MonkeyDB: Effectively Testing Correctness against Weak Isolation Levels

Modern applications, such as social networking systems and e-commerce platforms are centered around using large-scale storage systems for storing and retrieving data. In the presence of concurrent accesses, these storage systems trade off isolation for performance. The weaker the isolation level, the more behaviors a storage system is allowed to exhibit and it is up to the developer to ensure that their application can tolerate those behaviors. However, these weak behaviors only occur rarely in practice, that too outside the control of the application, making it difficult for developers to test the robustness of their code against weak isolation levels. This paper presents MonkeyDB, a mock storage system for testing storage-backed applications. MonkeyDB supports a Key-Value interface as well as SQL queries under multiple isolation levels. It uses a logical specification of the isolation level to compute, on a read operation, the set of all possible return values. MonkeyDB then returns a value randomly from this set. We show that MonkeyDB provides good coverage of weak behaviors, which is complete in the limit. We test a variety of applications for assertions that fail only under weak isolation. MonkeyDB is able to break each of those assertions in a small number of attempts.

[1]  José Rolando,et al.  Microsoft Azure Cosmos DB revealed : a multi-modal database designed for the Cloud , 2018 .

[2]  Peter Bailis,et al.  ACIDRain: Concurrency-Related Attacks on Database-Backed Web Applications , 2017, SIGMOD Conference.

[3]  Constantin Enea,et al.  Robustness Against Transactional Causal Consistency , 2019, CONCUR.

[4]  Peter Müller,et al.  Serializability for eventual consistency: criterion, analysis, and applications , 2017, POPL.

[5]  Constantin Enea,et al.  Checking Robustness Against Snapshot Isolation , 2019, CAV.

[6]  Suresh Jagannathan,et al.  Automated Detection of Serializability Violations under Weak Consistency , 2018, CONCUR.

[7]  Parosh Aziz Abdulla,et al.  Stateless model checking for TSO and PSO , 2015, Acta Informatica.

[8]  Suresh Jagannathan,et al.  Safe replication through bounded concurrency verification , 2018, Proc. ACM Program. Lang..

[9]  Jim Gray,et al.  A critique of ANSI SQL isolation levels , 1995, SIGMOD '95.

[10]  Sreeja Nair,et al.  Proving the Safety of Highly-Available Distributed Objects , 2020, ESOP.

[11]  Alexey Gotsman,et al.  Robustness against Consistency Models with Atomic Visibility , 2016, CONCUR.

[12]  Werner Vogels,et al.  Dynamo: amazon's highly available key-value store , 2007, SOSP.

[13]  Yang Wang,et al.  IsoDiff: Debugging Anomalies Caused by Weak Isolation , 2020, Proc. VLDB Endow..

[14]  Suresh Jagannathan,et al.  Semantics, Specification, and Bounded Verification of Concurrent Libraries in Replicated Systems , 2020, CAV.

[15]  S. Sudarshan,et al.  Automating the Detection of Snapshot Isolation Anomalies , 2007, VLDB.

[16]  João Leitão,et al.  Automating the Choice of Consistency Levels in Replicated Systems , 2014, USENIX Annual Technical Conference.

[17]  Madan Musuvathi,et al.  Fair stateless model checking , 2008, PLDI '08.

[18]  Suresh Jagannathan,et al.  CLOTHO: directed test generation for weakly consistent database systems , 2019, Proc. ACM Program. Lang..

[19]  Hui Ding,et al.  TAO: Facebook's Distributed Data Store for the Social Graph , 2013, USENIX Annual Technical Conference.

[20]  Alexey Gotsman,et al.  Analysing Snapshot Isolation , 2018, J. ACM.

[21]  Suresh Jagannathan,et al.  Declarative programming over eventually consistent data stores , 2015, PLDI.

[22]  Sanjeev Kumar,et al.  Existential consistency: measuring and understanding consistency at Facebook , 2015, SOSP.

[23]  Patrick E. O'Neil,et al.  Generalized isolation level definitions , 2000, Proceedings of 16th International Conference on Data Engineering (Cat. No.00CB37073).

[24]  Dennis Shasha,et al.  Making snapshot isolation serializable , 2005, TODS.

[25]  Barbara Liskov,et al.  Weak Consistency: A Generalized Theory and Optimistic Implementations for Distributed Transactions , 1999 .

[26]  Carlo Curino,et al.  OLTP-Bench: An Extensible Testbed for Benchmarking Relational Databases , 2013, Proc. VLDB Endow..

[27]  Annette Bieniusa,et al.  Antidote: the highly-available geo-replicated database with strongest guarantees , 2016 .

[28]  Hongseok Yang,et al.  'Cause I'm strong enough: Reasoning about consistency choices in distributed systems , 2016, POPL.

[29]  Ori Lahav,et al.  Effective stateless model checking for C/C++ concurrency , 2017, Proc. ACM Program. Lang..

[30]  Constantin Enea,et al.  On the complexity of checking transactional consistency , 2019, Proc. ACM Program. Lang..

[31]  Alexey Gotsman,et al.  A Framework for Transactional Consistency Models with Atomic Visibility , 2015, CONCUR.

[32]  Michael J. Freedman,et al.  Don't settle for eventual: scalable causal consistency for wide-area storage with COPS , 2011, SOSP.

[33]  Andrew Pavlo,et al.  What Are We Doing With Our Lives?: Nobody Cares About Our Concurrency Control Research , 2017, SIGMOD Conference.

[34]  Peter Müller,et al.  Static serializability analysis for causal consistency , 2018, PLDI.

[35]  Sérgio Duarte,et al.  Putting consistency back into eventual consistency , 2015, EuroSys.

[36]  Christos H. Papadimitriou,et al.  The serializability of concurrent database updates , 1979, JACM.

[37]  Leslie Lamport,et al.  Time, clocks, and the ordering of events in a distributed system , 1978, CACM.

[38]  Burcu Kulahcioglu Ozkan,et al.  Verifying Weakly Consistent Transactional Programs Using Symbolic Execution , 2020, NETYS.