| blob | 2d4eb6a9f5df04bb0c0b8c5ba34c1a1805c1c820 |
1 <?xml version="1.0" encoding="UTF-8"?>
2 <!--
3 Licensed to the Apache Software Foundation (ASF) under one
4 or more contributor license agreements. See the NOTICE file
5 distributed with this work for additional information
6 regarding copyright ownership. The ASF licenses this file
7 to you under the Apache License, Version 2.0 (the
8 "License"); you may not use this file except in compliance
9 with the License. You may obtain a copy of the License at
11 http://www.apache.org/licenses/LICENSE-2.0
13 Unless required by applicable law or agreed to in writing,
14 software distributed under the License is distributed on an
15 "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
16 KIND, either express or implied. See the License for the
17 specific language governing permissions and limitations
18 under the License.
19 -->
21 <!DOCTYPE document PUBLIC "-//APACHE//DTD Documentation V2.0//EN"
22 "http://forrest.apache.org/dtd/document-v20.dtd">
24 <document xmlns="http://maven.apache.org/XDOC/2.0"
25 xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
26 xsi:schemaLocation="http://maven.apache.org/XDOC/2.0 http://maven.apache.org/xsd/xdoc-2.0.xsd">
27 <properties>
28 <title>
29 Apache HBase (TM) ACID Properties
30 </title>
31 </properties>
33 <body>
34 <section name="About this Document">
35 <p>Apache HBase (TM) is not an ACID compliant database. However, it does guarantee certain specific
36 properties.</p>
37 <p>This specification enumerates the ACID properties of HBase.</p>
38 </section>
39 <section name="Definitions">
40 <p>For the sake of common vocabulary, we define the following terms:</p>
41 <dl>
42 <dt>Atomicity</dt>
43 <dd>an operation is atomic if it either completes entirely or not at all</dd>
45 <dt>Consistency</dt>
46 <dd>
47 all actions cause the table to transition from one valid state directly to another
48 (eg a row will not disappear during an update, etc)
49 </dd>
51 <dt>Isolation</dt>
52 <dd>
53 an operation is isolated if it appears to complete independently of any other concurrent transaction
54 </dd>
56 <dt>Durability</dt>
57 <dd>any update that reports "successful" to the client will not be lost</dd>
59 <dt>Visibility</dt>
60 <dd>an update is considered visible if any subsequent read will see the update as having been committed</dd>
61 </dl>
62 <p>
63 The terms <em>must</em> and <em>may</em> are used as specified by RFC 2119.
64 In short, the word "must" implies that, if some case exists where the statement
65 is not true, it is a bug. The word "may" implies that, even if the guarantee
66 is provided in a current release, users should not rely on it.
67 </p>
68 </section>
69 <section name="APIs to consider">
70 <ul>
71 <li>Read APIs
72 <ul>
73 <li>get</li>
74 <li>scan</li>
75 </ul>
76 </li>
77 <li>Write APIs</li>
78 <ul>
79 <li>put</li>
80 <li>batch put</li>
81 <li>delete</li>
82 </ul>
83 <li>Combination (read-modify-write) APIs</li>
84 <ul>
85 <li>incrementColumnValue</li>
86 <li>checkAndPut</li>
87 </ul>
88 </ul>
89 </section>
91 <section name="Guarantees Provided">
93 <section name="Atomicity">
95 <ol>
96 <li>All mutations are atomic within a row. Any put will either wholly succeed or wholly fail.[3]</li>
97 <ol>
98 <li>An operation that returns a "success" code has completely succeeded.</li>
99 <li>An operation that returns a "failure" code has completely failed.</li>
100 <li>An operation that times out may have succeeded and may have failed. However,
101 it will not have partially succeeded or failed.</li>
102 </ol>
103 <li> This is true even if the mutation crosses multiple column families within a row.</li>
104 <li> APIs that mutate several rows will _not_ be atomic across the multiple rows.
105 For example, a multiput that operates on rows 'a','b', and 'c' may return having
106 mutated some but not all of the rows. In such cases, these APIs will return a list
107 of success codes, each of which may be succeeded, failed, or timed out as described above.</li>
108 <li> The checkAndPut API happens atomically like the typical compareAndSet (CAS) operation
109 found in many hardware architectures.</li>
110 <li> The order of mutations is seen to happen in a well-defined order for each row, with no
111 interleaving. For example, if one writer issues the mutation "a=1,b=1,c=1" and
112 another writer issues the mutation "a=2,b=2,c=2", the row must either
113 be "a=1,b=1,c=1" or "a=2,b=2,c=2" and must <em>not</em> be something
114 like "a=1,b=2,c=1".</li>
115 <ol>
116 <li>Please note that this is not true _across rows_ for multirow batch mutations.</li>
117 </ol>
118 </ol>
119 </section>
120 <section name="Consistency and Isolation">
121 <ol>
122 <li>All rows returned via any access API will consist of a complete row that existed at
123 some point in the table's history.</li>
124 <li>This is true across column families - i.e a get of a full row that occurs concurrent
125 with some mutations 1,2,3,4,5 will return a complete row that existed at some point in time
126 between mutation i and i+1 for some i between 1 and 5.</li>
127 <li>The state of a row will only move forward through the history of edits to it.</li>
128 </ol>
130 <section name="Consistency of Scans">
131 <p>
132 A scan is <strong>not</strong> a consistent view of a table. Scans do
133 <strong>not</strong> exhibit <em>snapshot isolation</em>.
134 </p>
135 <p>
136 Rather, scans have the following properties:
137 </p>
139 <ol>
140 <li>
141 Any row returned by the scan will be a consistent view (i.e. that version
142 of the complete row existed at some point in time) [1]
143 </li>
144 <li>
145 A scan will always reflect a view of the data <em>at least as new as</em>
146 the beginning of the scan. This satisfies the visibility guarantees
147 enumerated below.</li>
148 <ol>
149 <li>For example, if client A writes data X and then communicates via a side
150 channel to client B, any scans started by client B will contain data at least
151 as new as X.</li>
152 <li>A scan _must_ reflect all mutations committed prior to the construction
153 of the scanner, and _may_ reflect some mutations committed subsequent to the
154 construction of the scanner.</li>
155 <li>Scans must include <em>all</em> data written prior to the scan (except in
156 the case where data is subsequently mutated, in which case it _may_ reflect
157 the mutation)</li>
158 </ol>
159 </ol>
160 <p>
161 Those familiar with relational databases will recognize this isolation level as "read committed".
162 </p>
163 <p>
164 Please note that the guarantees listed above regarding scanner consistency
165 are referring to "transaction commit time", not the "timestamp"
166 field of each cell. That is to say, a scanner started at time <em>t</em> may see edits
167 with a timestamp value greater than <em>t</em>, if those edits were committed with a
168 "forward dated" timestamp before the scanner was constructed.
169 </p>
170 </section>
171 </section>
172 <section name="Visibility">
173 <ol>
174 <li> When a client receives a "success" response for any mutation, that
175 mutation is immediately visible to both that client and any client with whom it
176 later communicates through side channels. [3]</li>
177 <li> A row must never exhibit so-called "time-travel" properties. That
178 is to say, if a series of mutations moves a row sequentially through a series of
179 states, any sequence of concurrent reads will return a subsequence of those states.</li>
180 <ol>
181 <li>For example, if a row's cells are mutated using the "incrementColumnValue"
182 API, a client must never see the value of any cell decrease.</li>
183 <li>This is true regardless of which read API is used to read back the mutation.</li>
184 </ol>
185 <li> Any version of a cell that has been returned to a read operation is guaranteed to
186 be durably stored.</li>
187 </ol>
189 </section>
190 <section name="Durability">
191 <ol>
192 <li> All visible data is also durable data. That is to say, a read will never return
193 data that has not been made durable on disk[2]</li>
194 <li> Any operation that returns a "success" code (eg does not throw an exception)
195 will be made durable.[3]</li>
196 <li> Any operation that returns a "failure" code will not be made durable
197 (subject to the Atomicity guarantees above)</li>
198 <li> All reasonable failure scenarios will not affect any of the guarantees of this document.</li>
200 </ol>
201 </section>
202 <section name="Tunability">
203 <p>All of the above guarantees must be possible within Apache HBase. For users who would like to trade
204 off some guarantees for performance, HBase may offer several tuning options. For example:</p>
205 <ul>
206 <li>Visibility may be tuned on a per-read basis to allow stale reads or time travel.</li>
207 <li>Durability may be tuned to only flush data to disk on a periodic basis</li>
208 </ul>
209 </section>
210 </section>
211 <section name="More Information">
212 <p>
213 For more information, see the <a href="book.html#client">client architecture</a> or <a href="book.html#datamodel">data model</a> sections in the Apache HBase Reference Guide.
214 </p>
215 </section>
217 <section name="Footnotes">
218 <p>[1] A consistent view is not guaranteed intra-row scanning -- i.e. fetching a portion of
219 a row in one RPC then going back to fetch another portion of the row in a subsequent RPC.
220 Intra-row scanning happens when you set a limit on how many values to return per Scan#next
221 (See <a href="http://hbase.apache.org/apidocs/org/apache/hadoop/hbase/client/Scan.html#setBatch(int)">Scan#setBatch(int)</a>).
222 </p>
224 <p>[2] In the context of Apache HBase, "durably on disk" implies an hflush() call on the transaction
225 log. This does not actually imply an fsync() to magnetic media, but rather just that the data has been
226 written to the OS cache on all replicas of the log. In the case of a full datacenter power loss, it is
227 possible that the edits are not truly durable.</p>
228 <p>[3] Puts will either wholly succeed or wholly fail, provided that they are actually sent
229 to the RegionServer. If the writebuffer is used, Puts will not be sent until the writebuffer is filled
230 or it is explicitly flushed.</p>
232 </section>
234 </body>
235 </document>