Do we fear the serializable isolation level more than we fear subtle bugs?
5 days ago
- #ACID properties
- #concurrency bugs
- #database isolation
- Database transactions need to ensure isolation, with serializable as the true ACID property, but many databases default to weaker levels like read committed in PostgreSQL and MySQL for performance, while distributed databases like CockroachDB and YDB default to serializable.
- Weaker isolation levels (e.g., read committed, repeatable read) can lead to subtle concurrency bugs, including security vulnerabilities like thefts from BTC exchanges, and these bugs are not rare, accounting for about 20% of transaction-related issues in applications.
- Research and examples show that concurrency bugs from weak isolation are common and dangerous, yet there's limited evidence that serializable isolation significantly harms performance; tools for bug detection are less mature than performance testing methods.
- The article argues that using weaker isolation levels is premature optimization and risky, recommending serializable as the default to avoid hard-to-detect bugs, unless already the default as in CockroachDB or YDB.