Show more

A new Jepsen report! It turns out that PostgreSQL's "serializable" isolation was not, in fact, serializable: it exhibited G2-item. A patch is coming in the next minor release. :)

Manish Jain, from Dgraph Labs, wrote a bit about his experience debugging Jepsen test failures, and how he used OpenCensus traces to get a handle on some tricky bugs:

So here's a neat thing postgres 12.3 might do? Maybe I'm doing it wrong, not sure yet.

All these transactions are executed with SERIALIZABLE isolation over lists implemented as comma-separated TEXT fields. `r x [1, 2]` means we read the current value of row x and found it to be [1,2]. `a x 3` means "append 3 to x", like so:

insert into txn1 as t (id, val) values ($1, $2) on conflict (id) do update set val = concat(t.val, ',', $3) where = $4

rw is an anti-dep, ww and wr are deps.

"Note: Because of the way synchronous replication is implemented in PostgreSQL it is still possible to lose transactions even when using synchronous_mode_strict"

oh, okay, cool

is there a postgres replication/HA setup that *doesn't* lose data?

Show thread

Anyway, moving on: I'd like to hear from y'all about what kind of Postgres replication you think is safest. Patroni, perhaps?

I called this out in the report as well, but the write concern documentation still doesn't say anything about rollbacks/write loss:

Show thread

If users are really aware of, and OK with, with write loss by default (presumably because the probability of failure is small or the impact is low) then it should be fine to talk about it. If users *aren't* aware of this behavior, but most are subject to it by accepting defaults, then of *course* you should educate people about it!

Or, you know, choose safer defaults. That's an option!

Show thread

I keep thinking about their VLDB paper which says ~80% of writes to MongoDB's hosted service don't set a write concern, and 99.6% of reads don't set a read concern.

Show thread

MongoDB rewrote their Jepsen page, but it still goes to great lengths to avoid talking about write loss or aborted reads, both of which are the default behavior:

Show thread

MongoDB found a bug in the retry mechanism which they think is responsible for the issues we found in 4.2.6--a fix is scheduled for 4.2.8!

I mean like... 91 points and never even *touched* front page? I know, I know, never read Hacker News, but this is... weird behavior. I know Jepsen's gotten accidentally nuked by the voting ring detector in the past; maybe that's happening again.

Show thread

Did HN's antispam measures get a lot more aggressive recently? The last handful of Jepsen reports have really struggled to make it to frontpage, despite significantly higher vote-to-age ratios than comparable posts. Once they're on FP, they reliably hit top 10, but Dgraph's actually had to get rescued by a mod, and yesterday's Mongo post never made it past mid-second-page.

To be clear, I don't encourage anyone else to submit or upvote, don't pass around HN page links, submit exactly once, etc.

Also the `snapshot` read concern doesn't actually give you snapshot reads unless you commit with write concern `majority`, and apparently this is... by design? Even for read-only transactions? I have questions!

Show thread

tl;dr: MongoDB 4.2.6's transactions aren't full ACID, or even snapshot isolated. We found read skew, cyclic information flow, and internal inconsistencies, including transactions which could read their own writes from the future. Ooooh, spooooky!

Also transactions are allowed to lose data & read uncommitted, possibly impossible states by default, because why would you *not* want that behavior from something called a transaction. This was already documented, but I found it surprising!

Show thread

By popular demand, here's a quick take on MongoDB 4.2.6's transaction system. There are CHARTS, there are GRAPHS, okay it's mostly CHARTS OF GRAPHS but they're really cool anomalies and I hope you enjoy them.

Guys, gals, & non-binary pals: it's here! Jepsen 0.1.19 is cut and on Clojars, and offers what I think is the final version of jepsen.generator.pure, the namespace which will replace jepsen.generator in 0.2.x.

Happy testing!

Hey folks! I'm gonna be talking about some new research at RedisConf 2020, which will be streaming free online tomorrow and Wednesday. Check it out!

A report! We worked together with Dgraph Labs to follow up 2018 work on version 1.0.2 (all issues fixed!), and found some new bugs in tablet migration with version 1.1.1:

I'm not totally sold on this API yet, but I've been working on this design for over a year, and it's finally runnable: you can write tests with pure generators, and Jepsen will run them like you'd expect. We'll probably have a compatibility/deprecation release, followed by breaking changes in 0.2.0.

Key advantages:
- No more random deadlocks
- Time limits that actually work right
- Generators can react to ok/fail/info events
- Sequences are intrinsically generators
- Better composition rules

Show thread
Show more

A single-user Mastodon instance for Jepsen announcements & discussion.