rfc: SELECT FOR UPDATE #19577
rfc: SELECT FOR UPDATE #19577
Conversation
|
This change is |
|
Review status: 0 of 1 files reviewed at latest revision, 2 unresolved discussions, all commit checks successful. docs/RFCS/20171024_select_for_update.md, line 32 at r1 (raw file):
Are the docs/RFCS/20171024_select_for_update.md, line 184 at r1 (raw file):
It's not clear to me why this would be the case. If this is a serious alternative it needs to be spelled out in more detail. (but I'm also OK moving ahead with writing intents. My experience is that Comments from Reviewable |
|
Review status: 0 of 1 files reviewed at latest revision, 4 unresolved discussions, all commit checks successful. docs/RFCS/20171024_select_for_update.md, line 124 at r1 (raw file):
How would docs/RFCS/20171024_select_for_update.md, line 185 at r1 (raw file):
Another downside is that locking the entire range based on the predicate could result in locking rows that should not be observable by the Comments from Reviewable |
|
Review status: 0 of 1 files reviewed at latest revision, 4 unresolved discussions, all commit checks successful. docs/RFCS/20171024_select_for_update.md, line 32 at r1 (raw file): Previously, bdarnell (Ben Darnell) wrote…
Postgres doesn't allow them outside of the explicit locking clause. I don't think we should either, since it's not clear how they would behave. I can update the text to say that. Comments from Reviewable |
|
Review status: 0 of 1 files reviewed at latest revision, 4 unresolved discussions, all commit checks successful. docs/RFCS/20171024_select_for_update.md, line 184 at r1 (raw file): Previously, bdarnell (Ben Darnell) wrote…
I was thinking that I didn't include much detail since there is a lot of detail in the Revert Command RFC, but I'll add a more explicit link to it. I've added Spencer as a reviewer in case he thinks this is an option we should more seriously consider. Comments from Reviewable |
|
Review status: 0 of 1 files reviewed at latest revision, 4 unresolved discussions, all commit checks successful. docs/RFCS/20171024_select_for_update.md, line 185 at r1 (raw file): Previously, nvanbenschoten (Nathan VanBenschoten) wrote…
Thanks! I'll add this. Comments from Reviewable |
|
Review status: 0 of 1 files reviewed at latest revision, 4 unresolved discussions, all commit checks successful. docs/RFCS/20171024_select_for_update.md, line 124 at r1 (raw file): Previously, nvanbenschoten (Nathan VanBenschoten) wrote…
Right now it looks like it would be ignored, similar to ORDER BY and LIMIT in views. See comment from @a-robinson in data_source.go:getViewPlan(). If ORDER BY and LIMIT are supported, FOR UPDATE would come for free. Comments from Reviewable |
rytaft
force-pushed
the
select-for-update-rfc
branch
from
fee47ce
to
6297864
Compare
|
Thanks! I've made updates based on the comments. Waiting to hear if @spencerkimball has any additional comments about range locks. Review status: 0 of 1 files reviewed at latest revision, 4 unresolved discussions. Comments from Reviewable |
| i.e., no variation in locking strength, no specified tables, and no options for avoiding | ||
| waiting on locks. Using `FOR UPDATE` will result in locking the rows returned by the `SELECT` query | ||
| with exclusive locks. As described above, this feature alone is useful because it helps | ||
| maintain correctness when running CockroachDB in `SNAPSHOT` mode, and serves as a tool for |
There was a problem hiding this comment.
(avoiding write-skew)
| locking the entire range based on the predicate could result in locking rows that should | ||
| not be observable by the `SELECT`. For instance, if the transaction performing the | ||
| `SELECT FOR UPDATE` query over some range is at a lower timestamp than a later write | ||
| within that range, the `FOR UPDATE` lock should not apply to the newly written row. |
There was a problem hiding this comment.
"a later INSERT within that range", could make this easier to understand
| `SELECT FOR UPDATE` query over some range is at a lower timestamp than a later write | ||
| within that range, the `FOR UPDATE` lock should not apply to the newly written row. | ||
| This issue is probably not any worse than the other problems with locking precision described above, | ||
| though. |
rytaft
force-pushed
the
select-for-update-rfc
branch
from
6297864
to
bba3303
Compare
|
Review status: 0 of 1 files reviewed at latest revision, 7 unresolved discussions, some commit checks pending. docs/RFCS/20171024_select_for_update.md, line 66 at r2 (raw file): Previously, vivekmenezes wrote…
Done. Comments from Reviewable |
|
Review status: 0 of 1 files reviewed at latest revision, 7 unresolved discussions, some commit checks pending. docs/RFCS/20171024_select_for_update.md, line 190 at r2 (raw file): Previously, vivekmenezes wrote…
Done. Comments from Reviewable |
|
Review status: 0 of 1 files reviewed at latest revision, 7 unresolved discussions, some commit checks pending. docs/RFCS/20171024_select_for_update.md, line 192 at r2 (raw file): Previously, vivekmenezes wrote…
Thanks! Comments from Reviewable |
|
Final comment period starting now, lasting until mid-day Wednesday. Review status: 0 of 1 files reviewed at latest revision, 7 unresolved discussions, some commit checks pending. Comments from Reviewable |
Update the parser to recognize the SELECT ... FOR UPDATE SQL syntax. Update the SQL layer so scan nodes in the query plan are flagged as lockForUpdate if the SELECT ... FOR UPDATE syntax is used. If a scan node with lockForUpdate is encountered during plan execution, return an error so the user knows that SELECT ... FOR UPDATE is not yet fully supported. This is the first of several commits/PRs needed to support SELECT ... FOR UPDATE. Future commits will implement the changes required at the KV layer, connect the two layers with changes to the KV api, and eliminate the temporary error message introduced in this commit. See PR cockroachdb#19577 for the RFC, and Issue cockroachdb#6583.
Update the parser to recognize the SELECT ... FOR UPDATE SQL syntax. Update the SQL layer so scan nodes in the query plan are flagged as lockForUpdate if the SELECT ... FOR UPDATE syntax is used. If a scan node with lockForUpdate is encountered during plan execution, return an error so the user knows that SELECT ... FOR UPDATE is not yet fully supported. This is the first of several commits/PRs needed to support SELECT ... FOR UPDATE. Future commits will implement the changes required at the KV layer, connect the two layers with changes to the KV api, and eliminate the temporary error message introduced in this commit. See PR cockroachdb#19577 for the RFC, and Issue cockroachdb#6583.
|
nit: in the past we've not started the FCP until 1 week after initial submission of the RFC -- this leaves time to people who take a week vacation to not feel rushed to review when they are back. Review status: 0 of 1 files reviewed at latest revision, 13 unresolved discussions, all commit checks successful. docs/RFCS/20171024_select_for_update.md, line 124 at r1 (raw file): Previously, rytaft wrote…
If the responsibility to lay down the intents is at the row fetcher, then views would be automatically supported and I do not foresee special issues. It would be nice however to analyze / report here in the RFC what pg does with views, as an additional point of consideration for the reviewer(s). docs/RFCS/20171024_select_for_update.md, line 10 at r3 (raw file):
Color me ignorant, but I do not understand what the word "locks" means in this context. Also, I notice it is not explained elsewhere in the RFC. This reviewer would be grateful for a refresher on the context. docs/RFCS/20171024_select_for_update.md, line 22 at r3 (raw file):
This section says "other databases support it", and "there are multiple variations of the thing" However neither this section, nor the RFC as a whole actually:
docs/RFCS/20171024_select_for_update.md, line 26 at r3 (raw file):
I'd like a clarification on this:
docs/RFCS/20171024_select_for_update.md, line 37 at r3 (raw file):
Another thing that bugs me is that pg also functions with MVCC and therefore does not typically uses "locks". Therefore, the abstract concept of locks invoked by this feature/statement is probably translated by pg into something else in the code. I would like to understand more concretely what pg does, because that might inform how to appreciate the rest of the proposal in this RFC. docs/RFCS/20171024_select_for_update.md, line 86 at r3 (raw file):
Please clarify in this section (guide-level explanation) what happens in this case: while the transaction containing that statement is ongoing, should another transaction that only touches the rows with name Consider separately:
I understand you have some words about this below (I also have comments there) but there must be a high-level explanation of this here too. docs/RFCS/20171024_select_for_update.md, line 122 at r3 (raw file):
"to lock the rows returned by the query" -- this contradict the paragraph below.
These two approaches are contradictory. Which one are you taking? Maybe this sentence is the one that is problematic and needs to be removed, so that the rest of the explanation below stands unimpeded. docs/RFCS/20171024_select_for_update.md, line 138 at r3 (raw file):
See my various comments above. I think the word "correctness" here is ... dangerous. The main problem I see is that nowhere so far in the RFC has the reader seen what "correct" even means -- because, as I explained first thing above, there is not yet any discussion of what the feature is intended to achieve and what user expectations are. The correctness only derives from the specification and user expectations -- as long as we don't know whether those two sources of information are flexible wrt precision, we can't derive the statement "lack of precision does not affect correctness". And note that I am already yielding a lot of ground here. If we were to apply our usual relationship with pg docs, "whatever pg does is our spec" -- and therefore, we'd be constrained to be exactly as precise as pg, and therefore the RFC would fall short of this. I'd strongly recommend finding various sources of information that spell out clearly what the intent is and why it's ok to over-lock, and possibly outline briefly / suggest that we must communicate to users that they might need to review their own uses of this feature, if they are already having it in their apps, accordingly. And seriously approach Andy and/or other PMs and ask them to contact our existing "close customers" and ask their opinion on this. Comments from Reviewable |
|
I think this RFC is missing a couple of things that prevent me from being able to review it:
The RFC should make it more clear what our position on each of these uses is, and how the proposal relates to them.
Review status: 0 of 1 files reviewed at latest revision, 16 unresolved discussions, all commit checks successful. docs/RFCS/20171024_select_for_update.md, line 25 at r3 (raw file):
well, is it a no-op or not? docs/RFCS/20171024_select_for_update.md, line 64 at r3 (raw file):
nit: there's many double spaces in this document. Is that intended? docs/RFCS/20171024_select_for_update.md, line 85 at r3 (raw file):
the word "lock" is not one we generally use (at least, we haven't used it before). It's not clear what "any additional locks" means, and it's generally not clear what it means to "lock" a row in crdb. As such, I don't know what this example is telling me, and this "guide" section doesn't really guide me. docs/RFCS/20171024_select_for_update.md, line 122 at r3 (raw file): Previously, knz (kena) wrote…
+1 Comments from Reviewable |
rytaft
force-pushed
the
select-for-update-rfc
branch
from
bba3303
to
c81376e
Compare
|
@knz - Makes sense - should I update the README in the RFC directory to mention this 1 week period? @andreimatei - I've made some changes related to your point (1). Still working on (2) and (3). Review status: 0 of 1 files reviewed at latest revision, 16 unresolved discussions, some commit checks pending. docs/RFCS/20171024_select_for_update.md, line 10 at r3 (raw file): Previously, knz (kena) wrote…
I've added one high-level sentence here, and a lot of detail in the motivation section. Please let me know if you'd like me to add more. docs/RFCS/20171024_select_for_update.md, line 22 at r3 (raw file): Previously, knz (kena) wrote…
I added examples of how it's useful to prevent write skew anomalies and deadlocks. I've also added a paragraph explaining how this should match expectations. But related to your point below, I'll check with Andy about whether the locking precision issues will be a problem for users. docs/RFCS/20171024_select_for_update.md, line 25 at r3 (raw file): Previously, andreimatei (Andrei Matei) wrote…
Fixed - it's not actually a no-op. docs/RFCS/20171024_select_for_update.md, line 26 at r3 (raw file): Previously, knz (kena) wrote…
Added some examples to address these questions. docs/RFCS/20171024_select_for_update.md, line 37 at r3 (raw file): Previously, knz (kena) wrote…
It seems that Postgres uses row-level locks to prevent concurrent updates to the same rows. My understanding is that the difference between 2PL and Postgres' MVCC implementation is that Postgres allows concurrent read/write conflicts, while 2PL uses shared and exclusive locks to prevent these conflicts. But I think both prevent write/write conflicts with locks. docs/RFCS/20171024_select_for_update.md, line 64 at r3 (raw file): Previously, andreimatei (Andrei Matei) wrote…
I've always put two spaces after periods out of habit, but I think you are right that style guides now discourage it. I've removed them :) docs/RFCS/20171024_select_for_update.md, line 85 at r3 (raw file): Previously, andreimatei (Andrei Matei) wrote…
I've added an explanation that "lock" in CockroachDB corresponds to "write intent" docs/RFCS/20171024_select_for_update.md, line 86 at r3 (raw file): Previously, knz (kena) wrote…
Added this example. docs/RFCS/20171024_select_for_update.md, line 122 at r3 (raw file): Previously, andreimatei (Andrei Matei) wrote…
Changed it to say "lock the rows touched by the query". docs/RFCS/20171024_select_for_update.md, line 138 at r3 (raw file): Previously, knz (kena) wrote…
I've added some clarification here. I'll also ask Andy about customer requirements per your suggestion. Comments from Reviewable |
rytaft
force-pushed
the
select-for-update-rfc
branch
from
c81376e
to
dd3d9ee
Compare
|
Review status: 0 of 1 files reviewed at latest revision, 16 unresolved discussions, some commit checks pending. docs/RFCS/20171024_select_for_update.md, line 124 at r1 (raw file): Previously, knz (kena) wrote…
Added one sentence to say that Postgres supports these options. Comments from Reviewable |
|
Review status: 0 of 1 files reviewed at latest revision, 18 unresolved discussions, all commit checks successful. docs/RFCS/20171024_select_for_update.md, line 97 at r4 (raw file):
To be more specific, do any of the third party products that you looked at use them? docs/RFCS/20171024_select_for_update.md, line 129 at r4 (raw file):
Nit, but it might be worth calling out that it specifically only locks rows that already exist, and that preventing inserts matching the Comments from Reviewable |
|
Yes maybe updating the README (in a separate PR) would be a good idea. Reviewed 1 of 1 files at r4. docs/RFCS/20171024_select_for_update.md, line 12 at r4 (raw file):
I'd like another sentence here on "why this is important". Also, now you have written this down, I'd like to ask: what of different transaction priorities? In CockroachDb currently if there is a conflict and the 2nd transaction has a higher priority, the 1st transaction even if it has laid down intents already will be pushed out of the way. Is it OK, in your view, that the SELECT FOR UPDATE feature proposed here is only "locking" the rows for transactions of the same priority level or below? If so that needs to be considered in the discussion below. docs/RFCS/20171024_select_for_update.md, line 40 at r4 (raw file):
After this paragraph and before the next one, you should drive home what happens with SELECT FOR UPDATE and therefore why it prevents write skews. Also a sentence like "... therefore, using SELECT FOR UPDATE lets users obtain some of the performance benefits of using SNAPSHOT isolation instead of SERIALIZABLE, without paying the price of write skews." which justifies the (business) value of doing this. docs/RFCS/20171024_select_for_update.md, line 59 at r4 (raw file):
I do not see how this is true of CockroachDB: 1) CockroachDB only uses intents, no "locks" like pg 2) the scenario above in CockroachDB causes a txn conflict and an abort, not a deadlock. Can you clarify? (If you want to make the point that CockroachDB contains extra code already to avoid deadlock situations, then say so and explain what mechanism is actually used, to clarify.) docs/RFCS/20171024_select_for_update.md, line 66 at r4 (raw file):
aqcuire -> acquire Also I think this paragraph is the point in the discussion where you should start using the word "intent" instead of "lock", and continue doing so for the rest of the RFC. "SELECT FOR UPDATE will ... by allowing transaction to acquire their "locks" (intents in CockroachDB) up front" then below "Since T1 laid intents ("locked") on rows A and B at the start of the txn, the deadlock was prevented. (although this specific example is problematic, as I outline/question in my comment below. But you can use this overall literary approach elsewhere too.) Meanwhile, every time you write something about another engine that does use locks, then use the word "lock". This way, the reader of the text will gradually see with more clarity the difference between when you write about CockroachDB and when you write about something else. docs/RFCS/20171024_select_for_update.md, line 82 at r4 (raw file):
Also, I do not believe this would cause a deadlock in CockroachDB currently. Have you observed this deadlock to be possible in CockroachDB already? If so, this should also be filed as an issue on github, and that issue linked from the top of the RFC. docs/RFCS/20171024_select_for_update.md, line 161 at r4 (raw file):
It would do good to the RFC to either here or below outline how PostgreSQL achieves this. The reason why it's hard in CockroachDB is that we do not flow the primary key of rows being touched during the execution, from the point/node where the rows are read from tables to the point/node where the query's final results are known. If we did flow the PK details (at great throughput and memory expense, we we technically could), we'd be able to be as precise as postgres. I would be very curious to know how pg achieves this without paying the price we'd need to pay. docs/RFCS/20171024_select_for_update.md, line 201 at r4 (raw file):
"it is not possible to use I don't think that's true. Unless you take extra, non-trivial precautions, any docs/RFCS/20171024_select_for_update.md, line 205 at r4 (raw file):
That's also what CockroachDB does. Comments from Reviewable |
|
@tschottdorf - thanks for the comment. Does the above discussion about rewriting the Also, regarding your second point:
I don't think that's true - Postgres is still MVCC-based and writes (including explicit row locks) shouldn't block reads. I just confirmed this with two Postgres terminals. I agree that it's unfortunate that implementing Review status: 0 of 1 files reviewed at latest revision, 27 unresolved discussions, all commit checks successful. Comments from Reviewable |
|
+1 to constraining the first version of SFU to "simple" queries where the PK is used in the WHERE clause (and maybe even limiting the kinds of predicates supported to
In Quartz, if the SFU returns no rows, it inserts the row and then re-runs the SFU, precisely because SFU only locks rows that exist.
So this would turn SFU into a two-step operation, a read followed by a write of the same values, right? This would have a bit of a performance penalty but I like the fact that we don't need to introduce as much new stuff to do it. I think at this point it's probably better to optimize for ease of implementation than for performance, though, so this sounds good to me.
@spencerkimball also found a use for SFU in SERIALIZABLE transactions when testing high-contention scenarios - laying an intent early to get queuing behavior instead of restart behaviors is useful.
Hmm. Write intents in cockroach do block reads, so this has multiple surprising effects. First, we block more than postgres, which may be a surprise but at least it's a conservative surprise that won't introduce any new anomalies. Second, only some reads are blocked since some reads can be served from indexes.
I do not think this alternative meets the requirements for this feature. FOR UPDATE is not necessary to prevent transactional anomalies in SERIALIZABLE transactions, but I still think that implementing it as a no-op would be too surprising since it does have reasonable uses. So I think we have to either A) give up and say that we can't implement FOR UPDATE in an acceptable way (note that SQL Server doesn't support FOR UPDATE, so it's not an absolute requirement, although this is a big hit to our postgres compatibility) or B) implement it by laying down intents and document the differences with postgres. I think the feature is still worth having so I would go forward with the implementation. |
But getting queuing behavior only happens if the timestamps align monotonically. With the proposed implementation, as soon as a lower timestamp queues beyond a higher timestamp, the sucker will have to restart as soon as its woken up! (right?) And this is compounded by the fact that the order of our wake-ups is non-deterministic (I think?). |
|
@rytaft at first glance, I could imagine warming up to that alternative! There has been so much discussion here that I'd have to recollect all the arguments and see how they apply to it, but I think this might be the sweet spot due to the decreased complexity and scope (I assume we were planning to update all indexes, as this is what the vanilla SQL machinery would do). I also assume (but don't know) that that restricted version covers most "reasonable" usage. I'm a bit worried that the mutual exclusion use case still is not addressed (and it does seem that we do want to address it or give up on the Review status: 0 of 1 files reviewed at latest revision, 27 unresolved discussions, all commit checks successful. Comments from Reviewable |
rytaft
force-pushed
the
select-for-update-rfc
branch
from
7e70f1d
to
bc84fb0
Compare
|
Hi all - Based on our meeting today, I have updated the RFC to mark it as rejected and tried to capture all of our reasoning in the document. @bdarnell, @tschottdorf, @andreimatei, @knz, @vivekmenezes - please let me know if you think I missed anything or if you have other feedback. Thanks! Review status: 0 of 1 files reviewed at latest revision, 27 unresolved discussions, some commit checks pending. docs/RFCS/20171024_select_for_update.md, line 338 at r7 (raw file): Previously, tschottdorf (Tobias Schottdorf) wrote…
Added this point. docs/RFCS/20171024_select_for_update.md, line 340 at r7 (raw file): Previously, tschottdorf (Tobias Schottdorf) wrote…
Added this point as a drawback for using scans to set intents. Comments from Reviewable |
|
Looks good! I wrote a summary earlier just to keep it fresh in my mind, which I'm dumping below in case you want to use any of it.
PS: rejected sounds pretty harsh and I hope that isn't what it feels like. I'd be in favor of introducing another state for this sort of outcome - we have something that we think may be worth implementing at some point, but decided the point isn't now. "postponed", "tabled"? cc @bdarnell Review status: 0 of 1 files reviewed at latest revision, 27 unresolved discussions, all commit checks successful. Comments from Reviewable |
|
Yes I concur that "later" or "postponed" is better. |
|
@a-robinson it means that we won't support the syntax at all. Supporting the syntax as a no-op without an opt-in was deemed too dangerous as many folks use it as a stand-in for advisory locks. (As a precedent, we apparently implemented advisory lock functions as no-ops, but we agreed that that was done at a point in time when we weren't as rigorous as we are today). |
|
LGTM |
RFC regarding support of SELECT ... FOR UPDATE SQL syntax. See Issue cockroachdb#6583.
rytaft
force-pushed
the
select-for-update-rfc
branch
from
bc84fb0
to
a8760c3
Compare
|
Thanks, all. @tschottdorf thanks for your summary - I added a couple of sentences to the Drawbacks section with points I had missed. I've updated the status to "postponed". If I don't hear from anyone else, I'll merge this at the end of the day today. Review status: 0 of 1 files reviewed at latest revision, 27 unresolved discussions, some commit checks pending. Comments from Reviewable |
|
Review status: 0 of 1 files reviewed at latest revision, 27 unresolved discussions, some commit checks pending. docs/RFCS/20171024_select_for_update.md, line 243 at r4 (raw file): Previously, awoods187 (Andy Woods) wrote…
👍 Comments from Reviewable |
|
Any status on this ? |
|
@hoeghh I'm not aware that this is anywhere on our roadmap, though our PMs would know more. cc @awoods187 |
|
@hoeghh the data model required to support the traditional (really: old-school) SQL locking facilities is that of a single-node database with shared, highly consistent memory. Trying to implement this data model on top of a distributed data store (any, really, not just CockroachDB) would require serializing operations to a single lock manager shared by all nodes, thereby severely limiting performance and also creating a single point of failure. It is therefore antithetical to the overall resilience mission of CockroachDB, not to say of the general performance requirements of a cloud-native database. So no, we're not planning to implement this, and would like to spend time with you studying your use case and find a different design for your SQL queries. |
|
I'll chime in to also ask, why do you want to use locking? I'm hopeful that we can support your need in another way |
|
@knz @awoods187 Thanks for your answers. I have a big application that supports Postgresql, and i want to run that with cockroachdb instead. But they use the SELECT FOR UPDATE when initializing the database for some reason. I can't change the application as i don't own it. Was hoping it would work, which it didn't. The application is Atlassian Jira. |
There was a problem hiding this comment.
An option that was discussed around this RFC is to allow clients to opt into a no-op implementation of FOR UPDATE. This would allow some apps to get what they wanted out of that clause (since crdb always runs txns with the SERIALIZABLE isolation which is what some applications really wanted). It would not be perfectly appropriate for other use cases.
This would probably not be too hard to do.
Jira is a big name, so it'd be cool to (see if we can) support it. @hoeghh do you happen to have any clues about to the extent that the application would work had it not been for this issue?
Reviewable status:
complete! 0 of 0 LGTMs obtained (and 1 stale) (waiting on @a-robinson, @andreimatei, @awoods187, @bdarnell, @knz, @nvanbenschoten, @tbg, and @vivekmenezes)
|
Andrei actually JIRA combines FOR UPDATE (and locks in general) and relatively long lived txns and expects exceptions in concurrent txns accordingly. So implementing it as a no-op will break functionality in JIRA in strange and mysterious ways. I agree that in many cases the app should not be using the framework API that manipulates lock, and instead use some other API (and the frameworks should be modified to remove this legacy crap that requires locks, to force app developers to not use them) - however that would be a different kind of work. |
RFC regarding support of
SELECT ... FOR UPDATESQL syntax. See Issue #6583.