Conversation

Great work as always, Kyle!

Quote Tweet

Jun 12, 2020

A new Jepsen report! It turns out that PostgreSQL's "serializable" isolation was not, in fact, serializable: it exhibited G2-item. A patch is coming in the next minor release. :) jepsen.io/analyses/postg

Show this thread

Replying to

Thank you for doing this work in Hermitage well before I got there! I'm still trying to figure out whether Jepsen should hold companies specifically to the formalized isolation levels, or allow broad interpretations; I would have thought everyone followed Berenson+ but ...???

Replying to

I'm not sure either. If it was a legal contract, I'm guessing lawyers would apply a test of whether a user of the system would “reasonably expect” a certain behaviour, given the docs and marketing. But since ~nobody understands isolation levels, not sure what users should expect!

Replying to

and

Agree we need to improve the docs, perhaps even consider renaming/aliasing the levels. Still not sure when Berenson RR would be desirable over SI in current real-world systems. Seem those would normally want full serializable? There are good performance reasons for "pure" SI...

Replying to

and

Adya RR is nice because an application which only accesses records by primary key, rather than predicates, can guarantee serializable execution. I think it's easier to reason about than SI, which prevents *non-adjacent* rw dependency edges in cycles, but not adjacent ones.

Replying to

and

Adya's definition of RR is clearly *informed* by classic 2PL, then. Maybe that's appropriate and good, but FWIW it seems unnatural to Postgres hackers (same might be true of Postgres users). The whole idea of primary key reads being special in any way feels kind of alien.

Replying to

and

This excerpt, from Adya's thesis, kinda sums up the situation: ANSI, Berenson, and Adya were all trying to get *away* from defining isolation in terms of locking: pmg.csail.mit.edu/papers/adya-ph

Replying to

and

I don't know how to talk about isolation without talking about concurrency control, and I don't know how to talk about concurrency control without talking about many other things. I'm not the only one. I don't know what that means for the standard; that's above my pay grade.

Replying to

and

I just realized: Jim Melton, who *wrote* that part of the ANSI specification, is actually a co-author on the paper which says the strict interpretation is incorrect! It's just... very weird that Postgres uses SI, but contradicts the paper that defined it arxiv.org/pdf/cs/0701157

Replying to

and

Oracle pretty much popularized SI, and yet they're guilty of exactly the same thing. Furthermore, Oracle "serializable" behavior is in fact snapshot isolation (just like MongoDB, IIUC). So I have to ask: weird compared to what? The standard may simply be beyond reform here.

4:02 AM · Jun 13, 2020Twitter Web App