From d484a269ca2512d1a7cfc4c5bab8dda9aa9bfbbc Mon Sep 17 00:00:00 2001 From: xuchenhao <419062425@qq.com> Date: Mon, 23 Mar 2026 10:18:41 +0800 Subject: [PATCH] [docs](cache) add docs for file cache admission control --- docs/lakehouse/data-cache.md | 118 ++++++++++++++++++ .../current/lakehouse/data-cache.md | 118 ++++++++++++++++++ .../version-4.x/lakehouse/data-cache.md | 118 ++++++++++++++++++ .../version-4.x/lakehouse/data-cache.md | 118 ++++++++++++++++++ 4 files changed, 472 insertions(+) diff --git a/docs/lakehouse/data-cache.md b/docs/lakehouse/data-cache.md index 2599d01d95e7f..cbd81081bb106 100644 --- a/docs/lakehouse/data-cache.md +++ b/docs/lakehouse/data-cache.md @@ -230,6 +230,124 @@ Field explanations: * ScanBytesFromRemoteStorage: Amount of data scanned and read from remote storage. * BytesWriteIntoCache: Amount of data written to Data Cache during this warmup. +## Cache Admission Control + +The cache admission control feature is disabled by default and needs to be enabled by setting relevant parameters in FE. + +### FE Configuration + +First, configure the cache admission rule information in `fe.conf` and restart the FE node to make the configuration effective. + +| Parameter | Required | Description | +| ----------------------------------------------- | -------- |-------------------------------------------| +| `enable_file_cache_admission_control` | Yes | Whether to enable cache admission control, default is false. | +| `file_cache_admission_control_json_dir` | Yes | The directory path for storing admission rules JSON files. All `.json` files in this directory will be automatically loaded, and any modifications will take effect dynamically. | + +### JSON File Format +#### Field Description +| Field Name | Type | Description | Example | +|--------|------|-------------------------------|-----------------------| +| `id` | Long | Rule ID | `1` | +| `user_identity` | String | User identity (format: user@host, e.g., `%` matches all IPs), empty means matching all users | `"user@%"` | +| `catalog_name` | String | Catalog name, empty means matching all catalogs | `"catalog"` | +| `database_name` | String | Database name, empty means matching all databases | `"database"` | +| `table_name` | String | Table name, empty means matching all tables | `"table"` | +| `partition_pattern` | String | (Not implemented yet) Partition regular expression, empty means matching all partitions | | +| `rule_type` | Integer | Rule type: 0 - Deny cache, 1 - Allow cache | `0` | +| `enabled` | Boolean | Whether enabled: 0 - Disabled, 1 - Enabled | `1` | +| `created_time` | Long | Creation time (UNIX timestamp, seconds) | `1766557246` | +| `updated_time` | Long | Update time (UNIX timestamp, seconds) | `1766557246` | + +#### JSON File Example +```json +[ + { + "id": 1, + "user_identity": "user@%", + "catalog_name": "catalog", + "database_name": "database", + "table_name": "table", + "partition_pattern": "", + "rule_type": 0, + "enabled": 1, + "created_time": 1766557246, + "updated_time": 1766557246 + }, + { + "id": 2, + "user_identity": "", + "catalog_name": "catalog", + "database_name": "", + "table_name": "", + "partition_pattern": "", + "rule_type": 1, + "enabled": 1, + "created_time": 1766557246, + "updated_time": 1766557246 + } +] +``` +#### Import Rules from MySQL +An auxiliary script is provided in the `tools/export_mysql_rule_to_json.sh` path of the Doris source code repository to export cache admission rules already stored in a MySQL database into a JSON configuration file that complies with the above format. + +### Rule Matching +#### Rule Scope Combinations +| user_identity | catalog_name | database_name | table_name | Rule Type | +|---------------|--------------|---------------|------------|------------------| +| Not empty | Empty | Empty | Empty | Global rule for specified user | +| Not empty | Not empty | Empty | Empty | Catalog-level rule for specified user | +| Not empty | Not empty | Not empty | Empty | Database-level rule for specified user | +| Not empty | Not empty | Not empty | Not empty | Table-level rule for specified user | +| Empty | Not empty | Empty | Empty | Catalog-level rule for all users | +| Empty | Not empty | Not empty | Empty | Database-level rule for all users | +| Empty | Not empty | Not empty | Not empty | Table-level rule for all users | + +Description: +- "Empty" means the field is an empty string ("") or omitted in JSON (effect is the same as empty). +- "Not empty" means the field must be a explicitly specified string (e.g., "catalog"). + +The above seven combinations of fields constitute all valid rules. Any rules that do not comply with the hierarchical dependency are considered invalid, for example: Database is specified but Catalog is empty, or Table is specified but Database is empty. + +#### Matching Principles +- **Exact Match First**: Match in order from specific to abstract by hierarchy (Table → Database → Catalog → Global), prioritizing the most precise rule level. +- **Security First**: Deny cache rules (blacklist) always take precedence over allow cache rules (whitelist) during matching, ensuring that decisions to deny access at the same level are identified first. +#### Matching Order +```text +1. Table-level rule + a) Blacklist rule (rule_type=0) + b) Whitelist rule (rule_type=1) +2. Database-level rule + a) Blacklist rule + b) Whitelist rule +3. Catalog-level rule + a) Blacklist rule + b) Whitelist rule +4. Global rule (user_identity is empty) + a) Blacklist rule + b) Whitelist rule +5. Default rule (If no rules match, caching is denied by default, equivalent to a blacklist) +``` +### Display of Cache Decision +You can view the cache admission decision details of a table via the `EXPLAIN` command, including: decision result, decision basis, and decision time cost. +```text +| 0:VHIVE_SCAN_NODE(74) | +| table: test_file_cache_features.tpch1_parquet.lineitem | +| inputSplitNum=10, totalFileSize=205792918, scanRanges=10 | +| partition=1/1 | +| cardinality=1469949, numNodes=1 | +| pushdown agg=NONE | +| file cache request ADMITTED: user_identity:root@%, reason:user table-level whitelist rule, cost:0.058215 ms | +| limit: 1 | +``` +Output field description: +- ADMITTED: Cache request is admitted (DENIED means rejected) +- user_identity: The user executing the query +- reason: The decision reason for hitting the rule. Common values include: + - user table-level whitelist rule: Table-level whitelist rule for specified user (current example) + - common table-level blacklist rule: Table-level blacklist rule for all users + - Other similar rules, format: [scope] [rule level] [rule type] rule +- cost: Time cost of the decision process (milliseconds) + ## Appendix ### Principle diff --git a/i18n/zh-CN/docusaurus-plugin-content-docs/current/lakehouse/data-cache.md b/i18n/zh-CN/docusaurus-plugin-content-docs/current/lakehouse/data-cache.md index 9582364896a94..dad16c93895d0 100644 --- a/i18n/zh-CN/docusaurus-plugin-content-docs/current/lakehouse/data-cache.md +++ b/i18n/zh-CN/docusaurus-plugin-content-docs/current/lakehouse/data-cache.md @@ -230,6 +230,124 @@ FROM * ScanBytesFromRemoteStorage:从远端存储扫描读取的数据量。 * BytesWriteIntoCache:本次预热写入 Data Cache 的数据量。 +## 缓存准入控制 + +缓存准入控制功能是默认关闭的,需要在 FE 中设置相关参数进行开启。 + +### FE 配置 + +首先,需要在 `fe.conf` 中配置缓存准入规则信息,并重启 FE 节点让配置生效。 + +| 参数 | 必选项 | 说明 | +| ----------------------------------------------- | ------ |-------------------------------------| +| `enable_file_cache_admission_control` | 是 | 是否启用缓存准入控制,默认 false。 | +| `file_cache_admission_control_json_dir` | 是 | 存储缓存准入规则 JSON 文件的目录路径。该目录下的所有 `.json` 文件都会被自动加载并监听修改,动态生效。 | + +### JSON 文件格式 +#### 字段说明 +| 字段名 | 类型 | 说明 | 示例 | +|--------|------|-------------------------------|-----------------------| +| `id` | 长整型 | 规则ID | `1` | +| `user_identity` | 字符串 | 用户标识(格式:user@host,其中 `%` 表示匹配所有IP),为空表示匹配所有用户 | `"user@%"` | +| `catalog_name` | 字符串 | 目录名,为空表示匹配所有目录 | `"catalog"` | +| `database_name` | 字符串 | 数据库名,为空表示匹配所有数据库 | `"database"` | +| `table_name` | 字符串 | 表名,为空表示匹配所有表 | `"table"` | +| `partition_pattern` | 字符串 | (功能暂未实现) 分区正则表达式,为空表示匹配所有分区 | | +| `rule_type` | 整型 | 规则类型:0-禁止缓存,1-允许缓存 | `0` | +| `enabled` | 布尔类型 | 是否启用:0-停用,1-启用 | `1` | +| `created_time` | 长整型 | 创建时间(UNIX时间戳,秒) | `1766557246` | +| `updated_time` | 长整型 | 更新时间(UNIX时间戳,秒) | `1766557246` | + +#### JSON 文件样例 +```json +[ + { + "id": 1, + "user_identity": "user@%", + "catalog_name": "catalog", + "database_name": "database", + "table_name": "table", + "partition_pattern": "", + "rule_type": 0, + "enabled": 1, + "created_time": 1766557246, + "updated_time": 1766557246 + }, + { + "id": 2, + "user_identity": "", + "catalog_name": "catalog", + "database_name": "", + "table_name": "", + "partition_pattern": "", + "rule_type": 1, + "enabled": 1, + "created_time": 1766557246, + "updated_time": 1766557246 + } +] +``` +#### 从 MySQL 导入规则 +在 Doris 源码库的 `tools/export_mysql_rule_to_json.sh` 路径下提供了辅助脚本,可将已存储在 MySQL 数据库中的缓存准入规则导出为符合上述格式的 JSON 配置文件。 + +### 规则匹配 +#### 规则作用域组合 +| user_identity | catalog_name | database_name | table_name | 规则类型 | +|---------------|--------------|---------------|------------|------------------| +| 非空 | 空 | 空 | 空 | 指定用户全局规则 | +| 非空 | 非空 | 空 | 空 | 指定用户catalog级规则 | +| 非空 | 非空 | 非空 | 空 | 指定用户database库级规则 | +| 非空 | 非空 | 非空 | 非空 | 指定用户table级规则 | +| 空 | 非空 | 空 | 空 | 全体用户catalog级规则 | +| 空 | 非空 | 非空 | 空 | 全体用户database级规则 | +| 空 | 非空 | 非空 | 非空 | 全体用户Table级规则 | + +说明: +- “空”表示该字段在 JSON 中为空字符串 ("") 或省略(效果等同为空)。 +- “非空”表示该字段必须为明确指定的字符串(如 "catalog")。 + +以上七种字段组合构成了所有有效规则。任何不符合层级依赖关系的规则均视为无效,例如:指定了 Database 但 Catalog 为空,或指定了 Table 但 Database 为空。 + +#### 匹配原则 +- **精确优先原则**:按层级从具体到抽象的顺序匹配(Table → Database → Catalog → 全局),优先匹配最精确的规则层级。 +- **安全优先原则**:禁止缓存规则(黑名单)始终优先于允许缓存规则(白名单)进行匹配,确保同层级拒绝访问的决策最先被识别。 +#### 匹配顺序 +```text +1. Table级规则 + a) 黑名单规则 (rule_type=0) + b) 白名单规则 (rule_type=1) +2. Database级规则 + a) 黑名单规则 + b) 白名单规则 +3. Catalog级规则 + a) 黑名单规则 + b) 白名单规则 +4. 全局规则 (user_identity为空) + a) 黑名单规则 + b) 白名单规则 +5. 默认规则 (如果所有规则都不匹配,则默认拒绝缓存,等同于黑名单) +``` +### 缓存决策展示 +可以通过 `EXPLAIN` 命令查看某张表的缓存准入决策详情,包括:决策结果、决策依据以及决策耗时。 +```text +| 0:VHIVE_SCAN_NODE(74) | +| table: test_file_cache_features.tpch1_parquet.lineitem | +| inputSplitNum=10, totalFileSize=205792918, scanRanges=10 | +| partition=1/1 | +| cardinality=1469949, numNodes=1 | +| pushdown agg=NONE | +| file cache request ADMITTED: user_identity:root@%, reason:user table-level whitelist rule, cost:0.058215 ms | +| limit: 1 | +``` +输出字段说明: +- ADMITTED:缓存请求已准入(若为 DENIED 则表示被拒绝) +- user_identity:执行查询的用户 +- reason:命中规则的决策原因。常见值包括: + - user table-level whitelist rule:指定用户Table级白名单规则(当前示例) + - common table-level blacklist rule:全体用户Table级黑名单规则 + - 其他类似规则,格式为:[作用范围] [规则层级] [规则类型] rule +- cost:决策过程耗时(毫秒) + ## 附录 ### 原理 diff --git a/i18n/zh-CN/docusaurus-plugin-content-docs/version-4.x/lakehouse/data-cache.md b/i18n/zh-CN/docusaurus-plugin-content-docs/version-4.x/lakehouse/data-cache.md index 9582364896a94..dad16c93895d0 100644 --- a/i18n/zh-CN/docusaurus-plugin-content-docs/version-4.x/lakehouse/data-cache.md +++ b/i18n/zh-CN/docusaurus-plugin-content-docs/version-4.x/lakehouse/data-cache.md @@ -230,6 +230,124 @@ FROM * ScanBytesFromRemoteStorage:从远端存储扫描读取的数据量。 * BytesWriteIntoCache:本次预热写入 Data Cache 的数据量。 +## 缓存准入控制 + +缓存准入控制功能是默认关闭的,需要在 FE 中设置相关参数进行开启。 + +### FE 配置 + +首先,需要在 `fe.conf` 中配置缓存准入规则信息,并重启 FE 节点让配置生效。 + +| 参数 | 必选项 | 说明 | +| ----------------------------------------------- | ------ |-------------------------------------| +| `enable_file_cache_admission_control` | 是 | 是否启用缓存准入控制,默认 false。 | +| `file_cache_admission_control_json_dir` | 是 | 存储缓存准入规则 JSON 文件的目录路径。该目录下的所有 `.json` 文件都会被自动加载并监听修改,动态生效。 | + +### JSON 文件格式 +#### 字段说明 +| 字段名 | 类型 | 说明 | 示例 | +|--------|------|-------------------------------|-----------------------| +| `id` | 长整型 | 规则ID | `1` | +| `user_identity` | 字符串 | 用户标识(格式:user@host,其中 `%` 表示匹配所有IP),为空表示匹配所有用户 | `"user@%"` | +| `catalog_name` | 字符串 | 目录名,为空表示匹配所有目录 | `"catalog"` | +| `database_name` | 字符串 | 数据库名,为空表示匹配所有数据库 | `"database"` | +| `table_name` | 字符串 | 表名,为空表示匹配所有表 | `"table"` | +| `partition_pattern` | 字符串 | (功能暂未实现) 分区正则表达式,为空表示匹配所有分区 | | +| `rule_type` | 整型 | 规则类型:0-禁止缓存,1-允许缓存 | `0` | +| `enabled` | 布尔类型 | 是否启用:0-停用,1-启用 | `1` | +| `created_time` | 长整型 | 创建时间(UNIX时间戳,秒) | `1766557246` | +| `updated_time` | 长整型 | 更新时间(UNIX时间戳,秒) | `1766557246` | + +#### JSON 文件样例 +```json +[ + { + "id": 1, + "user_identity": "user@%", + "catalog_name": "catalog", + "database_name": "database", + "table_name": "table", + "partition_pattern": "", + "rule_type": 0, + "enabled": 1, + "created_time": 1766557246, + "updated_time": 1766557246 + }, + { + "id": 2, + "user_identity": "", + "catalog_name": "catalog", + "database_name": "", + "table_name": "", + "partition_pattern": "", + "rule_type": 1, + "enabled": 1, + "created_time": 1766557246, + "updated_time": 1766557246 + } +] +``` +#### 从 MySQL 导入规则 +在 Doris 源码库的 `tools/export_mysql_rule_to_json.sh` 路径下提供了辅助脚本,可将已存储在 MySQL 数据库中的缓存准入规则导出为符合上述格式的 JSON 配置文件。 + +### 规则匹配 +#### 规则作用域组合 +| user_identity | catalog_name | database_name | table_name | 规则类型 | +|---------------|--------------|---------------|------------|------------------| +| 非空 | 空 | 空 | 空 | 指定用户全局规则 | +| 非空 | 非空 | 空 | 空 | 指定用户catalog级规则 | +| 非空 | 非空 | 非空 | 空 | 指定用户database库级规则 | +| 非空 | 非空 | 非空 | 非空 | 指定用户table级规则 | +| 空 | 非空 | 空 | 空 | 全体用户catalog级规则 | +| 空 | 非空 | 非空 | 空 | 全体用户database级规则 | +| 空 | 非空 | 非空 | 非空 | 全体用户Table级规则 | + +说明: +- “空”表示该字段在 JSON 中为空字符串 ("") 或省略(效果等同为空)。 +- “非空”表示该字段必须为明确指定的字符串(如 "catalog")。 + +以上七种字段组合构成了所有有效规则。任何不符合层级依赖关系的规则均视为无效,例如:指定了 Database 但 Catalog 为空,或指定了 Table 但 Database 为空。 + +#### 匹配原则 +- **精确优先原则**:按层级从具体到抽象的顺序匹配(Table → Database → Catalog → 全局),优先匹配最精确的规则层级。 +- **安全优先原则**:禁止缓存规则(黑名单)始终优先于允许缓存规则(白名单)进行匹配,确保同层级拒绝访问的决策最先被识别。 +#### 匹配顺序 +```text +1. Table级规则 + a) 黑名单规则 (rule_type=0) + b) 白名单规则 (rule_type=1) +2. Database级规则 + a) 黑名单规则 + b) 白名单规则 +3. Catalog级规则 + a) 黑名单规则 + b) 白名单规则 +4. 全局规则 (user_identity为空) + a) 黑名单规则 + b) 白名单规则 +5. 默认规则 (如果所有规则都不匹配,则默认拒绝缓存,等同于黑名单) +``` +### 缓存决策展示 +可以通过 `EXPLAIN` 命令查看某张表的缓存准入决策详情,包括:决策结果、决策依据以及决策耗时。 +```text +| 0:VHIVE_SCAN_NODE(74) | +| table: test_file_cache_features.tpch1_parquet.lineitem | +| inputSplitNum=10, totalFileSize=205792918, scanRanges=10 | +| partition=1/1 | +| cardinality=1469949, numNodes=1 | +| pushdown agg=NONE | +| file cache request ADMITTED: user_identity:root@%, reason:user table-level whitelist rule, cost:0.058215 ms | +| limit: 1 | +``` +输出字段说明: +- ADMITTED:缓存请求已准入(若为 DENIED 则表示被拒绝) +- user_identity:执行查询的用户 +- reason:命中规则的决策原因。常见值包括: + - user table-level whitelist rule:指定用户Table级白名单规则(当前示例) + - common table-level blacklist rule:全体用户Table级黑名单规则 + - 其他类似规则,格式为:[作用范围] [规则层级] [规则类型] rule +- cost:决策过程耗时(毫秒) + ## 附录 ### 原理 diff --git a/versioned_docs/version-4.x/lakehouse/data-cache.md b/versioned_docs/version-4.x/lakehouse/data-cache.md index 2599d01d95e7f..cbd81081bb106 100644 --- a/versioned_docs/version-4.x/lakehouse/data-cache.md +++ b/versioned_docs/version-4.x/lakehouse/data-cache.md @@ -230,6 +230,124 @@ Field explanations: * ScanBytesFromRemoteStorage: Amount of data scanned and read from remote storage. * BytesWriteIntoCache: Amount of data written to Data Cache during this warmup. +## Cache Admission Control + +The cache admission control feature is disabled by default and needs to be enabled by setting relevant parameters in FE. + +### FE Configuration + +First, configure the cache admission rule information in `fe.conf` and restart the FE node to make the configuration effective. + +| Parameter | Required | Description | +| ----------------------------------------------- | -------- |-------------------------------------------| +| `enable_file_cache_admission_control` | Yes | Whether to enable cache admission control, default is false. | +| `file_cache_admission_control_json_dir` | Yes | The directory path for storing admission rules JSON files. All `.json` files in this directory will be automatically loaded, and any modifications will take effect dynamically. | + +### JSON File Format +#### Field Description +| Field Name | Type | Description | Example | +|--------|------|-------------------------------|-----------------------| +| `id` | Long | Rule ID | `1` | +| `user_identity` | String | User identity (format: user@host, e.g., `%` matches all IPs), empty means matching all users | `"user@%"` | +| `catalog_name` | String | Catalog name, empty means matching all catalogs | `"catalog"` | +| `database_name` | String | Database name, empty means matching all databases | `"database"` | +| `table_name` | String | Table name, empty means matching all tables | `"table"` | +| `partition_pattern` | String | (Not implemented yet) Partition regular expression, empty means matching all partitions | | +| `rule_type` | Integer | Rule type: 0 - Deny cache, 1 - Allow cache | `0` | +| `enabled` | Boolean | Whether enabled: 0 - Disabled, 1 - Enabled | `1` | +| `created_time` | Long | Creation time (UNIX timestamp, seconds) | `1766557246` | +| `updated_time` | Long | Update time (UNIX timestamp, seconds) | `1766557246` | + +#### JSON File Example +```json +[ + { + "id": 1, + "user_identity": "user@%", + "catalog_name": "catalog", + "database_name": "database", + "table_name": "table", + "partition_pattern": "", + "rule_type": 0, + "enabled": 1, + "created_time": 1766557246, + "updated_time": 1766557246 + }, + { + "id": 2, + "user_identity": "", + "catalog_name": "catalog", + "database_name": "", + "table_name": "", + "partition_pattern": "", + "rule_type": 1, + "enabled": 1, + "created_time": 1766557246, + "updated_time": 1766557246 + } +] +``` +#### Import Rules from MySQL +An auxiliary script is provided in the `tools/export_mysql_rule_to_json.sh` path of the Doris source code repository to export cache admission rules already stored in a MySQL database into a JSON configuration file that complies with the above format. + +### Rule Matching +#### Rule Scope Combinations +| user_identity | catalog_name | database_name | table_name | Rule Type | +|---------------|--------------|---------------|------------|------------------| +| Not empty | Empty | Empty | Empty | Global rule for specified user | +| Not empty | Not empty | Empty | Empty | Catalog-level rule for specified user | +| Not empty | Not empty | Not empty | Empty | Database-level rule for specified user | +| Not empty | Not empty | Not empty | Not empty | Table-level rule for specified user | +| Empty | Not empty | Empty | Empty | Catalog-level rule for all users | +| Empty | Not empty | Not empty | Empty | Database-level rule for all users | +| Empty | Not empty | Not empty | Not empty | Table-level rule for all users | + +Description: +- "Empty" means the field is an empty string ("") or omitted in JSON (effect is the same as empty). +- "Not empty" means the field must be a explicitly specified string (e.g., "catalog"). + +The above seven combinations of fields constitute all valid rules. Any rules that do not comply with the hierarchical dependency are considered invalid, for example: Database is specified but Catalog is empty, or Table is specified but Database is empty. + +#### Matching Principles +- **Exact Match First**: Match in order from specific to abstract by hierarchy (Table → Database → Catalog → Global), prioritizing the most precise rule level. +- **Security First**: Deny cache rules (blacklist) always take precedence over allow cache rules (whitelist) during matching, ensuring that decisions to deny access at the same level are identified first. +#### Matching Order +```text +1. Table-level rule + a) Blacklist rule (rule_type=0) + b) Whitelist rule (rule_type=1) +2. Database-level rule + a) Blacklist rule + b) Whitelist rule +3. Catalog-level rule + a) Blacklist rule + b) Whitelist rule +4. Global rule (user_identity is empty) + a) Blacklist rule + b) Whitelist rule +5. Default rule (If no rules match, caching is denied by default, equivalent to a blacklist) +``` +### Display of Cache Decision +You can view the cache admission decision details of a table via the `EXPLAIN` command, including: decision result, decision basis, and decision time cost. +```text +| 0:VHIVE_SCAN_NODE(74) | +| table: test_file_cache_features.tpch1_parquet.lineitem | +| inputSplitNum=10, totalFileSize=205792918, scanRanges=10 | +| partition=1/1 | +| cardinality=1469949, numNodes=1 | +| pushdown agg=NONE | +| file cache request ADMITTED: user_identity:root@%, reason:user table-level whitelist rule, cost:0.058215 ms | +| limit: 1 | +``` +Output field description: +- ADMITTED: Cache request is admitted (DENIED means rejected) +- user_identity: The user executing the query +- reason: The decision reason for hitting the rule. Common values include: + - user table-level whitelist rule: Table-level whitelist rule for specified user (current example) + - common table-level blacklist rule: Table-level blacklist rule for all users + - Other similar rules, format: [scope] [rule level] [rule type] rule +- cost: Time cost of the decision process (milliseconds) + ## Appendix ### Principle