Flash: add MPP sql digest and connection metadata tracing

[JaySon-Huang]

What problem does this PR solve?

Issue Number: ref pingcap/tidb#66762

rely on pingcap/kvproto#1428

Problem Summary:

• MPP task tracing logs miss SQL digest and connection metadata, making it harder to correlate TiDB session/query information during diagnosis.
• Dispatch logs also do not include SQL digest, reducing observability on request ingress.

What is changed and how it works?

Flash: add MPP sql digest logging and update kvproto
Flash: include connection metadata in MPP task tracing logs

• Plumb TaskMeta.sql_digest into DAGContext and expose it via getter.
• Extend MPP tracing JSON (MPPTaskStatistics::logTracingJson) to print sql_digest, connection_id, and connection_alias.
• Extend FlashService::DispatchMPPTask handling log with sql_digest.
• Update contrib/kvproto submodule pointer to include matched proto changes.

Check List

Tests

• Unit test
• Integration test
• Manual test (add detailed scripts or steps below)
• No code

Side effects

• Performance regression: Consumes more CPU
• Performance regression: Consumes more Memory
• Breaking backward compatibility

Documentation

• Affects user behaviors
• Contains syntax changes
• Contains variable changes
• Contains experimental features
• Changes MySQL compatibility

Release note

None

Summary by CodeRabbit

• Chores
  • Enhanced diagnostic logging for distributed query tasks to include SQL and plan digests.
  • Extended task execution tracing to include connection context (ID and alias) and digest fields in traces.
  • Updated a third-party submodule to a newer commit.

[ti-chi-bot]

[APPROVALNOTIFIER] This PR is NOT APPROVED

This pull-request has been approved by:
Once this PR has been reviewed and has the lgtm label, please assign birdstorm for approval. For more information see the Code Review Process.
Please ensure that each of them provides their approval before proceeding.

The full list of commands accepted by this bot can be found here.

Details

Needs approval from an approver in each of these files:

• OWNERS

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

[coderabbitai]

📝 Walkthrough

Walkthrough

Added sql_digest and plan_digest fields to DAGContext, propagated those plus connection_id and connection_alias into MPPTaskStatistics, and updated DispatchMPPTask logging; also advanced the contrib/kvproto submodule pointer.

Changes

Cohort / File(s)	Summary
DAGContext (digests added) dbms/src/Flash/Coprocessor/DAGContext.h, dbms/src/Flash/Coprocessor/DAGContext.cpp	Introduce sql_digest and plan_digest members and accessors; constructor initializes them from task metadata. Minor comment typo fix.
MPP task statistics (propagation + tracing) dbms/src/Flash/Mpp/MPPTaskStatistics.h, dbms/src/Flash/Mpp/MPPTaskStatistics.cpp	Add connection_id, connection_alias, sql_digest, plan_digest members; initialize from DAGContext and include values in tracing JSON/log output.
Logging update dbms/src/Flash/FlashService.cpp	Expand DispatchMPPTask log to include sql_digest and plan_digest from task metadata.
Submodule pointer update contrib/kvproto	Advance submodule commit pointer (no functional/API changes observed).

Estimated code review effort

🎯 3 (Moderate) | ⏱️ ~20 minutes

Suggested labels

approved, lgtm

Suggested reviewers

• windtalker
• gengliqi

Poem

🐰 I hopped through DAGs with a curious twitch,
Collected sql and plan in my tiny stitch,
Carried connection names down the MPP trail,
Logged every crumb in a bright little tale,
🥕 Hooray for traces — a crunchy data nibble!

🚥 Pre-merge checks | ✅ 2 | ❌ 1

❌ Failed checks (1 warning)

Check name	Status	Explanation	Resolution
Docstring Coverage	⚠️ Warning	Docstring coverage is 37.50% which is insufficient. The required threshold is 80.00%.	Write docstrings for the functions missing them to satisfy the coverage threshold.

✅ Passed checks (2 passed)

Check name	Status	Explanation
Title check	✅ Passed	The title 'Flash: add MPP sql digest and connection metadata tracing' clearly and concisely summarizes the main changes, specifying both the component (Flash) and the primary features being added (SQL digest and connection metadata for MPP tracing).
Description check	✅ Passed	The pull request description follows the template structure with all required sections completed: problem statement with issue reference, detailed explanation of changes, commit messages, completed checklist with unit tests marked, and release notes section filled in (None).

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests

📝 Coding Plan

• Generate coding plan for human review comments

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[coderabbitai]

Actionable comments posted: 2

🤖 Prompt for all review comments with AI agents

Verify each finding against the current code and only fix it if needed.

Inline comments:
In `@dbms/src/Flash/Coprocessor/DAGContext.cpp`:
- Around line 107-108: The code incorrectly accesses the protobuf field as a
member (meta_.plan_digest) which doesn't exist; change the reference to use the
protobuf accessor method meta_.plan_digest() (consistent with the existing use
of meta_.sql_digest()) in the DAGContext constructor/initializer to fix the
compile error.

In `@dbms/src/Flash/Mpp/MPPTaskStatistics.cpp`:
- Line 117: The JSON-format string in MPPTaskStatistics.cpp embeds raw values
(connection_alias, sql_digest, plan_digest) directly into tracing logs; before
formatting those fields into the
R"(,"connection_id":{},"connection_alias":"{}","sql_digest":"{}","plan_digest":"{}")"
template (and the similar template at lines 129-132), run each string through a
JSON-escaping helper to sanitize characters like quotes, backslashes, and
control chars. Add or reuse a function such as escapeJsonString/escapeForJson
and apply it to connection_alias, sql_digest, and plan_digest in the code paths
that build the trace message (within the MPPTaskStatistics logging/trace
methods) so the formatted JSON is always escaped correctly.

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: Repository UI

Review profile: CHILL

Plan: Pro

Run ID: fc49a427-f9df-4282-b797-9342b294a9b0

📥 Commits

Reviewing files that changed from the base of the PR and between 090086e and c7a8731.

📒 Files selected for processing (6)

• contrib/kvproto
• dbms/src/Flash/Coprocessor/DAGContext.cpp
• dbms/src/Flash/Coprocessor/DAGContext.h
• dbms/src/Flash/FlashService.cpp
• dbms/src/Flash/Mpp/MPPTaskStatistics.cpp
• dbms/src/Flash/Mpp/MPPTaskStatistics.h

[pantheon-ai]

Review Complete

Findings: 2 issues
Posted: 2
Duplicates/Skipped: 0

_{ℹ️ Learn more details on Pantheon AI.}

[JaySon-Huang]

@windtalker I think only log it in Handling mpp dispatch request is enough?

This is useful to add sql_digest in the final report logging of MPPTaskStatistics.cpp. The MPPTaskStatistics.cpp logging contains rich information, such as how much RU was consumed, which executors were used, and how much data was scanned by the storage layer. We can filter logs containing MPPTaskStatistics.cpp and related information using Loki queries according to our needs.

For example, in the internal case of O11Y-2155585, we can filter the SQLs only with TopN executor that are executed on tiflash by Loki query like

{...", container=~"serverlog.*"} |= `MPPTaskStatistics` |~ `TopN`

and tidb log by Loki query like

{... container=~".*tidb"} |= `local_mpp_coordinator.go` |~ `TopN`

If there are

[2026/03/05 03:19:40.409 +00:00] [INFO] [MPPTaskStatistics.cpp:139] ["{\"query_tso\":464697630464938873,\"task_id\":1,\"is_root\":true,\"sender_executor_id\":\"ExchangeSender_53\",\"executors\":[{\"id\":\"ExchangeSender_53\",\"type\":\"ExchangeSender\",\"children\":[\"TopN_52\"],\"outbound_rows\":500,\"outbound_blocks\":1,\"outbound_bytes\":44960,\"outbound_allocated_bytes\":53248,\"concurrency\":32,\"execution_time_ns\":89997426,\"partition_num\":1,\"sender_target_task_ids\":[-1],\"exchange_type\":\"PassThrough\",\"connection_details\":[{\"tunnel_id\":\"tunnel1+-1\",\"sender_target_task_id\":-1,\"sender_target_host\":\"172.26.26.37:33298\",\"is_local\":false,\"packets\":1,\"bytes\":43054}]},{\"id\":\"Selection_51\",\"type\":\"Selection\",\"children\":[\"TableFullScan_50\"],\"outbound_rows\":608139,\"outbound_blocks\":206,\"outbound_bytes\":52208714,\"outbound_allocated_bytes\":74575488,\"concurrency\":33,\"execution_time_ns\":79997710},{\"id\":\"TableFullScan_50\",\"type\":\"TableScan\",\"children\":[],\"outbound_rows\":1020425,\"outbound_blocks\":206,\"outbound_bytes\":76121302,\"outbound_allocated_bytes\":250056320,\"concurrency\":33,\"execution_time_ns\":79997710,\"connection_details\":[{\"is_local\":true,\"packets\":0,\"bytes\":75914204,\"max\":39.998855,\"min\":29.999141},{\"is_local\":false,\"packets\":1,\"bytes\":137933,\"max\":79.99771,\"min\":79.99771}],\"scan_details\":{\"build_bitmap_time\":\"174.074ms\",\"build_stream_time\":\"177.412ms\",\"create_snapshot_time\":\"0.089ms\",\"delta_bytes\":255338442,\"delta_rows\":243061,\"dmfile_data_scanned_rows\":1634016,\"dmfile_data_skipped_rows\":7913032,\"dmfile_lm_filter_scanned_rows\":1650083,\"dmfile_lm_filter_skipped_rows\":7896965,\"dmfile_mvcc_scanned_rows\":1650083,\"dmfile_mvcc_skipped_rows\":7896965,\"dmfile_read_time\":\"133.610ms\",\"late_materialization_skip_rows\":16067,\"learner_read_time\":\"1.632ms\",\"local_max_stream_cost_ms\":\"39.999ms\",\"local_min_stream_cost_ms\":\"29.999ms\",\"mvcc_input_bytes\":27660819,\"mvcc_input_rows\":1627107,\"mvcc_read_bytes\":30523857,\"mvcc_skip_rows\":515147,\"num_columns\":6,\"num_local_region\":39,\"num_read_tasks\":15,\"num_remote_region\":1,\"num_segments\":15,\"num_stale_read\":0,\"pushdown\":{\"rs_operator\":{\"children\":[{\"op\":\"unsupported\",\"reason\":\"ColumnRef with field type is not supported, sig=EQString field_type=15\"},{\"op\":\"unsupported\",\"reason\":\"ColumnRef with field type is not supported, sig=EQString field_type=15\"},{\"children\":[{\"op\":\"unsupported\",\"reason\":\"ColumnRef with field type is not supported, sig=NEString field_type=15\"},{\"op\":\"unsupported\",\"reason\":\"ColumnRef with field type is not supported, sig=NEString field_type=15\"}],\"op\":\"or\"},{\"col\":\"id\",\"op\":\"greater\",\"value\":\"?\"}],\"op\":\"and\"}},\"query_read_bytes\":106567779,\"read_mode\":\"Bitmap\",\"region_num_of_instance\":[{\"instance_id\":\"db-tiflash-0.db-tiflash-peer.tidb10518506906906971664.svc:3930\",\"region_num\":39}],\"remote_max_stream_cost_ms\":\"79.998ms\",\"remote_min_stream_cost_ms\":\"79.998ms\",\"rs_dmfile_read_with_all\":0,\"rs_pack_filter_all\":0,\"rs_pack_filter_all_null\":0,\"rs_pack_filter_check_time\":\"1.480ms\",\"rs_pack_filter_none\":1008,\"rs_pack_filter_some\":216}},{\"id\":\"TopN_52\",\"type\":\"TopN\",\"children\":[\"Selection_51\"],\"outbound_rows\":500,\"outbound_blocks\":1,\"outbound_bytes\":44960,\"outbound_allocated_bytes\":53248,\"concurrency\":32,\"execution_time_ns\":89997426}],\"host\":\"db-tiflash-0.db-tiflash-peer.tidb10518506906906971664.svc:3930\",\"task_init_timestamp\":1772680780318360000,\"task_start_timestamp\":1772680780321330000,\"task_end_timestamp\":1772680780409195000,\"compile_start_timestamp\":1772680780318604000,\"compile_end_timestamp\":1772680780321318000,\"read_wait_index_start_timestamp\":1772680780320297000,\"read_wait_index_end_timestamp\":1772680780320332000,\"local_input_bytes\":75914204,\"remote_input_bytes\":207098,\"output_bytes\":0,\"status\":\"FINISHED\",\"error_message\":\"\",\"cpu_ru\":13.333333333333334,\"read_ru\":2091.8523559570312,\"memory_peak\":198287670,\"extra_info\":{\"cpu_execute_time_ns\":39998858,\"cpu_pending_time_ns\":0,\"io_execute_time_ns\":0,\"io_pending_time_ns\":0,\"await_time_ns\":79997710,\"wait_for_notify_time_ns\":4209879560}}"] [source="mpp_task_tracing MPP<gather_id:1, query_ts:1772680780316129293, local_query_id:18885517, server_id:1490, start_ts:464697630464938873,task_id:1>"] [thread_id=8526]

[2026/03/05 03:19:40.317 +00:00] [INFO] [local_mpp_coordinator.go:222] ["Dispatch mpp task"] [timestamp=464697630464938873] [ID=1] [QueryTs=1772680780316129293] [LocalQueryId=18885517] [ServerID=1490] [address=db-tiflash-0.db-tiflash-peer.tidb10518506906906971664.svc:3930] [plan="Table(dh_account_basic)->Sel([eq(dh_app_250.dh_account_basic.site_code, 250) eq(dh_app_250.dh_account_basic.register_currency, BRL) or(ne(dh_app_250.dh_account_basic.mtpush_id, ), ne(dh_app_250.dh_account_basic.jg_web_id, ))])->TopN([dh_app_250.dh_account_basic.id],0,500)->Send(-1, )"] [mpp-version=2] [exchange-compression-mode=NONE] [GatherID=1] [resource_group=default]
[2026/03/05 03:19:40.317 +00:00] [INFO] [local_mpp_coordinator.go:222] ["Dispatch mpp task"] [timestamp=464697630464938873] [ID=2] [QueryTs=1772680780316129293] [LocalQueryId=18885517] [ServerID=1490] [address=db-tiflash-3.db-tiflash-peer.tidb10518506906906971664.svc:3930] [plan="Table(dh_account_basic)->Sel([eq(dh_app_250.dh_account_basic.site_code, 250) eq(dh_app_250.dh_account_basic.register_currency, BRL) or(ne(dh_app_250.dh_account_basic.mtpush_id, ), ne(dh_app_250.dh_account_basic.jg_web_id, ))])->TopN([dh_app_250.dh_account_basic.id],0,500)->Send(-1, )"] [mpp-version=2] [exchange-compression-mode=NONE] [GatherID=1] [resource_group=default]
[2026/03/05 03:19:40.317 +00:00] [INFO] [local_mpp_coordinator.go:222] ["Dispatch mpp task"] [timestamp=464697630464938873] [ID=3] [QueryTs=1772680780316129293] [LocalQueryId=18885517] [ServerID=1490] [address=db-tiflash-1.db-tiflash-peer.tidb10518506906906971664.svc:3930] [plan="Table(dh_account_basic)->Sel([eq(dh_app_250.dh_account_basic.site_code, 250) eq(dh_app_250.dh_account_basic.register_currency, BRL) or(ne(dh_app_250.dh_account_basic.mtpush_id, ), ne(dh_app_250.dh_account_basic.jg_web_id, ))])->TopN([dh_app_250.dh_account_basic.id],0,500)->Send(-1, )"] [mpp-version=2] [exchange-compression-mode=NONE] [GatherID=1] [resource_group=default]
[2026/03/05 03:19:40.317 +00:00] [INFO] [local_mpp_coordinator.go:222] ["Dispatch mpp task"] [timestamp=464697630464938873] [ID=4] [QueryTs=1772680780316129293] [LocalQueryId=18885517] [ServerID=1490] [address=db-tiflash-2.db-tiflash-peer.tidb10518506906906971664.svc:3930] [plan="Table(dh_account_basic)->Sel([eq(dh_app_250.dh_account_basic.site_code, 250) eq(dh_app_250.dh_account_basic.register_currency, BRL) or(ne(dh_app_250.dh_account_basic.mtpush_id, ), ne(dh_app_250.dh_account_basic.jg_web_id, ))])->TopN([dh_app_250.dh_account_basic.id],0,500)->Send(-1, )"] [mpp-version=2] [exchange-compression-mode=NONE] [GatherID=1] [resource_group=default]

[JaySon-Huang]

If we log down the sql_digest in MPPTaskStatistics.cpp, then we can

1. use loki filter as follow and directly collect the sql_digest from the returned rows

 |= `MPPTaskStatistics` |~ `TopN`

If we only log down the sql_digest in Handling mpp dispatch request, then we have to

1. filter logging with "MPPTaskStatistics.cpp" and "TopN", then collect start_ts
2. filter the logging with "Handling mpp dispatch request" and the collected start_ts, then collect the "sql_digest" values.

[ti-chi-bot]

[FORMAT CHECKER NOTIFICATION]

Notice: To remove the do-not-merge/needs-linked-issue label, please provide the linked issue number on one line in the PR body, for example: Issue Number: close #123 or Issue Number: ref #456.

_{📖 For more info, you can check the "Contribute Code" section in the development guide.}

[coderabbitai]

♻️ Duplicate comments (1)

dbms/src/Flash/Mpp/MPPTaskStatistics.cpp (1)

117-117: ⚠️ Potential issue | 🟠 Major

Escape string fields before embedding them into JSON tracing logs.

Line 117 and Line 130-Line 132 still inject raw string values into JSON. Unescaped quotes/backslashes/control chars (especially in connection_alias) can break JSON and enable log-injection style corruption.

Also applies to: 129-132

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In `@dbms/src/Flash/Mpp/MPPTaskStatistics.cpp` at line 117, The JSON trace format
string currently injects raw string fields (see the
R"(,"connection_id":{},"connection_alias":"{}","sql_digest":"{}","plan_digest":"{}")"
literal in MPPTaskStatistics.cpp) which can break JSON or permit log injection;
escape/encode connection_alias, sql_digest and plan_digest before formatting
into this JSON (e.g. call a JSON-string-escaping utility like escapeJSONString
or toJsonString for those values inside the function/method that builds the
trace string in class MPPTaskStatistics/related logging routine) so quotes,
backslashes and control characters are properly backslash-escaped and then use
the escaped values when populating the format string.

🤖 Prompt for all review comments with AI agents

Verify each finding against the current code and only fix it if needed.

Duplicate comments:
In `@dbms/src/Flash/Mpp/MPPTaskStatistics.cpp`:
- Line 117: The JSON trace format string currently injects raw string fields
(see the
R"(,"connection_id":{},"connection_alias":"{}","sql_digest":"{}","plan_digest":"{}")"
literal in MPPTaskStatistics.cpp) which can break JSON or permit log injection;
escape/encode connection_alias, sql_digest and plan_digest before formatting
into this JSON (e.g. call a JSON-string-escaping utility like escapeJSONString
or toJsonString for those values inside the function/method that builds the
trace string in class MPPTaskStatistics/related logging routine) so quotes,
backslashes and control characters are properly backslash-escaped and then use
the escaped values when populating the format string.

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: Repository UI

Review profile: CHILL

Plan: Pro

Run ID: 3bc2a7db-9645-4e69-bd5b-eca034d3f7d9

📥 Commits

Reviewing files that changed from the base of the PR and between c7a8731 and 3a815d2.

📒 Files selected for processing (6)

• contrib/kvproto
• dbms/src/Flash/Coprocessor/DAGContext.cpp
• dbms/src/Flash/Coprocessor/DAGContext.h
• dbms/src/Flash/FlashService.cpp
• dbms/src/Flash/Mpp/MPPTaskStatistics.cpp
• dbms/src/Flash/Mpp/MPPTaskStatistics.h

🚧 Files skipped from review as they are similar to previous changes (3)

• contrib/kvproto
• dbms/src/Flash/Mpp/MPPTaskStatistics.h
• dbms/src/Flash/Coprocessor/DAGContext.cpp

[pantheon-ai]

[P0] Unbounded sql_digest accepted from gRPC can cause OOM/disk-fill DoS

Why: sql_digest is accepted from gRPC without any length or format validation and is logged at INFO level before security checks (checkGrpcContext at line 504). With gRPC max receive size set to unlimited (SetMaxReceiveMessageSize(-1) in FlashGrpcServerHolder.cpp:172), a single malicious request can force very large allocations and log writes, potentially OOM-crashing the TiFlash process or rapidly consuming disk space.

Evidence:

• Untrusted input logged before security check: FlashService.cpp:488-503
• Copied into DAGContext without validation: DAGContext.cpp:107 (sql_digest(meta_.sql_digest()))
• Unlimited gRPC receive size: FlashGrpcServerHolder.cpp:172
• Default bind on all interfaces: 0.0.0.0:3930

Fix: Enforce max size (e.g., 128 bytes) and expected pattern (fixed hex digest length) on sql_digest before storing/logging. Truncate or hash if oversized.

[pantheon-ai]

[P2] JSON tracing log builds JSON without escaping user-controlled fields

Why: logTracingJson() constructs JSON using fmt::format and interpolates connection_alias and sql_digest as raw strings (\"{}\"). If these fields contain quotes, backslashes, or control characters, the emitted JSON becomes invalid, breaking downstream log parsers and ETL pipelines that expect valid JSON.

Evidence:

• Line 116: R\"(,\"connection_id\":{},\"connection_alias\":\"{}\",\"sql_digest\":\"{}\")\" with raw string interpolation
• Fields sourced from protobuf without sanitization: DAGContext.cpp:84-107

Fix: JSON-escape connection_alias, sql_digest, and other string fields (e.g., error_message, status) before interpolation, or use a proper JSON serialization library instead of manual string formatting.