Thread

  1. Re: serializable read only deferrable

    Kevin Grittner <kevin.grittner@wicourts.gov> — 2010-12-08T19:08:48Z

    Tom Lane <  tgl@sss.pgh.pa.us  > wrote:
    > Hmm.  This patch disallows the case of creating a read-only
    > subtransaction of a read-write parent.  That's a step backwards.
    > I'm not sure how we could enforce that the property not change
    > after the first query of a subxact, but maybe we don't care that
    > much?  Do your optimizations pay attention to local read-only in a
    > subxact?
     
    No, it's all about the top level transaction, as long as the
    subtransaction doesn't do anything which violates the requirements
    of the top level.  (That is, if the top level is not READ ONLY, I
    can't do the optimizations, but it would cause no problem if a
    subtransaction was READ ONLY -- it just wouldn't allow any special
    optimizations.)
     
    I noticed that the standard seems (if I'm reading it correctly) to
    allow subtransactions to switch to more restrictive settings for
    both transaction isolation and read only status than the enclosing
    transaction, but not looser.  I don't think it makes sense in
    PostgreSQL to say (for example) that the top level transaction is
    READ COMMITTED but the subtransaction is SERIALIZABLE, but it might
    make sense to say that the top level transaction is READ WRITE but
    the subtransaction is READ ONLY.  And I see where I broke support
    for that in the patch.
     
    I can fix up the patch if to support it again if you like.  (I think
    it's just a matter of replacing a few lines that I replaced in the
    original patch.)  If you'd rather do it, I'll stay out of your way.
     
    -Kevin
    
    
  2. Re: serializable read only deferrable

    Tom Lane <tgl@sss.pgh.pa.us> — 2010-12-08T19:22:22Z

    "Kevin Grittner" <Kevin.Grittner@wicourts.gov> writes:
    > I noticed that the standard seems (if I'm reading it correctly) to
    > allow subtransactions to switch to more restrictive settings for
    > both transaction isolation and read only status than the enclosing
    > transaction, but not looser.
    
    Yeah.  My recollection is that we've discussed exactly this point with
    respect to isolation level, and decided that we couldn't (or it wasn't
    worthwhile to) allow serializable subxacts inside repeatable read.
    I don't know whether your patch will change that tradeoff.  But I don't
    think it's really been discussed much with respect to read-only, perhaps
    because nobody's paid all that much attention to read-only at all.
    In any case, the behavior you state seems obviously correct, so let's
    see what we can do about getting closer to that.
    
    My guess is that a reasonable fix is to remember the read-only setting
    as of snapshot lockdown, and thereafter to allow changing from
    read-write to read-only but not vice versa.  One thing to watch for
    is allowing subxact exit to restore the previous read-write state.
    (BTW it looks like assign_XactIsoLevel emits a rather useless debug
    message in that case, so that code could stand some cleanup too.  Also,
    that code is set so that it will throw an error even if you're assigning
    the currently active setting, which maybe is overly strict?  Not sure.)
    
    > I can fix up the patch if to support it again if you like.  (I think
    > it's just a matter of replacing a few lines that I replaced in the
    > original patch.)  If you'd rather do it, I'll stay out of your way.
    
    Feel free to have a go at it.
    
    			regards, tom lane
    
    
  3. Re: serializable read only deferrable

    Kevin Grittner <kevin.grittner@wicourts.gov> — 2010-12-08T19:39:15Z

    Tom Lane <tgl@sss.pgh.pa.us> wrote:
    > "Kevin Grittner" <Kevin.Grittner@wicourts.gov> writes:
     
    > One thing to watch for is allowing subxact exit to restore the
    > previous read-write state.
     
    OK.
     
    > BTW it looks like assign_XactIsoLevel emits a rather useless debug
    > message in that case, so that code could stand some cleanup too.
     
    I'll take a look.
     
    > Also, that code is set so that it will throw an error even if
    > you're assigning the currently active setting, which maybe is
    > overly strict?  Not sure.
     
    The standard is tricky to read, but my reading of it is that only
    "LOCAL" changes are allowed after the transaction is underway (which
    I *think* effectively means a subtransaction), and those can't make
    the setting less strict -- you're allowed to specify the same level
    or more strict.  There would be no harm from the perspective of
    anything I'm working on to allow an in-progress transaction to be
    set to what it already has, but that seems to invite confusion and
    error more than provide a helpful feature, as far as I can tell. 
    I'm inclined not to allow it except at the start of a
    subtransaction, but don't feel strongly about it.
     
    >> I can fix up the patch if to support it again if you like.
     
    > Feel free to have a go at it.
     
    Will do.  I notice that I also removed the check for
    RecoveryInProgress(), which I will also restore.  And maybe a
    regression test or two for the subtransaction usages....
     
    -Kevin
    
    
  4. Re: serializable read only deferrable

    Tom Lane <tgl@sss.pgh.pa.us> — 2010-12-08T19:46:25Z

    "Kevin Grittner" <Kevin.Grittner@wicourts.gov> writes:
    > Tom Lane <tgl@sss.pgh.pa.us> wrote:
    >> Also, that code is set so that it will throw an error even if
    >> you're assigning the currently active setting, which maybe is
    >> overly strict?  Not sure.
     
    > The standard is tricky to read, but my reading of it is that only
    > "LOCAL" changes are allowed after the transaction is underway (which
    > I *think* effectively means a subtransaction), and those can't make
    > the setting less strict -- you're allowed to specify the same level
    > or more strict.  There would be no harm from the perspective of
    > anything I'm working on to allow an in-progress transaction to be
    > set to what it already has, but that seems to invite confusion and
    > error more than provide a helpful feature, as far as I can tell. 
    > I'm inclined not to allow it except at the start of a
    > subtransaction, but don't feel strongly about it.
    
    Hmm ...
    
    (1) If the standard says that you're allowed to apply a redundant setting,
    I think we'd better accept that.
    
    (2) I'm not thrilled about the idea of tracking the equivalent of
    FirstSnapshotSet for each subtransaction, which I think would be
    necessary infrastructure to error-check this as tightly as you seem to
    have in mind.  I'd prefer to be a bit laxer in order to have less
    overhead for what is in the end just nanny-ism.  So the implementation
    I had in mind would allow SET TRANSACTION operations to occur later in a
    subxact, as long as they were redundant and weren't actually trying to
    change the active value.
    
    			regards, tom lane
    
    
  5. Re: serializable read only deferrable

    Kevin Grittner <kevin.grittner@wicourts.gov> — 2010-12-08T20:01:10Z

    Tom Lane <tgl@sss.pgh.pa.us> wrote:
     
    > If the standard says that you're allowed to apply a redundant
    > setting, I think we'd better accept that.
     
    OK
     
    > So the implementation I had in mind would allow SET TRANSACTION
    > operations to occur later in a subxact, as long as they were
    > redundant and weren't actually trying to change the active value.
     
    It's easy to see how I can allow changes in the subtransaction as
    long as they don't specify READ WRITE when the top level is READ
    ONLY, but it isn't obvious to me how to only allow it at the start
    of the subtransaction.  I'm OK with taking the easy route on this
    aspect of things, but if someone needs READ ONLY to "stick" for the
    duration of a subtransaction, I'm not sure how to do that.  (And I'm
    not sure you were actually suggesting that, either.)
     
    To restate, since I'm not sure how clear that is, what I have at the
    moment is:
     
    (1) A top level transaction can only set READ ONLY or READ WRITE
    until it has acquired its first snapshot.
     
    (2) A subtransaction can set it at will, as many times as desired,
    to match the top level or specify READ ONLY.
     
    (3) During recovery the setting cannot be changed from READ ONLY to
    READ WRITE.
     
    I'm not clear whether #2 is OK or how to do it only at the start.
    I haven't yet looked at the other issues you mentioned.
     
    -Kevin
    
    
  6. Re: serializable read only deferrable

    Florian G. Pflug <fgp@phlo.org> — 2010-12-08T20:02:41Z

    On Dec8, 2010, at 20:39 , Kevin Grittner wrote:
    > The standard is tricky to read, but my reading of it is that only
    > "LOCAL" changes are allowed after the transaction is underway (which
    > I *think* effectively means a subtransaction), and those can't make
    > the setting less strict -- you're allowed to specify the same level
    > or more strict.  There would be no harm from the perspective of
    > anything I'm working on to allow an in-progress transaction to be
    > set to what it already has, but that seems to invite confusion and
    > error more than provide a helpful feature, as far as I can tell. 
    > I'm inclined not to allow it except at the start of a
    > subtransaction, but don't feel strongly about it.
    
    Hm, I think being able to assert that the isolation level really is SERIALIZABLE by simply doing "SET TRANSACTION ISOLATION LEVEL SERIALIZABLE" would be a great feature for SSI.
    
    Say you've written a trigger which enforces some complex constraint, but is correct only for SERIALIZABLE transactions. By simply sticking a "SET TRANSACTION ISOLATION LEVEL SERIALIZABLE" at the top of the trigger you'd both document that fact it is correct only for SERIALIZABLE transactions *and* prevent corruption should the isolation level be something else due to a pilot error. Nice, simply and quite effective.
    
    BTW, I hope to find some time this evening to review your more detailed proposal for "serializable read only deferrable"
    
    best regards,
    Florian Pflug
    
    
    
  7. Re: serializable read only deferrable

    Tom Lane <tgl@sss.pgh.pa.us> — 2010-12-08T20:06:08Z

    "Kevin Grittner" <Kevin.Grittner@wicourts.gov> writes:
    > Tom Lane <tgl@sss.pgh.pa.us> wrote:
    >> So the implementation I had in mind would allow SET TRANSACTION
    >> operations to occur later in a subxact, as long as they were
    >> redundant and weren't actually trying to change the active value.
     
    > It's easy to see how I can allow changes in the subtransaction as
    > long as they don't specify READ WRITE when the top level is READ
    > ONLY, but it isn't obvious to me how to only allow it at the start
    > of the subtransaction.  I'm OK with taking the easy route on this
    > aspect of things, but if someone needs READ ONLY to "stick" for the
    > duration of a subtransaction, I'm not sure how to do that.  (And I'm
    > not sure you were actually suggesting that, either.)
    
    What I suggested was to not allow read-only -> read-write state
    transitions except (1) before first snapshot in the main xact
    and (2) at subxact exit (the OVERRIDE case).  That seems to accomplish
    the goal.  Now it will also allow dropping down to read-only
    mid-subtransaction, but I don't think forbidding that case is worth
    extra complexity.
    
    			regards, tom lane
    
    
  8. Re: serializable read only deferrable

    Kevin Grittner <kevin.grittner@wicourts.gov> — 2010-12-08T20:12:38Z

    Florian Pflug <fgp@phlo.org> wrote:
     
    > Hm, I think being able to assert that the isolation level really
    > is SERIALIZABLE by simply doing "SET TRANSACTION ISOLATION LEVEL
    > SERIALIZABLE" would be a great feature for SSI.
    > 
    > Say you've written a trigger which enforces some complex
    > constraint, but is correct only for SERIALIZABLE transactions. By
    > simply sticking a "SET TRANSACTION ISOLATION LEVEL SERIALIZABLE"
    > at the top of the trigger you'd both document that fact it is
    > correct only for SERIALIZABLE transactions *and* prevent
    > corruption should the isolation level be something else due to 
    > a pilot error. Nice, simply and quite effective.
     
    It would be great to have a way within a trigger, or possibly other
    functions, to assert that the transaction isolation level is
    serializable.  What gives me pause here is that the standard allows
    you to specify a more strict transaction isolation level within a
    subtransaction without error, so this way of spelling the feature is
    flirting with rather nonstandard behavior.
     
    Is there maybe a better way to check this?
     
    -Kevin
    
    
  9. Re: serializable read only deferrable

    Tom Lane <tgl@sss.pgh.pa.us> — 2010-12-08T20:20:01Z

    "Kevin Grittner" <Kevin.Grittner@wicourts.gov> writes:
    > Florian Pflug <fgp@phlo.org> wrote:
    >> Say you've written a trigger which enforces some complex
    >> constraint, but is correct only for SERIALIZABLE transactions. By
    >> simply sticking a "SET TRANSACTION ISOLATION LEVEL SERIALIZABLE"
    >> at the top of the trigger you'd both document that fact it is
    >> correct only for SERIALIZABLE transactions *and* prevent
    >> corruption should the isolation level be something else due to 
    >> a pilot error. Nice, simply and quite effective.
     
    > It would be great to have a way within a trigger, or possibly other
    > functions, to assert that the transaction isolation level is
    > serializable.  What gives me pause here is that the standard allows
    > you to specify a more strict transaction isolation level within a
    > subtransaction without error, so this way of spelling the feature is
    > flirting with rather nonstandard behavior.
    
    Yes.  This is not the way to provide a feature like that.
     
    > Is there maybe a better way to check this?
    
    You can always read the current setting and throw an error if you
    don't like it.
    
    			regards, tom lane
    
    
  10. Re: serializable read only deferrable

    Kevin Grittner <kevin.grittner@wicourts.gov> — 2010-12-08T21:47:40Z

    Tom Lane <tgl@sss.pgh.pa.us> wrote:
     
    > What I suggested was to not allow read-only -> read-write state
    > transitions except (1) before first snapshot in the main xact
    > and (2) at subxact exit (the OVERRIDE case).  That seems to
    > accomplish the goal.  Now it will also allow dropping down to
    > read-only mid-subtransaction, but I don't think forbidding that
    > case is worth extra complexity.
     
    Attached is version 2.  I think it does everything we discussed,
    except that I'm not sure whether I addressed the assign_XactIsoLevel
    issue you mentioned, since you mentioned a debug message and I only
    see things that look like errors to me.  If I did miss something,
    I'll be happy to take another look if you can point me to the right
    place.
     
    -Kevin
    
  11. Re: serializable read only deferrable

    Tom Lane <tgl@sss.pgh.pa.us> — 2010-12-08T22:09:16Z

    "Kevin Grittner" <Kevin.Grittner@wicourts.gov> writes:
    > except that I'm not sure whether I addressed the assign_XactIsoLevel
    > issue you mentioned, since you mentioned a debug message and I only
    > see things that look like errors to me.  If I did miss something,
    > I'll be happy to take another look if you can point me to the right
    > place.
    
    GUC_complaint_elevel() can return DEBUGn, and in fact will do so in
    the PGC_S_OVERRIDE case.  I'm thinking that the code ought to look
    more like
    
    	/* source == PGC_S_OVERRIDE means do it anyway, eg at xact abort */
    	if (source != PGC_S_OVERRIDE)
    	{
    		check and report all the complaint-worthy cases;
    	}
    
    The original coding was probably sane for initial development, but
    now it just results in useless debug-log traffic for predictable
    perfectly valid cases.
    
    			regards, tom lane
    
    
  12. Re: serializable read only deferrable

    Kevin Grittner <kevin.grittner@wicourts.gov> — 2010-12-08T22:49:07Z

    Tom Lane <tgl@sss.pgh.pa.us> wrote:
     
    > GUC_complaint_elevel() can return DEBUGn, and in fact will do so in
    > the PGC_S_OVERRIDE case.  I'm thinking that the code ought to look
    > more like
    > 
    > 	/* source == PGC_S_OVERRIDE means do it anyway, eg at xact abort
    */
    > 	if (source != PGC_S_OVERRIDE)
    > 	{
    > 		check and report all the complaint-worthy cases;
    > 	}
     
    Done.  Version 3 attached.  I think I've covered all bases now.
     
    -Kevin
    
    
  13. Re: serializable read only deferrable

    Kevin Grittner <kevin.grittner@wicourts.gov> — 2010-12-08T23:34:03Z

    "Kevin Grittner" <Kevin.Grittner@wicourts.gov> wrote:
     
    > Done.  Version 3 attached.
     
    My final tweaks didn't make it into that diff.  Attached is 3a as a
    patch over the version 3 patch.
     
    -Kevin