification.cc
+    cql3/constants.cc
+    cql3/cql3_type.cc
+    cql3/expr/expression.cc
+    cql3/functions/aggregate_fcts.cc
+    cql3/functions/castas_fcts.cc
+    cql3/functions/error_injection_fcts.cc
+    cql3/functions/functions.cc
+    cql3/functions/user_function.cc
+    cql3/index_name.cc
+    cql3/keyspace_element_name.cc
+    cql3/lists.cc
+    cql3/maps.cc
+    cql3/operation.cc
+    cql3/query_options.cc
+    cql3/query_processor.cc
+    cql3/relation.cc
+    cql3/restrictions/statement_restrictions.cc
+    cql3/result_set.cc
+    cql3/role_name.cc
+    cql3/selection/abstract_function_selector.cc
+    cql3/selection/selectable.cc
+    cql3/selection/selection.cc
+    cql3/selection/selector.cc
+    cql3/selection/selector_factories.cc
+    cql3/selection/simple_selector.cc
+    cql3/sets.cc
+    cql3/single_column_relation.cc
+    cql3/statements/alter_keyspace_statement.cc
+    cql3/statements/alter_table_statement.cc
+    cql3/statements/alter_type_statement.cc
+    cql3/statements/alter_view_statement.cc
+    cql3/statements/authentication_statement.cc
+    cql3/statements/authorization_statement.cc
+    cql3/statements/batch_statement.cc
+    cql3/statements/cas_request.cc
+    cql3/statements/cf_prop_defs.cc
+    cql3/statements/cf_statement.cc
+    cql3/statements/create_function_statement.cc
+    cql3/statements/create_index_statement.cc
+    cql3/statements/create_keyspace_statement.cc
+    cql3/statements/create_table_statement.cc
+    cql3/statements/create_type_statement.cc
+    cql3/statements/create_view_statement.cc
+    cql3/statements/delete_statement.cc
+    cql3/statements/drop_function_statement.cc
+    cql3/statements/drop_index_statement.cc
+    cql3/statements/drop_keyspace_statement.cc
+    cql3/statements/drop_table_statement.cc
+    cql3/statements/drop_type_statement.cc
+    cql3/statements/drop_view_statement.cc
+    cql3/statements/function_statement.cc
+    cql3/statements/grant_statement.cc
+    cql3/statements/index_prop_defs.cc
+    cql3/statements/index_target.cc
+    cql3/statements/ks_prop_defs.cc
+    cql3/statements/list_permissions_statement.cc
+    cql3/statements/list_users_statement.cc
+    cql3/statements/modification_statement.cc
+    cql3/statements/permission_altering_statement.cc
+    cql3/statements/property_definitions.cc
+    cql3/statements/raw/parsed_statement.cc
+    cql3/statements/revoke_statement.cc
+    cql3/statements/role-management-statements.cc
+    cql3/statements/schema_altering_statement.cc
+    cql3/statements/select_statement.cc
+    cql3/statements/truncate_statement.cc
+    cql3/statements/update_statement.cc
+    cql3/statements/use_statement.cc
+    cql3/token_relation.cc
+    cql3/tuples.cc
+    cql3/type_json.cc
+    cql3/untyped_result_set.cc
+    cql3/update_parameters.cc
+    cql3/user_types.cc
+    cql3/ut_name.cc
+    cql3/util.cc
+    cql3/values.cc
+    cql3/variable_specifications.cc
+    data/cell.cc
+    database.cc
+    db/batchlog_manager.cc
+    db/commitlog/commitlog.cc
+    db/commitlog/commitlog_entry.cc
+    db/commitlog/commitlog_replayer.cc
+    db/config.cc
+    db/consistency_level.cc
+    db/cql_type_parser.cc
+    db/data_listeners.cc
+    db/extensions.cc
+    db/heat_load_balance.cc
+    db/hints/manager.cc
+    db/hints/resource_manager.cc
+    db/large_data_handler.cc
+    db/legacy_schema_migrator.cc
+    db/marshal/type_parser.cc
+    db/schema_tables.cc
+    db/size_estimates_virtual_reader.cc
+    db/snapshot-ctl.cc
+    db/sstables-format-selector.cc
+    db/system_distributed_keyspace.cc
+    db/system_keyspace.cc
+    db/view/row_locking.cc
+    db/view/view.cc
+    db/view/view_update_generator.cc
+    dht/boot_strapper.cc
+    dht/i_partitioner.cc
+    dht/murmur3_partitioner.cc
+    dht/range_streamer.cc
+    dht/token.cc
+    distributed_loader.cc
+    duration.cc
+    exceptions/exceptions.cc
+    flat_mutation_reader.cc
+    frozen_mutation.cc
+    frozen_schema.cc
+    gms/application_state.cc
+    gms/endpoint_state.cc
+    gms/failure_detector.cc
+    gms/feature_service.cc
+    gms/gossip_digest_ack.cc
+    gms/gossip_digest_ack2.cc
+    gms/gossip_digest_syn.cc
+    gms/gossiper.cc
+    gms/inet_address.cc
+    gms/version_generator.cc
+    gms/versioned_value.cc
+    hashers.cc
+    index/secondary_index.cc
+    index/secondary_index_manager.cc
+    init.cc
+    keys.cc
+    lister.cc
+    locator/abstract_replication_strategy.cc
+    locator/ec2_multi_region_snitch.cc
+    locator/ec2_snitch.cc
+    locator/everywhere_replication_strategy.cc
+    locator/gce_snitch.cc
+    locator/gossiping_property_file_snitch.cc
+    locator/local_strategy.cc
+    locator/network_topology_strategy.cc
+    locator/production_snitch_base.cc
+    locator/rack_inferring_snitch.cc
+    locator/simple_snitch.cc
+    locator/simple_strategy.cc
+    locator/snitch_base.cc
+    locator/token_metadata.cc
+    lua.cc
+    main.cc
+    memtable.cc
+    message/messaging_service.cc
+    multishard_mutation_query.cc
+    mutation.cc
+    raft/fsm.cc
+    raft/log.cc
+    raft/progress.cc
+    raft/raft.cc
+    raft/server.cc
+    mutation_fragment.cc
+    mutation_partition.cc
+    mutation_partition_serializer.cc
+    mutation_partition_view.cc
+    mutation_query.cc
+    mutation_reader.cc
+    mutation_writer/multishard_writer.cc
+    mutation_writer/shard_based_splitting_writer.cc
+    mutation_writer/timestamp_based_splitting_writer.cc
+    mutation_writer/feed_writers.cc
+    partition_slice_builder.cc
+    partition_version.cc
+    querier.cc
+    query-result-set.cc
+    query.cc
+    range_tombstone.cc
+    range_tombstone_list.cc
+    reader_concurrency_semaphore.cc
+    redis/abstract_command.cc
+    redis/command_factory.cc
+    redis/commands.cc
+    redis/keyspace_utils.cc
+    redis/lolwut.cc
+    redis/mutation_utils.cc
+    redis/options.cc
+    redis/query_processor.cc
+    redis/query_utils.cc
+    redis/server.cc
+    redis/service.cc
+    redis/stats.cc
+    repair/repair.cc
+    repair/row_level.cc
+    row_cache.cc
+    schema.cc
+    schema_mutations.cc
+    schema_registry.cc
+    service/client_state.cc
+    service/migration_manager.cc
+    service/migration_task.cc
+    service/misc_services.cc
+    service/pager/paging_state.cc
+    service/pager/query_pagers.cc
+    service/paxos/paxos_state.cc
+    service/paxos/prepare_response.cc
+    service/paxos/prepare_summary.cc
+    service/paxos/proposal.cc
+    service/priority_manager.cc
+    service/storage_proxy.cc
+    service/storage_service.cc
+    sstables/compaction.cc
+    sstables/compaction_manager.cc
+    sstables/compaction_strategy.cc
+    sstables/compress.cc
+    sstables/integrity_checked_file_impl.cc
+    sstables/kl/writer.cc
+    sstables/leveled_compaction_strategy.cc
+    sstables/m_format_read_helpers.cc
+    sstables/metadata_collector.cc
+    sstables/mp_row_consumer.cc
+    sstables/mx/writer.cc
+    sstables/partition.cc
+    sstables/prepended_input_stream.cc
+    sstables/random_access_reader.cc
+    sstables/size_tiered_compaction_strategy.cc
+    sstables/sstable_directory.cc
+    sstables/sstable_version.cc
+    sstables/sstables.cc
+    sstables/sstables_manager.cc
+    sstables/time_window_compaction_strategy.cc
+    sstables/writer.cc
+    streaming/progress_info.cc
+    streaming/session_info.cc
+    streaming/stream_coordinator.cc
+    streaming/stream_manager.cc
+    streaming/stream_plan.cc
+    streaming/stream_reason.cc
+    streaming/stream_receive_task.cc
+    streaming/stream_request.cc
+    streaming/stream_result_future.cc
+    streaming/stream_session.cc
+    streaming/stream_session_state.cc
+    streaming/stream_summary.cc
+    streaming/stream_task.cc
+    streaming/stream_transfer_task.cc
+    table.cc
+    table_helper.cc
+    thrift/controller.cc
+    thrift/handler.cc
+    thrift/server.cc
+    thrift/thrift_validation.cc
+    timeout_config.cc
+    tracing/trace_keyspace_helper.cc
+    tracing/trace_state.cc
+    tracing/traced_file.cc
+    tracing/tracing.cc
+    tracing/tracing_backend_registry.cc
+    transport/controller.cc
+    transport/cql_protocol_extension.cc
+    transport/event.cc
+    transport/event_notifier.cc
+    transport/messages/result_message.cc
+    transport/server.cc
+    types.cc
+    unimplemented.cc
+    utils/UUID_gen.cc
+    utils/arch/powerpc/crc32-vpmsum/crc32_wrapper.cc
+    utils/array-search.cc
+    utils/ascii.cc
+    utils/big_decimal.cc
+    utils/bloom_calculations.cc
+    utils/bloom_filter.cc
+    utils/buffer_input_stream.cc
+    utils/build_id.cc
+    utils/config_file.cc
+    utils/directories.cc
+    utils/disk-error-handler.cc
+    utils/dynamic_bitset.cc
+    utils/error_injection.cc
+    utils/exceptions.cc
+    utils/file_lock.cc
+    utils/generation-number.cc
+    utils/gz/crc_combine.cc
+    utils/human_readable.cc
+    utils/i_filter.cc
+    utils/large_bitset.cc
+    utils/like_matcher.cc
+    utils/limiting_data_source.cc
+    utils/logalloc.cc
+    utils/managed_bytes.cc
+    utils/multiprecision_int.cc
+    utils/murmur_hash.cc
+    utils/rate_limiter.cc
+    utils/rjson.cc
+    utils/runtime.cc
+    utils/updateable_value.cc
+    utils/utf8.cc
+    utils/uuid.cc
+    validation.cc
+    vint-serialization.cc
+    zstd.cc
+    release.cc)
+
+set(scylla_gen_sources
+    "${scylla_thrift_gen_cassandra_files}"
+    "${scylla_ragel_gen_protocol_parser_file}"
+    "${swagger_gen_files}"
+    "${idl_gen_files}"
+    "${antlr3_gen_files}")
 
 add_executable(scylla
-        ${SEASTAR_SOURCE_FILES}
-        ${SCYLLA_SOURCE_FILES})
+    ${scylla_sources}
+    ${scylla_gen_sources})
 
-# If the Seastar pkg-config information is available, append to the default flags.
-#
-# For ease of browsing the source code, we always pretend that DPDK is enabled.
-target_compile_options(scylla PUBLIC
-        -std=gnu++20
-        -DHAVE_DPDK
-        -DHAVE_HWLOC
-        "${SEASTAR_CFLAGS}")
+target_link_libraries(scylla PRIVATE
+    seastar
+    # Boost dependencies
+    Boost::filesystem
+    Boost::program_options
+    Boost::system
+    Boost::thread
+    Boost::regex
+    Boost::headers
+    # Abseil libs
+    absl::hashtablez_sampler
+    absl::raw_hash_set
+    absl::synchronization
+    absl::graphcycles_internal
+    absl::stacktrace
+    absl::symbolize
+    absl::debugging_internal
+    absl::demangle_internal
+    absl::time
+    absl::time_zone
+    absl::int128
+    absl::city
+    absl::hash
+    absl::malloc_internal
+    absl::spinlock_wait
+    absl::base
+    absl::dynamic_annotations
+    absl::raw_logging_internal
+    absl::exponential_biased
+    absl::throw_delegate
+    # System libs
+    ZLIB::ZLIB
+    ICU::uc
+    systemd
+    zstd
+    snappy
+    ${LUA_LIBRARIES}
+    thrift
+    crypt)
 
-# The order matters here: prefer the "static" DPDK directories to any dynamic paths from pkg-config. Some files are only
-# available dynamically, though.
-target_include_directories(scylla PUBLIC
-        .
-        ${SEASTAR_DPDK_INCLUDE_DIRS}
-        ${SEASTAR_INCLUDE_DIRS}
-        ${Boost_INCLUDE_DIRS}
-        xxhash
-        libdeflate
-        build/${BUILD_TYPE}/gen)
+target_link_libraries(scylla PRIVATE
+    -Wl,--build-id=sha1 # Force SHA1 build-id generation
+    # TODO: Use lld linker if it's available, otherwise gold, else bfd
+    -fuse-ld=lld)
+# TODO: patch dynamic linker to match configure.py behavior
+
+target_compile_options(scylla PRIVATE
+    -std=gnu++20
+    -fcoroutines # TODO: Clang does not have this flag, adjust to both variants
+    ${target_arch_flag})
+# Hacks needed to expose internal APIs for xxhash dependencies
+target_compile_definitions(scylla PRIVATE XXH_PRIVATE_API HAVE_LZ4_COMPRESS_DEFAULT)
+
+target_include_directories(scylla PRIVATE
+    "${CMAKE_CURRENT_SOURCE_DIR}"
+    libdeflate
+    abseil
+    "${scylla_gen_build_dir}")
+
+###
+### Create crc_combine_table helper executable.
+### Use it to generate crc_combine_table.cc to be used in scylla at build time.
+###
+add_executable(crc_combine_table utils/gz/gen_crc_combine_table.cc)
+target_link_libraries(crc_combine_table PRIVATE seastar)
+target_include_directories(crc_combine_table PRIVATE "${CMAKE_CURRENT_SOURCE_DIR}")
+target_compile_options(crc_combine_table PRIVATE
+    -std=gnu++20
+    -fcoroutines
+    ${target_arch_flag})
+add_dependencies(scylla crc_combine_table)
+
+# Generate an additional source file at build time that is needed for Scylla compilation
+add_custom_command(OUTPUT "${scylla_gen_build_dir}/utils/gz/crc_combine_table.cc"
+    COMMAND $<TARGET_FILE:crc_combine_table> > "${scylla_gen_build_dir}/utils/gz/crc_combine_table.cc"
+    DEPENDS crc_combine_table)
+target_sources(scylla PRIVATE "${scylla_gen_build_dir}/utils/gz/crc_combine_table.cc")
+
+###
+### Generate version file and supply appropriate compile definitions for release.cc
+###
+execute_process(COMMAND ${CMAKE_SOURCE_DIR}/SCYLLA-VERSION-GEN RESULT_VARIABLE scylla_version_gen_res)
+if(scylla_version_gen_res)
+    message(SEND_ERROR "Version file generation failed. Return code: ${scylla_version_gen_res}")
+endif()
+
+file(READ build/SCYLLA-VERSION-FILE scylla_version)
+string(STRIP "${scylla_version}" scylla_version)
+
+file(READ build/SCYLLA-RELEASE-FILE scylla_release)
+string(STRIP "${scylla_release}" scylla_release)
+
+get_property(release_cdefs SOURCE "${CMAKE_SOURCE_DIR}/release.cc" PROPERTY COMPILE_DEFINITIONS)
+list(APPEND release_cdefs "SCYLLA_VERSION=\"${scylla_version}\"" "SCYLLA_RELEASE=\"${scylla_release}\"")
+set_source_files_properties("${CMAKE_SOURCE_DIR}/release.cc" PROPERTIES COMPILE_DEFINITIONS "${release_cdefs}")
+
+###
+### Custom command for building libdeflate. Link the library to scylla.
+###
+set(libdeflate_lib "${scylla_build_dir}/libdeflate/libdeflate.a")
+add_custom_command(OUTPUT "${libdeflate_lib}"
+    COMMAND make -C libdeflate
+        BUILD_DIR=../build/${BUILD_TYPE}/libdeflate/
+        CC=${CMAKE_C_COMPILER}
+        "CFLAGS=${target_arch_flag}"
+        ../build/${BUILD_TYPE}/libdeflate//libdeflate.a) # Two backslashes are important!
+# Hack to force generating custom command to produce libdeflate.a
+add_custom_target(libdeflate DEPENDS "${libdeflate_lib}")
+target_link_libraries(scylla PRIVATE "${libdeflate_lib}")
+
+# TODO: create cmake/ directory and move utilities (generate functions etc) there
+# TODO: Build tests if BUILD_TESTING=on (using CTest module)

CONTRIBUTING.md

@@ -1,11 +1,18 @@
-# Asking questions or requesting help
+# Contributing to Scylla
 
-Use the [ScyllaDB user mailing list](https://groups.google.com/forum/#!forum/scylladb-users) or the [Slack workspace](http://slack.scylladb.com) for general questions and help.
+## Asking questions or requesting help
 
-# Reporting an issue
+Use the [Scylla Users mailing list](https://groups.google.com/g/scylladb-users) or the [Slack workspace](http://slack.scylladb.com) for general questions and help.
 
-Please use the [Issue Tracker](https://github.com/scylladb/scylla/issues/) to report issues.  Fill in as much information as you can in the issue template, especially for performance problems.
+Join the [Scylla Developers mailing list](https://groups.google.com/g/scylladb-dev) for deeper technical discussions and to discuss your ideas for contributions.
 
-# Contributing Code to Scylla
+## Reporting an issue
 
-To contribute code to Scylla, you need to sign the [Contributor License Agreement](https://www.scylladb.com/open-source/contributor-agreement/) and send your changes as [patches](https://github.com/scylladb/scylla/wiki/Formatting-and-sending-patches) to the [mailing list](https://groups.google.com/forum/#!forum/scylladb-dev). We don't accept pull requests on GitHub.
+Please use the [issue tracker](https://github.com/scylladb/scylla/issues/) to report issues or to suggest features. Fill in as much information as you can in the issue template, especially for performance problems.
+
+## Contributing code to Scylla
+
+Before you can contribute code to Scylla for the first time, you should sign the [Contributor License Agreement](https://www.scylladb.com/open-source/contributor-agreement/) and send the signed form cla@scylladb.com. You can then submit your changes as patches to the to the [scylladb-dev mailing list](https://groups.google.com/forum/#!forum/scylladb-dev) or as a pull request to the [Scylla project on github](https://github.com/scylladb/scylla).
+If you need help formatting or sending patches, [check out these instructions](https://github.com/scylladb/scylla/wiki/Formatting-and-sending-patches).
+
+The Scylla C++ source code uses the [Seastar coding style](https://github.com/scylladb/seastar/blob/master/coding-style.md) so please adhere to that in your patches. Note that Scylla code is written with `using namespace seastar`, so should not explicitly add the `seastar::` prefix to Seastar symbols. You will usually not need to add `using namespace seastar` to new source files, because most Scylla header files have `#include "seastarx.hh"`, which does this.

DEDICATION.txt

@@ -0,0 +1 @@
+Dedicated to the memory of Alberto José Araújo, a coworker and a friend.

MAINTAINERS

@@ -1,114 +0,0 @@
-M: Maintainer with commit access
-R: Reviewer with subsystem expertise
-F: Filename, directory, or pattern for the subsystem
-
----
-
-AUTH
-R: Calle Wilund <calle@scylladb.com>
-R: Vlad Zolotarov <vladz@scylladb.com>
-R: Jesse Haber-Kucharsky <jhaberku@scylladb.com>
-F: auth/*
-
-CACHE
-M: Tomasz Grabiec <tgrabiec@scylladb.com>
-R: Piotr Jastrzebski <piotr@scylladb.com>
-F: row_cache*
-F: *mutation*
-F: tests/mvcc*
-
-COMMITLOG / BATCHLOGa
-R: Calle Wilund <calle@scylladb.com>
-F: db/commitlog/*
-F: db/batch*
-
-COORDINATOR
-R: Gleb Natapov <gleb@scylladb.com>
-F: service/storage_proxy*
-
-COMPACTION
-R: Raphael S. Carvalho <raphaelsc@scylladb.com>
-R: Glauber Costa <glauber@scylladb.com>
-R: Nadav Har'El <nyh@scylladb.com>
-F: sstables/compaction*
-
-CQL TRANSPORT LAYER
-M: Pekka Enberg <penberg@scylladb.com>
-F: transport/*
-
-CQL QUERY LANGUAGE
-M: Tomasz Grabiec <tgrabiec@scylladb.com>
-M: Pekka Enberg <penberg@scylladb.com>
-F: cql3/*
-
-COUNTERS
-F: counters*
-F: tests/counter_test*
-
-GOSSIP
-M: Tomasz Grabiec <tgrabiec@scylladb.com>
-R: Asias He <asias@scylladb.com>
-F: gms/*
-
-DOCKER
-M: Pekka Enberg <penberg@scylladb.com>
-F: dist/docker/*
-
-LSA
-M: Tomasz Grabiec <tgrabiec@scylladb.com>
-F: utils/logalloc*
-
-MATERIALIZED VIEWS
-M: Pekka Enberg <penberg@scylladb.com>
-M: Nadav Har'El <nyh@scylladb.com>
-F: db/view/*
-F: cql3/statements/*view*
-
-PACKAGING
-R: Takuya ASADA <syuu@scylladb.com>
-F: dist/*
-
-REPAIR
-M: Tomasz Grabiec <tgrabiec@scylladb.com>
-R: Asias He <asias@scylladb.com>
-R: Nadav Har'El <nyh@scylladb.com>
-F: repair/*
-
-SCHEMA MANAGEMENT
-M: Tomasz Grabiec <tgrabiec@scylladb.com>
-M: Pekka Enberg <penberg@scylladb.com>
-F: db/schema_tables*
-F: db/legacy_schema_migrator*
-F: service/migration*
-F: schema*
-
-SECONDARY INDEXES
-M: Pekka Enberg <penberg@scylladb.com>
-M: Nadav Har'El <nyh@scylladb.com>
-R: Pekka Enberg <penberg@scylladb.com>
-F: db/index/*
-F: cql3/statements/*index*
-
-SSTABLES
-M: Tomasz Grabiec <tgrabiec@scylladb.com>
-R: Raphael S. Carvalho <raphaelsc@scylladb.com>
-R: Glauber Costa <glauber@scylladb.com>
-R: Nadav Har'El <nyh@scylladb.com>
-F: sstables/*
-
-STREAMING
-M: Tomasz Grabiec <tgrabiec@scylladb.com>
-R: Asias He <asias@scylladb.com>
-F: streaming/*
-F: service/storage_service.*
-
-ALTERNATOR
-M: Nadav Har'El <nyh@scylladb.com>
-F: alternator/*
-F: alternator-test/*
-
-THE REST
-M: Avi Kivity <avi@scylladb.com>
-M: Tomasz Grabiec <tgrabiec@scylladb.com>
-M: Nadav Har'El <nyh@scylladb.com>
-F: *

NOTICE.txt

@@ -5,3 +5,5 @@ It includes files from https://github.com/antonblanchard/crc32-vpmsum (author An
 These files are located in utils/arch/powerpc/crc32-vpmsum. Their license may be found in licenses/LICENSE-crc32-vpmsum.TXT.
 
 It includes modified code from https://gitbox.apache.org/repos/asf?p=cassandra-dtest.git (owned by The Apache Software Foundation)
+
+It includes modified tests from https://github.com/etcd-io/etcd.git (owned by The etcd Authors)

README.md

@@ -1,64 +1,84 @@
 # Scylla
 
-## Quick-start
+[![Slack](https://img.shields.io/badge/slack-scylla-brightgreen.svg?logo=slack)](http://slack.scylladb.com)
+[![Twitter](https://img.shields.io/twitter/follow/ScyllaDB.svg?style=social&label=Follow)](https://twitter.com/intent/follow?screen_name=ScyllaDB)
+
+## What is Scylla?
+
+Scylla is the real-time big data database that is API-compatible with Apache Cassandra and Amazon DynamoDB.
+Scylla embraces a shared-nothing approach that increases throughput and storage capacity to realize order-of-magnitude performance improvements and reduce hardware costs.
+
+For more information, please see the [ScyllaDB web site].
+
+[ScyllaDB web site]: https://www.scylladb.com
+
+## Build Prerequisites
 
 Scylla is fairly fussy about its build environment, requiring very recent
 versions of the C++20 compiler and of many libraries to build. The document
 [HACKING.md](HACKING.md) includes detailed information on building and
 developing Scylla, but to get Scylla building quickly on (almost) any build
-machine, Scylla offers offers a [frozen toolchain](tools/toolchain/README.md),
+machine, Scylla offers a [frozen toolchain](tools/toolchain/README.md),
 This is a pre-configured Docker image which includes recent versions of all
 the required compilers, libraries and build tools. Using the frozen toolchain
 allows you to avoid changing anything in your build machine to meet Scylla's
 requirements - you just need to meet the frozen toolchain's prerequisites
 (mostly, Docker or Podman being available).
 
-Building and running Scylla with the frozen toolchain is as easy as:
+## Building Scylla
+
+Building Scylla with the frozen toolchain `dbuild` is as easy as:
 
 ```bash
-$ ./tools/toolchain/dbuild ./configure.py
-$ ./tools/toolchain/dbuild ninja build/release/scylla
-$ ./tools/toolchain/dbuild ./build/release/scylla --developer-mode 1
+$ git submodule update --init --force --recursive
+$ ./tools/toolchain/dbuild ./configure.py
+$ ./tools/toolchain/dbuild ninja build/release/scylla
 ```
 
+For further information, please see:
+
+* [Developer documentation] for more information on building Scylla.
+* [Build documentation] on how to build Scylla binaries, tests, and packages.
+* [Docker image build documentation] for information on how to build Docker images.
+
+[developer documentation]: HACKING.md
+[build documentation]: docs/guides/building.md
+[docker image build documentation]: dist/docker/redhat/README.md
+
 ## Running Scylla
 
-* Run Scylla
-```
-./build/release/scylla
+To start Scylla server, run:
 
+```bash
+$ ./tools/toolchain/dbuild ./build/release/scylla --workdir tmp --smp 1 --developer-mode 1
 ```
 
-* run Scylla with one CPU and ./tmp as work directory
+This will start a Scylla node with one CPU core allocated to it and data files stored in the `tmp` directory.
+The `--developer-mode` is needed to disable the various checks Scylla performs at startup to ensure the machine is configured for maximum performance (not relevant on development workstations).
+Please note that you need to run Scylla with `dbuild` if you built it with the frozen toolchain.
 
-```
-./build/release/scylla --workdir tmp --smp 1
-```
+For more run options, run:
 
-* For more run options:
-```
-./build/release/scylla --help
+```bash
+$ ./tools/toolchain/dbuild ./build/release/scylla --help
 ```
 
 ## Testing
 
-See [test.py manual](docs/testing.md).
+See [test.py manual](docs/guides/testing.md).
 
 ## Scylla APIs and compatibility
 By default, Scylla is compatible with Apache Cassandra and its APIs - CQL and
-Thrift. There is also experimental support for the API of Amazon DynamoDB,
-but being experimental it needs to be explicitly enabled to be used. For more
-information on how to enable the experimental DynamoDB compatibility in Scylla,
-and the current limitations of this feature, see
+Thrift. There is also support for the API of Amazon DynamoDB™,
+which needs to be enabled and configured in order to be used. For more
+information on how to enable the DynamoDB™ API in Scylla,
+and the current compatibility of this feature as well as Scylla-specific extensions, see
 [Alternator](docs/alternator/alternator.md) and
 [Getting started with Alternator](docs/alternator/getting-started.md).
 
 ## Documentation
 
-Documentation can be found in [./docs](./docs) and on the
-[wiki](https://github.com/scylladb/scylla/wiki). There is currently no clear
-definition of what goes where, so when looking for something be sure to check
-both.
+Documentation can be found [here](https://scylla.docs.scylladb.com).
 Seastar documentation can be found [here](http://docs.seastar.io/master/index.html).
 User documentation can be found [here](https://docs.scylladb.com/).
 
@@ -69,27 +89,22 @@ The courses are free, self-paced and include hands-on examples. They cover a var
 administration, architecture, basic NoSQL concepts, using drivers for application development, Scylla setup, failover, compactions, 
 multi-datacenters and how Scylla integrates with third-party applications.
 
-## Building a CentOS-based Docker image
-
-Build a Docker image with:
-
-```
-cd dist/docker/redhat
-docker build -t <image-name> .
-```
-
-This build is based on executables downloaded from downloads.scylladb.com,
-**not** on the executables built in this source directory. See further
-instructions in dist/docker/redhat/README.md to build a docker image from
-your own executables.
-
-Run the image with:
-
-```
-docker run -p $(hostname -i):9042:9042 -i -t <image name>
-```
-
 ## Contributing to Scylla
 
-[Hacking howto](HACKING.md)
-[Guidelines for contributing](CONTRIBUTING.md)
+If you want to report a bug or submit a pull request or a patch, please read the [contribution guidelines].
+
+If you are a developer working on Scylla, please read the [developer guidelines].
+
+[contribution guidelines]: CONTRIBUTING.md
+[developer guidelines]: HACKING.md
+
+## Contact
+
+* The [users mailing list] and [Slack channel] are for users to discuss configuration, management, and operations of the ScyllaDB open source.
+* The [developers mailing list] is for developers and people interested in following the development of ScyllaDB to discuss technical topics.
+
+[Users mailing list]: https://groups.google.com/forum/#!forum/scylladb-users
+
+[Slack channel]: http://slack.scylladb.com/
+
+[Developers mailing list]: https://groups.google.com/forum/#!forum/scylladb-dev

SCYLLA-VERSION-GEN

@@ -1,7 +1,7 @@
 #!/bin/sh
 
 PRODUCT=scylla
-VERSION=666.development
+VERSION=4.5.7
 
 if test -f version
 then

alternator/auth.cc

@@ -62,6 +62,14 @@ static std::string apply_sha256(std::string_view msg) {
     return to_hex(hasher.finalize());
 }
 
+static std::string apply_sha256(const std::vector<temporary_buffer<char>>& msg) {
+    sha256_hasher hasher;
+    for (const temporary_buffer<char>& buf : msg) {
+        hasher.update(buf.get(), buf.size());
+    }
+    return to_hex(hasher.finalize());
+}
+
 static std::string format_time_point(db_clock::time_point tp) {
     time_t time_point_repr = db_clock::to_time_t(tp);
     std::string time_point_str;
@@ -78,12 +86,12 @@ void check_expiry(std::string_view signature_date) {
     std::string expiration_str = format_time_point(db_clock::now() - 15min);
     std::string validity_str = format_time_point(db_clock::now() + 15min);
     if (signature_date < expiration_str) {
-        throw api_error("InvalidSignatureException",
+        throw api_error::invalid_signature(
                 fmt::format("Signature expired: {} is now earlier than {} (current time - 15 min.)",
                 signature_date, expiration_str));
     }
     if (signature_date > validity_str) {
-        throw api_error("InvalidSignatureException",
+        throw api_error::invalid_signature(
                 fmt::format("Signature not yet current: {} is still later than {} (current time + 15 min.)",
                 signature_date, validity_str));
     }
@@ -91,16 +99,16 @@ void check_expiry(std::string_view signature_date) {
 
 std::string get_signature(std::string_view access_key_id, std::string_view secret_access_key, std::string_view host, std::string_view method,
         std::string_view orig_datestamp, std::string_view signed_headers_str, const std::map<std::string_view, std::string_view>& signed_headers_map,
-        std::string_view body_content, std::string_view region, std::string_view service, std::string_view query_string) {
+        const std::vector<temporary_buffer<char>>& body_content, std::string_view region, std::string_view service, std::string_view query_string) {
     auto amz_date_it = signed_headers_map.find("x-amz-date");
     if (amz_date_it == signed_headers_map.end()) {
-        throw api_error("InvalidSignatureException", "X-Amz-Date header is mandatory for signature verification");
+        throw api_error::invalid_signature("X-Amz-Date header is mandatory for signature verification");
     }
     std::string_view amz_date = amz_date_it->second;
     check_expiry(amz_date);
     std::string_view datestamp = amz_date.substr(0, 8);
     if (datestamp != orig_datestamp) {
-        throw api_error("InvalidSignatureException",
+        throw api_error::invalid_signature(
                 format("X-Amz-Date date does not match the provided datestamp. Expected {}, got {}",
                         orig_datestamp, datestamp));
     }
@@ -126,19 +134,18 @@ std::string get_signature(std::string_view access_key_id, std::string_view secre
 
 future<std::string> get_key_from_roles(cql3::query_processor& qp, std::string username) {
     static const sstring query = format("SELECT salted_hash FROM {} WHERE {} = ?",
-            auth::meta::roles_table::qualified_name(), auth::meta::roles_table::role_col_name);
+            auth::meta::roles_table::qualified_name, auth::meta::roles_table::role_col_name);
 
     auto cl = auth::password_authenticator::consistency_for_user(username);
-    auto timeout = auth::internal_distributed_timeout_config();
-    return qp.execute_internal(query, cl, timeout, {sstring(username)}, true).then_wrapped([username = std::move(username)] (future<::shared_ptr<cql3::untyped_result_set>> f) {
+    return qp.execute_internal(query, cl, auth::internal_distributed_query_state(), {sstring(username)}, true).then_wrapped([username = std::move(username)] (future<::shared_ptr<cql3::untyped_result_set>> f) {
         auto res = f.get0();
         auto salted_hash = std::optional<sstring>();
         if (res->empty()) {
-            throw api_error("UnrecognizedClientException", fmt::format("User not found: {}", username));
+            throw api_error::unrecognized_client(fmt::format("User not found: {}", username));
         }
         salted_hash = res->one().get_opt<sstring>("salted_hash");
         if (!salted_hash) {
-            throw api_error("UnrecognizedClientException", fmt::format("No password found for user: {}", username));
+            throw api_error::unrecognized_client(fmt::format("No password found for user: {}", username));
         }
         return make_ready_future<std::string>(*salted_hash);
     });

alternator/auth.hh

@@ -39,7 +39,7 @@ using key_cache = utils::loading_cache<std::string, std::string>;
 
 std::string get_signature(std::string_view access_key_id, std::string_view secret_access_key, std::string_view host, std::string_view method,
         std::string_view orig_datestamp, std::string_view signed_headers_str, const std::map<std::string_view, std::string_view>& signed_headers_map,
-        std::string_view body_content, std::string_view region, std::string_view service, std::string_view query_string);
+        const std::vector<temporary_buffer<char>>& body_content, std::string_view region, std::string_view service, std::string_view query_string);
 
 future<std::string> get_key_from_roles(cql3::query_processor& qp, std::string username);
 

alternator/base64.cc

@@ -32,13 +32,13 @@
 // and the character used in base64 encoding to represent it.
 static class base64_chars {
 public:
-    static constexpr const char* to =
+    static constexpr const char to[] =
             "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/";
     int8_t from[255];
     base64_chars() {
-        static_assert(strlen(to) == 64);
+        static_assert(sizeof(to) == 64 + 1);
         for (int i = 0; i < 255; i++) {
-            from[i] = 255; // signal invalid character
+            from[i] = -1; // signal invalid character
         }
         for (int i = 0; i < 64; i++) {
             from[(unsigned) to[i]] = i;

alternator/base64.hh

@@ -23,7 +23,7 @@
 
 #include <string_view>
 #include "bytes.hh"
-#include "rjson.hh"
+#include "utils/rjson.hh"
 
 std::string base64_encode(bytes_view);
 

alternator/conditions.cc

@@ -26,7 +26,7 @@
 #include "alternator/error.hh"
 #include "cql3/constants.hh"
 #include <unordered_map>
-#include "rjson.hh"
+#include "utils/rjson.hh"
 #include "serialization.hh"
 #include "base64.hh"
 #include <stdexcept>
@@ -57,12 +57,12 @@ comparison_operator_type get_comparison_operator(const rjson::value& comparison_
             {"NOT_CONTAINS", comparison_operator_type::NOT_CONTAINS},
     };
     if (!comparison_operator.IsString()) {
-        throw api_error("ValidationException", format("Invalid comparison operator definition {}", rjson::print(comparison_operator)));
+        throw api_error::validation(format("Invalid comparison operator definition {}", rjson::print(comparison_operator)));
     }
     std::string op = comparison_operator.GetString();
     auto it = ops.find(op);
     if (it == ops.end()) {
-        throw api_error("ValidationException", format("Unsupported comparison operator {}", op));
+        throw api_error::validation(format("Unsupported comparison operator {}", op));
     }
     return it->second;
 }
@@ -98,11 +98,16 @@ struct nonempty : public size_check {
 
 // Check that array has the expected number of elements
 static void verify_operand_count(const rjson::value* array, const size_check& expected, const rjson::value& op) {
+    if (!array && expected(0)) {
+        // If expected() allows an empty AttributeValueList, it is also fine
+        // that it is missing.
+        return;
+    }
     if (!array || !array->IsArray()) {
-        throw api_error("ValidationException", "With ComparisonOperator, AttributeValueList must be given and an array");
+        throw api_error::validation("With ComparisonOperator, AttributeValueList must be given and an array");
     }
     if (!expected(array->Size())) {
-        throw api_error("ValidationException",
+        throw api_error::validation(
                         format("{} operator requires AttributeValueList {}, instead found list size {}",
                                op, expected.what(), array->Size()));
     }
@@ -118,7 +123,7 @@ struct rjson_engaged_ptr_comp {
 // as internally they're stored in an array, and the order of elements is
 // not important in set equality. See issue #5021
 static bool check_EQ_for_sets(const rjson::value& set1, const rjson::value& set2) {
-    if (set1.Size() != set2.Size()) {
+    if (!set1.IsArray() || !set2.IsArray() || set1.Size() != set2.Size()) {
         return false;
     }
     std::set<const rjson::value*, rjson_engaged_ptr_comp> set1_raw;
@@ -126,7 +131,40 @@ static bool check_EQ_for_sets(const rjson::value& set1, const rjson::value& set2
         set1_raw.insert(&*it);
     }
     for (const auto& a : set2.GetArray()) {
-        if (set1_raw.count(&a) == 0) {
+        if (!set1_raw.contains(&a)) {
+            return false;
+        }
+    }
+    return true;
+}
+// Moreover, the JSON being compared can be a nested document with outer
+// layers of lists and maps and some inner set - and we need to get to that
+// inner set to compare it correctly with check_EQ_for_sets() (issue #8514).
+static bool check_EQ(const rjson::value* v1, const rjson::value& v2);
+static bool check_EQ_for_lists(const rjson::value& list1, const rjson::value& list2) {
+    if (!list1.IsArray() || !list2.IsArray() || list1.Size() != list2.Size()) {
+        return false;
+    }
+    auto it1 = list1.Begin();
+    auto it2 = list2.Begin();
+    while (it1 != list1.End()) {
+        // Note: Alternator limits an item's depth (rjson::parse() limits
+        // it to around 37 levels), so this recursion is safe.
+        if (!check_EQ(&*it1, *it2)) {
+            return false;
+        }
+        ++it1;
+        ++it2;
+    }
+    return true;
+}
+static bool check_EQ_for_maps(const rjson::value& list1, const rjson::value& list2) {
+    if (!list1.IsObject() || !list2.IsObject() || list1.MemberCount() != list2.MemberCount()) {
+        return false;
+    }
+    for (auto it1 = list1.MemberBegin(); it1 != list1.MemberEnd(); ++it1) {
+        auto it2 = list2.FindMember(it1->name);
+        if (it2 == list2.MemberEnd() || !check_EQ(&it1->value, it2->value)) {
             return false;
         }
     }
@@ -135,42 +173,71 @@ static bool check_EQ_for_sets(const rjson::value& set1, const rjson::value& set2
 
 // Check if two JSON-encoded values match with the EQ relation
 static bool check_EQ(const rjson::value* v1, const rjson::value& v2) {
-    if (!v1) {
-        return false;
-    }
-    if (v1->IsObject() && v1->MemberCount() == 1 && v2.IsObject() && v2.MemberCount() == 1) {
+    if (v1 && v1->IsObject() && v1->MemberCount() == 1 && v2.IsObject() && v2.MemberCount() == 1) {
         auto it1 = v1->MemberBegin();
         auto it2 = v2.MemberBegin();
-        if ((it1->name == "SS" && it2->name == "SS") || (it1->name == "NS" && it2->name == "NS") || (it1->name == "BS" && it2->name == "BS")) {
-            return check_EQ_for_sets(it1->value, it2->value);
+        if (it1->name != it2->name) {
+            return false;
         }
+        if (it1->name == "SS" || it1->name == "NS" || it1->name == "BS") {
+            return check_EQ_for_sets(it1->value, it2->value);
+        } else if(it1->name == "L") {
+            return check_EQ_for_lists(it1->value, it2->value);
+        } else if(it1->name == "M") {
+            return check_EQ_for_maps(it1->value, it2->value);
+        } else {
+            // Other, non-nested types (number, string, etc.) can be compared
+            // literally, comparing their JSON representation.
+            return it1->value == it2->value;
+        }
+    } else {
+        // If v1 and/or v2 are missing (IsNull()) the result should be false.
+        // In the unlikely case that the object is malformed (issue #8070),
+        // let's also return false.
+        return false;
     }
-    return *v1 == v2;
 }
 
 // Check if two JSON-encoded values match with the NE relation
 static bool check_NE(const rjson::value* v1, const rjson::value& v2) {
-    return !v1 || *v1 != v2; // null is unequal to anything.
+    return !check_EQ(v1, v2);
 }
 
 // Check if two JSON-encoded values match with the BEGINS_WITH relation
-static bool check_BEGINS_WITH(const rjson::value* v1, const rjson::value& v2) {
-    // BEGINS_WITH requires that its single operand (v2) be a string or
-    // binary - otherwise it's a validation error. However, problems with
-    // the stored attribute (v1) will just return false (no match).
-    if (!v2.IsObject() || v2.MemberCount() != 1) {
-        throw api_error("ValidationException", format("BEGINS_WITH operator encountered malformed AttributeValue: {}", v2));
-    }
-    auto it2 = v2.MemberBegin();
-    if (it2->name != "S" && it2->name != "B") {
-        throw api_error("ValidationException", format("BEGINS_WITH operator requires String or Binary type in AttributeValue, got {}", it2->name));
-    }
-
-
+bool check_BEGINS_WITH(const rjson::value* v1, const rjson::value& v2,
+                       bool v1_from_query, bool v2_from_query) {
+    bool bad = false;
     if (!v1 || !v1->IsObject() || v1->MemberCount() != 1) {
+        if (v1_from_query) {
+            throw api_error::validation("begins_with() encountered malformed argument");
+        } else {
+            bad = true;
+        }
+    } else if (v1->MemberBegin()->name != "S" && v1->MemberBegin()->name != "B") {
+        if (v1_from_query) {
+            throw api_error::validation(format("begins_with supports only string or binary type, got: {}", *v1));
+        } else {
+            bad = true;
+        }
+    }
+    if (!v2.IsObject() || v2.MemberCount() != 1) {
+        if (v2_from_query) {
+            throw api_error::validation("begins_with() encountered malformed argument");
+        } else {
+            bad = true;
+        }
+    } else if (v2.MemberBegin()->name != "S" && v2.MemberBegin()->name != "B") {
+        if (v2_from_query) {
+            throw api_error::validation(format("begins_with() supports only string or binary type, got: {}", v2));
+        } else {
+            bad = true;
+        }
+    }
+    if (bad) {
         return false;
     }
     auto it1 = v1->MemberBegin();
+    auto it2 = v2.MemberBegin();
     if (it1->name != it2->name) {
         return false;
     }
@@ -228,12 +295,12 @@ static bool check_NOT_CONTAINS(const rjson::value* v1, const rjson::value& v2) {
 // Check if a JSON-encoded value equals any element of an array, which must have at least one element.
 static bool check_IN(const rjson::value* val, const rjson::value& array) {
     if (!array[0].IsObject() || array[0].MemberCount() != 1) {
-        throw api_error("ValidationException",
+        throw api_error::validation(
                         format("IN operator encountered malformed AttributeValue: {}", array[0]));
     }
     const auto& type = array[0].MemberBegin()->name;
     if (type != "S" && type != "N" && type != "B") {
-        throw api_error("ValidationException",
+        throw api_error::validation(
                         "IN operator requires AttributeValueList elements to be of type String, Number, or Binary ");
     }
     if (!val) {
@@ -242,7 +309,7 @@ static bool check_IN(const rjson::value* val, const rjson::value& array) {
     bool have_match = false;
     for (const auto& elem : array.GetArray()) {
         if (!elem.IsObject() || elem.MemberCount() != 1 || elem.MemberBegin()->name != type) {
-            throw api_error("ValidationException",
+            throw api_error::validation(
                             "IN operator requires all AttributeValueList elements to have the same type ");
         }
         if (!have_match && *val == elem) {
@@ -274,24 +341,40 @@ static bool check_NOT_NULL(const rjson::value* val) {
     return val != nullptr;
 }
 
+// Only types S, N or B (string, number or bytes) may be compared by the
+// various comparion operators - lt, le, gt, ge, and between.
+// Note that in particular, if the value is missing (v->IsNull()), this
+// check returns false.
+static bool check_comparable_type(const rjson::value& v) {
+    if (!v.IsObject() || v.MemberCount() != 1) {
+        return false;
+    }
+    const rjson::value& type = v.MemberBegin()->name;
+    return type == "S" || type == "N" || type == "B";
+}
+
 // Check if two JSON-encoded values match with cmp.
 template <typename Comparator>
-bool check_compare(const rjson::value* v1, const rjson::value& v2, const Comparator& cmp) {
-    if (!v2.IsObject() || v2.MemberCount() != 1) {
-        throw api_error("ValidationException",
-                        format("{} requires a single AttributeValue of type String, Number, or Binary",
-                               cmp.diagnostic));
+bool check_compare(const rjson::value* v1, const rjson::value& v2, const Comparator& cmp,
+                   bool v1_from_query, bool v2_from_query) {
+    bool bad = false;
+    if (!v1 || !check_comparable_type(*v1)) {
+        if (v1_from_query) {
+            throw api_error::validation(format("{} allow only the types String, Number, or Binary", cmp.diagnostic));
+        }
+        bad = true;
     }
-    const auto& kv2 = *v2.MemberBegin();
-    if (kv2.name != "S" && kv2.name != "N" && kv2.name != "B") {
-        throw api_error("ValidationException",
-                        format("{} requires a single AttributeValue of type String, Number, or Binary",
-                               cmp.diagnostic));
+    if (!check_comparable_type(v2)) {
+        if (v2_from_query) {
+            throw api_error::validation(format("{} allow only the types String, Number, or Binary", cmp.diagnostic));
+        }
+        bad = true;
     }
-    if (!v1 || !v1->IsObject() || v1->MemberCount() != 1) {
+    if (bad) {
         return false;
     }
     const auto& kv1 = *v1->MemberBegin();
+    const auto& kv2 = *v2.MemberBegin();
     if (kv1.name != kv2.name) {
         return false;
     }
@@ -305,7 +388,8 @@ bool check_compare(const rjson::value* v1, const rjson::value& v2, const Compara
     if (kv1.name == "B") {
         return cmp(base64_decode(kv1.value), base64_decode(kv2.value));
     }
-    clogger.error("check_compare panic: LHS type equals RHS type, but one is in {N,S,B} while the other isn't");
+    // cannot reach here, as check_comparable_type() verifies the type is one
+    // of the above options.
     return false;
 }
 
@@ -336,57 +420,71 @@ struct cmp_gt {
     static constexpr const char* diagnostic = "GT operator";
 };
 
-// True if v is between lb and ub, inclusive.  Throws if lb > ub.
+// True if v is between lb and ub, inclusive.  Throws or returns false
+// (depending on bounds_from_query parameter) if lb > ub.
 template <typename T>
-static bool check_BETWEEN(const T& v, const T& lb, const T& ub) {
+static bool check_BETWEEN(const T& v, const T& lb, const T& ub, bool bounds_from_query) {
     if (cmp_lt()(ub, lb)) {
-        throw api_error("ValidationException",
-                        format("BETWEEN operator requires lower_bound <= upper_bound, but {} > {}", lb, ub));
+        if (bounds_from_query) {
+            throw api_error::validation(
+                format("BETWEEN operator requires lower_bound <= upper_bound, but {} > {}", lb, ub));
+        } else {
+            return false;
+        }
     }
     return cmp_ge()(v, lb) && cmp_le()(v, ub);
 }
 
-static bool check_BETWEEN(const rjson::value* v, const rjson::value& lb, const rjson::value& ub) {
-    if (!v) {
+static bool check_BETWEEN(const rjson::value* v, const rjson::value& lb, const rjson::value& ub,
+                          bool v_from_query, bool lb_from_query, bool ub_from_query) {
+    if ((v && v_from_query && !check_comparable_type(*v)) ||
+        (lb_from_query && !check_comparable_type(lb)) ||
+        (ub_from_query && !check_comparable_type(ub))) {
+        throw api_error::validation("between allow only the types String, Number, or Binary");
+
+    }
+    if (!v || !v->IsObject() || v->MemberCount() != 1 ||
+        !lb.IsObject() || lb.MemberCount() != 1 ||
+        !ub.IsObject() || ub.MemberCount() != 1) {
         return false;
     }
-    if (!v->IsObject() || v->MemberCount() != 1) {
-        throw api_error("ValidationException", format("BETWEEN operator encountered malformed AttributeValue: {}", *v));
-    }
-    if (!lb.IsObject() || lb.MemberCount() != 1) {
-        throw api_error("ValidationException", format("BETWEEN operator encountered malformed AttributeValue: {}", lb));
-    }
-    if (!ub.IsObject() || ub.MemberCount() != 1) {
-        throw api_error("ValidationException", format("BETWEEN operator encountered malformed AttributeValue: {}", ub));
-    }
 
     const auto& kv_v = *v->MemberBegin();
     const auto& kv_lb = *lb.MemberBegin();
     const auto& kv_ub = *ub.MemberBegin();
+    bool bounds_from_query = lb_from_query && ub_from_query;
     if (kv_lb.name != kv_ub.name) {
-        throw api_error(
-                "ValidationException",
+        if (bounds_from_query) {
+           throw api_error::validation(
                 format("BETWEEN operator requires the same type for lower and upper bound; instead got {} and {}",
                        kv_lb.name, kv_ub.name));
+        } else {
+            return false;
+        }
     }
     if (kv_v.name != kv_lb.name) { // Cannot compare different types, so v is NOT between lb and ub.
         return false;
     }
     if (kv_v.name == "N") {
         const char* diag = "BETWEEN operator";
-        return check_BETWEEN(unwrap_number(*v, diag), unwrap_number(lb, diag), unwrap_number(ub, diag));
+        return check_BETWEEN(unwrap_number(*v, diag), unwrap_number(lb, diag), unwrap_number(ub, diag), bounds_from_query);
     }
     if (kv_v.name == "S") {
         return check_BETWEEN(std::string_view(kv_v.value.GetString(), kv_v.value.GetStringLength()),
                              std::string_view(kv_lb.value.GetString(), kv_lb.value.GetStringLength()),
-                             std::string_view(kv_ub.value.GetString(), kv_ub.value.GetStringLength()));
+                             std::string_view(kv_ub.value.GetString(), kv_ub.value.GetStringLength()),
+                             bounds_from_query);
     }
     if (kv_v.name == "B") {
-        return check_BETWEEN(base64_decode(kv_v.value), base64_decode(kv_lb.value), base64_decode(kv_ub.value));
+        return check_BETWEEN(base64_decode(kv_v.value), base64_decode(kv_lb.value), base64_decode(kv_ub.value), bounds_from_query);
     }
-    throw api_error("ValidationException",
-        format("BETWEEN operator requires AttributeValueList elements to be of type String, Number, or Binary; instead got {}",
+    if (v_from_query) {
+        throw api_error::validation(
+            format("BETWEEN operator requires AttributeValueList elements to be of type String, Number, or Binary; instead got {}",
                kv_lb.name));
+    } else {
+        return false;
+    }
 }
 
 // Verify one Expect condition on one attribute (whose content is "got")
@@ -404,24 +502,24 @@ static bool verify_expected_one(const rjson::value& condition, const rjson::valu
     // and requires a different combinations of parameters in the request
     if (value) {
         if (exists && (!exists->IsBool() || exists->GetBool() != true)) {
-            throw api_error("ValidationException", "Cannot combine Value with Exists!=true");
+            throw api_error::validation("Cannot combine Value with Exists!=true");
         }
         if (comparison_operator) {
-            throw api_error("ValidationException", "Cannot combine Value with ComparisonOperator");
+            throw api_error::validation("Cannot combine Value with ComparisonOperator");
         }
         return check_EQ(got, *value);
     } else if (exists) {
         if (comparison_operator) {
-            throw api_error("ValidationException", "Cannot combine Exists with ComparisonOperator");
+            throw api_error::validation("Cannot combine Exists with ComparisonOperator");
         }
         if (!exists->IsBool() || exists->GetBool() != false) {
-            throw api_error("ValidationException", "Exists!=false requires Value");
+            throw api_error::validation("Exists!=false requires Value");
         }
         // Remember Exists=false, so we're checking that the attribute does *not* exist:
         return !got;
     } else {
         if (!comparison_operator) {
-            throw api_error("ValidationException", "Missing ComparisonOperator, Value or Exists");
+            throw api_error::validation("Missing ComparisonOperator, Value or Exists");
         }
         comparison_operator_type op = get_comparison_operator(*comparison_operator);
         switch (op) {
@@ -433,19 +531,19 @@ static bool verify_expected_one(const rjson::value& condition, const rjson::valu
             return check_NE(got, (*attribute_value_list)[0]);
         case comparison_operator_type::LT:
             verify_operand_count(attribute_value_list, exact_size(1), *comparison_operator);
-            return check_compare(got, (*attribute_value_list)[0], cmp_lt{});
+            return check_compare(got, (*attribute_value_list)[0], cmp_lt{}, false, true);
         case comparison_operator_type::LE:
             verify_operand_count(attribute_value_list, exact_size(1), *comparison_operator);
-            return check_compare(got, (*attribute_value_list)[0], cmp_le{});
+            return check_compare(got, (*attribute_value_list)[0], cmp_le{}, false, true);
         case comparison_operator_type::GT:
             verify_operand_count(attribute_value_list, exact_size(1), *comparison_operator);
-            return check_compare(got, (*attribute_value_list)[0], cmp_gt{});
+            return check_compare(got, (*attribute_value_list)[0], cmp_gt{}, false, true);
         case comparison_operator_type::GE:
             verify_operand_count(attribute_value_list, exact_size(1), *comparison_operator);
-            return check_compare(got, (*attribute_value_list)[0], cmp_ge{});
+            return check_compare(got, (*attribute_value_list)[0], cmp_ge{}, false, true);
         case comparison_operator_type::BEGINS_WITH:
             verify_operand_count(attribute_value_list, exact_size(1), *comparison_operator);
-            return check_BEGINS_WITH(got, (*attribute_value_list)[0]);
+            return check_BEGINS_WITH(got, (*attribute_value_list)[0], false, true);
         case comparison_operator_type::IN:
             verify_operand_count(attribute_value_list, nonempty(), *comparison_operator);
             return check_IN(got, *attribute_value_list);
@@ -457,7 +555,8 @@ static bool verify_expected_one(const rjson::value& condition, const rjson::valu
             return check_NOT_NULL(got);
         case comparison_operator_type::BETWEEN:
             verify_operand_count(attribute_value_list, exact_size(2), *comparison_operator);
-            return check_BETWEEN(got, (*attribute_value_list)[0], (*attribute_value_list)[1]);
+            return check_BETWEEN(got, (*attribute_value_list)[0], (*attribute_value_list)[1],
+                                 false, true, true);
         case comparison_operator_type::CONTAINS:
             {
                 verify_operand_count(attribute_value_list, exact_size(1), *comparison_operator);
@@ -466,7 +565,7 @@ static bool verify_expected_one(const rjson::value& condition, const rjson::valu
                 const rjson::value& arg = (*attribute_value_list)[0];
                 const auto& argtype = (*arg.MemberBegin()).name;
                 if (argtype != "S" && argtype != "N" && argtype != "B") {
-                    throw api_error("ValidationException",
+                    throw api_error::validation(
                             format("CONTAINS operator requires a single AttributeValue of type String, Number, or Binary, "
                                     "got {} instead", argtype));
                 }
@@ -480,7 +579,7 @@ static bool verify_expected_one(const rjson::value& condition, const rjson::valu
                 const rjson::value& arg = (*attribute_value_list)[0];
                 const auto& argtype = (*arg.MemberBegin()).name;
                 if (argtype != "S" && argtype != "N" && argtype != "B") {
-                    throw api_error("ValidationException",
+                    throw api_error::validation(
                             format("CONTAINS operator requires a single AttributeValue of type String, Number, or Binary, "
                                     "got {} instead", argtype));
                 }
@@ -497,7 +596,7 @@ conditional_operator_type get_conditional_operator(const rjson::value& req) {
         return conditional_operator_type::MISSING;
     }
     if (!conditional_operator->IsString()) {
-        throw api_error("ValidationException", "'ConditionalOperator' parameter, if given, must be a string");
+        throw api_error::validation("'ConditionalOperator' parameter, if given, must be a string");
     }
     auto s = rjson::to_string_view(*conditional_operator);
     if (s == "AND") {
@@ -505,7 +604,7 @@ conditional_operator_type get_conditional_operator(const rjson::value& req) {
     } else if (s == "OR") {
         return conditional_operator_type::OR;
     } else {
-        throw api_error("ValidationException",
+        throw api_error::validation(
                 format("'ConditionalOperator' parameter must be AND, OR or missing. Found {}.", s));
     }
 }
@@ -520,13 +619,13 @@ bool verify_expected(const rjson::value& req, const rjson::value* previous_item)
     auto conditional_operator = get_conditional_operator(req);
     if (conditional_operator != conditional_operator_type::MISSING &&
         (!expected || (expected->IsObject() && expected->GetObject().ObjectEmpty()))) {
-            throw api_error("ValidationException", "'ConditionalOperator' parameter cannot be specified for missing or empty Expression");
+            throw api_error::validation("'ConditionalOperator' parameter cannot be specified for missing or empty Expression");
     }
     if (!expected) {
         return true;
     }
     if (!expected->IsObject()) {
-        throw api_error("ValidationException", "'Expected' parameter, if given, must be an object");
+        throw api_error::validation("'Expected' parameter, if given, must be an object");
     }
     bool require_all = conditional_operator != conditional_operator_type::OR;
     return verify_condition(*expected, require_all, previous_item);
@@ -569,7 +668,8 @@ static bool calculate_primitive_condition(const parsed::primitive_condition& con
             // Shouldn't happen unless we have a bug in the parser
             throw std::logic_error(format("Wrong number of values {} in BETWEEN primitive_condition", cond._values.size()));
         }
-        return check_BETWEEN(&calculated_values[0], calculated_values[1], calculated_values[2]);
+        return check_BETWEEN(&calculated_values[0], calculated_values[1], calculated_values[2],
+                             cond._values[0].is_constant(), cond._values[1].is_constant(), cond._values[2].is_constant());
     case parsed::primitive_condition::type::IN:
         return check_IN(calculated_values);
     case parsed::primitive_condition::type::VALUE:
@@ -584,7 +684,7 @@ static bool calculate_primitive_condition(const parsed::primitive_condition& con
                 return it->value.GetBool();
             }
         }
-        throw api_error("ValidationException",
+        throw api_error::validation(
                 format("ConditionExpression: condition results in a non-boolean value: {}",
                         calculated_values[0]));
     default:
@@ -600,13 +700,17 @@ static bool calculate_primitive_condition(const parsed::primitive_condition& con
     case parsed::primitive_condition::type::NE:
         return check_NE(&calculated_values[0], calculated_values[1]);
     case parsed::primitive_condition::type::GT:
-        return check_compare(&calculated_values[0], calculated_values[1], cmp_gt{});
+        return check_compare(&calculated_values[0], calculated_values[1], cmp_gt{},
+            cond._values[0].is_constant(), cond._values[1].is_constant());
     case parsed::primitive_condition::type::GE:
-        return check_compare(&calculated_values[0], calculated_values[1], cmp_ge{});
+        return check_compare(&calculated_values[0], calculated_values[1], cmp_ge{},
+            cond._values[0].is_constant(), cond._values[1].is_constant());
     case parsed::primitive_condition::type::LT:
-        return check_compare(&calculated_values[0], calculated_values[1], cmp_lt{});
+        return check_compare(&calculated_values[0], calculated_values[1], cmp_lt{},
+            cond._values[0].is_constant(), cond._values[1].is_constant());
     case parsed::primitive_condition::type::LE:
-        return check_compare(&calculated_values[0], calculated_values[1], cmp_le{});
+        return check_compare(&calculated_values[0], calculated_values[1], cmp_le{},
+            cond._values[0].is_constant(), cond._values[1].is_constant());
     default:
         // Shouldn't happen unless we have a bug in the parser
         throw std::logic_error(format("Unknown type {} in primitive_condition object", (int)(cond._op)));

alternator/conditions.hh

@@ -52,6 +52,7 @@ bool verify_expected(const rjson::value& req, const rjson::value* previous_item)
 bool verify_condition(const rjson::value& condition, bool require_all, const rjson::value* previous_item);
 
 bool check_CONTAINS(const rjson::value* v1, const rjson::value& v2);
+bool check_BEGINS_WITH(const rjson::value* v1, const rjson::value& v2, bool v1_from_query, bool v2_from_query);
 
 bool verify_condition_expression(
         const parsed::condition_expression& condition_expression,

alternator/error.hh

@@ -26,12 +26,15 @@
 
 namespace alternator {
 
-// DynamoDB's error messages are described in detail in
+// api_error contains a DynamoDB error message to be returned to the user.
+// It can be returned by value (see executor::request_return_type) or thrown.
+// The DynamoDB's error messages are described in detail in
 // https://docs.aws.amazon.com/amazondynamodb/latest/developerguide/Programming.Errors.html
-// Ah An error message has a "type", e.g., "ResourceNotFoundException", a coarser
-// HTTP code (almost always, 400), and a human readable message. Eventually these
-// will be wrapped into a JSON object returned to the client.
-class api_error : public std::exception {
+// An error message has an HTTP code (almost always 400), a type, e.g.,
+// "ResourceNotFoundException", and a human readable message.
+// Eventually alternator::api_handler will convert a returned or thrown
+// api_error into a JSON object, and that is returned to the user.
+class api_error final {
 public:
     using status_type = httpd::reply::status_type;
     status_type _http_code;
@@ -42,8 +45,47 @@ public:
         , _type(std::move(type))
         , _msg(std::move(msg))
     { }
-    api_error() = default;
-    virtual const char* what() const noexcept override { return _msg.c_str(); }
+
+    // Factory functions for some common types of DynamoDB API errors
+    static api_error validation(std::string msg) {
+        return api_error("ValidationException", std::move(msg));
+    }
+    static api_error resource_not_found(std::string msg) {
+        return api_error("ResourceNotFoundException", std::move(msg));
+    }
+    static api_error resource_in_use(std::string msg) {
+        return api_error("ResourceInUseException", std::move(msg));
+    }
+    static api_error invalid_signature(std::string msg) {
+        return api_error("InvalidSignatureException", std::move(msg));
+    }
+    static api_error missing_authentication_token(std::string msg) {
+        return api_error("MissingAuthenticationTokenException", std::move(msg));
+    }
+    static api_error unrecognized_client(std::string msg) {
+        return api_error("UnrecognizedClientException", std::move(msg));
+    }
+    static api_error unknown_operation(std::string msg) {
+        return api_error("UnknownOperationException", std::move(msg));
+    }
+    static api_error access_denied(std::string msg) {
+        return api_error("AccessDeniedException", std::move(msg));
+    }
+    static api_error conditional_check_failed(std::string msg) {
+        return api_error("ConditionalCheckFailedException", std::move(msg));
+    }
+    static api_error expired_iterator(std::string msg) {
+        return api_error("ExpiredIteratorException", std::move(msg));
+    }
+    static api_error trimmed_data_access_exception(std::string msg) {
+        return api_error("TrimmedDataAccessException", std::move(msg));
+    }
+    static api_error request_limit_exceeded(std::string msg) {
+        return api_error("RequestLimitExceeded", std::move(msg));
+    }
+    static api_error internal(std::string msg) {
+        return api_error("InternalServerError", std::move(msg), reply::status_type::internal_server_error);
+    }
 };
 
 }

alternator/executor.hh

@@ -30,16 +30,121 @@
 #include "service/storage_proxy.hh"
 #include "service/migration_manager.hh"
 #include "service/client_state.hh"
+#include "db/timeout_clock.hh"
 
 #include "alternator/error.hh"
 #include "stats.hh"
-#include "rjson.hh"
+#include "utils/rjson.hh"
+
+namespace db {
+    class system_distributed_keyspace;
+}
+
+namespace query {
+class partition_slice;
+class result;
+}
+
+namespace cql3::selection {
+    class selection;
+}
+
+namespace service {
+    class storage_service;
+}
+
+namespace cdc {
+    class metadata;
+}
 
 namespace alternator {
 
+class rmw_operation;
+
+struct make_jsonable : public json::jsonable {
+    rjson::value _value;
+public:
+    explicit make_jsonable(rjson::value&& value);
+    std::string to_json() const override;
+};
+struct json_string : public json::jsonable {
+    std::string _value;
+public:
+    explicit json_string(std::string&& value);
+    std::string to_json() const override;
+};
+
+namespace parsed {
+class path;
+};
+
+// An attribute_path_map object is used to hold data for various attributes
+// paths (parsed::path) in a hierarchy of attribute paths. Each attribute path
+// has a root attribute, and then modified by member and index operators -
+// for example in "a.b[2].c" we have "a" as the root, then ".b" member, then
+// "[2]" index, and finally ".c" member.
+// Data can be added to an attribute_path_map using the add() function, but
+// requires that attributes with data not be *overlapping* or *conflicting*:
+//
+// 1. Two attribute paths which are identical or an ancestor of one another
+//    are considered *overlapping* and not allowed. If a.b.c has data,
+//    we can't add more data in a.b.c or any of its descendants like a.b.c.d.
+//
+// 2. Two attribute paths which need the same parent to have both a member and
+//    an index are considered *conflicting* and not allowed. E.g., if a.b has
+//    data, you can't add a[1]. The meaning of adding both would be that the
+//    attribute a is both a map and an array, which isn't sensible.
+//
+// These two requirements are common to the two places where Alternator uses
+// this abstraction to describe how a hierarchical item is to be transformed:
+//
+// 1. In ProjectExpression: for filtering from a full top-level attribute
+//    only the parts for which user asked in ProjectionExpression.
+//
+// 2. In UpdateExpression: for taking the previous value of a top-level
+//    attribute, and modifying it based on the instructions in the user
+//    wrote in UpdateExpression.
+
+template<typename T>
+class attribute_path_map_node {
+public:
+    using data_t = T;
+    // We need the extra unique_ptr<> here because libstdc++ unordered_map
+    // doesn't work with incomplete types :-(
+    using members_t =  std::unordered_map<std::string, std::unique_ptr<attribute_path_map_node<T>>>;
+    // The indexes list is sorted because DynamoDB requires handling writes
+    // beyond the end of a list in index order.
+    using indexes_t = std::map<unsigned, std::unique_ptr<attribute_path_map_node<T>>>;
+    // The prohibition on "overlap" and "conflict" explained above means
+    // That only one of data, members or indexes is non-empty.
+    std::optional<std::variant<data_t, members_t, indexes_t>> _content;
+
+    bool is_empty() const { return !_content; }
+    bool has_value() const { return _content && std::holds_alternative<data_t>(*_content); }
+    bool has_members() const { return _content && std::holds_alternative<members_t>(*_content); }
+    bool has_indexes() const { return _content && std::holds_alternative<indexes_t>(*_content); }
+    // get_members() assumes that has_members() is true
+    members_t& get_members() { return std::get<members_t>(*_content); }
+    const members_t& get_members() const { return std::get<members_t>(*_content); }
+    indexes_t& get_indexes() { return std::get<indexes_t>(*_content); }
+    const indexes_t& get_indexes() const { return std::get<indexes_t>(*_content); }
+    T& get_value() { return std::get<T>(*_content); }
+    const T& get_value() const { return std::get<T>(*_content); }
+};
+
+template<typename T>
+using attribute_path_map = std::unordered_map<std::string, attribute_path_map_node<T>>;
+
+using attrs_to_get_node = attribute_path_map_node<std::monostate>;
+using attrs_to_get = attribute_path_map<std::monostate>;
+
+
 class executor : public peering_sharded_service<executor> {
     service::storage_proxy& _proxy;
     service::migration_manager& _mm;
+    db::system_distributed_keyspace& _sdks;
+    service::storage_service& _ss;
+    cdc::metadata& _cdc_metadata;
     // An smp_service_group to be used for limiting the concurrency when
     // forwarding Alternator request between shards - if necessary for LWT.
     smp_service_group _ssg;
@@ -52,12 +157,13 @@ public:
     static constexpr auto KEYSPACE_NAME_PREFIX = "alternator_";
     static constexpr std::string_view INTERNAL_TABLE_PREFIX = ".scylla.alternator.";
 
-    executor(service::storage_proxy& proxy, service::migration_manager& mm, smp_service_group ssg)
-        : _proxy(proxy), _mm(mm), _ssg(ssg) {}
+    executor(service::storage_proxy& proxy, service::migration_manager& mm, db::system_distributed_keyspace& sdks, service::storage_service& ss, cdc::metadata& cdc_metadata, smp_service_group ssg)
+        : _proxy(proxy), _mm(mm), _sdks(sdks), _ss(ss), _cdc_metadata(cdc_metadata), _ssg(ssg) {}
 
     future<request_return_type> create_table(client_state& client_state, tracing::trace_state_ptr trace_state, service_permit permit, rjson::value request);
     future<request_return_type> describe_table(client_state& client_state, tracing::trace_state_ptr trace_state, service_permit permit, rjson::value request);
     future<request_return_type> delete_table(client_state& client_state, tracing::trace_state_ptr trace_state, service_permit permit, rjson::value request);
+    future<request_return_type> update_table(client_state& client_state, tracing::trace_state_ptr trace_state, service_permit permit, rjson::value request);
     future<request_return_type> put_item(client_state& client_state, tracing::trace_state_ptr trace_state, service_permit permit, rjson::value request);
     future<request_return_type> get_item(client_state& client_state, tracing::trace_state_ptr trace_state, service_permit permit, rjson::value request);
     future<request_return_type> delete_item(client_state& client_state, tracing::trace_state_ptr trace_state, service_permit permit, rjson::value request);
@@ -71,13 +177,48 @@ public:
     future<request_return_type> tag_resource(client_state& client_state, service_permit permit, rjson::value request);
     future<request_return_type> untag_resource(client_state& client_state, service_permit permit, rjson::value request);
     future<request_return_type> list_tags_of_resource(client_state& client_state, service_permit permit, rjson::value request);
+    future<request_return_type> list_streams(client_state& client_state, service_permit permit, rjson::value request);
+    future<request_return_type> describe_stream(client_state& client_state, service_permit permit, rjson::value request);
+    future<request_return_type> get_shard_iterator(client_state& client_state, service_permit permit, rjson::value request);
+    future<request_return_type> get_records(client_state& client_state, tracing::trace_state_ptr, service_permit permit, rjson::value request);
 
     future<> start();
     future<> stop() { return make_ready_future<>(); }
 
     future<> create_keyspace(std::string_view keyspace_name);
 
-    static tracing::trace_state_ptr maybe_trace_query(client_state& client_state, sstring_view op, sstring_view query);
+    static sstring table_name(const schema&);
+    static db::timeout_clock::time_point default_timeout();
+    static void set_default_timeout(db::timeout_clock::duration timeout);
+private:
+    static db::timeout_clock::duration s_default_timeout;
+public:
+    static schema_ptr find_table(service::storage_proxy&, const rjson::value& request);
+
+private:
+    friend class rmw_operation;
+
+    static bool is_alternator_keyspace(const sstring& ks_name);
+    static sstring make_keyspace_name(const sstring& table_name);
+    static void describe_key_schema(rjson::value& parent, const schema&, std::unordered_map<std::string,std::string> * = nullptr);
+    static void describe_key_schema(rjson::value& parent, const schema& schema, std::unordered_map<std::string,std::string>&);
+    
+public:    
+    static std::optional<rjson::value> describe_single_item(schema_ptr,
+        const query::partition_slice&,
+        const cql3::selection::selection&,
+        const query::result&,
+        const attrs_to_get&);
+
+    static void describe_single_item(const cql3::selection::selection&,
+        const std::vector<bytes_opt>&,
+        const attrs_to_get&,
+        rjson::value&,
+        bool = false);
+
+    void add_stream_options(const rjson::value& stream_spec, schema_builder&) const;
+    void supplement_table_info(rjson::value& descr, const schema& schema) const;
+    void supplement_table_stream_info(rjson::value& descr, const schema& schema) const;
 };
 
 }

alternator/expressions.cc

@@ -130,6 +130,27 @@ void condition_expression::append(condition_expression&& a, char op) {
     }, _expression);
 }
 
+void path::check_depth_limit() {
+    if (1 + _operators.size() > depth_limit) {
+        throw expressions_syntax_error(format("Document path exceeded {} nesting levels", depth_limit));
+    }
+}
+
+std::ostream& operator<<(std::ostream& os, const path& p) {
+    os << p.root();
+    for (const auto& op : p.operators()) {
+        std::visit(overloaded_functor {
+            [&] (const std::string& member) {
+                os << '.' << member;
+            },
+            [&] (unsigned index) {
+                os << '[' << index << ']';
+            }
+        }, op);
+    }
+    return os;
+}
+
 } // namespace parsed
 
 // The following resolve_*() functions resolve references in parsed
@@ -151,22 +172,44 @@ void condition_expression::append(condition_expression&& a, char op) {
 // we need to resolve the expression just once but then use it many times
 // (once for each item to be filtered).
 
-static void resolve_path(parsed::path& p,
+static std::optional<std::string> resolve_path_component(const std::string& column_name,
         const rjson::value* expression_attribute_names,
         std::unordered_set<std::string>& used_attribute_names) {
-    const std::string& column_name = p.root();
     if (column_name.size() > 0 && column_name.front() == '#') {
         if (!expression_attribute_names) {
-            throw api_error("ValidationException",
+            throw api_error::validation(
                     format("ExpressionAttributeNames missing, entry '{}' required by expression", column_name));
         }
         const rjson::value* value = rjson::find(*expression_attribute_names, column_name);
         if (!value || !value->IsString()) {
-            throw api_error("ValidationException",
+            throw api_error::validation(
                     format("ExpressionAttributeNames missing entry '{}' required by expression", column_name));
         }
         used_attribute_names.emplace(column_name);
-        p.set_root(std::string(rjson::to_string_view(*value)));
+        return std::string(rjson::to_string_view(*value));
+    }
+    return std::nullopt;
+}
+
+static void resolve_path(parsed::path& p,
+        const rjson::value* expression_attribute_names,
+        std::unordered_set<std::string>& used_attribute_names) {
+    std::optional<std::string> r = resolve_path_component(p.root(), expression_attribute_names, used_attribute_names);
+    if (r) {
+        p.set_root(std::move(*r));
+    }
+    for (auto& op : p.operators()) {
+        std::visit(overloaded_functor {
+            [&] (std::string& s) {
+                r = resolve_path_component(s, expression_attribute_names, used_attribute_names);
+                if (r) {
+                    s = std::move(*r);
+                }
+            },
+            [&] (unsigned index) {
+                // nothing to resolve
+            }
+        }, op);
     }
 }
 
@@ -176,16 +219,16 @@ static void resolve_constant(parsed::constant& c,
     std::visit(overloaded_functor {
         [&] (const std::string& valref) {
             if (!expression_attribute_values) {
-                throw api_error("ValidationException",
+                throw api_error::validation(
                         format("ExpressionAttributeValues missing, entry '{}' required by expression", valref));
             }
             const rjson::value* value = rjson::find(*expression_attribute_values, valref);
             if (!value) {
-                throw api_error("ValidationException",
+                throw api_error::validation(
                         format("ExpressionAttributeValues missing entry '{}' required by expression", valref));
             }
             if (value->IsNull()) {
-                throw api_error("ValidationException",
+                throw api_error::validation(
                         format("ExpressionAttributeValues null value for entry '{}' required by expression", valref));
             }
             validate_value(*value, "ExpressionAttributeValues");
@@ -348,6 +391,39 @@ bool condition_expression_on(const parsed::condition_expression& ce, std::string
     }, ce._expression);
 }
 
+// for_condition_expression_on() runs a given function over all the attributes
+// mentioned in the expression. If the same attribute is mentioned more than
+// once, the function will be called more than once for the same attribute.
+
+static void for_value_on(const parsed::value& v, const noncopyable_function<void(std::string_view)>& func) {
+    std::visit(overloaded_functor {
+        [&] (const parsed::constant& c) { },
+        [&] (const parsed::value::function_call& f) {
+            for (const parsed::value& value : f._parameters) {
+                for_value_on(value, func);
+            }
+        },
+        [&] (const parsed::path& p) {
+            func(p.root());
+        }
+    }, v._value);
+}
+
+void for_condition_expression_on(const parsed::condition_expression& ce, const noncopyable_function<void(std::string_view)>& func) {
+    std::visit(overloaded_functor {
+        [&] (const parsed::primitive_condition& cond) {
+            for (const parsed::value& value : cond._values) {
+                for_value_on(value, func);
+            }
+        },
+        [&] (const parsed::condition_expression::condition_list& list) {
+            for (const parsed::condition_expression& cond : list.conditions) {
+                for_condition_expression_on(cond, func);
+            }
+        }
+    }, ce._expression);
+}
+
 // The following calculate_value() functions calculate, or evaluate, a parsed
 // expression. The parsed expression is assumed to have been "resolved", with
 // the matching resolve_* function.
@@ -359,7 +435,7 @@ static rjson::value list_concatenate(const rjson::value& v1, const rjson::value&
     const rjson::value* list1 = unwrap_list(v1);
     const rjson::value* list2 = unwrap_list(v2);
     if (!list1 || !list2) {
-        throw api_error("ValidationException", "UpdateExpression: list_append() given a non-list");
+        throw api_error::validation("UpdateExpression: list_append() given a non-list");
     }
     rjson::value cat = rjson::copy(*list1);
     for (const auto& a : list2->GetArray()) {
@@ -380,28 +456,28 @@ static rjson::value calculate_size(const rjson::value& v) {
     // must come from the request itself, not from the database, so it makes
     // sense to throw a ValidationException if we see such a problem.
     if (!v.IsObject() || v.MemberCount() != 1) {
-        throw api_error("ValidationException", format("invalid object: {}", v));
+        throw api_error::validation(format("invalid object: {}", v));
     }
     auto it = v.MemberBegin();
     int ret;
     if (it->name == "S") {
         if (!it->value.IsString()) {
-            throw api_error("ValidationException", format("invalid string: {}", v));
+            throw api_error::validation(format("invalid string: {}", v));
         }
         ret = it->value.GetStringLength();
     } else if (it->name == "NS" || it->name == "SS" || it->name == "BS" || it->name == "L") {
         if (!it->value.IsArray()) {
-            throw api_error("ValidationException", format("invalid set: {}", v));
+            throw api_error::validation(format("invalid set: {}", v));
         }
         ret = it->value.Size();
     } else if (it->name == "M") {
         if (!it->value.IsObject()) {
-            throw api_error("ValidationException", format("invalid map: {}", v));
+            throw api_error::validation(format("invalid map: {}", v));
         }
         ret = it->value.MemberCount();
     } else if (it->name == "B") {
         if (!it->value.IsString()) {
-            throw api_error("ValidationException", format("invalid byte string: {}", v));
+            throw api_error::validation(format("invalid byte string: {}", v));
         }
         ret = base64_decoded_len(rjson::to_string_view(it->value));
     } else {
@@ -445,11 +521,11 @@ static const
 std::unordered_map<std::string_view, function_handler_type*> function_handlers {
     {"list_append", [] (calculate_value_caller caller, const rjson::value* previous_item, const parsed::value::function_call& f) {
             if (caller != calculate_value_caller::UpdateExpression) {
-                throw api_error("ValidationException",
+                throw api_error::validation(
                         format("{}: list_append() not allowed here", caller));
             }
             if (f._parameters.size() != 2) {
-                throw api_error("ValidationException",
+                throw api_error::validation(
                         format("{}: list_append() accepts 2 parameters, got {}", caller, f._parameters.size()));
             }
             rjson::value v1 = calculate_value(f._parameters[0], caller, previous_item);
@@ -459,15 +535,15 @@ std::unordered_map<std::string_view, function_handler_type*> function_handlers {
     },
     {"if_not_exists", [] (calculate_value_caller caller, const rjson::value* previous_item, const parsed::value::function_call& f) {
             if (caller != calculate_value_caller::UpdateExpression) {
-                throw api_error("ValidationException",
+                throw api_error::validation(
                         format("{}: if_not_exists() not allowed here", caller));
             }
             if (f._parameters.size() != 2) {
-                throw api_error("ValidationException",
+                throw api_error::validation(
                         format("{}: if_not_exists() accepts 2 parameters, got {}", caller, f._parameters.size()));
             }
             if (!std::holds_alternative<parsed::path>(f._parameters[0]._value)) {
-                throw api_error("ValidationException",
+                throw api_error::validation(
                         format("{}: if_not_exists() must include path as its first argument", caller));
             }
             rjson::value v1 = calculate_value(f._parameters[0], caller, previous_item);
@@ -477,11 +553,11 @@ std::unordered_map<std::string_view, function_handler_type*> function_handlers {
     },
     {"size", [] (calculate_value_caller caller, const rjson::value* previous_item, const parsed::value::function_call& f) {
             if (caller != calculate_value_caller::ConditionExpression) {
-                throw api_error("ValidationException",
+                throw api_error::validation(
                         format("{}: size() not allowed here", caller));
             }
             if (f._parameters.size() != 1) {
-                throw api_error("ValidationException",
+                throw api_error::validation(
                         format("{}: size() accepts 1 parameter, got {}", caller, f._parameters.size()));
             }
             rjson::value v = calculate_value(f._parameters[0], caller, previous_item);
@@ -490,15 +566,15 @@ std::unordered_map<std::string_view, function_handler_type*> function_handlers {
     },
     {"attribute_exists", [] (calculate_value_caller caller, const rjson::value* previous_item, const parsed::value::function_call& f) {
             if (caller != calculate_value_caller::ConditionExpressionAlone) {
-                throw api_error("ValidationException",
+                throw api_error::validation(
                         format("{}: attribute_exists() not allowed here", caller));
             }
             if (f._parameters.size() != 1) {
-                throw api_error("ValidationException",
+                throw api_error::validation(
                         format("{}: attribute_exists() accepts 1 parameter, got {}", caller, f._parameters.size()));
             }
             if (!std::holds_alternative<parsed::path>(f._parameters[0]._value)) {
-                throw api_error("ValidationException",
+                throw api_error::validation(
                         format("{}: attribute_exists()'s parameter must be a path", caller));
             }
             rjson::value v = calculate_value(f._parameters[0], caller, previous_item);
@@ -507,15 +583,15 @@ std::unordered_map<std::string_view, function_handler_type*> function_handlers {
     },
     {"attribute_not_exists", [] (calculate_value_caller caller, const rjson::value* previous_item, const parsed::value::function_call& f) {
             if (caller != calculate_value_caller::ConditionExpressionAlone) {
-                throw api_error("ValidationException",
+                throw api_error::validation(
                         format("{}: attribute_not_exists() not allowed here", caller));
             }
             if (f._parameters.size() != 1) {
-                throw api_error("ValidationException",
+                throw api_error::validation(
                         format("{}: attribute_not_exists() accepts 1 parameter, got {}", caller, f._parameters.size()));
             }
             if (!std::holds_alternative<parsed::path>(f._parameters[0]._value)) {
-                throw api_error("ValidationException",
+                throw api_error::validation(
                         format("{}: attribute_not_exists()'s parameter must be a path", caller));
             }
             rjson::value v = calculate_value(f._parameters[0], caller, previous_item);
@@ -524,18 +600,18 @@ std::unordered_map<std::string_view, function_handler_type*> function_handlers {
     },
     {"attribute_type", [] (calculate_value_caller caller, const rjson::value* previous_item, const parsed::value::function_call& f) {
             if (caller != calculate_value_caller::ConditionExpressionAlone) {
-                throw api_error("ValidationException",
+                throw api_error::validation(
                         format("{}: attribute_type() not allowed here", caller));
             }
             if (f._parameters.size() != 2) {
-                throw api_error("ValidationException",
+                throw api_error::validation(
                         format("{}: attribute_type() accepts 2 parameters, got {}", caller, f._parameters.size()));
             }
             // There is no real reason for the following check (not
             // allowing the type to come from a document attribute), but
             // DynamoDB does this check, so we do too...
             if (!f._parameters[1].is_constant()) {
-                throw api_error("ValidationException",
+                throw api_error::validation(
                         format("{}: attribute_types()'s first parameter must be an expression attribute", caller));
             }
             rjson::value v0 = calculate_value(f._parameters[0], caller, previous_item);
@@ -544,7 +620,7 @@ std::unordered_map<std::string_view, function_handler_type*> function_handlers {
                 // If the type parameter is not one of the legal types
                 // we should generate an error, not a failed condition:
                 if (!known_type(rjson::to_string_view(v1.MemberBegin()->value))) {
-                    throw api_error("ValidationException",
+                    throw api_error::validation(
                             format("{}: attribute_types()'s second parameter, {}, is not a known type",
                                     caller, v1.MemberBegin()->value));
                 }
@@ -554,77 +630,33 @@ std::unordered_map<std::string_view, function_handler_type*> function_handlers {
                     return to_bool_json(false);
                 }
             } else {
-                throw api_error("ValidationException",
+                throw api_error::validation(
                         format("{}: attribute_type() second parameter must refer to a string, got {}", caller, v1));
             }
         }
     },
     {"begins_with", [] (calculate_value_caller caller, const rjson::value* previous_item, const parsed::value::function_call& f) {
             if (caller != calculate_value_caller::ConditionExpressionAlone) {
-                throw api_error("ValidationException",
+                throw api_error::validation(
                         format("{}: begins_with() not allowed here", caller));
             }
             if (f._parameters.size() != 2) {
-                throw api_error("ValidationException",
+                throw api_error::validation(
                         format("{}: begins_with() accepts 2 parameters, got {}", caller, f._parameters.size()));
             }
             rjson::value v1 = calculate_value(f._parameters[0], caller, previous_item);
             rjson::value v2 = calculate_value(f._parameters[1], caller, previous_item);
-            // TODO: There's duplication here with check_BEGINS_WITH().
-            // But unfortunately, the two functions differ a bit.
-
-            // If one of v1 or v2 is malformed or has an unsupported type
-            // (not B or S), what we do depends on whether it came from
-            // the user's query (is_constant()), or the item. Unsupported
-            // values in the query result in an error, but if they are in
-            // the item, we silently return false (no match).
-            bool bad = false;
-            if (!v1.IsObject() || v1.MemberCount() != 1) {
-                bad = true;
-                if (f._parameters[0].is_constant()) {
-                    throw api_error("ValidationException", format("{}: begins_with() encountered malformed AttributeValue: {}", caller, v1));
-                }
-            } else if (v1.MemberBegin()->name != "S" && v1.MemberBegin()->name != "B") {
-                bad = true;
-                if (f._parameters[0].is_constant()) {
-                    throw api_error("ValidationException", format("{}: begins_with() supports only string or binary in AttributeValue: {}", caller, v1));
-                }
-            }
-            if (!v2.IsObject() || v2.MemberCount() != 1) {
-                bad = true;
-                if (f._parameters[1].is_constant()) {
-                    throw api_error("ValidationException", format("{}: begins_with() encountered malformed AttributeValue: {}", caller, v2));
-                }
-            } else if (v2.MemberBegin()->name != "S" && v2.MemberBegin()->name != "B") {
-                bad = true;
-                if (f._parameters[1].is_constant()) {
-                    throw api_error("ValidationException", format("{}: begins_with() supports only string or binary in AttributeValue: {}", caller, v2));
-                }
-            }
-            bool ret = false;
-            if (!bad) {
-                auto it1 = v1.MemberBegin();
-                auto it2 = v2.MemberBegin();
-                if (it1->name == it2->name) {
-                    if (it2->name == "S") {
-                        std::string_view val1 = rjson::to_string_view(it1->value);
-                        std::string_view val2 = rjson::to_string_view(it2->value);
-                        ret = val1.starts_with(val2);
-                    } else /* it2->name == "B" */ {
-                        ret = base64_begins_with(rjson::to_string_view(it1->value), rjson::to_string_view(it2->value));
-                    }
-                }
-            }
-            return to_bool_json(ret);
+            return to_bool_json(check_BEGINS_WITH(v1.IsNull() ? nullptr : &v1,  v2,
+                                    f._parameters[0].is_constant(), f._parameters[1].is_constant()));
         }
     },
     {"contains", [] (calculate_value_caller caller, const rjson::value* previous_item, const parsed::value::function_call& f) {
             if (caller != calculate_value_caller::ConditionExpressionAlone) {
-                throw api_error("ValidationException",
+                throw api_error::validation(
                         format("{}: contains() not allowed here", caller));
             }
             if (f._parameters.size() != 2) {
-                throw api_error("ValidationException",
+                throw api_error::validation(
                         format("{}: contains() accepts 2 parameters, got {}", caller, f._parameters.size()));
             }
             rjson::value v1 = calculate_value(f._parameters[0], caller, previous_item);
@@ -634,6 +666,55 @@ std::unordered_map<std::string_view, function_handler_type*> function_handlers {
     },
 };
 
+// Given a parsed::path and an item read from the table, extract the value
+// of a certain attribute path, such as "a" or "a.b.c[3]". Returns a null
+// value if the item or the requested attribute does not exist.
+// Note that the item is assumed to be encoded in JSON using DynamoDB
+// conventions - each level of a nested document is a map with one key -
+// a type (e.g., "M" for map) - and its value is the representation of
+// that value.
+static rjson::value extract_path(const rjson::value* item,
+        const parsed::path& p, calculate_value_caller caller) {
+    if (!item) {
+        return rjson::null_value();
+    }
+    const rjson::value* v = rjson::find(*item, p.root());
+    if (!v) {
+        return rjson::null_value();
+    }
+    for (const auto& op : p.operators()) {
+        if (!v->IsObject() || v->MemberCount() != 1) {
+            // This shouldn't happen. We shouldn't have stored malformed
+            // objects. But today Alternator does not validate the structure
+            // of nested documents before storing them, so this can happen on
+            // read.
+            throw api_error::validation(format("{}: malformed item read: {}", *item));
+        }
+        const char* type = v->MemberBegin()->name.GetString();
+        v = &(v->MemberBegin()->value);
+        std::visit(overloaded_functor {
+            [&] (const std::string& member) {
+                if (type[0] == 'M' && v->IsObject()) {
+                    v = rjson::find(*v, member);
+                } else {
+                    v = nullptr;
+                }
+            },
+            [&] (unsigned index) {
+                if (type[0] == 'L' && v->IsArray() && index < v->Size()) {
+                    v = &(v->GetArray()[index]);
+                } else {
+                    v = nullptr;
+                }
+            }
+        }, op);
+        if (!v) {
+            return rjson::null_value();
+        }
+    }
+    return rjson::copy(*v);
+}
+
 // Given a parsed::value, which can refer either to a constant value from
 // ExpressionAttributeValues, to the value of some attribute, or to a function
 // of other values, this function calculates the resulting value.
@@ -650,22 +731,13 @@ rjson::value calculate_value(const parsed::value& v,
         [&] (const parsed::value::function_call& f) -> rjson::value {
             auto function_it = function_handlers.find(std::string_view(f._function_name));
             if (function_it == function_handlers.end()) {
-                throw api_error("ValidationException",
-                        format("UpdateExpression: unknown function '{}' called.", f._function_name));
+                throw api_error::validation(
+                        format("{}: unknown function '{}' called.", caller, f._function_name));
             }
             return function_it->second(caller, previous_item, f);
         },
         [&] (const parsed::path& p) -> rjson::value {
-            if (!previous_item) {
-                return rjson::null_value();
-            }
-            std::string update_path = p.root();
-            if (p.has_operators()) {
-                // FIXME: support this
-                throw api_error("ValidationException", "Reading attribute paths not yet implemented");
-            }
-            const rjson::value* previous_value = rjson::find(*previous_item, update_path);
-            return previous_value ? rjson::copy(*previous_value) : rjson::null_value();
+            return extract_path(previous_item, p, caller);
         }
     }, v._value);
 }
@@ -674,7 +746,7 @@ rjson::value calculate_value(const parsed::value& v,
 // either a single value, or v1+v2 or v1-v2.
 rjson::value calculate_value(const parsed::set_rhs& rhs,
         const rjson::value* previous_item) {
-    switch(rhs._op) {
+    switch (rhs._op) {
     case 'v':
         return calculate_value(rhs._v1, calculate_value_caller::UpdateExpression, previous_item);
     case '+': {

alternator/expressions.hh

@@ -27,8 +27,10 @@
 #include <unordered_set>
 #include <string_view>
 
+#include <seastar/util/noncopyable_function.hh>
+
 #include "expressions_types.hh"
-#include "rjson.hh"
+#include "utils/rjson.hh"
 
 namespace alternator {
 
@@ -59,6 +61,11 @@ void validate_value(const rjson::value& v, const char* caller);
 
 bool condition_expression_on(const parsed::condition_expression& ce, std::string_view attribute);
 
+// for_condition_expression_on() runs the given function on the attributes
+// that the expression uses. It may run for the same attribute more than once
+// if the same attribute is used more than once in the expression.
+void for_condition_expression_on(const parsed::condition_expression& ce, const noncopyable_function<void(std::string_view)>& func);
+
 // calculate_value() behaves slightly different (especially, different
 // functions supported) when used in different types of expressions, as
 // enumerated in this enum:

alternator/expressions_types.hh

@@ -27,7 +27,7 @@
 
 #include <seastar/core/shared_ptr.hh>
 
-#include "rjson.hh"
+#include "utils/rjson.hh"
 
 /*
  * Parsed representation of expressions and their components.
@@ -49,15 +49,23 @@ class path {
     // dot (e.g., ".xyz").
     std::string _root;
     std::vector<std::variant<std::string, unsigned>> _operators;
+    // It is useful to limit the depth of a user-specified path, because is
+    // allows us to use recursive algorithms without worrying about recursion
+    // depth. DynamoDB officially limits the length of paths to 32 components
+    // (including the root) so let's use the same limit.
+    static constexpr unsigned depth_limit = 32;
+    void check_depth_limit();
 public:
     void set_root(std::string root) {
         _root = std::move(root);
     }
     void add_index(unsigned i) {
         _operators.emplace_back(i);
+        check_depth_limit();
     }
     void add_dot(std::string(name)) {
         _operators.emplace_back(std::move(name));
+        check_depth_limit();
     }
     const std::string& root() const {
         return _root;
@@ -65,6 +73,13 @@ public:
     bool has_operators() const {
         return !_operators.empty();
     }
+    const std::vector<std::variant<std::string, unsigned>>& operators() const {
+        return _operators;
+    }
+    std::vector<std::variant<std::string, unsigned>>& operators() {
+        return _operators;
+    }
+    friend std::ostream& operator<<(std::ostream&, const path&);
 };
 
 // When an expression is first parsed, all constants are references, like

alternator/rjson.cc

@@ -1,300 +0,0 @@
-/*
- * Copyright 2019 ScyllaDB
- */
-
-/*
- * This file is part of Scylla.
- *
- * Scylla is free software: you can redistribute it and/or modify
- * it under the terms of the GNU Affero General Public License as published by
- * the Free Software Foundation, either version 3 of the License, or
- * (at your option) any later version.
- *
- * Scylla is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU Affero General Public License
- * along with Scylla.  If not, see <http://www.gnu.org/licenses/>.
- */
-
-#include "rjson.hh"
-#include "error.hh"
-#include <seastar/core/print.hh>
-#include <seastar/core/thread.hh>
-
-namespace rjson {
-
-static allocator the_allocator;
-
-/*
- * This wrapper class adds nested level checks to rapidjson's handlers.
- * Each rapidjson handler implements functions for accepting JSON values,
- * which includes strings, numbers, objects, arrays, etc.
- * Parsing objects and arrays needs to be performed carefully with regard
- * to stack overflow - each object/array layer adds another stack frame
- * to parsing, printing and destroying the parent JSON document.
- * To prevent stack overflow, a rapidjson handler can be wrapped with
- * guarded_json_handler, which accepts an additional max_nested_level parameter.
- * After trying to exceed the max nested level, a proper rjson::error will be thrown.
- */
-template<typename Handler, bool EnableYield>
-struct guarded_yieldable_json_handler : public Handler {
-    size_t _nested_level = 0;
-    size_t _max_nested_level;
-public:
-    using handler_base = Handler;
-
-    explicit guarded_yieldable_json_handler(size_t max_nested_level) : _max_nested_level(max_nested_level) {}
-    guarded_yieldable_json_handler(string_buffer& buf, size_t max_nested_level)
-            : handler_base(buf), _max_nested_level(max_nested_level) {}
-
-    void Parse(const char* str, size_t length) {
-        rapidjson::MemoryStream ms(static_cast<const char*>(str), length * sizeof(typename encoding::Ch));
-        rapidjson::EncodedInputStream<encoding, rapidjson::MemoryStream> is(ms);
-        rapidjson::GenericReader<encoding, encoding, allocator> reader(&the_allocator);
-        reader.Parse(is, *this);
-        if (reader.HasParseError()) {
-            throw rjson::error(format("Parsing JSON failed: {}", rapidjson::GetParseError_En(reader.GetParseErrorCode())));
-        }
-        //NOTICE: The handler has parsed the string, but in case of rapidjson::GenericDocument
-        // the data now resides in an internal stack_ variable, which is private instead of
-        // protected... which means we cannot simply access its data. Fortunately, another
-        // function for populating documents from SAX events can be abused to extract the data
-        // from the stack via gadget-oriented programming - we use an empty event generator
-        // which does nothing, and use it to call Populate(), which assumes that the generator
-        // will fill the stack with something. It won't, but our stack is already filled with
-        // data we want to steal, so once Populate() ends, our document will be properly parsed.
-        // A proper solution could be programmed once rapidjson declares this stack_ variable
-        // as protected instead of private, so that this class can access it.
-        auto dummy_generator = [](handler_base&){return true;};
-        handler_base::Populate(dummy_generator);
-    }
-
-    bool StartObject() {
-        ++_nested_level;
-        check_nested_level();
-        maybe_yield();
-        return handler_base::StartObject();
-    }
-
-    bool EndObject(rapidjson::SizeType elements_count = 0) {
-        --_nested_level;
-        return handler_base::EndObject(elements_count);
-    }
-
-    bool StartArray() {
-        ++_nested_level;
-        check_nested_level();
-        maybe_yield();
-        return handler_base::StartArray();
-    }
-
-    bool EndArray(rapidjson::SizeType elements_count = 0) {
-        --_nested_level;
-        return handler_base::EndArray(elements_count);
-    }
-
-    bool Null()                 { maybe_yield(); return handler_base::Null(); }
-    bool Bool(bool b)           { maybe_yield(); return handler_base::Bool(b); }
-    bool Int(int i)             { maybe_yield(); return handler_base::Int(i); }
-    bool Uint(unsigned u)       { maybe_yield(); return handler_base::Uint(u); }
-    bool Int64(int64_t i64)     { maybe_yield(); return handler_base::Int64(i64); }
-    bool Uint64(uint64_t u64)   { maybe_yield(); return handler_base::Uint64(u64); }
-    bool Double(double d)       { maybe_yield(); return handler_base::Double(d); }
-    bool String(const value::Ch* str, size_t length, bool copy = false) { maybe_yield(); return handler_base::String(str, length, copy); }
-    bool Key(const value::Ch* str, size_t length, bool copy = false) { maybe_yield(); return handler_base::Key(str, length, copy); }
-
-
-protected:
-    static void maybe_yield() {
-        if constexpr (EnableYield) {
-            thread::maybe_yield();
-        }
-    }
-
-    void check_nested_level() const {
-        if (RAPIDJSON_UNLIKELY(_nested_level > _max_nested_level)) {
-            throw rjson::error(format("Max nested level reached: {}", _max_nested_level));
-        }
-    }
-};
-
-std::string print(const rjson::value& value) {
-    string_buffer buffer;
-    guarded_yieldable_json_handler<writer, false> writer(buffer, 78);
-    value.Accept(writer);
-    return std::string(buffer.GetString());
-}
-
-rjson::value copy(const rjson::value& value) {
-    return rjson::value(value, the_allocator);
-}
-
-rjson::value parse(std::string_view str) {
-    guarded_yieldable_json_handler<document, false> d(78);
-    d.Parse(str.data(), str.size());
-    if (d.HasParseError()) {
-        throw rjson::error(format("Parsing JSON failed: {}", GetParseError_En(d.GetParseError())));
-    }
-    rjson::value& v = d;
-    return std::move(v);
-}
-
-rjson::value parse_yieldable(std::string_view str) {
-    guarded_yieldable_json_handler<document, true> d(78);
-    d.Parse(str.data(), str.size());
-    if (d.HasParseError()) {
-        throw rjson::error(format("Parsing JSON failed: {}", GetParseError_En(d.GetParseError())));
-    }
-    rjson::value& v = d;
-    return std::move(v);
-}
-
-rjson::value& get(rjson::value& value, std::string_view name) {
-    // Although FindMember() has a variant taking a StringRef, it ignores the
-    // given length (see https://github.com/Tencent/rapidjson/issues/1649).
-    // Luckily, the variant taking a GenericValue doesn't share this bug,
-    // and we can create a string GenericValue without copying the string.
-    auto member_it = value.FindMember(rjson::value(name.data(), name.size()));
-    if (member_it != value.MemberEnd())
-        return member_it->value;
-    else {
-        throw rjson::error(format("JSON parameter {} not found", name));
-    }
-}
-
-const rjson::value& get(const rjson::value& value, std::string_view name) {
-    auto member_it = value.FindMember(rjson::value(name.data(), name.size()));
-    if (member_it != value.MemberEnd())
-        return member_it->value;
-    else {
-        throw rjson::error(format("JSON parameter {} not found", name));
-    }
-}
-
-rjson::value from_string(const std::string& str) {
-    return rjson::value(str.c_str(), str.size(), the_allocator);
-}
-
-rjson::value from_string(const sstring& str) {
-    return rjson::value(str.c_str(), str.size(), the_allocator);
-}
-
-rjson::value from_string(const char* str, size_t size) {
-    return rjson::value(str, size, the_allocator);
-}
-
-rjson::value from_string(std::string_view view) {
-    return rjson::value(view.data(), view.size(), the_allocator);
-}
-
-const rjson::value* find(const rjson::value& value, std::string_view name) {
-    // Although FindMember() has a variant taking a StringRef, it ignores the
-    // given length (see https://github.com/Tencent/rapidjson/issues/1649).
-    // Luckily, the variant taking a GenericValue doesn't share this bug,
-    // and we can create a string GenericValue without copying the string.
-    auto member_it = value.FindMember(rjson::value(name.data(), name.size()));
-    return member_it != value.MemberEnd() ? &member_it->value : nullptr;
-}
-
-rjson::value* find(rjson::value& value, std::string_view name) {
-    auto member_it = value.FindMember(rjson::value(name.data(), name.size()));
-    return member_it != value.MemberEnd() ? &member_it->value : nullptr;
-}
-
-bool remove_member(rjson::value& value, std::string_view name) {
-    // Although RemoveMember() has a variant taking a StringRef, it ignores
-    // given length (see https://github.com/Tencent/rapidjson/issues/1649).
-    // Luckily, the variant taking a GenericValue doesn't share this bug,
-    // and we can create a string GenericValue without copying the string.
-    return value.RemoveMember(rjson::value(name.data(), name.size()));
-}
-
-void set_with_string_name(rjson::value& base, const std::string& name, rjson::value&& member) {
-    base.AddMember(rjson::value(name.c_str(), name.size(), the_allocator), std::move(member), the_allocator);
-}
-
-void set_with_string_name(rjson::value& base, std::string_view name, rjson::value&& member) {
-    base.AddMember(rjson::value(name.data(), name.size(), the_allocator), std::move(member), the_allocator);
-}
-
-void set_with_string_name(rjson::value& base, const std::string& name, rjson::string_ref_type member) {
-    base.AddMember(rjson::value(name.c_str(), name.size(), the_allocator), rjson::value(member), the_allocator);
-}
-
-void set_with_string_name(rjson::value& base, std::string_view name, rjson::string_ref_type member) {
-    base.AddMember(rjson::value(name.data(), name.size(), the_allocator), rjson::value(member), the_allocator);
-}
-
-void set(rjson::value& base, rjson::string_ref_type name, rjson::value&& member) {
-    base.AddMember(name, std::move(member), the_allocator);
-}
-
-void set(rjson::value& base, rjson::string_ref_type name, rjson::string_ref_type member) {
-    base.AddMember(name, rjson::value(member), the_allocator);
-}
-
-void push_back(rjson::value& base_array, rjson::value&& item) {
-    base_array.PushBack(std::move(item), the_allocator);
-
-}
-
-bool single_value_comp::operator()(const rjson::value& r1, const rjson::value& r2) const {
-   auto r1_type = r1.GetType();
-   auto r2_type = r2.GetType();
-
-   // null is the smallest type and compares with every other type, nothing is lesser than null
-   if (r1_type == rjson::type::kNullType || r2_type == rjson::type::kNullType) {
-       return r1_type < r2_type;
-   }
-   // only null, true, and false are comparable with each other, other types are not compatible
-   if (r1_type != r2_type) {
-       if (r1_type > rjson::type::kTrueType || r2_type > rjson::type::kTrueType) {
-           throw rjson::error(format("Types are not comparable: {} {}", r1, r2));
-       }
-   }
-
-   switch (r1_type) {
-   case rjson::type::kNullType:
-       // fall-through
-   case rjson::type::kFalseType:
-       // fall-through
-   case rjson::type::kTrueType:
-       return r1_type < r2_type;
-   case rjson::type::kObjectType:
-       throw rjson::error("Object type comparison is not supported");
-   case rjson::type::kArrayType:
-       throw rjson::error("Array type comparison is not supported");
-   case rjson::type::kStringType: {
-       const size_t r1_len = r1.GetStringLength();
-       const size_t r2_len = r2.GetStringLength();
-       size_t len = std::min(r1_len, r2_len);
-       int result = std::strncmp(r1.GetString(), r2.GetString(), len);
-       return result < 0 || (result == 0 && r1_len < r2_len);
-   }
-   case rjson::type::kNumberType: {
-       if (r1.IsInt() && r2.IsInt()) {
-           return r1.GetInt() < r2.GetInt();
-       } else if (r1.IsUint() && r2.IsUint()) {
-           return r1.GetUint() < r2.GetUint();
-       } else if (r1.IsInt64() && r2.IsInt64()) {
-           return r1.GetInt64() < r2.GetInt64();
-       } else if (r1.IsUint64() && r2.IsUint64()) {
-           return r1.GetUint64() < r2.GetUint64();
-       } else {
-           // it's safe to call GetDouble() on any number type
-           return r1.GetDouble() < r2.GetDouble();
-       }
-   }
-   default:
-       return false;
-   }
-}
-
-} // end namespace rjson
-
-std::ostream& std::operator<<(std::ostream& os, const rjson::value& v) {
-    return os << rjson::print(v);
-}

alternator/rjson.hh

@@ -1,177 +0,0 @@
-/*
- * Copyright 2019 ScyllaDB
- */
-
-/*
- * This file is part of Scylla.
- *
- * Scylla is free software: you can redistribute it and/or modify
- * it under the terms of the GNU Affero General Public License as published by
- * the Free Software Foundation, either version 3 of the License, or
- * (at your option) any later version.
- *
- * Scylla is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU Affero General Public License
- * along with Scylla.  If not, see <http://www.gnu.org/licenses/>.
- */
-
-#pragma once
-
-/*
- * rjson is a wrapper over rapidjson library, providing fast JSON parsing and generation.
- *
- * rapidjson has strict copy elision policies, which, among other things, involves
- * using provided char arrays without copying them and allows copying objects only explicitly.
- * As such, one should be careful when passing strings with limited liveness
- * (e.g. data underneath local std::strings) to rjson functions, because created JSON objects
- * may end up relying on dangling char pointers. All rjson functions that create JSONs from strings
- * by rjson have both APIs for string_ref_type (more optimal, used when the string is known to live
- * at least as long as the object, e.g. a static char array) and for std::strings. The more optimal
- * variants should be used *only* if the liveness of the string is guaranteed, otherwise it will
- * result in undefined behaviour.
- * Also, bear in mind that methods exposed by rjson::value are generic, but some of them
- * work fine only for specific types. In case the type does not match, an rjson::error will be thrown.
- * Examples of such mismatched usages is calling MemberCount() on a JSON value not of object type
- * or calling Size() on a non-array value.
- */
-
-#include <string>
-#include <stdexcept>
-
-namespace rjson {
-class error : public std::exception {
-    std::string _msg;
-public:
-    error() = default;
-    error(const std::string& msg) : _msg(msg) {}
-
-    virtual const char* what() const noexcept override { return _msg.c_str(); }
-};
-}
-
-// rapidjson configuration macros
-#define RAPIDJSON_HAS_STDSTRING 1
-// Default rjson policy is to use assert() - which is dangerous for two reasons:
-// 1. assert() can be turned off with -DNDEBUG
-// 2. assert() crashes a program
-// Fortunately, the default policy can be overridden, and so rapidjson errors will
-// throw an rjson::error exception instead.
-#define RAPIDJSON_ASSERT(x) do { if (!(x)) throw rjson::error(std::string("JSON error: condition not met: ") + #x); } while (0)
-
-#include <rapidjson/document.h>
-#include <rapidjson/writer.h>
-#include <rapidjson/stringbuffer.h>
-#include <rapidjson/error/en.h>
-#include <seastar/core/sstring.hh>
-#include "seastarx.hh"
-
-namespace rjson {
-
-using allocator = rapidjson::CrtAllocator;
-using encoding = rapidjson::UTF8<>;
-using document = rapidjson::GenericDocument<encoding, allocator>;
-using value = rapidjson::GenericValue<encoding, allocator>;
-using string_ref_type = value::StringRefType;
-using string_buffer = rapidjson::GenericStringBuffer<encoding>;
-using writer = rapidjson::Writer<string_buffer, encoding>;
-using type = rapidjson::Type;
-
-// Returns an object representing JSON's null
-inline rjson::value null_value() {
-    return rjson::value(rapidjson::kNullType);
-}
-
-// Returns an empty JSON object - {}
-inline rjson::value empty_object() {
-    return rjson::value(rapidjson::kObjectType);
-}
-
-// Returns an empty JSON array - []
-inline rjson::value empty_array() {
-    return rjson::value(rapidjson::kArrayType);
-}
-
-// Returns an empty JSON string - ""
-inline rjson::value empty_string() {
-    return rjson::value(rapidjson::kStringType);
-}
-
-// Convert the JSON value to a string with JSON syntax, the opposite of parse().
-// The representation is dense - without any redundant indentation.
-std::string print(const rjson::value& value);
-
-// Returns a string_view to the string held in a JSON value (which is
-// assumed to hold a string, i.e., v.IsString() == true). This is a view
-// to the existing data - no copying is done.
-inline std::string_view to_string_view(const rjson::value& v) {
-    return std::string_view(v.GetString(), v.GetStringLength());
-}
-
-// Copies given JSON value - involves allocation
-rjson::value copy(const rjson::value& value);
-
-// Parses a JSON value from given string or raw character array.
-// The string/char array liveness does not need to be persisted,
-// as parse() will allocate member names and values.
-// Throws rjson::error if parsing failed.
-rjson::value parse(std::string_view str);
-// Needs to be run in thread context
-rjson::value parse_yieldable(std::string_view str);
-
-// Creates a JSON value (of JSON string type) out of internal string representations.
-// The string value is copied, so str's liveness does not need to be persisted.
-rjson::value from_string(const std::string& str);
-rjson::value from_string(const sstring& str);
-rjson::value from_string(const char* str, size_t size);
-rjson::value from_string(std::string_view view);
-
-// Returns a pointer to JSON member if it exists, nullptr otherwise
-rjson::value* find(rjson::value& value, std::string_view name);
-const rjson::value* find(const rjson::value& value, std::string_view name);
-
-// Returns a reference to JSON member if it exists, throws otherwise
-rjson::value& get(rjson::value& value, std::string_view name);
-const rjson::value& get(const rjson::value& value, std::string_view name);
-
-// Sets a member in given JSON object by moving the member - allocates the name.
-// Throws if base is not a JSON object.
-void set_with_string_name(rjson::value& base, const std::string& name, rjson::value&& member);
-void set_with_string_name(rjson::value& base, std::string_view name, rjson::value&& member);
-
-// Sets a string member in given JSON object by assigning its reference - allocates the name.
-// NOTICE: member string liveness must be ensured to be at least as long as base's.
-// Throws if base is not a JSON object.
-void set_with_string_name(rjson::value& base, const std::string& name, rjson::string_ref_type member);
-void set_with_string_name(rjson::value& base, std::string_view name, rjson::string_ref_type member);
-
-// Sets a member in given JSON object by moving the member.
-// NOTICE: name liveness must be ensured to be at least as long as base's.
-// Throws if base is not a JSON object.
-void set(rjson::value& base, rjson::string_ref_type name, rjson::value&& member);
-
-// Sets a string member in given JSON object by assigning its reference.
-// NOTICE: name liveness must be ensured to be at least as long as base's.
-// NOTICE: member liveness must be ensured to be at least as long as base's.
-// Throws if base is not a JSON object.
-void set(rjson::value& base, rjson::string_ref_type name, rjson::string_ref_type member);
-
-// Adds a value to a JSON list by moving the item to its end.
-// Throws if base_array is not a JSON array.
-void push_back(rjson::value& base_array, rjson::value&& item);
-
-// Remove a member from a JSON object. Throws if value isn't an object.
-bool remove_member(rjson::value& value, std::string_view name);
-
-struct single_value_comp {
-    bool operator()(const rjson::value& r1, const rjson::value& r2) const;
-};
-
-} // end namespace rjson
-
-namespace std {
-std::ostream& operator<<(std::ostream& os, const rjson::value& v);
-}

alternator/rmw_operation.hh

@@ -24,7 +24,7 @@
 #include "seastarx.hh"
 #include "service/storage_proxy.hh"
 #include "service/storage_proxy.hh"
-#include "rjson.hh"
+#include "utils/rjson.hh"
 #include "executor.hh"
 
 namespace alternator {
@@ -87,7 +87,11 @@ protected:
     // When _returnvalues != NONE, apply() should store here, in JSON form,
     // the values which are to be returned in the "Attributes" field.
     // The default null JSON means do not return an Attributes field at all.
-    rjson::value _return_attributes;
+    // This field is marked "mutable" so that the const apply() can modify
+    // it (see explanation below), but note that because apply() may be
+    // called more than once, if apply() will sometimes set this field it
+    // must set it (even if just to the default empty value) every time.
+    mutable rjson::value _return_attributes;
 public:
     // The constructor of a rmw_operation subclass should parse the request
     // and try to discover as many input errors as it can before really
@@ -100,7 +104,12 @@ public:
     // conditional expression, apply() should return an empty optional.
     // apply() may throw if it encounters input errors not discovered during
     // the constructor.
-    virtual std::optional<mutation> apply(std::unique_ptr<rjson::value> previous_item, api::timestamp_type ts) = 0;
+    // apply() may be called more than once in case of contention, so it must
+    // not change the state saved in the object (issue #7218 was caused by
+    // violating this). We mark apply() "const" to let the compiler validate
+    // this for us. The output-only field _return_attributes is marked
+    // "mutable" above so that apply() can still write to it.
+    virtual std::optional<mutation> apply(std::unique_ptr<rjson::value> previous_item, api::timestamp_type ts) const = 0;
     // Convert the above apply() into the signature needed by cas_request:
     virtual std::optional<mutation> apply(foreign_ptr<lw_shared_ptr<query::result>> qr, const query::partition_slice& slice, api::timestamp_type ts) override;
     virtual ~rmw_operation() = default;

alternator/serialization.cc

@@ -65,7 +65,7 @@ struct from_json_visitor {
 
     void operator()(const reversed_type_impl& t) const { visit(*t.underlying_type(), from_json_visitor{v, bo}); };
     void operator()(const string_type_impl& t) {
-        bo.write(t.from_string(sstring_view(v.GetString(), v.GetStringLength())));
+        bo.write(t.from_string(rjson::to_string_view(v)));
     }
     void operator()(const bytes_type_impl& t) const {
         bo.write(base64_decode(v));
@@ -74,23 +74,27 @@ struct from_json_visitor {
         bo.write(boolean_type->decompose(v.GetBool()));
     }
     void operator()(const decimal_type_impl& t) const {
-        bo.write(t.from_string(sstring_view(v.GetString(), v.GetStringLength())));
+        try {
+            bo.write(t.from_string(rjson::to_string_view(v)));
+        } catch (const marshal_exception& e) {
+            throw api_error::validation(format("The parameter cannot be converted to a numeric value: {}", v));
+        }
     }
     // default
     void operator()(const abstract_type& t) const {
-        bo.write(from_json_object(t, Json::Value(rjson::print(v)), cql_serialization_format::internal()));
+        bo.write(from_json_object(t, v, cql_serialization_format::internal()));
     }
 };
 
 bytes serialize_item(const rjson::value& item) {
     if (item.IsNull() || item.MemberCount() != 1) {
-        throw api_error("ValidationException", format("An item can contain only one attribute definition: {}", item));
+        throw api_error::validation(format("An item can contain only one attribute definition: {}", item));
     }
     auto it = item.MemberBegin();
     type_info type_info = type_info_from_string(rjson::to_string_view(it->name)); // JSON keys are guaranteed to be strings
 
     if (type_info.atype == alternator_type::NOT_SUPPORTED_YET) {
-        slogger.trace("Non-optimal serialization of type {}", it->name.GetString());
+        slogger.trace("Non-optimal serialization of type {}", it->name);
         return bytes{int8_t(type_info.atype)} + to_bytes(rjson::print(item));
     }
 
@@ -128,7 +132,7 @@ struct to_json_visitor {
 rjson::value deserialize_item(bytes_view bv) {
     rjson::value deserialized(rapidjson::kObjectType);
     if (bv.empty()) {
-        throw api_error("ValidationException", "Serialized value empty");
+        throw api_error::validation("Serialized value empty");
     }
 
     alternator_type atype = alternator_type(bv[0]);
@@ -164,7 +168,7 @@ bytes get_key_column_value(const rjson::value& item, const column_definition& co
     std::string column_name = column.name_as_text();
     const rjson::value* key_typed_value = rjson::find(item, column_name);
     if (!key_typed_value) {
-        throw api_error("ValidationException", format("Key column {} not found", column_name));
+        throw api_error::validation(format("Key column {} not found", column_name));
     }
     return get_key_from_typed_value(*key_typed_value, column);
 }
@@ -175,20 +179,20 @@ bytes get_key_column_value(const rjson::value& item, const column_definition& co
 bytes get_key_from_typed_value(const rjson::value& key_typed_value, const column_definition& column) {
     if (!key_typed_value.IsObject() || key_typed_value.MemberCount() != 1 ||
             !key_typed_value.MemberBegin()->value.IsString()) {
-        throw api_error("ValidationException",
+        throw api_error::validation(
                 format("Malformed value object for key column {}: {}",
                         column.name_as_text(), key_typed_value));
     }
 
     auto it = key_typed_value.MemberBegin();
     if (it->name != type_to_string(column.type)) {
-        throw api_error("ValidationException",
+        throw api_error::validation(
                 format("Type mismatch: expected type {} for key column {}, got type {}",
-                        type_to_string(column.type), column.name_as_text(), it->name.GetString()));
+                        type_to_string(column.type), column.name_as_text(), it->name));
     }
     std::string_view value_view = rjson::to_string_view(it->value);
     if (value_view.empty()) {
-        throw api_error("ValidationException",
+        throw api_error::validation(
                 format("The AttributeValue for a key attribute cannot contain an empty string value. Key: {}", column.name_as_text()));
     }
     if (column.type == bytes_type) {
@@ -247,20 +251,24 @@ clustering_key ck_from_json(const rjson::value& item, schema_ptr schema) {
 
 big_decimal unwrap_number(const rjson::value& v, std::string_view diagnostic) {
     if (!v.IsObject() || v.MemberCount() != 1) {
-        throw api_error("ValidationException", format("{}: invalid number object", diagnostic));
+        throw api_error::validation(format("{}: invalid number object", diagnostic));
     }
     auto it = v.MemberBegin();
     if (it->name != "N") {
-        throw api_error("ValidationException", format("{}: expected number, found type '{}'", diagnostic, it->name));
+        throw api_error::validation(format("{}: expected number, found type '{}'", diagnostic, it->name));
     }
-    if (it->value.IsNumber()) {
-         // FIXME(sarna): should use big_decimal constructor with numeric values directly:
-        return big_decimal(rjson::print(it->value));
+    try {
+        if (it->value.IsNumber()) {
+             // FIXME(sarna): should use big_decimal constructor with numeric values directly:
+            return big_decimal(rjson::print(it->value));
+        }
+        if (!it->value.IsString()) {
+            throw api_error::validation(format("{}: improperly formatted number constant", diagnostic));
+        }
+        return big_decimal(rjson::to_string_view(it->value));
+    } catch (const marshal_exception& e) {
+        throw api_error::validation(format("The parameter cannot be converted to a numeric value: {}", it->value));
     }
-    if (!it->value.IsString()) {
-        throw api_error("ValidationException", format("{}: improperly formatted number constant", diagnostic));
-    }
-    return big_decimal(it->value.GetString());
 }
 
 const std::pair<std::string, const rjson::value*> unwrap_set(const rjson::value& v) {
@@ -312,10 +320,10 @@ rjson::value set_sum(const rjson::value& v1, const rjson::value& v2) {
     auto [set1_type, set1] = unwrap_set(v1);
     auto [set2_type, set2] = unwrap_set(v2);
     if (set1_type != set2_type) {
-        throw api_error("ValidationException", format("Mismatched set types: {} and {}", set1_type, set2_type));
+        throw api_error::validation(format("Mismatched set types: {} and {}", set1_type, set2_type));
     }
     if (!set1 || !set2) {
-        throw api_error("ValidationException", "UpdateExpression: ADD operation for sets must be given sets as arguments");
+        throw api_error::validation("UpdateExpression: ADD operation for sets must be given sets as arguments");
     }
     rjson::value sum = rjson::copy(*set1);
     std::set<rjson::value, rjson::single_value_comp> set1_raw;
@@ -323,7 +331,7 @@ rjson::value set_sum(const rjson::value& v1, const rjson::value& v2) {
         set1_raw.insert(rjson::copy(*it));
     }
     for (const auto& a : set2->GetArray()) {
-        if (set1_raw.count(a) == 0) {
+        if (!set1_raw.contains(a)) {
             rjson::push_back(sum, rjson::copy(a));
         }
     }
@@ -340,10 +348,10 @@ std::optional<rjson::value> set_diff(const rjson::value& v1, const rjson::value&
     auto [set1_type, set1] = unwrap_set(v1);
     auto [set2_type, set2] = unwrap_set(v2);
     if (set1_type != set2_type) {
-        throw api_error("ValidationException", format("Mismatched set types: {} and {}", set1_type, set2_type));
+        throw api_error::validation(format("Mismatched set types: {} and {}", set1_type, set2_type));
     }
     if (!set1 || !set2) {
-        throw api_error("ValidationException", "UpdateExpression: DELETE operation can only be performed on a set");
+        throw api_error::validation("UpdateExpression: DELETE operation can only be performed on a set");
     }
     std::set<rjson::value, rjson::single_value_comp> set1_raw;
     for (auto it = set1->Begin(); it != set1->End(); ++it) {

alternator/serialization.hh

@@ -26,7 +26,7 @@
 #include "types.hh"
 #include "schema_fwd.hh"
 #include "keys.hh"
-#include "rjson.hh"
+#include "utils/rjson.hh"
 #include "utils/big_decimal.hh"
 
 namespace alternator {

alternator/server.cc

@@ -22,10 +22,12 @@
 #include "alternator/server.hh"
 #include "log.hh"
 #include <seastar/http/function_handlers.hh>
+#include <seastar/http/short_streams.hh>
+#include <seastar/core/coroutine.hh>
 #include <seastar/json/json_elements.hh>
 #include "seastarx.hh"
 #include "error.hh"
-#include "rjson.hh"
+#include "utils/rjson.hh"
 #include "auth.hh"
 #include <cctype>
 #include "cql3/query_processor.hh"
@@ -59,6 +61,40 @@ inline std::vector<std::string_view> split(std::string_view text, char separator
     return tokens;
 }
 
+// Handle CORS (Cross-origin resource sharing) in the HTTP request:
+// If the request has the "Origin" header specifying where the script which
+// makes this request comes from, we need to reply with the header
+// "Access-Control-Allow-Origin: *" saying that this (and any) origin is fine.
+// Additionally, if preflight==true (i.e., this is an OPTIONS request),
+// the script can also "request" in headers that the server allows it to use
+// some HTTP methods and headers in the followup request, and the server
+// should respond by "allowing" them in the response headers.
+// We also add the header "Access-Control-Expose-Headers" to let the script
+// access additional headers in the response.
+// This handle_CORS() should be used when handling any HTTP method - both the
+// usual GET and POST, and also the "preflight" OPTIONS method.
+static void handle_CORS(const request& req, reply& rep, bool preflight) {
+    if (!req.get_header("origin").empty()) {
+        rep.add_header("Access-Control-Allow-Origin", "*");
+        // This is the list that DynamoDB returns for expose headers. I am
+        // not sure why not just return "*" here, what's the risk?
+        rep.add_header("Access-Control-Expose-Headers", "x-amzn-RequestId,x-amzn-ErrorType,x-amzn-ErrorMessage,Date");
+        if (preflight) {
+            sstring s = req.get_header("Access-Control-Request-Headers");
+            if (!s.empty()) {
+                rep.add_header("Access-Control-Allow-Headers", std::move(s));
+            }
+            s = req.get_header("Access-Control-Request-Method");
+            if (!s.empty()) {
+                rep.add_header("Access-Control-Allow-Methods", std::move(s));
+            }
+            // Our CORS response never change anyway, let the browser cache it
+            // for two hours (Chrome's maximum):
+            rep.add_header("Access-Control-Max-Age", "7200");
+        }
+    }
+}
+
 // DynamoDB HTTP error responses are structured as follows
 // https://docs.aws.amazon.com/amazondynamodb/latest/developerguide/Programming.Errors.html
 // Our handlers throw an exception to report an error. If the exception
@@ -75,20 +111,17 @@ public:
                  // returned to the client as expected. Other types of
                  // exceptions are unexpected, and returned to the user
                  // as an internal server error:
-                 api_error ret;
                  try {
                      resf.get();
                  } catch (api_error &ae) {
-                     ret = ae;
+                     generate_error_reply(*rep, ae);
                  } catch (rjson::error & re) {
-                     ret = api_error("ValidationException", re.what());
+                     generate_error_reply(*rep,
+                             api_error::validation(re.what()));
                  } catch (...) {
-                     ret = api_error(
-                             "Internal Server Error",
-                             format("Internal server error: {}", std::current_exception()),
-                             reply::status_type::internal_server_error);
+                     generate_error_reply(*rep,
+                             api_error::internal(format("Internal server error: {}", std::current_exception())));
                  }
-                 generate_error_reply(*rep, ret);
                  return make_ready_future<std::unique_ptr<reply>>(std::move(rep));
              }
              auto res = resf.get0();
@@ -96,6 +129,10 @@ public:
                  [&] (const json::json_return_type& json_return_value) {
                      slogger.trace("api_handler success case");
                      if (json_return_value._body_writer) {
+                         // Unfortunately, write_body() forces us to choose
+                         // from a fixed and irrelevant list of "mime-types"
+                         // at this point. But we'll override it with the
+                         // one (application/x-amz-json-1.0) below.
                          rep->write_body("json", std::move(json_return_value._body_writer));
                      } else {
                          rep->_content += json_return_value._res;
@@ -108,14 +145,16 @@ public:
 
              return make_ready_future<std::unique_ptr<reply>>(std::move(rep));
          });
-    }), _type("json") { }
+    }) { }
 
     api_handler(const api_handler&) = default;
     future<std::unique_ptr<reply>> handle(const sstring& path,
             std::unique_ptr<request> req, std::unique_ptr<reply> rep) override {
+        handle_CORS(*req, *rep, false);
         return _f_handle(std::move(req), std::move(rep)).then(
                 [this](std::unique_ptr<reply> rep) {
-                    rep->done(_type);
+                    rep->set_mime_type("application/x-amz-json-1.0");
+                    rep->done();
                     return make_ready_future<std::unique_ptr<reply>>(std::move(rep));
                 });
     }
@@ -129,7 +168,6 @@ protected:
     }
 
     future_handler_function _f_handle;
-    sstring _type;
 };
 
 class gated_handler : public handler_base {
@@ -149,6 +187,7 @@ public:
     health_handler(seastar::gate& pending_requests) : gated_handler(pending_requests) {}
 protected:
     virtual future<std::unique_ptr<reply>> do_handle(const sstring& path, std::unique_ptr<request> req, std::unique_ptr<reply> rep) override {
+        handle_CORS(*req, *rep, false);
         rep->set_status(reply::status_type::ok);
         rep->write_body("txt", format("healthy: {}", req->get_header("Host")));
         return make_ready_future<std::unique_ptr<reply>>(std::move(rep));
@@ -181,38 +220,61 @@ protected:
     }
 };
 
-future<> server::verify_signature(const request& req) {
+// The CORS (Cross-origin resource sharing) protocol can send an OPTIONS
+// request before ("pre-flight") the main request. The response to this
+// request can be empty, but needs to have the right headers (which we
+// fill with handle_CORS())
+class options_handler : public gated_handler {
+public:
+    options_handler(seastar::gate& pending_requests) : gated_handler(pending_requests) {}
+protected:
+    virtual future<std::unique_ptr<reply>> do_handle(const sstring& path, std::unique_ptr<request> req, std::unique_ptr<reply> rep) override {
+        handle_CORS(*req, *rep, true);
+        rep->set_status(reply::status_type::ok);
+        rep->write_body("txt", sstring(""));
+        return make_ready_future<std::unique_ptr<reply>>(std::move(rep));
+    }
+};
+
+future<> server::verify_signature(const request& req, const chunked_content& content) {
     if (!_enforce_authorization) {
         slogger.debug("Skipping authorization");
         return make_ready_future<>();
     }
     auto host_it = req._headers.find("Host");
     if (host_it == req._headers.end()) {
-        throw api_error("InvalidSignatureException", "Host header is mandatory for signature verification");
+        throw api_error::invalid_signature("Host header is mandatory for signature verification");
     }
     auto authorization_it = req._headers.find("Authorization");
     if (authorization_it == req._headers.end()) {
-        throw api_error("InvalidSignatureException", "Authorization header is mandatory for signature verification");
+        throw api_error::missing_authentication_token("Authorization header is mandatory for signature verification");
     }
     std::string host = host_it->second;
-    std::vector<std::string_view> credentials_raw = split(authorization_it->second, ' ');
+    std::string_view authorization_header = authorization_it->second;
+    auto pos = authorization_header.find_first_of(' ');
+    if (pos == std::string_view::npos || authorization_header.substr(0, pos) != "AWS4-HMAC-SHA256") {
+        throw api_error::invalid_signature(format("Authorization header must use AWS4-HMAC-SHA256 algorithm: {}", authorization_header));
+    }
+    authorization_header.remove_prefix(pos+1);
     std::string credential;
     std::string user_signature;
     std::string signed_headers_str;
     std::vector<std::string_view> signed_headers;
-    for (std::string_view entry : credentials_raw) {
+    do {
+        // Either one of a comma or space can mark the end of an entry
+        pos = authorization_header.find_first_of(" ,");
+        std::string_view entry = authorization_header.substr(0, pos);
+        if (pos != std::string_view::npos) {
+            authorization_header.remove_prefix(pos + 1);
+        }
+        if (entry.empty()) {
+            continue;
+        }
         std::vector<std::string_view> entry_split = split(entry, '=');
         if (entry_split.size() != 2) {
-            if (entry != "AWS4-HMAC-SHA256") {
-                throw api_error("InvalidSignatureException", format("Only AWS4-HMAC-SHA256 algorithm is supported. Found: {}", entry));
-            }
             continue;
         }
         std::string_view auth_value = entry_split[1];
-        // Commas appear as an additional (quite redundant) delimiter
-        if (auth_value.back() == ',') {
-            auth_value.remove_suffix(1);
-        }
         if (entry_split[0] == "Credential") {
             credential = std::string(auth_value);
         } else if (entry_split[0] == "Signature") {
@@ -222,10 +284,11 @@ future<> server::verify_signature(const request& req) {
             signed_headers = split(auth_value, ';');
             std::sort(signed_headers.begin(), signed_headers.end());
         }
-    }
+    } while (pos != std::string_view::npos);
+
     std::vector<std::string_view> credential_split = split(credential, '/');
     if (credential_split.size() != 5) {
-        throw api_error("ValidationException", format("Incorrect credential information format: {}", credential));
+        throw api_error::validation(format("Incorrect credential information format: {}", credential));
     }
     std::string user(credential_split[0]);
     std::string datestamp(credential_split[1]);
@@ -246,10 +309,10 @@ future<> server::verify_signature(const request& req) {
         }
     }
 
-    auto cache_getter = [] (std::string username) {
-        return get_key_from_roles(cql3::get_query_processor().local(), std::move(username));
+    auto cache_getter = [&qp = _qp] (std::string username) {
+        return get_key_from_roles(qp, std::move(username));
     };
-    return _key_cache.get_ptr(user, cache_getter).then([this, &req,
+    return _key_cache.get_ptr(user, cache_getter).then([this, &req, &content,
                                                     user = std::move(user),
                                                     host = std::move(host),
                                                     datestamp = std::move(datestamp),
@@ -259,53 +322,100 @@ future<> server::verify_signature(const request& req) {
                                                     service = std::move(service),
                                                     user_signature = std::move(user_signature)] (key_cache::value_ptr key_ptr) {
         std::string signature = get_signature(user, *key_ptr, std::string_view(host), req._method,
-                datestamp, signed_headers_str, signed_headers_map, req.content, region, service, "");
+                datestamp, signed_headers_str, signed_headers_map, content, region, service, "");
 
         if (signature != std::string_view(user_signature)) {
             _key_cache.remove(user);
-            throw api_error("UnrecognizedClientException", "The security token included in the request is invalid.");
+            throw api_error::unrecognized_client("The security token included in the request is invalid.");
         }
     });
 }
 
-future<executor::request_return_type> server::handle_api_request(std::unique_ptr<request>&& req) {
+static tracing::trace_state_ptr create_tracing_session(tracing::tracing& tracing_instance) {
+    tracing::trace_state_props_set props;
+    props.set<tracing::trace_state_props::full_tracing>();
+    props.set_if<tracing::trace_state_props::log_slow_query>(tracing_instance.slow_query_tracing_enabled());
+    return tracing_instance.create_session(tracing::trace_type::QUERY, props);
+}
+
+// truncated_content_view() prints a potentially long chunked_content for
+// debugging purposes. In the common case when the content is not excessively
+// long, it just returns a view into the given content, without any copying.
+// But when the content is very long, it is truncated after some arbitrary
+// max_len (or one chunk, whichever comes first), with "<truncated>" added at
+// the end. To do this modification to the string, we need to create a new
+// std::string, so the caller must pass us a reference to one, "buf", where
+// we can store the content. The returned view is only alive for as long this
+// buf is kept alive.
+static std::string_view truncated_content_view(const chunked_content& content, std::string& buf) {
+    constexpr size_t max_len = 1024;
+    if (content.empty()) {
+        return std::string_view();
+    } else if (content.size() == 1 && content.begin()->size() <= max_len) {
+        return std::string_view(content.begin()->get(), content.begin()->size());
+    } else {
+        buf = std::string(content.begin()->get(), std::min(content.begin()->size(), max_len)) + "<truncated>";
+        return std::string_view(buf);
+    }
+}
+
+static tracing::trace_state_ptr maybe_trace_query(service::client_state& client_state, sstring_view op, const chunked_content& query) {
+    tracing::trace_state_ptr trace_state;
+    tracing::tracing& tracing_instance = tracing::tracing::get_local_tracing_instance();
+    if (tracing_instance.trace_next_query() || tracing_instance.slow_query_tracing_enabled()) {
+        trace_state = create_tracing_session(tracing_instance);
+        std::string buf;
+        tracing::add_session_param(trace_state, "alternator_op", op);
+        tracing::add_query(trace_state, truncated_content_view(query, buf));
+        tracing::begin(trace_state, format("Alternator {}", op), client_state.get_client_address());
+    }
+    return trace_state;
+}
+
+future<executor::request_return_type> server::handle_api_request(std::unique_ptr<request> req) {
     _executor._stats.total_operations++;
     sstring target = req->get_header(TARGET);
     std::vector<std::string_view> split_target = split(target, '.');
     //NOTICE(sarna): Target consists of Dynamo API version followed by a dot '.' and operation type (e.g. CreateTable)
     std::string op = split_target.empty() ? std::string() : std::string(split_target.back());
-    slogger.trace("Request: {} {}", op, req->content);
-    return verify_signature(*req).then([this, op, req = std::move(req)] () mutable {
-        auto callback_it = _callbacks.find(op);
-        if (callback_it == _callbacks.end()) {
-            _executor._stats.unsupported_operations++;
-            throw api_error("UnknownOperationException",
-                    format("Unsupported operation {}", op));
-        }
-        return with_gate(_pending_requests, [this, callback_it = std::move(callback_it), op = std::move(op), req = std::move(req)] () mutable {
-            //FIXME: Client state can provide more context, e.g. client's endpoint address
-            // We use unique_ptr because client_state cannot be moved or copied
-            return do_with(std::make_unique<executor::client_state>(executor::client_state::internal_tag()),
-                    [this, callback_it = std::move(callback_it), op = std::move(op), req = std::move(req)] (std::unique_ptr<executor::client_state>& client_state) mutable {
-                tracing::trace_state_ptr trace_state = executor::maybe_trace_query(*client_state, op, req->content);
-                tracing::trace(trace_state, op);
-                // JSON parsing can allocate up to roughly 2x the size of the raw document, + a couple of bytes for maintenance.
-                // FIXME: by this time, the whole HTTP request was already read, so some memory is already occupied.
-                // Once HTTP allows working on streams, we should grab the permit *before* reading the HTTP payload.
-                size_t mem_estimate = req->content.size() * 3 + 8000;
-                auto units_fut = get_units(*_memory_limiter, mem_estimate);
-                if (_memory_limiter->waiters()) {
-                    ++_executor._stats.requests_blocked_memory;
-                }
-                return units_fut.then([this, callback_it = std::move(callback_it), &client_state, trace_state, req = std::move(req)] (semaphore_units<> units) mutable {
-                    return _json_parser.parse(req->content).then([this, callback_it = std::move(callback_it), &client_state, trace_state,
-                            units = std::move(units), req = std::move(req)] (rjson::value json_request) mutable {
-                        return callback_it->second(_executor, *client_state, trace_state, make_service_permit(std::move(units)), std::move(json_request), std::move(req)).finally([trace_state] {});
-                    });
-                });
-            });
-        });
-    });
+    // JSON parsing can allocate up to roughly 2x the size of the raw
+    // document, + a couple of bytes for maintenance.
+    // TODO: consider the case where req->content_length is missing. Maybe
+    // we need to take the content_length_limit and return some of the units
+    // when we finish read_content_and_verify_signature?
+    size_t mem_estimate = req->content_length * 2 + 8000;
+    auto units_fut = get_units(*_memory_limiter, mem_estimate);
+    if (_memory_limiter->waiters()) {
+        ++_executor._stats.requests_blocked_memory;
+    }
+    auto units = co_await std::move(units_fut);
+    assert(req->content_stream);
+    chunked_content content = co_await httpd::read_entire_stream(*req->content_stream);
+    co_await verify_signature(*req, content);
+
+    if (slogger.is_enabled(log_level::trace)) {
+        std::string buf;
+        slogger.trace("Request: {} {} {}", op, truncated_content_view(content, buf), req->_headers);
+    }
+    auto callback_it = _callbacks.find(op);
+    if (callback_it == _callbacks.end()) {
+        _executor._stats.unsupported_operations++;
+        co_return api_error::unknown_operation(format("Unsupported operation {}", op));
+    }
+    if (_pending_requests.get_count() >= _max_concurrent_requests) {
+        _executor._stats.requests_shed++;
+        co_return api_error::request_limit_exceeded(format("too many in-flight requests (configured via max_concurrent_requests_per_shard): {}", _pending_requests.get_count()));
+    }
+    _pending_requests.enter();
+    auto leave = defer([this] { _pending_requests.leave(); });
+    //FIXME: Client state can provide more context, e.g. client's endpoint address
+    // We use unique_ptr because client_state cannot be moved or copied
+    executor::client_state client_state{executor::client_state::internal_tag()};
+    tracing::trace_state_ptr trace_state = maybe_trace_query(client_state, op, content);
+    tracing::trace(trace_state, op);
+    rjson::value json_request = co_await _json_parser.parse(std::move(content));
+    co_return co_await callback_it->second(_executor, client_state, trace_state,
+            make_service_permit(std::move(units)), std::move(json_request), std::move(req));
 }
 
 void server::set_routes(routes& r) {
@@ -327,15 +437,17 @@ void server::set_routes(routes& r) {
     // scan an entire subnet for nodes responding to the health request,
     // or even just scan for open ports.
     r.put(operation_type::GET, "/localnodes", new local_nodelist_handler(_pending_requests));
+    r.put(operation_type::OPTIONS, "/", new options_handler(_pending_requests));
 }
 
 //FIXME: A way to immediately invalidate the cache should be considered,
 // e.g. when the system table which stores the keys is changed.
 // For now, this propagation may take up to 1 minute.
-server::server(executor& exec)
+server::server(executor& exec, cql3::query_processor& qp)
         : _http_server("http-alternator")
         , _https_server("https-alternator")
         , _executor(exec)
+        , _qp(qp)
         , _key_cache(1024, 1min, slogger)
         , _enforce_authorization(false)
         , _enabled_servers{}
@@ -350,6 +462,9 @@ server::server(executor& exec)
         {"DeleteTable", [] (executor& e, executor::client_state& client_state, tracing::trace_state_ptr trace_state, service_permit permit, rjson::value json_request, std::unique_ptr<request> req) {
             return e.delete_table(client_state, std::move(trace_state), std::move(permit), std::move(json_request));
         }},
+        {"UpdateTable", [] (executor& e, executor::client_state& client_state, tracing::trace_state_ptr trace_state, service_permit permit, rjson::value json_request, std::unique_ptr<request> req) {
+            return e.update_table(client_state, std::move(trace_state), std::move(permit), std::move(json_request));
+        }},
         {"PutItem", [] (executor& e, executor::client_state& client_state, tracing::trace_state_ptr trace_state, service_permit permit, rjson::value json_request, std::unique_ptr<request> req) {
             return e.put_item(client_state, std::move(trace_state), std::move(permit), std::move(json_request));
         }},
@@ -389,13 +504,26 @@ server::server(executor& exec)
         {"ListTagsOfResource", [] (executor& e, executor::client_state& client_state, tracing::trace_state_ptr trace_state, service_permit permit, rjson::value json_request, std::unique_ptr<request> req) {
             return e.list_tags_of_resource(client_state, std::move(permit), std::move(json_request));
         }},
+        {"ListStreams", [] (executor& e, executor::client_state& client_state, tracing::trace_state_ptr trace_state, service_permit permit, rjson::value json_request, std::unique_ptr<request> req) {
+            return e.list_streams(client_state, std::move(permit), std::move(json_request));
+        }},
+        {"DescribeStream", [] (executor& e, executor::client_state& client_state, tracing::trace_state_ptr trace_state, service_permit permit, rjson::value json_request, std::unique_ptr<request> req) {
+            return e.describe_stream(client_state, std::move(permit), std::move(json_request));
+        }},
+        {"GetShardIterator", [] (executor& e, executor::client_state& client_state, tracing::trace_state_ptr trace_state, service_permit permit, rjson::value json_request, std::unique_ptr<request> req) {
+            return e.get_shard_iterator(client_state, std::move(permit), std::move(json_request));
+        }},
+        {"GetRecords", [] (executor& e, executor::client_state& client_state, tracing::trace_state_ptr trace_state, service_permit permit, rjson::value json_request, std::unique_ptr<request> req) {
+            return e.get_records(client_state, std::move(trace_state), std::move(permit), std::move(json_request));
+        }},
     } {
 }
 
 future<> server::init(net::inet_address addr, std::optional<uint16_t> port, std::optional<uint16_t> https_port, std::optional<tls::credentials_builder> creds,
-        bool enforce_authorization, semaphore* memory_limiter) {
+        bool enforce_authorization, semaphore* memory_limiter, utils::updateable_value<uint32_t> max_concurrent_requests) {
     _memory_limiter = memory_limiter;
     _enforce_authorization = enforce_authorization;
+    _max_concurrent_requests = std::move(max_concurrent_requests);
     if (!port && !https_port) {
         return make_exception_future<>(std::runtime_error("Either regular port or TLS port"
                 " must be specified in order to init an alternator HTTP server instance"));
@@ -407,12 +535,14 @@ future<> server::init(net::inet_address addr, std::optional<uint16_t> port, std:
             if (port) {
                 set_routes(_http_server._routes);
                 _http_server.set_content_length_limit(server::content_length_limit);
+                _http_server.set_content_streaming(true);
                 _http_server.listen(socket_address{addr, *port}).get();
                 _enabled_servers.push_back(std::ref(_http_server));
             }
             if (https_port) {
                 set_routes(_https_server._routes);
                 _https_server.set_content_length_limit(server::content_length_limit);
+                _https_server.set_content_streaming(true);
                 _https_server.set_tls_credentials(creds->build_reloadable_server_credentials([](const std::unordered_set<sstring>& files, std::exception_ptr ep) {
                     if (ep) {
                         slogger.warn("Exception loading {}: {}", files, ep);
@@ -450,7 +580,7 @@ server::json_parser::json_parser() : _run_parse_json_thread(async([this] {
                 return;
             }
             try {
-                _parsed_document = rjson::parse_yieldable(_raw_document);
+                _parsed_document = rjson::parse_yieldable(std::move(_raw_document));
                 _current_exception = nullptr;
             } catch (...) {
                 _current_exception = std::current_exception();
@@ -460,12 +590,12 @@ server::json_parser::json_parser() : _run_parse_json_thread(async([this] {
     })) {
 }
 
-future<rjson::value> server::json_parser::parse(std::string_view content) {
+future<rjson::value> server::json_parser::parse(chunked_content&& content) {
     if (content.size() < yieldable_parsing_threshold) {
-        return make_ready_future<rjson::value>(rjson::parse(content));
+        return make_ready_future<rjson::value>(rjson::parse(std::move(content)));
     }
-    return with_semaphore(_parsing_sem, 1, [this, content] {
-        _raw_document = content;
+    return with_semaphore(_parsing_sem, 1, [this, content = std::move(content)] () mutable {
+        _raw_document = std::move(content);
         _document_waiting.signal();
         return _document_parsed.wait().then([this] {
             if (_current_exception) {

alternator/server.hh

@@ -28,10 +28,13 @@
 #include <optional>
 #include "alternator/auth.hh"
 #include "utils/small_vector.hh"
+#include "utils/updateable_value.hh"
 #include <seastar/core/units.hh>
 
 namespace alternator {
 
+using chunked_content = rjson::chunked_content;
+
 class server {
     static constexpr size_t content_length_limit = 16*MB;
     using alternator_callback = std::function<future<executor::request_return_type>(executor&, executor::client_state&,
@@ -41,6 +44,7 @@ class server {
     http_server _http_server;
     http_server _https_server;
     executor& _executor;
+    cql3::query_processor& _qp;
 
     key_cache _key_cache;
     bool _enforce_authorization;
@@ -49,10 +53,11 @@ class server {
     alternator_callbacks_map _callbacks;
 
     semaphore* _memory_limiter;
+    utils::updateable_value<uint32_t> _max_concurrent_requests;
 
     class json_parser {
         static constexpr size_t yieldable_parsing_threshold = 16*KB;
-        std::string_view _raw_document;
+        chunked_content _raw_document;
         rjson::value _parsed_document;
         std::exception_ptr _current_exception;
         semaphore _parsing_sem{1};
@@ -62,21 +67,24 @@ class server {
         future<> _run_parse_json_thread;
     public:
         json_parser();
-        future<rjson::value> parse(std::string_view content);
+        // Moving a chunked_content into parse() allows parse() to free each
+        // chunk as soon as it is parsed, so when chunks are relatively small,
+        // we don't need to store the sum of unparsed and parsed sizes.
+        future<rjson::value> parse(chunked_content&& content);
         future<> stop();
     };
     json_parser _json_parser;
 
 public:
-    server(executor& executor);
+    server(executor& executor, cql3::query_processor& qp);
 
     future<> init(net::inet_address addr, std::optional<uint16_t> port, std::optional<uint16_t> https_port, std::optional<tls::credentials_builder> creds,
-            bool enforce_authorization, semaphore* memory_limiter);
+            bool enforce_authorization, semaphore* memory_limiter, utils::updateable_value<uint32_t> max_concurrent_requests);
     future<> stop();
 private:
     void set_routes(seastar::httpd::routes& r);
-    future<> verify_signature(const seastar::httpd::request& r);
-    future<executor::request_return_type> handle_api_request(std::unique_ptr<request>&& req);
+    future<> verify_signature(const seastar::httpd::request&, const chunked_content&);
+    future<executor::request_return_type> handle_api_request(std::unique_ptr<request> req);
 };
 
 }

alternator/stats.cc

@@ -20,7 +20,7 @@
  */
 
 #include "stats.hh"
-
+#include "utils/histogram_metrics_helper.hh"
 #include <seastar/core/metrics.hh>
 
 namespace alternator {
@@ -37,7 +37,8 @@ stats::stats() : api_operations{} {
                         seastar::metrics::description("number of operations via Alternator API"), {op(CamelCaseName)}),
 #define OPERATION_LATENCY(name, CamelCaseName) \
                 seastar::metrics::make_histogram("op_latency", \
-                        seastar::metrics::description("Latency histogram of an operation via Alternator API"), {op(CamelCaseName)}, [this]{return api_operations.name.get_histogram(1,20);}),
+                        seastar::metrics::description("Latency histogram of an operation via Alternator API"), {op(CamelCaseName)}, [this]{return to_metrics_histogram(api_operations.name);}),
+            OPERATION(batch_get_item, "BatchGetItem")
             OPERATION(batch_write_item, "BatchWriteItem")
             OPERATION(create_backup, "CreateBackup")
             OPERATION(create_global_table, "CreateGlobalTable")
@@ -77,6 +78,11 @@ stats::stats() : api_operations{} {
             OPERATION_LATENCY(get_item_latency, "GetItem")
             OPERATION_LATENCY(delete_item_latency, "DeleteItem")
             OPERATION_LATENCY(update_item_latency, "UpdateItem")
+            OPERATION(list_streams, "ListStreams")
+            OPERATION(describe_stream, "DescribeStream")
+            OPERATION(get_shard_iterator, "GetShardIterator")
+            OPERATION(get_records, "GetRecords")
+            OPERATION_LATENCY(get_records_latency, "GetRecords")
     });
     _metrics.add_group("alternator", {
             seastar::metrics::make_total_operations("unsupported_operations", unsupported_operations,
@@ -91,6 +97,8 @@ stats::stats() : api_operations{} {
                     seastar::metrics::description("number writes that had to be bounced from this shard because of LWT requirements")),
             seastar::metrics::make_total_operations("requests_blocked_memory", requests_blocked_memory,
                     seastar::metrics::description("Counts a number of requests blocked due to memory pressure.")),
+            seastar::metrics::make_total_operations("requests_shed", requests_shed,
+                    seastar::metrics::description("Counts a number of requests shed due to overload.")),
             seastar::metrics::make_total_operations("filtered_rows_read_total", cql_stats.filtered_rows_read_total,
                     seastar::metrics::description("number of rows read during filtering operations")),
             seastar::metrics::make_total_operations("filtered_rows_matched_total", cql_stats.filtered_rows_matched_total,

alternator/stats.hh

@@ -74,11 +74,16 @@ public:
         uint64_t update_item = 0;
         uint64_t update_table = 0;
         uint64_t update_time_to_live = 0;
+        uint64_t list_streams = 0;
+        uint64_t describe_stream = 0;
+        uint64_t get_shard_iterator = 0;
+        uint64_t get_records = 0;
 
-        utils::estimated_histogram put_item_latency;
-        utils::estimated_histogram get_item_latency;
-        utils::estimated_histogram delete_item_latency;
-        utils::estimated_histogram update_item_latency;
+        utils::time_estimated_histogram put_item_latency;
+        utils::time_estimated_histogram get_item_latency;
+        utils::time_estimated_histogram delete_item_latency;
+        utils::time_estimated_histogram update_item_latency;
+        utils::time_estimated_histogram get_records_latency;
     } api_operations;
     // Miscellaneous event counters
     uint64_t total_operations = 0;
@@ -87,6 +92,7 @@ public:
     uint64_t write_using_lwt = 0;
     uint64_t shard_bounce_for_lwt = 0;
     uint64_t requests_blocked_memory = 0;
+    uint64_t requests_shed = 0;
     // CQL-derived stats
     cql3::cql_stats cql_stats;
 private:

api/api-doc/column_family.json

@@ -2925,6 +2925,10 @@
          "id":"toppartitions_query_results",
          "description":"nodetool toppartitions query results",
          "properties":{
+            "read_cardinality":{
+               "type":"long",
+               "description":"Number of the unique operations in the sample set"
+            },
             "read":{
                "type":"array",
                "items":{
@@ -2932,6 +2936,10 @@
                },
                "description":"Read results"
             },
+            "write_cardinality":{
+               "type":"long",
+               "description":"Number of the unique operations in the sample set"
+            },
             "write":{
                "type":"array",
                "items":{

api/api-doc/gossiper.json

@@ -148,6 +148,30 @@
                ]
             }
          ]
+      },
+      {
+         "path":"/gossiper/force_remove_endpoint/{addr}",
+         "operations":[
+            {
+               "method":"POST",
+               "summary":"Force remove an endpoint from gossip",
+               "type":"void",
+               "nickname":"force_remove_endpoint",
+               "produces":[
+                  "application/json"
+               ],
+               "parameters":[
+                  {
+                     "name":"addr",
+                     "description":"The endpoint address",
+                     "required":true,
+                     "allowMultiple":false,
+                     "type":"string",
+                     "paramType":"path"
+                  }
+               ]
+            }
+         ]
       }
    ]
 }

api/api-doc/messaging_service.json

@@ -76,7 +76,7 @@
                "items":{
                   "type":"message_counter"
                },
-               "nickname":"get_completed_messages",
+               "nickname":"get_replied_messages",
                "produces":[
                   "application/json"
                ],
@@ -249,7 +249,7 @@
                  "MIGRATION_REQUEST",
                  "PREPARE_MESSAGE",
                  "PREPARE_DONE_MESSAGE",
-                 "STREAM_MUTATION",
+                 "UNUSED__STREAM_MUTATION",
                  "STREAM_MUTATION_DONE",
                  "COMPLETE_MESSAGE",
                  "REPAIR_CHECKSUM_RANGE",

api/api-doc/storage_proxy.json

@@ -68,7 +68,7 @@
                "summary":"Get the hinted handoff enabled by dc",
                "type":"array",
                "items":{
-                  "type":"mapper_list"
+                  "type":"array"
                },
                "nickname":"get_hinted_handoff_enabled_by_dc",
                "produces":[

api/api-doc/storage_service.json

@@ -104,6 +104,68 @@
             }
          ]
       },
+      {
+         "path":"/storage_service/toppartitions/",
+         "operations":[
+            {
+               "method":"GET",
+               "summary":"Toppartitions query",
+               "type":"toppartitions_query_results",
+               "nickname":"toppartitions_generic",
+               "produces":[
+                  "application/json"
+               ],
+               "parameters":[
+                  {
+                     "name":"table_filters",
+                     "description":"Optional list of table name filters in keyspace:name format",
+                     "required":false,
+                     "allowMultiple":false,
+                     "type":"array",
+                     "items":{
+                        "type":"string"
+                     },
+                     "paramType":"query"
+                  },
+                  {
+                     "name":"keyspace_filters",
+                     "description":"Optional list of keyspace filters",
+                     "required":false,
+                     "allowMultiple":false,
+                     "type":"array",
+                     "items":{
+                        "type":"string"
+                     },
+                     "paramType":"query"
+                  },
+                  {
+                     "name":"duration",
+                     "description":"Duration (in milliseconds) of monitoring operation",
+                     "required":true,
+                     "allowMultiple":false,
+                     "type": "long",
+                     "paramType":"query"
+                  },
+                  {
+                    "name":"list_size",
+                    "description":"number of the top partitions to list",
+                    "required":false,
+                    "allowMultiple":false,
+                    "type": "long",
+                    "paramType":"query"
+                 },
+                 {
+                    "name":"capacity",
+                    "description":"capacity of stream summary: determines amount of resources used in query processing",
+                    "required":false,
+                    "allowMultiple":false,
+                    "type": "long",
+                    "paramType":"query"
+                 }
+              ]
+            }
+         ]
+      },
       {
          "path":"/storage_service/nodes/leaving",
          "operations":[
@@ -833,6 +895,43 @@
             }
          ]
       },
+      {
+         "path":"/storage_service/repair_status/",
+         "operations":[
+            {
+               "method":"GET",
+               "summary":"Query the repair status and return when the repair is finished or timeout",
+               "type":"string",
+               "enum":[
+                  "RUNNING",
+                  "SUCCESSFUL",
+                  "FAILED"
+               ],
+               "nickname":"repair_await_completion",
+               "produces":[
+                  "application/json"
+               ],
+               "parameters":[
+                  {
+                     "name":"id",
+                     "description":"The repair ID to check for status",
+                     "required":true,
+                     "allowMultiple":false,
+                     "type": "long",
+                     "paramType":"query"
+                  },
+                  {
+                     "name":"timeout",
+                     "description":"Seconds to wait before the query returns even if the repair is not finished. The value -1 or not providing this parameter means no timeout",
+                     "required":false,
+                     "allowMultiple":false,
+                     "type": "long",
+                     "paramType":"query"
+                  }
+               ]
+            }
+         ]
+      },
       {
          "path":"/storage_service/repair_async/{keyspace}",
          "operations":[
@@ -933,6 +1032,14 @@
                      "type":"string",
                      "paramType":"query"
                   },
+                  {
+                     "name":"ignore_nodes",
+                     "description":"Which hosts are to ignore in this repair. Multiple hosts can be listed separated by commas.",
+                     "required":false,
+                     "allowMultiple":false,
+                     "type":"string",
+                     "paramType":"query"
+                  },
                   {
                      "name":"trace",
                      "description":"If the value is the string 'true' with any capitalization, enable tracing of the repair.",
@@ -1068,6 +1175,14 @@
                      "allowMultiple":false,
                      "type":"string",
                      "paramType":"query"
+                  },
+                  {
+                     "name":"ignore_nodes",
+                     "description":"List of dead nodes to ingore in removenode operation",
+                     "required":false,
+                     "allowMultiple":false,
+                     "type":"string",
+                     "paramType":"query"
                   }
                ]
             }
@@ -1719,6 +1834,22 @@
                      "allowMultiple":false,
                      "type":"string",
                      "paramType":"query"
+                  },
+                  {
+                     "name":"load_and_stream",
+                     "description":"Load the sstables and stream to all replica nodes that owns the data",
+                     "required":false,
+                     "allowMultiple":false,
+                     "type":"string",
+                     "paramType":"query"
+                  },
+                  {
+                     "name":"primary_replica_only",
+                     "description":"Load the sstables and stream to primary replica node that owns the data. Repair is needed after the load and stream process",
+                     "required":false,
+                     "allowMultiple":false,
+                     "type":"string",
+                     "paramType":"query"
                   }
                ]
             }
@@ -1829,6 +1960,14 @@
                      "allowMultiple":false,
                      "type":"long",
                      "paramType":"query"
+                  },
+                  {
+                     "name":"fast",
+                     "description":"Lightweight tracing mode: if true, slow queries tracing records only session headers",
+                     "required":false,
+                     "allowMultiple":false,
+                     "type":"boolean",
+                     "paramType":"query"
                   }
                ]
             },
@@ -2327,6 +2466,10 @@
             "threshold":{
                "type":"long",
                "description":"The slow query logging threshold in microseconds. Queries that takes longer, will be logged"
+            },
+            "fast":{
+               "type":"boolean",
+               "description":"Is lightweight tracing mode enabled. In that mode tracing ignore events and tracks only sessions."
             }
          }
       },
@@ -2431,7 +2574,7 @@
             "version":{
                "type":"string",
                "enum":[
-                  "ka", "la", "mc"
+                  "ka", "la", "mc", "md"
                ],
                "description":"SSTable version"
             },

api/api-doc/system.json

@@ -52,6 +52,22 @@
             }
          ]
       },
+      {
+         "path":"/system/drop_sstable_caches",
+         "operations":[
+            {
+               "method":"POST",
+               "summary":"Drop in-memory caches for data which is in sstables",
+               "type":"void",
+               "nickname":"drop_sstable_caches",
+               "produces":[
+                  "application/json"
+               ],
+               "parameters":[
+               ]
+            }
+         ]
+      },
       {
          "path":"/system/uptime_ms",
          "operations":[

api/api.cc

@@ -113,8 +113,20 @@ future<> set_server_storage_service(http_context& ctx) {
     return register_api(ctx, "storage_service", "The storage service API", set_storage_service);
 }
 
-future<> set_server_snapshot(http_context& ctx) {
-    return ctx.http_server.set_routes([&ctx] (routes& r) { set_snapshot(ctx, r); });
+future<> set_server_repair(http_context& ctx, sharded<netw::messaging_service>& ms) {
+    return ctx.http_server.set_routes([&ctx, &ms] (routes& r) { set_repair(ctx, r, ms); });
+}
+
+future<> unset_server_repair(http_context& ctx) {
+    return ctx.http_server.set_routes([&ctx] (routes& r) { unset_repair(ctx, r); });
+}
+
+future<> set_server_snapshot(http_context& ctx, sharded<db::snapshot_ctl>& snap_ctl) {
+    return ctx.http_server.set_routes([&ctx, &snap_ctl] (routes& r) { set_snapshot(ctx, r, snap_ctl); });
+}
+
+future<> unset_server_snapshot(http_context& ctx) {
+    return ctx.http_server.set_routes([&ctx] (routes& r) { unset_snapshot(ctx, r); });
 }
 
 future<> set_server_snitch(http_context& ctx) {
@@ -131,9 +143,14 @@ future<> set_server_load_sstable(http_context& ctx) {
                 "The column family API", set_column_family);
 }
 
-future<> set_server_messaging_service(http_context& ctx) {
+future<> set_server_messaging_service(http_context& ctx, sharded<netw::messaging_service>& ms) {
     return register_api(ctx, "messaging_service",
-                "The messaging service API", set_messaging_service);
+                "The messaging service API", [&ms] (http_context& ctx, routes& r) {
+                    set_messaging_service(ctx, r, ms);
+                });
+}
+future<> unset_server_messaging_service(http_context& ctx) {
+    return ctx.http_server.set_routes([&ctx] (routes& r) { unset_messaging_service(ctx, r); });
 }
 
 future<> set_server_storage_proxy(http_context& ctx) {

api/api.hh

@@ -256,4 +256,6 @@ public:
     operator T() const { return value; }
 };
 
+utils_json::estimated_histogram time_to_json_histogram(const utils::time_estimated_histogram& val);
+
 }

api/api_init.hh

@@ -24,9 +24,11 @@
 #include <seastar/http/httpd.hh>
 
 namespace service { class load_meter; }
-namespace locator { class token_metadata; }
+namespace locator { class shared_token_metadata; }
 namespace cql_transport { class controller; }
 class thrift_controller;
+namespace db { class snapshot_ctl; }
+namespace netw { class messaging_service; }
 
 namespace api {
 
@@ -37,27 +39,33 @@ struct http_context {
     distributed<database>& db;
     distributed<service::storage_proxy>& sp;
     service::load_meter& lmeter;
-    sharded<locator::token_metadata>& token_metadata;
+    const sharded<locator::shared_token_metadata>& shared_token_metadata;
 
     http_context(distributed<database>& _db,
             distributed<service::storage_proxy>& _sp,
-            service::load_meter& _lm, sharded<locator::token_metadata>& _tm)
-            : db(_db), sp(_sp), lmeter(_lm), token_metadata(_tm) {
+            service::load_meter& _lm, const sharded<locator::shared_token_metadata>& _stm)
+            : db(_db), sp(_sp), lmeter(_lm), shared_token_metadata(_stm) {
     }
+
+    const locator::token_metadata& get_token_metadata();
 };
 
 future<> set_server_init(http_context& ctx);
 future<> set_server_config(http_context& ctx);
 future<> set_server_snitch(http_context& ctx);
 future<> set_server_storage_service(http_context& ctx);
+future<> set_server_repair(http_context& ctx, sharded<netw::messaging_service>& ms);
+future<> unset_server_repair(http_context& ctx);
 future<> set_transport_controller(http_context& ctx, cql_transport::controller& ctl);
 future<> unset_transport_controller(http_context& ctx);
 future<> set_rpc_controller(http_context& ctx, thrift_controller& ctl);
 future<> unset_rpc_controller(http_context& ctx);
-future<> set_server_snapshot(http_context& ctx);
+future<> set_server_snapshot(http_context& ctx, sharded<db::snapshot_ctl>& snap_ctl);
+future<> unset_server_snapshot(http_context& ctx);
 future<> set_server_gossip(http_context& ctx);
 future<> set_server_load_sstable(http_context& ctx);
-future<> set_server_messaging_service(http_context& ctx);
+future<> set_server_messaging_service(http_context& ctx, sharded<netw::messaging_service>& ms);
+future<> unset_server_messaging_service(http_context& ctx);
 future<> set_server_storage_proxy(http_context& ctx);
 future<> set_server_stream_manager(http_context& ctx);
 future<> set_server_gossip_settle(http_context& ctx);

api/column_family.cc

@@ -28,6 +28,7 @@
 #include <algorithm>
 #include "db/system_keyspace_view_types.hh"
 #include "db/data_listeners.hh"
+#include "storage_service.hh"
 
 extern logging::logger apilog;
 
@@ -180,7 +181,7 @@ static future<json::json_return_type> get_cf_unleveled_sstables(http_context& ct
 
 static int64_t min_partition_size(column_family& cf) {
     int64_t res = INT64_MAX;
-    for (auto i: *cf.get_sstables() ) {
+    for (auto sstables = cf.get_sstables(); auto& i : *sstables) {
         res = std::min(res, i->get_stats_metadata().estimated_partition_size.min());
     }
     return (res == INT64_MAX) ? 0 : res;
@@ -188,7 +189,7 @@ static int64_t min_partition_size(column_family& cf) {
 
 static int64_t max_partition_size(column_family& cf) {
     int64_t res = 0;
-    for (auto i: *cf.get_sstables() ) {
+    for (auto sstables = cf.get_sstables(); auto& i : *sstables) {
         res = std::max(i->get_stats_metadata().estimated_partition_size.max(), res);
     }
     return res;
@@ -196,7 +197,7 @@ static int64_t max_partition_size(column_family& cf) {
 
 static integral_ratio_holder mean_partition_size(column_family& cf) {
     integral_ratio_holder res;
-    for (auto i: *cf.get_sstables() ) {
+    for (auto sstables = cf.get_sstables(); auto& i : *sstables) {
         auto c = i->get_stats_metadata().estimated_partition_size.count();
         res.sub += i->get_stats_metadata().estimated_partition_size.mean() * c;
         res.total += c;
@@ -249,6 +250,12 @@ static future<json::json_return_type> sum_sstable(http_context& ctx, bool total)
     });
 }
 
+future<json::json_return_type> map_reduce_cf_time_histogram(http_context& ctx, const sstring& name, std::function<utils::time_estimated_histogram(const column_family&)> f) {
+    return map_reduce_cf_raw(ctx, name, utils::time_estimated_histogram(), f, utils::time_estimated_histogram_merge).then([](const utils::time_estimated_histogram& res) {
+        return make_ready_future<json::json_return_type>(time_to_json_histogram(res));
+    });
+}
+
 template <typename T>
 class sum_ratio {
     uint64_t _n = 0;
@@ -268,7 +275,7 @@ public:
 
 static double get_compression_ratio(column_family& cf) {
     sum_ratio<double> result;
-    for (auto i : *cf.get_sstables()) {
+    for (auto sstables = cf.get_sstables(); auto& i : *sstables) {
         auto compression_ratio = i->get_compression_ratio();
         if (compression_ratio != sstables::metadata_collector::NO_COMPRESSION_RATIO) {
             result(compression_ratio);
@@ -304,8 +311,8 @@ void set_column_family(http_context& ctx, routes& r) {
         return res;
     });
 
-    cf::get_column_family.set(r, [&ctx] (const_req req){
-            vector<cf::column_family_info> res;
+    cf::get_column_family.set(r, [&ctx] (std::unique_ptr<request> req){
+            std::list<cf::column_family_info> res;
             for (auto i: ctx.db.local().get_column_families_mapping()) {
                 cf::column_family_info info;
                 info.ks = i.first.first;
@@ -313,7 +320,7 @@ void set_column_family(http_context& ctx, routes& r) {
                 info.type = "ColumnFamilies";
                 res.push_back(info);
             }
-            return res;
+            return make_ready_future<json::json_return_type>(json::stream_range_as_array(std::move(res), std::identity()));
         });
 
     cf::get_column_family_name_keyspace.set(r, [&ctx] (const_req req){
@@ -325,15 +332,15 @@ void set_column_family(http_context& ctx, routes& r) {
     });
 
     cf::get_memtable_columns_count.set(r, [&ctx] (std::unique_ptr<request> req) {
-        return map_reduce_cf(ctx, req->param["name"], 0, [](column_family& cf) {
+        return map_reduce_cf(ctx, req->param["name"], uint64_t{0}, [](column_family& cf) {
             return cf.active_memtable().partition_count();
-        }, std::plus<int>());
+        }, std::plus<>());
     });
 
     cf::get_all_memtable_columns_count.set(r, [&ctx] (std::unique_ptr<request> req) {
-        return map_reduce_cf(ctx, 0, [](column_family& cf) {
+        return map_reduce_cf(ctx, uint64_t{0}, [](column_family& cf) {
             return cf.active_memtable().partition_count();
-        }, std::plus<int>());
+        }, std::plus<>());
     });
 
     cf::get_memtable_on_heap_size.set(r, [] (const_req req) {
@@ -418,7 +425,7 @@ void set_column_family(http_context& ctx, routes& r) {
     cf::get_estimated_row_size_histogram.set(r, [&ctx] (std::unique_ptr<request> req) {
         return map_reduce_cf(ctx, req->param["name"], utils::estimated_histogram(0), [](column_family& cf) {
             utils::estimated_histogram res(0);
-            for (auto i: *cf.get_sstables() ) {
+            for (auto sstables = cf.get_sstables(); auto& i : *sstables) {
                 res.merge(i->get_stats_metadata().estimated_partition_size);
             }
             return res;
@@ -430,7 +437,7 @@ void set_column_family(http_context& ctx, routes& r) {
     cf::get_estimated_row_count.set(r, [&ctx] (std::unique_ptr<request> req) {
         return map_reduce_cf(ctx, req->param["name"], int64_t(0), [](column_family& cf) {
             uint64_t res = 0;
-            for (auto i: *cf.get_sstables() ) {
+            for (auto sstables = cf.get_sstables(); auto& i : *sstables) {
                 res += i->get_stats_metadata().estimated_partition_size.count();
             }
             return res;
@@ -441,7 +448,7 @@ void set_column_family(http_context& ctx, routes& r) {
     cf::get_estimated_column_count_histogram.set(r, [&ctx] (std::unique_ptr<request> req) {
         return map_reduce_cf(ctx, req->param["name"], utils::estimated_histogram(0), [](column_family& cf) {
             utils::estimated_histogram res(0);
-            for (auto i: *cf.get_sstables() ) {
+            for (auto sstables = cf.get_sstables(); auto& i : *sstables) {
                 res.merge(i->get_stats_metadata().estimated_cells_count);
             }
             return res;
@@ -593,7 +600,8 @@ void set_column_family(http_context& ctx, routes& r) {
 
     cf::get_bloom_filter_false_positives.set(r, [&ctx] (std::unique_ptr<request> req) {
         return map_reduce_cf(ctx, req->param["name"], uint64_t(0), [] (column_family& cf) {
-            return std::accumulate(cf.get_sstables()->begin(), cf.get_sstables()->end(), uint64_t(0), [](uint64_t s, auto& sst) {
+            auto sstables = cf.get_sstables();
+            return std::accumulate(sstables->begin(), sstables->end(), uint64_t(0), [](uint64_t s, auto& sst) {
                 return s + sst->filter_get_false_positive();
             });
         }, std::plus<uint64_t>());
@@ -601,7 +609,8 @@ void set_column_family(http_context& ctx, routes& r) {
 
     cf::get_all_bloom_filter_false_positives.set(r, [&ctx] (std::unique_ptr<request> req) {
         return map_reduce_cf(ctx, uint64_t(0), [] (column_family& cf) {
-            return std::accumulate(cf.get_sstables()->begin(), cf.get_sstables()->end(), uint64_t(0), [](uint64_t s, auto& sst) {
+            auto sstables = cf.get_sstables();
+            return std::accumulate(sstables->begin(), sstables->end(), uint64_t(0), [](uint64_t s, auto& sst) {
                 return s + sst->filter_get_false_positive();
             });
         }, std::plus<uint64_t>());
@@ -609,7 +618,8 @@ void set_column_family(http_context& ctx, routes& r) {
 
     cf::get_recent_bloom_filter_false_positives.set(r, [&ctx] (std::unique_ptr<request> req) {
         return map_reduce_cf(ctx, req->param["name"], uint64_t(0), [] (column_family& cf) {
-            return std::accumulate(cf.get_sstables()->begin(), cf.get_sstables()->end(), uint64_t(0), [](uint64_t s, auto& sst) {
+            auto sstables = cf.get_sstables();
+            return std::accumulate(sstables->begin(), sstables->end(), uint64_t(0), [](uint64_t s, auto& sst) {
                 return s + sst->filter_get_recent_false_positive();
             });
         }, std::plus<uint64_t>());
@@ -617,7 +627,8 @@ void set_column_family(http_context& ctx, routes& r) {
 
     cf::get_all_recent_bloom_filter_false_positives.set(r, [&ctx] (std::unique_ptr<request> req) {
         return map_reduce_cf(ctx, uint64_t(0), [] (column_family& cf) {
-            return std::accumulate(cf.get_sstables()->begin(), cf.get_sstables()->end(), uint64_t(0), [](uint64_t s, auto& sst) {
+            auto sstables = cf.get_sstables();
+            return std::accumulate(sstables->begin(), sstables->end(), uint64_t(0), [](uint64_t s, auto& sst) {
                 return s + sst->filter_get_recent_false_positive();
             });
         }, std::plus<uint64_t>());
@@ -649,48 +660,54 @@ void set_column_family(http_context& ctx, routes& r) {
 
     cf::get_bloom_filter_disk_space_used.set(r, [&ctx] (std::unique_ptr<request> req) {
         return map_reduce_cf(ctx, req->param["name"], uint64_t(0), [] (column_family& cf) {
-            return std::accumulate(cf.get_sstables()->begin(), cf.get_sstables()->end(), uint64_t(0), [](uint64_t s, auto& sst) {
-                return sst->filter_size();
+            auto sstables = cf.get_sstables();
+            return std::accumulate(sstables->begin(), sstables->end(), uint64_t(0), [](uint64_t s, auto& sst) {
+                return s + sst->filter_size();
             });
         }, std::plus<uint64_t>());
     });
 
     cf::get_all_bloom_filter_disk_space_used.set(r, [&ctx] (std::unique_ptr<request> req) {
         return map_reduce_cf(ctx, uint64_t(0), [] (column_family& cf) {
-            return std::accumulate(cf.get_sstables()->begin(), cf.get_sstables()->end(), uint64_t(0), [](uint64_t s, auto& sst) {
-                return sst->filter_size();
+            auto sstables = cf.get_sstables();
+            return std::accumulate(sstables->begin(), sstables->end(), uint64_t(0), [](uint64_t s, auto& sst) {
+                return s + sst->filter_size();
             });
         }, std::plus<uint64_t>());
     });
 
     cf::get_bloom_filter_off_heap_memory_used.set(r, [&ctx] (std::unique_ptr<request> req) {
         return map_reduce_cf(ctx, req->param["name"], uint64_t(0), [] (column_family& cf) {
-            return std::accumulate(cf.get_sstables()->begin(), cf.get_sstables()->end(), uint64_t(0), [](uint64_t s, auto& sst) {
-                return sst->filter_memory_size();
+            auto sstables = cf.get_sstables();
+            return std::accumulate(sstables->begin(), sstables->end(), uint64_t(0), [](uint64_t s, auto& sst) {
+                return s + sst->filter_memory_size();
             });
         }, std::plus<uint64_t>());
     });
 
     cf::get_all_bloom_filter_off_heap_memory_used.set(r, [&ctx] (std::unique_ptr<request> req) {
         return map_reduce_cf(ctx, uint64_t(0), [] (column_family& cf) {
-            return std::accumulate(cf.get_sstables()->begin(), cf.get_sstables()->end(), uint64_t(0), [](uint64_t s, auto& sst) {
-                return sst->filter_memory_size();
+            auto sstables = cf.get_sstables();
+            return std::accumulate(sstables->begin(), sstables->end(), uint64_t(0), [](uint64_t s, auto& sst) {
+                return s + sst->filter_memory_size();
             });
         }, std::plus<uint64_t>());
     });
 
     cf::get_index_summary_off_heap_memory_used.set(r, [&ctx] (std::unique_ptr<request> req) {
         return map_reduce_cf(ctx, req->param["name"], uint64_t(0), [] (column_family& cf) {
-            return std::accumulate(cf.get_sstables()->begin(), cf.get_sstables()->end(), uint64_t(0), [](uint64_t s, auto& sst) {
-                return sst->get_summary().memory_footprint();
+            auto sstables = cf.get_sstables();
+            return std::accumulate(sstables->begin(), sstables->end(), uint64_t(0), [](uint64_t s, auto& sst) {
+                return s + sst->get_summary().memory_footprint();
             });
         }, std::plus<uint64_t>());
     });
 
     cf::get_all_index_summary_off_heap_memory_used.set(r, [&ctx] (std::unique_ptr<request> req) {
         return map_reduce_cf(ctx, uint64_t(0), [] (column_family& cf) {
-            return std::accumulate(cf.get_sstables()->begin(), cf.get_sstables()->end(), uint64_t(0), [](uint64_t s, auto& sst) {
-                return sst->get_summary().memory_footprint();
+            auto sstables = cf.get_sstables();
+            return std::accumulate(sstables->begin(), sstables->end(), uint64_t(0), [](uint64_t s, auto& sst) {
+                return s + sst->get_summary().memory_footprint();
             });
         }, std::plus<uint64_t>());
     });
@@ -796,24 +813,21 @@ void set_column_family(http_context& ctx, routes& r) {
     });
 
     cf::get_cas_prepare.set(r, [&ctx] (std::unique_ptr<request> req) {
-        return map_reduce_cf(ctx, req->param["name"], utils::estimated_histogram(0), [](column_family& cf) {
+        return map_reduce_cf_time_histogram(ctx, req->param["name"], [](const column_family& cf) {
             return cf.get_stats().estimated_cas_prepare;
-        },
-        utils::estimated_histogram_merge, utils_json::estimated_histogram());
+        });
     });
 
     cf::get_cas_propose.set(r, [&ctx] (std::unique_ptr<request> req) {
-        return map_reduce_cf(ctx, req->param["name"], utils::estimated_histogram(0), [](column_family& cf) {
+        return map_reduce_cf_time_histogram(ctx, req->param["name"], [](const column_family& cf) {
             return cf.get_stats().estimated_cas_accept;
-        },
-        utils::estimated_histogram_merge, utils_json::estimated_histogram());
+        });
     });
 
     cf::get_cas_commit.set(r, [&ctx] (std::unique_ptr<request> req) {
-        return map_reduce_cf(ctx, req->param["name"], utils::estimated_histogram(0), [](column_family& cf) {
+        return map_reduce_cf_time_histogram(ctx, req->param["name"], [](const column_family& cf) {
             return cf.get_stats().estimated_cas_learn;
-        },
-        utils::estimated_histogram_merge, utils_json::estimated_histogram());
+        });
     });
 
     cf::get_sstables_per_read_histogram.set(r, [&ctx] (std::unique_ptr<request> req) {
@@ -862,7 +876,9 @@ void set_column_family(http_context& ctx, routes& r) {
     });
 
     cf::get_built_indexes.set(r, [&ctx](std::unique_ptr<request> req) {
-        auto [ks, cf_name] = parse_fully_qualified_cf_name(req->param["name"]);
+        auto ks_cf = parse_fully_qualified_cf_name(req->param["name"]);
+        auto&& ks = std::get<0>(ks_cf);
+        auto&& cf_name = std::get<1>(ks_cf);
         return db::system_keyspace::load_view_build_progress().then([ks, cf_name, &ctx](const std::vector<db::system_keyspace::view_build_progress>& vb) mutable {
             std::set<sstring> vp;
             for (auto b : vb) {
@@ -875,7 +891,7 @@ void set_column_family(http_context& ctx, routes& r) {
             column_family& cf = ctx.db.local().find_column_family(uuid);
             res.reserve(cf.get_index_manager().list_indexes().size());
             for (auto&& i : cf.get_index_manager().list_indexes()) {
-                if (vp.find(secondary_index::index_table_name(i.metadata().name())) == vp.end()) {
+                if (!vp.contains(secondary_index::index_table_name(i.metadata().name()))) {
                     res.emplace_back(i.metadata().name());
                 }
             }
@@ -909,17 +925,15 @@ void set_column_family(http_context& ctx, routes& r) {
     });
 
     cf::get_read_latency_estimated_histogram.set(r, [&ctx](std::unique_ptr<request> req) {
-        return map_reduce_cf(ctx, req->param["name"], utils::estimated_histogram(0), [](column_family& cf) {
+        return map_reduce_cf_time_histogram(ctx, req->param["name"], [](const column_family& cf) {
             return cf.get_stats().estimated_read;
-        },
-        utils::estimated_histogram_merge, utils_json::estimated_histogram());
+        });
     });
 
     cf::get_write_latency_estimated_histogram.set(r, [&ctx](std::unique_ptr<request> req) {
-        return map_reduce_cf(ctx, req->param["name"], utils::estimated_histogram(0), [](column_family& cf) {
+        return map_reduce_cf_time_histogram(ctx, req->param["name"], [](const column_family& cf) {
             return cf.get_stats().estimated_write;
-        },
-        utils::estimated_histogram_merge, utils_json::estimated_histogram());
+        });
     });
 
     cf::set_compaction_strategy_class.set(r, [&ctx](std::unique_ptr<request> req) {
@@ -970,42 +984,20 @@ void set_column_family(http_context& ctx, routes& r) {
         });
     });
 
+
     cf::toppartitions.set(r, [&ctx] (std::unique_ptr<request> req) {
-        auto name_param = req->param["name"];
-        auto [ks, cf] = parse_fully_qualified_cf_name(name_param);
+        auto name = req->param["name"];
+        auto [ks, cf] = parse_fully_qualified_cf_name(name);
 
         api::req_param<std::chrono::milliseconds, unsigned> duration{*req, "duration", 1000ms};
         api::req_param<unsigned> capacity(*req, "capacity", 256);
         api::req_param<unsigned> list_size(*req, "list_size", 10);
 
         apilog.info("toppartitions query: name={} duration={} list_size={} capacity={}",
-            name_param, duration.param, list_size.param, capacity.param);
+            name, duration.param, list_size.param, capacity.param);
 
-        return seastar::do_with(db::toppartitions_query(ctx.db, ks, cf, duration.value, list_size, capacity), [&ctx](auto& q) {
-            return q.scatter().then([&q] {
-                return sleep(q.duration()).then([&q] {
-                    return q.gather(q.capacity()).then([&q] (auto topk_results) {
-                        apilog.debug("toppartitions query: processing results");
-                        cf::toppartitions_query_results results;
-
-                        for (auto& d: topk_results.read.top(q.list_size())) {
-                            cf::toppartitions_record r;
-                            r.partition = sstring(d.item);
-                            r.count = d.count;
-                            r.error = d.error;
-                            results.read.push(r);
-                        }
-                        for (auto& d: topk_results.write.top(q.list_size())) {
-                            cf::toppartitions_record r;
-                            r.partition = sstring(d.item);
-                            r.count = d.count;
-                            r.error = d.error;
-                            results.write.push(r);
-                        }
-                        return make_ready_future<json::json_return_type>(results);
-                    });
-                });
-            });
+        return seastar::do_with(db::toppartitions_query(ctx.db, {{ks, cf}}, {}, duration.value, list_size, capacity), [&ctx] (db::toppartitions_query& q) {
+            return run_toppartitions_query(q, ctx, true);
         });
     });
 

api/column_family.hh

@@ -68,6 +68,8 @@ future<json::json_return_type> map_reduce_cf(http_context& ctx, const sstring& n
     });
 }
 
+future<json::json_return_type> map_reduce_cf_time_histogram(http_context& ctx, const sstring& name, std::function<utils::time_estimated_histogram(const column_family&)> f);
+
 struct map_reduce_column_families_locally {
     std::any init;
     std::function<std::unique_ptr<std::any>(column_family&)> mapper;
@@ -114,4 +116,7 @@ future<json::json_return_type>  get_cf_stats(http_context& ctx, const sstring& n
 future<json::json_return_type>  get_cf_stats(http_context& ctx,
         int64_t column_family_stats::*f);
 
+
+std::tuple<sstring, sstring> parse_fully_qualified_cf_name(sstring name);
+
 }

api/compaction_manager.cc

@@ -58,6 +58,7 @@ void set_compaction_manager(http_context& ctx, routes& r) {
 
             for (const auto& c : cm.get_compactions()) {
                 cm::summary s;
+                s.id = c->compaction_uuid.to_sstring();
                 s.ks = c->ks_name;
                 s.cf = c->cf_name;
                 s.unit = "keys";

api/gossiper.cc

@@ -66,6 +66,13 @@ void set_gossiper(http_context& ctx, routes& r) {
             return make_ready_future<json::json_return_type>(json_void());
         });
     });
+
+    httpd::gossiper_json::force_remove_endpoint.set(r, [](std::unique_ptr<request> req) {
+        gms::inet_address ep(req->param["addr"]);
+        return gms::get_local_gossiper().force_remove_endpoint(ep).then([] {
+            return make_ready_future<json::json_return_type>(json_void());
+        });
+    });
 }
 
 }

api/lsa.cc

@@ -26,6 +26,7 @@
 #include <seastar/http/exception.hh>
 #include "utils/logalloc.hh"
 #include "log.hh"
+#include "database.hh"
 
 namespace api {
 

api/messaging_service.cc

@@ -53,8 +53,8 @@ std::vector<message_counter> map_to_message_counters(
  * according to a function that it gets as a parameter.
  *
  */
-future_json_function get_client_getter(std::function<uint64_t(const shard_info&)> f) {
-    return [f](std::unique_ptr<request> req) {
+future_json_function get_client_getter(sharded<netw::messaging_service>& ms, std::function<uint64_t(const shard_info&)> f) {
+    return [&ms, f](std::unique_ptr<request> req) {
         using map_type = std::unordered_map<gms::inet_address, uint64_t>;
         auto get_shard_map = [f](messaging_service& ms) {
             std::unordered_map<gms::inet_address, unsigned long> map;
@@ -63,15 +63,15 @@ future_json_function get_client_getter(std::function<uint64_t(const shard_info&)
             });
             return map;
         };
-        return  get_messaging_service().map_reduce0(get_shard_map, map_type(), map_sum<map_type>).
+        return ms.map_reduce0(get_shard_map, map_type(), map_sum<map_type>).
                 then([](map_type&& map) {
             return make_ready_future<json::json_return_type>(map_to_message_counters(map));
         });
     };
 }
 
-future_json_function get_server_getter(std::function<uint64_t(const rpc::stats&)> f) {
-    return [f](std::unique_ptr<request> req) {
+future_json_function get_server_getter(sharded<netw::messaging_service>& ms, std::function<uint64_t(const rpc::stats&)> f) {
+    return [&ms, f](std::unique_ptr<request> req) {
         using map_type = std::unordered_map<gms::inet_address, uint64_t>;
         auto get_shard_map = [f](messaging_service& ms) {
             std::unordered_map<gms::inet_address, unsigned long> map;
@@ -80,53 +80,57 @@ future_json_function get_server_getter(std::function<uint64_t(const rpc::stats&)
             });
             return map;
         };
-        return  get_messaging_service().map_reduce0(get_shard_map, map_type(), map_sum<map_type>).
+        return ms.map_reduce0(get_shard_map, map_type(), map_sum<map_type>).
                 then([](map_type&& map) {
             return make_ready_future<json::json_return_type>(map_to_message_counters(map));
         });
     };
 }
 
-void set_messaging_service(http_context& ctx, routes& r) {
-    get_timeout_messages.set(r, get_client_getter([](const shard_info& c) {
+void set_messaging_service(http_context& ctx, routes& r, sharded<netw::messaging_service>& ms) {
+    get_timeout_messages.set(r, get_client_getter(ms, [](const shard_info& c) {
         return c.get_stats().timeout;
     }));
 
-    get_sent_messages.set(r, get_client_getter([](const shard_info& c) {
+    get_sent_messages.set(r, get_client_getter(ms, [](const shard_info& c) {
         return c.get_stats().sent_messages;
     }));
 
-    get_dropped_messages.set(r, get_client_getter([](const shard_info& c) {
+    get_replied_messages.set(r, get_client_getter(ms, [](const shard_info& c) {
+        return c.get_stats().replied;
+    }));
+
+    get_dropped_messages.set(r, get_client_getter(ms, [](const shard_info& c) {
         // We don't have the same drop message mechanism
         // as origin has.
         // hence we can always return 0
         return 0;
     }));
 
-    get_exception_messages.set(r, get_client_getter([](const shard_info& c) {
+    get_exception_messages.set(r, get_client_getter(ms, [](const shard_info& c) {
         return c.get_stats().exception_received;
     }));
 
-    get_pending_messages.set(r, get_client_getter([](const shard_info& c) {
+    get_pending_messages.set(r, get_client_getter(ms, [](const shard_info& c) {
         return c.get_stats().pending;
     }));
 
-    get_respond_pending_messages.set(r, get_server_getter([](const rpc::stats& c) {
+    get_respond_pending_messages.set(r, get_server_getter(ms, [](const rpc::stats& c) {
         return c.pending;
     }));
 
-    get_respond_completed_messages.set(r, get_server_getter([](const rpc::stats& c) {
+    get_respond_completed_messages.set(r, get_server_getter(ms, [](const rpc::stats& c) {
         return c.sent_messages;
     }));
 
-    get_version.set(r, [](const_req req) {
-        return netw::get_local_messaging_service().get_raw_version(req.get_query_param("addr"));
+    get_version.set(r, [&ms](const_req req) {
+        return ms.local().get_raw_version(req.get_query_param("addr"));
     });
 
-    get_dropped_messages_by_ver.set(r, [](std::unique_ptr<request> req) {
+    get_dropped_messages_by_ver.set(r, [&ms](std::unique_ptr<request> req) {
         shared_ptr<std::vector<uint64_t>> map = make_shared<std::vector<uint64_t>>(num_verb);
 
-        return netw::get_messaging_service().map_reduce([map](const uint64_t* local_map) mutable {
+        return ms.map_reduce([map](const uint64_t* local_map) mutable {
             for (auto i = 0; i < num_verb; i++) {
                 (*map)[i]+= local_map[i];
             }
@@ -151,5 +155,19 @@ void set_messaging_service(http_context& ctx, routes& r) {
         });
     });
 }
+
+void unset_messaging_service(http_context& ctx, routes& r) {
+    get_timeout_messages.unset(r);
+    get_sent_messages.unset(r);
+    get_replied_messages.unset(r);
+    get_dropped_messages.unset(r);
+    get_exception_messages.unset(r);
+    get_pending_messages.unset(r);
+    get_respond_pending_messages.unset(r);
+    get_respond_completed_messages.unset(r);
+    get_version.unset(r);
+    get_dropped_messages_by_ver.unset(r);
+}
+
 }
 

api/messaging_service.hh

@@ -23,8 +23,11 @@
 
 #include "api.hh"
 
+namespace netw { class messaging_service; }
+
 namespace api {
 
-void set_messaging_service(http_context& ctx, routes& r);
+void set_messaging_service(http_context& ctx, routes& r, sharded<netw::messaging_service>& ms);
+void unset_messaging_service(http_context& ctx, routes& r);
 
 }

api/storage_proxy.cc

@@ -201,29 +201,39 @@ void set_storage_proxy(http_context& ctx, routes& r) {
     });
 
     sp::get_hinted_handoff_enabled.set(r, [&ctx](std::unique_ptr<request> req)  {
-        auto enabled = ctx.db.local().get_config().hinted_handoff_enabled();
-        return make_ready_future<json::json_return_type>(enabled);
+        const auto& filter = service::get_storage_proxy().local().get_hints_host_filter();
+        return make_ready_future<json::json_return_type>(!filter.is_disabled_for_all());
     });
 
     sp::set_hinted_handoff_enabled.set(r, [](std::unique_ptr<request> req)  {
-        //TBD
-        unimplemented();
         auto enable = req->get_query_param("enable");
-        return make_ready_future<json::json_return_type>(json_void());
+        auto filter = (enable == "true" || enable == "1")
+                ? db::hints::host_filter(db::hints::host_filter::enabled_for_all_tag {})
+                : db::hints::host_filter(db::hints::host_filter::disabled_for_all_tag {});
+        return service::get_storage_proxy().invoke_on_all([filter = std::move(filter)] (service::storage_proxy& sp) {
+            return sp.change_hints_host_filter(filter);
+        }).then([] {
+            return make_ready_future<json::json_return_type>(json_void());
+        });
     });
 
     sp::get_hinted_handoff_enabled_by_dc.set(r, [](std::unique_ptr<request> req)  {
-        //TBD
-        unimplemented();
-        std::vector<sp::mapper_list> res;
+        std::vector<sstring> res;
+        const auto& filter = service::get_storage_proxy().local().get_hints_host_filter();
+        const auto& dcs = filter.get_dcs();
+        res.reserve(res.size());
+        std::copy(dcs.begin(), dcs.end(), std::back_inserter(res));
         return make_ready_future<json::json_return_type>(res);
     });
 
     sp::set_hinted_handoff_enabled_by_dc_list.set(r, [](std::unique_ptr<request> req)  {
-        //TBD
-        unimplemented();
-        auto enable = req->get_query_param("dcs");
-        return make_ready_future<json::json_return_type>(json_void());
+        auto dcs = req->get_query_param("dcs");
+        auto filter = db::hints::host_filter::parse_from_dc_list(std::move(dcs));
+        return service::get_storage_proxy().invoke_on_all([filter = std::move(filter)] (service::storage_proxy& sp) {
+            return sp.change_hints_host_filter(filter);
+        }).then([] {
+            return make_ready_future<json::json_return_type>(json_void());
+        });
     });
 
     sp::get_max_hint_window.set(r, [](std::unique_ptr<request> req)  {

api/storage_service.cc

@@ -22,10 +22,14 @@
 #include "storage_service.hh"
 #include "api/api-doc/storage_service.json.hh"
 #include "db/config.hh"
-#include <optional>
+#include "db/schema_tables.hh"
+#include "utils/hash.hh"
+#include <sstream>
 #include <time.h>
 #include <boost/range/adaptor/map.hpp>
 #include <boost/range/adaptor/filtered.hpp>
+#include <boost/algorithm/string/trim_all.hpp>
+#include <boost/functional/hash.hpp>
 #include "service/storage_service.hh"
 #include "service/load_meter.hh"
 #include "db/commitlog/commitlog.hh"
@@ -41,11 +45,20 @@
 #include "sstables/sstables.hh"
 #include "database.hh"
 #include "db/extensions.hh"
+#include "db/snapshot-ctl.hh"
 #include "transport/controller.hh"
 #include "thrift/controller.hh"
+#include "locator/token_metadata.hh"
+#include "cdc/generation_service.hh"
+
+extern logging::logger apilog;
 
 namespace api {
 
+const locator::token_metadata& http_context::get_token_metadata() {
+        return *shared_token_metadata.local().get();
+}
+
 namespace ss = httpd::storage_service_json;
 using namespace json;
 
@@ -87,6 +100,37 @@ static auto wrap_ks_cf(http_context &ctx, ks_cf_func f) {
     };
 }
 
+seastar::future<json::json_return_type> run_toppartitions_query(db::toppartitions_query& q, http_context &ctx, bool legacy_request) {
+    namespace cf = httpd::column_family_json;
+    return q.scatter().then([&q, legacy_request] {
+        return sleep(q.duration()).then([&q, legacy_request] {
+            return q.gather(q.capacity()).then([&q, legacy_request] (auto topk_results) {
+                apilog.debug("toppartitions query: processing results");
+                cf::toppartitions_query_results results;
+
+                results.read_cardinality = topk_results.read.size();
+                results.write_cardinality = topk_results.write.size();
+
+                for (auto& d: topk_results.read.top(q.list_size())) {
+                    cf::toppartitions_record r;
+                    r.partition = (legacy_request ? "" : "(" + d.item.schema->ks_name() + ":" + d.item.schema->cf_name() + ") ") + sstring(d.item);
+                    r.count = d.count;
+                    r.error = d.error;
+                    results.read.push(r);
+                }
+                for (auto& d: topk_results.write.top(q.list_size())) {
+                    cf::toppartitions_record r;
+                    r.partition = (legacy_request ? "" : "(" + d.item.schema->ks_name() + ":" + d.item.schema->cf_name() + ") ") + sstring(d.item);
+                    r.count = d.count;
+                    r.error = d.error;
+                    results.write.push(r);
+                }
+                return make_ready_future<json::json_return_type>(results);
+            });
+        });
+    });
+}
+
 future<json::json_return_type> set_tables_autocompaction(http_context& ctx, const sstring &keyspace, std::vector<sstring> tables, bool enabled) {
     if (tables.empty()) {
         tables = map_keys(ctx.db.local().find_keyspace(keyspace).metadata().get()->cf_meta_data());
@@ -149,6 +193,104 @@ void unset_rpc_controller(http_context& ctx, routes& r) {
     ss::is_rpc_server_running.unset(r);
 }
 
+void set_repair(http_context& ctx, routes& r, sharded<netw::messaging_service>& ms) {
+    ss::repair_async.set(r, [&ctx, &ms](std::unique_ptr<request> req) {
+        static std::vector<sstring> options = {"primaryRange", "parallelism", "incremental",
+                "jobThreads", "ranges", "columnFamilies", "dataCenters", "hosts", "ignore_nodes", "trace",
+                "startToken", "endToken" };
+        std::unordered_map<sstring, sstring> options_map;
+        for (auto o : options) {
+            auto s = req->get_query_param(o);
+            if (s != "") {
+                options_map[o] = s;
+            }
+        }
+
+        // The repair process is asynchronous: repair_start only starts it and
+        // returns immediately, not waiting for the repair to finish. The user
+        // then has other mechanisms to track the ongoing repair's progress,
+        // or stop it.
+        return repair_start(ctx.db, ms, validate_keyspace(ctx, req->param),
+                options_map).then([] (int i) {
+                    return make_ready_future<json::json_return_type>(i);
+                });
+    });
+
+    ss::get_active_repair_async.set(r, [&ctx](std::unique_ptr<request> req) {
+        return get_active_repairs(ctx.db).then([] (std::vector<int> res){
+            return make_ready_future<json::json_return_type>(res);
+        });
+    });
+
+    ss::repair_async_status.set(r, [&ctx](std::unique_ptr<request> req) {
+        return repair_get_status(ctx.db, boost::lexical_cast<int>( req->get_query_param("id")))
+                .then_wrapped([] (future<repair_status>&& fut) {
+            ss::ns_repair_async_status::return_type_wrapper res;
+            try {
+                res = fut.get0();
+            } catch(std::runtime_error& e) {
+                throw httpd::bad_param_exception(e.what());
+            }
+            return make_ready_future<json::json_return_type>(json::json_return_type(res));
+        });
+    });
+
+    ss::repair_await_completion.set(r, [&ctx](std::unique_ptr<request> req) {
+        int id;
+        using clock = std::chrono::steady_clock;
+        clock::time_point expire;
+        try {
+            id = boost::lexical_cast<int>(req->get_query_param("id"));
+            // If timeout is not provided, it means no timeout.
+            sstring s = req->get_query_param("timeout");
+            int64_t timeout = s.empty() ? int64_t(-1) : boost::lexical_cast<int64_t>(s);
+            if (timeout < 0 && timeout != -1) {
+                return make_exception_future<json::json_return_type>(
+                        httpd::bad_param_exception("timeout can only be -1 (means no timeout) or non negative integer"));
+            }
+            if (timeout < 0) {
+                expire = clock::time_point::max();
+            } else {
+                expire = clock::now() + std::chrono::seconds(timeout);
+            }
+        } catch (std::exception& e) {
+            return make_exception_future<json::json_return_type>(httpd::bad_param_exception(e.what()));
+        }
+        return repair_await_completion(ctx.db, id, expire)
+                .then_wrapped([] (future<repair_status>&& fut) {
+            ss::ns_repair_async_status::return_type_wrapper res;
+            try {
+                res = fut.get0();
+            } catch (std::exception& e) {
+                return make_exception_future<json::json_return_type>(httpd::bad_param_exception(e.what()));
+            }
+            return make_ready_future<json::json_return_type>(json::json_return_type(res));
+        });
+    });
+
+    ss::force_terminate_all_repair_sessions.set(r, [](std::unique_ptr<request> req) {
+        return repair_abort_all(service::get_local_storage_service().db()).then([] {
+            return make_ready_future<json::json_return_type>(json_void());
+        });
+    });
+
+    ss::force_terminate_all_repair_sessions_new.set(r, [](std::unique_ptr<request> req) {
+        return repair_abort_all(service::get_local_storage_service().db()).then([] {
+            return make_ready_future<json::json_return_type>(json_void());
+        });
+    });
+
+}
+
+void unset_repair(http_context& ctx, routes& r) {
+    ss::repair_async.unset(r);
+    ss::get_active_repair_async.unset(r);
+    ss::repair_async_status.unset(r);
+    ss::repair_await_completion.unset(r);
+    ss::force_terminate_all_repair_sessions.unset(r);
+    ss::force_terminate_all_repair_sessions_new.unset(r);
+}
+
 void set_storage_service(http_context& ctx, routes& r) {
     ss::local_hostid.set(r, [](std::unique_ptr<request> req) {
         return db::system_keyspace::get_local_host_id().then([](const utils::UUID& id) {
@@ -157,14 +299,14 @@ void set_storage_service(http_context& ctx, routes& r) {
     });
 
     ss::get_tokens.set(r, [&ctx] (std::unique_ptr<request> req) {
-        return make_ready_future<json::json_return_type>(stream_range_as_array(ctx.token_metadata.local().sorted_tokens(), [](const dht::token& i) {
+        return make_ready_future<json::json_return_type>(stream_range_as_array(ctx.get_token_metadata().sorted_tokens(), [](const dht::token& i) {
            return boost::lexical_cast<std::string>(i);
         }));
     });
 
     ss::get_node_tokens.set(r, [&ctx] (std::unique_ptr<request> req) {
         gms::inet_address addr(req->param["endpoint"]);
-        return make_ready_future<json::json_return_type>(stream_range_as_array(ctx.token_metadata.local().get_tokens(addr), [](const dht::token& i) {
+        return make_ready_future<json::json_return_type>(stream_range_as_array(ctx.get_token_metadata().get_tokens(addr), [](const dht::token& i) {
            return boost::lexical_cast<std::string>(i);
        }));
     });
@@ -182,8 +324,58 @@ void set_storage_service(http_context& ctx, routes& r) {
         }));
     });
 
+    ss::toppartitions_generic.set(r, [&ctx] (std::unique_ptr<request> req) {
+        bool filters_provided = false;
+
+        std::unordered_set<std::tuple<sstring, sstring>, utils::tuple_hash> table_filters {};
+        if (req->query_parameters.contains("table_filters")) {
+            filters_provided = true;
+            auto filters = req->get_query_param("table_filters");
+            std::stringstream ss { filters };
+            std::string filter;
+            while (!filters.empty() && ss.good()) {
+                std::getline(ss, filter, ',');
+                table_filters.emplace(parse_fully_qualified_cf_name(filter));
+            }
+        }
+
+        std::unordered_set<sstring> keyspace_filters {};
+        if (req->query_parameters.contains("keyspace_filters")) {
+            filters_provided = true;
+            auto filters = req->get_query_param("keyspace_filters");
+            std::stringstream ss { filters };
+            std::string filter;
+            while (!filters.empty() && ss.good()) {
+                std::getline(ss, filter, ',');
+                keyspace_filters.emplace(std::move(filter));
+            }
+        }
+
+        // when the query is empty return immediately
+        if (filters_provided && table_filters.empty() && keyspace_filters.empty()) {
+            apilog.debug("toppartitions query: processing results");
+            httpd::column_family_json::toppartitions_query_results results;
+
+            results.read_cardinality = 0;
+            results.write_cardinality = 0;
+
+            return make_ready_future<json::json_return_type>(results);
+        }
+
+        api::req_param<std::chrono::milliseconds, unsigned> duration{*req, "duration", 1000ms};
+        api::req_param<unsigned> capacity(*req, "capacity", 256);
+        api::req_param<unsigned> list_size(*req, "list_size", 10);
+
+        apilog.info("toppartitions query: #table_filters={} #keyspace_filters={} duration={} list_size={} capacity={}",
+            !table_filters.empty() ? std::to_string(table_filters.size()) : "all", !keyspace_filters.empty() ? std::to_string(keyspace_filters.size()) : "all", duration.param, list_size.param, capacity.param);
+
+        return seastar::do_with(db::toppartitions_query(ctx.db, std::move(table_filters), std::move(keyspace_filters), duration.value, list_size, capacity), [&ctx] (db::toppartitions_query& q) {
+            return run_toppartitions_query(q, ctx);
+        });
+    });
+
     ss::get_leaving_nodes.set(r, [&ctx](const_req req) {
-        return container_to_vec(ctx.token_metadata.local().get_leaving_endpoints());
+        return container_to_vec(ctx.get_token_metadata().get_leaving_endpoints());
     });
 
     ss::get_moving_nodes.set(r, [](const_req req) {
@@ -192,7 +384,7 @@ void set_storage_service(http_context& ctx, routes& r) {
     });
 
     ss::get_joining_nodes.set(r, [&ctx](const_req req) {
-        auto points = ctx.token_metadata.local().get_bootstrap_tokens();
+        auto points = ctx.get_token_metadata().get_bootstrap_tokens();
         std::unordered_set<sstring> addr;
         for (auto i: points) {
             addr.insert(boost::lexical_cast<std::string>(i.second));
@@ -220,11 +412,26 @@ void set_storage_service(http_context& ctx, routes& r) {
     });
 
     ss::get_range_to_endpoint_map.set(r, [&ctx](std::unique_ptr<request> req) {
-        //TBD
-        unimplemented();
         auto keyspace = validate_keyspace(ctx, req->param);
         std::vector<ss::maplist_mapper> res;
-        return make_ready_future<json::json_return_type>(res);
+        return make_ready_future<json::json_return_type>(stream_range_as_array(service::get_local_storage_service().get_range_to_address_map(keyspace),
+                [](const std::pair<dht::token_range, std::vector<gms::inet_address>>& entry){
+            ss::maplist_mapper m;
+            if (entry.first.start()) {
+                m.key.push(entry.first.start().value().value().to_sstring());
+            } else {
+                m.key.push("");
+            }
+            if (entry.first.end()) {
+                m.key.push(entry.first.end().value().value().to_sstring());
+            } else {
+                m.key.push("");
+            }
+            for (const gms::inet_address& address : entry.second) {
+                m.value.push(address.to_sstring());
+            }
+            return m;
+        }));
     });
 
     ss::get_pending_range_to_endpoint_map.set(r, [&ctx](std::unique_ptr<request> req) {
@@ -246,7 +453,7 @@ void set_storage_service(http_context& ctx, routes& r) {
 
     ss::get_host_id_map.set(r, [&ctx](const_req req) {
         std::vector<ss::mapper> res;
-        return map_to_key_value(ctx.token_metadata.local().get_endpoint_to_host_id_map_for_reading(), res);
+        return map_to_key_value(ctx.get_token_metadata().get_endpoint_to_host_id_map_for_reading(), res);
     });
 
     ss::get_load.set(r, [&ctx](std::unique_ptr<request> req) {
@@ -280,7 +487,7 @@ void set_storage_service(http_context& ctx, routes& r) {
     });
 
     ss::cdc_streams_check_and_repair.set(r, [&ctx] (std::unique_ptr<request> req) {
-        return service::get_local_storage_service().check_and_repair_cdc_streams().then([] {
+        return service::get_local_storage_service().get_cdc_generation_service().check_and_repair_cdc_streams().then([] {
             return make_ready_future<json::json_return_type>(json_void());
         });
     });
@@ -322,8 +529,8 @@ void set_storage_service(http_context& ctx, routes& r) {
                 for (auto cf : column_families) {
                     column_families_vec.push_back(&db.find_column_family(keyspace, cf));
                 }
-                return parallel_for_each(column_families_vec, [&cm] (column_family* cf) {
-                    return cm.perform_cleanup(cf);
+                return parallel_for_each(column_families_vec, [&cm, &db] (column_family* cf) {
+                    return cm.perform_cleanup(db, cf);
                 });
             }).then([]{
                 return make_ready_future<json::json_return_type>(0);
@@ -338,7 +545,7 @@ void set_storage_service(http_context& ctx, routes& r) {
             return do_for_each(column_families, [=, &db](sstring cfname) {
                 auto& cm = db.get_compaction_manager();
                 auto& cf = db.find_column_family(keyspace, cfname);
-                return cm.perform_sstable_upgrade(&cf, exclude_current_version);
+                return cm.perform_sstable_upgrade(db, &cf, exclude_current_version);
             });
         }).then([]{
             return make_ready_future<json::json_return_type>(0);
@@ -361,59 +568,6 @@ void set_storage_service(http_context& ctx, routes& r) {
     });
 
 
-    ss::repair_async.set(r, [&ctx](std::unique_ptr<request> req) {
-        static std::vector<sstring> options = {"primaryRange", "parallelism", "incremental",
-                "jobThreads", "ranges", "columnFamilies", "dataCenters", "hosts", "trace",
-                "startToken", "endToken" };
-        std::unordered_map<sstring, sstring> options_map;
-        for (auto o : options) {
-            auto s = req->get_query_param(o);
-            if (s != "") {
-                options_map[o] = s;
-            }
-        }
-
-        // The repair process is asynchronous: repair_start only starts it and
-        // returns immediately, not waiting for the repair to finish. The user
-        // then has other mechanisms to track the ongoing repair's progress,
-        // or stop it.
-        return repair_start(ctx.db, validate_keyspace(ctx, req->param),
-                options_map).then([] (int i) {
-                    return make_ready_future<json::json_return_type>(i);
-                });
-    });
-
-    ss::get_active_repair_async.set(r, [&ctx](std::unique_ptr<request> req) {
-        return get_active_repairs(ctx.db).then([] (std::vector<int> res){
-            return make_ready_future<json::json_return_type>(res);
-        });
-    });
-
-    ss::repair_async_status.set(r, [&ctx](std::unique_ptr<request> req) {
-        return repair_get_status(ctx.db, boost::lexical_cast<int>( req->get_query_param("id")))
-                .then_wrapped([] (future<repair_status>&& fut) {
-            ss::ns_repair_async_status::return_type_wrapper res;
-            try {
-                res = fut.get0();
-            } catch(std::runtime_error& e) {
-                throw httpd::bad_param_exception(e.what());
-            }
-            return make_ready_future<json::json_return_type>(json::json_return_type(res));
-        });
-    });
-
-    ss::force_terminate_all_repair_sessions.set(r, [](std::unique_ptr<request> req) {
-        return repair_abort_all(service::get_local_storage_service().db()).then([] {
-            return make_ready_future<json::json_return_type>(json_void());
-        });
-    });
-
-    ss::force_terminate_all_repair_sessions_new.set(r, [](std::unique_ptr<request> req) {
-        return repair_abort_all(service::get_local_storage_service().db()).then([] {
-            return make_ready_future<json::json_return_type>(json_void());
-        });
-    });
-
     ss::decommission.set(r, [](std::unique_ptr<request> req) {
         return service::get_local_storage_service().decommission().then([] {
             return make_ready_future<json::json_return_type>(json_void());
@@ -429,7 +583,22 @@ void set_storage_service(http_context& ctx, routes& r) {
 
     ss::remove_node.set(r, [](std::unique_ptr<request> req) {
         auto host_id = req->get_query_param("host_id");
-        return service::get_local_storage_service().removenode(host_id).then([] {
+        std::vector<sstring> ignore_nodes_strs= split(req->get_query_param("ignore_nodes"), ",");
+        auto ignore_nodes = std::list<gms::inet_address>();
+        for (std::string n : ignore_nodes_strs) {
+            try {
+                std::replace(n.begin(), n.end(), '\"', ' ');
+                std::replace(n.begin(), n.end(), '\'', ' ');
+                boost::trim_all(n);
+                if (!n.empty()) {
+                    auto node = gms::inet_address(n);
+                    ignore_nodes.push_back(node);
+                }
+            } catch (...) {
+                throw std::runtime_error(format("Failed to parse ignore_nodes parameter: ignore_nodes={}, node={}", ignore_nodes_strs, n));
+            }
+        }
+        return service::get_local_storage_service().removenode(host_id, std::move(ignore_nodes)).then([] {
             return make_ready_future<json::json_return_type>(json_void());
         });
     });
@@ -649,11 +818,19 @@ void set_storage_service(http_context& ctx, routes& r) {
     ss::load_new_ss_tables.set(r, [&ctx](std::unique_ptr<request> req) {
         auto ks = validate_keyspace(ctx, req->param);
         auto cf = req->get_query_param("cf");
+        auto stream = req->get_query_param("load_and_stream");
+        auto primary_replica = req->get_query_param("primary_replica_only");
+        boost::algorithm::to_lower(stream);
+        boost::algorithm::to_lower(primary_replica);
+        bool load_and_stream = stream == "true" || stream == "1";
+        bool primary_replica_only = primary_replica == "true" || primary_replica == "1";
         // No need to add the keyspace, since all we want is to avoid always sending this to the same
         // CPU. Even then I am being overzealous here. This is not something that happens all the time.
         auto coordinator = std::hash<sstring>()(cf) % smp::count;
-        return service::get_storage_service().invoke_on(coordinator, [ks = std::move(ks), cf = std::move(cf)] (service::storage_service& s) {
-            return s.load_new_sstables(ks, cf);
+        return service::get_storage_service().invoke_on(coordinator,
+                [ks = std::move(ks), cf = std::move(cf),
+                load_and_stream, primary_replica_only] (service::storage_service& s) {
+            return s.load_new_sstables(ks, cf, load_and_stream, primary_replica_only);
         }).then_wrapped([] (auto&& f) {
             if (f.failed()) {
                 auto msg = fmt::format("Failed to load new sstables: {}", f.get_exception());
@@ -671,9 +848,12 @@ void set_storage_service(http_context& ctx, routes& r) {
     });
 
     ss::reset_local_schema.set(r, [](std::unique_ptr<request> req) {
-        //TBD
-        unimplemented();
-        return make_ready_future<json::json_return_type>(json_void());
+        // FIXME: We should truncate schema tables if more than one node in the cluster.
+        auto& sp = service::get_storage_proxy();
+        auto& fs = service::get_local_storage_service().features();
+        return db::schema_tables::recalculate_schema_version(sp, fs).then([] {
+            return make_ready_future<json::json_return_type>(json_void());
+        });
     });
 
     ss::set_trace_probability.set(r, [](std::unique_ptr<request> req) {
@@ -706,6 +886,7 @@ void set_storage_service(http_context& ctx, routes& r) {
         res.enable = tracing::tracing::get_local_tracing_instance().slow_query_tracing_enabled();
         res.ttl = tracing::tracing::get_local_tracing_instance().slow_query_record_ttl().count() ;
         res.threshold = tracing::tracing::get_local_tracing_instance().slow_query_threshold().count();
+        res.fast = tracing::tracing::get_local_tracing_instance().ignore_trace_events_enabled();
         return res;
     });
 
@@ -713,8 +894,9 @@ void set_storage_service(http_context& ctx, routes& r) {
         auto enable = req->get_query_param("enable");
         auto ttl = req->get_query_param("ttl");
         auto threshold = req->get_query_param("threshold");
+        auto fast = req->get_query_param("fast");
         try {
-            return tracing::tracing::tracing_instance().invoke_on_all([enable, ttl, threshold] (auto& local_tracing) {
+            return tracing::tracing::tracing_instance().invoke_on_all([enable, ttl, threshold, fast] (auto& local_tracing) {
                 if (threshold != "") {
                     local_tracing.set_slow_query_threshold(std::chrono::microseconds(std::stol(threshold.c_str())));
                 }
@@ -724,6 +906,9 @@ void set_storage_service(http_context& ctx, routes& r) {
                 if (enable != "") {
                     local_tracing.set_slow_query_enabled(strcasecmp(enable.c_str(), "true") == 0);
                 }
+                if (fast != "") {
+                    local_tracing.set_ignore_trace_events(strcasecmp(fast.c_str(), "true") == 0);
+                }
             }).then([] {
                 return make_ready_future<json::json_return_type>(json_void());
             });
@@ -893,7 +1078,7 @@ void set_storage_service(http_context& ctx, routes& r) {
                         tst.keyspace = schema->ks_name();
                         tst.table = schema->cf_name();
 
-                        for (auto sstable : *t->get_sstables_including_compacted_undeleted()) {
+                        for (auto sstables = t->get_sstables_including_compacted_undeleted(); auto sstable : *sstables) {
                             auto ts = db_clock::to_time_t(sstable->data_file_write_time());
                             ::tm t;
                             ::gmtime_r(&ts, &t);
@@ -921,7 +1106,7 @@ void set_storage_service(http_context& ctx, routes& r) {
                                     e.value = p.second;
                                     nm.attributes.push(std::move(e));
                                 }
-                                if (!cp->options().count(compression_parameters::SSTABLE_COMPRESSION)) {
+                                if (!cp->options().contains(compression_parameters::SSTABLE_COMPRESSION)) {
                                     ss::mapper e;
                                     e.key = compression_parameters::SSTABLE_COMPRESSION;
                                     e.value = cp->name();
@@ -979,31 +1164,29 @@ void set_storage_service(http_context& ctx, routes& r) {
 
 }
 
-void set_snapshot(http_context& ctx, routes& r) {
-    ss::get_snapshot_details.set(r, [](std::unique_ptr<request> req) {
-        std::function<future<>(output_stream<char>&&)> f = [](output_stream<char>&& s) {
-            return do_with(output_stream<char>(std::move(s)), true, [] (output_stream<char>& s, bool& first){
-                return s.write("[").then([&s, &first] {
-                    return service::get_local_storage_service().get_snapshot_details().then([&s, &first] (std::unordered_map<sstring, std::vector<service::storage_service::snapshot_details>>&& result) {
-                        return do_with(std::move(result), [&s, &first](const std::unordered_map<sstring, std::vector<service::storage_service::snapshot_details>>& result) {
-                            return do_for_each(result, [&s, &result,&first](std::tuple<sstring, std::vector<service::storage_service::snapshot_details>>&& map){
-                                return do_with(ss::snapshots(), [&s, &first, &result, &map](ss::snapshots& all_snapshots) {
-                                    all_snapshots.key = std::get<0>(map);
-                                    future<> f = first ? make_ready_future<>() : s.write(", ");
-                                    first = false;
-                                    std::vector<ss::snapshot> snapshot;
-                                    for (auto& cf: std::get<1>(map)) {
-                                        ss::snapshot snp;
-                                        snp.ks = cf.ks;
-                                        snp.cf = cf.cf;
-                                        snp.live = cf.live;
-                                        snp.total = cf.total;
-                                        snapshot.push_back(std::move(snp));
-                                    }
-                                    all_snapshots.value = std::move(snapshot);
-                                    return f.then([&s, &all_snapshots] {
-                                        return all_snapshots.write(s);
-                                    });
+void set_snapshot(http_context& ctx, routes& r, sharded<db::snapshot_ctl>& snap_ctl) {
+    ss::get_snapshot_details.set(r, [&snap_ctl](std::unique_ptr<request> req) {
+        return snap_ctl.local().get_snapshot_details().then([] (std::unordered_map<sstring, std::vector<db::snapshot_ctl::snapshot_details>>&& result) {
+            std::function<future<>(output_stream<char>&&)> f = [result = std::move(result)](output_stream<char>&& s) {
+                return do_with(output_stream<char>(std::move(s)), true, [&result] (output_stream<char>& s, bool& first){
+                    return s.write("[").then([&s, &first, &result] {
+                        return do_for_each(result, [&s, &first](std::tuple<sstring, std::vector<db::snapshot_ctl::snapshot_details>>&& map){
+                            return do_with(ss::snapshots(), [&s, &first, &map](ss::snapshots& all_snapshots) {
+                                all_snapshots.key = std::get<0>(map);
+                                future<> f = first ? make_ready_future<>() : s.write(", ");
+                                first = false;
+                                std::vector<ss::snapshot> snapshot;
+                                for (auto& cf: std::get<1>(map)) {
+                                    ss::snapshot snp;
+                                    snp.ks = cf.ks;
+                                    snp.cf = cf.cf;
+                                    snp.live = cf.live;
+                                    snp.total = cf.total;
+                                    snapshot.push_back(std::move(snp));
+                                }
+                                all_snapshots.value = std::move(snapshot);
+                                return f.then([&s, &all_snapshots] {
+                                    return all_snapshots.write(s);
                                 });
                             });
                         });
@@ -1013,12 +1196,13 @@ void set_snapshot(http_context& ctx, routes& r) {
                         });
                     });
                 });
-            });
-        };
-        return make_ready_future<json::json_return_type>(std::move(f));
+            };
+
+            return make_ready_future<json::json_return_type>(std::move(f));
+        });
     });
 
-    ss::take_snapshot.set(r, [](std::unique_ptr<request> req) {
+    ss::take_snapshot.set(r, [&snap_ctl](std::unique_ptr<request> req) {
         auto tag = req->get_query_param("tag");
         auto column_families = split(req->get_query_param("cf"), ",");
 
@@ -1026,7 +1210,7 @@ void set_snapshot(http_context& ctx, routes& r) {
 
         auto resp = make_ready_future<>();
         if (column_families.empty()) {
-            resp = service::get_local_storage_service().take_snapshot(tag, keynames);
+            resp = snap_ctl.local().take_snapshot(tag, keynames);
         } else {
             if (keynames.empty()) {
                 throw httpd::bad_param_exception("The keyspace of column families must be specified");
@@ -1034,37 +1218,37 @@ void set_snapshot(http_context& ctx, routes& r) {
             if (keynames.size() > 1) {
                 throw httpd::bad_param_exception("Only one keyspace allowed when specifying a column family");
             }
-            resp = service::get_local_storage_service().take_column_family_snapshot(keynames[0], column_families, tag);
+            resp = snap_ctl.local().take_column_family_snapshot(keynames[0], column_families, tag);
         }
         return resp.then([] {
             return make_ready_future<json::json_return_type>(json_void());
         });
     });
 
-    ss::del_snapshot.set(r, [](std::unique_ptr<request> req) {
+    ss::del_snapshot.set(r, [&snap_ctl](std::unique_ptr<request> req) {
         auto tag = req->get_query_param("tag");
         auto column_family = req->get_query_param("cf");
 
         std::vector<sstring> keynames = split(req->get_query_param("kn"), ",");
-        return service::get_local_storage_service().clear_snapshot(tag, keynames, column_family).then([] {
+        return snap_ctl.local().clear_snapshot(tag, keynames, column_family).then([] {
             return make_ready_future<json::json_return_type>(json_void());
         });
     });
 
-    ss::true_snapshots_size.set(r, [](std::unique_ptr<request> req) {
-        return service::get_local_storage_service().true_snapshots_size().then([] (int64_t size) {
+    ss::true_snapshots_size.set(r, [&snap_ctl](std::unique_ptr<request> req) {
+        return snap_ctl.local().true_snapshots_size().then([] (int64_t size) {
             return make_ready_future<json::json_return_type>(size);
         });
     });
 
-    ss::scrub.set(r, wrap_ks_cf(ctx, [] (http_context& ctx, std::unique_ptr<request> req, sstring keyspace, std::vector<sstring> column_families) {
+    ss::scrub.set(r, wrap_ks_cf(ctx, [&snap_ctl] (http_context& ctx, std::unique_ptr<request> req, sstring keyspace, std::vector<sstring> column_families) {
         const auto skip_corrupted = req_param<bool>(*req, "skip_corrupted", false);
 
         auto f = make_ready_future<>();
         if (!req_param<bool>(*req, "disable_snapshot", false)) {
             auto tag = format("pre-scrub-{:d}", db_clock::now().time_since_epoch().count());
-            f = parallel_for_each(column_families, [keyspace, tag](sstring cf) {
-                return service::get_local_storage_service().take_column_family_snapshot(keyspace, cf, tag);
+            f = parallel_for_each(column_families, [&snap_ctl, keyspace, tag](sstring cf) {
+                return snap_ctl.local().take_column_family_snapshot(keyspace, cf, tag);
             });
         }
 
@@ -1082,4 +1266,12 @@ void set_snapshot(http_context& ctx, routes& r) {
     }));
 }
 
+void unset_snapshot(http_context& ctx, routes& r) {
+    ss::get_snapshot_details.unset(r);
+    ss::take_snapshot.unset(r);
+    ss::del_snapshot.unset(r);
+    ss::true_snapshots_size.unset(r);
+    ss::scrub.unset(r);
+}
+
 }

api/storage_service.hh

@@ -21,18 +21,26 @@
 
 #pragma once
 
+#include <seastar/core/sharded.hh>
 #include "api.hh"
+#include "db/data_listeners.hh"
 
 namespace cql_transport { class controller; }
 class thrift_controller;
+namespace db { class snapshot_ctl; }
+namespace netw { class messaging_service; }
 
 namespace api {
 
 void set_storage_service(http_context& ctx, routes& r);
+void set_repair(http_context& ctx, routes& r, sharded<netw::messaging_service>& ms);
+void unset_repair(http_context& ctx, routes& r);
 void set_transport_controller(http_context& ctx, routes& r, cql_transport::controller& ctl);
 void unset_transport_controller(http_context& ctx, routes& r);
 void set_rpc_controller(http_context& ctx, routes& r, thrift_controller& ctl);
 void unset_rpc_controller(http_context& ctx, routes& r);
-void set_snapshot(http_context& ctx, routes& r);
+void set_snapshot(http_context& ctx, routes& r, sharded<db::snapshot_ctl>& snap_ctl);
+void unset_snapshot(http_context& ctx, routes& r);
+seastar::future<json::json_return_type> run_toppartitions_query(db::toppartitions_query& q, http_context &ctx, bool legacy_request = false);
 
 }

api/system.cc

@@ -25,6 +25,9 @@
 #include <seastar/core/reactor.hh>
 #include <seastar/http/exception.hh>
 #include "log.hh"
+#include "database.hh"
+
+extern logging::logger apilog;
 
 namespace api {
 
@@ -70,6 +73,16 @@ void set_system(http_context& ctx, routes& r) {
         }
         return json::json_void();
     });
+
+    hs::drop_sstable_caches.set(r, [&ctx](std::unique_ptr<request> req) {
+        apilog.info("Dropping sstable caches");
+        return ctx.db.invoke_on_all([] (database& db) {
+            return db.drop_caches();
+        }).then([] {
+            apilog.info("Caches dropped");
+            return json::json_return_type(json::json_void());
+        });
+    });
 }
 
 }

atomic_cell.cc

@@ -24,142 +24,130 @@
 #include "counters.hh"
 #include "types.hh"
 
-/// LSA mirator for cells with irrelevant type
-///
-///
-const data::type_imr_descriptor& no_type_imr_descriptor() {
-    static thread_local data::type_imr_descriptor state(data::type_info::make_variable_size());
-    return state;
-}
-
 atomic_cell atomic_cell::make_dead(api::timestamp_type timestamp, gc_clock::time_point deletion_time) {
-    auto& imr_data = no_type_imr_descriptor();
-    return atomic_cell(
-            imr_data.type_info(),
-            imr_object_type::make(data::cell::make_dead(timestamp, deletion_time), &imr_data.lsa_migrator())
-    );
+    return atomic_cell_type::make_dead(timestamp, deletion_time);
 }
 
 atomic_cell atomic_cell::make_live(const abstract_type& type, api::timestamp_type timestamp, bytes_view value, atomic_cell::collection_member cm) {
-    auto& imr_data = type.imr_state();
-    return atomic_cell(
-        imr_data.type_info(),
-        imr_object_type::make(data::cell::make_live(imr_data.type_info(), timestamp, value, bool(cm)), &imr_data.lsa_migrator())
-    );
+    return atomic_cell_type::make_live(timestamp, single_fragment_range(value));
+}
+
+atomic_cell atomic_cell::make_live(const abstract_type& type, api::timestamp_type timestamp, managed_bytes_view value, atomic_cell::collection_member cm) {
+    return atomic_cell_type::make_live(timestamp, fragment_range(value));
 }
 
 atomic_cell atomic_cell::make_live(const abstract_type& type, api::timestamp_type timestamp, ser::buffer_view<bytes_ostream::fragment_iterator> value, atomic_cell::collection_member cm) {
-    auto& imr_data = type.imr_state();
-    return atomic_cell(
-        imr_data.type_info(),
-        imr_object_type::make(data::cell::make_live(imr_data.type_info(), timestamp, value, bool(cm)), &imr_data.lsa_migrator())
-    );
+    return atomic_cell_type::make_live(timestamp, value);
 }
 
 atomic_cell atomic_cell::make_live(const abstract_type& type, api::timestamp_type timestamp, const fragmented_temporary_buffer::view& value, collection_member cm)
 {
-    auto& imr_data = type.imr_state();
-    return atomic_cell(
-        imr_data.type_info(),
-        imr_object_type::make(data::cell::make_live(imr_data.type_info(), timestamp, value, bool(cm)), &imr_data.lsa_migrator())
-    );
+    return atomic_cell_type::make_live(timestamp, value);
 }
 
 atomic_cell atomic_cell::make_live(const abstract_type& type, api::timestamp_type timestamp, bytes_view value,
                              gc_clock::time_point expiry, gc_clock::duration ttl, atomic_cell::collection_member cm) {
-    auto& imr_data = type.imr_state();
-    return atomic_cell(
-        imr_data.type_info(),
-        imr_object_type::make(data::cell::make_live(imr_data.type_info(), timestamp, value, expiry, ttl, bool(cm)), &imr_data.lsa_migrator())
-    );
+    return atomic_cell_type::make_live(timestamp, single_fragment_range(value), expiry, ttl);
+}
+
+atomic_cell atomic_cell::make_live(const abstract_type& type, api::timestamp_type timestamp, managed_bytes_view value,
+                             gc_clock::time_point expiry, gc_clock::duration ttl, atomic_cell::collection_member cm) {
+    return atomic_cell_type::make_live(timestamp, fragment_range(value), expiry, ttl);
 }
 
 atomic_cell atomic_cell::make_live(const abstract_type& type, api::timestamp_type timestamp, ser::buffer_view<bytes_ostream::fragment_iterator> value,
                              gc_clock::time_point expiry, gc_clock::duration ttl, atomic_cell::collection_member cm) {
-    auto& imr_data = type.imr_state();
-    return atomic_cell(
-        imr_data.type_info(),
-        imr_object_type::make(data::cell::make_live(imr_data.type_info(), timestamp, value, expiry, ttl, bool(cm)), &imr_data.lsa_migrator())
-    );
+    return atomic_cell_type::make_live(timestamp, value, expiry, ttl);
 }
 
 atomic_cell atomic_cell::make_live(const abstract_type& type, api::timestamp_type timestamp, const fragmented_temporary_buffer::view& value,
                                    gc_clock::time_point expiry, gc_clock::duration ttl, collection_member cm)
 {
-    auto& imr_data = type.imr_state();
-    return atomic_cell(
-        imr_data.type_info(),
-        imr_object_type::make(data::cell::make_live(imr_data.type_info(), timestamp, value, expiry, ttl, bool(cm)), &imr_data.lsa_migrator())
-    );
+    return atomic_cell_type::make_live(timestamp, value, expiry, ttl);
 }
 
 atomic_cell atomic_cell::make_live_counter_update(api::timestamp_type timestamp, int64_t value) {
-    auto& imr_data = no_type_imr_descriptor();
-    return atomic_cell(
-        imr_data.type_info(),
-        imr_object_type::make(data::cell::make_live_counter_update(timestamp, value), &imr_data.lsa_migrator())
-    );
+    return atomic_cell_type::make_live_counter_update(timestamp, value);
 }
 
 atomic_cell atomic_cell::make_live_uninitialized(const abstract_type& type, api::timestamp_type timestamp, size_t size) {
-    auto& imr_data = no_type_imr_descriptor();
-    return atomic_cell(
-        imr_data.type_info(),
-        imr_object_type::make(data::cell::make_live_uninitialized(imr_data.type_info(), timestamp, size), &imr_data.lsa_migrator())
-    );
-}
-
-static imr::utils::object<data::cell::structure> copy_cell(const data::type_imr_descriptor& imr_data, const uint8_t* ptr)
-{
-    using imr_object_type = imr::utils::object<data::cell::structure>;
-
-    // If the cell doesn't own any memory it is trivial and can be copied with
-    // memcpy.
-    auto f = data::cell::structure::get_member<data::cell::tags::flags>(ptr);
-    if (!f.template get<data::cell::tags::external_data>()) {
-        data::cell::context ctx(f, imr_data.type_info());
-        // XXX: We may be better off storing the total cell size in memory. Measure!
-        auto size = data::cell::structure::serialized_object_size(ptr, ctx);
-        return imr_object_type::make_raw(size, [&] (uint8_t* dst) noexcept {
-            std::copy_n(ptr, size, dst);
-        }, &imr_data.lsa_migrator());
-    }
-
-    return imr_object_type::make(data::cell::copy_fn(imr_data.type_info(), ptr), &imr_data.lsa_migrator());
+    return atomic_cell_type::make_live_uninitialized(timestamp, size);
 }
 
 atomic_cell::atomic_cell(const abstract_type& type, atomic_cell_view other)
-    : atomic_cell(type.imr_state().type_info(),
-                  copy_cell(type.imr_state(), other._view.raw_pointer()))
-{ }
+    : _data(other._view) {
+    set_view(_data);
+}
+
+// Based on:
+//  - org.apache.cassandra.db.AbstractCell#reconcile()
+//  - org.apache.cassandra.db.BufferExpiringCell#reconcile()
+//  - org.apache.cassandra.db.BufferDeletedCell#reconcile()
+int
+compare_atomic_cell_for_merge(atomic_cell_view left, atomic_cell_view right) {
+    if (left.timestamp() != right.timestamp()) {
+        return left.timestamp() > right.timestamp() ? 1 : -1;
+    }
+    if (left.is_live() != right.is_live()) {
+        return left.is_live() ? -1 : 1;
+    }
+    if (left.is_live()) {
+        auto c = compare_unsigned(left.value(), right.value());
+        if (c != 0) {
+            return c;
+        }
+        if (left.is_live_and_has_ttl() != right.is_live_and_has_ttl()) {
+            // prefer expiring cells.
+            return left.is_live_and_has_ttl() ? 1 : -1;
+        }
+        if (left.is_live_and_has_ttl()) {
+            if (left.expiry() != right.expiry()) {
+                return left.expiry() < right.expiry() ? -1 : 1;
+            } else {
+                // prefer the cell that was written later,
+                // so it survives longer after it expires, until purged.
+                if (left.ttl() != right.ttl()) {
+                    return left.ttl() < right.ttl() ? 1 : -1;
+                } else {
+                    return 0;
+                }
+            }
+        }
+    } else {
+        // Both are deleted
+        if (left.deletion_time() != right.deletion_time()) {
+            // Origin compares big-endian serialized deletion time. That's because it
+            // delegates to AbstractCell.reconcile() which compares values after
+            // comparing timestamps, which in case of deleted cells will hold
+            // serialized expiry.
+            return (uint64_t) left.deletion_time().time_since_epoch().count()
+                   < (uint64_t) right.deletion_time().time_since_epoch().count() ? -1 : 1;
+        }
+    }
+    return 0;
+}
 
 atomic_cell_or_collection atomic_cell_or_collection::copy(const abstract_type& type) const {
-    if (!_data.get()) {
+    if (_data.empty()) {
         return atomic_cell_or_collection();
     }
-    auto& imr_data = type.imr_state();
-    return atomic_cell_or_collection(
-        copy_cell(imr_data, _data.get())
-    );
+    return atomic_cell_or_collection(managed_bytes(_data));
 }
 
 atomic_cell_or_collection::atomic_cell_or_collection(const abstract_type& type, atomic_cell_view acv)
-    : _data(copy_cell(type.imr_state(), acv._view.raw_pointer()))
+    : _data(acv._view)
 {
 }
 
 bool atomic_cell_or_collection::equals(const abstract_type& type, const atomic_cell_or_collection& other) const
 {
-    auto ptr_a = _data.get();
-    auto ptr_b = other._data.get();
-
-    if (!ptr_a || !ptr_b) {
-        return !ptr_a && !ptr_b;
+    if (_data.empty() || other._data.empty()) {
+        return _data.empty() && other._data.empty();
     }
 
     if (type.is_atomic()) {
-        auto a = atomic_cell_view::from_bytes(type.imr_state().type_info(), _data);
-        auto b = atomic_cell_view::from_bytes(type.imr_state().type_info(), other._data);
+        auto a = atomic_cell_view::from_bytes(type, _data);
+        auto b = atomic_cell_view::from_bytes(type, other._data);
         if (a.timestamp() != b.timestamp()) {
             return false;
         }
@@ -191,28 +179,7 @@ bool atomic_cell_or_collection::equals(const abstract_type& type, const atomic_c
 
 size_t atomic_cell_or_collection::external_memory_usage(const abstract_type& t) const
 {
-    if (!_data.get()) {
-        return 0;
-    }
-    auto ctx = data::cell::context(_data.get(), t.imr_state().type_info());
-
-    auto view = data::cell::structure::make_view(_data.get(), ctx);
-    auto flags = view.get<data::cell::tags::flags>();
-
-    size_t external_value_size = 0;
-    if (flags.get<data::cell::tags::external_data>()) {
-        if (flags.get<data::cell::tags::collection>()) {
-            external_value_size = as_collection_mutation().data.size_bytes();
-        } else {
-            auto cell_view = data::cell::atomic_cell_view(t.imr_state().type_info(), view);
-            external_value_size = cell_view.value_size();
-        }
-        // Add overhead of chunk headers. The last one is a special case.
-        external_value_size += (external_value_size - 1) / data::cell::maximum_external_chunk_length * data::cell::external_chunk_overhead;
-        external_value_size += data::cell::external_last_chunk_overhead;
-    }
-    return data::cell::structure::serialized_object_size(_data.get(), ctx)
-        + imr_object_type::size_overhead + external_value_size;
+    return _data.external_memory_usage();
 }
 
 std::ostream&
@@ -221,7 +188,7 @@ operator<<(std::ostream& os, const atomic_cell_view& acv) {
         return fmt_print(os, "atomic_cell{{{},ts={:d},expiry={:d},ttl={:d}}}",
             acv.is_counter_update()
                     ? "counter_update_value=" + to_sstring(acv.counter_update_value())
-                    : to_hex(acv.value().linearize()),
+                    : to_hex(to_bytes(acv.value())),
             acv.timestamp(),
             acv.is_live_and_has_ttl() ? acv.expiry().time_since_epoch().count() : -1,
             acv.is_live_and_has_ttl() ? acv.ttl().count() : 0);
@@ -247,12 +214,11 @@ operator<<(std::ostream& os, const atomic_cell_view::printer& acvp) {
                 cell_value_string_builder << "counter_update_value=" << acv.counter_update_value();
             } else {
                 cell_value_string_builder << "shards: ";
-                counter_cell_view::with_linearized(acv, [&cell_value_string_builder] (counter_cell_view& ccv) {
-                    cell_value_string_builder << ::join(", ", ccv.shards());
-                });
+                auto ccv = counter_cell_view(acv);
+                cell_value_string_builder << ::join(", ", ccv.shards());
             }
         } else {
-            cell_value_string_builder << type.to_string(acv.value().linearize());
+            cell_value_string_builder << type.to_string(to_bytes(acv.value()));
         }
         return fmt_print(os, "atomic_cell{{{},ts={:d},expiry={:d},ttl={:d}}}",
             cell_value_string_builder.str(),
@@ -271,12 +237,11 @@ operator<<(std::ostream& os, const atomic_cell::printer& acp) {
 }
 
 std::ostream& operator<<(std::ostream& os, const atomic_cell_or_collection::printer& p) {
-    if (!p._cell._data.get()) {
+    if (p._cell._data.empty()) {
         return os << "{ null atomic_cell_or_collection }";
     }
-    using dc = data::cell;
     os << "{ ";
-    if (dc::structure::get_member<dc::tags::flags>(p._cell._data.get()).get<dc::tags::collection>()) {
+    if (p._cdef.type->is_multi_cell()) {
         os << "collection ";
         auto cmv = p._cell.as_collection_mutation();
         os << collection_mutation_view::printer(*p._cdef.type, cmv);

atomic_cell.hh

@@ -26,54 +26,205 @@
 #include "tombstone.hh"
 #include "gc_clock.hh"
 #include "utils/managed_bytes.hh"
+#include "utils/fragment_range.hh"
 #include <seastar/net//byteorder.hh>
+#include <seastar/util/bool_class.hh>
 #include <cstdint>
 #include <iosfwd>
-#include "data/cell.hh"
-#include "data/schema_info.hh"
-#include "imr/utils.hh"
+#include <concepts>
 #include "utils/fragmented_temporary_buffer.hh"
 
 #include "serializer.hh"
 
 class abstract_type;
 class collection_type_impl;
+class atomic_cell_or_collection;
 
-using atomic_cell_value_view = data::value_view;
-using atomic_cell_value_mutable_view = data::value_mutable_view;
+using atomic_cell_value = managed_bytes;
+template <mutable_view is_mutable>
+using atomic_cell_value_basic_view = managed_bytes_basic_view<is_mutable>;
+using atomic_cell_value_view = atomic_cell_value_basic_view<mutable_view::no>;
+using atomic_cell_value_mutable_view = atomic_cell_value_basic_view<mutable_view::yes>;
+
+template <typename T>
+requires std::is_trivial_v<T>
+static void set_field(atomic_cell_value_mutable_view& out, unsigned offset, T val) {
+    auto out_view = managed_bytes_mutable_view(out);
+    out_view.remove_prefix(offset);
+    write<T>(out_view, val);
+}
+
+template <typename T>
+requires std::is_trivial_v<T>
+static void set_field(atomic_cell_value& out, unsigned offset, T val) {
+    auto out_view = atomic_cell_value_mutable_view(out);
+    set_field(out_view, offset, val);
+}
+
+template <FragmentRange Buffer>
+static void set_value(managed_bytes& b, unsigned value_offset, const Buffer& value) {
+    auto v = managed_bytes_mutable_view(b).substr(value_offset, value.size_bytes());
+    for (auto frag : value) {
+        write_fragmented(v, single_fragmented_view(frag));
+    }
+}
+
+template <typename T, FragmentedView Input>
+requires std::is_trivial_v<T>
+static T get_field(Input in, unsigned offset = 0) {
+    in.remove_prefix(offset);
+    return read_simple<T>(in);
+}
+
+/*
+ * Represents atomic cell layout. Works on serialized form.
+ *
+ * Layout:
+ *
+ *  <live>  := <int8_t:flags><int64_t:timestamp>(<int64_t:expiry><int32_t:ttl>)?<value>
+ *  <dead>  := <int8_t:    0><int64_t:timestamp><int64_t:deletion_time>
+ */
+class atomic_cell_type final {
+private:
+    static constexpr int8_t LIVE_FLAG = 0x01;
+    static constexpr int8_t EXPIRY_FLAG = 0x02; // When present, expiry field is present. Set only for live cells
+    static constexpr int8_t COUNTER_UPDATE_FLAG = 0x08; // Cell is a counter update.
+    static constexpr unsigned flags_size = 1;
+    static constexpr unsigned timestamp_offset = flags_size;
+    static constexpr unsigned timestamp_size = 8;
+    static constexpr unsigned expiry_offset = timestamp_offset + timestamp_size;
+    static constexpr unsigned expiry_size = 8;
+    static constexpr unsigned deletion_time_offset = timestamp_offset + timestamp_size;
+    static constexpr unsigned deletion_time_size = 8;
+    static constexpr unsigned ttl_offset = expiry_offset + expiry_size;
+    static constexpr unsigned ttl_size = 4;
+    friend class counter_cell_builder;
+private:
+    static bool is_counter_update(atomic_cell_value_view cell) {
+        return cell.front() & COUNTER_UPDATE_FLAG;
+    }
+    static bool is_live(atomic_cell_value_view cell) {
+        return cell.front() & LIVE_FLAG;
+    }
+    static bool is_live_and_has_ttl(atomic_cell_value_view cell) {
+        return cell.front() & EXPIRY_FLAG;
+    }
+    static bool is_dead(atomic_cell_value_view cell) {
+        return !is_live(cell);
+    }
+    // Can be called on live and dead cells
+    static api::timestamp_type timestamp(atomic_cell_value_view cell) {
+        return get_field<api::timestamp_type>(cell, timestamp_offset);
+    }
+    static void set_timestamp(atomic_cell_value_mutable_view& cell, api::timestamp_type ts) {
+        set_field(cell, timestamp_offset, ts);
+    }
+    // Can be called on live cells only
+private:
+    template <mutable_view is_mutable>
+    static managed_bytes_basic_view<is_mutable> do_get_value(managed_bytes_basic_view<is_mutable> cell) {
+        auto expiry_field_size = bool(cell.front() & EXPIRY_FLAG) * (expiry_size + ttl_size);
+        auto value_offset = flags_size + timestamp_size + expiry_field_size;
+        cell.remove_prefix(value_offset);
+        return cell;
+    }
+public:
+    static atomic_cell_value_view value(managed_bytes_view cell) {
+        return do_get_value(cell);
+    }
+    static atomic_cell_value_mutable_view value(managed_bytes_mutable_view cell) {
+        return do_get_value(cell);
+    }
+    // Can be called on live counter update cells only
+    static int64_t counter_update_value(atomic_cell_value_view cell) {
+        return get_field<int64_t>(cell, flags_size + timestamp_size);
+    }
+    // Can be called only when is_dead() is true.
+    static gc_clock::time_point deletion_time(atomic_cell_value_view cell) {
+        assert(is_dead(cell));
+        return gc_clock::time_point(gc_clock::duration(get_field<int64_t>(cell, deletion_time_offset)));
+    }
+    // Can be called only when is_live_and_has_ttl() is true.
+    static gc_clock::time_point expiry(atomic_cell_value_view cell) {
+        assert(is_live_and_has_ttl(cell));
+        auto expiry = get_field<int64_t>(cell, expiry_offset);
+        return gc_clock::time_point(gc_clock::duration(expiry));
+    }
+    // Can be called only when is_live_and_has_ttl() is true.
+    static gc_clock::duration ttl(atomic_cell_value_view cell) {
+        assert(is_live_and_has_ttl(cell));
+        return gc_clock::duration(get_field<int32_t>(cell, ttl_offset));
+    }
+    static managed_bytes make_dead(api::timestamp_type timestamp, gc_clock::time_point deletion_time) {
+        managed_bytes b(managed_bytes::initialized_later(), flags_size + timestamp_size + deletion_time_size);
+        b[0] = 0;
+        set_field(b, timestamp_offset, timestamp);
+        set_field(b, deletion_time_offset, static_cast<int64_t>(deletion_time.time_since_epoch().count()));
+        return b;
+    }
+    template <FragmentRange Buffer>
+    static managed_bytes make_live(api::timestamp_type timestamp, const Buffer& value) {
+        auto value_offset = flags_size + timestamp_size;
+        managed_bytes b(managed_bytes::initialized_later(), value_offset + value.size_bytes());
+        b[0] = LIVE_FLAG;
+        set_field(b, timestamp_offset, timestamp);
+        set_value(b, value_offset, value);
+        return b;
+    }
+    static managed_bytes make_live_counter_update(api::timestamp_type timestamp, int64_t value) {
+        auto value_offset = flags_size + timestamp_size;
+        managed_bytes b(managed_bytes::initialized_later(), value_offset + sizeof(value));
+        b[0] = LIVE_FLAG | COUNTER_UPDATE_FLAG;
+        set_field(b, timestamp_offset, timestamp);
+        set_field(b, value_offset, value);
+        return b;
+    }
+    template <FragmentRange Buffer>
+    static managed_bytes make_live(api::timestamp_type timestamp, const Buffer& value, gc_clock::time_point expiry, gc_clock::duration ttl) {
+        auto value_offset = flags_size + timestamp_size + expiry_size + ttl_size;
+        managed_bytes b(managed_bytes::initialized_later(), value_offset + value.size_bytes());
+        b[0] = EXPIRY_FLAG | LIVE_FLAG;
+        set_field(b, timestamp_offset, timestamp);
+        set_field(b, expiry_offset, static_cast<int64_t>(expiry.time_since_epoch().count()));
+        set_field(b, ttl_offset, static_cast<int32_t>(ttl.count()));
+        set_value(b, value_offset, value);
+        return b;
+    }
+    static managed_bytes make_live_uninitialized(api::timestamp_type timestamp, size_t size) {
+        auto value_offset = flags_size + timestamp_size;
+        managed_bytes b(managed_bytes::initialized_later(), value_offset + size);
+        b[0] = LIVE_FLAG;
+        set_field(b, timestamp_offset, timestamp);
+        return b;
+    }
+    template <mutable_view is_mutable>
+    friend class basic_atomic_cell_view;
+    friend class atomic_cell;
+};
 
 /// View of an atomic cell
 template<mutable_view is_mutable>
 class basic_atomic_cell_view {
 protected:
-    data::cell::basic_atomic_cell_view<is_mutable> _view;
-    friend class atomic_cell;
-public:
-    using pointer_type = std::conditional_t<is_mutable == mutable_view::no, const uint8_t*, uint8_t*>;
+    managed_bytes_basic_view<is_mutable> _view;
+	friend class atomic_cell;
 protected:
-    explicit basic_atomic_cell_view(data::cell::basic_atomic_cell_view<is_mutable> v)
-        : _view(std::move(v)) { }
-
-    basic_atomic_cell_view(const data::type_info& ti, pointer_type ptr)
-        : _view(data::cell::make_atomic_cell_view(ti, ptr))
-    { }
-
+    void set_view(managed_bytes_basic_view<is_mutable> v) {
+        _view = v;
+    }
+    basic_atomic_cell_view() = default;
+    explicit basic_atomic_cell_view(managed_bytes_basic_view<is_mutable> v) : _view(std::move(v)) { }
     friend class atomic_cell_or_collection;
 public:
     operator basic_atomic_cell_view<mutable_view::no>() const noexcept {
         return basic_atomic_cell_view<mutable_view::no>(_view);
     }
 
-    void swap(basic_atomic_cell_view& other) noexcept {
-        using std::swap;
-        swap(_view, other._view);
-    }
-
     bool is_counter_update() const {
-        return _view.is_counter_update();
+        return atomic_cell_type::is_counter_update(_view);
     }
     bool is_live() const {
-        return _view.is_live();
+        return atomic_cell_type::is_live(_view);
     }
     bool is_live(tombstone t, bool is_counter) const {
         return is_live() && !is_covered_by(t, is_counter);
@@ -82,73 +233,72 @@ public:
         return is_live() && !is_covered_by(t, is_counter) && !has_expired(now);
     }
     bool is_live_and_has_ttl() const {
-        return _view.is_expiring();
+        return atomic_cell_type::is_live_and_has_ttl(_view);
     }
     bool is_dead(gc_clock::time_point now) const {
-        return !is_live() || has_expired(now);
+        return atomic_cell_type::is_dead(_view) || has_expired(now);
     }
     bool is_covered_by(tombstone t, bool is_counter) const {
         return timestamp() <= t.timestamp || (is_counter && t.timestamp != api::missing_timestamp);
     }
     // Can be called on live and dead cells
     api::timestamp_type timestamp() const {
-        return _view.timestamp();
+        return atomic_cell_type::timestamp(_view);
     }
     void set_timestamp(api::timestamp_type ts) {
-        _view.set_timestamp(ts);
+        atomic_cell_type::set_timestamp(_view, ts);
     }
     // Can be called on live cells only
-    data::basic_value_view<is_mutable> value() const {
-        return _view.value();
+    atomic_cell_value_basic_view<is_mutable> value() const {
+        return atomic_cell_type::value(_view);
     }
     // Can be called on live cells only
     size_t value_size() const {
-        return _view.value_size();
+        return atomic_cell_type::value(_view).size();
     }
     bool is_value_fragmented() const {
-        return _view.is_value_fragmented();
+        return _view.is_fragmented();
     }
     // Can be called on live counter update cells only
     int64_t counter_update_value() const {
-        return _view.counter_update_value();
+        return atomic_cell_type::counter_update_value(_view);
     }
     // Can be called only when is_dead(gc_clock::time_point)
     gc_clock::time_point deletion_time() const {
-        return !is_live() ? _view.deletion_time() : expiry() - ttl();
+        return !is_live() ? atomic_cell_type::deletion_time(_view) : expiry() - ttl();
     }
     // Can be called only when is_live_and_has_ttl()
     gc_clock::time_point expiry() const {
-        return _view.expiry();
+        return atomic_cell_type::expiry(_view);
     }
     // Can be called only when is_live_and_has_ttl()
     gc_clock::duration ttl() const {
-        return _view.ttl();
+        return atomic_cell_type::ttl(_view);
     }
     // Can be called on live and dead cells
     bool has_expired(gc_clock::time_point now) const {
         return is_live_and_has_ttl() && expiry() <= now;
     }
 
-    bytes_view serialize() const {
-        return _view.serialize();
+    managed_bytes_view serialize() const {
+        return _view;
     }
 };
 
 class atomic_cell_view final : public basic_atomic_cell_view<mutable_view::no> {
-    atomic_cell_view(const data::type_info& ti, const uint8_t* data)
-        : basic_atomic_cell_view<mutable_view::no>(ti, data) {}
+    atomic_cell_view(managed_bytes_view v)
+        : basic_atomic_cell_view(v) {}
 
     template<mutable_view is_mutable>
-    atomic_cell_view(data::cell::basic_atomic_cell_view<is_mutable> view)
-        : basic_atomic_cell_view<mutable_view::no>(view) { }
+    atomic_cell_view(basic_atomic_cell_view<is_mutable> view)
+        : basic_atomic_cell_view<mutable_view::no>(view) {}
     friend class atomic_cell;
 public:
-    static atomic_cell_view from_bytes(const data::type_info& ti, const imr::utils::object<data::cell::structure>& data) {
-        return atomic_cell_view(ti, data.get());
+    static atomic_cell_view from_bytes(const abstract_type& t, managed_bytes_view v) {
+        return atomic_cell_view(v);
     }
-
-    static atomic_cell_view from_bytes(const data::type_info& ti, bytes_view bv) {
-        return atomic_cell_view(ti, reinterpret_cast<const uint8_t*>(bv.begin()));
+    static atomic_cell_view from_bytes(const abstract_type& t, bytes_view v) {
+        return atomic_cell_view(managed_bytes_view(v));
     }
 
     friend std::ostream& operator<<(std::ostream& os, const atomic_cell_view& acv);
@@ -163,11 +313,11 @@ public:
 };
 
 class atomic_cell_mutable_view final : public basic_atomic_cell_view<mutable_view::yes> {
-    atomic_cell_mutable_view(const data::type_info& ti, uint8_t* data)
-        : basic_atomic_cell_view<mutable_view::yes>(ti, data) {}
+    atomic_cell_mutable_view(managed_bytes_mutable_view data)
+        : basic_atomic_cell_view(data) {}
 public:
-    static atomic_cell_mutable_view from_bytes(const data::type_info& ti, imr::utils::object<data::cell::structure>& data) {
-        return atomic_cell_mutable_view(ti, data.get());
+    static atomic_cell_mutable_view from_bytes(const abstract_type& t, managed_bytes_mutable_view v) {
+        return atomic_cell_mutable_view(v);
     }
 
     friend class atomic_cell;
@@ -176,26 +326,31 @@ public:
 using atomic_cell_ref = atomic_cell_mutable_view;
 
 class atomic_cell final : public basic_atomic_cell_view<mutable_view::yes> {
-    using imr_object_type =  imr::utils::object<data::cell::structure>;
-    imr_object_type _data;
-    atomic_cell(const data::type_info& ti, imr::utils::object<data::cell::structure>&& data)
-        : basic_atomic_cell_view<mutable_view::yes>(ti, data.get()), _data(std::move(data)) {}
+    managed_bytes _data;
+    atomic_cell(managed_bytes b) : _data(std::move(b))  {
+        set_view(_data);
+    }
+
 public:
     class collection_member_tag;
     using collection_member = bool_class<collection_member_tag>;
 
-    atomic_cell(atomic_cell&&) = default;
-    atomic_cell& operator=(const atomic_cell&) = delete;
-    atomic_cell& operator=(atomic_cell&&) = default;
-    void swap(atomic_cell& other) noexcept {
-        basic_atomic_cell_view<mutable_view::yes>::swap(other);
-        _data.swap(other._data);
+    atomic_cell(atomic_cell&& o) noexcept : _data(std::move(o._data)) {
+        set_view(_data);
     }
-    operator atomic_cell_view() const { return atomic_cell_view(_view); }
+    atomic_cell& operator=(const atomic_cell&) = delete;
+    atomic_cell& operator=(atomic_cell&& o) {
+        _data = std::move(o._data);
+        set_view(_data);
+        return *this;
+    }
+    operator atomic_cell_view() const { return atomic_cell_view(managed_bytes_view(_data)); }
     atomic_cell(const abstract_type& t, atomic_cell_view other);
     static atomic_cell make_dead(api::timestamp_type timestamp, gc_clock::time_point deletion_time);
     static atomic_cell make_live(const abstract_type& type, api::timestamp_type timestamp, bytes_view value,
                                  collection_member = collection_member::no);
+    static atomic_cell make_live(const abstract_type& type, api::timestamp_type timestamp, managed_bytes_view value,
+                                 collection_member = collection_member::no);
     static atomic_cell make_live(const abstract_type& type, api::timestamp_type timestamp, ser::buffer_view<bytes_ostream::fragment_iterator> value,
                                  collection_member = collection_member::no);
     static atomic_cell make_live(const abstract_type& type, api::timestamp_type timestamp, const fragmented_temporary_buffer::view& value,
@@ -207,6 +362,8 @@ public:
     static atomic_cell make_live_counter_update(api::timestamp_type timestamp, int64_t value);
     static atomic_cell make_live(const abstract_type&, api::timestamp_type timestamp, bytes_view value,
         gc_clock::time_point expiry, gc_clock::duration ttl, collection_member = collection_member::no);
+    static atomic_cell make_live(const abstract_type&, api::timestamp_type timestamp, managed_bytes_view value,
+        gc_clock::time_point expiry, gc_clock::duration ttl, collection_member = collection_member::no);
     static atomic_cell make_live(const abstract_type&, api::timestamp_type timestamp, ser::buffer_view<bytes_ostream::fragment_iterator> value,
         gc_clock::time_point expiry, gc_clock::duration ttl, collection_member = collection_member::no);
     static atomic_cell make_live(const abstract_type&, api::timestamp_type timestamp, const fragmented_temporary_buffer::view& value,

atomic_cell_hash.hh

@@ -52,9 +52,7 @@ struct appending_hash<atomic_cell_view> {
         feed_hash(h, cell.timestamp());
         if (cell.is_live()) {
             if (cdef.is_counter()) {
-                counter_cell_view::with_linearized(cell, [&] (counter_cell_view ccv) {
-                    ::feed_hash(h, ccv);
-                });
+                ::feed_hash(h, counter_cell_view(cell));
                 return;
             }
             if (cell.is_live_and_has_ttl()) {

atomic_cell_or_collection.hh

@@ -26,20 +26,14 @@
 #include "schema.hh"
 #include "hashing.hh"
 
-#include "imr/utils.hh"
-
 // A variant type that can hold either an atomic_cell, or a serialized collection.
 // Which type is stored is determined by the schema.
+// Has an "empty" state.
+// Objects moved-from are left in an empty state.
 class atomic_cell_or_collection final {
-    // FIXME: This has made us lose small-buffer optimisation. Unfortunately,
-    // due to the changed cell format it would be less effective now, anyway.
-    // Measure the actual impact because any attempts to fix this will become
-    // irrelevant once rows are converted to the IMR as well, so maybe we can
-    // live with this like that.
-    using imr_object_type = imr::utils::object<data::cell::structure>;
-    imr_object_type _data;
+    managed_bytes _data;
 private:
-    atomic_cell_or_collection(imr::utils::object<data::cell::structure>&& data) : _data(std::move(data)) {}
+    atomic_cell_or_collection(managed_bytes&& data) : _data(std::move(data)) {}
 public:
     atomic_cell_or_collection() = default;
     atomic_cell_or_collection(atomic_cell_or_collection&&) = default;
@@ -49,20 +43,16 @@ public:
     atomic_cell_or_collection(atomic_cell ac) : _data(std::move(ac._data)) {}
     atomic_cell_or_collection(const abstract_type& at, atomic_cell_view acv);
     static atomic_cell_or_collection from_atomic_cell(atomic_cell data) { return { std::move(data._data) }; }
-    atomic_cell_view as_atomic_cell(const column_definition& cdef) const { return atomic_cell_view::from_bytes(cdef.type->imr_state().type_info(), _data); }
-    atomic_cell_ref as_atomic_cell_ref(const column_definition& cdef) { return atomic_cell_mutable_view::from_bytes(cdef.type->imr_state().type_info(), _data); }
-    atomic_cell_mutable_view as_mutable_atomic_cell(const column_definition& cdef) { return atomic_cell_mutable_view::from_bytes(cdef.type->imr_state().type_info(), _data); }
+    atomic_cell_view as_atomic_cell(const column_definition& cdef) const { return atomic_cell_view::from_bytes(*cdef.type, _data); }
+    atomic_cell_mutable_view as_mutable_atomic_cell(const column_definition& cdef) { return atomic_cell_mutable_view::from_bytes(*cdef.type, _data); }
     atomic_cell_or_collection(collection_mutation cm) : _data(std::move(cm._data)) { }
     atomic_cell_or_collection copy(const abstract_type&) const;
     explicit operator bool() const {
-        return bool(_data);
+        return !_data.empty();
     }
     static constexpr bool can_use_mutable_view() {
         return true;
     }
-    void swap(atomic_cell_or_collection& other) noexcept {
-        _data.swap(other._data);
-    }
     static atomic_cell_or_collection from_collection_mutation(collection_mutation data) { return std::move(data._data); }
     collection_mutation_view as_collection_mutation() const;
     bytes_view serialize() const;
@@ -82,12 +72,3 @@ public:
     };
     friend std::ostream& operator<<(std::ostream&, const printer&);
 };
-
-namespace std {
-
-inline void swap(atomic_cell_or_collection& a, atomic_cell_or_collection& b) noexcept
-{
-    a.swap(b);
-}
-
-}

auth/allow_all_authenticator.cc

@@ -26,10 +26,7 @@
 
 namespace auth {
 
-const sstring& allow_all_authenticator_name() {
-    static const sstring name = meta::AUTH_PACKAGE_NAME + "AllowAllAuthenticator";
-    return name;
-}
+constexpr std::string_view allow_all_authenticator_name("org.apache.cassandra.auth.AllowAllAuthenticator");
 
 // To ensure correct initialization order, we unfortunately need to use a string literal.
 static const class_registrator<

auth/allow_all_authenticator.hh

@@ -37,7 +37,7 @@ class migration_manager;
 
 namespace auth {
 
-const sstring& allow_all_authenticator_name();
+extern const std::string_view allow_all_authenticator_name;
 
 class allow_all_authenticator final : public authenticator {
 public:
@@ -53,7 +53,7 @@ public:
     }
 
     virtual std::string_view qualified_java_name() const override {
-        return allow_all_authenticator_name();
+        return allow_all_authenticator_name;
     }
 
     virtual bool require_authentication() const override {

auth/allow_all_authorizer.cc

@@ -26,10 +26,7 @@
 
 namespace auth {
 
-const sstring& allow_all_authorizer_name() {
-    static const sstring name = meta::AUTH_PACKAGE_NAME + "AllowAllAuthorizer";
-    return name;
-}
+constexpr std::string_view allow_all_authorizer_name("org.apache.cassandra.auth.AllowAllAuthorizer");
 
 // To ensure correct initialization order, we unfortunately need to use a string literal.
 static const class_registrator<

auth/allow_all_authorizer.hh

@@ -34,7 +34,7 @@ class migration_manager;
 
 namespace auth {
 
-const sstring& allow_all_authorizer_name();
+extern const std::string_view allow_all_authorizer_name;
 
 class allow_all_authorizer final  : public authorizer {
 public:
@@ -50,7 +50,7 @@ public:
     }
 
     virtual std::string_view qualified_java_name() const override {
-        return allow_all_authorizer_name();
+        return allow_all_authorizer_name;
     }
 
     virtual future<permission_set> authorize(const role_or_anonymous&, const resource&) const override {

auth/common.cc

@@ -34,10 +34,9 @@ namespace auth {
 
 namespace meta {
 
-const sstring DEFAULT_SUPERUSER_NAME("cassandra");
-const sstring AUTH_KS("system_auth");
-const sstring USERS_CF("users");
-const sstring AUTH_PACKAGE_NAME("org.apache.cassandra.auth.");
+constexpr std::string_view AUTH_KS("system_auth");
+constexpr std::string_view USERS_CF("users");
+constexpr std::string_view AUTH_PACKAGE_NAME("org.apache.cassandra.auth.");
 
 }
 
@@ -83,7 +82,7 @@ static future<> create_metadata_table_if_missing_impl(
     b.set_uuid(uuid);
     schema_ptr table = b.build();
     return ignore_existing([&mm, table = std::move(table)] () {
-        return mm.announce_new_column_family(table, false);
+        return mm.announce_new_column_family(table);
     });
 }
 
@@ -109,10 +108,17 @@ future<> wait_for_schema_agreement(::service::migration_manager& mm, const datab
     });
 }
 
-const timeout_config& internal_distributed_timeout_config() noexcept {
+::service::query_state& internal_distributed_query_state() noexcept {
+#ifdef DEBUG
+    // Give the much slower debug tests more headroom for completing auth queries.
+    static const auto t = 30s;
+#else
     static const auto t = 5s;
+#endif
     static const timeout_config tc{t, t, t, t, t, t, t};
-    return tc;
+    static thread_local ::service::client_state cs(::service::client_state::internal_tag{}, tc);
+    static thread_local ::service::query_state qs(cs, empty_service_permit());
+    return qs;
 }
 
 }

auth/common.hh

@@ -35,6 +35,7 @@
 #include "log.hh"
 #include "seastarx.hh"
 #include "utils/exponential_backoff_retry.hh"
+#include "service/query_state.hh"
 
 using namespace std::chrono_literals;
 
@@ -53,10 +54,10 @@ namespace auth {
 
 namespace meta {
 
-extern const sstring DEFAULT_SUPERUSER_NAME;
-extern const sstring AUTH_KS;
-extern const sstring USERS_CF;
-extern const sstring AUTH_PACKAGE_NAME;
+constexpr std::string_view DEFAULT_SUPERUSER_NAME("cassandra");
+extern const std::string_view AUTH_KS;
+extern const std::string_view USERS_CF;
+extern const std::string_view AUTH_PACKAGE_NAME;
 
 }
 
@@ -87,6 +88,6 @@ future<> wait_for_schema_agreement(::service::migration_manager&, const database
 ///
 /// Time-outs for internal, non-local CQL queries.
 ///
-const timeout_config& internal_distributed_timeout_config() noexcept;
+::service::query_state& internal_distributed_query_state() noexcept;
 
 }

auth/default_authorizer.cc

@@ -65,15 +65,14 @@ extern "C" {
 
 namespace auth {
 
-const sstring& default_authorizer_name() {
-    static const sstring name = meta::AUTH_PACKAGE_NAME + "CassandraAuthorizer";
-    return name;
+std::string_view default_authorizer::qualified_java_name() const {
+    return "org.apache.cassandra.auth.CassandraAuthorizer";
 }
 
-static const sstring ROLE_NAME = "role";
-static const sstring RESOURCE_NAME = "resource";
-static const sstring PERMISSIONS_NAME = "permissions";
-static const sstring PERMISSIONS_CF = "role_permissions";
+static constexpr std::string_view ROLE_NAME = "role";
+static constexpr std::string_view RESOURCE_NAME = "resource";
+static constexpr std::string_view PERMISSIONS_NAME = "permissions";
+static constexpr std::string_view PERMISSIONS_CF = "role_permissions";
 
 static logging::logger alogger("default_authorizer");
 
@@ -104,7 +103,6 @@ future<bool> default_authorizer::any_granted() const {
     return _qp.execute_internal(
             query,
             db::consistency_level::LOCAL_ONE,
-            infinite_timeout_config,
             {},
             true).then([this](::shared_ptr<cql3::untyped_result_set> results) {
         return !results->empty();
@@ -117,8 +115,7 @@ future<> default_authorizer::migrate_legacy_metadata() const {
 
     return _qp.execute_internal(
             query,
-            db::consistency_level::LOCAL_ONE,
-            infinite_timeout_config).then([this](::shared_ptr<cql3::untyped_result_set> results) {
+            db::consistency_level::LOCAL_ONE).then([this](::shared_ptr<cql3::untyped_result_set> results) {
         return do_for_each(*results, [this](const cql3::untyped_result_set_row& row) {
             return do_with(
                     row.get_as<sstring>("username"),
@@ -198,7 +195,6 @@ default_authorizer::authorize(const role_or_anonymous& maybe_role, const resourc
     return _qp.execute_internal(
             query,
             db::consistency_level::LOCAL_ONE,
-            infinite_timeout_config,
             {*maybe_role.name, r.name()}).then([](::shared_ptr<cql3::untyped_result_set> results) {
         if (results->empty()) {
             return permissions::NONE;
@@ -227,7 +223,7 @@ default_authorizer::modify(
         return _qp.execute_internal(
                 query,
                 db::consistency_level::ONE,
-                internal_distributed_timeout_config(),
+                internal_distributed_query_state(),
                 {permissions::to_strings(set), sstring(role_name), resource.name()}).discard_result();
     });
 }
@@ -252,7 +248,7 @@ future<std::vector<permission_details>> default_authorizer::list_all() const {
     return _qp.execute_internal(
             query,
             db::consistency_level::ONE,
-            internal_distributed_timeout_config(),
+            internal_distributed_query_state(),
             {},
             true).then([](::shared_ptr<cql3::untyped_result_set> results) {
         std::vector<permission_details> all_details;
@@ -279,7 +275,7 @@ future<> default_authorizer::revoke_all(std::string_view role_name) const {
     return _qp.execute_internal(
             query,
             db::consistency_level::ONE,
-            internal_distributed_timeout_config(),
+            internal_distributed_query_state(),
             {sstring(role_name)}).discard_result().handle_exception([role_name](auto ep) {
         try {
             std::rethrow_exception(ep);
@@ -299,7 +295,6 @@ future<> default_authorizer::revoke_all(const resource& resource) const {
     return _qp.execute_internal(
             query,
             db::consistency_level::LOCAL_ONE,
-            infinite_timeout_config,
             {resource.name()}).then_wrapped([this, resource](future<::shared_ptr<cql3::untyped_result_set>> f) {
         try {
             auto res = f.get0();
@@ -316,7 +311,6 @@ future<> default_authorizer::revoke_all(const resource& resource) const {
                 return _qp.execute_internal(
                         query,
                         db::consistency_level::LOCAL_ONE,
-                        infinite_timeout_config,
                         {r.get_as<sstring>(ROLE_NAME), resource.name()}).discard_result().handle_exception(
                                 [resource](auto ep) {
                     try {

auth/default_authorizer.hh

@@ -51,8 +51,6 @@
 
 namespace auth {
 
-const sstring& default_authorizer_name();
-
 class default_authorizer : public authorizer {
     cql3::query_processor& _qp;
 
@@ -71,9 +69,7 @@ public:
 
     virtual future<> stop() override;
 
-    virtual std::string_view qualified_java_name() const override {
-        return default_authorizer_name();
-    }
+    virtual std::string_view qualified_java_name() const override;
 
     virtual future<permission_set> authorize(const role_or_anonymous&, const resource&) const override;
 

auth/password_authenticator.cc

@@ -62,15 +62,12 @@
 
 namespace auth {
 
-const sstring& password_authenticator_name() {
-    static const sstring name = meta::AUTH_PACKAGE_NAME + "PasswordAuthenticator";
-    return name;
-}
+constexpr std::string_view password_authenticator_name("org.apache.cassandra.auth.PasswordAuthenticator");
 
 // name of the hash column.
-static const sstring SALTED_HASH = "salted_hash";
-static const sstring DEFAULT_USER_NAME = meta::DEFAULT_SUPERUSER_NAME;
-static const sstring DEFAULT_USER_PASSWORD = meta::DEFAULT_SUPERUSER_NAME;
+static constexpr std::string_view SALTED_HASH = "salted_hash";
+static constexpr std::string_view DEFAULT_USER_NAME = meta::DEFAULT_SUPERUSER_NAME;
+static const sstring DEFAULT_USER_PASSWORD = sstring(meta::DEFAULT_SUPERUSER_NAME);
 
 static logging::logger plogger("password_authenticator");
 
@@ -98,7 +95,7 @@ static bool has_salted_hash(const cql3::untyped_result_set_row& row) {
 
 static const sstring& update_row_query() {
     static const sstring update_row_query = format("UPDATE {} SET {} = ? WHERE {} = ?",
-            meta::roles_table::qualified_name(),
+            meta::roles_table::qualified_name,
             SALTED_HASH,
             meta::roles_table::role_col_name);
     return update_row_query;
@@ -117,7 +114,7 @@ future<> password_authenticator::migrate_legacy_metadata() const {
     return _qp.execute_internal(
             query,
             db::consistency_level::QUORUM,
-            internal_distributed_timeout_config()).then([this](::shared_ptr<cql3::untyped_result_set> results) {
+            internal_distributed_query_state()).then([this](::shared_ptr<cql3::untyped_result_set> results) {
         return do_for_each(*results, [this](const cql3::untyped_result_set_row& row) {
             auto username = row.get_as<sstring>("username");
             auto salted_hash = row.get_as<sstring>(SALTED_HASH);
@@ -125,7 +122,7 @@ future<> password_authenticator::migrate_legacy_metadata() const {
             return _qp.execute_internal(
                     update_row_query(),
                     consistency_for_user(username),
-                    internal_distributed_timeout_config(),
+                    internal_distributed_query_state(),
                     {std::move(salted_hash), username}).discard_result();
         }).finally([results] {});
     }).then([] {
@@ -142,7 +139,7 @@ future<> password_authenticator::create_default_if_missing() const {
             return _qp.execute_internal(
                     update_row_query(),
                     db::consistency_level::QUORUM,
-                    internal_distributed_timeout_config(),
+                    internal_distributed_query_state(),
                     {passwords::hash(DEFAULT_USER_PASSWORD, rng_for_salt), DEFAULT_USER_NAME}).then([](auto&&) {
                 plogger.info("Created default superuser authentication record.");
             });
@@ -198,7 +195,7 @@ db::consistency_level password_authenticator::consistency_for_user(std::string_v
 }
 
 std::string_view password_authenticator::qualified_java_name() const {
-    return password_authenticator_name();
+    return password_authenticator_name;
 }
 
 bool password_authenticator::require_authentication() const {
@@ -215,10 +212,10 @@ authentication_option_set password_authenticator::alterable_options() const {
 
 future<authenticated_user> password_authenticator::authenticate(
                 const credentials_map& credentials) const {
-    if (!credentials.count(USERNAME_KEY)) {
+    if (!credentials.contains(USERNAME_KEY)) {
         throw exceptions::authentication_exception(format("Required key '{}' is missing", USERNAME_KEY));
     }
-    if (!credentials.count(PASSWORD_KEY)) {
+    if (!credentials.contains(PASSWORD_KEY)) {
         throw exceptions::authentication_exception(format("Required key '{}' is missing", PASSWORD_KEY));
     }
 
@@ -233,13 +230,13 @@ future<authenticated_user> password_authenticator::authenticate(
     return futurize_invoke([this, username, password] {
         static const sstring query = format("SELECT {} FROM {} WHERE {} = ?",
                 SALTED_HASH,
-                meta::roles_table::qualified_name(),
+                meta::roles_table::qualified_name,
                 meta::roles_table::role_col_name);
 
         return _qp.execute_internal(
                 query,
                 consistency_for_user(username),
-                internal_distributed_timeout_config(),
+                internal_distributed_query_state(),
                 {username},
                 true);
     }).then_wrapped([=](future<::shared_ptr<cql3::untyped_result_set>> f) {
@@ -273,7 +270,7 @@ future<> password_authenticator::create(std::string_view role_name, const authen
     return _qp.execute_internal(
             update_row_query(),
             consistency_for_user(role_name),
-            internal_distributed_timeout_config(),
+            internal_distributed_query_state(),
             {passwords::hash(*options.password, rng_for_salt), sstring(role_name)}).discard_result();
 }
 
@@ -283,26 +280,26 @@ future<> password_authenticator::alter(std::string_view role_name, const authent
     }
 
     static const sstring query = format("UPDATE {} SET {} = ? WHERE {} = ?",
-            meta::roles_table::qualified_name(),
+            meta::roles_table::qualified_name,
             SALTED_HASH,
             meta::roles_table::role_col_name);
 
     return _qp.execute_internal(
             query,
             consistency_for_user(role_name),
-            internal_distributed_timeout_config(),
+            internal_distributed_query_state(),
             {passwords::hash(*options.password, rng_for_salt), sstring(role_name)}).discard_result();
 }
 
 future<> password_authenticator::drop(std::string_view name) const {
     static const sstring query = format("DELETE {} FROM {} WHERE {} = ?",
             SALTED_HASH,
-            meta::roles_table::qualified_name(),
+            meta::roles_table::qualified_name,
             meta::roles_table::role_col_name);
 
     return _qp.execute_internal(
             query, consistency_for_user(name),
-            internal_distributed_timeout_config(),
+            internal_distributed_query_state(),
             {sstring(name)}).discard_result();
 }
 

auth/password_authenticator.hh

@@ -52,7 +52,7 @@ class migration_manager;
 
 namespace auth {
 
-const sstring& password_authenticator_name();
+extern const std::string_view password_authenticator_name;
 
 class password_authenticator : public authenticator {
     cql3::query_processor& _qp;

auth/roles-metadata.cc

@@ -45,16 +45,13 @@ std::string_view creation_query() {
             "  member_of set<text>,"
             "  salted_hash text"
             ")",
-            qualified_name(),
+            qualified_name,
             role_col_name);
 
     return instance;
 }
 
-std::string_view qualified_name() noexcept {
-    static const sstring instance = AUTH_KS + "." + sstring(name);
-    return instance;
-}
+constexpr std::string_view qualified_name("system_auth.roles");
 
 }
 
@@ -64,21 +61,20 @@ future<bool> default_role_row_satisfies(
         cql3::query_processor& qp,
         std::function<bool(const cql3::untyped_result_set_row&)> p) {
     static const sstring query = format("SELECT * FROM {} WHERE {} = ?",
-            meta::roles_table::qualified_name(),
+            meta::roles_table::qualified_name,
             meta::roles_table::role_col_name);
 
     return do_with(std::move(p), [&qp](const auto& p) {
         return qp.execute_internal(
                 query,
                 db::consistency_level::ONE,
-                infinite_timeout_config,
                 {meta::DEFAULT_SUPERUSER_NAME},
                 true).then([&qp, &p](::shared_ptr<cql3::untyped_result_set> results) {
             if (results->empty()) {
                 return qp.execute_internal(
                         query,
                         db::consistency_level::QUORUM,
-                        internal_distributed_timeout_config(),
+                        internal_distributed_query_state(),
                         {meta::DEFAULT_SUPERUSER_NAME},
                         true).then([&p](::shared_ptr<cql3::untyped_result_set> results) {
                     if (results->empty()) {
@@ -97,13 +93,13 @@ future<bool> default_role_row_satisfies(
 future<bool> any_nondefault_role_row_satisfies(
         cql3::query_processor& qp,
         std::function<bool(const cql3::untyped_result_set_row&)> p) {
-    static const sstring query = format("SELECT * FROM {}", meta::roles_table::qualified_name());
+    static const sstring query = format("SELECT * FROM {}", meta::roles_table::qualified_name);
 
     return do_with(std::move(p), [&qp](const auto& p) {
         return qp.execute_internal(
                 query,
                 db::consistency_level::QUORUM,
-                internal_distributed_timeout_config()).then([&p](::shared_ptr<cql3::untyped_result_set> results) {
+                internal_distributed_query_state()).then([&p](::shared_ptr<cql3::untyped_result_set> results) {
             if (results->empty()) {
                 return false;
             }

auth/roles-metadata.hh

@@ -43,7 +43,7 @@ std::string_view creation_query();
 
 constexpr std::string_view name{"roles", 5};
 
-std::string_view qualified_name() noexcept;
+extern const std::string_view qualified_name;
 
 constexpr std::string_view role_col_name{"role", 4};
 

auth/service.cc

@@ -31,9 +31,7 @@
 #include "auth/allow_all_authenticator.hh"
 #include "auth/allow_all_authorizer.hh"
 #include "auth/common.hh"
-#include "auth/password_authenticator.hh"
 #include "auth/role_or_anonymous.hh"
-#include "auth/standard_role_manager.hh"
 #include "cql3/query_processor.hh"
 #include "cql3/untyped_result_set.hh"
 #include "db/consistency_level_type.hh"
@@ -125,18 +123,7 @@ service::service(
             , _authorizer(std::move(z))
             , _authenticator(std::move(a))
             , _role_manager(std::move(r))
-            , _migration_listener(std::make_unique<auth_migration_listener>(*_authorizer)) {
-    // The password authenticator requires that the `standard_role_manager` is running so that the roles metadata table
-    // it manages is created and updated. This cross-module dependency is rather gross, but we have to maintain it for
-    // the sake of compatibility with Apache Cassandra and its choice of auth. schema.
-    if ((_authenticator->qualified_java_name() == password_authenticator_name())
-            && (_role_manager->qualified_java_name() != standard_role_manager_name())) {
-        throw incompatible_module_combination(
-                format("The {} authenticator must be loaded alongside the {} role-manager.",
-                        password_authenticator_name(),
-                        standard_role_manager_name()));
-    }
-}
+            , _migration_listener(std::make_unique<auth_migration_listener>(*_authorizer)) {}
 
 service::service(
         permissions_cache_config c,
@@ -167,7 +154,7 @@ future<> service::create_keyspace_if_missing(::service::migration_manager& mm) c
 
         // We use min_timestamp so that default keyspace metadata will loose with any manual adjustments.
         // See issue #2129.
-        return mm.announce_new_keyspace(ksm, api::min_timestamp, false);
+        return mm.announce_new_keyspace(ksm, api::min_timestamp);
     }
 
     return make_ready_future<>();
@@ -223,7 +210,6 @@ future<bool> service::has_existing_legacy_users() const {
     return _qp.execute_internal(
             default_user_query,
             db::consistency_level::ONE,
-            infinite_timeout_config,
             {meta::DEFAULT_SUPERUSER_NAME},
             true).then([this](auto results) {
         if (!results->empty()) {
@@ -233,7 +219,6 @@ future<bool> service::has_existing_legacy_users() const {
         return _qp.execute_internal(
                 default_user_query,
                 db::consistency_level::QUORUM,
-                infinite_timeout_config,
                 {meta::DEFAULT_SUPERUSER_NAME},
                 true).then([this](auto results) {
             if (!results->empty()) {
@@ -242,8 +227,7 @@ future<bool> service::has_existing_legacy_users() const {
 
             return _qp.execute_internal(
                     all_users_query,
-                    db::consistency_level::QUORUM,
-                    infinite_timeout_config).then([](auto results) {
+                    db::consistency_level::QUORUM).then([](auto results) {
                 return make_ready_future<bool>(!results->empty());
             });
         });
@@ -376,25 +360,28 @@ future<permission_set> get_permissions(const service& ser, const authenticated_u
 }
 
 bool is_enforcing(const service& ser)  {
-    const bool enforcing_authorizer = ser.underlying_authorizer().qualified_java_name() != allow_all_authorizer_name();
+    const bool enforcing_authorizer = ser.underlying_authorizer().qualified_java_name() != allow_all_authorizer_name;
 
     const bool enforcing_authenticator = ser.underlying_authenticator().qualified_java_name()
-            != allow_all_authenticator_name();
+            != allow_all_authenticator_name;
 
     return enforcing_authorizer || enforcing_authenticator;
 }
 
-bool is_protected(const service& ser, const resource& r) noexcept {
-    return ser.underlying_role_manager().protected_resources().count(r)
-            || ser.underlying_authenticator().protected_resources().count(r)
-            || ser.underlying_authorizer().protected_resources().count(r);
+bool is_protected(const service& ser, command_desc cmd) noexcept {
+    if (cmd.type_ == command_desc::type::ALTER_WITH_OPTS) {
+        return false; // Table attributes are OK to modify; see #7057.
+    }
+    return ser.underlying_role_manager().protected_resources().contains(cmd.resource)
+            || ser.underlying_authenticator().protected_resources().contains(cmd.resource)
+            || ser.underlying_authorizer().protected_resources().contains(cmd.resource);
 }
 
 static void validate_authentication_options_are_supported(
         const authentication_options& options,
         const authentication_option_set& supported) {
     const auto check = [&supported](authentication_option k) {
-        if (supported.count(k) == 0) {
+        if (!supported.contains(k)) {
             throw unsupported_authentication_option(k);
         }
     };
@@ -474,7 +461,7 @@ future<bool> has_role(const service& ser, std::string_view grantee, std::string_
     return when_all_succeed(
             validate_role_exists(ser, name),
             ser.get_roles(grantee)).then_unpack([name](role_set all_roles) {
-        return make_ready_future<bool>(all_roles.count(sstring(name)) != 0);
+        return make_ready_future<bool>(all_roles.contains(sstring(name)));
     });
 }
 future<bool> has_role(const service& ser, const authenticated_user& u, std::string_view name) {
@@ -531,14 +518,9 @@ future<std::vector<permission_details>> list_filtered_permissions(
                     ? auth::expand_resource_family(r)
                     : auth::resource_set{r};
 
-            all_details.erase(
-                    std::remove_if(
-                            all_details.begin(),
-                            all_details.end(),
-                            [&resources](const permission_details& pd) {
-                        return resources.count(pd.resource) == 0;
-                    }),
-                    all_details.end());
+            std::erase_if(all_details, [&resources](const permission_details& pd) {
+                return !resources.contains(pd.resource);
+            });
         }
 
         std::transform(
@@ -551,11 +533,9 @@ future<std::vector<permission_details>> list_filtered_permissions(
                 });
 
         // Eliminate rows with an empty permission set.
-        all_details.erase(
-                std::remove_if(all_details.begin(), all_details.end(), [](const permission_details& pd) {
-                    return pd.permissions.mask() == 0;
-                }),
-                all_details.end());
+        std::erase_if(all_details, [](const permission_details& pd) {
+            return pd.permissions.mask() == 0;
+        });
 
         if (!role_name) {
             return make_ready_future<std::vector<permission_details>>(std::move(all_details));
@@ -567,14 +547,9 @@ future<std::vector<permission_details>> list_filtered_permissions(
 
         return do_with(std::move(all_details), [&ser, role_name](auto& all_details) {
             return ser.get_roles(*role_name).then([&all_details](role_set all_roles) {
-                all_details.erase(
-                        std::remove_if(
-                                all_details.begin(),
-                                all_details.end(),
-                                [&all_roles](const permission_details& pd) {
-                            return all_roles.count(pd.role_name) == 0;
-                        }),
-                        all_details.end());
+                std::erase_if(all_details, [&all_roles](const permission_details& pd) {
+                    return !all_roles.contains(pd.role_name);
+                });
 
                 return make_ready_future<std::vector<permission_details>>(std::move(all_details));
             });

auth/service.hh

@@ -181,10 +181,21 @@ future<permission_set> get_permissions(const service&, const authenticated_user&
 ///
 bool is_enforcing(const service&);
 
+/// A description of a CQL command from which auth::service can tell whether or not this command could endanger
+/// internal data on which auth::service depends.
+struct command_desc {
+    auth::permission permission; ///< Nature of the command's alteration.
+    const ::auth::resource& resource; ///< Resource impacted by this command.
+    enum class type {
+        ALTER_WITH_OPTS, ///< Command is ALTER ... WITH ...
+        OTHER
+    } type_ = type::OTHER;
+};
+
 ///
 /// Protected resources cannot be modified even if the performer has permissions to do so.
 ///
-bool is_protected(const service&, const resource&) noexcept;
+bool is_protected(const service&, command_desc) noexcept;
 
 ///
 /// Create a role with optional authentication information.

auth/standard_role_manager.cc

@@ -49,11 +49,7 @@ namespace meta {
 namespace role_members_table {
 
 constexpr std::string_view name{"role_members" , 12};
-
-static std::string_view qualified_name() noexcept {
-    static const sstring instance = AUTH_KS + "." + sstring(name);
-    return instance;
-}
+constexpr std::string_view qualified_name("system_auth.role_members");
 
 }
 
@@ -84,13 +80,13 @@ static db::consistency_level consistency_for_role(std::string_view role_name) no
 
 static future<std::optional<record>> find_record(cql3::query_processor& qp, std::string_view role_name) {
     static const sstring query = format("SELECT * FROM {} WHERE {} = ?",
-            meta::roles_table::qualified_name(),
+            meta::roles_table::qualified_name,
             meta::roles_table::role_col_name);
 
     return qp.execute_internal(
             query,
             consistency_for_role(role_name),
-            internal_distributed_timeout_config(),
+            internal_distributed_query_state(),
             {sstring(role_name)},
             true).then([](::shared_ptr<cql3::untyped_result_set> results) {
         if (results->empty()) {
@@ -124,13 +120,8 @@ static bool has_can_login(const cql3::untyped_result_set_row& row) {
     return row.has("can_login") && !(boolean_type->deserialize(row.get_blob("can_login")).is_null());
 }
 
-std::string_view standard_role_manager_name() noexcept {
-    static const sstring instance = meta::AUTH_PACKAGE_NAME + "CassandraRoleManager";
-    return instance;
-}
-
 std::string_view standard_role_manager::qualified_java_name() const noexcept {
-    return standard_role_manager_name();
+    return "org.apache.cassandra.auth.CassandraRoleManager";
 }
 
 const resource_set& standard_role_manager::protected_resources() const {
@@ -148,7 +139,7 @@ future<> standard_role_manager::create_metadata_tables_if_missing() const {
             "  member text,"
             "  PRIMARY KEY (role, member)"
             ")",
-            meta::role_members_table::qualified_name());
+            meta::role_members_table::qualified_name);
 
 
     return when_all_succeed(
@@ -168,13 +159,13 @@ future<> standard_role_manager::create_default_role_if_missing() const {
     return default_role_row_satisfies(_qp, &has_can_login).then([this](bool exists) {
         if (!exists) {
             static const sstring query = format("INSERT INTO {} ({}, is_superuser, can_login) VALUES (?, true, true)",
-                    meta::roles_table::qualified_name(),
+                    meta::roles_table::qualified_name,
                     meta::roles_table::role_col_name);
 
             return _qp.execute_internal(
                     query,
                     db::consistency_level::QUORUM,
-                    internal_distributed_timeout_config(),
+                    internal_distributed_query_state(),
                     {meta::DEFAULT_SUPERUSER_NAME}).then([](auto&&) {
                 log.info("Created default superuser role '{}'.", meta::DEFAULT_SUPERUSER_NAME);
                 return make_ready_future<>();
@@ -201,7 +192,7 @@ future<> standard_role_manager::migrate_legacy_metadata() const {
     return _qp.execute_internal(
             query,
             db::consistency_level::QUORUM,
-            internal_distributed_timeout_config()).then([this](::shared_ptr<cql3::untyped_result_set> results) {
+            internal_distributed_query_state()).then([this](::shared_ptr<cql3::untyped_result_set> results) {
         return do_for_each(*results, [this](const cql3::untyped_result_set_row& row) {
             role_config config;
             config.is_superuser = row.get_or<bool>("super", false);
@@ -256,13 +247,13 @@ future<> standard_role_manager::stop() {
 
 future<> standard_role_manager::create_or_replace(std::string_view role_name, const role_config& c) const {
     static const sstring query = format("INSERT INTO {} ({}, is_superuser, can_login) VALUES (?, ?, ?)",
-            meta::roles_table::qualified_name(),
+            meta::roles_table::qualified_name,
             meta::roles_table::role_col_name);
 
     return _qp.execute_internal(
             query,
             consistency_for_role(role_name),
-            internal_distributed_timeout_config(),
+            internal_distributed_query_state(),
             {sstring(role_name), c.is_superuser, c.can_login},
             true).discard_result();
 }
@@ -301,11 +292,11 @@ standard_role_manager::alter(std::string_view role_name, const role_config_updat
 
         return _qp.execute_internal(
                 format("UPDATE {} SET {} WHERE {} = ?",
-                        meta::roles_table::qualified_name(),
+                        meta::roles_table::qualified_name,
                         build_column_assignments(u),
                         meta::roles_table::role_col_name),
                 consistency_for_role(role_name),
-                internal_distributed_timeout_config(),
+                internal_distributed_query_state(),
                 {sstring(role_name)}).discard_result();
     });
 }
@@ -319,12 +310,12 @@ future<> standard_role_manager::drop(std::string_view role_name) const {
         // First, revoke this role from all roles that are members of it.
         const auto revoke_from_members = [this, role_name] {
             static const sstring query = format("SELECT member FROM {} WHERE role = ?",
-                    meta::role_members_table::qualified_name());
+                    meta::role_members_table::qualified_name);
 
             return _qp.execute_internal(
                     query,
                     consistency_for_role(role_name),
-                    internal_distributed_timeout_config(),
+                    internal_distributed_query_state(),
                     {sstring(role_name)}).then([this, role_name](::shared_ptr<cql3::untyped_result_set> members) {
                 return parallel_for_each(
                         members->begin(),
@@ -357,13 +348,13 @@ future<> standard_role_manager::drop(std::string_view role_name) const {
         // Finally, delete the role itself.
         auto delete_role = [this, role_name] {
             static const sstring query = format("DELETE FROM {} WHERE {} = ?",
-                    meta::roles_table::qualified_name(),
+                    meta::roles_table::qualified_name,
                     meta::roles_table::role_col_name);
 
             return _qp.execute_internal(
                     query,
                     consistency_for_role(role_name),
-                    internal_distributed_timeout_config(),
+                    internal_distributed_query_state(),
                     {sstring(role_name)}).discard_result();
         };
 
@@ -383,14 +374,14 @@ standard_role_manager::modify_membership(
     const auto modify_roles = [this, role_name, grantee_name, ch] {
         const auto query = format(
                 "UPDATE {} SET member_of = member_of {} ? WHERE {} = ?",
-                meta::roles_table::qualified_name(),
+                meta::roles_table::qualified_name,
                 (ch == membership_change::add ? '+' : '-'),
                 meta::roles_table::role_col_name);
 
         return _qp.execute_internal(
                 query,
                 consistency_for_role(grantee_name),
-                internal_distributed_timeout_config(),
+                internal_distributed_query_state(),
                 {role_set{sstring(role_name)}, sstring(grantee_name)}).discard_result();
     };
 
@@ -399,24 +390,24 @@ standard_role_manager::modify_membership(
             case membership_change::add:
                 return _qp.execute_internal(
                         format("INSERT INTO {} (role, member) VALUES (?, ?)",
-                                meta::role_members_table::qualified_name()),
+                                meta::role_members_table::qualified_name),
                         consistency_for_role(role_name),
-                        internal_distributed_timeout_config(),
+                        internal_distributed_query_state(),
                         {sstring(role_name), sstring(grantee_name)}).discard_result();
 
             case membership_change::remove:
                 return _qp.execute_internal(
                         format("DELETE FROM {} WHERE role = ? AND member = ?",
-                                meta::role_members_table::qualified_name()),
+                                meta::role_members_table::qualified_name),
                         consistency_for_role(role_name),
-                        internal_distributed_timeout_config(),
+                        internal_distributed_query_state(),
                         {sstring(role_name), sstring(grantee_name)}).discard_result();
         }
 
         return make_ready_future<>();
     };
 
-    return when_all_succeed(modify_roles(), modify_role_members()).discard_result();
+    return when_all_succeed(modify_roles(), modify_role_members).discard_result();
 }
 
 future<>
@@ -425,7 +416,7 @@ standard_role_manager::grant(std::string_view grantee_name, std::string_view rol
         return this->query_granted(
                 grantee_name,
                 recursive_role_query::yes).then([role_name, grantee_name](role_set roles) {
-            if (roles.count(sstring(role_name)) != 0) {
+            if (roles.contains(sstring(role_name))) {
                 throw role_already_included(grantee_name, role_name);
             }
 
@@ -437,7 +428,7 @@ standard_role_manager::grant(std::string_view grantee_name, std::string_view rol
         return this->query_granted(
                 role_name,
                 recursive_role_query::yes).then([role_name, grantee_name](role_set roles) {
-            if (roles.count(sstring(grantee_name)) != 0) {
+            if (roles.contains(sstring(grantee_name))) {
                 throw role_already_included(role_name, grantee_name);
             }
 
@@ -460,7 +451,7 @@ standard_role_manager::revoke(std::string_view revokee_name, std::string_view ro
         return this->query_granted(
                 revokee_name,
                 recursive_role_query::no).then([revokee_name, role_name](role_set roles) {
-            if (roles.count(sstring(role_name)) == 0) {
+            if (!roles.contains(sstring(role_name))) {
                 throw revoke_ungranted_role(revokee_name, role_name);
             }
 
@@ -504,7 +495,7 @@ future<role_set> standard_role_manager::query_granted(std::string_view grantee_n
 future<role_set> standard_role_manager::query_all() const {
     static const sstring query = format("SELECT {} FROM {}",
             meta::roles_table::role_col_name,
-            meta::roles_table::qualified_name());
+            meta::roles_table::qualified_name);
 
     // To avoid many copies of a view.
     static const auto role_col_name_string = sstring(meta::roles_table::role_col_name);
@@ -512,7 +503,7 @@ future<role_set> standard_role_manager::query_all() const {
     return _qp.execute_internal(
             query,
             db::consistency_level::QUORUM,
-            internal_distributed_timeout_config()).then([](::shared_ptr<cql3::untyped_result_set> results) {
+            internal_distributed_query_state()).then([](::shared_ptr<cql3::untyped_result_set> results) {
         role_set roles;
 
         std::transform(

auth/standard_role_manager.hh

@@ -42,8 +42,6 @@ class migration_manager;
 
 namespace auth {
 
-std::string_view standard_role_manager_name() noexcept;
-
 class standard_role_manager final : public role_manager {
     cql3::query_processor& _qp;
     ::service::migration_manager& _migration_manager;

auth/transitional.cc

@@ -101,7 +101,7 @@ public:
     virtual future<authenticated_user> authenticate(const credentials_map& credentials) const override {
         auto i = credentials.find(authenticator::USERNAME_KEY);
         if ((i == credentials.end() || i->second.empty())
-                && (!credentials.count(PASSWORD_KEY) || credentials.at(PASSWORD_KEY).empty())) {
+                && (!credentials.contains(PASSWORD_KEY) || credentials.at(PASSWORD_KEY).empty())) {
             // return anon user
             return make_ready_future<authenticated_user>(anonymous_user());
         }

bytes.cc

@@ -100,3 +100,7 @@ std::ostream& operator<<(std::ostream& os, const bytes_view& b) {
 }
 
 }
+
+std::ostream& operator<<(std::ostream& os, const fmt_hex& b) {
+    return os << to_hex(b.v);
+}

bytes.hh

@@ -28,6 +28,7 @@
 #include <iosfwd>
 #include <functional>
 #include "utils/mutable_view.hh"
+#include <xxhash.h>
 
 using bytes = basic_sstring<int8_t, uint32_t, 31, false>;
 using bytes_view = std::basic_string_view<int8_t>;
@@ -35,20 +36,24 @@ using bytes_mutable_view = basic_mutable_view<bytes_view::value_type>;
 using bytes_opt = std::optional<bytes>;
 using sstring_view = std::string_view;
 
+inline bytes to_bytes(bytes&& b) {
+    return std::move(b);
+}
+
 inline sstring_view to_sstring_view(bytes_view view) {
     return {reinterpret_cast<const char*>(view.data()), view.size()};
 }
 
-namespace std {
+inline bytes_view to_bytes_view(sstring_view view) {
+    return {reinterpret_cast<const int8_t*>(view.data()), view.size()};
+}
 
-template <>
-struct hash<bytes_view> {
-    size_t operator()(bytes_view v) const {
-        return hash<sstring_view>()({reinterpret_cast<const char*>(v.begin()), v.size()});
-    }
+struct fmt_hex {
+    bytes_view& v;
+    fmt_hex(bytes_view& v) noexcept : v(v) {}
 };
 
-}
+std::ostream& operator<<(std::ostream& os, const fmt_hex& hex);
 
 bytes from_hex(sstring_view s);
 sstring to_hex(bytes_view b);
@@ -83,10 +88,37 @@ struct appending_hash<bytes_view> {
     }
 };
 
+struct bytes_view_hasher : public hasher {
+    XXH64_state_t _state;
+    bytes_view_hasher(uint64_t seed = 0) noexcept {
+        XXH64_reset(&_state, seed);
+    }
+    void update(const char* ptr, size_t length) noexcept {
+        XXH64_update(&_state, ptr, length);
+    }
+    size_t finalize() {
+        return static_cast<size_t>(XXH64_digest(&_state));
+    }
+};
+
+namespace std {
+template <>
+struct hash<bytes_view> {
+    size_t operator()(bytes_view v) const {
+        bytes_view_hasher h;
+        appending_hash<bytes_view>{}(h, v);
+        return h.finalize();
+    }
+};
+} // namespace std
+
 inline int32_t compare_unsigned(bytes_view v1, bytes_view v2) {
-    auto n = memcmp(v1.begin(), v2.begin(), std::min(v1.size(), v2.size()));
+  auto size = std::min(v1.size(), v2.size());
+  if (size) {
+    auto n = memcmp(v1.begin(), v2.begin(), size);
     if (n) {
         return n;
     }
+  }
     return (int32_t) (v1.size() - v2.size());
 }

bytes_ostream.hh

@@ -24,9 +24,10 @@
 #include <boost/range/iterator_range.hpp>
 
 #include "bytes.hh"
-#include <seastar/core/unaligned.hh>
 #include "hashing.hh"
 #include <seastar/core/simple-stream.hh>
+#include <concepts>
+
 /**
  * Utility for writing data into a buffer when its final size is not known up front.
  *
@@ -39,7 +40,7 @@ public:
     using size_type = bytes::size_type;
     using value_type = bytes::value_type;
     using fragment_type = bytes_view;
-    static constexpr size_type max_chunk_size() { return 128 * 1024; }
+    static constexpr size_type max_chunk_size() { return max_alloc_size() - sizeof(chunk); }
 private:
     static_assert(sizeof(value_type) == 1, "value_type is assumed to be one byte long");
     struct chunk {
@@ -59,13 +60,21 @@ private:
         void operator delete(void* ptr) { free(ptr); }
     };
     static constexpr size_type default_chunk_size{512};
+    static constexpr size_type max_alloc_size() { return 128 * 1024; }
 private:
     std::unique_ptr<chunk> _begin;
     chunk* _current;
     size_type _size;
     size_type _initial_chunk_size = default_chunk_size;
 public:
-    class fragment_iterator : public std::iterator<std::input_iterator_tag, bytes_view> {
+    class fragment_iterator {
+    public:
+        using iterator_category = std::input_iterator_tag;
+        using value_type = bytes_view;
+        using difference_type = std::ptrdiff_t;
+        using pointer = bytes_view*;
+        using reference = bytes_view&;
+    private:
         chunk* _current = nullptr;
     public:
         fragment_iterator() = default;
@@ -125,16 +134,15 @@ private:
         return _current->size - _current->offset;
     }
     // Figure out next chunk size.
-    //   - must be enough for data_size
+    //   - must be enough for data_size + sizeof(chunk)
     //   - must be at least _initial_chunk_size
     //   - try to double each time to prevent too many allocations
-    //   - do not exceed max_chunk_size
+    //   - should not exceed max_alloc_size, unless data_size requires so
     size_type next_alloc_size(size_t data_size) const {
         auto next_size = _current
                 ? _current->size * 2
                 : _initial_chunk_size;
-        next_size = std::min(next_size, max_chunk_size());
-        // FIXME: check for overflow?
+        next_size = std::min(next_size, max_alloc_size());
         return std::max<size_type>(next_size, data_size + sizeof(chunk));
     }
     // Makes room for a contiguous region of given size.
@@ -226,9 +234,9 @@ public:
     };
 
     // Returns a place holder for a value to be written later.
-    template <typename T>
+    template <std::integral T>
     inline
-    std::enable_if_t<std::is_fundamental<T>::value, place_holder<T>>
+    place_holder<T>
     write_place_holder() {
         return place_holder<T>{alloc(sizeof(T))};
     }

cache_flat_mutation_reader.hh

@@ -28,7 +28,6 @@
 #include "partition_version.hh"
 #include "utils/logalloc.hh"
 #include "query-request.hh"
-#include "partition_snapshot_reader.hh"
 #include "partition_snapshot_row_cursor.hh"
 #include "read_context.hh"
 #include "flat_mutation_reader.hh"
@@ -103,7 +102,7 @@ class cache_flat_mutation_reader final : public flat_mutation_reader::impl {
     // Points to the underlying reader conforming to _schema,
     // either to *_underlying_holder or _read_context->underlying().underlying().
     flat_mutation_reader* _underlying = nullptr;
-    std::optional<flat_mutation_reader> _underlying_holder;
+    flat_mutation_reader_opt _underlying_holder;
 
     future<> do_fill_buffer(db::timeout_clock::time_point);
     future<> ensure_underlying(db::timeout_clock::time_point);
@@ -113,6 +112,7 @@ class cache_flat_mutation_reader final : public flat_mutation_reader::impl {
     void move_to_next_range();
     void move_to_range(query::clustering_row_ranges::const_iterator);
     void move_to_next_entry();
+    void maybe_drop_last_entry() noexcept;
     void add_to_buffer(const partition_snapshot_row_cursor&);
     void add_clustering_row_to_buffer(mutation_fragment&&);
     void add_to_buffer(range_tombstone&&);
@@ -123,6 +123,7 @@ class cache_flat_mutation_reader final : public flat_mutation_reader::impl {
     bool can_populate() const;
     // Marks the range between _last_row (exclusive) and _next_row (exclusive) as continuous,
     // provided that the underlying reader still matches the latest version of the partition.
+    // Invalidates _last_row.
     void maybe_update_continuity();
     // Tries to ensure that the lower bound of the current population range exists.
     // Returns false if it failed and range cannot be populated.
@@ -134,7 +135,7 @@ class cache_flat_mutation_reader final : public flat_mutation_reader::impl {
     void maybe_add_to_cache(const static_row& sr);
     void maybe_set_static_row_continuous();
     void finish_reader() {
-        push_mutation_fragment(partition_end());
+        push_mutation_fragment(*_schema, _permit, partition_end());
         _end_of_stream = true;
         _state = state::end_of_stream;
     }
@@ -146,7 +147,7 @@ public:
                                lw_shared_ptr<read_context> ctx,
                                partition_snapshot_ptr snp,
                                row_cache& cache)
-        : flat_mutation_reader::impl(std::move(s))
+        : flat_mutation_reader::impl(std::move(s), ctx->permit())
         , _snp(std::move(snp))
         , _position_cmp(*_schema)
         , _ck_ranges(std::move(crr))
@@ -158,17 +159,18 @@ public:
         , _read_context(std::move(ctx))
         , _next_row(*_schema, *_snp)
     {
-        clogger.trace("csm {}: table={}.{}", this, _schema->ks_name(), _schema->cf_name());
-        push_mutation_fragment(partition_start(std::move(dk), _snp->partition_tombstone()));
+        clogger.trace("csm {}: table={}.{}", fmt::ptr(this), _schema->ks_name(), _schema->cf_name());
+        push_mutation_fragment(*_schema, _permit, partition_start(std::move(dk), _snp->partition_tombstone()));
     }
     cache_flat_mutation_reader(const cache_flat_mutation_reader&) = delete;
     cache_flat_mutation_reader(cache_flat_mutation_reader&&) = delete;
     virtual future<> fill_buffer(db::timeout_clock::time_point timeout) override;
-    virtual void next_partition() override {
+    virtual future<> next_partition() override {
         clear_buffer_to_next_partition();
         if (is_buffer_empty()) {
             _end_of_stream = true;
         }
+        return make_ready_future<>();
     }
     virtual future<> fast_forward_to(const dht::partition_range&, db::timeout_clock::time_point timeout) override {
         clear_buffer();
@@ -188,7 +190,7 @@ future<> cache_flat_mutation_reader::process_static_row(db::timeout_clock::time_
             return _snp->static_row(_read_context->digest_requested());
         });
         if (!sr.empty()) {
-            push_mutation_fragment(mutation_fragment(std::move(sr)));
+            push_mutation_fragment(mutation_fragment(*_schema, _permit, std::move(sr)));
         }
         return make_ready_future<>();
     } else {
@@ -232,7 +234,7 @@ future<> cache_flat_mutation_reader::fill_buffer(db::timeout_clock::time_point t
             return after_static_row();
         }
     }
-    clogger.trace("csm {}: fill_buffer(), range={}, lb={}", this, *_ck_ranges_curr, _lower_bound);
+    clogger.trace("csm {}: fill_buffer(), range={}, lb={}", fmt::ptr(this), *_ck_ranges_curr, _lower_bound);
     return do_until([this] { return _end_of_stream || is_buffer_full(); }, [this, timeout] {
         return do_fill_buffer(timeout);
     });
@@ -265,6 +267,9 @@ future<> cache_flat_mutation_reader::do_fill_buffer(db::timeout_clock::time_poin
         }
         _state = state::reading_from_underlying;
         _population_range_starts_before_all_rows = _lower_bound.is_before_all_clustered_rows(*_schema);
+        if (!_read_context->partition_exists()) {
+            return read_from_underlying(timeout);
+        }
         auto end = _next_row_in_range ? position_in_partition(_next_row.position())
                                       : position_in_partition(_upper_bound);
         return _underlying->fast_forward_to(position_range{_lower_bound, std::move(end)}, timeout).then([this, timeout] {
@@ -277,7 +282,7 @@ future<> cache_flat_mutation_reader::do_fill_buffer(db::timeout_clock::time_poin
     // assert(_state == state::reading_from_cache)
     return _lsa_manager.run_in_read_section([this] {
         auto next_valid = _next_row.iterators_valid();
-        clogger.trace("csm {}: reading_from_cache, range=[{}, {}), next={}, valid={}", this, _lower_bound,
+        clogger.trace("csm {}: reading_from_cache, range=[{}, {}), next={}, valid={}", fmt::ptr(this), _lower_bound,
             _upper_bound, _next_row.position(), next_valid);
         // We assume that if there was eviction, and thus the range may
         // no longer be continuous, the cursor was invalidated.
@@ -291,7 +296,7 @@ future<> cache_flat_mutation_reader::do_fill_buffer(db::timeout_clock::time_poin
             }
         }
         _next_row.maybe_refresh();
-        clogger.trace("csm {}: next={}, cont={}", this, _next_row.position(), _next_row.continuous());
+        clogger.trace("csm {}: next={}, cont={}", fmt::ptr(this), _next_row.position(), _next_row.continuous());
         _lower_bound_changed = false;
         while (_state == state::reading_from_cache) {
             copy_from_cache_to_buffer();
@@ -329,7 +334,6 @@ future<> cache_flat_mutation_reader::read_from_underlying(db::timeout_clock::tim
                 }
                 if (_next_row_in_range) {
                     maybe_update_continuity();
-                    _last_row = _next_row;
                     add_to_buffer(_next_row);
                     try {
                         move_to_next_entry();
@@ -342,14 +346,14 @@ future<> cache_flat_mutation_reader::read_from_underlying(db::timeout_clock::tim
                     if (no_clustering_row_between(*_schema, _upper_bound, _next_row.position())) {
                         this->maybe_update_continuity();
                     } else if (can_populate()) {
-                        rows_entry::compare less(*_schema);
+                        rows_entry::tri_compare cmp(*_schema);
                         auto& rows = _snp->version()->partition().clustered_rows();
                         if (query::is_single_row(*_schema, *_ck_ranges_curr)) {
                             with_allocator(_snp->region().allocator(), [&] {
                                 auto e = alloc_strategy_unique_ptr<rows_entry>(
                                     current_allocator().construct<rows_entry>(_ck_ranges_curr->start()->value()));
                                 // Use _next_row iterator only as a hint, because there could be insertions after _upper_bound.
-                                auto insert_result = rows.insert_check(_next_row.get_iterator_in_latest_version(), *e, less);
+                                auto insert_result = rows.insert_before_hint(_next_row.get_iterator_in_latest_version(), *e, cmp);
                                 auto inserted = insert_result.second;
                                 auto it = insert_result.first;
                                 if (inserted) {
@@ -357,7 +361,7 @@ future<> cache_flat_mutation_reader::read_from_underlying(db::timeout_clock::tim
                                     e.release();
                                     auto next = std::next(it);
                                     it->set_continuous(next->continuous());
-                                    clogger.trace("csm {}: inserted dummy at {}, cont={}", this, it->position(), it->continuous());
+                                    clogger.trace("csm {}: inserted dummy at {}, cont={}", fmt::ptr(this), it->position(), it->continuous());
                                 }
                             });
                         } else if (ensure_population_lower_bound()) {
@@ -365,16 +369,17 @@ future<> cache_flat_mutation_reader::read_from_underlying(db::timeout_clock::tim
                                 auto e = alloc_strategy_unique_ptr<rows_entry>(
                                     current_allocator().construct<rows_entry>(*_schema, _upper_bound, is_dummy::yes, is_continuous::yes));
                                 // Use _next_row iterator only as a hint, because there could be insertions after _upper_bound.
-                                auto insert_result = rows.insert_check(_next_row.get_iterator_in_latest_version(), *e, less);
+                                auto insert_result = rows.insert_before_hint(_next_row.get_iterator_in_latest_version(), *e, cmp);
                                 auto inserted = insert_result.second;
                                 if (inserted) {
-                                    clogger.trace("csm {}: inserted dummy at {}", this, _upper_bound);
+                                    clogger.trace("csm {}: inserted dummy at {}", fmt::ptr(this), _upper_bound);
                                     _snp->tracker()->insert(*e);
                                     e.release();
                                 } else {
-                                    clogger.trace("csm {}: mark {} as continuous", this, insert_result.first->position());
+                                    clogger.trace("csm {}: mark {} as continuous", fmt::ptr(this), insert_result.first->position());
                                     insert_result.first->set_continuous(true);
                                 }
+                                maybe_drop_last_entry();
                             });
                         }
                     } else {
@@ -405,15 +410,15 @@ bool cache_flat_mutation_reader::ensure_population_lower_bound() {
     if (!_last_row.is_in_latest_version()) {
         with_allocator(_snp->region().allocator(), [&] {
             auto& rows = _snp->version()->partition().clustered_rows();
-            rows_entry::compare less(*_schema);
+            rows_entry::tri_compare cmp(*_schema);
             // FIXME: Avoid the copy by inserting an incomplete clustering row
             auto e = alloc_strategy_unique_ptr<rows_entry>(
                 current_allocator().construct<rows_entry>(*_schema, *_last_row));
             e->set_continuous(false);
-            auto insert_result = rows.insert_check(rows.end(), *e, less);
+            auto insert_result = rows.insert_before_hint(rows.end(), *e, cmp);
             auto inserted = insert_result.second;
             if (inserted) {
-                clogger.trace("csm {}: inserted lower bound dummy at {}", this, e->position());
+                clogger.trace("csm {}: inserted lower bound dummy at {}", fmt::ptr(this), e->position());
                 _snp->tracker()->insert(*e);
                 e.release();
             }
@@ -428,6 +433,7 @@ void cache_flat_mutation_reader::maybe_update_continuity() {
         with_allocator(_snp->region().allocator(), [&] {
             rows_entry& e = _next_row.ensure_entry_in_latest().row;
             e.set_continuous(true);
+            maybe_drop_last_entry();
         });
     } else {
         _read_context->cache().on_mispopulate();
@@ -453,20 +459,20 @@ void cache_flat_mutation_reader::maybe_add_to_cache(const clustering_row& cr) {
         _read_context->cache().on_mispopulate();
         return;
     }
-    clogger.trace("csm {}: populate({})", this, clustering_row::printer(*_schema, cr));
+    clogger.trace("csm {}: populate({})", fmt::ptr(this), clustering_row::printer(*_schema, cr));
     _lsa_manager.run_in_update_section_with_allocator([this, &cr] {
         mutation_partition& mp = _snp->version()->partition();
-        rows_entry::compare less(*_schema);
+        rows_entry::tri_compare cmp(*_schema);
 
         if (_read_context->digest_requested()) {
             cr.cells().prepare_hash(*_schema, column_kind::regular_column);
         }
         auto new_entry = alloc_strategy_unique_ptr<rows_entry>(
-            current_allocator().construct<rows_entry>(*_schema, cr.key(), cr.tomb(), cr.marker(), cr.cells()));
+            current_allocator().construct<rows_entry>(*_schema, cr.key(), cr.as_deletable_row()));
         new_entry->set_continuous(false);
         auto it = _next_row.iterators_valid() ? _next_row.get_iterator_in_latest_version()
-                                              : mp.clustered_rows().lower_bound(cr.key(), less);
-        auto insert_result = mp.clustered_rows().insert_check(it, *new_entry, less);
+                                              : mp.clustered_rows().lower_bound(cr.key(), cmp);
+        auto insert_result = mp.clustered_rows().insert_before_hint(it, *new_entry, cmp);
         if (insert_result.second) {
             _snp->tracker()->insert(*new_entry);
             new_entry.release();
@@ -475,7 +481,7 @@ void cache_flat_mutation_reader::maybe_add_to_cache(const clustering_row& cr) {
 
         rows_entry& e = *it;
         if (ensure_population_lower_bound()) {
-            clogger.trace("csm {}: set_continuous({})", this, e.position());
+            clogger.trace("csm {}: set_continuous({})", fmt::ptr(this), e.position());
             e.set_continuous(true);
         } else {
             _read_context->cache().on_mispopulate();
@@ -494,14 +500,14 @@ bool cache_flat_mutation_reader::after_current_range(position_in_partition_view
 
 inline
 void cache_flat_mutation_reader::start_reading_from_underlying() {
-    clogger.trace("csm {}: start_reading_from_underlying(), range=[{}, {})", this, _lower_bound, _next_row_in_range ? _next_row.position() : _upper_bound);
+    clogger.trace("csm {}: start_reading_from_underlying(), range=[{}, {})", fmt::ptr(this), _lower_bound, _next_row_in_range ? _next_row.position() : _upper_bound);
     _state = state::move_to_underlying;
     _next_row.touch();
 }
 
 inline
 void cache_flat_mutation_reader::copy_from_cache_to_buffer() {
-    clogger.trace("csm {}: copy_from_cache, next={}, next_row_in_range={}", this, _next_row.position(), _next_row_in_range);
+    clogger.trace("csm {}: copy_from_cache, next={}, next_row_in_range={}", fmt::ptr(this), _next_row.position(), _next_row_in_range);
     _next_row.touch();
     position_in_partition_view next_lower_bound = _next_row.dummy() ? _next_row.position() : position_in_partition_view::after_key(_next_row.key());
     for (auto &&rts : _snp->range_tombstones(_lower_bound, _next_row_in_range ? next_lower_bound : _upper_bound)) {
@@ -509,7 +515,7 @@ void cache_flat_mutation_reader::copy_from_cache_to_buffer() {
         // This guarantees that rts starts after any emitted clustering_row
         // and not before any emitted range tombstone.
         if (!less(_lower_bound, rts.position())) {
-            rts.set_start(*_schema, _lower_bound);
+            rts.set_start(_lower_bound);
         } else {
             _lower_bound = position_in_partition(rts.position());
             _lower_bound_changed = true;
@@ -517,12 +523,11 @@ void cache_flat_mutation_reader::copy_from_cache_to_buffer() {
                 return;
             }
         }
-        push_mutation_fragment(std::move(rts));
+        push_mutation_fragment(*_schema, _permit, std::move(rts));
     }
     // We add the row to the buffer even when it's full.
     // This simplifies the code. For more info see #3139.
     if (_next_row_in_range) {
-        _last_row = _next_row;
         add_to_buffer(_next_row);
         move_to_next_entry();
     } else {
@@ -533,7 +538,7 @@ void cache_flat_mutation_reader::copy_from_cache_to_buffer() {
 inline
 void cache_flat_mutation_reader::move_to_end() {
     finish_reader();
-    clogger.trace("csm {}: eos", this);
+    clogger.trace("csm {}: eos", fmt::ptr(this));
 }
 
 inline
@@ -558,7 +563,7 @@ void cache_flat_mutation_reader::move_to_range(query::clustering_row_ranges::con
     _ck_ranges_curr = next_it;
     auto adjacent = _next_row.advance_to(_lower_bound);
     _next_row_in_range = !after_current_range(_next_row.position());
-    clogger.trace("csm {}: move_to_range(), range={}, lb={}, ub={}, next={}", this, *_ck_ranges_curr, _lower_bound, _upper_bound, _next_row.position());
+    clogger.trace("csm {}: move_to_range(), range={}, lb={}, ub={}, next={}", fmt::ptr(this), *_ck_ranges_curr, _lower_bound, _upper_bound, _next_row.position());
     if (!adjacent && !_next_row.continuous()) {
         // FIXME: We don't insert a dummy for singular range to avoid allocating 3 entries
         // for a hit (before, at and after). If we supported the concept of an incomplete row,
@@ -568,11 +573,11 @@ void cache_flat_mutation_reader::move_to_range(query::clustering_row_ranges::con
             // Insert dummy for lower bound
             if (can_populate()) {
                 // FIXME: _lower_bound could be adjacent to the previous row, in which case we could skip this
-                clogger.trace("csm {}: insert dummy at {}", this, _lower_bound);
+                clogger.trace("csm {}: insert dummy at {}", fmt::ptr(this), _lower_bound);
                 auto it = with_allocator(_lsa_manager.region().allocator(), [&] {
                     auto& rows = _snp->version()->partition().clustered_rows();
-                    auto new_entry = current_allocator().construct<rows_entry>(*_schema, _lower_bound, is_dummy::yes, is_continuous::no);
-                    return rows.insert_before(_next_row.get_iterator_in_latest_version(), *new_entry);
+                    auto new_entry = alloc_strategy_unique_ptr<rows_entry>(current_allocator().construct<rows_entry>(*_schema, _lower_bound, is_dummy::yes, is_continuous::no));
+                    return rows.insert_before(_next_row.get_iterator_in_latest_version(), std::move(new_entry));
                 });
                 _snp->tracker()->insert(*it);
                 _last_row = partition_snapshot_row_weakref(*_snp, it, true);
@@ -584,28 +589,64 @@ void cache_flat_mutation_reader::move_to_range(query::clustering_row_ranges::con
     }
 }
 
+// Drops _last_row entry when possible without changing logical contents of the partition.
+// Call only when _last_row and _next_row are valid.
+// Calling after ensure_population_lower_bound() is ok.
+// _next_row must have a greater position than _last_row.
+// Invalidates references but keeps the _next_row valid.
+inline
+void cache_flat_mutation_reader::maybe_drop_last_entry() noexcept {
+    // Drop dummy entry if it falls inside a continuous range.
+    // This prevents unnecessary dummy entries from accumulating in cache and slowing down scans.
+    //
+    // Eviction can happen only from oldest versions to preserve the continuity non-overlapping rule
+    // (See docs/design-notes/row_cache.md)
+    //
+    if (_last_row
+            && _last_row->dummy()
+            && _last_row->continuous()
+            && _snp->at_latest_version()
+            && _snp->at_oldest_version()) {
+
+        with_allocator(_snp->region().allocator(), [&] {
+            _last_row->on_evicted(_read_context->cache()._tracker);
+        });
+        _last_row = nullptr;
+
+        // There could be iterators pointing to _last_row, invalidate them
+        _snp->region().allocator().invalidate_references();
+
+        // Don't invalidate _next_row, move_to_next_entry() expects it to be still valid.
+        _next_row.force_valid();
+    }
+}
+
 // _next_row must be inside the range.
 inline
 void cache_flat_mutation_reader::move_to_next_entry() {
-    clogger.trace("csm {}: move_to_next_entry(), curr={}", this, _next_row.position());
+    clogger.trace("csm {}: move_to_next_entry(), curr={}", fmt::ptr(this), _next_row.position());
     if (no_clustering_row_between(*_schema, _next_row.position(), _upper_bound)) {
         move_to_next_range();
     } else {
+        auto new_last_row = partition_snapshot_row_weakref(_next_row);
         if (!_next_row.next()) {
             move_to_end();
             return;
         }
+        _last_row = std::move(new_last_row);
         _next_row_in_range = !after_current_range(_next_row.position());
-        clogger.trace("csm {}: next={}, cont={}, in_range={}", this, _next_row.position(), _next_row.continuous(), _next_row_in_range);
+        clogger.trace("csm {}: next={}, cont={}, in_range={}", fmt::ptr(this), _next_row.position(), _next_row.continuous(), _next_row_in_range);
         if (!_next_row.continuous()) {
             start_reading_from_underlying();
+        } else {
+            maybe_drop_last_entry();
         }
     }
 }
 
 inline
 void cache_flat_mutation_reader::add_to_buffer(mutation_fragment&& mf) {
-    clogger.trace("csm {}: add_to_buffer({})", this, mutation_fragment::printer(*_schema, mf));
+    clogger.trace("csm {}: add_to_buffer({})", fmt::ptr(this), mutation_fragment::printer(*_schema, mf));
     if (mf.is_clustering_row()) {
         add_clustering_row_to_buffer(std::move(mf));
     } else {
@@ -618,7 +659,14 @@ inline
 void cache_flat_mutation_reader::add_to_buffer(const partition_snapshot_row_cursor& row) {
     if (!row.dummy()) {
         _read_context->cache().on_row_hit();
-        add_clustering_row_to_buffer(row.row(_read_context->digest_requested()));
+        add_clustering_row_to_buffer(mutation_fragment(*_schema, _permit, row.row(_read_context->digest_requested())));
+    } else {
+        position_in_partition::less_compare less(*_schema);
+        if (less(_lower_bound, row.position())) {
+            _lower_bound = row.position();
+            _lower_bound_changed = true;
+        }
+        _read_context->cache()._tracker.on_dummy_row_hit();
     }
 }
 
@@ -627,7 +675,7 @@ void cache_flat_mutation_reader::add_to_buffer(const partition_snapshot_row_curs
 //   (2) If _lower_bound > mf.position(), mf was emitted
 inline
 void cache_flat_mutation_reader::add_clustering_row_to_buffer(mutation_fragment&& mf) {
-    clogger.trace("csm {}: add_clustering_row_to_buffer({})", this, mutation_fragment::printer(*_schema, mf));
+    clogger.trace("csm {}: add_clustering_row_to_buffer({})", fmt::ptr(this), mutation_fragment::printer(*_schema, mf));
     auto& row = mf.as_clustering_row();
     auto new_lower_bound = position_in_partition::after_key(row.key());
     push_mutation_fragment(std::move(mf));
@@ -637,7 +685,7 @@ void cache_flat_mutation_reader::add_clustering_row_to_buffer(mutation_fragment&
 
 inline
 void cache_flat_mutation_reader::add_to_buffer(range_tombstone&& rt) {
-    clogger.trace("csm {}: add_to_buffer({})", this, rt);
+    clogger.trace("csm {}: add_to_buffer({})", fmt::ptr(this), rt);
     // This guarantees that rt starts after any emitted clustering_row
     // and not before any emitted range tombstone.
     position_in_partition::less_compare less(*_schema);
@@ -645,18 +693,18 @@ void cache_flat_mutation_reader::add_to_buffer(range_tombstone&& rt) {
         return;
     }
     if (!less(_lower_bound, rt.position())) {
-        rt.set_start(*_schema, _lower_bound);
+        rt.set_start(_lower_bound);
     } else {
         _lower_bound = position_in_partition(rt.position());
         _lower_bound_changed = true;
     }
-    push_mutation_fragment(std::move(rt));
+    push_mutation_fragment(*_schema, _permit, std::move(rt));
 }
 
 inline
 void cache_flat_mutation_reader::maybe_add_to_cache(const range_tombstone& rt) {
     if (can_populate()) {
-        clogger.trace("csm {}: maybe_add_to_cache({})", this, rt);
+        clogger.trace("csm {}: maybe_add_to_cache({})", fmt::ptr(this), rt);
         _lsa_manager.run_in_update_section_with_allocator([&] {
             _snp->version()->partition().row_tombstones().apply_monotonically(*_schema, rt);
         });
@@ -668,7 +716,7 @@ void cache_flat_mutation_reader::maybe_add_to_cache(const range_tombstone& rt) {
 inline
 void cache_flat_mutation_reader::maybe_add_to_cache(const static_row& sr) {
     if (can_populate()) {
-        clogger.trace("csm {}: populate({})", this, static_row::printer(*_schema, sr));
+        clogger.trace("csm {}: populate({})", fmt::ptr(this), static_row::printer(*_schema, sr));
         _read_context->cache().on_static_row_insert();
         _lsa_manager.run_in_update_section_with_allocator([&] {
             if (_read_context->digest_requested()) {
@@ -684,7 +732,7 @@ void cache_flat_mutation_reader::maybe_add_to_cache(const static_row& sr) {
 inline
 void cache_flat_mutation_reader::maybe_set_static_row_continuous() {
     if (can_populate()) {
-        clogger.trace("csm {}: set static row continuous", this);
+        clogger.trace("csm {}: set static row continuous", fmt::ptr(this));
         _snp->version()->partition().set_static_row_continuous(true);
     } else {
         _read_context->cache().on_mispopulate();

caching_options.hh

@@ -23,7 +23,7 @@
 #include <seastar/core/sstring.hh>
 #include <boost/lexical_cast.hpp>
 #include "exceptions/exceptions.hh"
-#include "json.hh"
+#include "utils/rjson.hh"
 #include "seastarx.hh"
 
 class schema;
@@ -76,7 +76,7 @@ public:
     }
 
     sstring to_sstring() const {
-        return json::to_json(to_map());
+        return rjson::print(rjson::from_string_map(to_map()));
     }
 
     static caching_options get_disabled_caching_options() {
@@ -97,13 +97,14 @@ public:
             } else if (p.first == "enabled") {
                 e = p.second == "true";
             } else {
-                throw exceptions::configuration_exception("Invalid caching option: " + p.first);
+                throw exceptions::configuration_exception(format("Invalid caching option: {}", p.first));
             }
         }
         return caching_options(k, r, e);
     }
+
     static caching_options from_sstring(const sstring& str) {
-        return from_map(json::to_map(str));
+        return from_map(rjson::parse_to_map<std::map<sstring, sstring>>(str));
     }
 
     bool operator==(const caching_options& other) const {

canonical_mutation.cc

@@ -37,7 +37,7 @@
 #include "idl/mutation.dist.impl.hh"
 #include <iostream>
 
-canonical_mutation::canonical_mutation(bytes data)
+canonical_mutation::canonical_mutation(bytes_ostream data)
         : _data(std::move(data))
 { }
 
@@ -45,8 +45,7 @@ canonical_mutation::canonical_mutation(const mutation& m)
 {
     mutation_partition_serializer part_ser(*m.schema(), m.partition());
 
-    bytes_ostream out;
-    ser::writer_of_canonical_mutation<bytes_ostream> wr(out);
+    ser::writer_of_canonical_mutation<bytes_ostream> wr(_data);
     std::move(wr).write_table_id(m.schema()->id())
                  .write_schema_version(m.schema()->version())
                  .write_key(m.key())
@@ -54,7 +53,6 @@ canonical_mutation::canonical_mutation(const mutation& m)
                  .partition([&] (auto wr) {
                      part_ser.write(std::move(wr));
                  }).end_canonical_mutation();
-    _data = to_bytes(out.linearize());
 }
 
 utils::UUID canonical_mutation::column_family_id() const {

canonical_mutation.hh

@@ -32,9 +32,9 @@
 // Safe to access from other shards via const&.
 // Safe to pass serialized across nodes.
 class canonical_mutation {
-    bytes _data;
+    bytes_ostream _data;
 public:
-    explicit canonical_mutation(bytes);
+    explicit canonical_mutation(bytes_ostream);
     explicit canonical_mutation(const mutation&);
 
     canonical_mutation(canonical_mutation&&) = default;
@@ -51,7 +51,7 @@ public:
 
     utils::UUID column_family_id() const;
 
-    const bytes& representation() const { return _data; }
+    const bytes_ostream& representation() const { return _data; }
 
     friend std::ostream& operator<<(std::ostream& os, const canonical_mutation& cm);
 };

cartesian_product.hh

@@ -33,9 +33,13 @@ template<typename T>
 struct cartesian_product {
     const std::vector<std::vector<T>>& _vec_of_vecs;
 public:
-    class iterator : public std::iterator<std::forward_iterator_tag, std::vector<T>> {
+    class iterator {
     public:
+        using iterator_category = std::forward_iterator_tag;
         using value_type = std::vector<T>;
+        using difference_type = std::ptrdiff_t;
+        using pointer = std::vector<T>*;
+        using reference = std::vector<T>&;
     private:
         size_t _pos;
         const std::vector<std::vector<T>>* _vec_of_vecs;

cdc/cdc_extension.hh

@@ -20,10 +20,16 @@
 
 #pragma once
 
+#include <map>
+
+#include <seastar/core/sstring.hh>
+
+#include "bytes.hh"
 #include "serializer.hh"
 #include "db/extensions.hh"
 #include "cdc/cdc_options.hh"
 #include "schema.hh"
+#include "serializer_impl.hh"
 
 namespace cdc {
 
@@ -33,6 +39,7 @@ public:
     static constexpr auto NAME = "cdc";
 
     cdc_extension() = default;
+    cdc_extension(const options& opts) : _cdc_options(opts) {}
     explicit cdc_extension(std::map<sstring, sstring> tags) : _cdc_options(std::move(tags)) {}
     explicit cdc_extension(const bytes& b) : _cdc_options(cdc_extension::deserialize(b)) {}
     explicit cdc_extension(const sstring& s) {

cdc/cdc_options.hh

@@ -27,10 +27,32 @@
 
 namespace cdc {
 
+enum class delta_mode : uint8_t {
+    keys,
+    full,
+};
+
+/**
+ * (for now only pre-) image collection mode.
+ * Stating how much info to record.
+ * off == none
+ * on == changed columns
+ * full == all (changed and unmodified columns)
+ */
+enum class image_mode : uint8_t {
+    off, 
+    on,
+    full,
+};
+
+std::ostream& operator<<(std::ostream& os, delta_mode);
+std::ostream& operator<<(std::ostream& os, image_mode);
+
 class options final {
     bool _enabled = false;
-    bool _preimage = false;
+    image_mode _preimage = image_mode::off;
     bool _postimage = false;
+    delta_mode _delta_mode = delta_mode::full;
     int _ttl = 86400; // 24h in seconds
 public:
     options() = default;
@@ -40,10 +62,19 @@ public:
     sstring to_sstring() const;
 
     bool enabled() const { return _enabled; }
-    bool preimage() const { return _preimage; }
+    bool preimage() const { return _preimage != image_mode::off; }
+    bool full_preimage() const { return _preimage == image_mode::full; }
     bool postimage() const { return _postimage; }
+    delta_mode get_delta_mode() const { return _delta_mode; }
+    void set_delta_mode(delta_mode m) { _delta_mode = m; }
     int ttl() const { return _ttl; }
 
+    void enabled(bool b) { _enabled = b; }
+    void preimage(bool b) { preimage(b ? image_mode::on : image_mode::off); }
+    void preimage(image_mode m) { _preimage = m; }
+    void postimage(bool b) { _postimage = b; }
+    void ttl(int v) { _ttl = v; }
+
     bool operator==(const options& o) const;
     bool operator!=(const options& o) const;
 };

cdc/change_visitor.hh

@@ -0,0 +1,283 @@
+/*
+ * Copyright (C) 2020 ScyllaDB
+ */
+
+/*
+ * This file is part of Scylla.
+ *
+ * Scylla is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU Affero General Public License as published by
+ * the Free Software Foundation, either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * Scylla is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with Scylla.  If not, see <http://www.gnu.org/licenses/>.
+ */
+
+#pragma once
+
+#include "mutation.hh"
+
+/*
+ * This file contains a general abstraction for walking over mutations,
+ * deconstructing them into ``atomic'' pieces, and consuming these pieces.
+ *
+ * The pieces considered atomic are:
+ * - atomic_cells, either in collections or in atomic columns
+ *   (see `live_collection_cell`, `dead_collection_cell`, `live_atomic_cell`, `dead_atomic_cell`),
+ * - collection tombstones (see `collection_tombstone`)
+ * - row markers (see `marker`)
+ * - row tombstones (see `clustered_row_delete`),
+ * - range tombstones (see `range_delete`),
+ * - partition tombstones (see `partition_delete`).
+ * We use the term ``changes'' to refer to these atomic pieces, hence the name ``ChangeVisitor''.
+ *
+ * IMPORTANT: this doesn't understand all possible states that a mutation can have, e.g. it doesn't understand
+ * the concept of ``continuity''. However, it is sufficient for analyzing mutations created by a write coordinator,
+ * e.g. obtained by parsing a CQL statement.
+ *
+ * To analyze a mutation, create a visitor (described by the `ChangeVisitor` concept below) and pass it
+ * together with the mutation to `inspect_mutation`.
+ *
+ * To analyze certain fragments of the mutation, the inspecting code requires further visitors to be passed.
+ * For example, when it encounters a clustered row update, it calls `clustered_row_cells` on the visitor,
+ * passing it the row's key and the callback. The visitor can then decide:
+ * - if it's not interested in the row's cells, it can simply not call the callback,
+ * - otherwise, it can call the callback with a value of type that satisfies the ``RowCellsVisitor'' concept.
+ * If the callback is called, the inspector walks over the row and passes the changes into the ``row cells visitor''.
+ * In either case, it will then proceed to analyze further parts of the mutation, if any.
+ *
+ * Note that the type passed to the callbacks provided by the inspector (such as in the example above)
+ * can be decided at runtime. This can be especially useful with the callback passed to `collection_column`
+ * in RowCellsVisitor, if different collection types require different logic to handle.
+ *
+ * The dummy visitors below are there only to define the concepts.
+ * For example, in the RowCellsVisitor concept I wanted to express that `visit_collection` in RowCellsVisitor
+ * is a function that handles *any* type which satisfies CollectionVisitor. I didn't find a way to do that
+ * other than providing a ``most generic'' concrete type which satisfies the interface (`dummy_collection_visitor`).
+ * Unfortunately C++ is still not Haskell.
+ *
+ * The inspector calls `finished()` after visiting each change, and sometimes before (e.g. when it starts
+ * visiting a static row, but before it visits any of its cells). If it returns true, the inspector
+ * will stop the visitation. Thus, if at any point during the walk the visitor decides it's not interested
+ * in any more changes, it can inform the inspector by returning `true` from `finished()`.
+ *
+ * IMPORTANT: if the visitor returns `true` from `finished()`, it should keep returning `true`. This is because
+ * the inspector may call `finished()` multiple times when exiting some nested loops.
+ *
+ * The order of visitation is as follows:
+ * - First the static row is visited, if it has any cells.
+ *   Within the row, its columns are visited in order of increasing column IDs.
+ *
+ * - Then, for each clustering key, if a change (row marker, cell, or tombstone) exists for this key:
+ *   - The row marker is visited, if there is one.
+ *   - Columns are visited in order of increasing column IDs.
+ *   - The row tombstone is visited, if there is one.
+ *
+ * For both the static row and a clustering row, for each column:
+ * - If the column is atomic, a corresponding atomic_cell is visited (if there is one).
+ * - Otherwise (the column is non-atomic):
+ *   - The collection tombstone is visited first.
+ *   - Cells are visited in order of increasing keys
+ *     (assuming that the mutation was correctly constructed, i.e. it stores cells in key order).
+ *
+ * WARNING: visited collection tombstone and cells
+ * are guaranteed to live only for the duration of `collection_column` call.
+ *
+ * - Then range tombstones are visited. The order is unspecified
+ *   (more accurately: if it's specified, I don't know what it is)
+ *
+ * - Finally, the partition tombstone is visited, if it exists.
+ */
+
+namespace cdc {
+
+template <typename V>
+concept CollectionVisitor = requires(V v,
+        const tombstone& t,
+        bytes_view key,
+        const atomic_cell_view& cell) {
+
+    { v.collection_tombstone(t) }         -> std::same_as<void>;
+    { v.live_collection_cell(key, cell) } -> std::same_as<void>;
+    { v.dead_collection_cell(key, cell) } -> std::same_as<void>;
+    { v.finished() } -> std::same_as<bool>;
+};
+
+struct dummy_collection_visitor {
+    void collection_tombstone(const tombstone&) {}
+    void live_collection_cell(bytes_view, const atomic_cell_view&) {}
+    void dead_collection_cell(bytes_view, const atomic_cell_view&) {}
+    bool finished() { return false; }
+};
+
+template <typename V>
+concept RowCellsVisitor = requires(V v,
+        const column_definition& cdef,
+        const atomic_cell_view& cell,
+        noncopyable_function<void(dummy_collection_visitor&)> visit_collection) {
+
+    { v.live_atomic_cell(cdef, cell) }                         -> std::same_as<void>;
+    { v.dead_atomic_cell(cdef, cell) }                         -> std::same_as<void>;
+    { v.collection_column(cdef, std::move(visit_collection)) } -> std::same_as<void>;
+    { v.finished() }                                           -> std::same_as<bool>;
+};
+
+struct dummy_row_cells_visitor {
+    void live_atomic_cell(const column_definition&, const atomic_cell_view&) {}
+    void dead_atomic_cell(const column_definition&, const atomic_cell_view&) {}
+    void collection_column(const column_definition&, auto&& visit_collection) {
+        dummy_collection_visitor v;
+        visit_collection(v);
+    }
+    bool finished() { return false; }
+};
+
+template <typename V>
+concept ClusteredRowCellsVisitor = requires(V v,
+        const row_marker& rm) {
+    requires RowCellsVisitor<V>;
+    { v.marker(rm) } -> std::same_as<void>;
+};
+
+struct dummy_clustered_row_cells_visitor : public dummy_row_cells_visitor {
+    void marker(const row_marker&) {}
+};
+
+template <typename V>
+concept ChangeVisitor = requires(V v,
+        api::timestamp_type ts,
+        const clustering_key& ckey,
+        const range_tombstone& rt,
+        const tombstone& t,
+        noncopyable_function<void(dummy_clustered_row_cells_visitor&)> visit_clustered_row_cells,
+        noncopyable_function<void(dummy_row_cells_visitor&)> visit_row_cells) {
+
+    { v.static_row_cells(std::move(visit_row_cells)) }                    -> std::same_as<void>;
+    { v.clustered_row_cells(ckey, std::move(visit_clustered_row_cells)) } -> std::same_as<void>;
+    { v.clustered_row_delete(ckey, t) }                                   -> std::same_as<void>;
+    { v.range_delete(rt) }                                                -> std::same_as<void>;
+    { v.partition_delete(t) }                                             -> std::same_as<void>;
+    { v.finished() }                                                      -> std::same_as<bool>;
+};
+
+template <RowCellsVisitor V>
+void inspect_row_cells(const schema& s, column_kind ckind, const row& r, V& v) {
+    r.for_each_cell_until([&s, ckind, &v] (column_id id, const atomic_cell_or_collection& acoc) {
+        auto& cdef = s.column_at(ckind, id);
+
+        if (cdef.is_atomic()) {
+            auto cell = acoc.as_atomic_cell(cdef);
+            if (cell.is_live()) {
+                v.live_atomic_cell(cdef, cell);
+            } else {
+                v.dead_atomic_cell(cdef, cell);
+            }
+
+            return stop_iteration(v.finished());
+        }
+
+        acoc.as_collection_mutation().with_deserialized(*cdef.type, [&v, &cdef] (collection_mutation_view_description view) {
+            v.collection_column(cdef, [&view] (CollectionVisitor auto& cv) {
+                if (cv.finished()) {
+                    return;
+                }
+
+                if (view.tomb) {
+                    cv.collection_tombstone(view.tomb);
+                    if (cv.finished()) {
+                        return;
+                    }
+                }
+
+                for (auto& [key, cell]: view.cells) {
+                    if (cell.is_live()) {
+                        cv.live_collection_cell(key, cell);
+                    } else {
+                        cv.dead_collection_cell(key, cell);
+                    }
+
+                    if (cv.finished()) {
+                        return;
+                    }
+                }
+            });
+        });
+
+        return stop_iteration(v.finished());
+    });
+}
+
+template <ChangeVisitor V>
+void inspect_mutation(const mutation& m, V& v) {
+    auto& p = m.partition();
+    auto& s = *m.schema();
+
+    if (!p.static_row().empty()) {
+        v.static_row_cells([&s, &p] (RowCellsVisitor auto& srv) {
+            if (srv.finished()) {
+                return;
+            }
+            inspect_row_cells(s, column_kind::static_column, p.static_row().get(), srv);
+        });
+
+        if (v.finished()) {
+            return;
+        }
+    }
+
+    for (auto& cr: p.clustered_rows()) {
+        auto& r = cr.row();
+
+        if (r.marker().is_live() || !r.cells().empty()) {
+            v.clustered_row_cells(cr.key(), [&s, &r] (ClusteredRowCellsVisitor auto& crv) {
+                if (crv.finished()) {
+                    return;
+                }
+
+                auto& rm = r.marker();
+                if (rm.is_live()) {
+                    crv.marker(rm);
+
+                    if (crv.finished()) {
+                        return;
+                    }
+                }
+
+                inspect_row_cells(s, column_kind::regular_column, r.cells(), crv);
+            });
+
+            if (v.finished()) {
+                return;
+            }
+        }
+
+        if (r.deleted_at()) {
+            auto t = r.deleted_at().tomb();
+            assert(t.timestamp != api::missing_timestamp);
+            v.clustered_row_delete(cr.key(), t);
+            if (v.finished()) {
+                return;
+            }
+        }
+    }
+
+    for (auto& rt: p.row_tombstones()) {
+        assert(rt.tomb.timestamp != api::missing_timestamp);
+        v.range_delete(rt);
+        if (v.finished()) {
+            return;
+        }
+    }
+
+    if (p.partition_tombstone()) {
+        v.partition_delete(p.partition_tombstone());
+    }
+}
+
+} // namespace cdc

cdc/generation.cc

@@ -22,10 +22,13 @@
 #include <boost/type.hpp>
 #include <random>
 #include <unordered_set>
+#include <algorithm>
 #include <seastar/core/sleep.hh>
+#include <seastar/core/coroutine.hh>
 
 #include "keys.hh"
 #include "schema_builder.hh"
+#include "database.hh"
 #include "db/config.hh"
 #include "db/system_keyspace.hh"
 #include "db/system_distributed_keyspace.hh"
@@ -36,6 +39,8 @@
 #include "gms/gossiper.hh"
 
 #include "cdc/generation.hh"
+#include "cdc/cdc_options.hh"
+#include "cdc/generation_service.hh"
 
 extern logging::logger cdc_log;
 
@@ -59,14 +64,57 @@ static void copy_int_to_bytes(int64_t i, size_t offset, bytes& b) {
     std::copy_n(reinterpret_cast<int8_t*>(&i), sizeof(int64_t), b.begin() + offset);
 }
 
-stream_id::stream_id(int64_t first, int64_t second)
+static constexpr auto stream_id_version_bits = 4;
+static constexpr auto stream_id_random_bits = 38;
+static constexpr auto stream_id_index_bits = sizeof(uint64_t)*8 - stream_id_version_bits - stream_id_random_bits;
+
+static constexpr auto stream_id_version_shift = 0;
+static constexpr auto stream_id_index_shift = stream_id_version_shift + stream_id_version_bits;
+static constexpr auto stream_id_random_shift = stream_id_index_shift + stream_id_index_bits;
+
+/**
+ * Responsibilty for encoding stream_id moved from factory method to
+ * this constructor, to keep knowledge of composition in a single place.
+ * Note this is private and friended to topology_description_generator,
+ * because he is the one who defined the "order" we view vnodes etc.
+ */
+stream_id::stream_id(dht::token token, size_t vnode_index)
     : _value(bytes::initialized_later(), 2 * sizeof(int64_t))
 {
-    copy_int_to_bytes(first, 0, _value);
-    copy_int_to_bytes(second, sizeof(int64_t), _value);
+    static thread_local std::mt19937_64 rand_gen(std::random_device{}());
+    static thread_local std::uniform_int_distribution<uint64_t> rand_dist;
+
+    auto rand = rand_dist(rand_gen);
+    auto mask_shift = [](uint64_t val, size_t bits, size_t shift) {
+        return (val & ((1ull << bits) - 1u)) << shift;
+    };
+    /**
+     *  Low qword:
+     * 0-4: version
+     * 5-26: vnode index as when created (see generation below). This excludes shards
+     * 27-64: random value (maybe to be replaced with timestamp)
+     */
+    auto low_qword = mask_shift(version_1, stream_id_version_bits, stream_id_version_shift)
+        | mask_shift(vnode_index, stream_id_index_bits, stream_id_index_shift)
+        | mask_shift(rand, stream_id_random_bits, stream_id_random_shift)
+        ;
+
+    copy_int_to_bytes(dht::token::to_int64(token), 0, _value);
+    copy_int_to_bytes(low_qword, sizeof(int64_t), _value);
+    // not a hot code path. make sure we did not mess up the shifts and masks.
+    assert(version() == version_1);
+    assert(index() == vnode_index);
 }
 
-stream_id::stream_id(bytes b) : _value(std::move(b)) { }
+stream_id::stream_id(bytes b)
+    : _value(std::move(b))
+{
+    // this is not a very solid check. Id:s previous to GA/versioned id:s
+    // have fully random bits in low qword, so this could go either way...
+    if (version() > version_1) {
+        throw std::invalid_argument("Unknown CDC stream id version");
+    }
+}
 
 bool stream_id::is_set() const {
     return !_value.empty();
@@ -76,6 +124,10 @@ bool stream_id::operator==(const stream_id& o) const {
     return _value == o._value;
 }
 
+bool stream_id::operator!=(const stream_id& o) const {
+    return !(*this == o);
+}
+
 bool stream_id::operator<(const stream_id& o) const {
     return _value < o._value;
 }
@@ -87,18 +139,26 @@ static int64_t bytes_to_int64(bytes_view b, size_t offset) {
     return net::ntoh(res);
 }
 
-int64_t stream_id::first() const {
-    return token_from_bytes(_value);
-}
-
-int64_t stream_id::second() const {
-    return bytes_to_int64(_value, sizeof(int64_t));
+dht::token stream_id::token() const {
+    return dht::token::from_int64(token_from_bytes(_value));
 }
 
 int64_t stream_id::token_from_bytes(bytes_view b) {
     return bytes_to_int64(b, 0);
 }
 
+static uint64_t unpack_value(bytes_view b, size_t off, size_t shift, size_t bits) {
+    return (uint64_t(bytes_to_int64(b, off)) >> shift) & ((1ull << bits) - 1u);
+}
+
+uint8_t stream_id::version() const {
+    return unpack_value(_value, sizeof(int64_t), stream_id_version_shift, stream_id_version_bits);
+}
+
+size_t stream_id::index() const {
+    return unpack_value(_value, sizeof(int64_t), stream_id_index_shift, stream_id_index_bits);
+}
+
 const bytes& stream_id::to_bytes() const {
     return _value;
 }
@@ -119,26 +179,38 @@ bool topology_description::operator==(const topology_description& o) const {
     return _entries == o._entries;
 }
 
-const std::vector<token_range_description>& topology_description::entries() const {
+const std::vector<token_range_description>& topology_description::entries() const& {
     return _entries;
 }
 
-static stream_id create_stream_id(dht::token t) {
-    static thread_local std::mt19937_64 rand_gen(std::random_device().operator()());
-    static thread_local std::uniform_int_distribution<int64_t> rand_dist(std::numeric_limits<int64_t>::min());
+std::vector<token_range_description>&& topology_description::entries() && {
+    return std::move(_entries);
+}
 
-    return {dht::token::to_int64(t), rand_dist(rand_gen)};
+static std::vector<stream_id> create_stream_ids(
+        size_t index, dht::token start, dht::token end, size_t shard_count, uint8_t ignore_msb) {
+    std::vector<stream_id> result;
+    result.reserve(shard_count);
+    dht::sharder sharder(shard_count, ignore_msb);
+    for (size_t shard_idx = 0; shard_idx < shard_count; ++shard_idx) {
+        auto t = dht::find_first_token_for_shard(sharder, start, end, shard_idx);
+        // compose the id from token and the "index" of the range end owning vnode
+        // as defined by token sort order. Basically grouping within this
+        // shard set.
+        result.emplace_back(stream_id(t, index));
+    }
+    return result;
 }
 
 class topology_description_generator final {
     const db::config& _cfg;
     const std::unordered_set<dht::token>& _bootstrap_tokens;
-    const locator::token_metadata& _token_metadata;
+    const locator::token_metadata_ptr _tmptr;
     const gms::gossiper& _gossiper;
 
     // Compute a set of tokens that split the token ring into vnodes
     auto get_tokens() const {
-        auto tokens = _token_metadata.sorted_tokens();
+        auto tokens = _tmptr->sorted_tokens();
         auto it = tokens.insert(
                 tokens.end(), _bootstrap_tokens.begin(), _bootstrap_tokens.end());
         std::sort(it, tokens.end());
@@ -150,10 +222,10 @@ class topology_description_generator final {
     // Fetch sharding parameters for a node that owns vnode ending with this.end
     // Returns <shard_count, ignore_msb> pair.
     std::pair<size_t, uint8_t> get_sharding_info(dht::token end) const {
-        if (_bootstrap_tokens.count(end) > 0) {
+        if (_bootstrap_tokens.contains(end)) {
             return {smp::count, _cfg.murmur3_partitioner_ignore_msb_bits()};
         } else {
-            auto endpoint = _token_metadata.get_endpoint(end);
+            auto endpoint = _tmptr->get_endpoint(end);
             if (!endpoint) {
                 throw std::runtime_error(
                         format("Can't find endpoint for token {}", end));
@@ -163,32 +235,26 @@ class topology_description_generator final {
         }
     }
 
-    token_range_description create_description(dht::token start, dht::token end) const {
+    token_range_description create_description(size_t index, dht::token start, dht::token end) const {
         token_range_description desc;
 
         desc.token_range_end = end;
 
         auto [shard_count, ignore_msb] = get_sharding_info(end);
-        desc.streams.reserve(shard_count);
+        desc.streams = create_stream_ids(index, start, end, shard_count, ignore_msb);
         desc.sharding_ignore_msb = ignore_msb;
 
-        dht::sharder sharder(shard_count, ignore_msb);
-        for (size_t shard_idx = 0; shard_idx < shard_count; ++shard_idx) {
-            auto t = dht::find_first_token_for_shard(sharder, start, end, shard_idx);
-            desc.streams.push_back(create_stream_id(t));
-        }
-
         return desc;
     }
 public:
     topology_description_generator(
             const db::config& cfg,
             const std::unordered_set<dht::token>& bootstrap_tokens,
-            const locator::token_metadata& token_metadata,
+            const locator::token_metadata_ptr tmptr,
             const gms::gossiper& gossiper)
         : _cfg(cfg)
         , _bootstrap_tokens(bootstrap_tokens)
-        , _token_metadata(token_metadata)
+        , _tmptr(std::move(tmptr))
         , _gossiper(gossiper)
     {}
 
@@ -213,10 +279,10 @@ public:
         vnode_descriptions.reserve(tokens.size());
 
         vnode_descriptions.push_back(
-                create_description(tokens.back(), tokens.front()));
+                create_description(0, tokens.back(), tokens.front()));
         for (size_t idx = 1; idx < tokens.size(); ++idx) {
             vnode_descriptions.push_back(
-                    create_description(tokens[idx - 1], tokens[idx]));
+                    create_description(idx, tokens[idx - 1], tokens[idx]));
         }
 
         return {std::move(vnode_descriptions)};
@@ -243,24 +309,68 @@ future<db_clock::time_point> get_local_streams_timestamp() {
     });
 }
 
-// Run inside seastar::async context.
-db_clock::time_point make_new_cdc_generation(
+// non-static for testing
+size_t limit_of_streams_in_topology_description() {
+    // Each stream takes 16B and we don't want to exceed 4MB so we can have
+    // at most 262144 streams but not less than 1 per vnode.
+    return 4 * 1024 * 1024 / 16;
+}
+
+// non-static for testing
+topology_description limit_number_of_streams_if_needed(topology_description&& desc) {
+    int64_t streams_count = 0;
+    for (auto& tr_desc : desc.entries()) {
+        streams_count += tr_desc.streams.size();
+    }
+
+    size_t limit = std::max(limit_of_streams_in_topology_description(), desc.entries().size());
+    if (limit >= streams_count) {
+        return std::move(desc);
+    }
+    size_t streams_per_vnode_limit = limit / desc.entries().size();
+    auto entries = std::move(desc).entries();
+    auto start = entries.back().token_range_end;
+    for (size_t idx = 0; idx < entries.size(); ++idx) {
+        auto end = entries[idx].token_range_end;
+        if (entries[idx].streams.size() > streams_per_vnode_limit) {
+            entries[idx].streams =
+                create_stream_ids(idx, start, end, streams_per_vnode_limit, entries[idx].sharding_ignore_msb);
+        }
+        start = end;
+    }
+    return topology_description(std::move(entries));
+}
+
+future<db_clock::time_point> make_new_cdc_generation(
         const db::config& cfg,
         const std::unordered_set<dht::token>& bootstrap_tokens,
-        const locator::token_metadata& tm,
+        const locator::token_metadata_ptr tmptr,
         const gms::gossiper& g,
         db::system_distributed_keyspace& sys_dist_ks,
         std::chrono::milliseconds ring_delay,
-        bool for_testing) {
-    auto gen = topology_description_generator(cfg, bootstrap_tokens, tm, g).generate();
+        bool add_delay) {
+    using namespace std::chrono;
+    auto gen = topology_description_generator(cfg, bootstrap_tokens, tmptr, g).generate();
+
+    // If the cluster is large we may end up with a generation that contains
+    // large number of streams. This is problematic because we store the
+    // generation in a single row. For a generation with large number of rows
+    // this will lead to a row that can be as big as 32MB. This is much more
+    // than the limit imposed by commitlog_segment_size_in_mb. If the size of
+    // the row that describes a new generation grows above
+    // commitlog_segment_size_in_mb, the write will fail and the new node won't
+    // be able to join. To avoid such problem we make sure that such row is
+    // always smaller than 4MB. We do that by removing some CDC streams from
+    // each vnode if the total number of streams is too large.
+    gen = limit_number_of_streams_if_needed(std::move(gen));
 
     // Begin the race.
     auto ts = db_clock::now() + (
-            for_testing ? std::chrono::milliseconds(0) : (
-                2 * ring_delay + std::chrono::duration_cast<std::chrono::milliseconds>(generation_leeway)));
-    sys_dist_ks.insert_cdc_topology_description(ts, std::move(gen), { tm.count_normal_token_owners() }).get();
+            (!add_delay || ring_delay == milliseconds(0)) ? milliseconds(0) : (
+                2 * ring_delay + duration_cast<milliseconds>(generation_leeway)));
+    co_await sys_dist_ks.insert_cdc_topology_description(ts, std::move(gen), { tmptr->count_normal_token_owners() });
 
-    return ts;
+    co_return ts;
 }
 
 std::optional<db_clock::time_point> get_streams_timestamp_for(const gms::inet_address& endpoint, const gms::gossiper& g) {
@@ -269,63 +379,581 @@ std::optional<db_clock::time_point> get_streams_timestamp_for(const gms::inet_ad
     return gms::versioned_value::cdc_streams_timestamp_from_string(streams_ts_string);
 }
 
-// Run inside seastar::async context.
-static void do_update_streams_description(
+static future<> do_update_streams_description(
         db_clock::time_point streams_ts,
         db::system_distributed_keyspace& sys_dist_ks,
         db::system_distributed_keyspace::context ctx) {
-    if (sys_dist_ks.cdc_desc_exists(streams_ts, ctx).get0()) {
-        cdc_log.debug("update_streams_description: description of generation {} already inserted", streams_ts);
-        return;
+    if (co_await sys_dist_ks.cdc_desc_exists(streams_ts, ctx)) {
+        cdc_log.info("Generation {}: streams description table already updated.", streams_ts);
+        co_return;
     }
 
     // We might race with another node also inserting the description, but that's ok. It's an idempotent operation.
 
-    auto topo = sys_dist_ks.read_cdc_topology_description(streams_ts, ctx).get0();
+    auto topo = co_await sys_dist_ks.read_cdc_topology_description(streams_ts, ctx);
     if (!topo) {
-        throw std::runtime_error(format("could not find streams data for timestamp {}", streams_ts));
+        throw no_generation_data_exception(streams_ts);
     }
 
-    std::set<cdc::stream_id> streams_set;
-    for (auto& entry: topo->entries()) {
-        streams_set.insert(entry.streams.begin(), entry.streams.end());
-    }
-
-    std::vector<cdc::stream_id> streams_vec(streams_set.begin(), streams_set.end());
-
-    sys_dist_ks.create_cdc_desc(streams_ts, streams_vec, ctx).get();
+    co_await sys_dist_ks.create_cdc_desc(streams_ts, *topo, ctx);
     cdc_log.info("CDC description table successfully updated with generation {}.", streams_ts);
 }
 
-void update_streams_description(
+future<> update_streams_description(
         db_clock::time_point streams_ts,
         shared_ptr<db::system_distributed_keyspace> sys_dist_ks,
         noncopyable_function<unsigned()> get_num_token_owners,
         abort_source& abort_src) {
     try {
-        do_update_streams_description(streams_ts, *sys_dist_ks, { get_num_token_owners() });
-    } catch(...) {
+        co_await do_update_streams_description(streams_ts, *sys_dist_ks, { get_num_token_owners() });
+    } catch (...) {
         cdc_log.warn(
             "Could not update CDC description table with generation {}: {}. Will retry in the background.",
             streams_ts, std::current_exception());
 
         // It is safe to discard this future: we keep system distributed keyspace alive.
-        (void)seastar::async([
-            streams_ts, sys_dist_ks, get_num_token_owners = std::move(get_num_token_owners), &abort_src
-        ] {
+        (void)(([] (db_clock::time_point streams_ts,
+                    shared_ptr<db::system_distributed_keyspace> sys_dist_ks,
+                    noncopyable_function<unsigned()> get_num_token_owners,
+                    abort_source& abort_src) -> future<> {
             while (true) {
-                sleep_abortable(std::chrono::seconds(60), abort_src).get();
+                co_await sleep_abortable(std::chrono::seconds(60), abort_src);
                 try {
-                    do_update_streams_description(streams_ts, *sys_dist_ks, { get_num_token_owners() });
-                    return;
+                    co_await do_update_streams_description(streams_ts, *sys_dist_ks, { get_num_token_owners() });
+                    co_return;
                 } catch (...) {
                     cdc_log.warn(
                         "Could not update CDC description table with generation {}: {}. Will try again.",
                         streams_ts, std::current_exception());
                 }
             }
-        });
+        })(streams_ts, std::move(sys_dist_ks), std::move(get_num_token_owners), abort_src));
     }
 }
 
+static db_clock::time_point as_timepoint(const utils::UUID& uuid) {
+    return db_clock::time_point{std::chrono::milliseconds(utils::UUID_gen::get_adjusted_timestamp(uuid))};
+}
+
+static future<std::vector<db_clock::time_point>> get_cdc_desc_v1_timestamps(
+        db::system_distributed_keyspace& sys_dist_ks,
+        abort_source& abort_src,
+        const noncopyable_function<unsigned()>& get_num_token_owners) {
+    while (true) {
+        try {
+            co_return co_await sys_dist_ks.get_cdc_desc_v1_timestamps({ get_num_token_owners() });
+        } catch (...) {
+            cdc_log.warn(
+                    "Failed to retrieve generation timestamps for rewriting: {}. Retrying in 60s.",
+                    std::current_exception());
+        }
+        co_await sleep_abortable(std::chrono::seconds(60), abort_src);
+    }
+}
+
+// Contains a CDC log table's creation time (extracted from its schema's id)
+// and its CDC TTL setting.
+struct time_and_ttl {
+    db_clock::time_point creation_time;
+    int ttl;
+};
+
+/*
+ * See `maybe_rewrite_streams_descriptions`.
+ * This is the long-running-in-the-background part of that function.
+ * It returns the timestamp of the last rewritten generation (if any).
+ */
+static future<std::optional<db_clock::time_point>> rewrite_streams_descriptions(
+        std::vector<time_and_ttl> times_and_ttls,
+        shared_ptr<db::system_distributed_keyspace> sys_dist_ks,
+        noncopyable_function<unsigned()> get_num_token_owners,
+        abort_source& abort_src) {
+    cdc_log.info("Retrieving generation timestamps for rewriting...");
+    auto tss = co_await get_cdc_desc_v1_timestamps(*sys_dist_ks, abort_src, get_num_token_owners);
+    cdc_log.info("Generation timestamps retrieved.");
+
+    // Find first generation timestamp such that some CDC log table may contain data before this timestamp.
+    // This predicate is monotonic w.r.t the timestamps.
+    auto now = db_clock::now();
+    std::sort(tss.begin(), tss.end());
+    auto first = std::partition_point(tss.begin(), tss.end(), [&] (db_clock::time_point ts) {
+        // partition_point finds first element that does *not* satisfy the predicate.
+        return std::none_of(times_and_ttls.begin(), times_and_ttls.end(),
+                [&] (const time_and_ttl& tat) {
+            // In this CDC log table there are no entries older than the table's creation time
+            // or (now - the table's ttl). We subtract 10s to account for some possible clock drift.
+            // If ttl is set to 0 then entries in this table never expire. In that case we look
+            // only at the table's creation time.
+            auto no_entries_older_than =
+                (tat.ttl == 0 ? tat.creation_time : std::max(tat.creation_time, now - std::chrono::seconds(tat.ttl)))
+                    - std::chrono::seconds(10);
+            return no_entries_older_than < ts;
+        });
+    });
+
+    // Find first generation timestamp such that some CDC log table may contain data in this generation.
+    // This and all later generations need to be written to the new streams table.
+    if (first != tss.begin()) {
+        --first;
+    }
+
+    if (first == tss.end()) {
+        cdc_log.info("No generations to rewrite.");
+        co_return std::nullopt;
+    }
+
+    cdc_log.info("First generation to rewrite: {}", *first);
+
+    bool each_success = true;
+    co_await max_concurrent_for_each(first, tss.end(), 10, [&] (db_clock::time_point ts) -> future<> {
+        while (true) {
+            try {
+                co_return co_await do_update_streams_description(ts, *sys_dist_ks, { get_num_token_owners() });
+            } catch (const no_generation_data_exception& e) {
+                cdc_log.error("Failed to rewrite streams for generation {}: {}. Giving up.", ts, e);
+                each_success = false;
+                co_return;
+            } catch (...) {
+                cdc_log.warn("Failed to rewrite streams for generation {}: {}. Retrying in 60s.", ts, std::current_exception());
+            }
+            co_await sleep_abortable(std::chrono::seconds(60), abort_src);
+        }
+    });
+
+    if (each_success) {
+        cdc_log.info("Rewriting stream tables finished successfully.");
+    } else {
+        cdc_log.info("Rewriting stream tables finished, but some generations could not be rewritten (check the logs).");
+    }
+
+    if (first != tss.end()) {
+        co_return *std::prev(tss.end());
+    }
+
+    co_return std::nullopt;
+}
+
+future<> maybe_rewrite_streams_descriptions(
+        const database& db,
+        shared_ptr<db::system_distributed_keyspace> sys_dist_ks,
+        noncopyable_function<unsigned()> get_num_token_owners,
+        abort_source& abort_src) {
+    if (!db.has_schema(sys_dist_ks->NAME, sys_dist_ks->CDC_DESC_V1)) {
+        // This cluster never went through a Scylla version which used this table
+        // or the user deleted the table. Nothing to do.
+        co_return;
+    }
+
+    if (co_await db::system_keyspace::cdc_is_rewritten()) {
+        co_return;
+    }
+
+    if (db.get_config().cdc_dont_rewrite_streams()) {
+        cdc_log.warn("Stream rewriting disabled. Manual administrator intervention may be required...");
+        co_return;
+    }
+
+    // For each CDC log table get the TTL setting (from CDC options) and the table's creation time
+    std::vector<time_and_ttl> times_and_ttls;
+    for (auto& [_, cf] : db.get_column_families()) {
+        auto& s = *cf->schema();
+        auto base = cdc::get_base_table(db, s.ks_name(), s.cf_name());
+        if (!base) {
+            // Not a CDC log table.
+            continue;
+        }
+        auto& cdc_opts = base->cdc_options();
+        if (!cdc_opts.enabled()) {
+            // This table is named like a CDC log table but it's not one.
+            continue;
+        }
+
+        times_and_ttls.push_back(time_and_ttl{as_timepoint(s.id()), cdc_opts.ttl()});
+    }
+
+    if (times_and_ttls.empty()) {
+        // There's no point in rewriting old generations' streams (they don't contain any data).
+        cdc_log.info("No CDC log tables present, not rewriting stream tables.");
+        co_return co_await db::system_keyspace::cdc_set_rewritten(std::nullopt);
+    }
+
+    // It's safe to discard this future: the coroutine keeps system_distributed_keyspace alive
+    // and the abort source's lifetime extends the lifetime of any other service.
+    (void)(([_times_and_ttls = std::move(times_and_ttls), _sys_dist_ks = std::move(sys_dist_ks),
+                _get_num_token_owners = std::move(get_num_token_owners), &_abort_src = abort_src] () mutable -> future<> {
+        auto times_and_ttls = std::move(_times_and_ttls);
+        auto sys_dist_ks = std::move(_sys_dist_ks);
+        auto get_num_token_owners = std::move(_get_num_token_owners);
+        auto& abort_src = _abort_src;
+
+        // This code is racing with node startup. At this point, we're most likely still waiting for gossip to settle
+        // and some nodes that are UP may still be marked as DOWN by us.
+        // Let's sleep a bit to increase the chance that the first attempt at rewriting succeeds (it's still ok if
+        // it doesn't - we'll retry - but it's nice if we succeed without any warnings).
+        co_await sleep_abortable(std::chrono::seconds(10), abort_src);
+
+        cdc_log.info("Rewriting stream tables in the background...");
+        auto last_rewritten = co_await rewrite_streams_descriptions(
+                std::move(times_and_ttls),
+                std::move(sys_dist_ks),
+                std::move(get_num_token_owners),
+                abort_src);
+
+        co_await db::system_keyspace::cdc_set_rewritten(last_rewritten);
+    })());
+}
+
+static void assert_shard_zero(const sstring& where) {
+    if (this_shard_id() != 0) {
+        on_internal_error(cdc_log, format("`{}`: must be run on shard 0", where));
+    }
+}
+
+class and_reducer {
+private:
+    bool _result = true;
+public:
+    future<> operator()(bool value) {
+        _result = value && _result;
+        return make_ready_future<>();
+    }
+    bool get() {
+        return _result;
+    }
+};
+
+class or_reducer {
+private:
+    bool _result = false;
+public:
+    future<> operator()(bool value) {
+        _result = value || _result;
+        return make_ready_future<>();
+    }
+    bool get() {
+        return _result;
+    }
+};
+
+class generation_handling_nonfatal_exception : public std::runtime_error {
+    using std::runtime_error::runtime_error;
+};
+
+constexpr char could_not_retrieve_msg_template[]
+        = "Could not retrieve CDC streams with timestamp {} upon gossip event. Reason: \"{}\". Action: {}.";
+
+generation_service::generation_service(
+            const db::config& cfg, gms::gossiper& g, sharded<db::system_distributed_keyspace>& sys_dist_ks,
+            abort_source& abort_src, const locator::shared_token_metadata& stm)
+        : _cfg(cfg), _gossiper(g), _sys_dist_ks(sys_dist_ks), _abort_src(abort_src), _token_metadata(stm) {
+}
+
+future<> generation_service::stop() {
+    if (this_shard_id() == 0) {
+        co_await _gossiper.unregister_(shared_from_this());
+    }
+
+    _stopped = true;
+}
+
+generation_service::~generation_service() {
+    assert(_stopped);
+}
+
+future<> generation_service::after_join(std::optional<db_clock::time_point>&& startup_gen_ts) {
+    assert_shard_zero(__PRETTY_FUNCTION__);
+    assert(db::system_keyspace::bootstrap_complete());
+
+    _gen_ts = std::move(startup_gen_ts);
+    _gossiper.register_(shared_from_this());
+
+    _joined = true;
+
+    // Retrieve the latest CDC generation seen in gossip (if any).
+    co_await scan_cdc_generations();
+}
+
+void generation_service::on_join(gms::inet_address ep, gms::endpoint_state ep_state) {
+    assert_shard_zero(__PRETTY_FUNCTION__);
+
+    auto val = ep_state.get_application_state_ptr(gms::application_state::CDC_STREAMS_TIMESTAMP);
+    if (!val) {
+        return;
+    }
+
+    on_change(ep, gms::application_state::CDC_STREAMS_TIMESTAMP, *val);
+}
+
+void generation_service::on_change(gms::inet_address ep, gms::application_state app_state, const gms::versioned_value& v) {
+    assert_shard_zero(__PRETTY_FUNCTION__);
+
+    if (app_state != gms::application_state::CDC_STREAMS_TIMESTAMP) {
+        return;
+    }
+
+    auto ts = gms::versioned_value::cdc_streams_timestamp_from_string(v.value);
+    cdc_log.debug("Endpoint: {}, CDC generation timestamp change: {}", ep, ts);
+
+    handle_cdc_generation(ts).get();
+}
+
+future<> generation_service::check_and_repair_cdc_streams() {
+    if (!_joined) {
+        throw std::runtime_error("check_and_repair_cdc_streams: node not initialized yet");
+    }
+
+    auto latest = _gen_ts;
+    const auto& endpoint_states = _gossiper.get_endpoint_states();
+    for (const auto& [addr, state] : endpoint_states) {
+        if (!_gossiper.is_normal(addr))  {
+            throw std::runtime_error(format("All nodes must be in NORMAL state while performing check_and_repair_cdc_streams"
+                    " ({} is in state {})", addr, _gossiper.get_gossip_status(state)));
+        }
+
+        const auto ts = get_streams_timestamp_for(addr, _gossiper);
+        if (!latest || (ts && *ts > *latest)) {
+            latest = ts;
+        }
+    }
+
+    bool should_regenerate = false;
+    std::optional<topology_description> gen;
+
+    static const auto timeout_msg = "Timeout while fetching CDC topology description";
+    static const auto topology_read_error_note = "Note: this is likely caused by"
+            " node(s) being down or unreachable. It is recommended to check the network and"
+            " restart/remove the failed node(s), then retry checkAndRepairCdcStreams command";
+    static const auto exception_translating_msg = "Translating the exception to `request_execution_exception`";
+    const auto tmptr = _token_metadata.get();
+    auto sys_dist_ks = get_sys_dist_ks();
+    try {
+        gen = co_await sys_dist_ks->read_cdc_topology_description(
+                *latest, { tmptr->count_normal_token_owners() });
+    } catch (exceptions::request_timeout_exception& e) {
+        cdc_log.error("{}: \"{}\". {}.", timeout_msg, e.what(), exception_translating_msg);
+        throw exceptions::request_execution_exception(exceptions::exception_code::READ_TIMEOUT,
+                format("{}. {}.", timeout_msg, topology_read_error_note));
+    } catch (exceptions::unavailable_exception& e) {
+        static const auto unavailable_msg = "Node(s) unavailable while fetching CDC topology description";
+        cdc_log.error("{}: \"{}\". {}.", unavailable_msg, e.what(), exception_translating_msg);
+        throw exceptions::request_execution_exception(exceptions::exception_code::UNAVAILABLE,
+                format("{}. {}.", unavailable_msg, topology_read_error_note));
+    } catch (...) {
+        const auto ep = std::current_exception();
+        if (is_timeout_exception(ep)) {
+            cdc_log.error("{}: \"{}\". {}.", timeout_msg, ep, exception_translating_msg);
+            throw exceptions::request_execution_exception(exceptions::exception_code::READ_TIMEOUT,
+                    format("{}. {}.", timeout_msg, topology_read_error_note));
+        }
+        // On exotic errors proceed with regeneration
+        cdc_log.error("Exception while reading CDC topology description: \"{}\". Regenerating streams anyway.", ep);
+        should_regenerate = true;
+    }
+
+    if (!gen) {
+        cdc_log.error(
+            "Could not find CDC generation with timestamp {} in distributed system tables (current time: {}),"
+            " even though some node gossiped about it.",
+            latest, db_clock::now());
+        should_regenerate = true;
+    } else {
+        std::unordered_set<dht::token> gen_ends;
+        for (const auto& entry : gen->entries()) {
+            gen_ends.insert(entry.token_range_end);
+        }
+        for (const auto& metadata_token : tmptr->sorted_tokens()) {
+            if (!gen_ends.contains(metadata_token)) {
+                cdc_log.warn("CDC generation {} missing token {}. Regenerating.", latest, metadata_token);
+                should_regenerate = true;
+                break;
+            }
+        }
+    }
+
+    if (!should_regenerate) {
+        if (latest != _gen_ts) {
+            co_await do_handle_cdc_generation(*latest);
+        }
+        cdc_log.info("CDC generation {} does not need repair", latest);
+        co_return;
+    }
+    const auto new_gen_ts = co_await make_new_cdc_generation(_cfg,
+            {}, std::move(tmptr), _gossiper, *sys_dist_ks,
+            std::chrono::milliseconds(_cfg.ring_delay_ms()), true /* add delay */);
+    // Need to artificially update our STATUS so other nodes handle the timestamp change
+    auto status = _gossiper.get_application_state_ptr(
+            utils::fb_utilities::get_broadcast_address(), gms::application_state::STATUS);
+    if (!status) {
+        cdc_log.error("Our STATUS is missing");
+        cdc_log.error("Aborting CDC generation repair due to missing STATUS");
+        co_return;
+    }
+    // Update _gen_ts first, so that do_handle_cdc_generation (which will get called due to the status update)
+    // won't try to update the gossiper, which would result in a deadlock inside add_local_application_state
+    _gen_ts = new_gen_ts;
+    co_await _gossiper.add_local_application_state({
+            { gms::application_state::CDC_STREAMS_TIMESTAMP, gms::versioned_value::cdc_streams_timestamp(new_gen_ts) },
+            { gms::application_state::STATUS, *status }
+    });
+    co_await db::system_keyspace::update_cdc_streams_timestamp(new_gen_ts);
+}
+
+future<> generation_service::handle_cdc_generation(std::optional<db_clock::time_point> ts) {
+    assert_shard_zero(__PRETTY_FUNCTION__);
+
+    if (!ts) {
+        co_return;
+    }
+
+    if (!db::system_keyspace::bootstrap_complete() || !_sys_dist_ks.local_is_initialized()
+            || !_sys_dist_ks.local().started()) {
+        // The service should not be listening for generation changes until after the node
+        // is bootstrapped. Therefore we would previously assume that this condition
+        // can never become true and call on_internal_error here, but it turns out that
+        // it may become true on decommission: the node enters NEEDS_BOOTSTRAP
+        // state before leaving the token ring, so bootstrap_complete() becomes false.
+        // In that case we can simply return.
+        co_return;
+    }
+
+    if (co_await container().map_reduce(and_reducer(), [ts = *ts] (generation_service& svc) {
+        return !svc._cdc_metadata.prepare(ts);
+    })) {
+        co_return;
+    }
+
+    bool using_this_gen = false;
+    try {
+        using_this_gen = co_await do_handle_cdc_generation_intercept_nonfatal_errors(*ts);
+    } catch (generation_handling_nonfatal_exception& e) {
+        cdc_log.warn(could_not_retrieve_msg_template, ts, e.what(), "retrying in the background");
+        async_handle_cdc_generation(*ts);
+        co_return;
+    } catch (...) {
+        cdc_log.error(could_not_retrieve_msg_template, ts, std::current_exception(), "not retrying");
+        co_return; // Exotic ("fatal") exception => do not retry
+    }
+
+    if (using_this_gen) {
+        cdc_log.info("Starting to use generation {}", *ts);
+        co_await update_streams_description(*ts, get_sys_dist_ks(),
+                [tmptr = _token_metadata.get()] { return tmptr->count_normal_token_owners(); },
+                _abort_src);
+    }
+}
+
+void generation_service::async_handle_cdc_generation(db_clock::time_point ts) {
+    assert_shard_zero(__PRETTY_FUNCTION__);
+
+    (void)(([] (db_clock::time_point ts, shared_ptr<generation_service> svc) -> future<> {
+        while (true) {
+            co_await sleep_abortable(std::chrono::seconds(5), svc->_abort_src);
+
+            try {
+                bool using_this_gen = co_await svc->do_handle_cdc_generation_intercept_nonfatal_errors(ts);
+                if (using_this_gen) {
+                    cdc_log.info("Starting to use generation {}", ts);
+                    co_await update_streams_description(ts, svc->get_sys_dist_ks(),
+                            [tmptr = svc->_token_metadata.get()] { return tmptr->count_normal_token_owners(); },
+                            svc->_abort_src);
+                }
+                co_return;
+            } catch (generation_handling_nonfatal_exception& e) {
+                cdc_log.warn(could_not_retrieve_msg_template, ts, e.what(), "continuing to retry in the background");
+            } catch (...) {
+                cdc_log.error(could_not_retrieve_msg_template, ts, std::current_exception(), "not retrying anymore");
+                co_return; // Exotic ("fatal") exception => do not retry
+            }
+
+            if (co_await svc->container().map_reduce(and_reducer(), [ts] (generation_service& svc) {
+                return svc._cdc_metadata.known_or_obsolete(ts);
+            })) {
+                co_return;
+            }
+        }
+    })(ts, shared_from_this()));
+}
+
+future<> generation_service::scan_cdc_generations() {
+    assert_shard_zero(__PRETTY_FUNCTION__);
+
+    std::optional<db_clock::time_point> latest;
+    for (const auto& ep: _gossiper.get_endpoint_states()) {
+        auto ts = get_streams_timestamp_for(ep.first, _gossiper);
+        if (!latest || (ts && *ts > *latest)) {
+            latest = ts;
+        }
+    }
+
+    if (latest) {
+        cdc_log.info("Latest generation seen during startup: {}", *latest);
+        co_await handle_cdc_generation(latest);
+    } else {
+        cdc_log.info("No generation seen during startup.");
+    }
+}
+
+future<bool> generation_service::do_handle_cdc_generation_intercept_nonfatal_errors(db_clock::time_point ts) {
+    assert_shard_zero(__PRETTY_FUNCTION__);
+
+    try {
+        co_return co_await do_handle_cdc_generation(ts);
+    } catch (exceptions::request_timeout_exception& e) {
+        throw generation_handling_nonfatal_exception(e.what());
+    } catch (exceptions::unavailable_exception& e) {
+        throw generation_handling_nonfatal_exception(e.what());
+    } catch (exceptions::read_failure_exception& e) {
+        throw generation_handling_nonfatal_exception(e.what());
+    } catch (...) {
+        const auto ep = std::current_exception();
+        if (is_timeout_exception(ep)) {
+            throw generation_handling_nonfatal_exception(format("{}", ep));
+        }
+        throw;
+    }
+}
+
+future<bool> generation_service::do_handle_cdc_generation(db_clock::time_point ts) {
+    assert_shard_zero(__PRETTY_FUNCTION__);
+
+    auto sys_dist_ks = get_sys_dist_ks();
+    auto gen = co_await sys_dist_ks->read_cdc_topology_description(
+            ts, { _token_metadata.get()->count_normal_token_owners() });
+    if (!gen) {
+        throw std::runtime_error(format(
+            "Could not find CDC generation with timestamp {} in distributed system tables (current time: {}),"
+            " even though some node gossiped about it.",
+            ts, db_clock::now()));
+    }
+
+    // If we're not gossiping our own generation timestamp (because we've upgraded from a non-CDC/old version,
+    // or we somehow lost it due to a byzantine failure), start gossiping someone else's timestamp.
+    // This is to avoid the upgrade check on every restart (see `should_propose_first_cdc_generation`).
+    // And if we notice that `ts` is higher than our timestamp, we will start gossiping it instead,
+    // so if the node that initially gossiped `ts` leaves the cluster while `ts` is still the latest generation,
+    // the cluster will remember.
+    if (!_gen_ts || *_gen_ts < ts) {
+        _gen_ts = ts;
+        co_await db::system_keyspace::update_cdc_streams_timestamp(ts);
+        co_await _gossiper.add_local_application_state(
+                gms::application_state::CDC_STREAMS_TIMESTAMP, gms::versioned_value::cdc_streams_timestamp(ts));
+    }
+
+    // Return `true` iff the generation was inserted on any of our shards.
+    co_return co_await container().map_reduce(or_reducer(), [ts, &gen] (generation_service& svc) {
+        auto gen_ = *gen;
+        return svc._cdc_metadata.insert(ts, std::move(gen_));
+    });
+}
+
+shared_ptr<db::system_distributed_keyspace> generation_service::get_sys_dist_ks() {
+    assert_shard_zero(__PRETTY_FUNCTION__);
+
+    if (!_sys_dist_ks.local_is_initialized()) {
+        throw std::runtime_error("system distributed keyspace not initialized");
+    }
+
+    return _sys_dist_ks.local_shared();
+}
+
 } // namespace cdc

cdc/generation.hh

@@ -40,6 +40,8 @@
 #include "database_fwd.hh"
 #include "db_clock.hh"
 #include "dht/token.hh"
+#include "locator/token_metadata.hh"
+#include "utils/chunked_vector.hh"
 
 namespace seastar {
     class abort_source;
@@ -55,26 +57,26 @@ namespace gms {
     class gossiper;
 } // namespace gms
 
-namespace locator {
-    class token_metadata;
-} // namespace locator
-
 namespace cdc {
 
 class stream_id final {
     bytes _value;
 public:
+    static constexpr uint8_t version_1 = 1;
+
     stream_id() = default;
-    stream_id(int64_t, int64_t);
     stream_id(bytes);
+    stream_id(dht::token, size_t);
+
     bool is_set() const;
     bool operator==(const stream_id&) const;
+    bool operator!=(const stream_id&) const;
     bool operator<(const stream_id&) const;
 
-    int64_t first() const;
-    int64_t second() const;
-
+    uint8_t version() const;
+    size_t index() const;
     const bytes& to_bytes() const;
+    dht::token token() const;
 
     partition_key to_partition_key(const schema& log_schema) const;
     static int64_t token_from_bytes(bytes_view);
@@ -110,7 +112,30 @@ public:
     topology_description(std::vector<token_range_description> entries);
     bool operator==(const topology_description&) const;
 
-    const std::vector<token_range_description>& entries() const;
+    const std::vector<token_range_description>& entries() const&;
+    std::vector<token_range_description>&& entries() &&;
+};
+
+/**
+ * The set of streams for a single topology version/generation
+ * I.e. the stream ids at a given time. 
+ */ 
+class streams_version {
+public:
+    utils::chunked_vector<stream_id> streams;
+    db_clock::time_point timestamp;
+
+    streams_version(utils::chunked_vector<stream_id> s, db_clock::time_point ts)
+        : streams(std::move(s))
+        , timestamp(ts)
+    {}
+};
+
+class no_generation_data_exception : public std::runtime_error {
+public:
+    no_generation_data_exception(db_clock::time_point generation_ts)
+        : std::runtime_error(format("could not find generation data for timestamp {}", generation_ts))
+    {}
 };
 
 /* Should be called when we're restarting and we noticed that we didn't save any streams timestamp in our local tables,
@@ -130,8 +155,8 @@ bool should_propose_first_generation(const gms::inet_address& me, const gms::gos
  */
 future<db_clock::time_point> get_local_streams_timestamp();
 
-/* Generate a new set of CDC streams and insert it into the distributed cdc_generations table.
- * Returns the timestamp of this new generation.
+/* Generate a new set of CDC streams and insert it into the distributed cdc_generation_descriptions table.
+ * Returns the timestamp of this new generation
  *
  * Should be called when starting the node for the first time (i.e., joining the ring).
  *
@@ -142,14 +167,14 @@ future<db_clock::time_point> get_local_streams_timestamp();
  * (not guaranteed in the current implementation, but expected to be the common case;
  *  we assume that `ring_delay` is enough for other nodes to learn about the new generation).
  */
-db_clock::time_point make_new_cdc_generation(
+future<db_clock::time_point> make_new_cdc_generation(
         const db::config& cfg,
         const std::unordered_set<dht::token>& bootstrap_tokens,
-        const locator::token_metadata& tm,
+        const locator::token_metadata_ptr tmptr,
         const gms::gossiper& g,
         db::system_distributed_keyspace& sys_dist_ks,
         std::chrono::milliseconds ring_delay,
-        bool for_testing);
+        bool add_delay);
 
 /* Retrieves CDC streams generation timestamp from the given endpoint's application state (broadcasted through gossip).
  * We might be during a rolling upgrade, so the timestamp might not be there (if the other node didn't upgrade yet),
@@ -161,17 +186,26 @@ std::optional<db_clock::time_point> get_streams_timestamp_for(const gms::inet_ad
 /* Inform CDC users about a generation of streams (identified by the given timestamp)
  * by inserting it into the cdc_streams table.
  *
- * Assumes that the cdc_generations table contains this generation.
+ * Assumes that the cdc_generation_descriptions table contains this generation.
  *
  * Returning from this function does not mean that the table update was successful: the function
  * might run an asynchronous task in the background.
- *
- * Run inside seastar::async context.
  */
-void update_streams_description(
+future<> update_streams_description(
         db_clock::time_point,
         shared_ptr<db::system_distributed_keyspace>,
         noncopyable_function<unsigned()> get_num_token_owners,
         abort_source&);
 
+/* Part of the upgrade procedure. Useful in case where the version of Scylla that we're upgrading from
+ * used the "cdc_streams_descriptions" table. This procedure ensures that the new "cdc_streams_descriptions_v2"
+ * table contains streams of all generations that were present in the old table and may still contain data
+ * (i.e. there exist CDC log tables that may contain rows with partition keys being the stream IDs from
+ * these generations). */
+future<> maybe_rewrite_streams_descriptions(
+        const database&,
+        shared_ptr<db::system_distributed_keyspace>,
+        noncopyable_function<unsigned()> get_num_token_owners,
+        abort_source&);
+
 } // namespace cdc

cdc/generation_service.hh

@@ -0,0 +1,138 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements.  See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership.  The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License.  You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ *
+ * Modified by ScyllaDB
+ * Copyright (C) 2021 ScyllaDB
+ *
+ */
+
+#pragma once
+
+#include "cdc/metadata.hh"
+#include "gms/i_endpoint_state_change_subscriber.hh"
+
+namespace db {
+class system_distributed_keyspace;
+}
+
+namespace gms {
+class gossiper;
+}
+
+namespace cdc {
+
+class generation_service : public peering_sharded_service<generation_service>
+                         , public async_sharded_service<generation_service>
+                         , public gms::i_endpoint_state_change_subscriber {
+
+    bool _stopped = false;
+
+    // The node has joined the token ring. Set to `true` on `after_join` call.
+    bool _joined = false;
+
+    const db::config& _cfg;
+    gms::gossiper& _gossiper;
+    sharded<db::system_distributed_keyspace>& _sys_dist_ks;
+    abort_source& _abort_src;
+    const locator::shared_token_metadata& _token_metadata;
+
+    /* Maintains the set of known CDC generations used to pick streams for log writes (i.e., the partition keys of these log writes).
+     * Updated in response to certain gossip events (see the handle_cdc_generation function).
+     */
+    cdc::metadata _cdc_metadata;
+
+    /* The latest known generation timestamp and the timestamp that we're currently gossiping
+     * (as CDC_STREAMS_TIMESTAMP application state).
+     *
+     * Only shard 0 manages this, hence it will be std::nullopt on all shards other than 0.
+     * This timestamp is also persisted in the system.cdc_local table.
+     *
+     * On shard 0 this may be nullopt only in one special case: rolling upgrade, when we upgrade
+     * from an old version of Scylla that didn't support CDC. In that case one node in the cluster
+     * will create the first generation and start gossiping it; it may be us, or it may be some
+     * different node. In any case, eventually - after one of the nodes gossips the first timestamp
+     * - we'll catch on and this variable will be updated with that generation.
+     */
+    std::optional<db_clock::time_point> _gen_ts;
+public:
+    generation_service(const db::config&, gms::gossiper&,
+            sharded<db::system_distributed_keyspace>&, abort_source&, const locator::shared_token_metadata&);
+
+    future<> stop();
+    ~generation_service();
+
+    /* After the node bootstraps and creates a new CDC generation, or restarts and loads the last
+     * known generation timestamp from persistent storage, this function should be called with
+     * that generation timestamp moved in as the `startup_gen_ts` parameter.
+     * This passes the responsibility of managing generations from the node startup code to this service;
+     * until then, the service remains dormant.
+     * At the time of writing this comment, the startup code is in `storage_service::join_token_ring`, hence
+     * `after_join` should be called at the end of that function.
+     * Precondition: the node has completed bootstrapping and system_distributed_keyspace is initialized.
+     * Must be called on shard 0 - that's where the generation management happens.
+     */
+    future<> after_join(std::optional<db_clock::time_point>&& startup_gen_ts);
+
+    cdc::metadata& get_cdc_metadata() {
+        return _cdc_metadata;
+    }
+
+    virtual void before_change(gms::inet_address, gms::endpoint_state, gms::application_state, const gms::versioned_value&) override {}
+    virtual void on_alive(gms::inet_address, gms::endpoint_state) override {}
+    virtual void on_dead(gms::inet_address, gms::endpoint_state) override {}
+    virtual void on_remove(gms::inet_address) override {}
+    virtual void on_restart(gms::inet_address, gms::endpoint_state) override {}
+
+    virtual void on_join(gms::inet_address, gms::endpoint_state) override;
+    virtual void on_change(gms::inet_address, gms::application_state, const gms::versioned_value&) override;
+
+    future<> check_and_repair_cdc_streams();
+
+private:
+    /* Retrieve the CDC generation which starts at the given timestamp (from a distributed table created for this purpose)
+     * and start using it for CDC log writes if it's not obsolete.
+     */
+    future<> handle_cdc_generation(std::optional<db_clock::time_point>);
+
+    /* If `handle_cdc_generation` fails, it schedules an asynchronous retry in the background
+     * using `async_handle_cdc_generation`.
+     */
+    void async_handle_cdc_generation(db_clock::time_point);
+
+    /* Wrapper around `do_handle_cdc_generation` which intercepts timeout/unavailability exceptions.
+     * Returns: do_handle_cdc_generation(ts). */
+    future<bool> do_handle_cdc_generation_intercept_nonfatal_errors(db_clock::time_point);
+
+    /* Returns `true` iff we started using the generation (it was not obsolete or already known),
+     * which means that this node might write some CDC log entries using streams from this generation. */
+    future<bool> do_handle_cdc_generation(db_clock::time_point);
+
+    /* Scan CDC generation timestamps gossiped by other nodes and retrieve the latest one.
+     * This function should be called once at the end of the node startup procedure
+     * (after the node is started and running normally, it will retrieve generations on gossip events instead).
+     */
+    future<> scan_cdc_generations();
+
+    /* generation_service code might be racing with system_distributed_keyspace deinitialization
+     * (the deinitialization order is broken).
+     * Therefore, whenever we want to access sys_dist_ks in a background task,
+     * we need to check if the instance is still there. Storing the shared pointer will keep it alive.
+     */
+    shared_ptr<db::system_distributed_keyspace> get_sys_dist_ks();
+};
+
+} // namespace cdc

cdc/log.hh

@@ -41,7 +41,6 @@
 #include "exceptions/exceptions.hh"
 #include "timestamp.hh"
 #include "tracing/trace_state.hh"
-#include "cdc_options.hh"
 #include "utils/UUID.hh"
 
 class schema;
@@ -63,6 +62,7 @@ class query_state;
 
 class mutation;
 class partition_key;
+class database;
 
 namespace cdc {
 
@@ -80,7 +80,7 @@ class cdc_service final : public async_sharded_service<cdc::cdc_service> {
     std::unique_ptr<impl> _impl;
 public:
     future<> stop();
-    cdc_service(service::storage_proxy&);
+    cdc_service(service::storage_proxy&, cdc::metadata&);
     cdc_service(db_context);
     ~cdc_service();
 
@@ -100,20 +100,16 @@ public:
 struct db_context final {
     service::storage_proxy& _proxy;
     service::migration_notifier& _migration_notifier;
-    locator::token_metadata& _token_metadata;
     cdc::metadata& _cdc_metadata;
 
     class builder final {
         service::storage_proxy& _proxy;
+        cdc::metadata& _cdc_metadata;
         std::optional<std::reference_wrapper<service::migration_notifier>> _migration_notifier;
-        std::optional<std::reference_wrapper<locator::token_metadata>> _token_metadata;
-        std::optional<std::reference_wrapper<cdc::metadata>> _cdc_metadata;
     public:
-        builder(service::storage_proxy& proxy);
+        builder(service::storage_proxy& proxy, cdc::metadata&);
 
         builder& with_migration_notifier(service::migration_notifier& migration_notifier);
-        builder& with_token_metadata(locator::token_metadata& token_metadata);
-        builder& with_cdc_metadata(cdc::metadata&);
 
         db_context build();
     };
@@ -129,7 +125,12 @@ enum class operation : int8_t {
 };
 
 bool is_log_for_some_table(const sstring& ks_name, const std::string_view& table_name);
-seastar::sstring log_name(const seastar::sstring& table_name);
+
+schema_ptr get_base_table(const database&, const schema&);
+schema_ptr get_base_table(const database&, sstring_view, std::string_view);
+
+seastar::sstring base_name(std::string_view log_name);
+seastar::sstring log_name(std::string_view table_name);
 seastar::sstring log_data_column_name(std::string_view column_name);
 seastar::sstring log_meta_column_name(std::string_view column_name);
 bytes log_data_column_name_bytes(const bytes& column_name);
@@ -141,6 +142,8 @@ bytes log_data_column_deleted_name_bytes(const bytes& column_name);
 seastar::sstring log_data_column_deleted_elements_name(std::string_view column_name);
 bytes log_data_column_deleted_elements_name_bytes(const bytes& column_name);
 
+bool is_cdc_metacolumn_name(const sstring& name);
+
 utils::UUID generate_timeuuid(api::timestamp_type t);
 
 } // namespace cdc

cdc/metadata.cc

@@ -51,7 +51,8 @@ static cdc::stream_id get_stream(
     return entry.streams[shard_id];
 }
 
-static cdc::stream_id get_stream(
+// non-static for testing
+cdc::stream_id get_stream(
         const std::vector<cdc::token_range_description>& entries,
         dht::token tok) {
     if (entries.empty()) {
@@ -77,6 +78,12 @@ cdc::metadata::container_t::const_iterator cdc::metadata::gen_used_at(api::times
     return std::prev(it);
 }
 
+bool cdc::metadata::streams_available() const {
+    auto now = api::new_timestamp();
+    auto it = gen_used_at(now);
+    return  it != _gens.end();
+}
+
 cdc::stream_id cdc::metadata::get_stream(api::timestamp_type ts, dht::token tok) {
     auto now = api::new_timestamp();
     if (ts > now + generation_leeway.count()) {

cdc/metadata.hh

@@ -57,6 +57,10 @@ public:
     /* Is a generation with the given timestamp already known or superseded by a newer generation? */
     bool known_or_obsolete(db_clock::time_point) const;
 
+    /* Are there streams available. I.e. valid for time == now. If this is false, any writes to 
+     * CDC logs will fail fast.
+     */
+    bool streams_available() const;
     /* Return the stream for the base partition whose token is `tok` to which a corresponding log write should go
      * according to the generation used at time `ts` (i.e, the latest generation whose timestamp is less or equal to `ts`).
      *

cdc/split.cc

@@ -22,8 +22,14 @@
 #include "mutation.hh"
 #include "schema.hh"
 
+#include "concrete_types.hh"
+#include "types/user.hh"
+
 #include "split.hh"
 #include "log.hh"
+#include "change_visitor.hh"
+
+#include <type_traits>
 
 struct atomic_column_update {
     column_id id;
@@ -70,6 +76,37 @@ struct partition_deletion {
     tombstone t;
 };
 
+using clustered_column_set = std::map<clustering_key, cdc::one_kind_column_set, clustering_key::less_compare>;
+
+template<typename Container>
+concept EntryContainer = requires(Container& container) {
+    // Parenthesized due to https://bugs.llvm.org/show_bug.cgi?id=45088
+    { (container.atomic_entries) } -> std::same_as<std::vector<atomic_column_update>&>;
+    { (container.nonatomic_entries) } -> std::same_as<std::vector<nonatomic_column_update>&>;
+};
+
+template<EntryContainer Container>
+static void add_columns_affected_by_entries(cdc::one_kind_column_set& cset, const Container& cont) {
+    for (const auto& entry : cont.atomic_entries) {
+        cset.set(entry.id);
+    }
+    for (const auto& entry : cont.nonatomic_entries) {
+        cset.set(entry.id);
+    }
+}
+
+/* Given a mutation with multiple timestamps/ttl/types of changes, we split it into multiple mutations
+ * before passing it into `process_change` (see comment above `should_split_visitor` for more details).
+ *
+ * The first step of the splitting is to walk over the mutation and put each change into an appropriate bucket
+ * (see `batch`). The buckets are sorted by timestamps (see `set_of_changes`), and within each bucket,
+ * the changes are split according to their types (`static_updates`, `clustered_inserts`, and so on).
+ * Within each type, the changes are sorted w.r.t TTLs. Changes without a TTL are treated as if they had TTL = 0.
+ *
+ * The function that puts changes into bucket is called `extract_changes`. Underneath, it uses
+ * `extract_changes_visitor`, `extract_collection_visitor` and `extract_row_visitor`.
+ */
+
 struct batch {
     std::vector<static_row_update> static_updates;
     std::vector<clustered_row_insert> clustered_inserts;
@@ -77,6 +114,40 @@ struct batch {
     std::vector<clustered_row_deletion> clustered_row_deletions;
     std::vector<clustered_range_deletion> clustered_range_deletions;
     std::optional<partition_deletion> partition_deletions;
+
+    clustered_column_set get_affected_clustered_columns_per_row(const schema& s) const {
+        clustered_column_set ret{clustering_key::less_compare(s)};
+
+        if (!clustered_row_deletions.empty()) {
+            // When deleting a row, all columns are affected
+            cdc::one_kind_column_set all_columns{s.regular_columns_count()};
+            all_columns.set(0, s.regular_columns_count(), true);
+            for (const auto& change : clustered_row_deletions) {
+                ret.insert(std::make_pair(change.key, all_columns));
+            }
+        }
+
+        auto process_change_type = [&] (const auto& changes) {
+            for (const auto& change : changes) {
+                auto& cset = ret[change.key];
+                cset.resize(s.regular_columns_count());
+                add_columns_affected_by_entries(cset, change);
+            }
+        };
+
+        process_change_type(clustered_inserts);
+        process_change_type(clustered_updates);
+
+        return ret;
+    }
+
+    cdc::one_kind_column_set get_affected_static_columns(const schema& s) const {
+        cdc::one_kind_column_set ret{s.static_columns_count()};
+        for (const auto& change : static_updates) {
+            add_columns_affected_by_entries(ret, change);
+        }
+        return ret;
+    }
 };
 
 using set_of_changes = std::map<api::timestamp_type, batch>;
@@ -86,100 +157,179 @@ struct row_update {
     std::vector<nonatomic_column_update> nonatomic_entries;
 };
 
-static
-std::map<std::pair<api::timestamp_type, gc_clock::duration>, row_update>
-extract_row_updates(const row& r, column_kind ckind, const schema& schema) {
-    std::map<std::pair<api::timestamp_type, gc_clock::duration>, row_update> result;
-    r.for_each_cell([&] (column_id id, const atomic_cell_or_collection& cell) {
-        auto& cdef = schema.column_at(ckind, id);
-        if (cdef.is_atomic()) {
-            auto view = cell.as_atomic_cell(cdef);
-            auto timestamp_and_ttl = std::pair(
-                    view.timestamp(),
-                    view.is_live_and_has_ttl() ? view.ttl() : gc_clock::duration(0)
-                );
-            result[timestamp_and_ttl].atomic_entries.push_back({id, atomic_cell(*cdef.type, view)});
-            return;
+static gc_clock::duration get_ttl(const atomic_cell_view& acv) {
+    return acv.is_live_and_has_ttl() ? acv.ttl() : gc_clock::duration(0);
+}
+
+static gc_clock::duration get_ttl(const row_marker& rm) {
+    return rm.is_expiring() ? rm.ttl() : gc_clock::duration(0);
+}
+
+using change_key_t = std::pair<api::timestamp_type, gc_clock::duration>;
+
+/* Visits the cells and tombstone of a collection, putting the encountered changes into buckets
+ * sorted by timestamp first and ttl second (see `_updates`).
+ */
+template <typename V>
+struct extract_collection_visitor {
+private:
+    const column_id _id;
+    std::map<change_key_t, row_update>& _updates;
+
+    nonatomic_column_update& get_or_append_entry(api::timestamp_type ts, gc_clock::duration ttl) {
+        auto& updates = this->_updates[std::pair(ts, ttl)].nonatomic_entries;
+        if (updates.empty() || updates.back().id != _id) {
+            updates.push_back({_id});
         }
-
-        cell.as_collection_mutation().with_deserialized(*cdef.type, [&] (collection_mutation_view_description mview) {
-            auto desc = mview.materialize(*cdef.type);
-            for (auto& [k, v]: desc.cells) {
-                auto timestamp_and_ttl = std::pair(
-                        v.timestamp(),
-                        v.is_live_and_has_ttl() ? v.ttl() : gc_clock::duration(0)
-                    );
-                auto& updates = result[timestamp_and_ttl].nonatomic_entries;
-                if (updates.empty() || updates.back().id != id) {
-                    updates.push_back({id, {}});
-                }
-                updates.back().cells.push_back({std::move(k), std::move(v)});
-            }
-
-            if (desc.tomb) {
-                auto timestamp_and_ttl = std::pair(desc.tomb.timestamp + 1, gc_clock::duration(0));
-                auto& updates = result[timestamp_and_ttl].nonatomic_entries;
-                if (updates.empty() || updates.back().id != id) {
-                    updates.push_back({id, {}});
-                }
-                updates.back().t = std::move(desc.tomb);
-            }
-        });
-    });
-    return result;
-};
-
-set_of_changes extract_changes(const mutation& base_mutation, const schema& base_schema) {
-    set_of_changes res;
-    auto& p = base_mutation.partition();
-
-    auto sr_updates = extract_row_updates(p.static_row().get(), column_kind::static_column, base_schema);
-    for (auto& [k, up]: sr_updates) {
-        auto [timestamp, ttl] = k;
-        res[timestamp].static_updates.push_back({
-                ttl,
-                std::move(up.atomic_entries),
-                std::move(up.nonatomic_entries)
-            });
+        return updates.back();
     }
 
-    for (const rows_entry& cr : p.clustered_rows()) {
-        auto cr_updates = extract_row_updates(cr.row().cells(), column_kind::regular_column, base_schema);
+    /* To copy a value from a collection/non-frozen UDT (in order to put it into a bucket) we need to know the value's type.
+     * The method of obtaining the type depends on the collection type; in particular, for non-frozen UDT, each value
+     * might have a different type, thus in general we need a method that, given a key (identifying the value in the collection),
+     * returns the value' type.
+     *
+     * We use the `Curiously Recurring Template Pattern' to avoid performing a dynamic dispatch on the collection's type for each visited cell.
+     * Instead we perform a single dynamic dispatch at the beginning, when encountering the collection column;
+     * the dispatch provides us with a correct `get_value_type` method.
+     * See `extract_row_visitor::collection_column` where the dispatch is done.
 
-        const auto& marker = cr.row().marker();
-        auto marker_timestamp = marker.timestamp();
-        auto marker_ttl = marker.is_expiring() ? marker.ttl() : gc_clock::duration(0);
-        if (marker.is_live()) {
-            // make sure that an entry corresponding to the row marker's timestamp and ttl is in the map
-            (void)cr_updates[std::pair(marker_timestamp, marker_ttl)];
+    data_type get_value_type(bytes_view);
+    */
+
+    void cell(bytes_view key, const atomic_cell_view& c) {
+        auto& entry = get_or_append_entry(c.timestamp(), get_ttl(c));
+        entry.cells.emplace_back(to_bytes(key), atomic_cell(*static_cast<V&>(*this).get_value_type(key), c));
+    }
+
+public:
+    extract_collection_visitor(column_id id, std::map<change_key_t, row_update>& updates)
+        : _id(id), _updates(updates) {}
+
+    void collection_tombstone(const tombstone& t) {
+        auto& entry = get_or_append_entry(t.timestamp + 1, gc_clock::duration(0));
+        entry.t = t;
+    }
+
+    void live_collection_cell(bytes_view key, const atomic_cell_view& c) {
+        cell(key, c);
+    }
+
+    void dead_collection_cell(bytes_view key, const atomic_cell_view& c) {
+        cell(key, c);
+    }
+
+    constexpr bool finished() const { return false; }
+};
+
+/* Visits all cells and tombstones in a row, putting the encountered changes into buckets
+ * sorted by timestamp first and ttl second (see `_updates`).
+ */
+struct extract_row_visitor {
+    std::map<change_key_t, row_update> _updates;
+
+    void cell(const column_definition& cdef, const atomic_cell_view& cell) {
+        _updates[std::pair(cell.timestamp(), get_ttl(cell))].atomic_entries.push_back({cdef.id, atomic_cell(*cdef.type, cell)});
+    }
+
+    void live_atomic_cell(const column_definition& cdef, const atomic_cell_view& c) {
+        cell(cdef, c);
+    }
+
+    void dead_atomic_cell(const column_definition& cdef, const atomic_cell_view& c) {
+        cell(cdef, c);
+    }
+
+    void collection_column(const column_definition& cdef, auto&& visit_collection) {
+        visit(*cdef.type, make_visitor(
+        [&] (const collection_type_impl& ctype) {
+            struct collection_visitor : public extract_collection_visitor<collection_visitor> {
+                data_type _value_type;
+
+                collection_visitor(column_id id, std::map<change_key_t, row_update>& updates, const collection_type_impl& ctype)
+                    : extract_collection_visitor<collection_visitor>(id, updates), _value_type(ctype.value_comparator()) {}
+
+                data_type get_value_type(bytes_view) {
+                    return _value_type;
+                }
+            } v(cdef.id, _updates, ctype);
+
+            visit_collection(v);
+        },
+        [&] (const user_type_impl& utype) {
+            struct udt_visitor : public extract_collection_visitor<udt_visitor> {
+                const user_type_impl& _utype;
+
+                udt_visitor(column_id id, std::map<change_key_t, row_update>& updates, const user_type_impl& utype)
+                    : extract_collection_visitor<udt_visitor>(id, updates), _utype(utype) {}
+
+                data_type get_value_type(bytes_view key) {
+                    return _utype.type(deserialize_field_index(key));
+                }
+            } v(cdef.id, _updates, utype);
+
+            visit_collection(v);
+        },
+        [&] (const abstract_type& o) {
+            throw std::runtime_error(format("extract_changes: unknown collection type:", o.name()));
         }
+        ));
+    }
 
-        auto is_insert = [&] (api::timestamp_type timestamp, gc_clock::duration ttl) {
-            if (!marker.is_live()) {
-                return false;
+    constexpr bool finished() const { return false; }
+};
+
+struct extract_changes_visitor {
+    set_of_changes _result;
+
+    void static_row_cells(auto&& visit_row_cells) {
+        extract_row_visitor v;
+        visit_row_cells(v);
+
+        for (auto& [ts_ttl, row_update]: v._updates) {
+            _result[ts_ttl.first].static_updates.push_back({
+                ts_ttl.second,
+                std::move(row_update.atomic_entries),
+                std::move(row_update.nonatomic_entries)
+            });
+        }
+    }
+
+    void clustered_row_cells(const clustering_key& ckey, auto&& visit_row_cells) {
+        struct clustered_cells_visitor : public extract_row_visitor {
+            api::timestamp_type _marker_ts;
+            gc_clock::duration _marker_ttl;
+            std::optional<row_marker> _marker;
+
+            void marker(const row_marker& rm) {
+                _marker_ts = rm.timestamp();
+                _marker_ttl = get_ttl(rm);
+                _marker = rm;
+
+                // make sure that an entry corresponding to the row marker's timestamp and ttl is in the map
+                (void)_updates[std::pair(_marker_ts, _marker_ttl)];
             }
+        } v;
+        visit_row_cells(v);
 
-            return timestamp == marker_timestamp && ttl == marker_ttl;
-        };
-
-        for (auto& [k, up]: cr_updates) {
+        for (auto& [ts_ttl, row_update]: v._updates) {
             // It is important that changes in the resulting `set_of_changes` are listed
             // in increasing TTL order. The reason is explained in a comment in cdc/log.cc,
             // search for "#6070".
-            auto [timestamp, ttl] = k;
+            auto [ts, ttl] = ts_ttl;
 
-            if (is_insert(timestamp, ttl)) {
-                res[timestamp].clustered_inserts.push_back({
+            if (v._marker && ts == v._marker_ts && ttl == v._marker_ttl) {
+                _result[ts].clustered_inserts.push_back({
                         ttl,
-                        cr.key(),
-                        marker,
-                        std::move(up.atomic_entries),
+                        ckey,
+                        *v._marker,
+                        std::move(row_update.atomic_entries),
                         {}
                     });
 
-                auto& cr_insert = res[timestamp].clustered_inserts.back();
+                auto& cr_insert = _result[ts].clustered_inserts.back();
                 bool clustered_update_exists = false;
-                for (auto& nonatomic_up: up.nonatomic_entries) {
+                for (auto& nonatomic_up: row_update.nonatomic_entries) {
                     // Updating a collection column with an INSERT statement implies inserting a tombstone.
                     //
                     // For example, suppose that we have:
@@ -205,9 +355,9 @@ set_of_changes extract_changes(const mutation& base_mutation, const schema& base
                         cr_insert.nonatomic_entries.push_back(std::move(nonatomic_up));
                     } else {
                         if (!clustered_update_exists) {
-                            res[timestamp].clustered_updates.push_back({
+                            _result[ts].clustered_updates.push_back({
                                 ttl,
-                                cr.key(),
+                                ckey,
                                 {},
                                 {}
                             });
@@ -228,201 +378,239 @@ set_of_changes extract_changes(const mutation& base_mutation, const schema& base
                             clustered_update_exists = true;
                         }
 
-                        auto& cr_update = res[timestamp].clustered_updates.back();
+                        auto& cr_update = _result[ts].clustered_updates.back();
                         cr_update.nonatomic_entries.push_back(std::move(nonatomic_up));
                     }
                 }
             } else {
-                res[timestamp].clustered_updates.push_back({
+                _result[ts].clustered_updates.push_back({
                         ttl,
-                        cr.key(),
-                        std::move(up.atomic_entries),
-                        std::move(up.nonatomic_entries)
+                        ckey,
+                        std::move(row_update.atomic_entries),
+                        std::move(row_update.nonatomic_entries)
                     });
             }
         }
-
-        auto row_tomb = cr.row().deleted_at().regular();
-        if (row_tomb) {
-            res[row_tomb.timestamp].clustered_row_deletions.push_back({cr.key(), row_tomb});
-        }
     }
 
-    for (const auto& rt: p.row_tombstones()) {
-        if (rt.tomb.timestamp != api::missing_timestamp) {
-            res[rt.tomb.timestamp].clustered_range_deletions.push_back({rt});
-        }
+    void clustered_row_delete(const clustering_key& ckey, const tombstone& t) {
+        _result[t.timestamp].clustered_row_deletions.push_back({ckey, t});
     }
 
-    auto partition_tomb_timestamp = p.partition_tombstone().timestamp;
-    if (partition_tomb_timestamp != api::missing_timestamp) {
-        res[partition_tomb_timestamp].partition_deletions = {p.partition_tombstone()};
+    void range_delete(const range_tombstone& rt) {
+        _result[rt.tomb.timestamp].clustered_range_deletions.push_back({rt});
     }
 
-    return res;
+    void partition_delete(const tombstone& t) {
+        _result[t.timestamp].partition_deletions = {t};
+    }
+
+    constexpr bool finished() const { return false; }
+};
+
+set_of_changes extract_changes(const mutation& m) {
+    extract_changes_visitor v;
+    cdc::inspect_mutation(m, v);
+    return std::move(v._result);
 }
 
 namespace cdc {
 
-bool should_split(const mutation& base_mutation, const schema& base_schema) {
-    auto& p = base_mutation.partition();
+struct find_timestamp_visitor {
+    api::timestamp_type _ts = api::missing_timestamp;
 
-    api::timestamp_type found_ts = api::missing_timestamp;
-    std::optional<gc_clock::duration> found_ttl; // 0 = "no ttl"
+    bool finished() const { return _ts != api::missing_timestamp; }
 
-    auto check_or_set = [&] (api::timestamp_type ts, gc_clock::duration ttl) {
-        if (found_ts != api::missing_timestamp && found_ts != ts) {
-            return true;
-        }
-        found_ts = ts;
+    void visit(api::timestamp_type ts) { _ts = ts; }
+    void visit(const atomic_cell_view& cell) { visit(cell.timestamp()); }
 
-        if (found_ttl && *found_ttl != ttl) {
-            return true;
-        }
-        found_ttl = ttl;
+    void live_atomic_cell(const column_definition&, const atomic_cell_view& cell) { visit(cell); }
+    void dead_atomic_cell(const column_definition&, const atomic_cell_view& cell) { visit(cell); }
+    void collection_tombstone(const tombstone& t) {
+        // A collection tombstone with timestamp T can be created with:
+        // UPDATE ks.t USING TIMESTAMP T + 1 SET X = null WHERE ...
+        // (where X is a collection column).
+        // This is, among others, the reason why we show it in the CDC log
+        // with cdc$time using timestamp T + 1 instead of T.
+        visit(t.timestamp + 1);
+    }
+    void live_collection_cell(bytes_view, const atomic_cell_view& cell) { visit(cell); }
+    void dead_collection_cell(bytes_view, const atomic_cell_view& cell) { visit(cell); }
+    void collection_column(const column_definition&, auto&& visit_collection) { visit_collection(*this); }
+    void marker(const row_marker& rm) { visit(rm.timestamp()); }
+    void static_row_cells(auto&& visit_row_cells) { visit_row_cells(*this); }
+    void clustered_row_cells(const clustering_key&, auto&& visit_row_cells) { visit_row_cells(*this); }
+    void clustered_row_delete(const clustering_key&, const tombstone& t) { visit(t.timestamp); }
+    void range_delete(const range_tombstone& t) { visit(t.tomb.timestamp); }
+    void partition_delete(const tombstone& t) { visit(t.timestamp); }
+};
 
-        return false;
-    };
+/* Find some timestamp inside the given mutation.
+ *
+ * If this mutation was created using a single insert/update/delete statement, then it will have a single,
+ * well-defined timestamp (even if this timestamp occurs multiple times, e.g. in a cell and row_marker).
+ *
+ * This function shouldn't be used for mutations that have multiple different timestamps: the function
+ * would only find one of them. When dealing with such mutations, the caller should first split the mutation
+ * into multiple ones, each with a single timestamp.
+ */
+api::timestamp_type find_timestamp(const mutation& m) {
+    find_timestamp_visitor v;
 
-    bool had_static_row = false;
+    cdc::inspect_mutation(m, v);
 
-    bool should_split = false;
-    p.static_row().get().for_each_cell([&] (column_id id, const atomic_cell_or_collection& cell) {
-        had_static_row = true;
-
-        auto& cdef = base_schema.column_at(column_kind::static_column, id);
-        if (cdef.is_atomic()) {
-            auto view = cell.as_atomic_cell(cdef);
-            if (check_or_set(view.timestamp(), view.is_live_and_has_ttl() ? view.ttl() : gc_clock::duration(0))) {
-                should_split = true;
-            }
-            return;
-        }
-
-        cell.as_collection_mutation().with_deserialized(*cdef.type, [&] (collection_mutation_view_description mview) {
-            auto desc = mview.materialize(*cdef.type);
-            for (auto& [k, v]: desc.cells) {
-                if (check_or_set(v.timestamp(), v.is_live_and_has_ttl() ? v.ttl() : gc_clock::duration(0))) {
-                    should_split = true;
-                    return;
-                }
-            }
-
-            if (desc.tomb) {
-                if (check_or_set(desc.tomb.timestamp + 1, gc_clock::duration(0))) {
-                    should_split = true;
-                    return;
-                }
-            }
-        });
-    });
-
-    if (should_split) {
-        return true;
+    if (v._ts == api::missing_timestamp) {
+        throw std::runtime_error("cdc: could not find timestamp of mutation");
     }
 
-    bool had_clustered_row = false;
-
-    if (!p.clustered_rows().empty() && had_static_row) {
-        return true;
-    }
-    for (const rows_entry& cr : p.clustered_rows()) {
-        had_clustered_row = true;
-
-        const auto& marker = cr.row().marker();
-        if (marker.is_live() && check_or_set(marker.timestamp(), marker.is_expiring() ? marker.ttl() : gc_clock::duration(0))) {
-            return true;
-        }
-
-        bool is_insert = marker.is_live();
-
-        bool had_cells = false;
-        cr.row().cells().for_each_cell([&] (column_id id, const atomic_cell_or_collection& cell) {
-            had_cells = true;
-
-            auto& cdef = base_schema.column_at(column_kind::regular_column, id);
-            if (cdef.is_atomic()) {
-                auto view = cell.as_atomic_cell(cdef);
-                if (check_or_set(view.timestamp(), view.is_live_and_has_ttl() ? view.ttl() : gc_clock::duration(0))) {
-                    should_split = true;
-                }
-                return;
-            }
-
-            cell.as_collection_mutation().with_deserialized(*cdef.type, [&] (collection_mutation_view_description mview) {
-                for (auto& [k, v]: mview.cells) {
-                    if (check_or_set(v.timestamp(), v.is_live_and_has_ttl() ? v.ttl() : gc_clock::duration(0))) {
-                        should_split = true;
-                        return;
-                    }
-
-                    if (is_insert) {
-                        // nonatomic updates cannot be expressed with an INSERT.
-                        should_split = true;
-                        return;
-                    }
-                }
-
-                if (mview.tomb) {
-                    if (check_or_set(mview.tomb.timestamp + 1, gc_clock::duration(0))) {
-                        should_split = true;
-                        return;
-                    }
-                }
-            });
-        });
-
-        if (should_split) {
-            return true;
-        }
-
-        auto row_tomb = cr.row().deleted_at().regular();
-        if (row_tomb) {
-            if (had_cells) {
-                return true;
-            }
-
-            // there were no cells, so no ttl
-            assert(!found_ttl);
-            if (found_ts != api::missing_timestamp && found_ts != row_tomb.timestamp) {
-                return true;
-            }
-
-            found_ts = row_tomb.timestamp;
-        }
-    }
-
-    if (!p.row_tombstones().empty() && (had_static_row || had_clustered_row)) {
-        return true;
-    }
-
-    for (const auto& rt: p.row_tombstones()) {
-        if (rt.tomb) {
-            if (found_ts != api::missing_timestamp && found_ts != rt.tomb.timestamp) {
-                return true;
-            }
-
-            found_ts = rt.tomb.timestamp;
-        }
-    }
-
-    if (p.partition_tombstone().timestamp != api::missing_timestamp
-            && (!p.row_tombstones().empty() || had_static_row || had_clustered_row)) {
-        return true;
-    }
-
-    // A mutation with no timestamp will be split into 0 mutations
-    return found_ts == api::missing_timestamp;
+    return v._ts;
 }
 
-void for_each_change(const mutation& base_mutation, const schema_ptr& base_schema,
-        seastar::noncopyable_function<void(mutation, api::timestamp_type, bytes, int&)> f) {
-    auto changes = extract_changes(base_mutation, *base_schema);
+/* If a mutation contains multiple timestamps, multiple ttls, or multiple types of changes
+ * (e.g. it was created from a batch that both updated a clustered row and deleted a clustered row),
+ * we split it into multiple mutations, each with exactly one timestamp, at most one ttl, and a single type of change.
+ * We also split if we find both a change with no ttl (e.g. a cell tombstone) and a change with ttl (e.g. a ttled cell update).
+ *
+ * The `should_split` function checks whether the mutation requires such splitting, using `should_split_visitor`.
+ * The visitor uses the order in which the mutation is being visited (see the documentation of ChangeVisitor),
+ * remembers a bunch of state based on whatever was visited until now (e.g. was there a static row update?
+ * Was there a clustered row update? Was there a clustered row delete? Was there a TTL?)
+ * and tells the caller to stop on the first occurence of a second timestamp/ttl/type of change.
+ */
+struct should_split_visitor {
+    bool _had_static_row = false;
+    bool _had_clustered_row = false;
+    bool _had_upsert = false;
+    bool _had_row_marker = false;
+    bool _had_range_delete = false;
+
+    bool _result = false;
+
+    // This becomes a valid (non-missing) timestamp after visiting the first change.
+    // Then, if we encounter any different timestamp, it means that we should split.
+    api::timestamp_type _ts = api::missing_timestamp;
+
+    // This becomes non-null after visiting the fist change.
+    // If the change did not have a ttl (e.g. a non-ttled cell, or a tombstone), we store gc_clock::duration(0) there,
+    // because specifying ttl = 0 is equivalent to not specifying a TTL.
+    // Otherwise we store the change's ttl.
+    std::optional<gc_clock::duration> _ttl = std::nullopt;
+
+    inline bool finished() const { return _result; }
+    inline void stop() { _result = true; }
+
+    void visit(api::timestamp_type ts, gc_clock::duration ttl = gc_clock::duration(0)) {
+        if (_ts != api::missing_timestamp && _ts != ts) {
+            return stop();
+        }
+        _ts = ts;
+
+        if (_ttl && *_ttl != ttl) {
+            return stop();
+        }
+        _ttl = { ttl };
+    }
+
+    void visit(const atomic_cell_view& cell) { visit(cell.timestamp(), get_ttl(cell)); }
+
+    void live_atomic_cell(const column_definition&, const atomic_cell_view& cell) { visit(cell); }
+    void dead_atomic_cell(const column_definition&, const atomic_cell_view& cell) { visit(cell); }
+
+    void collection_tombstone(const tombstone& t) { visit(t.timestamp + 1); }
+
+    void live_collection_cell(bytes_view, const atomic_cell_view& cell) {
+        if (_had_row_marker) {
+            // nonatomic updates cannot be expressed with an INSERT.
+            return stop();
+        }
+        visit(cell);
+    }
+    void dead_collection_cell(bytes_view, const atomic_cell_view& cell) { visit(cell); }
+    void collection_column(const column_definition&, auto&& visit_collection) { visit_collection(*this); }
+
+    void marker(const row_marker& rm) {
+        _had_row_marker = true;
+        visit(rm.timestamp(), get_ttl(rm));
+    }
+
+    void static_row_cells(auto&& visit_row_cells) {
+        _had_static_row = true;
+        visit_row_cells(*this);
+    }
+
+    void clustered_row_cells(const clustering_key&, auto&& visit_row_cells) {
+        if (_had_static_row) {
+            return stop();
+        }
+        _had_clustered_row = _had_upsert = true;
+        visit_row_cells(*this);
+    }
+
+    void clustered_row_delete(const clustering_key&, const tombstone& t) {
+        if (_had_static_row || _had_upsert) {
+            return stop();
+        }
+        _had_clustered_row = true;
+        visit(t.timestamp);
+    }
+
+    void range_delete(const range_tombstone& t) {
+        if (_had_static_row || _had_clustered_row) {
+            return stop();
+        }
+        _had_range_delete = true;
+        visit(t.tomb.timestamp);
+    }
+
+    void partition_delete(const tombstone&) {
+        if (_had_range_delete || _had_static_row || _had_clustered_row) {
+            return stop();
+        }
+    }
+};
+
+bool should_split(const mutation& m) {
+    should_split_visitor v;
+
+    cdc::inspect_mutation(m, v);
+
+    return v._result
+    // A mutation with no timestamp will be split into 0 mutations:
+        || v._ts == api::missing_timestamp;
+}
+
+void process_changes_with_splitting(const mutation& base_mutation, change_processor& processor,
+        bool enable_preimage, bool enable_postimage) {
+    const auto base_schema = base_mutation.schema();
+    auto changes = extract_changes(base_mutation);
     auto pk = base_mutation.key();
 
+    if (changes.empty()) {
+        return;
+    }
+
+    const auto last_timestamp = changes.rbegin()->first;
+
     for (auto& [change_ts, btch] : changes) {
-        auto tuuid = timeuuid_type->decompose(generate_timeuuid(change_ts));
-        int batch_no = 0;
+        const bool is_last = change_ts == last_timestamp;
+        processor.begin_timestamp(change_ts, is_last);
+
+        clustered_column_set affected_clustered_columns_per_row{clustering_key::less_compare(*base_schema)};
+        one_kind_column_set affected_static_columns{base_schema->static_columns_count()};
+
+        if (enable_preimage || enable_postimage) {
+            affected_static_columns = btch.get_affected_static_columns(*base_schema);
+            affected_clustered_columns_per_row = btch.get_affected_clustered_columns_per_row(*base_mutation.schema());
+        }
+
+        if (enable_preimage) {
+            if (affected_static_columns.count() > 0) {
+                processor.produce_preimage(nullptr, affected_static_columns);
+            }
+            for (const auto& [ck, affected_row_cells] : affected_clustered_columns_per_row) {
+                processor.produce_preimage(&ck, affected_row_cells);
+            }
+        }
 
         for (auto& sr_update : btch.static_updates) {
             mutation m(base_schema, pk);
@@ -434,7 +622,7 @@ void for_each_change(const mutation& base_mutation, const schema_ptr& base_schem
                 auto& cdef = base_schema->column_at(column_kind::static_column, nonatomic_update.id);
                 m.set_static_cell(cdef, collection_mutation_description{nonatomic_update.t, std::move(nonatomic_update.cells)}.serialize(*cdef.type));
             }
-            f(std::move(m), change_ts, tuuid, batch_no);
+            processor.process_change(m);
         }
 
         for (auto& cr_insert : btch.clustered_inserts) {
@@ -451,7 +639,7 @@ void for_each_change(const mutation& base_mutation, const schema_ptr& base_schem
             }
             row.apply(cr_insert.marker);
 
-            f(std::move(m), change_ts, tuuid, batch_no);
+            processor.process_change(m);
         }
 
         for (auto& cr_update : btch.clustered_updates) {
@@ -467,27 +655,86 @@ void for_each_change(const mutation& base_mutation, const schema_ptr& base_schem
                 row.apply(cdef, collection_mutation_description{nonatomic_update.t, std::move(nonatomic_update.cells)}.serialize(*cdef.type));
             }
 
-            f(std::move(m), change_ts, tuuid, batch_no);
+            processor.process_change(m);
         }
 
         for (auto& cr_delete : btch.clustered_row_deletions) {
             mutation m(base_schema, pk);
             m.partition().apply_delete(*base_schema, cr_delete.key, cr_delete.t);
-            f(std::move(m), change_ts, tuuid, batch_no);
+            processor.process_change(m);
         }
 
         for (auto& crange_delete : btch.clustered_range_deletions) {
             mutation m(base_schema, pk);
             m.partition().apply_delete(*base_schema, crange_delete.rt);
-            f(std::move(m), change_ts, tuuid, batch_no);
+            processor.process_change(m);
         }
 
         if (btch.partition_deletions) {
             mutation m(base_schema, pk);
             m.partition().apply(btch.partition_deletions->t);
-            f(std::move(m), change_ts, tuuid, batch_no);
+            processor.process_change(m);
         }
+
+        if (enable_postimage) {
+            if (affected_static_columns.count() > 0) {
+                processor.produce_postimage(nullptr);
+            }
+            for (const auto& [ck, crow] : affected_clustered_columns_per_row) {
+                processor.produce_postimage(&ck);
+            }
+        }
+
+        processor.end_record();
     }
 }
 
+void process_changes_without_splitting(const mutation& base_mutation, change_processor& processor,
+        bool enable_preimage, bool enable_postimage) {
+    auto ts = find_timestamp(base_mutation);
+    processor.begin_timestamp(ts, true);
+
+    const auto base_schema = base_mutation.schema();
+
+    if (enable_preimage) {
+        const auto& p = base_mutation.partition();
+
+        one_kind_column_set columns{base_schema->static_columns_count()};
+        if (!p.static_row().empty()) {
+            p.static_row().get().for_each_cell([&] (column_id id, const atomic_cell_or_collection& cell) {
+                columns.set(id);
+            });
+            processor.produce_preimage(nullptr, columns);
+        }
+
+        columns.resize(base_schema->regular_columns_count());
+        for (const rows_entry& cr : p.clustered_rows()) {
+            columns.reset();
+            if (cr.row().deleted_at().regular()) {
+                // Row deleted - include all columns in preimage
+                columns.set(0, base_schema->regular_columns_count(), true);
+            } else {
+                cr.row().cells().for_each_cell([&] (column_id id, const atomic_cell_or_collection& cell) {
+                    columns.set(id);
+                });
+            }
+            processor.produce_preimage(&cr.key(), columns);
+        }
+    }
+
+    processor.process_change(base_mutation);
+
+    if (enable_postimage) {
+        const auto& p = base_mutation.partition();
+        if (!p.static_row().empty()) {
+            processor.produce_postimage(nullptr);
+        }
+        for (const rows_entry& cr : p.clustered_rows()) {
+            processor.produce_postimage(&cr.key());
+        }
+    }
+
+    processor.end_record();
+}
+
 } // namespace cdc

cdc/split.hh

@@ -22,6 +22,7 @@
 #pragma once
 
 #include <vector>
+#include <boost/dynamic_bitset.hpp>
 #include "schema_fwd.hh"
 #include "timestamp.hh"
 #include "bytes.hh"
@@ -31,8 +32,61 @@ class mutation;
 
 namespace cdc {
 
-bool should_split(const mutation& base_mutation, const schema& base_schema);
-void for_each_change(const mutation& base_mutation, const schema_ptr& base_schema,
-        seastar::noncopyable_function<void(mutation, api::timestamp_type, bytes, int&)>);
+// Represents a set of column ids of one kind (partition key, clustering key, regular row or static row).
+// There already exists a column_set type, but it keeps ordinal_column_ids, not column_ids (ordinal column ids
+// are unique across whole table, while kind-specific ids are unique only within one column kind).
+// To avoid converting back and forth between ordinal and kind-specific ids, one_kind_column_set is used instead.
+using one_kind_column_set = boost::dynamic_bitset<uint64_t>;
+
+// An object that processes changes from a single, big mutation.
+// It is intended to be used with process_changes_xxx_splitting. Those functions define the order and layout in which
+// changes should appear in CDC log, and change_processor is responsible for producing CDC log rows from changes given
+// by those two functions.
+//
+// The flow of calling its methods should go as follows:
+//   -> begin_timestamp #1
+//     -> produce_preimage (one call for each preimage row to be generated)
+//     -> process_change (one call for each part generated by the splitting function)
+//     -> produce_postimage (one call for each postimage row to be generated)
+//   -> begin_timestamp #2
+//   ...
+class change_processor {
+protected:
+    ~change_processor() {};
+public:
+    // Tells the processor that changes that follow from now on will be of given timestamp.
+    // This method must be called in increasing timestamp order.
+    // begin_timestamp can be called only once for a given timestamp and change_processor object.
+    //   ts - timestamp of mutation parts
+    //   is_last - determines if this will be the last timestamp to be processed by this change_processor instance.
+    virtual void begin_timestamp(api::timestamp_type ts, bool is_last) = 0;
+
+    // Tells the processor to produce a preimage for a given clustering/static row.
+    //   ck - clustering key of the row for which to produce a preimage; if nullptr, static row preimage is requested
+    //   columns_to_include - include information about the current state of those columns only, leave others as null
+    virtual void produce_preimage(const clustering_key* ck, const one_kind_column_set& columns_to_include) = 0;
+
+    // Tells the processor to produce a postimage for a given clustering/static row.
+    // Contrary to preimage, this requires data from all columns to be present.
+    //   ck - clustering key of the row for which to produce a postimage; if nullptr, static row postimage is requested
+    virtual void produce_postimage(const clustering_key* ck) = 0;
+
+    // Processes a smaller mutation which is a subset of the big mutation.
+    // The mutation provided to process_change should be simple enough for it to be possible to convert it
+    // into CDC log rows - for example, it cannot represent a write to two columns of the same row, where
+    // both columns have different timestamp or TTL set.
+    //   m - the small mutation to be converted into CDC log rows.
+    virtual void process_change(const mutation& m) = 0;
+
+    // Tells processor we have reached end of record - last part
+    // of a given timestamp batch
+    virtual void end_record() = 0;
+};
+
+bool should_split(const mutation& base_mutation);
+void process_changes_with_splitting(const mutation& base_mutation, change_processor& processor,
+        bool enable_preimage, bool enable_postimage);
+void process_changes_without_splitting(const mutation& base_mutation, change_processor& processor,
+        bool enable_preimage, bool enable_postimage);
 
 }

checked-file-impl.hh

@@ -31,10 +31,7 @@ class checked_file_impl : public file_impl {
 public:
 
     checked_file_impl(const io_error_handler& error_handler, file f)
-            : _error_handler(error_handler), _file(f) {
-        _memory_dma_alignment = f.memory_dma_alignment();
-        _disk_read_dma_alignment = f.disk_read_dma_alignment();
-        _disk_write_dma_alignment = f.disk_write_dma_alignment();
+            : file_impl(*get_file_impl(f)),  _error_handler(error_handler), _file(f) {
     }
 
     virtual future<size_t> write_dma(uint64_t pos, const void* buffer, size_t len, const io_priority_class& pc) override {

clustering_bounds_comparator.hh

@@ -67,8 +67,8 @@ public:
         int operator()(const clustering_key_prefix& p1, int32_t w1, const clustering_key_prefix& p2, int32_t w2) const {
             auto type = _s.get().clustering_key_prefix_type();
             auto res = prefix_equality_tri_compare(type->types().begin(),
-                type->begin(p1), type->end(p1),
-                type->begin(p2), type->end(p2),
+                type->begin(p1.representation()), type->end(p1.representation()),
+                type->begin(p2.representation()), type->end(p2.representation()),
                 ::tri_compare);
             if (res) {
                 return res;

clustering_interval_set.hh

@@ -72,7 +72,14 @@ public:
         }
         return result;
     }
-    class position_range_iterator : public std::iterator<std::input_iterator_tag, const position_range> {
+    class position_range_iterator {
+    public:
+        using iterator_category = std::input_iterator_tag;
+        using value_type = const position_range;
+        using difference_type = std::ptrdiff_t;
+        using pointer = const position_range*;
+        using reference = const position_range&;
+    private:
         set_type::iterator _i;
     public:
         position_range_iterator(set_type::iterator i) : _i(i) {}

clustering_ranges_walker.hh

@@ -65,6 +65,11 @@ private:
                 _current_start = position_in_partition_view::for_range_start(_current_range.front());
                 _current_end = position_in_partition_view::for_range_end(_current_range.front());
             }
+        } else {
+             // If the first range is contiguous with the static row, then advance _current_end as much as we can
+             if (_current_range && !_current_range.front().start()) {
+                 _current_end = position_in_partition_view::for_range_end(_current_range.front());
+             }
         }
     }
 

collection_mutation.cc

@@ -22,7 +22,6 @@
 #include "types/collection.hh"
 #include "types/user.hh"
 #include "concrete_types.hh"
-#include "atomic_cell_or_collection.hh"
 #include "mutation_partition.hh"
 #include "compaction_garbage_collector.hh"
 #include "combine.hh"
@@ -30,40 +29,28 @@
 #include "collection_mutation.hh"
 
 collection_mutation::collection_mutation(const abstract_type& type, collection_mutation_view v)
-    : _data(imr_object_type::make(data::cell::make_collection(v.data), &type.imr_state().lsa_migrator())) {}
+    : _data(v.data) {}
 
-collection_mutation::collection_mutation(const abstract_type& type, const bytes_ostream& data)
-	: _data(imr_object_type::make(data::cell::make_collection(fragment_range_view(data)), &type.imr_state().lsa_migrator())) {}
-
-static collection_mutation_view get_collection_mutation_view(const uint8_t* ptr)
-{
-    auto f = data::cell::structure::get_member<data::cell::tags::flags>(ptr);
-    auto ti = data::type_info::make_collection();
-    data::cell::context ctx(f, ti);
-    auto view = data::cell::structure::get_member<data::cell::tags::cell>(ptr).as<data::cell::tags::collection>(ctx);
-    auto dv = data::cell::variable_value::make_view(view, f.get<data::cell::tags::external_data>());
-    return collection_mutation_view { dv };
-}
+collection_mutation::collection_mutation(const abstract_type& type, managed_bytes data)
+    : _data(std::move(data)) {}
 
 collection_mutation::operator collection_mutation_view() const
 {
-    return get_collection_mutation_view(_data.get());
+    return collection_mutation_view{managed_bytes_view(_data)};
 }
 
 collection_mutation_view atomic_cell_or_collection::as_collection_mutation() const {
-    return get_collection_mutation_view(_data.get());
+    return collection_mutation_view{managed_bytes_view(_data)};
 }
 
 bool collection_mutation_view::is_empty() const {
-    auto in = collection_mutation_input_stream(data);
+    auto in = collection_mutation_input_stream(fragment_range(data));
     auto has_tomb = in.read_trivial<bool>();
     return !has_tomb && in.read_trivial<uint32_t>() == 0;
 }
 
-template <typename F>
-requires std::is_invocable_r_v<const data::type_info&, F, collection_mutation_input_stream&>
-static bool is_any_live(const atomic_cell_value_view& data, tombstone tomb, gc_clock::time_point now, F&& read_cell_type_info) {
-    auto in = collection_mutation_input_stream(data);
+bool collection_mutation_view::is_any_live(const abstract_type& type, tombstone tomb, gc_clock::time_point now) const {
+    auto in = collection_mutation_input_stream(fragment_range(data));
     auto has_tomb = in.read_trivial<bool>();
     if (has_tomb) {
         auto ts = in.read_trivial<api::timestamp_type>();
@@ -73,9 +60,10 @@ static bool is_any_live(const atomic_cell_value_view& data, tombstone tomb, gc_c
 
     auto nr = in.read_trivial<uint32_t>();
     for (uint32_t i = 0; i != nr; ++i) {
-        auto& type_info = read_cell_type_info(in);
+        auto key_size = in.read_trivial<uint32_t>();
+        in.skip(key_size);
         auto vsize = in.read_trivial<uint32_t>();
-        auto value = atomic_cell_view::from_bytes(type_info, in.read(vsize));
+        auto value = atomic_cell_view::from_bytes(type, in.read(vsize));
         if (value.is_live(tomb, now, false)) {
             return true;
         }
@@ -84,33 +72,8 @@ static bool is_any_live(const atomic_cell_value_view& data, tombstone tomb, gc_c
     return false;
 }
 
-bool collection_mutation_view::is_any_live(const abstract_type& type, tombstone tomb, gc_clock::time_point now) const {
-    return visit(type, make_visitor(
-    [&] (const collection_type_impl& ctype) {
-        auto& type_info = ctype.value_comparator()->imr_state().type_info();
-        return ::is_any_live(data, tomb, now, [&type_info] (collection_mutation_input_stream& in) -> const data::type_info& {
-            auto key_size = in.read_trivial<uint32_t>();
-            in.skip(key_size);
-            return type_info;
-        });
-    },
-    [&] (const user_type_impl& utype) {
-        return ::is_any_live(data, tomb, now, [&utype] (collection_mutation_input_stream& in) -> const data::type_info& {
-            auto key_size = in.read_trivial<uint32_t>();
-            auto key = in.read(key_size);
-            return utype.type(deserialize_field_index(key))->imr_state().type_info();
-        });
-    },
-    [&] (const abstract_type& o) -> bool {
-        throw std::runtime_error(format("collection_mutation_view::is_any_live: unknown type {}", o.name()));
-    }
-    ));
-}
-
-template <typename F>
-requires std::is_invocable_r_v<const data::type_info&, F, collection_mutation_input_stream&>
-static api::timestamp_type last_update(const atomic_cell_value_view& data, F&& read_cell_type_info) {
-    auto in = collection_mutation_input_stream(data);
+api::timestamp_type collection_mutation_view::last_update(const abstract_type& type) const {
+    auto in = collection_mutation_input_stream(fragment_range(data));
     api::timestamp_type max = api::missing_timestamp;
     auto has_tomb = in.read_trivial<bool>();
     if (has_tomb) {
@@ -120,39 +83,16 @@ static api::timestamp_type last_update(const atomic_cell_value_view& data, F&& r
 
     auto nr = in.read_trivial<uint32_t>();
     for (uint32_t i = 0; i != nr; ++i) {
-        auto& type_info = read_cell_type_info(in);
+        const auto key_size = in.read_trivial<uint32_t>();
+        in.skip(key_size);
         auto vsize = in.read_trivial<uint32_t>();
-        auto value = atomic_cell_view::from_bytes(type_info, in.read(vsize));
+        auto value = atomic_cell_view::from_bytes(type, in.read(vsize));
         max = std::max(value.timestamp(), max);
     }
 
     return max;
 }
 
-
-api::timestamp_type collection_mutation_view::last_update(const abstract_type& type) const {
-    return visit(type, make_visitor(
-    [&] (const collection_type_impl& ctype) {
-        auto& type_info = ctype.value_comparator()->imr_state().type_info();
-        return ::last_update(data, [&type_info] (collection_mutation_input_stream& in) -> const data::type_info& {
-            auto key_size = in.read_trivial<uint32_t>();
-            in.skip(key_size);
-            return type_info;
-        });
-    },
-    [&] (const user_type_impl& utype) {
-        return ::last_update(data, [&utype] (collection_mutation_input_stream& in) -> const data::type_info& {
-            auto key_size = in.read_trivial<uint32_t>();
-            auto key = in.read(key_size);
-            return utype.type(deserialize_field_index(key))->imr_state().type_info();
-        });
-    },
-    [&] (const abstract_type& o) -> api::timestamp_type {
-        throw std::runtime_error(format("collection_mutation_view::last_update: unknown type {}", o.name()));
-    }
-    ));
-}
-
 std::ostream& operator<<(std::ostream& os, const collection_mutation_view::printer& cmvp) {
     fmt::print(os, "{{collection_mutation_view ");
     cmvp._cmv.with_deserialized(cmvp._type, [&os, &type = cmvp._type] (const collection_mutation_view_description& cmvd) {
@@ -278,28 +218,31 @@ static collection_mutation serialize_collection_mutation(
     auto size = accumulate(cells, (size_t)4, element_size);
     size += 1;
     if (tomb) {
-        size += sizeof(tomb.timestamp) + sizeof(tomb.deletion_time);
+        size += sizeof(int64_t) + sizeof(int64_t);
     }
-    bytes_ostream ret;
-    ret.reserve(size);
-    auto out = ret.write_begin();
-    *out++ = bool(tomb);
+    managed_bytes ret(managed_bytes::initialized_later(), size);
+    managed_bytes_mutable_view out(ret);
+    write<uint8_t>(out, uint8_t(bool(tomb)));
     if (tomb) {
-        write(out, tomb.timestamp);
-        write(out, tomb.deletion_time.time_since_epoch().count());
+        write<int64_t>(out, tomb.timestamp);
+        write<int64_t>(out, tomb.deletion_time.time_since_epoch().count());
     }
-    auto writeb = [&out] (bytes_view v) {
-        serialize_int32(out, v.size());
-        out = std::copy_n(v.begin(), v.size(), out);
+    auto writek = [&out] (bytes_view v) {
+        write<int32_t>(out, v.size());
+        write_fragmented(out, single_fragmented_view(v));
+    };
+    auto writev = [&out] (managed_bytes_view v) {
+        write<int32_t>(out, v.size());
+        write_fragmented(out, v);
     };
     // FIXME: overflow?
-    serialize_int32(out, boost::distance(cells));
+    write<int32_t>(out, boost::distance(cells));
     for (auto&& kv : cells) {
         auto&& k = kv.first;
         auto&& v = kv.second;
-        writeb(k);
+        writek(k);
 
-        writeb(v.serialize());
+        writev(v.serialize());
     }
     return collection_mutation(type, ret);
 }
@@ -448,13 +391,12 @@ deserialize_collection_mutation(const abstract_type& type, collection_mutation_i
     return visit(type, make_visitor(
     [&] (const collection_type_impl& ctype) {
         // value_comparator(), ugh
-        auto& type_info = ctype.value_comparator()->imr_state().type_info();
-        return deserialize_collection_mutation(in, [&type_info] (collection_mutation_input_stream& in) {
+        return deserialize_collection_mutation(in, [&ctype] (collection_mutation_input_stream& in) {
             // FIXME: we could probably avoid the need for size
             auto ksize = in.read_trivial<uint32_t>();
             auto key = in.read(ksize);
             auto vsize = in.read_trivial<uint32_t>();
-            auto value = atomic_cell_view::from_bytes(type_info, in.read(vsize));
+            auto value = atomic_cell_view::from_bytes(*ctype.value_comparator(), in.read(vsize));
             return std::make_pair(key, value);
         });
     },
@@ -464,8 +406,7 @@ deserialize_collection_mutation(const abstract_type& type, collection_mutation_i
             auto ksize = in.read_trivial<uint32_t>();
             auto key = in.read(ksize);
             auto vsize = in.read_trivial<uint32_t>();
-            auto value = atomic_cell_view::from_bytes(
-                    utype.type(deserialize_field_index(key))->imr_state().type_info(), in.read(vsize));
+            auto value = atomic_cell_view::from_bytes(*utype.type(deserialize_field_index(key)), in.read(vsize));
             return std::make_pair(key, value);
         });
     },