"Select for update" 并使用悲观锁定进行更新
"Select for update" and update with pessimistic locking
我正在尝试使用 select 实现悲观锁定以进行更新,因为我希望其他线程等待 selected 行上的锁被释放。
我理解的部分是在经历多个线程 和各种类似的线程之后,如果 select 和更新发生在同一方法中并且因此它们是同一事务的一部分,那么它是可以实现的。
我的问题是我有一个用于 DAO 功能的 JAR,其中有一个 selectforUpdate
方法可用,并且有一个单独的更新方法可用,这两个方法都有一个包含
的 finally 块
resultSet.close();
statement.close();
connection.close();
现在我正在努力寻找是否有一种方法可以从 JAR 外部使用这两种方法,也许是通过使用 @Transactional
注释来注释我的方法并使其以某种方式工作.因此只有在执行更新方法后才会释放该锁。
You're making a mistake. Using the wrong tool for the job. T运行saction levels and FOR UPDATE has the purpose of ensuring data integrity.时期。 It it isn't designed for control flow and if you use it for this, it will bite you in the butt sooner rather than later.
Let me try to explain what SELECT FOR UPDATE
is for, so that, when later I tell you that it is most definitely not for what you're trying to do with it, it is easier to follow.
Imagine a bank. Simple enough. The bank has some ATMs out front and a website where you can see your t运行sactions and t运行sfer money to other accounts.
Imagine you (ABC) and I (Reinier) are trying to fleece the bank some. Here is our plan: We set it up so that you have €1000,- in your account and I have nothing.
Then, you log into the website from your phone, and start a t运行sfer, t运行sferring €1000,- to my account. But, while you're doing that, right in the middle, you withdraw €10,- from the ATM.
If the bank messed up their t运行sactions, it's possible you end up with €990,- in your account and I have €1000,- in my account, and we fleeced the bank. This is how that could happen (and if halfway through the example you think: I already know this stuff, I know what FOR UPDATE does! - I'm not so sure you do, read it carefully)
ATM code
startTransaction();
int currentBalance = sql("SELECT balance FROM account WHERE user = ?", abc);
if (currentBalance < requestedWithdrawal) throw new InsufficientFundsEx();
sql("UPDATE account SET balance = ? WHERE user = ?", currentBalance - requestedWithdrawal, abc);
commit();
moneyHopper.spitOut(requestedWithdrawal();
Website code
startTransaction();
int balanceTo = sql("SELECT balance FROM account WHERE user = ?", reinier);
int balanceFrom = sql("SELECT balance FROM account WHERE user = ?", abc);
if (transfer > balanceFrom) throw new InsufficientFundsEx();
sql("UPDATE account SET balance = ? WHERE user = ?", balanceTo + transfer, reinier);
sql("UPDATE account SET balance = ? WHERE user = ?", balanceFrom - transfer, abc);
commit();
controller.notifyTransferSucceeded();
How it can go wrong
The way it goes wrong is if the balanceTo
and balanceFrom
are 'locked in', then the ATM withdrawal goes through, and then the update SQL statements from the website t运行saction go through (this wipes out the ATM withdrawal, effectively - whatever the ATM spit out is free money), or if the ATM's balance check locks in, then the t运行sfer goes through, and then the ATM's update goes through (which gives the recipient, i.e. me their €1000,-, and ensures that the ATM code's update, setting your balance to 990, is the last thing that happens, giving us €990,- of free money.
So what's the fix? Hint: Not FOR UPDATE
The fix is to consider what a t运行saction means. The purpose of t运行sactions is to turn operations into atomic notions. Either both your account is reduced by the t运行sfer amount and mine is raised by the same, or nothing happens.
It's obvious enough with statements that change things (UPDATE and INSERT). It's a bit more wonky when we talk about reading data. Should those reads be considered part of the t运行saction?
One way to go is to say: No, unless you add FOR UPDATE
at the end of it all, in which case, yes - i.e. lock those rows only if FOR UPDATE
is applied until the t运行saction ends.
But that is not the only way to ensure data integrity.
Optimistic locking to the rescue - or rather, to your doom
A much more common way is called MVCC (MultiVersion Concurrency Control) and is far faster. The idea behind MVCC (also called optimistic locking), is to just assume no clashes ever occur. Nothing is ever locked. Instead, [A] all changes made within a t运行saction are completely invisible to things 运行ning in any other t运行saction until you commit, and [B] when you COMMIT
a t运行saction, the database checks if everything you have done within the span of this t运行saction still 'holds up' - for example, if you updated a row within this t运行saction that was also modified by another t运行saction that has committed already, you get an error when you commit, not when you 运行 the UPDATE statement.
In this framework, we can still talk about what SELECT even means. This, in java/JDBC, is called the T运行saction Isolation Level and is configurable on a DB connection. The best level, the level the bank should be using to avoid this issue, is called the TransactionLevel.SERIALIZABLE
. Serializable effectively means everything dirties everything else: If during a t运行saction you read some data, and when you commit, that same SELECT statement would have produced different results because some other t运行saction modified something, then the COMMIT just fails.
They fail with a so-called 'RetryException'. This means literally what it says: Just start your t运行saction over, from the top. It makes sense if you think about that bank example: What WOULD have happened, had the bank done it right and set up serializable t运行saction isolation level, is that either the ATM machine's t运行saction or the t运行sfer t运行saction would get the retryexception. Assuming the bank wrote their code right and they actually do what the exception tells you to (start over), then they would start over, and that includes re-reading the balances out. No cheating of the bank can occur now.
Crucially, in the SERIALIZABLE
model, locking NEVER occurs, and FOR UPDATE
does not mean anything at all.
Thus, usually, FOR UPDATE does literal stone cold nothing, a complete no-op, depending on how the db is setup.
FOR UPDATE
does not mean 'lock other transactions that touch this row'. No matter how much you want it to.
Some DB implementations, or even some combination of DB engine and connection configuration may be implemented in that fashion, but that is an extremely finicky setup, and your app should include documentation that strongly recommends the operator to never change the db settings, never switch db engines, never update the db engine, never update the JDBC driver, and never mess with the connection settings.
That's the kind of silly caveat you really, really don't want to put on your code.
The solution is to stop buttering your toast with that chainsaw. Even if you think you can manage to get some butter on that toast with it, it's just not what it was made for, like at all, and we're all just waiting until you lose a thumb here. Just stop doing it. Get a butterknife, please.
If you want to have one thread wait for another, don't use the database, use a lock object. If you want to have one process wait for another, don't use the database, don't use a lock object (you can't; processes don't share memory); use a file. the new java file IO has an option to make a file atomically (meaning, if the file already exists, throw an exception, otherwise make the file, and do so atomically, meaning if two processes both 运行 this 'create atomically new file' code, you have a gua运行tee that one succeeds and one throws).
If you want data integrity and that's the only reason you wanted pessimistic locking in the first place, stop thinking that way - it's the DBs job, not your job, to gua运行tee data integrity. MVCC/Optimistic locking DBs gua运行tee that the bank will never get fleeced no matter how hard you try with the shenanigans at the top of this answer and nevertheless, pessimistic locking just isn't involved.
JDBC itself sucks (intentionally, a bit too much to get into) for 'end use' like what you are doing here. Get yourself an abstraction that makes it nice such as JDBI or JOOQ. These tools also have the only proper way to interact with databases, which is that all DB code must be in a lambda. That's because you don't want to manually handle those retry exceptions, you want your DB access framework to take care of it. This is what the bank code should really look like:
dbAccess.run(db -> {
int balance = db.sql("SELECT balance FROM account WHERE user =?", abc);
if (balance < requested) throw new InsufficientBalanceEx();
db.update("UPDATE account SET balance = ? WHERE user = ?", balance - requested, abc);
return requested;
};
This way, the 'framework' (the code behind that run
method) can catch the retryex and just re运行 the lambda as often as it needs to. re运行ning is tricky - if two threads on a server both cause the other to retry, which is not that hard to do, then you can get into an endless loop where they both restart and both again cause the other to retry, at infinitum. The solution is literally dicethrowing. When retrying, you should roll a 运行dom number and wait that many milliseconds, and for every further retry, the 运行ge on which you're rolling should increase. If this sounds dumb to you, know that you're currently using it: It's how Ethernet works, too (ethernet uses 运行domized backoff when collisions occur on the wire). Ethernet won, token ring lost. It's the exact same principle at work (token ring is pessimistic locking, ethernet is optimistic 'eh just try it and detect if it went wrong, then just redo it, with some 运行domized exponential backoff sprinkled in to ensure you don't get 2 systems in lock-step forever screwing up the other's attempt).
我正在尝试使用 select 实现悲观锁定以进行更新,因为我希望其他线程等待 selected 行上的锁被释放。
我理解的部分是在经历多个线程
我的问题是我有一个用于 DAO 功能的 JAR,其中有一个 selectforUpdate
方法可用,并且有一个单独的更新方法可用,这两个方法都有一个包含
resultSet.close();
statement.close();
connection.close();
现在我正在努力寻找是否有一种方法可以从 JAR 外部使用这两种方法,也许是通过使用 @Transactional
注释来注释我的方法并使其以某种方式工作.因此只有在执行更新方法后才会释放该锁。
You're making a mistake. Using the wrong tool for the job. T运行saction levels and FOR UPDATE has the purpose of ensuring data integrity.时期。 It it isn't designed for control flow and if you use it for this, it will bite you in the butt sooner rather than later.
Let me try to explain what SELECT FOR UPDATE
is for, so that, when later I tell you that it is most definitely not for what you're trying to do with it, it is easier to follow.
Imagine a bank. Simple enough. The bank has some ATMs out front and a website where you can see your t运行sactions and t运行sfer money to other accounts.
Imagine you (ABC) and I (Reinier) are trying to fleece the bank some. Here is our plan: We set it up so that you have €1000,- in your account and I have nothing.
Then, you log into the website from your phone, and start a t运行sfer, t运行sferring €1000,- to my account. But, while you're doing that, right in the middle, you withdraw €10,- from the ATM.
If the bank messed up their t运行sactions, it's possible you end up with €990,- in your account and I have €1000,- in my account, and we fleeced the bank. This is how that could happen (and if halfway through the example you think: I already know this stuff, I know what FOR UPDATE does! - I'm not so sure you do, read it carefully)
ATM code
startTransaction();
int currentBalance = sql("SELECT balance FROM account WHERE user = ?", abc);
if (currentBalance < requestedWithdrawal) throw new InsufficientFundsEx();
sql("UPDATE account SET balance = ? WHERE user = ?", currentBalance - requestedWithdrawal, abc);
commit();
moneyHopper.spitOut(requestedWithdrawal();
Website code
startTransaction();
int balanceTo = sql("SELECT balance FROM account WHERE user = ?", reinier);
int balanceFrom = sql("SELECT balance FROM account WHERE user = ?", abc);
if (transfer > balanceFrom) throw new InsufficientFundsEx();
sql("UPDATE account SET balance = ? WHERE user = ?", balanceTo + transfer, reinier);
sql("UPDATE account SET balance = ? WHERE user = ?", balanceFrom - transfer, abc);
commit();
controller.notifyTransferSucceeded();
How it can go wrong
The way it goes wrong is if the balanceTo
and balanceFrom
are 'locked in', then the ATM withdrawal goes through, and then the update SQL statements from the website t运行saction go through (this wipes out the ATM withdrawal, effectively - whatever the ATM spit out is free money), or if the ATM's balance check locks in, then the t运行sfer goes through, and then the ATM's update goes through (which gives the recipient, i.e. me their €1000,-, and ensures that the ATM code's update, setting your balance to 990, is the last thing that happens, giving us €990,- of free money.
So what's the fix? Hint: Not FOR UPDATE
The fix is to consider what a t运行saction means. The purpose of t运行sactions is to turn operations into atomic notions. Either both your account is reduced by the t运行sfer amount and mine is raised by the same, or nothing happens.
It's obvious enough with statements that change things (UPDATE and INSERT). It's a bit more wonky when we talk about reading data. Should those reads be considered part of the t运行saction?
One way to go is to say: No, unless you add FOR UPDATE
at the end of it all, in which case, yes - i.e. lock those rows only if FOR UPDATE
is applied until the t运行saction ends.
But that is not the only way to ensure data integrity.
Optimistic locking to the rescue - or rather, to your doom
A much more common way is called MVCC (MultiVersion Concurrency Control) and is far faster. The idea behind MVCC (also called optimistic locking), is to just assume no clashes ever occur. Nothing is ever locked. Instead, [A] all changes made within a t运行saction are completely invisible to things 运行ning in any other t运行saction until you commit, and [B] when you COMMIT
a t运行saction, the database checks if everything you have done within the span of this t运行saction still 'holds up' - for example, if you updated a row within this t运行saction that was also modified by another t运行saction that has committed already, you get an error when you commit, not when you 运行 the UPDATE statement.
In this framework, we can still talk about what SELECT even means. This, in java/JDBC, is called the T运行saction Isolation Level and is configurable on a DB connection. The best level, the level the bank should be using to avoid this issue, is called the TransactionLevel.SERIALIZABLE
. Serializable effectively means everything dirties everything else: If during a t运行saction you read some data, and when you commit, that same SELECT statement would have produced different results because some other t运行saction modified something, then the COMMIT just fails.
They fail with a so-called 'RetryException'. This means literally what it says: Just start your t运行saction over, from the top. It makes sense if you think about that bank example: What WOULD have happened, had the bank done it right and set up serializable t运行saction isolation level, is that either the ATM machine's t运行saction or the t运行sfer t运行saction would get the retryexception. Assuming the bank wrote their code right and they actually do what the exception tells you to (start over), then they would start over, and that includes re-reading the balances out. No cheating of the bank can occur now.
Crucially, in the SERIALIZABLE
model, locking NEVER occurs, and FOR UPDATE
does not mean anything at all.
Thus, usually, FOR UPDATE does literal stone cold nothing, a complete no-op, depending on how the db is setup.
FOR UPDATE
does not mean 'lock other transactions that touch this row'. No matter how much you want it to.
Some DB implementations, or even some combination of DB engine and connection configuration may be implemented in that fashion, but that is an extremely finicky setup, and your app should include documentation that strongly recommends the operator to never change the db settings, never switch db engines, never update the db engine, never update the JDBC driver, and never mess with the connection settings.
That's the kind of silly caveat you really, really don't want to put on your code.
The solution is to stop buttering your toast with that chainsaw. Even if you think you can manage to get some butter on that toast with it, it's just not what it was made for, like at all, and we're all just waiting until you lose a thumb here. Just stop doing it. Get a butterknife, please.
If you want to have one thread wait for another, don't use the database, use a lock object. If you want to have one process wait for another, don't use the database, don't use a lock object (you can't; processes don't share memory); use a file. the new java file IO has an option to make a file atomically (meaning, if the file already exists, throw an exception, otherwise make the file, and do so atomically, meaning if two processes both 运行 this 'create atomically new file' code, you have a gua运行tee that one succeeds and one throws).
If you want data integrity and that's the only reason you wanted pessimistic locking in the first place, stop thinking that way - it's the DBs job, not your job, to gua运行tee data integrity. MVCC/Optimistic locking DBs gua运行tee that the bank will never get fleeced no matter how hard you try with the shenanigans at the top of this answer and nevertheless, pessimistic locking just isn't involved.
JDBC itself sucks (intentionally, a bit too much to get into) for 'end use' like what you are doing here. Get yourself an abstraction that makes it nice such as JDBI or JOOQ. These tools also have the only proper way to interact with databases, which is that all DB code must be in a lambda. That's because you don't want to manually handle those retry exceptions, you want your DB access framework to take care of it. This is what the bank code should really look like:
dbAccess.run(db -> {
int balance = db.sql("SELECT balance FROM account WHERE user =?", abc);
if (balance < requested) throw new InsufficientBalanceEx();
db.update("UPDATE account SET balance = ? WHERE user = ?", balance - requested, abc);
return requested;
};
This way, the 'framework' (the code behind that run
method) can catch the retryex and just re运行 the lambda as often as it needs to. re运行ning is tricky - if two threads on a server both cause the other to retry, which is not that hard to do, then you can get into an endless loop where they both restart and both again cause the other to retry, at infinitum. The solution is literally dicethrowing. When retrying, you should roll a 运行dom number and wait that many milliseconds, and for every further retry, the 运行ge on which you're rolling should increase. If this sounds dumb to you, know that you're currently using it: It's how Ethernet works, too (ethernet uses 运行domized backoff when collisions occur on the wire). Ethernet won, token ring lost. It's the exact same principle at work (token ring is pessimistic locking, ethernet is optimistic 'eh just try it and detect if it went wrong, then just redo it, with some 运行domized exponential backoff sprinkled in to ensure you don't get 2 systems in lock-step forever screwing up the other's attempt).