Just-Right Consistency Geo-distributed DB[ Just-Right Consistency ] [ dotScale Paris 2018-06-01 ] Creative Commons Attribution-ShareAlike 4.0 Intl. License You are free to: • Share

Just-Right Consistency As available as possible

As consistent as necessary Correct by design

Marc Shapiro, Sorbonne-Université—LIP6 & Inria Annette Bieniusa, U. Kaiserslautern

Nuno Preguiça, U. Nova Lisboa Christopher Meiklejohn, U. Catholique de Louvain

Valter Balegas, U. Nova Lisboa

[ Just-Right Consistency ] [ dotScale Paris 2018-06-01 ]

Geo-distributed DB

2

Fault tolerance Fast reads

Replicate updates CAP: CP ∩ AP = ∅


Strong Consistency

3

P

Synchronous updates Consistent under Partition;

not Available

Google Spanner

Application is correct Slow, expensive


Eventual Consistency

4

P

Faster, less expensive Concurrency anomalies

Asynchronous updates Available under Partition;

but not Consistent


Byrum

FMK Fælles Medicinkort

5

RXDr Alice Aalborg Hospital Patient: Mr Bob Pharmacy: Byrum

Causatin: 2 boxes ⟶ 1 Transactol: 1 box

Dr Alice

Patient Bob

Byrum pharma

create (…)

add-med (…)

get-med (…)

process (…)Causatin: 2 boxes ⟶ 1


Byrum

Some invariants

6



Dr Alice

Patient Bob

Byrum pharma

create (…)

add-med (…)

get-med (…)


don't over-deliver

referential

integrity

all


Byrum

Availability + invariants?

7



Dr Alice

Patient Bob

Byrum pharma

create (…)

add-med (…)

get-med (…)


EC does not maintain!

CP is overkill! referential

integrity

all

don't over-deliver


Approach

Consistency: one size does not fit all Correct: maintain invariants

• But often unknown! Methodology:

• Preserve sequential patterns • Synchronise only when strictly

necessary for application

8

P

best possible availability and performance


Concurrent, asynchronous updates • Standard register model: assignments ⟹ CP • AP ⟹ concurrent updates + merge

CRDT: register, counter, set, map, sequence • Plug-in replacement for sequential type

Rx.Patient: write_once_reg. Rx.Meds: set

Concurrent, asynchronous updates • Standard register model: assignments ⟹ CP • AP ⟹ concurrent updates + merge

CRDT: register, counter, set, map, sequence • Plug-in replacement for sequential type

Rx.Patient: write_once_reg. Rx.Meds: set

CRDTs

9

cnt += 1

cnt += 1cnt = 0

cnt += 2

cnt += 2

cnt = 0

add-med(1)

add-med(2)

cnt = 3

cnt = 3

Better than ECCP is overkill!


Byrum

Pattern 1: relative order

10



Dr Alice

Patient Bob

Byrum pharma

create (…)

relative

order 2

1


CP is overkill!


Causal consistency

11

P

1=RHS!

2=LHS!

>1

create-p before add-med • “Bob points to Rx ⟹ Rx valid” • General case: LHS ⟹ RHS • pattern: RHS!; LHS!

Deliver in the right order: Causal Consistency

AP-compatible


Byrum

Pattern 2: joint update

12



Dr Alice

Patient Bob

Byrum pharma

create (…)

joint update


CP is overkill!


patient?

pharma?

All-or-nothing

create-p updates doctor, patient & pharmacy record

Transmit joint updates together + Read from same snapshot AP-compatible

13

Ppharma!

patient!

pharma!

patient?

patient!


Byrum

Pattern 3: precondition

14



Dr Alice

Patient Bob

Byrum pharma

create (…)

add-med (…)

get-med (…)


pre-condition


CP is overkill!


CAP-sensitive invariants

15

cnt –= 1

cnt –= 1

pp(…, 1) cnt ≥ 1

cnt ≥ 0

cnt ≥ 0

cnt ≥ 0

cnt ≥ 0

2

2

1

1

process-p (…, nb) { if cnt ≥ nb // precondition at source

cnt –= nb // at every replica } // cnt ≥ 0 Precondition stable w.r.t. concurrent add-med Concurrency OK


Stable precondition

16

cnt += 3cnt –= 1

cnt ≥ 0

cnt ≥ 0

2

2

add-med (…, 3)

cnt += 3


cnt –= nb // at every replica } // cnt ≥ 0 Precondition stable w.r.t. concurrent add-med Concurrency OK

cnt –= 1

pp(…, 1) cnt ≥ 1

cnt ≥ 0

cnt ≥ 0

4

4


CAP-sensitive invariants

17


cnt –= nb // at every replica } // cnt ≥ 0 Precondition not stable w.r.t. concurrent process-p

• Forbid concurrency? Synchro, CP. • Or remove invariant? AP, degraded semantics

cnt –= 1

cnt –= 1

pp(…, 1) cnt ≥ 1

cnt ≥ 0

cnt ≥ 0

cnt ≥ 0

cnt ≥ 0

2

2

1

1



cnt –= nb // at every replica } // cnt ≥ 0 Precondition not stable w.r.t. concurrent process-p

• Forbid concurrency • Or, give up on invariant

Not stable precondition

18

cnt –= 2

pp(…, 2) cnt ≥ 1

Static Analysis

cnt –= 1

cnt –= 1

pp(…, 1) cnt ≥ 1

cnt ≥ 0

cnt ≥ 0

2

2

cnt ≥ 0

cnt ≥ 0

–1

–1


Summary: Just-Right Consistency

Tailor consistency to application invariants • (possibly unknown)

Baseline: Correct app, 1-copy, one op. at a time Three patterns:

• Ordered updates ⟹ Causal Consistency, AP • Joint updates ⟹ All-or-nothing, AP • CAP-sensitive: precondition ‣ Stable ⟹ concurrent OK. AP. ‣ Otherwise, concurrency control. CP

19 [ Just-Right Consistency ] [ dotScale Paris 2018-06-01 ]

AntidoteDB

CRDT data model • Register, counter, set, map, sequence • Extends sequential semantics

Transactional Causal Consistency (TCC) • Strongest AP model • Supports Joint Updates, Relative Order

CISE static analysis tools Open source, well engineered

20

.eu


Creative Commons Attribution-ShareAlike 4.0

Intl. License

You are free to: • Share — copy and redistribute the material in any medium or

format • Adapt — remix, transform, and build upon the material

for any purpose, even commercially, under the following terms:

Attribution — You must give appropriate credit, provide a link to the license, and indicate if changes were made. You may do so in any reasonable manner, but not in any way that suggests the licensor endorses you or your use.

ShareAlike — If you remix, transform, or build upon the material, you must distribute your contributions under the same license as the original.

21

Documents

Just-Right Consistency Geo-distributed DB[ Just-Right Consistency ] [ dotScale Paris 2018-06-01 ] Creative Commons Attribution-ShareAlike 4.0 Intl. License You are free to: • Share