Make transactions more flexible and useful

Subscribing.

Subscribing.

I'm not sure I agree with this approach. If transactions aren't properly nested, that's a design problem in the underlying code. In the case of the load/modify/save flow, the function controlling the overall load/modify/save should start its own transaction before calling load(). The load() operation could still have an option to SELECT ... FOR UPDATE, which would only get invoked if the caller requested it. The save() operation might start its own transaction/savepoint, but that would be nested within the load/modify/save transaction.

As distasteful as I find this use of transactions, we should either implement Damien's patch or make reversing the order throw an exception. The current behavior is just dumb because it's neither useful nor failing loudly for developers. At least this patch makes it do something useful. So, I guess that's a +1. We can consider removing the capability and failing loudly in the future if we can handle the use cases Damien raises more elegantly.

Regarding the Drupal Commerce case in particular, this sort of flow would be ideal *within the save() function* and wouldn't require out-of-order transactions:

(1) Start transaction
(2) SELECT ... FOR UPDATE on the critical row(s)
(3) Allow modification of the entity-to-be-saved. (optional)
(4) Allow a "veto" on saving the entity that stops the process and rolls back. (optional)
(5) Call any hooks dependent on the ability to successfully save the entity, like sending emails.
(6) Actually save the entity.
(7) Commit

The key is integrating irreversible side-effects deeper in the call stack of the save() logic. This design also avoids problems associated with loading entities using FOR UPDATE when they may or may not be updated. Gratuitous use of FOR UPDATE has nasty effects on concurrency at higher transaction isolation levels (though not at the default isolation level on MySQL+InnoDB) and can also promote catastrophic levels of lock escalation (though not on MySQL+InnoDB or PostgreSQL). SQLite "escalates" the FOR UPDATE lock to a lock on the entire database, which is pretty much the only way SQLite can lock, anyway.

And, at least on MySQL [1] and PostgreSQL [2], FOR UPDATE has all kinds of fun interactions with save points. Specifically, MySQL always holds locks until the end of the overall transaction, regardless of save point rollbacks. PostgreSQL tends to "forget" locks established before the savepoint that code has rolled back to. This may cause hazards in the Drupal Commerce code when you don't control the code path between the FOR UPDATE lock and the actual saving of changes.

Is Drupal Commerce truly dependent on requiring every load() to guarantee the subsequent ability to save()?

[1] http://dev.mysql.com/doc/refman/5.5/en/savepoint.html
[2] http://www.postgresql.org/docs/9.0/interactive/sql-select.html#SQL-FOR-U...

With David's reluctant +1 here's a relucatant RTBC: both him and me wish we do not need to do this. But NOT doing it is worse and doing "something" else equals tearing apart Drupal into very small pieces and putting it together again with a way more straightforward code path and MUCH less interdepencies.

Sorry I still haven't properly reviewed but a non-proper review from phone spotted

poping - popping

outter - outer

Question. How exactly will we decide if we need to add FOR UPDATE to the loading query? Especially when there could be a dozen related records across many tables, added by different modules?

I don't see how we could add FOR UPDATE in the first place, which seems like a prerequisite for this patch to be relevant.

So all Commerce entities would by default do a FOR UPDATE load, thus locking them for... the duration of the request?

Restoring rtbc status. I don't have a strong opinion on the patch and as David says teansaction isolation settings can affect for update behaviour pretty dramatically, but we're not adding anything luke that to core here, just facilitating it, and the tests look comprehensive.

I feel pretty out of my depth on this one, but have pinged Dries to take a look.

I'm also raising priority to "major" so that this doesn't get lost.

I'm OK with this patch in principle at this point, and largely defer to David on the validity of the approach. However, is DatabaseTransactionRollbackOtherActiveTransactionsException really the best we can do? :-) I'm all for descriptive exception names but yeesh.

DatabaseTransactionOutOfOrderException?

This is likely blocking #687180: Deleting a taxonomy vocabulary leaves term reference fields still pointing to it, and a PDO Exception when creating content, although it doesn't actually fix the issue I ran into there yet.

@Damien, yep, hence blocking rather than fixing :)

I am good with #27.

Added issue summary from comment #8.

Fixed the same spelling errors that were fixed in the later roll of the patch.

Added issue summary.

Made headers consistent with template.

Credited sources of the summary information. I am not that smart. ;)

typo

Since webchick deferred to Dries and it's three weeks since he last committed a patch that seems very likely.

I wasn't committing patch because I was on vacation for 10 days, and because we didn't meet our thresholds.

I just tried to apply the patch in #27 but got errors. I'll ask for a re-test.

#27: 1185780-transaction-order.patch queued for re-testing.

@Dries, it's good to have you back, but I don't think your response answers Damien's frustration with the lack of timely feedback on this issue.

This is a major bug report, hence committing it is necessary in order to be under the thresholds. If major bugs don't get committed because we're over the major bug threshold, that's a situation that is going to be very hard to get out of.

It's also blocking work on other issues like #1007830-88: Nested transactions throw exceptions when they got out of scope, which in turn blocks #687180: Deleting a taxonomy vocabulary leaves term reference fields still pointing to it, and a PDO Exception when creating content - both of which are major bugs.

It was RTBC on July 2nd, while webchick apparently pinged you on July 5th. There's a good clear couple of weeks since then when you weren't on holiday. This is also not the only RTBC major issue in the queue that has been deferred by webchick and also been RTBC for 4 weeks or more without a response (which at the moment means skipping a point release).

When those issues sit around for a long time in the queue without feedback, it very much lessens people's motivation to work on other core issues. When bugs are blocking contrib modules or other core patches, it has a knock-on effect regardless of individual motivation; the issues are just stalled with no indication of when it might be possible to work on them again. It's possible to do stacked patches (for core at least) but that's a pain in the arse, and also requires some faith that the blocking patch will go in without further changes, which is never guaranteed.

Since there is no Drupal 8 branch maintainer, and webchick is mostly not committing D8-only patches (and some backportable patches that have broad implications), that leaves you as the sole bottleneck for issues like this.

I agree I dropped the ball on this one. I'll work with webchick on this -- she needs to ping me harder and more persistently. In addition, I'll make sure to make enough time for this. I'll talk to webchick today to see how we can prevent this going forward. I'm not blaming her because she does a great job; this is something we can prevent going forward by making some changes on how we work together.

Putting this into Dries's queue to review.

Committed to 8.x. Moving to 7.x for webchick's consideration.

Awesome, thanks. Wanted to make sure it passed your muster.

Committed and pushed #27 to 7.x.