@jepsen_io Completely agreed! I'm aware of a few other instances of reported non-serializable behavior under PostgreSQL SSI: https://www.postgresql.org/message-id/20141021071458.2678.9080%40wrigleys.postgresql.org https://email@example.comfirstname.lastname@example.org Repros: https://github.com/gfredericks/pg-serializability-bug
Anyway, consistency models are a mess; news at 11. 😂
So, while Berenson et al. say that snapshot isolation isn't stronger than repeatable read, PostgreSQL appears to have implicitly adopted the strict interpretation instead, and says that SI is stronger than RR. In fact, SI prohibits *every* anomaly in the strict interpretation of the ANSI SQL standard, including their (narrow) definition of phantoms!
This could still be consistent with the ANSI SQL standard's definition of repeatable read! As Berenson et al. pointed out twenty five years ago (!), the standard is ambiguous. The paper argues that there are two interpretations of the ANSI phenomena: strict, and broad. They say the broad interpretation is what ANSI *meant* to define, and goes on to define and analyze snapshot isolation in those terms. https://www.microsoft.com/en-us/research/wp-content/uploads/2016/02/tr-95-51.pdf
Something odd came up during this review, which Martin Kleppmman previously reported in https://github.com/ept/hermitage/blob/master/postgres.md: PostgreSQL repeatable read isn't repeatable read: it's snapshot isolation, which allows a specific class of G2-item anomalies (those with nonadjacent rw edges) prohibited under formalizations of repeatable read.
A new Jepsen report! It turns out that PostgreSQL's "serializable" isolation was not, in fact, serializable: it exhibited G2-item. A patch is coming in the next minor release. :) http://jepsen.io/analyses/postgresql-12.3
Jepsen 0.2.0 is now available! https://github.com/jepsen-io/jepsen/releases/tag/0.2.0
Manish Jain, from Dgraph Labs, wrote a bit about his experience debugging Jepsen test failures, and how he used OpenCensus traces to get a handle on some tricky bugs: https://dgraph.io/blog/post/solving-jepsen-with-opencensus/
So here's a neat thing postgres 12.3 might do? Maybe I'm doing it wrong, not sure yet.
All these transactions are executed with SERIALIZABLE isolation over lists implemented as comma-separated TEXT fields. `r x [1, 2]` means we read the current value of row x and found it to be [1,2]. `a x 3` means "append 3 to x", like so:
insert into txn1 as t (id, val) values ($1, $2) on conflict (id) do update set val = concat(t.val, ',', $3) where t.id = $4
rw is an anti-dep, ww and wr are deps.
"Note: Because of the way synchronous replication is implemented in PostgreSQL it is still possible to lose transactions even when using synchronous_mode_strict"
oh, okay, cool
is there a postgres replication/HA setup that *doesn't* lose data?
I called this out in the report as well, but the write concern documentation still doesn't say anything about rollbacks/write loss: https://docs.mongodb.com/manual/reference/write-concern/
If users are really aware of, and OK with, with write loss by default (presumably because the probability of failure is small or the impact is low) then it should be fine to talk about it. If users *aren't* aware of this behavior, but most are subject to it by accepting defaults, then of *course* you should educate people about it!
Or, you know, choose safer defaults. That's an option!
MongoDB found a bug in the retry mechanism which they think is responsible for the issues we found in 4.2.6--a fix is scheduled for 4.2.8!
I mean like... 91 points and never even *touched* front page? I know, I know, never read Hacker News, but this is... weird behavior. I know Jepsen's gotten accidentally nuked by the voting ring detector in the past; maybe that's happening again.
Did HN's antispam measures get a lot more aggressive recently? The last handful of Jepsen reports have really struggled to make it to frontpage, despite significantly higher vote-to-age ratios than comparable posts. Once they're on FP, they reliably hit top 10, but Dgraph's actually had to get rescued by a mod, and yesterday's Mongo post never made it past mid-second-page.
To be clear, I don't encourage anyone else to submit or upvote, don't pass around HN page links, submit exactly once, etc.
Also the `snapshot` read concern doesn't actually give you snapshot reads unless you commit with write concern `majority`, and apparently this is... by design? Even for read-only transactions? I have questions!