*: support logging session connect attrs to slow query log

[jiong-nba]

What problem does this PR solve?

Issue Number: close #66616

Problem Summary:
In a Kubernetes deployment environment, container IPs change frequently. The current slow query log records only IP information, which is insufficient to trace the real source or application of SQL statements. Recording SESSION_CONNECT_ATTRS in the slow log provides critical client metadata (such as app_name, _os, _client_name, etc.) injected during the connection handshake.

What changed and how does it work?

This PR introduces the feature to inject and log SESSION_CONNECT_ATTRS into the slow query log and exposes them through system tables:

1. Slow Query Log Enhancement:

   • Added a Session_connect_attrs field in JSON format to the slow query file (pkg/sessionctx/variable/slow_log.go).
   • Added a new SESSION_CONNECT_ATTRS JSON column to both the SLOW_QUERY and CLUSTER_SLOW_QUERY system tables (pkg/infoschema/tables.go).
   • Updated the slow log parser to correctly parse and deserialize this JSON field (pkg/executor/slow_query.go).

2. System Variables:

   • Converted performance_schema_session_connect_attrs_size from a noop variable to a functional GLOBAL variable (pkg/sessionctx/variable/sysvar.go), controlling the maximum total byte size of attributes per connection (default: 4096).

3. Status Variables & Truncation Logic:

   • Implemented a two-tier restriction approach during the handshake: a hard limit of 1 MiB to reject unusually large data, and a soft limit driven by performance_schema_session_connect_attrs_size (pkg/server/internal/parse/parse.go).
   • Added two new GLOBAL status variables: Performance_schema_session_connect_attrs_longest_seen and Performance_schema_session_connect_attrs_lost to monitor attribute size and truncation stats.
   • For truncated lists, it cleanly discards exceeded properties and injects _truncated to record discarded bytes.

Check List

Tests

• Unit test
• Integration test
• Manual test (add detailed scripts or steps below)

Environment and connection settings

• TiDB start mode: unistore
• TiDB listen: 127.0.0.1:4000
• TiDB status: 127.0.0.1:10080
• Slow log file: /tmp/tidb-slow-attrs-demo.log
• Client driver: mysql-connector-python 9.6.0
• Client connection config:
  • host: 127.0.0.1
  • port: 4000
  • user: root
  • conn_attrs (normal case): {"app_name":"slowlog_demo","client_case":"attrs_normal"}
  • conn_attrs (truncation case): {"app_name":"slowlog_demo","client_case":"attrs_trunc","extra":"x"*256}

Variables used in test

set global tidb_slow_log_threshold=0;
set global performance_schema_session_connect_attrs_size=65536;
set global performance_schema_session_connect_attrs_size=0;

Test SQL

select /*slowlog_attr_normal*/ 1;
select /*slowlog_attr_trunc*/ 2;

Virtual table query SQL

select query, cast(Session_connect_attrs as char) as Session_connect_attrs
from information_schema.slow_query
where query like 'select /*slowlog_attr_normal*/%' or query like 'select /*slowlog_attr_trunc*/%'
order by time desc;

select query, cast(Session_connect_attrs as char) as Session_connect_attrs
from information_schema.cluster_slow_query
where query like 'select /*slowlog_attr_normal*/%' or query like 'select /*slowlog_attr_trunc*/%'
order by time desc;

Observed output: information_schema.slow_query

+-----------------------------------+--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+
| query                             | Session_connect_attrs                                                                                                                                                                                                                                                    |
+-----------------------------------+--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+
| select /*slowlog_attr_trunc*/ 2;  | {"_truncated": "478"}                                                                                                                                                                                                                                                    |
| select /*slowlog_attr_normal*/ 1; | {"_client_name": "libmysql", "_client_version": "9.6.0", "_connector_license": "GPL-2.0", "_connector_name": "mysql-connector-python", "_connector_version": "9.6.0", "_os": "macos15", "_pid": "46202", "_platform": "arm64", "_source_host": "bogon", "app_name": "slowlog_demo", "client_case": "attrs_normal"} |
+-----------------------------------+--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+

####Observed output: information_schema.cluster_slow_query

+-----------------------------------+--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+
| query                             | Session_connect_attrs                                                                                                                                                                                                                                                    |
+-----------------------------------+--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+
| select /*slowlog_attr_trunc*/ 2;  | {"_truncated": "478"}                                                                                                                                                                                                                                                    |
| select /*slowlog_attr_normal*/ 1; | {"_client_name": "libmysql", "_client_version": "9.6.0", "_connector_license": "GPL-2.0", "_connector_name": "mysql-connector-python", "_connector_version": "9.6.0", "_os": "macos15", "_pid": "46202", "_platform": "arm64", "_source_host": "bogon", "app_name": "slowlog_demo", "client_case": "attrs_normal"} |
+-----------------------------------+--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+

• No need to test

  • I checked and no code files have been changed.

Side effects

• Performance regression: Consumes more CPU
• Performance regression: Consumes more Memory
• Breaking backward compatibility

Documentation

• Affects user behaviors
• Contains syntax changes
• Contains variable changes
• Contains experimental features
• Changes MySQL compatibility

Release note

Please refer to Release Notes Language Style Guide to write a quality release note.

Improve observability of slow queries by logging client connection attributes (Session_connect_attrs) in slow query logs and exposing them in information_schema.slow_query and information_schema.cluster_slow_query; performance_schema_session_connect_attrs_size now controls attribute truncation behavior, with truncated bytes recorded via "_truncated".

Summary by CodeRabbit

• New Features

  • Slow query logs include client session connection attributes as JSON when present; they appear before the SQL/Prev_stmt entries.
  • Added info-schema column exposing these attributes.
  • New global sysvar to configure max connection-attributes size (default 4 KB; hard reject at 1 MB). Oversized payloads may be truncated and marked with a "_truncated" flag; runtime status exposes largest seen and truncated bytes.

• Tests

  • Added unit and integration tests for parsing, truncation, serialization, and slow-query exposure of session attributes.

[pantheon-ai]

Review Complete

Findings: 2 issues
Posted: 2
Duplicates/Skipped: 0

[ti-chi-bot]

[APPROVALNOTIFIER] This PR is NOT APPROVED

This pull-request has been approved by:
Once this PR has been reviewed and has the lgtm label, please assign d3hunter, yudongusa for approval. For more information see the Code Review Process.
Please ensure that each of them provides their approval before proceeding.

The full list of commands accepted by this bot can be found here.

Details

Needs approval from an approver in each of these files:

• OWNERS
• pkg/infoschema/OWNERS
• pkg/sessionctx/vardef/OWNERS
• pkg/sessionctx/variable/OWNERS

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

[pingcap-cla-assistant]

All committers have signed the CLA.

[tiprow]

Hi @jiong-nba. Thanks for your PR.

PRs from untrusted users cannot be marked as trusted with /ok-to-test in this repo meaning untrusted PR authors can never trigger tests themselves. Collaborators can still trigger tests on the PR using /test all.

I understand the commands that are listed here.

Details

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository.

[coderabbitai]

Note

Reviews paused

It looks like this branch is under active development. To avoid overwhelming you with review comments due to an influx of new commits, CodeRabbit has automatically paused this review. You can configure this behavior by changing the reviews.auto_review.auto_pause_after_reviewed_commits setting.

Use the following commands to manage reviews:

• @coderabbitai resume to resume automatic reviews.
• @coderabbitai review to trigger a single review.

Use the checkboxes below for quick actions:

• ▶️ Resume reviews
• 🔍 Trigger review

📝 Walkthrough

Walkthrough

Capture, parse, store, and expose client Session_connect_attrs: handshake decoding with limits/truncation/metrics, new sysvar and status entries, slow-query emission and parsing of Session_connect_attrs, and tests across server, executor, and session packages.

Changes

Cohort / File(s)	Summary
Slow-log model & format pkg/sessionctx/variable/slow_log.go, pkg/infoschema/tables.go	Add SessionConnectAttrs field and SlowLogSessionConnectAttrs constant; emit JSON-encoded Session_connect_attrs row in slow-log output and add corresponding column to information_schema.slow_query.
Slow query parser & executor pkg/executor/.../adapter_slow_log.go, pkg/executor/slow_query.go, pkg/executor/slow_query_test.go, pkg/executor/slow_query_sql_test.go	Populate SessionConnectAttrs when ConnectionInfo present; extend slow-log parser and column-value factory to accept / parse binary-JSON Session_connect_attrs; update and add tests to validate parsing and information_schema exposure.
Handshake parsing & metrics pkg/server/internal/parse/parse.go, pkg/server/conn_test.go, pkg/server/internal/parse/BUILD.bazel	Parse connect-attrs with 1 MiB hard limit, return error on exceed; implement configurable truncation with _truncated marker, whitelist standard underscore-prefixed attrs, update ConnectAttrsLost/LongestSeen metrics, and add unit tests and build deps.
Sysvars, defaults & globals pkg/sessionctx/vardef/tidb_vars.go, pkg/sessionctx/vardef/sysvar.go, pkg/sessionctx/variable/sysvar.go, pkg/sessionctx/variable/statusvar.go, pkg/sessionctx/variable/noop.go	Add DefConnectAttrsSize and atomics ConnectAttrsSize, ConnectAttrsLongestSeen, ConnectAttrsLost; expose performance_schema_session_connect_attrs_size sysvar (get/set); add two status vars for longest_seen and lost; remove noop entry.
Tests & format checks pkg/sessionctx/variable/tests/session_test.go, pkg/server/conn_test.go, pkg/executor/slow_query_*.go	Add tests for handshake attr parsing/truncation, deterministic JSON slow-log emission, and integration tests verifying Session_connect_attrs in slow_query and JSON_EXTRACT queries.

Sequence Diagram(s)

sequenceDiagram
    actor Client
    participant HandshakeParser as Handshake Parser
    participant Validator as Validation & Truncation
    participant SessionCtx as Session Context
    participant SlowLog as Slow Log Emitter
    participant InfoSchema as Slow Query Store

    Client->>HandshakeParser: send handshake with connect attrs
    HandshakeParser->>Validator: pass raw attrs bytes
    rect rgba(220, 180, 120, 0.5)
        alt total size > 1 MiB
            Validator-->>HandshakeParser: return error (hard limit)
            HandshakeParser-->>Client: reject connection
        else within hard limit
            alt exceeds configured ConnectAttrsSize
                Validator->>Validator: truncate accepted attrs, set "_truncated"
                Validator->>SessionCtx: record accepted attrs
                Validator->>SessionCtx: ConnectAttrsLost += truncated_bytes
            else accept all attrs
                Validator->>SessionCtx: store attrs
            end
            alt totalSize < 64 KiB
                Validator->>Validator: update ConnectAttrsLongestSeen
            end
            HandshakeParser-->>Client: handshake OK
        end
    end

    Client->>SlowLog: execute query
    SlowLog->>SessionCtx: read SessionConnectAttrs
    SlowLog->>SlowLog: encode attrs as JSON
    SlowLog->>InfoSchema: write slow log row with Session_connect_attrs

Loading

Estimated code review effort

🎯 4 (Complex) | ⏱️ ~60 minutes

Possibly related PRs

• *: parse and match slow log trigger rules for multi-dimensional triggering (#63132) #66582: Modifies slow-log flow and SlowQueryLogItems similarly (changes in pkg/executor/adapter_slow_log.go and pkg/sessionctx/variable/slow_log.go), likely overlapping area.

Suggested labels

ok-to-test

Suggested reviewers

• wjhuang2016
• yudongusa
• bb7133
• hawkingrei

Poem

🐰 I nibbled handshake crumbs and found a trace,
app_name and OS tucked in tidy place.
If bytes run long, I trim and mark the cost,
I count what's lost, record what's longest seen and not lost.
Slow logs now carry every rabbit's tiny trace.

🚥 Pre-merge checks | ✅ 4 | ❌ 1

❌ Failed checks (1 warning)

Check name	Status	Explanation	Resolution
Docstring Coverage	⚠️ Warning	Docstring coverage is 23.08% which is insufficient. The required threshold is 80.00%.	Write docstrings for the functions missing them to satisfy the coverage threshold.

✅ Passed checks (4 passed)

Check name	Status	Explanation
Title check	✅ Passed	The title '*: support logging session connect attrs to slow query log' clearly and concisely summarizes the main change: adding session connection attributes to slow query logging across the codebase.
Linked Issues check	✅ Passed	The PR fulfills the core objective from issue #66616: it records SESSION_CONNECT_ATTRS in the slow query log to track SQL statement origins in containerized environments where IPs are ephemeral, enabling attribution via app_name and other metadata.
Out of Scope Changes check	✅ Passed	All changes are directly aligned with the stated objective: slow log structure, parsers, system variables, status variables, tests, and infrastructure—all support the feature of logging and exposing session connection attributes.
Description check	✅ Passed	The PR description comprehensively addresses all required template sections: issue reference, problem summary, detailed technical explanation of changes, test checklist with unit and manual tests completed, side effects assessment, documentation impact, and release notes.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Post copyable unit tests in a comment

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[Copilot]

Pull request overview

This PR enhances TiDB’s slow query logging and slow-log system tables by capturing and exposing MySQL client SESSION_CONNECT_ATTRS (connection attributes) to better identify client/application sources in dynamic environments (e.g., Kubernetes).

Changes:

• Add Session_connect_attrs to the slow log output (JSON) and expose it via SLOW_QUERY / CLUSTER_SLOW_QUERY as a JSON column.
• Implement a functional global system variable performance_schema_session_connect_attrs_size plus global status counters to track truncation and largest seen payload.
• Enforce handshake parsing limits (1 MiB hard cap + configurable soft cap) and add tests for truncation/rejection and slow-log parsing/formatting.

Reviewed changes

Copilot reviewed 13 out of 13 changed files in this pull request and generated 2 comments.

Show a summary per file

File	Description
pkg/sessionctx/variable/tests/session_test.go	Adds test assertions for slow log serialization and placement of Session_connect_attrs.
pkg/sessionctx/variable/sysvar.go	Implements performance_schema_session_connect_attrs_size as a real GLOBAL sysvar backed by an atomic.
pkg/sessionctx/variable/statusvar.go	Adds GLOBAL status variables and wires them to atomic counters.
pkg/sessionctx/variable/slow_log.go	Adds Session_connect_attrs slow log field and JSON serialization in slow log formatter.
pkg/sessionctx/variable/noop.go	Removes the previous noop definition of performance_schema_session_connect_attrs_size.
pkg/sessionctx/vardef/tidb_vars.go	Adds defaults and atomic counters for connect-attrs size/metrics.
pkg/sessionctx/vardef/sysvar.go	Adds vardef constant for performance_schema_session_connect_attrs_size.
pkg/server/internal/parse/parse.go	Adds hard/soft limits, truncation accounting, and warning emission during handshake attrs parsing.
pkg/server/conn_test.go	Adds handshake parsing tests for truncation, hard-limit rejection, and longest-seen behavior.
pkg/infoschema/tables.go	Adds JSON column for Session_connect_attrs to slow query system tables.
pkg/executor/slow_query_test.go	Updates expected record strings and adds a parser test for Session_connect_attrs JSON.
pkg/executor/slow_query.go	Parses Session_connect_attrs field and maps it to a JSON datum for system table output.
pkg/executor/adapter_slow_log.go	Plumbs SessionConnectAttrs from SessionVars.ConnectionInfo.Attributes into slow log items.

[coderabbitai]

Actionable comments posted: 3

🧹 Nitpick comments (1)

pkg/server/internal/parse/parse.go (1)

136-141: Add an explicit bounds check before slicing the attrs payload.

Line 140 can still hit panic/recover for malformed packets where declared num is within 1 MiB but exceeds remaining bytes. Prefer returning mysql.ErrMalformPacket directly.

♻️ Proposed hardening

 		if num, null, intOff := util2.ParseLengthEncodedInt(data[offset:]); !null {
 			if num > 1<<20 { // 1 MiB hard limit
 				return errors.New("connection refused: session connection attributes exceed the 1 MiB hard limit")
 			}
 			offset += intOff // Length of variable length encoded integer itself in bytes
+			if int(num) > len(data)-offset {
+				return mysql.ErrMalformPacket
+			}
 			row := data[offset : offset+int(num)]
 			attrs, warning, err := parseAttrs(row)

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In `@pkg/server/internal/parse/parse.go` around lines 136 - 141, The slice
operation at row := data[offset : offset+int(num)] can panic if num exceeds
remaining bytes even when under the 1 MiB limit; before slicing, check that
offset+int(num) <= len(data) and if not return mysql.ErrMalformPacket (or the
package's equivalent) instead of letting a panic occur, preserving existing
behavior for parseAttrs and using the same local symbols (num, offset, intOff,
parseAttrs) to locate and harden the bounds check.

🤖 Prompt for all review comments with AI agents

Verify each finding against the current code and only fix it if needed.

Inline comments:
In `@pkg/executor/slow_query_test.go`:
- Around line 287-341: Add an integration test in slow_query_sql_test.go (e.g.
TestSlowQuerySessionConnectAttrs) that exercises SESSION_CONNECT_ATTRS via SQL:
create a temp slow log file containing the same slowLogStr used in
TestParseSlowLogSessionConnectAttrs, initialize/reload the slow-query retriever
(reuse newSlowQueryRetriever/parseLog or the service initialization path used by
other slow_query_sql tests) so the slow log row is visible to
INFORMATION_SCHEMA.SLOW_QUERY, then run a TestKit query like SELECT
SESSION_CONNECT_ATTRS FROM INFORMATION_SCHEMA.SLOW_QUERY WHERE Digest=... (or
other identifying filter) and assert the returned JSON contains
"_client_name","Go-MySQL-Driver","_os","linux","app_name","test_app"; ensure
cleanup of the temp file and any retriever state.

In `@pkg/server/internal/parse/parse.go`:
- Around line 213-221: Reject or strip any client-supplied "_truncated" connect
attribute when building attrs and only set attrs["_truncated"] internally when
truncated == true; specifically, during attribute parsing/ingestion ensure you
ignore keys equal to "_truncated" (or rename the internal marker to a clearly
reserved constant and remove client-provided values) so that the only time
attrs["_truncated"] appears is when you assign truncatedBytes = totalSize -
acceptedSize and set attrs["_truncated"] = strconv.FormatInt(truncatedBytes, 10)
from the truncation branch (the symbols to locate are attrs, "_truncated",
truncated, truncatedBytes, totalSize, acceptedSize).

In `@pkg/sessionctx/variable/tests/session_test.go`:
- Around line 359-363: The test currently checks that "Session_connect_attrs"
(attrsIdx) appears before the SQL but does not ensure it appears after
"Storage_from_mpp"; update the assertions to locate storageIdx :=
strings.Index(logString, "Storage_from_mpp") and then require that attrsIdx >
storageIdx and attrsIdx < sqlIdx (using attrsIdx, storageIdx, sqlIdx and the
existing logString/sql variables) so the ordering "Storage_from_mpp" ->
"Session_connect_attrs" -> SQL is enforced.

---

Nitpick comments:
In `@pkg/server/internal/parse/parse.go`:
- Around line 136-141: The slice operation at row := data[offset :
offset+int(num)] can panic if num exceeds remaining bytes even when under the 1
MiB limit; before slicing, check that offset+int(num) <= len(data) and if not
return mysql.ErrMalformPacket (or the package's equivalent) instead of letting a
panic occur, preserving existing behavior for parseAttrs and using the same
local symbols (num, offset, intOff, parseAttrs) to locate and harden the bounds
check.

---

ℹ️ Review info

Configuration used: Repository UI

Review profile: CHILL

Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between 986ab4b and 061ceca.

📒 Files selected for processing (13)

• pkg/executor/adapter_slow_log.go
• pkg/executor/slow_query.go
• pkg/executor/slow_query_test.go
• pkg/infoschema/tables.go
• pkg/server/conn_test.go
• pkg/server/internal/parse/parse.go
• pkg/sessionctx/vardef/sysvar.go
• pkg/sessionctx/vardef/tidb_vars.go
• pkg/sessionctx/variable/noop.go
• pkg/sessionctx/variable/slow_log.go
• pkg/sessionctx/variable/statusvar.go
• pkg/sessionctx/variable/sysvar.go
• pkg/sessionctx/variable/tests/session_test.go

💤 Files with no reviewable changes (1)

• pkg/sessionctx/variable/noop.go

[codecov]

Codecov Report

❌ Patch coverage is 4.96454% with 134 lines in your changes missing coverage. Please review.
✅ Project coverage is 77.1013%. Comparing base (21b5bb6) to head (bb0f1a8).
⚠️ Report is 38 commits behind head on master.

Additional details and impacted files

@@               Coverage Diff                @@
##             master     #66617        +/-   ##
================================================
- Coverage   77.6714%   77.1013%   -0.5702%     
================================================
  Files          2008       1929        -79     
  Lines        549230     543840      -5390     
================================================
- Hits         426595     419308      -7287     
- Misses       120964     123964      +3000     
+ Partials       1671        568      -1103     

Flag	Coverage Δ
integration	41.1064% <4.9645%> (-7.0867%)	⬇️

Flags with carried forward coverage won't be shown. Click here to find out more.

Components	Coverage Δ
dumpling	56.7974% <ø> (ø)
parser	∅ <ø> (∅)
br	48.5278% <ø> (-12.3577%)	⬇️

🚀 New features to boost your workflow:

• ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.
• 📦 JS Bundle Analysis: Save yourself from yourself by tracking and limiting bundle sizes in JS merges.

[jiong-nba]

@jiong-nba: The following tests failed, say /retest to rerun all failed tests or /retest-required to rerun all mandatory failed tests:

Test name Commit Details Required Rerun command
pull-build-next-gen 1217fe1 link true /test pull-build-next-gen
idc-jenkins-ci-tidb/build 1217fe1 link true /test build
idc-jenkins-ci-tidb/check_dev 1217fe1 link true /test check-dev
pull-br-integration-test 1217fe1 link true /test pull-br-integration-test
idc-jenkins-ci-tidb/unit-test 1217fe1 link true /test unit-test
pull-unit-test-next-gen 1217fe1 link true /test pull-unit-test-next-gen
Full PR test history. Your PR dashboard.

Details

/retest

[tiprow]

@jiong-nba: PRs from untrusted users cannot be marked as trusted with /ok-to-test in this repo meaning untrusted PR authors can never trigger tests themselves. Collaborators can still trigger tests on the PR using /test.

Details

In response to this:

@jiong-nba: The following tests failed, say /retest to rerun all failed tests or /retest-required to rerun all mandatory failed tests:

Test name Commit Details Required Rerun command
pull-build-next-gen 1217fe1 link true /test pull-build-next-gen
idc-jenkins-ci-tidb/build 1217fe1 link true /test build
idc-jenkins-ci-tidb/check_dev 1217fe1 link true /test check-dev
pull-br-integration-test 1217fe1 link true /test pull-br-integration-test
idc-jenkins-ci-tidb/unit-test 1217fe1 link true /test unit-test
pull-unit-test-next-gen 1217fe1 link true /test pull-unit-test-next-gen
Full PR test history. Your PR dashboard.

Details

/retest

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository.

[jiong-nba]

@jiong-nba: The following tests failed, say /retest to rerun all failed tests or /retest-required to rerun all mandatory failed tests:

Test name Commit Details Required Rerun command
idc-jenkins-ci-tidb/build 1217fe1 link true /test build
pull-build-next-gen 1217fe1 link true /test pull-build-next-gen
idc-jenkins-ci-tidb/check_dev 1217fe1 link true /test check-dev
idc-jenkins-ci-tidb/unit-test 1217fe1 link true /test unit-test
pull-unit-test-next-gen 1217fe1 link true /test pull-unit-test-next-gen
idc-jenkins-ci-tidb/mysql-test 67a951b link true /test mysql-test
Full PR test history. Your PR dashboard.

Details

/retest

[tiprow]

@jiong-nba: PRs from untrusted users cannot be marked as trusted with /ok-to-test in this repo meaning untrusted PR authors can never trigger tests themselves. Collaborators can still trigger tests on the PR using /test.

Details

In response to this:

@jiong-nba: The following tests failed, say /retest to rerun all failed tests or /retest-required to rerun all mandatory failed tests:

Test name Commit Details Required Rerun command
idc-jenkins-ci-tidb/build 1217fe1 link true /test build
pull-build-next-gen 1217fe1 link true /test pull-build-next-gen
idc-jenkins-ci-tidb/check_dev 1217fe1 link true /test check-dev
idc-jenkins-ci-tidb/unit-test 1217fe1 link true /test unit-test
pull-unit-test-next-gen 1217fe1 link true /test pull-unit-test-next-gen
idc-jenkins-ci-tidb/mysql-test 67a951b link true /test mysql-test
Full PR test history. Your PR dashboard.

Details

/retest

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository.

[jiong-nba]

/test all

[tiprow]

@jiong-nba: PRs from untrusted users cannot be marked as trusted with /ok-to-test in this repo meaning untrusted PR authors can never trigger tests themselves. Collaborators can still trigger tests on the PR using /test.

Details

In response to this:

/test all

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository.

[coderabbitai]

Actionable comments posted: 2

🧹 Nitpick comments (2)

pkg/executor/slow_query_sql_test.go (1)

582-588: Avoid direct type assertion for JSON cell extraction in test assertions.

rows[0][0].(string) can panic if result encoding changes. A safer conversion keeps failures assertion-driven.

♻️ Suggested test hardening

-	attrsStr := rows[0][0].(string)
+	attrsStr := fmt.Sprint(rows[0][0])

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In `@pkg/executor/slow_query_sql_test.go` around lines 582 - 588, The test
currently does a direct type assertion rows[0][0].(string) which can panic if
the DB driver returns []byte or another type; change to a safe conversion such
as using fmt.Sprint(rows[0][0]) (or convert []byte with string(...) after
checking type) and assign that to attrsStr before doing require.Contains checks,
and add a require.NotNil(rows[0][0]) at the top to keep failures
assertion-driven; update imports to include fmt if needed and modify the
assertions in the test that reference attrsStr accordingly.

pkg/server/conn_test.go (1)

2439-2447: Strengthen the large-payload assertion to prove truncation actually happened.

This subtest currently validates only ConnectAttrsLongestSeen, which can still pass if attribute parsing falls into the warning/ignore path. Add a direct truncation assertion (_truncated marker or ConnectAttrsLost increment) to pin behavior.

Suggested assertion hardening

 		err = parse.HandshakeResponseBody(context.Background(), &p, data, offset)
 		require.NoError(t, err)

+		_, truncated := p.Attrs["_truncated"]
+		require.True(t, truncated, "expected truncation marker for oversized attrs")
+		require.Equal(t, int64(1), vardef.ConnectAttrsLost.Load())
+
 		// Attrs are truncated (totalSize=70001 > effectiveLimit=65536, because
 		// limit=-1 maps to effectiveLimit=65536 internally), but LongestSeen
 		// should NOT be updated because totalSize >= 64KB.

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In `@pkg/server/conn_test.go` around lines 2439 - 2447, The test only checks
vardef.ConnectAttrsLongestSeen but not that attributes were actually truncated;
after calling parse.HandshakeResponseBody(context.Background(), &p, data,
offset) add an assertion that proves truncation occurred by checking the
explicit truncation signal: either assert the parsed payload's truncation marker
(p.Attrs._truncated or equivalent field on the parsed attrs) is true or assert
vardef.ConnectAttrsLost was incremented as expected (e.g., compared to its prior
value), so the subtest verifies both LongestSeen unchanged and that truncation
actually happened.

🤖 Prompt for all review comments with AI agents

Verify each finding against the current code and only fix it if needed.

Inline comments:
In `@pkg/sessionctx/variable/sysvar.go`:
- Around line 684-693: The sysvar vardef.PerfSchemaSessionConnectAttrsSize lacks
boundary unit tests and SQL integration tests; add unit tests that exercise
SetGlobal/Set logic for values 0 and 65536 (in addition to -1 and small values)
by invoking SetGlobal (which uses TidbOptInt64 and
vardef.ConnectAttrsSize.Store/Load) and asserting the stored value and
truncation/parse behavior, and add integration tests that run SQL like SET
performance_schema_session_connect_attrs_size = <value> and then verify
session-visible behavior (e.g., actual connect attrs size via SELECT or session
variables) to ensure the sysvar plumbing (GetGlobal/SetGlobal) works end-to-end.

---

Nitpick comments:
In `@pkg/executor/slow_query_sql_test.go`:
- Around line 582-588: The test currently does a direct type assertion
rows[0][0].(string) which can panic if the DB driver returns []byte or another
type; change to a safe conversion such as using fmt.Sprint(rows[0][0]) (or
convert []byte with string(...) after checking type) and assign that to attrsStr
before doing require.Contains checks, and add a require.NotNil(rows[0][0]) at
the top to keep failures assertion-driven; update imports to include fmt if
needed and modify the assertions in the test that reference attrsStr
accordingly.

In `@pkg/server/conn_test.go`:
- Around line 2439-2447: The test only checks vardef.ConnectAttrsLongestSeen but
not that attributes were actually truncated; after calling
parse.HandshakeResponseBody(context.Background(), &p, data, offset) add an
assertion that proves truncation occurred by checking the explicit truncation
signal: either assert the parsed payload's truncation marker (p.Attrs._truncated
or equivalent field on the parsed attrs) is true or assert
vardef.ConnectAttrsLost was incremented as expected (e.g., compared to its prior
value), so the subtest verifies both LongestSeen unchanged and that truncation
actually happened.

---

ℹ️ Review info

Configuration used: Repository UI

Review profile: CHILL

Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between 061ceca and 67a951b.

📒 Files selected for processing (14)

• pkg/executor/adapter_slow_log.go
• pkg/executor/slow_query.go
• pkg/executor/slow_query_sql_test.go
• pkg/executor/slow_query_test.go
• pkg/infoschema/tables.go
• pkg/server/conn_test.go
• pkg/server/internal/parse/parse.go
• pkg/sessionctx/vardef/sysvar.go
• pkg/sessionctx/vardef/tidb_vars.go
• pkg/sessionctx/variable/noop.go
• pkg/sessionctx/variable/slow_log.go
• pkg/sessionctx/variable/statusvar.go
• pkg/sessionctx/variable/sysvar.go
• pkg/sessionctx/variable/tests/session_test.go

💤 Files with no reviewable changes (1)

• pkg/sessionctx/variable/noop.go

🚧 Files skipped from review as they are similar to previous changes (8)

• pkg/executor/adapter_slow_log.go
• pkg/executor/slow_query.go
• pkg/sessionctx/variable/tests/session_test.go
• pkg/sessionctx/vardef/tidb_vars.go
• pkg/executor/slow_query_test.go
• pkg/infoschema/tables.go
• pkg/sessionctx/variable/statusvar.go
• pkg/sessionctx/variable/slow_log.go

[jiong-nba]

/test all

[tiprow]

@jiong-nba: PRs from untrusted users cannot be marked as trusted with /ok-to-test in this repo meaning untrusted PR authors can never trigger tests themselves. Collaborators can still trigger tests on the PR using /test.

Details

In response to this:

/test all

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository.

[pantheon-ai]

Review Complete

Findings: 0 issues
Posted: 0
Duplicates/Skipped: 0

_{ℹ️ Learn more details on Pantheon AI.}

[pantheon-ai]

Review Complete

Findings: 0 issues
Posted: 0
Duplicates/Skipped: 0

_{ℹ️ Learn more details on Pantheon AI.}

[pantheon-ai]

✅ Code looks good. No issues found.

[jiong-nba]

/retest

[tiprow]

@jiong-nba: PRs from untrusted users cannot be marked as trusted with /ok-to-test in this repo meaning untrusted PR authors can never trigger tests themselves. Collaborators can still trigger tests on the PR using /test.

Details

In response to this:

/retest

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository.

[yibin87]

Didn't find the rule of this in PM doc, what's the reason for doing this?

[pantheon-ai]

Review Complete

Findings: 1 issues
Posted: 0
Duplicates/Skipped: 1

_{ℹ️ Learn more details on Pantheon AI.}

[D3Hunter]

i think the session_connect_ already have enough info to scope this var, the performance_schema_ part will make this var name too long, have we finalized the design of this varname?

and maybe add max to the name to better reflect its real purpose

[D3Hunter]

such as session_connect_max_attrs_size

[jiong-nba]

This feature is designed for compatibility with MySQL, and therefore uses the same system variable names as MySQL.

[D3Hunter]

AI-generated review based on @D3Hunter's standards; manual review will be performed after all comments are resolved.

Summary

• Total findings: 8
• Inline comments: 8
• Summary-only findings (no inline anchor): 0

Findings (highest risk first)

⚠️ [Major] (4)

1. _truncated key conflates client attributes with TiDB-generated truncation metadata (pkg/server/internal/parse/parse.go:171; pkg/server/internal/parse/parse.go:268)
2. Slow-log emission of connection attributes lacks a slow-log-specific size budget (pkg/executor/adapter_slow_log.go:267; pkg/sessionctx/variable/slow_log.go:560; pkg/sessionctx/variable/sysvar.go:684)
3. parseAttrs now combines protocol decoding, policy enforcement, and global metric mutation (pkg/server/internal/parse/parse.go:184; pkg/server/internal/parse/parse.go:191; pkg/server/internal/parse/parse.go:229; pkg/server/internal/parse/parse.go:245; pkg/server/internal/parse/parse.go:255)
4. User-visible compatibility changes are introduced without upgrade/runbook guidance (pkg/infoschema/tables.go:986; pkg/sessionctx/variable/sysvar.go:684; pkg/server/internal/parse/parse.go:139)

🟡 [Minor] (4)

1. PerfSchema... naming diverges from existing PerformanceSchema... vocabulary (pkg/sessionctx/vardef/sysvar.go:215)
2. parseAttrs warning contract implies singular output but may aggregate multiple warnings (pkg/server/internal/parse/parse.go:184)
3. Session_connect_attrs slow-log fixtures are duplicated across suites (pkg/executor/cluster_table_test.go:400; pkg/infoschema/test/clustertablestest/cluster_tables_test.go:306; pkg/executor/slow_query_sql_test.go:553; pkg/executor/slow_query_test.go:289)
4. Cross-version and failure-path evidence for new handshake attribute behavior is limited (pkg/server/internal/parse/parse.go:143; pkg/server/conn_test.go:2287; pkg/server/internal/parse/parse_test.go:49)

[D3Hunter]

⚠️ [Major] Slow-log emission of connection attributes lacks a slow-log-specific size budget

Why
Each slow statement now serializes connection attributes, but payload size is bounded only by handshake/session attribute limits, not by a dedicated slow-log emission cap.

Scope
pkg/executor/adapter_slow_log.go:267; pkg/sessionctx/variable/slow_log.go:560; pkg/sessionctx/variable/sysvar.go:684

Risk if unchanged
Under high slow-query volume, per-row payload growth can increase slow-log I/O and downstream parse cost (information_schema.slow_query), worsening tail latency and disk pressure during incidents.

Evidence
SetSlowLogItems attaches sessVars.ConnectionInfo.Attributes to each slow-log item; SlowLogFormat JSON-encodes and writes it when non-empty; performance_schema_session_connect_attrs_size allows up to 65536 bytes (-1 normalized to 64KiB in parse logic).

Change request
Add a slow-log-specific emission cap (or dedicated sysvar) for Session_connect_attrs, and expose truncation/drop observability so operators can bound and monitor log amplification.

[jiong-nba]

The maximum value of performance_schema_session_connect_attrs_size is 64 KB, making the associated overhead relatively manageable.

[yibin87]

I think in most cases, the connection attribute will not be very large. However, in extreme cases, 64 KB is indeed significantly larger than the size of all current existing columns, and it has little significance to retain. We can confirm with the PM again whether to adjust it, such as adding a switch for control.

[jiong-nba]

/retest

[tiprow]

@jiong-nba: PRs from untrusted users cannot be marked as trusted with /ok-to-test in this repo meaning untrusted PR authors can never trigger tests themselves. Collaborators can still trigger tests on the PR using /test.

Details

In response to this:

/retest

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository.

[jiong-nba]

/retest

[tiprow]

@jiong-nba: PRs from untrusted users cannot be marked as trusted with /ok-to-test in this repo meaning untrusted PR authors can never trigger tests themselves. Collaborators can still trigger tests on the PR using /test.

Details

In response to this:

/retest

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository.

[ti-chi-bot]

@jiong-nba: The following tests failed, say /retest to rerun all failed tests or /retest-required to rerun all mandatory failed tests:

Test name	Commit	Details	Required	Rerun command
idc-jenkins-ci-tidb/mysql-test	bb0f1a8	link	true	/test mysql-test
pull-unit-test-next-gen	bb0f1a8	link	true	/test pull-unit-test-next-gen
idc-jenkins-ci-tidb/unit-test	bb0f1a8	link	true	/test unit-test

Full PR test history. Your PR dashboard.

Details

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository. I understand the commands that are listed here.