270 likes | 403 Views
Molecular Transactions. G. Ramalingam Kapil Vaswani Rigorous Software Engineering, MSRI. Simple banking application. ACID Transaction. let transfer from to amount = atomic { match hasBalance from amount with | true -> debit from amount credit to amount SUCCESS
E N D
Molecular Transactions G. Ramalingam Kapil Vaswani Rigorous Software Engineering, MSRI
Simple banking application ACID Transaction let transfer from to amount = atomic { matchhasBalance from amount with | true -> debit from amount credit to amount SUCCESS | false -> INSUFFICIENT_BALANCE } Database Application server Rigorous Software Engineering Microsoft Research, India
? Rigorous Software Engineering Microsoft Research, India
Scalable applications • Support lots of users • TBs of data! • Many concurrent transactions • Unpredictable workload • Key requirements • Available • Fault tolerant • Data consistency • Achieving all at the same time non-trivial! Application server Relational Database Rigorous Software Engineering Microsoft Research, India
Designing for scale Rigorous Software Engineering Microsoft Research, India
Scaling application tier Application server Database Rigorous Software Engineering Microsoft Research, India
Replication Application server Replica Replica Replica Rigorous Software Engineering Microsoft Research, India
Data partitioning Application server A first-class citizen in cloud based storage systems Data partition Data partition Rigorous Software Engineering Microsoft Research, India
Horizontal data partitioning let transfer from to amount = let status = atomic { matchhasBalance from amount with | true -> debit from amount DEBIT_COMPLETE | false -> INSUFFICIENT_BALANCE } Distributed vs. local transactions Database partition Distributed transactions do not scale Azure tables, BigTable, Dynamo do not support distributed transactions! atomic{ matchstatus with | DEBIT_COMPLETE -> credit to amount SUCESSS | _ -> INSUFFICIENT_BALANCE } Database partition Rigorous Software Engineering Microsoft Research, India
Consistency let transfer from to amount = let status = atomic { matchhasBalance from amount with | true -> debit from amount DEBIT_COMPLETE | false -> INSUFFICIENT_BALANCE } Database partition atomic { match status with | DEBIT_COMPLETE -> credit to amount SUCESSS | _ -> INSUFFICIENT_BALANCE } Database partition Rigorous Software Engineering Microsoft Research, India
Rigorous Software Engineering Microsoft Research, India
Compute failures let transfer from to amount = let status = atomic { matchhasBalance from amount with | true -> debit from amount DEBIT_COMPLETE | false -> INSUFFICIENT_BALANCE } Database partition Server failures Database partition Rigorous Software Engineering Microsoft Research, India
Handling compute failures let transfer from to amount = let status = atomic { matchhasBalance from amount with | true -> debit from amount DEBIT_COMPLETE | false -> INSUFFICIENT_BALANCE } Database partition Checkpoint storage atomic{ matchstatus with | DEBIT_COMPLETE -> credit to amount SUCESSS | _ -> INSUFFICIENT_BALANCE } Database partition Rigorous Software Engineering Microsoft Research, India
There’s more…logical failures let transfer from to amount = let status = atomic { matchhasBalance from amount with | true -> debit from amount DEBIT_COMPLETE | false -> INSUFFICIENT_BALANCE } Database partition What if credit fails? e.g. account closed Database partition Rigorous Software Engineering Microsoft Research, India
Handling logical failures withcompensating actions let transfer from to amount = let status = atomic { matchhasBalance from amount with | true -> debit from amount DEBIT_COMPLETE | false -> INSUFFICIENT_BALANCE } let compensate from amount = atomic { credit from amount } Credit fails Rigorous Software Engineering Microsoft Research, India
Molecular transactions Fault-tolerant composition of atomic transactions with compensating actions molecule { atomic { } atomic { } ⇋ ⊗ atomic { } atomic { } ⇋ } Rigorous Software Engineering Microsoft Research, India
Account transfer with MT let transfer from to amount = molecule{ do! atomic { match hasBalancefrom amount with | true -> debit from amount | false -> abort } |> compensateWith<| atomic { credit from amount } return! atomic { match exists to with | true -> credit to amount | false -> abort } } • Hides • Serialization • Messaging • Fault tolerance First atomic step Compensation • No isolation • Compensating actions must semantically undo Second atomic step Rigorous Software Engineering Microsoft Research, India
Implementation Rigorous Software Engineering Microsoft Research, India
System model • Compute agents • May fail at any time • System detects failure and restarts agents • All agent-local state is lost • Partitioned storage • Partitions are units of serializability • Persistent queue • Communication between agents Rigorous Software Engineering Microsoft Research, India
Persistent queue • Not really a queue! • Out-of-order • At-least once • Operations • Enqueue(m) • Get() • Gets a message, makes message invisible • Message re-appears if not dequeued • Dequeue(m) • Permenantly deletes the message Rigorous Software Engineering Microsoft Research, India
Tolerating agent failures • Agent can fail between transactions • Check-pointing • Check-point state after every transaction Rigorous Software Engineering Microsoft Research, India
Check-pointing Enqueue Read Dequeue Database partition Database partition Rigorous Software Engineering Microsoft Research, India
Compute failures Enqueue Read • Transactions may be evaluated more than once! • Messages may be sent more than once! Dequeue Database partition Rigorous Software Engineering Microsoft Research, India
Idempotence • Instrument transactions for idempotence • Assumes key-value store with a unique key constraint • Assign each atomic step in each MT a unique id • Add (unique id, return value) to write set • Idempotence log in transaction’s partition • If transaction evaluates more than once • Unique key violation causes transaction failure • Return stored value Rigorous Software Engineering Microsoft Research, India
Summary • Molecular transactions • Language abstraction for programming weakly consistent applications • Hides messaging, queuing, fault tolerance • Expressed using a monad, lends to declarative, bug-free code • Efficient implementation on cloud based storage systems • Does not require 2PC! • Built a number of applications on Azure • < 10% overheads over hand-written code Rigorous Software Engineering Microsoft Research, India
Open questions • Specifying and reasoning about correctness of molecular transactions • Declarative ways of making consistency/performance trade-offs • Do cloud-based systems provide right primitives? Rigorous Software Engineering Microsoft Research, India
Thank you Questions? Rigorous Software Engineering Microsoft Research, India