Communities

Writing
Writing
Codidact Meta
Codidact Meta
The Great Outdoors
The Great Outdoors
Photography & Video
Photography & Video
Scientific Speculation
Scientific Speculation
Cooking
Cooking
Electrical Engineering
Electrical Engineering
Judaism
Judaism
Languages & Linguistics
Languages & Linguistics
Software Development
Software Development
Mathematics
Mathematics
Christianity
Christianity
Code Golf
Code Golf
Music
Music
Physics
Physics
Linux Systems
Linux Systems
Power Users
Power Users
Tabletop RPGs
Tabletop RPGs
Community Proposals
Community Proposals
tag:snake search within a tag
answers:0 unanswered questions
user:xxxx search by author id
score:0.5 posts with 0.5+ score
"snake oil" exact phrase
votes:4 posts with 4+ votes
created:<1w created < 1 week ago
post_type:xxxx type of post
Search help
Notifications
Mark all as read See all your notifications »
Q&A

Welcome to Software Development on Codidact!

Will you help us build our independent community of developers helping developers? We're small and trying to grow. We welcome questions about all aspects of software development, from design to code to QA and more. Got questions? Got answers? Got code you'd like someone to review? Please join us.

Post History

75%
+4 −0
Q&A How to reason about transaction isolation during development

Consider the following code: public class OnlineShoppingService { @Transactional public void cancelOrder(String id) { if (shipmentRepository.findShipmentForOrder(id) != null) { ...

1 answer  ·  posted 4y ago by meriton‭  ·  last activity 4y ago by Alexei‭

#2: Post edited by user avatar meriton‭ · 2021-03-04T21:40:27Z (almost 4 years ago)
  • Consider the following code:
  • public class OnlineShoppingService {
  • @Transactional
  • public void cancelOrder(String id) {
  • if (shipmentRepository.findShipmentForOrder(id) != null) {
  • throw new ConflictException("Shipped orders can not be cancelled!");
  • }
  • orderRepo.findById(id).setCancelled(true);
  • }
  • @Transactional
  • public void ship(String orderId) {
  • var order = orderRepo.findById(orderId);
  • if (order.isCancelled()) {
  • throw new ConflictException("Cancelled orders can not be shipped!");
  • }
  • shipmentRepo.add(new Shipment(order));
  • }
  • (Order and Shipment are versioned JPA entities)
  • At first glance, this code seems to ensure that Shipments only exist for Orders that are not cancelled. Fresh out of university, I'd have been convinced it does ("transactions are atomic, which means indivisible. We can reason about them as if they had executed in sequence").
  • However, in the default isolation level of most databases, read committed, an `Order` can become `cancelled` during the execution of `ship()`. If that happens after the status is checked, but before we commit our transaction, a `Shipment` is created for a cancelled `Order`.
  • How do you prevent such bugs? How do you go about writing correct code and reasoning about its correctness? And how do you explain all that to junior software developers you are mentoring?
  • Do you
  • - hit them with the formal definition of isolation levels, explaining about non-repeatable reads, phantom reads, and ask them to verify that every method they write correctly handles all these phenomena? (seems very time consuming and error prone?)
  • - sidestep the problem by cranking up the isolation level to Serializable ? (I've never seen anyone do that?)
  • - impose an architecture / coding convention that prevents such errors?
  • - something else?
  • PS: I realize this is a rather broad topic; I'm happy to receive partial answers or links to outside references or even books.
  • Consider the following code:
  • public class OnlineShoppingService {
  • @Transactional
  • public void cancelOrder(String id) {
  • if (shipmentRepository.findShipmentForOrder(id) != null) {
  • throw new ConflictException("Shipped orders can not be cancelled!");
  • }
  • orderRepo.findById(id).setCancelled(true);
  • }
  • @Transactional
  • public void ship(String orderId) {
  • var order = orderRepo.findById(orderId);
  • if (order.isCancelled()) {
  • throw new ConflictException("Cancelled orders can not be shipped!");
  • }
  • shipmentRepo.add(new Shipment(order));
  • }
  • (Order and Shipment are versioned JPA entities)
  • At first glance, this code seems to ensure that `Shipments` only exist for `Orders` that are not `cancelled`. Fresh out of university, I'd have been convinced it does ("transactions are atomic, which means indivisible. We can reason about them as if they had executed in sequence").
  • However, in the default isolation level of most databases, read committed, an `Order` can become `cancelled` during the execution of `ship()`. If that happens after the status is checked, but before we commit our transaction, a `Shipment` is created for a cancelled `Order`.
  • How do you prevent such bugs? How do you go about writing correct code and reasoning about its correctness? And how do you explain all that to junior software developers you are mentoring?
  • Do you
  • - hit them with the formal definition of isolation levels, explaining about non-repeatable reads, phantom reads, and ask them to verify that every method they write correctly handles all these phenomena? (seems very time consuming and error prone?)
  • - sidestep the problem by cranking up the isolation level to Serializable ? (I've never seen anyone do that?)
  • - impose an architecture / coding convention that prevents such errors?
  • - something else?
  • PS: I realize this is a rather broad topic; I'm happy to receive partial answers or links to outside references or even books.
#1: Initial revision by user avatar meriton‭ · 2021-03-04T21:34:46Z (almost 4 years ago)
How to reason about transaction isolation during development
Consider the following code:

    public class OnlineShoppingService {

       @Transactional
       public void cancelOrder(String id) {
           if (shipmentRepository.findShipmentForOrder(id) != null) {
               throw new ConflictException("Shipped orders can not be cancelled!");
           }
           orderRepo.findById(id).setCancelled(true);
       }

       @Transactional
       public void ship(String orderId) {
           var order = orderRepo.findById(orderId);
           if (order.isCancelled()) {
               throw new ConflictException("Cancelled orders can not be shipped!");
           }
           shipmentRepo.add(new Shipment(order));
       }

(Order and Shipment are versioned JPA entities)

At first glance, this code seems to ensure that Shipments only exist for Orders that are not cancelled. Fresh out of university, I'd have been convinced it does ("transactions are atomic, which means indivisible. We can reason about them as if they had executed in sequence").

However, in the default isolation level of most databases, read committed, an `Order` can become `cancelled` during the execution of `ship()`. If that happens after the status is checked, but before we commit our transaction, a `Shipment` is created for a cancelled `Order`.

How do you prevent such bugs? How do you go about writing correct code and reasoning about its correctness? And how do you explain all that to junior software developers you are mentoring? 

Do you 

- hit them with the formal definition of isolation levels, explaining about non-repeatable reads, phantom reads, and ask them to verify that every method they write correctly handles all these phenomena? (seems very time consuming and error prone?)
- sidestep the problem by cranking up the isolation level to Serializable ? (I've never seen anyone do that?)
- impose an architecture / coding convention that prevents such errors? 
- something else?

PS: I realize this is a rather broad topic; I'm happy to receive partial answers or links to outside references or even books.