THIS IS A TEST INSTANCE. ALL YOUR CHANGES WILL BE LOST!!!!
...
Hudi currently supports a single writer model and uses MVCC for concurrently updating a table via tables services such as clustering, compaction, cleaning, thus allowing then to run asynchronously without blocking writers. Using MVCC, Hudi is able to provide Snapshot Isolation guarantees. Let's take a quick look at the different levels of isolations and their orders with respect to vulnerabilities such as dirty reads, non-repeatable reads and phantom reads.
With Snapshot Isolation, readers are able to get repeatable reads (get the same result if queried multiple times during the same write/transaction) since each reader works on a "snapshot" of the database, aka specific version of latest committed data seen during the start of that transaction. This is possible with MVCC keeping multiple versions of data. Although, this is only true when there are no write-write conflicts also known as write skews. During a concurrent update of data; since each writer is working with its own "snapshot/version" of the data, snapshot isolation cannot guarantee that no updates are lost if each of the writers were independently modifying the same datum (record or file). Snapshot Isolation hence is vulnerable to update conflicts unless a conflict resolution strategy is applied. Update conflicts are generally solved in different ways as follows (we will not discuss READ_UNCOMMITTED since that violates basic requirements of Hudi anyways)
- READ_COMMITTED isolation level uses pessimistic locks on the data being changed.
- Pros
- Every writer always reads the latest committed data
- Cons
- Starvation since writers contend for pessimistic locks based on when the lock is released
- Non-Repeatable reads (same record or file read multiple times during the same write/transaction) → this is lower level of guarantee than what Hudi already provides with snapshot isolation
- Requires locks at record or file level to allow concurrent transactions to complete in parallel
- Pros
- SERIALIZABLE isolation uses different techniques of achieving serializability such as 2 phase locking (2PL), timestamp ordering for conflict avoidance. Such techniques are fairly complex and probably a non-scalable, overkill for a system like Hudi. The reasons for this is out of the scope of this RFC but can be understood by doing research on the need of 2PL and how it is implemented.
- Pros
- Highest form of isolation and provides many more guarantees than update conflicts (such as no phantom reads, conflict and view serializability etc)
- Cons
- Complex to implement and is generally something that is required for OLTP type systems
- Out of scope of this RFC
- Pros
- SERIALIZABLE_SNAPSHOT_ISOLATION is a variant of serializable isolation without some of the other guarantees provided by serializable isolation level but still providing methodologies to handle update conflicts. This isolation level uses MVCC based snapshot isolation along with a way to resolve update conflicts. There could be multiple ways to achieve this.
- PESSIMISTIC LOCKING
- Acquire a exclusive_lock (reads & writes are blocked) for the entirety of the transaction. For Hudi this could be table level, partition level or file level - each of them have different trade-offs. Additionally, for a system like Hudi, where a writer modifies a batch of data and has no prior understanding of what that batch is, this would mean table level locks for the entirety of duration for the writer.
- Pros
- Achieves our goal of handling update conflicts
- Cons
- May not scale depending on level of locks chosen
- Can eventually make all transactions serial by using table level locks for the entirety of the transaction thus turning it into a serial operation anyways.
- Pros
- Acquire a exclusive_lock (reads & writes are blocked) for the entirety of the transaction. For Hudi this could be table level, partition level or file level - each of them have different trade-offs. Additionally, for a system like Hudi, where a writer modifies a batch of data and has no prior understanding of what that batch is, this would mean table level locks for the entirety of duration for the writer.
- OPTIMISITIC LOCKING
- Allow two concurrent transactions to proceed by reading the latest committed snapshot at the beginning of their transaction. Before committing the transactions, acquire a table level exclusive_lock (reads & writes are blocked) and perform conflict resolution to check if there are conflicting updates. If yes, allow for first transaction (may be using timestamp ordering) to continue to commit and abort the second transaction (which has to be retried).
- Pros
- Achieves our goal of handling update conflicts
- Scales well since only a table level lock is needed
- Lock is acquired only for a small duration of time so allows transactions to run and commit in parallel if no conflicts
- Works well for cases where there is none to light contentions
- Cons
- Requires an external server for locks
- Non performant when there is heavy contention
- Pros
- Allow two concurrent transactions to proceed by reading the latest committed snapshot at the beginning of their transaction. Before committing the transactions, acquire a table level exclusive_lock (reads & writes are blocked) and perform conflict resolution to check if there are conflicting updates. If yes, allow for first transaction (may be using timestamp ordering) to continue to commit and abort the second transaction (which has to be retried).
- LOCK FREE
- Since MVCC keeps a version of every modified data, two concurrent transactions could be allowed to proceed and commit concurrently. With all versions of data present, a conflict resolution and reconciliation mechanism can be applied later by the reader to get the latest, correct state of the datum.
- Pros
- Achieves our goal of handling update conflicts
- No locks are required
- Scales well
- Cons
- Reader has to do additional work of reconciliation which may require additional metadata thus a possibility of increasing disk and compute cost.
- Pros
- Since MVCC keeps a version of every modified data, two concurrent transactions could be allowed to proceed and commit concurrently. With all versions of data present, a conflict resolution and reconciliation mechanism can be applied later by the reader to get the latest, correct state of the datum.
- PESSIMISTIC LOCKING
...
Additionally, it can so happen that writer jobs can hang due to several reasons such as long GC pauses or other code bugs. In this situation, due to lack of heartbeats, a cleaner may end up considering this as a failed write and clean up data and metadata. Hence, we also need to implement similar checks on the writer before committing to ensure we abort such writers.
Ingestion Retry
...
Users cannot run bootstrap in parallel. They need to finish the bootstrap of a non-hudi table into Hudi first, and then start single or multi writers. Rollback of failed bootstrap’s are also inline at the moment. To entertain the option proposed above, the inline rollback from bootstraps will also need to be removed and follow the similar clean up model as inline rollback for regular writers.
Updating
...
Metadata Table
As of RFC-15 (HUDI-1292) there will only be a single writer to the consolidated metadata. We need to ensure that only a single writer updates the metadata table at any point of time. Applying the same changes twice is OK. The reconciliation of the metadata will be done by the metadata reader which will see unique instant times and corresponding metadata.
...
In this RFC, we propose to implement Option 1.
Dependency/Follow up
...
Let's take the example of these overlapping transactions as below
Consider 4 transactions T1, T2, T3, T4 starting and ending at different instants of time. Ideally, as per general transactions in a database, one would assume the following serial order for these transactions if they were to be done in a serial fashion.
This works fine for general purpose database transactions where the input (updates to rows) are already prepared before starting the transactions. In Hudi, this is not true. Due to the nature of LAZY evaluation of data (Dataframes, Datasets etc..), when the actual update is prepared can be different from when the transaction start time. Hence, ordering transactions / updates on the start_commit_timestamp may not yield correct results.
...
An alternate options is to serially order them based on transactions end time (end_commit_timestamp), the serial order would look as follows
As you can see, the T2 jumps from being the second transaction to the last one.
...
Overhead of MergeOnRead (context for advanced readers)
COW vs MOR
Let's dive deeper into the merge cost of MergeOnRead tables.
COW read path
- Vectorized retrieval of latest value of columns
- Predicate pushdown to parquet reader
- No need to perform "merge" operation
- No materialization of columns to rows
- ONE cost for serialization and deserialization
- Parquet to InternalRow for Spark
- Parquet to ColumnRow for Presto
- Parquet to ArrayWriteable for Hive
MOR read path
- NO Vectorized retrieval of latest value of columns, will be slower and result in more CPU time for queries
- Need to perform "merge" operation, requires Memory and CPU to serde, hash lookups etc
- Materialization of columns to rows (whole row is required), increases Memory and I/O cost of how much data is read from disk
- THREE costs for serialization and deserialization
- Parquet to GenericRecord
- LogBlock Avro bytes to GenericRecord
- GenericRecord to InternalRow, ColumnRow, ArrayWriteable for individual query engines
- No Predicate Pushdown even with parquet base files since reading the full row is required to merge contents
...