←back to thread

Stop syncing everything

(sqlsync.dev)
637 points neilk | 3 comments | 31 Mar 25 17:07 UTC | HN request time: 0s | source
Show context
kiitos ◴[02 Apr 25 04:20 UTC] No.43553652[source]
The consistency model doesn't seem to make sense.

https://github.com/orbitinghail/graft/blob/main/docs/design....

> Graft clients commit locally and then asynchronously attempt to commit remotely. Because Graft enforces Strict Serializability globally, when two clients concurrently commit based on the same snapshot, one commit will succeed and the other will fail.

OK, but, the API provides only a single commit operation:

> commit(VolumeId, ClientId, Snapshot LSN, page_count, segments) Commit changes to a Volume if it is safe to do so. The provided Snapshot LSN is the snapshot the commit was based on. Returns the newly committed Snapshot on success.

So if a client commits something, and it succeeds, presumably locally, then how should that client discover that the "async" propagation of that commit has failed, and therefore everything it's done on top of that successful local commit needs to be rolled-back?

This model is kind of conflating multiple, very different, notions of "commit" with each other. Usually "commit" means the committed transaction/state/whatever is guaranteed to be valid. But here it seems like a "local commit" can be invalidated at some arbitrary point in the future, and is something totally different than an "async-validated commit"?

replies(2): >>43553751 #>>43553839 #
carlsverre ◴[02 Apr 25 04:46 UTC] No.43553751[source]
You're right - it's a bit confusing! I took a crack at explaining it in the blog post under the Consistency section: https://sqlsync.dev/posts/stop-syncing-everything/#consisten...

The key idea is that if your system supports offline writes, then by definition the client making those writes can't have general purpose strict serializability. They have to exist under the assumption that when their transactions eventually sync, they are no longer valid. Graft attempts to provide a strong foundation (server side commits are strictly serialized), however let's the client choose how to handle local writes.

A client may choose any of these options:

1. If offline, reject all local writes - wait until we are online to commit

2. Rebase local writes on the latest snapshot when you come back online, resulting in the client experiencing "optimistic snapshot isolation"

3. Merge local changes with remote changes - this probably depends heavily on the datastructure you are storing in Graft. For example, storing a Conflict-Free Replicated Datatype (CRDT) would work nicely

4. Fork the Volume entirely and let the user figure out how to manually merge the branches back together

5. Throw away all local changes (probably not what you want, but it works!)

My goal is to build a building block on top of which edge native systems can be built. But I'm not too opinionated about what local write semantic you're application needs. :)

(edit: added newlines between list items)

replies(1): >>43553773 #
kiitos ◴[02 Apr 25 04:53 UTC] No.43553773[source]
What you've said here is totally different to what the repo docs claim.

The guarantees of Graft's "commit" operation are properties of the Graft system itself. If commit is e.g. strict-serializable when clients satisfy one set of requirements, and isn't strict-serializable if clients don't satisfy those requirements, then "commit" is not strict-serializable.

replies(2): >>43553811 #>>43553829 #
carlsverre ◴[02 Apr 25 05:05 UTC] No.43553811[source]
Just to make sure I understand correctly, would you agree that if clients always synchronously commit (i.e. wait until the MetaStore commit returns ok) before acknowledging any commit locally, the client will experience Strict Serializability?

Assuming you agree with that, what would be a more clear way to explain the tradeoffs and resulting consistency models in the event that a client desires to asynchronously commit?

I think I see the issue, but I'd love to hear your take on how to update the docs.

replies(2): >>43553886 #>>43555730 #
kiitos ◴[02 Apr 25 05:25 UTC] No.43553886[source]
I think I'm probably operating with definitions of client and commit that are different than yours.

Specifically, I don't really see how a client can "commit locally" and "commit globally" as separate things. I understand a client to be something that interacts with your metastore API, which provides a single "commit" operation, that AFAICT will return success/failure based on local commit state, not global state.

Is that not correct?

Later on in the design.md you say

> The Client will be a Rust library ...

which might be the missing link in this discussion. Is the system model here assuming that clients are always gonna be Rust code in the same compilation unit as the Graft crate/library/etc.?

replies(1): >>43557505 #
1. mdavidn ◴[02 Apr 25 15:05 UTC] No.43557505[source]
Graft's definition sounds more like a Git "commit" than one found in a SQL standard. Perhaps that's the source of this confusion?
replies(2): >>43562140 #>>43575487 #
2. drewcoo ◴[02 Apr 25 21:57 UTC] No.43562140[source]
Git is a DVCS. The D stands for distributed, meaning (in old people language) masterless. Git doesn't have a "global."
3. kiitos ◴[03 Apr 25 21:12 UTC] No.43575487[source]
That may be the case, but the Git notion of a "commit" is a domain concept that is unrelated to, and incompatible with, the distsys notion of a "commit". And terminology like "strict serialization" and "snapshot isolation" and so on -- which this system and its docs reference -- are distsys concepts, not Git concepts. So "commit" needs to abide distsys rules, not Git rules, as you can't really mix-and-match definitions across domains.