Reasoning about Transactional Isolation Levels with Isolde

TL;DR

This paper introduces Isolde, a tool that automatically generates examples to compare and analyze different database isolation levels, aiding in understanding their semantic differences.

Contribution

Isolde provides an automated method for reasoning about and verifying the semantic properties of various database isolation levels.

Findings

Successfully reproduced a complex result from literature

Discovered a previously unknown bug in an isolation level checker

Enabled automatic comparison of isolation level specifications

Abstract

Most databases can be configured to operate under isolation levels weaker than serializability. These enforce fewer restrictions on the concurrent access to data and consequently allow for more performant implementations. While formal frameworks for rigorously specifying isolation levels exist, reasoning about the semantic differences between specifications remains notoriously difficult. This paper proposes a tool -- Isolde -- that can automatically generate examples that are allowed by an isolation level but disallowed by another. This simple primitive unlocks a range of useful reasoning tasks, including checking equivalence between definitions, and verifying (by refutation) subtle semantic properties of isolation levels. For example, Isolde allowed us to easily and automatically reproduce a famously elusive result from the literature and to discover a previously unknown bug in the alternative specification of a standard isolation level used in a state-of-the-art isolation checker.