Olav Sandstaa wrote:
> Here is a quick summary of some possible solutions for how to solve
> this problem that have popped up the last days.
> First a summary of what the problem is: when determining if a
> RecordVersion should be visible for a transaction we check the
> RecordVersion's pointer to the transaction object. If this is non-null
> we access several member variables of the transaction object. At least
> one of the inconsistencies that I have seen occurs when the
> transaction object is deleted (and overwritten) just as we are using
> its member variables for determining the visibility of the transaction.
> The list of more or less random ideas for how this can be solved:
> 1. We can stop using the pointer to the transaction and instead locate
> the transaction by searching for it using the transaction id.
> Disadvantage of this: a) searching for the correct transaction could
> become costly. b) we would likely have to introduce an extra data
> structure for locating transaction (e.g. a hash table) and c) we would
> need to acquire the shared lock on the Transaction::committedList.
We already have somebody who does that,
TransactionManager::findTransaction. It doesn't use a hash table (it
could), but whether it does or doesn't, it requires a shared lock and
release. That's way too expensive for checking record visibility.
> 2. We can avoid that the transaction object get deleted "behind our
> back" by acquiring the shared lock on the committed transaction list
> each time we call Transaction::getRelativeState and
> Transaction::visible(). Disadvantage: a) a lot of access to this
> shared lock, potential contention
I agree. Squared.
> 3. An alternative to 2: we introduce a new shared lock for just this
> purpose to avoid the contention on the committed transaction list
> lock. When purging transactions we must acquire an exclusive lock on
> this SyncObject (and we have to reduce the frequency of checking for
> purging of transactions). Disadvantage: a new shared lock that needs
> to be used by both the code checking for visibility and for purging of
> transactions - could still become a hot-spot (I do not think this is
> very different from cycle locking, but I have not thought too much
> about it yet).
I think we need to avoid both locks and interlocked instructions
(increments and decrements) is we're going to keep performance up.
> 4. Avoid having to access the transaction object: "Duplicate" the
> commit information (one integer) in every RecordVersion object. So
> when committing a transaction, we update every record version with the
> commitId of the transaction and all RecordVersion objects:
> Disadvantages: a) duplication of information b) issues with doing the
> commit as an "atomic operation".
This is doable and would be my second choice. Making it visible across
processors might be tricky.
> 5. "Make it safe to access the transaction pointer and transaction
> object": By never deleting the transaction object until all record
> objects pointing to it have been deleted. This would also simplify
> some of the code since we would always have the transaction available.
> Disadvantages: a) foot print would increase since we would potentially
> have a lot of old transaction objects laying around (and we do not
> want to introduce chilling or backlogging of transaction objects :-) )
> b) The current scavenger (or a new transaction scavenger?) would need
> to be able to determine when a transaction object was ready for
> purging. I do not know this part of the code, but it might be solvable
> by having a "record version counter" in each transaction object. c) I
> do not know what extra this would cost but I think it should be
> possible to do without any locking.
That's a lot of dead transaction objects. And it isn't just records
that point to the transaction but also threads that picked up the
transaction pointer and are waiting for someone to purge the transaction
so they can crash Falcon. Evil little suckers, threads.
> 6. Kevin/Jim's proposal to use a cycle locking - I have not had the
> time to consider this in detail but it might perform similar to
> alternative 3 above.
OK, I've got cycle locking on the brain. It doesn't cure everything --
it does nothing about the Palestine problem, for example. But it's a
cheap, non-blocking solution to short duration pointer validity. It 1)
makes it possible to compress intermediate versions, and 2) papers over
problems of transaction pointer validation. Since everyone understands
that the typical software sequence is 0 ... 1 ... 2 ... infinite, there
are clearly other places that a are just screaming for cycle locking.
> I welcome comments and alternative suggestions.
> My current "favorites" this far is 5 (simple, safe and almost lockfree
> - but uses way more memory) and 6 (because it is a great and general
Hmmm. Isn't that just throwing memory at the problem???? (where have
I heard that before?).
I like 6, of course.
> Olav Sandstaa wrote:
>> Jim, Kevin, everybody,
>> I am working on a group of bugs related to transactions not returning
>> the correct data every time. These issues are most likely related to
>> our implementation of isolation levels and visibility of record
>> versions. I have found the cause for one of these bugs but would like
>> input on what is the best way to solve it.
>> The bug I have been analyzing is Bug #41357
>> "falcon.falcon_bug_34351_C fails with assertion IS_CONSISTENT_READ".
>> The assert happens in Table::fetchForUpdate() due to the call to
>> Transaction::getRelativeState() returns CommittedInvisible for a
>> recordVersion when the current
>> transaction is running in isolation level
>> TRANSACTION_WRITE_COMMITTED. This return value
>> should only happen if the isolation level is
>> After having reproduced this assert several times with
>> instrumentation in the source it
>> seems like this problems is caused by that the Transaction object
>> that the recordVersion
>> object has a pointer to and which is used for computing the relative
>> state between the two
>> transaction "changes state" during the execution of
>> Here is what normally happens when the CommittedInvisible state is
>> reached by the following code path:
>> 1. Transaction::getRelativeState() is called and the following code
>> is run:
>> if (transaction->state == Committed)
>> // Return CommittedVisible if the other trans has a lower TransId and
>> // it was committed when we started.
>> if (visible (transaction, transId, FOR_WRITING))
>> return CommittedVisible;
>> return CommittedInvisible;
>> when this code is run the transaction->state == Committed (and the if
>> test is true).
>> This results in Transaction::visible() being called.
>> 2. In the code for Transaction::visible() the following code is run:
>> // If the other transaction is not yet committed, the trans is not
>> if (transaction->state != Committed)
>> return false;
>> When the same test now is evaluated "transaction->state != Committed"
>> this test too
>> succeed and returns that the transaction should not be visible.
>> So based on traces in the code and studying core files it seems like the
>> transaction->state variable changes value from being Committed to not
>> being Committed
>> during the execution of these two methods. This leads to
>> Transaction::visible() returning "false" which again leads to
>> Transaction::getRelativeState() returning CommittedInvisible (and the
>> assert occurs).
>> The reason for the "mysterious" state change (at least in some of the
>> crashes I have reproduced) is that the transaction object which the
>> record version points too is deleted by another thread and thus the
>> check for committed (or not) in Transaction::visible() is now
>> checking "free memory".
>> This situation seems very similar to an issue Kevin had (and still
>> have?) with the scavenger checking which records that can be scavenged.
>> -how do we either handle that Transaction object that is being
>> pointed to by RecordVersion objects are deleted at "any time". Like
>> the code for Transaction::getRelativeState and Transaction::visible()
>> is now this can lead to wrong conclusions about which records are
>> visible or not.
>> -or do we need to introduce some kind of locking so that we can
>> safely use RecordVersion objects and the Transaction object they
>> normally refers to?
>> -or can we do something about the order we clean up old transaction
>> objects versus the record version objects to avoid that we have
>> record object without a transaction object?
>> I do not know enough about this part of the code (yet) to propose a
>> good solution so any suggestions would be appreciated.
President, NimbusDB, Inc.