Elle: Inferring Isolation Anomalies from Experimental Observations

Users who care about their data store it in databases, which (at least in principle) guarantee some form of transactional isolation. However, experience shows [Kleppmann 2019, Kingsbury and Patella 2019a] that many databases do not provide the isolation guarantees they claim. With the recent proliferation of new distributed databases, demand has grown for checkers that can, by generating client workloads and injecting faults, produce anomalies that witness a violation of a stated guarantee. An ideal checker would be sound (no false positives), efficient (polynomial in history length and concurrency), effective (finding violations in real databases), general (analyzing many patterns of transactions), and informative (justifying the presence of an anomaly with understandable counterexamples). Sadly, we are aware of no checkers that satisfy these goals. We present Elle: a novel checker which infers an Adya-style dependency graph between client-observed transactions. It does so by carefully selecting database objects and operations when generating histories, so as to ensure that the results of database reads reveal information about their version history. Elle can detect every anomaly in Adya et al's formalism [Adya et al. 2000] (except for predicates), discriminate between them, and provide concise explanations of each. This paper makes the following contributions: we present Elle, demonstrate its soundness, measure its efficiency against the current state of the art, and give evidence of its effectiveness via a case study of four real databases.

[1]  Gang Chen,et al.  DGCC: A New Dependency Graph based Concurrency Control Protocol for Multicore Database Systems , 2015, ArXiv.

[2]  Sebastian Burckhardt,et al.  Eventually Consistent Transactions , 2012, ESOP.

[3]  Alan Fekete,et al.  Allocating isolation levels to transactions , 2005, PODS '05.

[4]  Sebastian Burckhardt,et al.  Line-up: a complete and automatic linearizability checker , 2010, PLDI '10.

[5]  Idit Keidar,et al.  Omid, Reloaded: Scalable and Highly-Available Transaction Processing , 2017, FAST.

[6]  Constantin Enea,et al.  On the complexity of checking transactional consistency , 2019, Proc. ACM Program. Lang..

[7]  Frank Dabek,et al.  Large-scale Incremental Processing Using Distributed Transactions and Notifications , 2010, OSDI.

[8]  Peter Müller,et al.  Serializability for eventual consistency: criterion, analysis, and applications , 2017, POPL.

[9]  Michael J. Cahill Serializable isolation for snapshot databases , 2009, TODS.

[10]  P. Cochat,et al.  Et al , 2008, Archives de pediatrie : organe officiel de la Societe francaise de pediatrie.

[11]  Koen Claessen,et al.  QuickCheck: a lightweight tool for random testing of Haskell programs , 2011, SIGP.

[12]  Christopher Frost,et al.  Spanner: Google's Globally-Distributed Database , 2012, OSDI.

[13]  Philip A. Bernstein,et al.  Formal Aspects of Serializability in Database Concurrency Control , 1979, IEEE Transactions on Software Engineering.

[14]  Lorenzo Alvisi,et al.  Seeing is Believing: A Client-Centric Specification of Database Isolation , 2017, PODC.

[15]  Jeannette M. Wing,et al.  Testing and Verifying Concurrent Objects , 1993, J. Parallel Distributed Comput..

[16]  Daniel J. Abadi,et al.  Calvin: fast distributed transactions for partitioned database systems , 2012, SIGMOD Conference.

[17]  Barbara Liskov,et al.  Weak Consistency: A Generalized Theory and Optimistic Implementations for Distributed Transactions , 1999 .

[18]  Maurice Herlihy,et al.  Linearizability: a correctness condition for concurrent objects , 1990, TOPL.

[19]  Rupak Majumdar,et al.  Why is random testing effective for partition tolerance bugs? , 2017, Proc. ACM Program. Lang..

[20]  Philip A. Bernstein,et al.  Concurrency Control in Distributed Database Systems , 1986, CSUR.

[21]  Peter Müller,et al.  Static serializability analysis for causal consistency , 2018, PLDI.

[22]  Phillip B. Gibbons,et al.  Testing Shared Memories , 1997, SIAM J. Comput..

[23]  Christos H. Papadimitriou,et al.  The serializability of concurrent database updates , 1979, JACM.

[24]  Robert E. Tarjan,et al.  Depth-First Search and Linear Graph Algorithms , 1972, SIAM J. Comput..

[25]  Koen Claessen,et al.  QuickCheck: a lightweight tool for random testing of Haskell programs , 2000, ICFP.

[26]  Kenneth Salem,et al.  Lazy database replication with snapshot isolation , 2006, VLDB.

[27]  Alexey Gotsman,et al.  A Framework for Transactional Consistency Models with Atomic Visibility , 2015, CONCUR.