[server] Optimize RemoteLogFetcher with async prefetch for recovery

[Kaixuan-Duan]

Purpose

Linked issue: close #3091
This PR improves KV recovery performance by reducing wait time between remote log segments in RemoteLogFetcher.

Brief change log

• Add a dedicated single-thread download executor for async prefetch.
• Prefetch the next fetchable remote segment while consuming the current one.
• Reuse prefetched file when available; fallback to synchronous download on prefetch failure.
• Ensure cleanup on close: cancel in-flight prefetch, close active iterator/resources, shutdown executor.
• Add a regression test for repeated fetch() to ensure previous iterator cleanup.

Tests

• ./mvnw -pl fluss-server -Dtest=RemoteLogFetcherTest -DfailIfNoTests=false -Dspotless.check.skip=true test

API and Format
No API change. No storage/log format change.

Documentation
No user-facing feature. No documentation update required.

[fresh-borzoni]

@Kaixuan-Duan Thanks for the contribution. I will help to review this PR

One process point: this issue was already assigned and I was actively working on it. In that situation, please coordinate on the issue before opening an overlapping PR. Assignment is not exclusive ownership, but it is an important coordination signal, and skipping it usually leads to duplicated effort and fragmented review.

We can evaluate this PR on its merits, but for future cases please check on the issue first.

[fresh-borzoni]

Ty, direction is right, I left some cooments, PTAL

[fresh-borzoni]

cancel(true) on an already-completed future is a no-op and drops the reference to the downloaded File, which then lives in tempDir until fetcher-level close()

[fresh-borzoni]

shutdownNow() doesn't wait - if a prefetch is mid-flush, it can write to tempDir after deleteDirectoryQuietly runs. Either downloadExecutor.awaitTermination() with a short timeout before deletion, or make downloadSegment interruption-aware (most S3 SDKs don't honor Thread.isInterrupted() during socket reads, so the interrupt from shutdownNow is effectively decorative)

[fresh-borzoni]

If fetch() is called twice, the first Iterable still wraps the now-closed iterator and iterating it re-enters advance() on a closed instance, downloading into the shared tempDir, racing with the new iterator

[fresh-borzoni]

This depends on RemoteLogSegment having value-based equals(), or on both references coming from the same segments list (reference equality). Works today, but safer to compare by segment id tbh.

[fresh-borzoni]

Also catch CancellationException - it's unchecked (extends RuntimeException) and CompletableFuture.get() throws it on a cancelled future. Not a live bug in the current state machine (every cancelPrefetch nulls the field) but cheap defense-in-depth, especially given closed is volatile.

[fresh-borzoni]

non-blocking: Two of the three new tests inject state via reflection (setPrivateField) instead of exercising a real async prefetch - they cover the branches in fetchSegmentFile, but not close-during-real-in-flight-download or the orphan-file cleanup.

Consider one integration-style test with a real slow/failing download source.

[fresh-borzoni]

Non-blocking: No retry on transient S3 failure - one flaky segment fails the entire recovery. In fluss-rust we added exponential backoff (100ms -> 5s with jitter) for this.

[fresh-borzoni]

Prefetch depth hardcoded to 1. If S3 p99 download time > consume time for a segment, the downloader sits idle and the optimization is half-realized. On the Rust side (fluss-rust #187) we landed on configurable depth with default 4 for exactly this reason. Since it's KV depth = 1 might be fine, but it's still better to configure and reason properly