Skip to content

Optimize column_encryption_policy checks in recv_results_rows#630

Open
mykaul wants to merge 6 commits intoscylladb:masterfrom
mykaul:remove_enc_cols
Open

Optimize column_encryption_policy checks in recv_results_rows#630
mykaul wants to merge 6 commits intoscylladb:masterfrom
mykaul:remove_enc_cols

Conversation

@mykaul
Copy link

@mykaul mykaul commented Dec 25, 2025

There's no point in checking a global policy for every single value decoding, not for every row decoded.

Adjusted the code to only check it once per recv_results_rows() call - decode_row() should be defined either as is today with column_encryption_policy enabled,
or much simpler without all those extra checks.

Added a unit test from CoPilot.

Fixes: #582

Pre-review checklist

  • I have split my patch into logically separate commits.
  • All commit messages clearly explain what they change and why.
  • I added relevant tests for new features and bug fixes.
  • All commits compile, pass static checks and pass test.
  • PR description sums up the changes and reasons why they should be introduced.
  • I have provided docstrings for the public items that I want to introduce.
  • I have adjusted the documentation in ./docs/source/.
  • I added appropriate Fixes: annotations to PR description.

@mykaul
Copy link
Author

mykaul commented Dec 25, 2025

CI failure is unrelated, and I've seen it happening on too many PRs already :-/

@dkropachev dkropachev mentioned this pull request Dec 29, 2025
Open
dkropachev
dkropachev requested changes Dec 29, 2025
View reviewed changes
tests/unit/test_protocol_decode_optimization.py Outdated
from cassandra.protocol import ResultMessage, RESULT_KIND_ROWS


class DecodeOptimizationTest(unittest.TestCase):
Copy link
Collaborator

@dkropachev dkropachev Dec 29, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Could you please move this class to tests/unit/test_protocol.py and rename it to ResultTest

Copy link
Author

@mykaul mykaul Jan 5, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Done in 76c09ae

tests/unit/test_protocol_decode_optimization.py Outdated
Comment on lines 154 to 155
if __name__ == '__main__':
unittest.main()
Copy link
Collaborator

@dkropachev dkropachev Dec 29, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Please drop it.

Copy link
Author

@mykaul mykaul Jan 5, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Done in 76c09ae

@mykaul mykaul force-pushed the remove_enc_cols branch 2 times, most recently from 3a9031e to ad8b6f9 Compare January 5, 2026 08:01
dkropachev
dkropachev requested changes Jan 5, 2026
View reviewed changes
Copy link
Collaborator

@dkropachev dkropachev left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

numpy_parser.pyx, parsing.pyx also needs to be fixed

@mykaul
Copy link
Author

mykaul commented Jan 6, 2026

numpy_parser.pyx, parsing.pyx also needs to be fixed

It wasn't clear to me what needs to fixing there:
numpy - it doesn't use/call column_encryption
parsing.pyx - there's just 'not implemented' functions there.

@dkropachev
Copy link
Collaborator

dkropachev commented Jan 6, 2026

numpy_parser.pyx, parsing.pyx also needs to be fixed

It wasn't clear to me what needs to fixing there: numpy - it doesn't use/call column_encryption parsing.pyx - there's just 'not implemented' functions there.

Instead of changing only TupleRowParser class you need to do similar changes to ColumnParser and RowParser and all their implementations: ListParser, LazyParser and NumpyParser, you will discover that NumpyParser disregards column_encryption_policy which means that it does not work properly when when columns are encrypted, have a plug there that throwing NotImplementedError.
In total all Parser implementation classes should contain implementations for:

    cpdef parse_plain_rows(self, BytesIOReader reader, ParseDesc desc)

    cpdef parse_enc_rows(self, BytesIOReader reader, ParseDesc desc)

While Abstract classes:

cdef class ColumnParser:
    cpdef parse_rows(self, BytesIOReader reader, ParseDesc desc):
        if desc.column_encryption_policy:
            return self.unpack_enc_row(reader, desc)
        return self.unpack_plain_row(reader, desc)

    cpdef parse_plain_rows(self, BytesIOReader reader, ParseDesc desc)

    cpdef parse_enc_rows(self, BytesIOReader reader, ParseDesc desc)

@mykaul
Copy link
Author

mykaul commented Jan 6, 2026
edited
Loading

numpy_parser.pyx, parsing.pyx also needs to be fixed

It wasn't clear to me what needs to fixing there: numpy - it doesn't use/call column_encryption parsing.pyx - there's just 'not implemented' functions there.

Instead of changing only TupleRowParser class you need to do similar changes to ColumnParser and RowParser and all their implementations: ListParser, LazyParser and NumpyParser, you will discover that NumpyParser disregards column_encryption_policy which means that it does not work properly when when columns are encrypted, have a plug there that throwing NotImplementedError. In total all Parser implementation classes should contain implementations for:

Let me see if I understand this:

  • TupleRowParser - Implemented unpack_ce_row() and unpack_row()
  • ColumnParser - its parse_rows() creates a TupleRowParser object - and then I call its unpack_ce_row() / unpack_row()
  • RowParser- its unpack_row() is raising NotImplementedError - I'm not sure I should change this in this PR?
  • ListParser - its parse_rows() creates a TupleRowParser object - and then I call its unpack_ce_row() / unpack_row()
  • LazyParser - its parse_rows() calls parse_rows_lazy() - which creates a TupleRowParser object - and then I call its unpack_ce_row() / unpack_row()
  • NumpyParser its parse_rows() calls its _parse_rows() which completely ignores encryption and calls unpack_row() - but I have no idea where it's implemented. BUT - I'm not introducing a regression here, no?
  • BoundStatement.bind() - added in the last commit in the series.

Is that an accurate representation?

    cpdef parse_plain_rows(self, BytesIOReader reader, ParseDesc desc)

    cpdef parse_enc_rows(self, BytesIOReader reader, ParseDesc desc)

I'm not sure I understand the interaction between Python and Cython - I was not going to change the interfaces whatsoever.

While Abstract classes:

cdef class ColumnParser:
    cpdef parse_rows(self, BytesIOReader reader, ParseDesc desc):
        if desc.column_encryption_policy:
            return self.unpack_enc_row(reader, desc)
        return self.unpack_plain_row(reader, desc)

    cpdef parse_plain_rows(self, BytesIOReader reader, ParseDesc desc)

    cpdef parse_enc_rows(self, BytesIOReader reader, ParseDesc desc)

You raise a good point about the names of the functions - that can clearly be more clear with 'plain' and 'encrypted' in them! I'll fix that.

mykaul added 5 commits January 27, 2026 17:46
@mykaul
Optimize column_encryption_policy checks in recv_results_rows
78e4afa 
There's no point in checking a global policy for every single value decoding, not for every row decoded.

Adjusted the code to only check it once per recv_results_rows() call -
decode_row() should be defined either as is today with column_encryption_policy enabled,
 or much simpler without all those extra checks.

Added a unit test from CoPilot.

Fixes: scylladb#582
Signed-off-by: Yaniv Kaul <yaniv.kaul@scylladb.com>
@mykaul
(improvement)Optimize column_encryption_policy checks in Cython's unp…
44574c6 
…ack_row() function

Very similar to the native Python code, separate the two cases, if column encryption (CE) policy
is not enabled, the code is substantially simplified. If it is, it's slightly more elaborate.

Decided to have two loops in two functions, one for each case, for performance reasons, even if readability-wise it's
not as great. AI agreed with me:
Recommendation: Keep it as is. In high-performance Cython code like this, duplicating a small block of code

Fixes: scylladb#639
Signed-off-by: Yaniv Kaul <yaniv.kaul@scylladb.com>
@mykaul
(improvement)Optimize column_encryption_policy checks: tests
bb07e9b 
Add tests, respond to review feedback on added tests.

Signed-off-by: Yaniv Kaul <yaniv.kaul@scylladb.com>
@mykaul
query: split Column Encryption in the bind path
d67815c 
Split BoundStatement.bind() into CE and non-CE loops to avoid per-value CE checks when no policy is configured.

In the CE loop, use a single uses_ce branch to select type serialization and optional encryption for each column.

Signed-off-by: Yaniv Kaul <yaniv.kaul@scylladb.com>
@mykaul
Renamed unpack_row() -> unpack_plain_row(), unpack_ce_row() -> unpack…
d87f917 
…_col_encrypted_row()

Per review comments.

Signed-off-by: Yaniv Kaul <yaniv.kaul@scylladb.com>
@mykaul
Copy link
Author

mykaul commented Jan 27, 2026

You raise a good point about the names of the functions - that can clearly be more clear with 'plain' and 'encrypted' in them! I'll fix that.

Done in latest commit. I think it's ready for re-review.

@mykaul
Copy link
Author

mykaul commented Jan 27, 2026

CI failure seems like known issue #446

@mykaul
(improvement) extract the try/except clause so it won't be per every row
4f3c748 
Instead, do it outside the loop.

Signed-off-by: Yaniv Kaul <yaniv.kaul@scylladb.com>
@mykaul mykaul mentioned this pull request Feb 1, 2026
Closed
8 tasks
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@dkropachev dkropachev dkropachev requested changes

Requested changes must be addressed to merge this pull request.

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

column_encryption_policy is checked in reading every single value in decode_val()

2 participants

@mykaul @dkropachev