[infinispan-dev] L1 Consistency with Sync Caches

William Burns mudokonman at gmail.com
Fri Jun 28 09:39:11 EDT 2013 

On Fri, Jun 28, 2013 at 5:14 AM, Dan Berindei <dan.berindei at gmail.com> wrote:
>
> On Fri, Jun 28, 2013 at 12:17 AM, William Burns <mudokonman at gmail.com>
> wrote:
>>
>> Trying to leave my points that would most likely have responses to
>> second email so we can try to get back to a single thread :)
>>
>
> No such luck :)
>
> Sorry for sending 2 replies in the first place, but it seemed more natural -
> I meant to comment on your proposal in one email and to describe my
> alternative proposal in the second email.
>
>>
>> On Thu, Jun 27, 2013 at 4:12 PM, Dan Berindei <dan.berindei at gmail.com>
>> wrote:
>> >
>> > On Thu, Jun 27, 2013 at 4:18 PM, William Burns <mudokonman at gmail.com>
>> > wrote:
>> >>
>> >> First off I apologize for the length.
>> >>
>> >> There have been a few Jiras recently that have identified L1
>> >> consistency
>> >> issues with both TX and non TX sync caches.  Async caches with L1 have
>> >> their
>> >> own issues as well, but I only wanted to talk about sync caches.
>> >>
>> >> https://issues.jboss.org/browse/ISPN-3197
>> >> https://issues.jboss.org/browse/ISPN-2965
>> >> https://issues.jboss.org/browse/ISPN-2990
>> >>
>> >> I have proposed a solution in
>> >> https://github.com/infinispan/infinispan/pull/1922 which should start
>> >> L1
>> >> consistency down the right track.  There are quite a few comments on it
>> >> if
>> >> you want to look into it more, but because of that I am moving this to
>> >> the
>> >> dev mailing list.
>> >>
>> >> The key changes in the PR are the following (non-tx):
>> >>
>> >> 1. Concurrent reads for a key that can retrieve a remote value are
>> >> "corralled" into a single thread of execution for that given key.  This
>> >> would reduce network traffic with concurrent gets for the same key.
>> >> Note
>> >> the "corralling" only happens on a per key basis.
>> >
>> >
>> > Get commands on owners should not be serialized. Get commands on
>> > non-owners
>> > should not be serialized either, if the key already exists in L1. So I'd
>> > say
>> > L1ReadSynchronizer should be L1WriteSynchronizer instead :)
>>
>> You are suggesting to check the context to see if the key is present
>> before attempting the synchronizer right?  Reading your second email
>> that seems the case :)
>>
>
> Nope, I meant we should check the data container (aka the L1 cache). But
> obviously we have to check the invocation context first in a tx cache, if
> the tx read the key before it should see the same value.
>
I was thinking because the non-tx wraps the value if it is in the data
container before hand.  But actually for non-tx it seems I should
check the data container only and tx I should only check the ctx (to
guarantee read consistency)
>>
>> >
>> >>
>> >> 2. The single thread that is doing the remote get would update the L1
>> >> if
>> >> able (without locking) and make available the value to all the requests
>> >> waiting on the get.
>> >
>> >
>> > Well, L1ReadSynchronizer does prevent other threads from modifying the
>> > same
>> > key, so we are locking the key - just not using LockManager.
>> > It would also require StateTransferLock.acquireSharedTopologyLock() to
>> > make
>> > sure it doesn't write an L1 entry after the node became a proper owner.
>>
>> Agree, when I was saying locking I was meaning through the use of the
>> lock manager.
>>
>> >
>> >>
>> >> 3. Invalidations that are received would first check to see if there is
>> >> a
>> >> current remote get occurring for it's keys.  If there is it will
>> >> attempt to
>> >> cancel the L1 write(s) before it occurs.  If it cannot cancel the L1
>> >> write,
>> >> then it must also wait on the current remote get completion and
>> >> subsequently
>> >> run the invalidation.  Note the cancellation would fail when the remote
>> >> get
>> >> was done and it is in the middle of updating the L1, so this would be
>> >> very
>> >> small window.
>> >
>> >
>> > I think it would be clearer to describe this as the L1 invalidation
>> > cancelling the remote get, not the L1 update, because the actual L1
>> > update
>> > can't be cancelled.
>>
>> When I say L1 update I meant the write to the data container after the
>> remote get.  The invalidation can't stop the remote get, all it does
>> is tell the caller that "Hey don't write the remote value you
>> retrieved into the L1."
>>
>
> Oh right, the get command will still use the value it got from the remote
> node, it just won't write it.
> That makes me wonder, though, if something like this can happen:
>
> 1. A invokes get(k), starts a L1ReadSynchronizer and a remote get to B
> 2. B invokes put(k, v) and sends an invalidation command to A
> 3. The invalidation command cancels the L1 put on A
> 4. A invokes get(k) again, finds the L1ReadSynchronizer from step 1) and
> queues on it
> 5. Both get(k) commands return the same value, even though the value has
> changed on the owner(s).
>

Yeah that was going to be covered in ISPN-2965.  This would be a
problem even with locking since it could be a different node doing the
get.

https://github.com/wburns/infinispan/blob/ISPN-3197-singlethread/core/src/main/java/org/infinispan/interceptors/distribution/L1NonTxInterceptor.java#L341

I also have a test currently that is disabled in the test class that
reproduces this.

https://github.com/wburns/infinispan/blob/ISPN-3197-singlethread/core/src/test/java/org/infinispan/distribution/DistSyncL1FuncTest.java#L351

>
>>
>> >
>> > We also have to remove the logic in AbstractLockingInterceptor that
>> > skips L1
>> > invalidation for a key if it can't acquire a lock with a 0 timeout.
>> >
>> >>
>> >> 4. Local writes will also do the same thing as the invalidation with
>> >> cancelling or waiting.  Note that non tx local writes only do L1
>> >> invalidations and don't write the value to the data container.  Reasons
>> >> why
>> >> I found at https://issues.jboss.org/browse/ISPN-3214
>> >
>> >
>> > I didn't know about ISPN-3214 or that non-tx writes don't write to L1,
>> > but
>> > it sounds fair.
>>
>> Yeah I really wanted that to work, but without some additional checks
>> such as versioned data, I don't see a way to do this without locking
>> at the primary node like tx caches.
>>
>
> In theory, the primary owner could send a synchronous RPC back to the
> originator while it is holding the lock, saying "ok, you can now write the
> value to L1". But I don't think the slowdown from an additional RPC would be
> acceptable.
>

I would agree ;(

>>
>> >
>> >>
>> >> 5. Writes that require the previous value and don't have it in the L1
>> >> would also do it's get operations using the same "corralling" method.
>> >
>> >
>> > The remoteGetBeforeWrites are a bit different - they don't happen on
>> > non-owners, they only happen on writeCH-owners that didn't receive that
>> > entry via state transfer yet. They put the value in the
>> > InvocationContext,
>> > but they don't write it to the data container - nor do they invalidate
>> > the
>> > L1 entry, if it exists.
>>
>> Ah yes that is true, but only for non tx caches it seems.
>>
>
> Right, I wasn't considering the fact that a conditional command may fail...
> I think if that happens, even in non-tx caches EntryWrappingInterceptor may
> write the entry to the data container as an L1 entry. If we move the L1
> writes to the L1 interceptor, we must ensure that EntryWrappingInterceptor
> doesn't write anything to L1 any more.
>

We still need EntryWrappingInterceptor to write to the L1 cache for tx
caches I would think.  We only want to write to the L1 after the tx is
committed for write commands.  Read commands would be fine writing to
the container immediately.  Also I would hope conditional writes
wouldn't update the context with the new value until we knew the write
was successful, should prevent bad data being written there.

>
>>
>> >
>> >>
>> >>
>> >> 4/5 are not currently implemented in PR.
>> >>
>> >> This approach would use no locking for non tx caches for all L1
>> >> operations.  The synchronization point would be done through the
>> >> "corralling" method and invalidations/writes communicating to it.
>> >>
>> >> Transactional caches would do almost the same thing as non-tx.  Note
>> >> these
>> >> changes are not done in any way yet.
>> >>
>> >> 1. Gets would now update the L1 immediately after retrieving the value
>> >> without locking, but still using the "corralling" technique that non-tx
>> >> does.  Previously the L1 update from a get was transactional.  This
>> >> actually
>> >> would remedy issue [1]
>> >>
>> >> 2. Writes currently acquire the remote lock when committing, which is
>> >> why
>> >> tx caches are able to update the L1 with the value.  Writes would do
>> >> the
>> >> same cancellation/wait method as non-tx.
>> >>
>
>
> Hmm, I don't think your current approach for L1 invalidations would work for
> L1 writes, because the actual write to the data container is not
> synchronized (well, technically you still have the 0-timeout locking for
> invalidation commands, but I think you're planning to remove that). So it's
> possible for an L1 write and an L1 invalidation to wait for the same remote
> get and then to get executed in the wrong order.
>

For non-tx that doesn't matter as a write and L1 invalidation both do
invalidation.

For tx it should be fine as well since it will hold the primary owner
lock for the write duration, which includes L1 writes (so only that tx
is writing it's value).  Tx caches don't process the L1 invalidation
message when it comes back since they were the originator also.

>
>>
>> >> 3. Writes that require the previous value and don't have it in the L1
>> >> would also do it's get operations using the same method.
>> >
>> >
>> > Just like for non-tx caches, I don't think these remote gets have to be
>> > stored in L1.
>>
>> Tx caches do the remote get and could cache the L1 value immediately.
>> This would help if the transaction is rolled back or a conditional
>> operation failed etc.  There are some locking concerns, here but I
>> will leave that the other post.
>>
>
> Right, the L1 entry could be immediately written to the data container, but
> not if it complicates things too much: most writes should be successful
> anyway.
>

I agree the writes should be successful, but there is no telling if
the transaction will be committed.  Something else outside of
infinispan could error causing a rollback or at worst case 2PC could
fail prepare (not touching heuristic failures).

Also this would help plug up this hole:
https://issues.jboss.org/browse/ISPN-2965?focusedCommentId=12779780&page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel#comment-12779780

>> >
>> >>
>> >> 4. For tx cache [2] would also have to be done.
>> >>
>> >> [1] -
>> >>
>> >> https://issues.jboss.org/browse/ISPN-2965?focusedCommentId=12779780&page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel#comment-12779780
>> >> [2] - https://issues.jboss.org/browse/ISPN-1540
>> >>
>> >> Also rehashing is another issue, but we should be able to acquire the
>> >> state transfer lock before updating the L1 on a get, just like when an
>> >> entry
>> >> is committed to the data container.
>> >>
>> >
>> > The same for L1 invalidations - we don't want to remove real entries
>> > from
>> > the data container after the local node became an owner.
>>
>> Yeah actually as you mentioned this, it sounds like a hole currently
>> even.  I don't know if this case can happen, but what if you received
>> a L1 invalidation and then got a rehash event right before it was
>> committing it to the container?  It seems the L1 commit to the
>> container would block until it could get the shared topology lock and
>> after it could then removes the value.  I probably need to dig into
>> the state transfer stuff deeper to know myself.
>>
>
> I think that's ok, because the value is stale, and any future
> get/conditional write command will request the new value from the previous
> owners.
>
> I don't think the new value can arrive via a StateResponseCommand and be
> applied to the data container before the invalidation command manages to
> commit, because the put command sends the invalidations first
> (synchronously) and only then commits on the owner.
>

I defer to your judgement here ;-)

>>
>> >
>> >>
>> >> Any comments/concerns would be appreciated.
>> >>
>> >> Thanks,
>> >>
>> >>  - Will
>> >>
>> >> _______________________________________________
>> >> infinispan-dev mailing list
>> >> infinispan-dev at lists.jboss.org
>> >> https://lists.jboss.org/mailman/listinfo/infinispan-dev
>> >
>> >
>> >
>> > _______________________________________________
>> > infinispan-dev mailing list
>> > infinispan-dev at lists.jboss.org
>> > https://lists.jboss.org/mailman/listinfo/infinispan-dev
>> _______________________________________________
>> infinispan-dev mailing list
>> infinispan-dev at lists.jboss.org
>> https://lists.jboss.org/mailman/listinfo/infinispan-dev
>
>
>
> _______________________________________________
> infinispan-dev mailing list
> infinispan-dev at lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/infinispan-dev

More information about the infinispan-dev mailing list