IGNITE-27685 Implement exponential backoff for durable finish (#7680)

Author: JKonSir

modules/core/src/main/java/org/apache/ignite/internal/util/IgniteUtils.java

@@ -51,7 +51,6 @@
 import java.util.Map;
 import java.util.Objects;
 import java.util.Optional;
-import java.util.concurrent.Callable;
 import java.util.concurrent.CancellationException;
 import java.util.concurrent.CompletableFuture;
 import java.util.concurrent.ConcurrentHashMap;
@@ -60,7 +59,6 @@
 import java.util.concurrent.Executor;
 import java.util.concurrent.ExecutorService;
 import java.util.concurrent.Future;
-import java.util.concurrent.ScheduledExecutorService;
 import java.util.concurrent.TimeUnit;
 import java.util.concurrent.TimeoutException;
 import java.util.concurrent.atomic.AtomicReference;
@@ -1341,35 +1339,6 @@ public static Object[] flatArray(Object... arguments) {
         return list.toArray();
     }
 
-    /**
-     * Schedules the provided operation to be retried after the specified delay.
-     *
-     * @param operation Operation.
-     * @param delay Delay.
-     * @param unit Time unit of the delay.
-     * @param executor Executor to schedule the retry in.
-     * @return Future that is completed when the operation is successful or failed with an exception.
-     */
-    public static <T> CompletableFuture<T> scheduleRetry(
-            Callable<CompletableFuture<T>> operation,
-            long delay,
-            TimeUnit unit,
-            ScheduledExecutorService executor
-    ) {
-        CompletableFuture<T> future = new CompletableFuture<>();
-
-        executor.schedule(() -> operation.call()
-                .whenComplete((res, e) -> {
-                    if (e == null) {
-                        future.complete(res);
-                    } else {
-                        future.completeExceptionally(e);
-                    }
-                }), delay, unit);
-
-        return future;
-    }
-
     private static CompletableFuture<Void> startAsync(ComponentContext componentContext, Stream<? extends IgniteComponent> components) {
         return allOf(components
                 .filter(Objects::nonNull)

modules/core/src/main/java/org/apache/ignite/internal/util/retry/ExponentialBackoffTimeoutStrategy.java

@@ -0,0 +1,132 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements. See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License. You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.apache.ignite.internal.util.retry;
+
+import java.util.concurrent.ThreadLocalRandom;
+
+/**
+ * A {@link TimeoutStrategy} that increases retry timeouts exponentially on each attempt.
+ *
+ * <p>Each call to {@link #next(int)} multiplies the current timeout by {@code backoffCoefficient},
+ * capping the result at {@link #maxTimeout}. Optionally, random jitter can be applied to spread
+ * retry attempts across time and avoid thundering herd problems under high concurrency.
+ *
+ * <p>When jitter is enabled, the returned timeout is randomized within the range
+ * {@code [raw / 2, raw * 1.5]}, then capped at {@link #maxTimeout}.
+ *
+ * <p>This class is stateless and thread-safe. A single instance can be shared across
+ * multiple retry contexts.
+ */
+// TODO: https://issues.apache.org/jira/browse/IGNITE-28481
+public class ExponentialBackoffTimeoutStrategy implements TimeoutStrategy {
+    /**
+     * Default backoff coefficient applied on each retry step. Doubles the timeout per attempt.
+     */
+    private static final double DEFAULT_BACKOFF_COEFFICIENT = 2.0;
+
+    /**
+     * Multiplier applied to the current timeout on each call to {@link #next(int)}.
+     * Must be greater than {@code 1.0} to produce a growing sequence.
+     */
+    private final double backoffCoefficient;
+
+    /**
+     * Whether to apply random jitter to the computed timeout.
+     * When {@code true}, the result is randomized within {@code [raw / 2, raw * 1.5]}.
+     */
+    private final boolean jitter;
+
+    /**
+     * Upper bound for the timeout produced by this strategy, in milliseconds.
+     * The result of {@link #next(int)} is always capped at this value.
+     */
+    private final int maxTimeout;
+
+    /**
+     * Creates a strategy with default max timeout and backoff coefficient, and no jitter.
+     *
+     * @see TimeoutStrategy#DEFAULT_RETRY_TIMEOUT_MS_MAX
+     * @see #DEFAULT_BACKOFF_COEFFICIENT
+     */
+    public ExponentialBackoffTimeoutStrategy() {
+        this(DEFAULT_RETRY_TIMEOUT_MS_MAX, DEFAULT_BACKOFF_COEFFICIENT);
+    }
+
+    /**
+     * Creates a strategy with the given max timeout and backoff coefficient, and no jitter.
+     *
+     * @param maxTimeout maximum timeout this strategy may produce, in milliseconds.
+     * @param backoffCoefficient multiplier applied to the current timeout on each step.
+     *                           Must be greater than {@code 1.0}.
+     */
+    public ExponentialBackoffTimeoutStrategy(
+            int maxTimeout,
+            double backoffCoefficient
+    ) {
+        this(maxTimeout, backoffCoefficient, false);
+    }
+
+    /**
+     * Creates a strategy with the given max timeout, backoff coefficient, and jitter setting.
+     *
+     * @param maxTimeout maximum timeout this strategy may produce, in milliseconds.
+     * @param backoffCoefficient multiplier applied to the current timeout on each step.
+     *                           Must be greater than {@code 1.0}.
+     * @param jitter if {@code true}, random jitter is applied to each computed timeout.
+     */
+    public ExponentialBackoffTimeoutStrategy(
+            int maxTimeout,
+            double backoffCoefficient,
+            boolean jitter
+    ) {
+        this.maxTimeout = maxTimeout;
+        this.backoffCoefficient = backoffCoefficient;
+        this.jitter = jitter;
+    }
+
+    /**
+     * Computes the next retry timeout by multiplying {@code currentTimeout} by
+     * {@link #backoffCoefficient}, then capping at {@link #maxTimeout}.
+     * If jitter is enabled, the result is further randomized.
+     *
+     * @param currentTimeout current retry timeout in milliseconds.
+     * @return next retry timeout in milliseconds, capped at {@link #maxTimeout}.
+     */
+    @Override
+    public int next(int currentTimeout) {
+        int jitteredTimeout = jitter ? applyJitter(currentTimeout) : currentTimeout;
+
+        return (int) Math.min((jitteredTimeout * backoffCoefficient), maxTimeout);
+    }
+
+    /**
+     * Applies random jitter to the given timeout value.
+     *
+     * <p>The result is uniformly distributed within {@code [raw / 2, raw * 1.5]},
+     * then capped at {@link #maxTimeout} to ensure the strategy ceiling is never exceeded.
+     *
+     * @param raw computed timeout before jitter, in milliseconds.
+     * @return jittered timeout in milliseconds, capped at {@link #maxTimeout}.
+     */
+    private int applyJitter(int raw) {
+        int lo = raw / 2;
+        int hi = raw + lo;
+
+        return lo + ThreadLocalRandom.current().nextInt(hi - lo + 1);
+    }
+}

modules/core/src/main/java/org/apache/ignite/internal/util/retry/KeyBasedRetryContext.java

@@ -0,0 +1,155 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements. See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License. You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.apache.ignite.internal.util.retry;
+
+import static java.util.Collections.unmodifiableMap;
+import static java.util.Optional.of;
+import static java.util.Optional.ofNullable;
+import static org.apache.ignite.internal.util.retry.TimeoutStrategy.DEFAULT_RETRY_TIMEOUT_MS_MAX;
+
+import java.util.HashMap;
+import java.util.Map;
+import java.util.Optional;
+import java.util.concurrent.ConcurrentHashMap;
+import org.jetbrains.annotations.TestOnly;
+
+/**
+ * A retry context that tracks timeout state independently per key.
+ *
+ * <p>Each key maps to its own {@link TimeoutState}, allowing separate backoff progression
+ * for different retry targets — for example, different replication group IDs or transaction IDs.
+ * State updates are performed atomically per key using {@link ConcurrentHashMap#compute}.
+ *
+ * <p>To prevent unbounded memory growth, the registry is capped at {@link #REGISTRY_SIZE_LIMIT}
+ * entries. Once the limit is reached, untracked keys receive a fixed {@link #fallbackTimeoutState}
+ * that always returns {@link TimeoutStrategy#DEFAULT_RETRY_TIMEOUT_MS_MAX}. The limit is a soft cap and may be
+ * slightly exceeded under concurrent insertions.
+ *
+ * <p>This class is thread-safe.
+ */
+public class KeyBasedRetryContext implements RetryContext {
+    /**
+     * Maximum number of keys tracked in {@link #registry}.
+     * Once the limit is reached, untracked keys receive a fixed {@link #fallbackTimeoutState}.
+     * Can be slightly exceeded under concurrent insertions.
+     */
+    private static final int REGISTRY_SIZE_LIMIT = 1_000;
+
+    /** Strategy used to compute the next timeout from the current one on each advancement. */
+    private final TimeoutStrategy timeoutStrategy;
+
+    /**
+     * Sentinel state returned for keys that cannot be tracked because the registry is full.
+     * Initialized with {@link TimeoutStrategy#DEFAULT_RETRY_TIMEOUT_MS_MAX} and attempt {@code -1}
+     * to distinguish it from legitimately tracked states.
+     */
+    private final TimeoutState fallbackTimeoutState;
+
+    /** Per-key timeout state registry. Keys are typically transaction IDs or replication group IDs. */
+    private final ConcurrentHashMap<String, TimeoutState> registry = new ConcurrentHashMap<>();
+
+    /**
+     * Creates a new context with the given initial timeout and strategy.
+     *
+     * @param timeoutStrategy strategy used to compute subsequent timeout values.
+     */
+    public KeyBasedRetryContext(TimeoutStrategy timeoutStrategy) {
+        this.timeoutStrategy = timeoutStrategy;
+
+        this.fallbackTimeoutState = new TimeoutState(DEFAULT_RETRY_TIMEOUT_MS_MAX, -1);
+    }
+
+    /**
+     * Returns the current {@link TimeoutState} for the given key, if tracked.
+     *
+     * <p>Returns an empty {@link Optional} if the key has no recorded state yet.
+     * If the registry is full and the key is not yet tracked, returns an {@link Optional}
+     * containing a fallback state initialized to {@link TimeoutStrategy#DEFAULT_RETRY_TIMEOUT_MS_MAX}.
+     *
+     * <p>This method does not insert the key into the registry.
+     *
+     * @param key the key to look up, typically a transaction ID or replication group ID.
+     * @return current state for the key, fallback state if registry is full, or empty if not tracked.
+     */
+    @Override
+    public Optional<TimeoutState> getState(String key) {
+        if (!registry.containsKey(key) && registry.size() >= REGISTRY_SIZE_LIMIT) {
+            return of(fallbackTimeoutState);
+        }
+
+        return ofNullable(registry.get(key));
+    }
+
+    /**
+     * Atomically advances the retry state for the given key and returns the updated state.
+     *
+     * <p>The update is performed inside {@link ConcurrentHashMap#compute}, which holds
+     * an exclusive per-key lock for the duration of the lambda, ensuring that
+     * {@link TimeoutState#update(TimeoutStrategy)} is never called concurrently on the same instance.
+     *
+     * <p>When the registry is full, untracked keys receive the maximum timeout.
+     * This acts as implicit backpressure: if enough keys are actively retrying to fill
+     * the registry, the system is under a heavy load and new operations should retry conservatively.
+     *
+     * @param key the key to advance state for, typically a transaction ID or replication group ID.
+     * @return updated {@link TimeoutState} for the key, or {@link #fallbackTimeoutState}
+     *         if the registry is full.
+     */
+    @Override
+    public TimeoutState updateAndGetState(String key) {
+        if (!registry.containsKey(key) && registry.size() >= REGISTRY_SIZE_LIMIT) {
+            return fallbackTimeoutState;
+        }
+
+        return registry.compute(key, (k, state) -> {
+            if (state == null) {
+                state = new TimeoutState();
+            }
+
+            state.update(timeoutStrategy);
+
+            return state;
+        });
+    }
+
+    /**
+     * Removes the retry state for the given key, resetting it as if no retries had occurred.
+     *
+     * @param key the key whose state should be removed.
+     */
+    @Override
+    public void resetState(String key) {
+        registry.remove(key);
+    }
+
+    /**
+     * Returns an unmodifiable snapshot of the current registry contents.
+     *
+     * <p>The snapshot is a point-in-time copy of the registry map. The returned
+     * {@link TimeoutState} values are live references — their internal state may
+     * continue to change concurrently after the snapshot is taken.
+     *
+     * <p>This method is intended for testing only and should not be used in production code.
+     *
+     * @return unmodifiable copy of the current key-to-state mappings.
+     */
+    @TestOnly
+    public Map<String, TimeoutState> snapshot() {
+        return unmodifiableMap(new HashMap<>(registry));
+    }
+}

modules/core/src/main/java/org/apache/ignite/internal/util/retry/NoopTimeoutStrategy.java

@@ -0,0 +1,40 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements. See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License. You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.apache.ignite.internal.util.retry;
+
+/**
+ * A {@link TimeoutStrategy} that returns the current timeout unchanged on every call.
+ *
+ * <p>Useful when retry backoff is not desired — for example, in tests or when a flat
+ * retry interval is intentional. The timeout passed to {@link #next(int)} is returned
+ * as-is, so the retry interval remains constant across all attempts.
+ *
+ * <p>This class is stateless and thread-safe.
+ */
+public class NoopTimeoutStrategy implements TimeoutStrategy {
+    /**
+     * Returns {@code currentTimeout} unchanged.
+     *
+     * @param currentTimeout current retry timeout in milliseconds.
+     * @return the same {@code currentTimeout} value, unmodified.
+     */
+    @Override
+    public int next(int currentTimeout) {
+        return currentTimeout;
+    }
+}