[SDK] LogRecord attribute limits enforcement

[thc1006]

Fixes #4126.

Implements the LogRecord attribute count and value length limits described
by the logs SDK spec
(https://opentelemetry.io/docs/specs/otel/logs/sdk/#logrecord-limits).
Limits flow from LoggerProvider through LoggerContext to each LogRecord
created by Logger::CreateLogRecord. The infrastructure existed in the
declarative configuration tier (LogRecordLimitsConfiguration) but was
never wired into the runtime pipeline.

What changed

New header sdk/include/opentelemetry/sdk/logs/log_record_limits.h:

• LogRecordLimits struct with spec defaults
  attribute_count_limit = 128 and
  attribute_value_length_limit = SIZE_MAX (unlimited).

SDK Recordable hierarchy:

• Recordable gains a non-pure virtual SetLogRecordLimits with a no-op
  default body. Existing implementations that do not enforce limits
  inherit the no-op and compile unchanged. The virtual is appended at
  the end of the vtable to keep the change additive.
• ReadableLogRecord gains a non-pure virtual GetDroppedAttributesCount
  returning zero by default.
• ReadWriteLogRecord overrides both. SetAttribute checks the count
  limit before inserting and truncates string / array-of-string values
  whose length exceeds the configured limit. Truncation is byte level,
  mirroring the existing Span attribute behavior.
• MultiRecordable propagates SetLogRecordLimits to every wrapped
  recordable.

OTLP exporter:

• OtlpLogRecordable overrides SetLogRecordLimits. SetAttribute
  drops attributes beyond the count limit and increments the proto
  LogRecord.dropped_attributes_count field. Strings and string-array
  values are truncated after OtlpPopulateAttributeUtils::PopulateAttribute
  populates the proto AnyValue.

Wiring:

• LoggerContext owns a LogRecordLimits value and exposes
  GetLogRecordLimits(). A new fourth parameter is appended to the
  existing constructor with a default-constructed default, so existing
  call sites compile unchanged.
• Logger::CreateLogRecord (both ABI v1 and ABI v2 variants) calls
  recordable->SetLogRecordLimits(context_->GetLogRecordLimits())
  immediately after MakeRecordable, before any user attribute write.
• A new LoggerProviderFactory::Create overload accepts
  LogRecordLimits and builds a LoggerContext with those limits
  internally.

Declarative configuration:

• SdkBuilder::CreateLoggerProvider now maps
  LogRecordLimitsConfiguration from the parsed
  LoggerProviderConfiguration to the runtime LogRecordLimits and
  passes them to the new factory overload. The existing FIXME-SDK
  comment about wiring limits is removed.

Tests

sdk/test/logs/log_record_limits_test.cc (new):

• Default behavior: 200 attributes accepted, zero dropped when no
  limits object is supplied.
• Count enforcement: attributes beyond the limit are dropped and
  counted. Replacing an existing key while at the limit must not drop.
• Length truncation for strings and string arrays.
• Type selectivity: only string and array-of-string are truncated;
  int / double / bool pass through.
• Combined count + length case.
• Logger-level wiring test: a TrackingRecordable produced by a
  TrackingProcessor confirms that the limits configured on
  LoggerProvider reach the recordable returned by
  Logger::CreateLogRecord.

exporters/otlp/test/otlp_log_recordable_test.cc augmented with four
cases that verify the proto dropped_attributes_count field and the
string / array truncation logic.

Verification

Built and tested in the otelcpp-dev container:

• Release (gcc, abiv1): log_record_limits_test 9/9,
  otlp_log_recordable_test 23/23, logger_sdk_test 9/9,
  logger_provider_sdk_test 9/9, simple_log_record_processor_test
  10/10, batch_log_record_processor_test 13/13. No regression.
• ABI v2 (clang): log_record_limits_test 9/9.
• -fno-rtti (Bazel nortti CI mirror): log_record_limits_test 9/9,
  otlp_log_recordable_test 23/23.
• clang-format fixed point verified for all touched files.
• IWYU (abiv1-preview): include-list reconciled with diagnostics
  from a local clang-22 run.
• git diff --check whitespace: clean.

Known limitations

• ElasticSearchRecordable is not modified in this PR. It inherits
  the no-op default and does not enforce limits. A follow-up PR can
  add enforcement if desired.
• Truncation is byte level. Strings whose configured limit falls inside
  a multibyte UTF-8 sequence will be truncated mid-sequence, matching
  the existing Span attribute behavior in OtlpRecordable.
• The default branch in the YAML parser
  (ParseLogRecordLimitsConfiguration) keeps the existing
  attribute_value_length_limit = 4096 fallback for callers that
  opt into the limits: block without specifying a length. Aligning
  that fallback with the spec default (unlimited) is left to a follow-up.

[codecov]

Codecov Report

❌ Patch coverage is 98.88889% with 1 line in your changes missing coverage. Please review.
✅ Project coverage is 82.77%. Comparing base (a3d6df7) to head (3144991).
⚠️ Report is 5 commits behind head on main.

Files with missing lines	Patch %	Lines
...clude/opentelemetry/sdk/logs/readable_log_record.h	0.00%	1 Missing ⚠️

Additional details and impacted files

@@            Coverage Diff             @@
##             main    #4157      +/-   ##
==========================================
- Coverage   82.83%   82.77%   -0.06%     
==========================================
  Files         406      409       +3     
  Lines       16913    17024     +111     
==========================================
+ Hits        14009    14090      +81     
- Misses       2904     2934      +30     

Files with missing lines	Coverage Δ
...opentelemetry/exporters/otlp/otlp_log_recordable.h	100.00% <ø> (ø)
exporters/otlp/src/otlp_log_recordable.cc	39.36% <100.00%> (+3.31%)	⬆️
...xporters/otlp/src/otlp_populate_attribute_utils.cc	94.26% <100.00%> (+1.30%)	⬆️
...include/opentelemetry/sdk/common/attribute_utils.h	100.00% <100.00%> (ø)
sdk/include/opentelemetry/sdk/logs/recordable.h	100.00% <100.00%> (ø)
sdk/src/logs/logger.cc	89.91% <100.00%> (+0.19%)	⬆️
sdk/src/logs/logger_context.cc	100.00% <100.00%> (ø)
sdk/src/logs/logger_provider_factory.cc	18.19% <100.00%> (ø)
sdk/src/logs/multi_recordable.cc	91.14% <100.00%> (+0.60%)	⬆️
sdk/src/logs/read_write_log_record.cc	96.91% <100.00%> (+0.57%)	⬆️
... and 1 more

... and 1 file with indirect coverage changes

🚀 New features to boost your workflow:

• ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.

[proost]

@thc1006
I'm working on the feature in here(#4132).
Do you want to implement this feature?

[thc1006]

@proost Hey, thanks for the ping. I went through #4132 and the review thread before pushing #4157. There's a fair bit of substantive work in yours that mine doesn't have: the OTEL_LOGRECORD_* env var integration, the benchmark file, ElasticSearchRecordable enforcement, and the yaml count_limit plumbing.

The reason I went ahead with #4157 even after seeing yours is lalitb's comment from yesterday (#4132 (comment)), which was asking to move enforcement out of the base Recordable hot path and let each recordable handle it the way that fits. That's the shape #4157 takes. Recordable just gains a SetLogRecordLimits virtual with a no-op default body, and the actual enforcement lives in ReadWriteLogRecord and OtlpLogRecordable. Non-enforcing exporters inherit the no-op so they pay nothing.

If the maintainers think #4157 is the better base, I'd like to layer the env vars, benchmark, and ES enforcement on top in follow-ups with attribution to your work. If they prefer the #4132 redesign route, happy to close #4157 and review the new version there.

@marcalff @lalitb would appreciate your call on which to drive forward.

[proost]

@thc1006

Thanks for the explanation.

I'm always open to feedback, and if there were concerns about the direction of #4132, I would have been happy to discuss and adjust it. I do wish those concerns had been raised directly on the PR earlier, as it would have helped avoid duplicated work.

That said, I don't have a strong preference on whose implementation lands. If you would like to continue driving this work, I'm happy to step aside and close #4132 so we don't spend effort maintaining two competing PRs.

So would you like to continue driving this work?

[thc1006]

@proost You're right and that one's on me. The honest reason I missed #4132: I was searching open issues by help wanted label and recent merged PRs for landscape, not by fixes #4126 against open PRs. #4132 has no labels and the title in the open-PR list truncates around "attribute count l...", so I read it as a narrower length-only fix and moved on. That was a diligence gap on my part, not a deliberate decision to bypass your work. Sorry about that.

If you're comfortable stepping aside, yes I'd like to continue with #4157.

After #4157 lands I'd open these as follow-ups:

1. OTEL_LOGRECORD_ATTRIBUTE_VALUE_LENGTH_LIMIT and OTEL_LOGRECORD_ATTRIBUTE_COUNT_LIMIT env-var integration through LogRecordLimits and the SdkBuilder path, modeled on your feat: log record attribute value length limit & attribute count limit #4132 work and adding you as a Co-authored-by on the commit.
2. The benchmark file from feat: log record attribute value length limit & attribute count limit #4132, ported onto the per-recordable enforcement so the numbers reflect the new architecture, attribution in the commit body.
3. ElasticSearchRecordable enforcement following the same SetLogRecordLimits pattern.
4. YAML attribute_count_limit parsing along the lines feat: log record attribute value length limit & attribute count limit #4132 did.

If you'd rather author any of those follow-ups yourself and have me review, that works equally well. Whatever keeps the work landing.

[proost]

Thanks for the clarification and the apology.

I’m happy for you to continue driving this work, so I’ll close #4132 to avoid duplicate effort.

[thc1006]

@proost Thanks for the clean handoff. The reviewer feedback from owent, lalitb, and ThomsonTan on #4132 still applies here, and I'll reference the specific discussions when each follow-up goes up. I'll ping you on each so you can shape the attribution however works for you.

[lalitb]

I think we should avoid storing a pointer to the limits object here. In the normal logger path, CreateLogRecord() sets this from LoggerContext, but the returned LogRecord is an independent unique_ptr. User code can keep that record and call SetAttribute() after the logger/provider/context is gone, which would leave limits_ dangling.

Can we instead copy LogRecordLimits into the recordable instead of storing &limits? The struct is tiny, and it avoids adding a lifetime requirement to LogRecord.

[thc1006]

Agreed. Switched to by-value storage in ba8f9047. The default-constructed value carries the spec defaults (count=128, length=unlimited), so a fresh recordable now enforces the spec count cap from construction — happy to revisit that semantic if you'd prefer a no-op-when-unset sentinel instead.

[dbarker]

Thanks for the PR. Please see comments below.

[dbarker]

please move these common utilities to otlp_populate_attribute_utils.<h, cc> and add tests. They will also need to be used for enforcing the span limits attribute length in a follow up PR.

[thc1006]

Done in c4532cd1. Utf8SafePrefixLength and TruncateProtoAttributeValue (renamed from TruncateProtoStringValue to reflect it covers string_value, bytes_value, and array_value branches) now live as OtlpPopulateAttributeUtils static methods. New exporters/otlp/test/otlp_populate_attribute_utils_test.cc adds 14 direct unit tests — UTF-8 boundary preservation, malformed-input fallback, truncated-tail fallback, invalid lead bytes, bytes_value, array recursion, null safety. The future SpanLimits PR can call both helpers from the OTLP trace recordable.

[dbarker]

This will also be needed to enforce attribute length limits for spans as well. Consider moving to sdk/common/attribute_utils.<h, cc>

[thc1006]

Done in c4532cd1. The SDK byte-length truncation is now sdk::common::TruncateAttributeValueByteLength in sdk/include/opentelemetry/sdk/common/attribute_utils.h (renamed since it covers string, string-array, AND bytes variants). Five new unit tests in sdk/test/common/attribute_utils_test.cc covering all three variants plus shorter-than-budget and non-string types. The future SpanLimits PR can reuse this from ReadWriteSpanData. / / Implementation note: I put it inline in the existing header rather than splitting to a new .cc, since attribute_utils.h is currently header-only (no sdk/src/common/attribute_utils.cc exists) and the helper is ~15 LOC, matching the precedent of sdk/common/custom_hash_equality.h. Happy to split to a new .cc if you'd prefer the standard pattern.

[dbarker]

at the limit this may result in two lookups for an existing attribute (here and line 213 below). Can this just be one lookup for an existing key?

[thc1006]

Done in c4532cd1. SetAttribute now does .find() once, then conditional .emplace() only when inserting a new key. Existing-key replacement and new-key insertion each cost a single hash lookup. The end-to-end behavior contract (count cap drops new keys, replace existing key doesn't increment dropped count) is still verified by CountLimitDropsExcessAttributes and CountLimitReplaceExistingKeyDoesNotDrop.

[dbarker]

please use nostd::get_if since this is a noexcpt method and nostd::get throws.

[thc1006]

Done in 31449913. Rewrote with nostd::get_if (returns nullptr if the alternative doesn't hold) so the noexcept contract is statically honored without any potentially-throwing call. Bonus: the same commit also restores the Bazel link of the new otlp_populate_attribute_utils_test target (missing //sdk/src/metrics transitive dep), which should resolve the 8 Bazel CI failures triggered on the previous push.