from time to time somebody asks why Redis lacks "CAS", the memcached
Check And Set operator. This operator works in the following way:

when the client performs a GET the server actually returns two values:
the value of the key itself and an integer, that is called a
"cas_token" in memcached slang, but actually it's a 64 bit integer
that you can think as a "version" of the value contained inside a key.
Every time a key is set to another thing this counter increments.
Thanks to this token you can update the value stored at the key in a
way that it will only be modified if no other client changed that
value since your GET with
the following semantic:

value,cas_token = GET <key>
... perform some work on value that will produce new_value ...
CAS <key> <new_value> <cas_token_redeived_by_get>

If the token you are sending to the CAS operation matches the current
key token then the key will be set to the new value, otherwise CAS
notifies the client that no update was performed.

This allows to mount a number of atomic operations on values. For
example you can implement Redis' LPUSH:

LOOP FOREVER
    value,token = GET mykey
    value = .... restore the value that is probably serialized in some
way, append the element, re-serialize the value ...
    CAS mykey value token
    BREAK if CAS returned success (i.e. the value was updated)
END

At a first glance this may appear like a cool locking free operation
that makes possible to perform a lot of higher level atomic operations
without locking. Unfortunately if you study a bit more in depth the
semantic it turns out that CAS is a weak, ill conceived, form of
locking. Basically when CAS returns that it was not able to perform
the operation because some client updated the key in the meantime you
need to redo the operation again: this is like waiting for a lock, but
with two main drawbacks:

- You will find that the lock was not obtained after you already did
all the work to create the new value, issued and transfered the new
value, and so on...
- There is no serialization of all the clients waiting for a key, so
in theory a slow client will have a very bad time trying to modify a
key.

Imagine for example that you have two Linux boxes trying to perform a
lot of LPUSHes against a single key with a lot of value inside. But
one Linux box isi four times faster than the other one. The
de-serialize, append the new value, serialize, can be pretty slow, so
the fast Linux box will probably be able to update the key multiple
times while the slow one is trying to update the key one time. The
slow Linux box will get a lot of CAS failures before of being able to
update the key.

So IMHO CAS appears to be cool but it sucks. Moreover it's totally
conceived for a just-string-values scenario, for instance you can't
implement Redis' SMOVE with CAS, or any other operation working
against multiple elements in a Redis List or Set. For complex
operations what we want is a very fast and flexible locking primitive,
and this is what Redis will get in the long run. That said thanks to
the higher level operations offered by Redis we can live well and
without locking for now, and this will be anyway the preferred way to
do things, but sometimes locking is really needed.

Ok looks like we have a new entry for the FAQ :)

Regards,
Salvatore

I'm forced to disagree with you on this one, Salvatore. Scusi ;-)

Optimistic concurrency as implemented via CAS (which is "Compare and
Swap", btw, named after the assembly language instruction that's the
reason why your Linux box is so fast these days ;-)) is a very valid
concurrency technique in the case where reads dominate writes. Most
writes will be uncontested and reads do not have to incur locking
overhead. If that's not the case, you should definitely use a more
pessimistic or hybrid concurrency scheme, but I'd imagine that a lot
of the potential uses for Redis would be read-heavy (e.g. what Engine
Yard is planning to use it for in Nanite).

I'm not saying you have to put CAS in Redis, but don't be confused
about its potential utility. Also, for a real world example of how CAS
works really well on these types of data structures, consult your
local Linux kernel engineer for a tutorial on RCU in the later 2.6.x
kernels.

Example: atomically takes an element from key1 and put it on key2:

LOCK key1 key2
val = LPOP key1
LPUSH key2 <val>
UNLOCK key1 key2

How to do this with CAS? Note that Redis LOCK will be token based, so
while we are using "key1" and "key2" as tokens because it's natural to
lock the keys with the same name it is possible to use any kind of
token, it just needs to be a string.

Optimistic locking, check and swap instructions in CISC processors,
are all very valid techniques used in a very different domain.

Thanks for your arguments,
Salvatore

Let us forget about complex operations for a while. Key-value is what
should IMHO have at least basic conflict resolution, and perhaps there
is a dead simple way to do this.

First of all - 90% of time you do not need conflict resolution, and
this is fine. But in a simple case when two clients fetch the value
and try to commit the new update, conflicts are not nice. At our
application we are running about 5k updates per second (Redis rocks),
and during the test-run we got a few conflicts and data
inconsistencies so far. Redis is the only db storage for us, so it
looks important.

Here is just an idea: a new, simple command:

SETIF key, value, checksum

it would work like SET, but client should also pass a checksum of the
OLD value the client thinks should be replaced (or the old value, but
sometimes you store large values, so it might be not efficient). If
within Redis the checksums do not match, error is returned. Now it is
the client application that should decide what to do next - this would
vary depending on the particular scenario.

The checksum could be calculated using MD5, SHA1 or any other hashing
algorithm that is quick enough and provides low probability of
collisions. Or the old value itself could be passed - it would work
better for short values.

Values are always strings, so there is no serialization problem here.

IMHO it provides a simple and efficient way of making the client
application sure that there is no conflict in updating values. Also,
it looks (at least at the first sight) dead simple to implement, and
does not change any of the existing commands nor data structures.

What do you guys think about it?

1.) Store a transaction descriptor at some arbitrary unused key. The
descriptor among other things contains the read/write set for the
transaction, possible as a bloom filter.
2.) Store a reference to the transaction descriptor in each key of the
read/write set, using CAS on each key
3.) Store the new value in each key of the write set, restore values
in each key of the read set, using CAS on each key

If a CAS fails at any point in this, contention is detected. There are
many possible contention management strategies that make different
tradeoffs. Common schemes are for all parties to help restore old
values, all parties to assist in setting new values where earliest
transaction wins, exponential back off and retry, before doing one of
the above, etc. There are also choices about when you set keys to
reference the descriptor, either at the beginning of the transaction
or at commit time. Generally the choices are based on whether you're
more worried about livelock or read latency. Additionally, most of the
schemes above have correctness proofs in the presence of arbitrary
failures, which is quite useful in distributed systems.

I'll admit that these choices get complex, but the beauty of CAS is
that allows such flexibility. Many applications don't need full STM,
and can use semantics specific to their situation to shortcut work.

Perhaps I'm missing something but I don't think there exists any
simple form of locking in the distributed setting.

If you do ever implement CAS, please also include a toggle variable in
the configuration to disable it.  We do very heavy writes, and few
reads (but important reads nonetheless).

I actually kind of like Michal's solution.  It allows you to use a CAS-
like feature any time that you need to, and if you use the normal SET
command, it wouldn't slow things down with a CAS implementation.

On May 3, 5:42 am, Salvatore Sanfilippo <anti...@gmail.com> wrote:

1.) When writing, append to the set. No locking required as this is a
commutative update.
2.) When reading, the application must be written so as to tolerate
several potential conflicting values.
3.) When resolving conflicts, do so by replacing the entire set of
values at a key as a transaction.

Here we avoid any multi-key transactions, hence transactions are
single site, making life dramatically simpler. Point 3 can often be
done as a cleaner/scraper process outside of any request/response loop
for minimal impact on performance.

Writing applications in the style of 2 can be a bit weird for people
who are used to the global consistency of a SQL db, but I don't think
it's a huge burden in the majority of cases, doubly so when we're just
using the K/V store as an object store for an OO language.

Personally I still like using a CAS instruction for the implementation
of point 3, since it is also a useful primitive for applications to
implement application specific distributed transaction semantics. We
can use locks instead, but will have to implement some sort of timeout
to avoid deadlock on client failure mid transaction. We could still do
distributed transactions with a transaction manager that monitors the
lock timeouts and issues compensating transactions. For most
applications throughput will be poor compared to optimistic schemes
however (set Pat Helland's criticisms).

Also note that CAS'd get is useful as a performance optimization:
clients may have a process local cache and periodically wish to poll
if values are current. CAS'd get lets them do this using minimal
bandwidth when current and no extra operations when not current. HTTP
uses this to great benefit.

SET foo "bar"
value,cas_token = GET foo
SET foo "a"
SET foo "b"
SET foo "bar"
CAS foo "newvalue" cas_token

what's supposed to do? If it's based on checksum or even the full
value CAS is going to set the value anyway even if changes occurred in
the middle.

If it's based on pointers I guess that either memcached never release
memory about keys, or it may happen that the same pointer is
reassinged to another key.

This is extremely important in Redis. memcached is used as a cache
often but in Redis there are a lot of different use cases where the
same key requires serialization and at the same time is contented by a
lot of different clients. We don't want to fail or have scaling
problems in this case, but to serialize the clients.

a) distributed environments where there is per-key lock or multi-values lock.
b) against a single Redis instance when multi-key lock is required

What is missing is c) that is:

c) distributed environments where there is a multi-key (with keys in
different servers) locking.

But in order to do this, given that Redis lock is "token based" you
can do it actually!
Just use a single server to issue the LOCK calls, and all the other
Redis servers for the rest of the work.

The semantic is the following:

LOCK <token> <timeout_in_seconds>

this is the blocking lock. Basically "token" is any string and does
not require to be the name of a key. Is a truly general form of
locking at the point people may want to use a Redis server just for
locking of clients performing work against something different than
Redis data.

so

LOCK "foobar" 10

will just succeed ASAP if "foobar" token is not already locked.
Otherwise it will block waiting for the UNLOCK of the client currently
holding the lock.

What is the timeout about? If a client gets a lock against "foobar"
and does not unlock it in 10 seconds the lock will be removed and the
connection to this client closed ASAP. This should never happen under
normal conditions, but will happen if a client will be very slow for
some reason, or if it crashed and so on.

When a client want to release the lock it just calls

UNLOCK "foobar"

Usually when there are a lot of reads and few writes both LOCK and
UNLOCK will return OK ASAP and will basically be for free. When
instead there is contention the second client trying to perform LOCK
will wait until UNLOCK is called by the first client.

Add to this TRYLOCK. This is like LOCK but returns ASAP if the lock
can't be acquired with "0". Otherwise "1" is returned and the clients
knows the lock was acquired.

Given that token can be any kind of string (the same limitations of
the name of the key applies, no spaces, no newlines in token name) it
is natural sometimes to use as name the same name of the key itself,
but this is not required at all.

How this clarify a bit what will be the semantic of LOCK/UNLOCK

Cheers,
Salvatore

Is the LOCK semantic I described enough to fix your issue? Please if
you can it is possible to have more details about the kind of data
manipulation requires this SETIF instruction? I'm not sure I'm able to
argument on this without a bit more details since I wonder if you need
SETIF in order to just give up at all with the update if the data
changed in the meanwhile or if you instead retry the operation.

Using lock your code could change in the following:

LOCK key
GET key
... manipulate key by code ...
SET key <newval>
UNLOCK key

Note that reading clients will not use LOCK at all, so they will be
able to read the data without any kind of locking.

Thank you very much!
Salvatore

This comes down to the classic arguments between pessimistic and
optimistic concurrency, as well as all the various criticisms of
manual locking. Personally I would still lean toward CAS since
algorithms built on top of CAS are typically obstruction free at least
and wait-free at best, but arguments could be made for including both.
I also think CAS is less likely to hoist one by their own petard, but
TBH I don't have enough experience with either scheme in this
situation to be sure of that. Certainly implementing transactions and
higher level data structures on top of CAS is as complex as getting
manual locking correct, if not more.

Both could work fine in the architecture I suggest most applications
use.

LOCK mykey_remove_from_both
LREM mkey_list ....
LDEL mykey_set ....
UNLOCK mykey_remove_from_both

So it's a really cheap operation. Of course when the key is instead
already looked, the pessimistic scenario, it's where LOCK starts to
have a serious advantage against CAS. It will just serialize the
different clients.

So basically in the optimistic scenario the overhead is just the fact
we have to send the commands to the server.

Also I love the idea of Redis being used just as locking server in
distributed environments. This is a feature we get for free this way.

Cheers,
Salvatore

Just wanted to say thanks to Salvatore and everyone who has
contributed thus far. This project really shows the greatness of open
source. A simple idea, well executed by a leader who is passionate yet
reasonable and open to debate. Ok, enough ass kissing for now.

This discussion inspired me to post what I've noticed in dealing with
locking in general.

LOCK mykey_remove_from_both
LREM mkey_list ....
LDEL mykey_set ....
UNLOCK mykey_remove_from_both

Does this lock the keys contained within the lock and unlock commands?
If so, you could do distributed locking by sending the lock and unlock
commands to all servers via the client or you could implement this in
the redis server by using the replication protocol. For those that
want optimistic locking they could use generational key names or
values. For example:

$var = GET mykey_counter
SET mykey_$var
$var = INCR mykey_counter 1
RENAME mykey mykey_$var

If there isn't one already, maybe redis can support a primitive to
make the above code simpler.

Generally, I do prefer the pessimistic locking approach since dealing
with write conflicts is a PITA. Optimistic locking ends up putting
your writes out of order as you retry them over and over and reload
stale data.

On May 4, 2:19 pm, Salvatore Sanfilippo <anti...@gmail.com> wrote:

If you want a lock that times out reliably, I posted an implementation
and discussion about what was going on and why that specific
implementation was correct on my blog:
http://dr-josiah.blogspot.com/2012/01/creating-lock-with-redis.html

Note that with scripting, acquiring and releasing a lock with timeouts
is super easy. I'll be covering it as one of probably a dozen
simplifications in my book when I get to the chapter, or you can
figure it out for yourself, or someone else can post it.

That said, there's something I don't understand:

Are you saying all of your 1 billion users are going to run this
calculation at the same time?
If not, does the calculation for 1 user depend on the base-key for other users?
If not, why would you need to WATCH the other base-keys?
It looks to me you only need to concern yourself with the number of
*concurrent* calls to this sequence.

Moreover, this is not how optimistic locking works, in my experience
at least. You want something like:

1. GET uid:n:base-key
2. long (say, 1 min) calculation based on the value of uid:n:base-key
3. WATCH uid:n:base-key
4. GET uid:n:base-key
5. if it's changed, call UNWATCH and go back to 2
6. MULTI
7. SET the result to uid:n:result-key
8. EXEC
9. if EXEC returns an error, go back to 1

That looks totally reasonable to me.

I don't know why, but for some reason I thought that one of you were
using Node.js, and looking at both of the libraries for Node, neither
supports any sort of connection pooling framework (which is something
that almost every other Redis client supports). To work around this
with your single client, you are going to either need to perform a
pessimistic lock (like I said earlier), add connection pooling
yourself, or not do those operations.

My advice: build a pessimistic lock in whatever language you are
using. Or implement the pessimistic lock using Lua (minus the repeated
retries), and use EXEC from your client.

You offered a solution to have a built-in command for check-and-set.
Lua scripting with EVAL offers that *exact* functionality, in whatever
semantics you want. You can use it to build a lock (like I've
mentioned twice before), add timeouts to the lock, release the lock
conditionally, detect when the lock timed out, ...

Does your client not support the EVAL command? Can you not upgrade
your Redis servers to 2.6 (or even a 2.4 with Lua scripting)? What is
stopping you from using Lua (inside Redis) to solve your problem?

Regards,
 - Josiah