RUM-3175 Fix possible file name conflict during consent change

[ncreated]

What and why?

📦 This PR addresses a potential file name conflict issue during tracking consent changes.

Initially considered a flakiness ❄️ in testWhenWritingEventsWithPendingConsentThenGranted_itUploadsAllEvents() (added in #2063), it was discovered to be a real issue that can occur in certain edge cases.

The conflict happens when files are moved between .pending and .granted folders and events are written immediately before and after the consent change. If this occurs very quickly (under 1ms), the last batch in the pending folder may be named the same as the next batch in the granted folder. Since the SDK does not check if the file exists, the migrated file gets overwritten by the new event:

T - timestamp

[T0] consent: PENDING
[T1] write event A --> batch file created: intermediate/T1
[T1] change consent to GRANTED --> move intermediate/T1 to authorized/T1
[T1] write event B --> batch file created: authorized/T1 
                                           ^ 🐞 The previous T1 with event A is deleted
                                            and replaced with the new batch for event B.

How?

This fix ensures that batch file names are unique, even in the edge case above, by waiting and generating a new file name when a conflict is detected. It guarantees that the new file's timestamp will be at least one precision interval (1ms) later than the existing file, preventing conflicts during consent changes.

Review checklist

• Feature or bugfix MUST have appropriate tests (unit, integration)
• Make sure each commit and the PR mention the Issue number or JIRA reference
• Add CHANGELOG entry for user facing changes
• Add Objective-C interface for public APIs (see our guidelines [internal]) and run make api-surface)

[datadog-datadog-prod-us1]

Datadog Report

Branch report: ncreated/RUM-3175/fix-batch-name-conflict-on-consent-change
Commit report: b6dee1c
Test service: dd-sdk-ios

✅ 0 Failed, 3545 Passed, 0 Skipped, 2m 21.69s Total Time
🔻 Test Sessions change in coverage: 4 decreased, 5 increased, 5 no change

🔻 Code Coverage Decreases vs Default Branch (4)

• test DatadogInternalTests tvOS 79.7% (-0.08%) - Details
• test DatadogSessionReplayTests iOS 33.21% (-0.03%) - Details
• test DatadogTraceTests tvOS 54.28% (-0.02%) - Details
• test DatadogCrashReportingTests tvOS 26.67% (-0.02%) - Details

[mariedm]

Great job identifying this issue! 💪

[mariedm]

I understand that this scenario is rare, but instead of blocking the thread, could we consider appending a random ID to ensure file name uniqueness? Or is a date in the filename required for identification purposes or another logic?

[maxep]

I'm also not a fan of adding a sleep here. Since the date is used to sort batches at upload, can't we just add a 1ms to the dateProvider.now instead?

[ncreated]

Makes sense, I've updated the code to add 1ms in case of a conflict 👍 ✅.

@mariedm, appending a random ID could have more indirect consequences here. On upload trigger, we read the recent batches and sort them by date. Introducing an ID would make the ordering ambiguous if two timestamps are the same, which would require additional code changes to handle these edge cases. For that reason, adjusting the timestamp seems like a less impactful solution.

[mariedm]

In that case I agree, using a random ID doesn't make sense.

[maxep]

Great catch!