2 13.2. Transaction Isolation #
4 13.2.1. Read Committed Isolation Level
5 13.2.2. Repeatable Read Isolation Level
6 13.2.3. Serializable Isolation Level
8 The SQL standard defines four levels of transaction isolation. The most
9 strict is Serializable, which is defined by the standard in a paragraph
10 which says that any concurrent execution of a set of Serializable
11 transactions is guaranteed to produce the same effect as running them
12 one at a time in some order. The other three levels are defined in
13 terms of phenomena, resulting from interaction between concurrent
14 transactions, which must not occur at each level. The standard notes
15 that due to the definition of Serializable, none of these phenomena are
16 possible at that level. (This is hardly surprising -- if the effect of
17 the transactions must be consistent with having been run one at a time,
18 how could you see any phenomena caused by interactions?)
20 The phenomena which are prohibited at various levels are:
23 A transaction reads data written by a concurrent uncommitted
27 A transaction re-reads data it has previously read and finds
28 that data has been modified by another transaction (that
29 committed since the initial read).
32 A transaction re-executes a query returning a set of rows that
33 satisfy a search condition and finds that the set of rows
34 satisfying the condition has changed due to another
35 recently-committed transaction.
38 The result of successfully committing a group of transactions is
39 inconsistent with all possible orderings of running those
40 transactions one at a time.
42 The SQL standard and PostgreSQL-implemented transaction isolation
43 levels are described in Table 13.1.
45 Table 13.1. Transaction Isolation Levels
46 Isolation Level Dirty Read Nonrepeatable Read Phantom Read
48 Read uncommitted Allowed, but not in PG Possible Possible Possible
49 Read committed Not possible Possible Possible Possible
50 Repeatable read Not possible Not possible Allowed, but not in PG
52 Serializable Not possible Not possible Not possible Not possible
54 In PostgreSQL, you can request any of the four standard transaction
55 isolation levels, but internally only three distinct isolation levels
56 are implemented, i.e., PostgreSQL's Read Uncommitted mode behaves like
57 Read Committed. This is because it is the only sensible way to map the
58 standard isolation levels to PostgreSQL's multiversion concurrency
61 The table also shows that PostgreSQL's Repeatable Read implementation
62 does not allow phantom reads. This is acceptable under the SQL standard
63 because the standard specifies which anomalies must not occur at
64 certain isolation levels; higher guarantees are acceptable. The
65 behavior of the available isolation levels is detailed in the following
68 To set the transaction isolation level of a transaction, use the
69 command SET TRANSACTION.
73 Some PostgreSQL data types and functions have special rules regarding
74 transactional behavior. In particular, changes made to a sequence (and
75 therefore the counter of a column declared using serial) are
76 immediately visible to all other transactions and are not rolled back
77 if the transaction that made the changes aborts. See Section 9.17 and
80 13.2.1. Read Committed Isolation Level #
82 Read Committed is the default isolation level in PostgreSQL. When a
83 transaction uses this isolation level, a SELECT query (without a FOR
84 UPDATE/SHARE clause) sees only data committed before the query began;
85 it never sees either uncommitted data or changes committed by
86 concurrent transactions during the query's execution. In effect, a
87 SELECT query sees a snapshot of the database as of the instant the
88 query begins to run. However, SELECT does see the effects of previous
89 updates executed within its own transaction, even though they are not
90 yet committed. Also note that two successive SELECT commands can see
91 different data, even though they are within a single transaction, if
92 other transactions commit changes after the first SELECT starts and
93 before the second SELECT starts.
95 UPDATE, DELETE, SELECT FOR UPDATE, and SELECT FOR SHARE commands behave
96 the same as SELECT in terms of searching for target rows: they will
97 only find target rows that were committed as of the command start time.
98 However, such a target row might have already been updated (or deleted
99 or locked) by another concurrent transaction by the time it is found.
100 In this case, the would-be updater will wait for the first updating
101 transaction to commit or roll back (if it is still in progress). If the
102 first updater rolls back, then its effects are negated and the second
103 updater can proceed with updating the originally found row. If the
104 first updater commits, the second updater will ignore the row if the
105 first updater deleted it, otherwise it will attempt to apply its
106 operation to the updated version of the row. The search condition of
107 the command (the WHERE clause) is re-evaluated to see if the updated
108 version of the row still matches the search condition. If so, the
109 second updater proceeds with its operation using the updated version of
110 the row. In the case of SELECT FOR UPDATE and SELECT FOR SHARE, this
111 means it is the updated version of the row that is locked and returned
114 INSERT with an ON CONFLICT DO UPDATE clause behaves similarly. In Read
115 Committed mode, each row proposed for insertion will either insert or
116 update. Unless there are unrelated errors, one of those two outcomes is
117 guaranteed. If a conflict originates in another transaction whose
118 effects are not yet visible to the INSERT, the UPDATE clause will
119 affect that row, even though possibly no version of that row is
120 conventionally visible to the command.
122 INSERT with an ON CONFLICT DO NOTHING clause may have insertion not
123 proceed for a row due to the outcome of another transaction whose
124 effects are not visible to the INSERT snapshot. Again, this is only the
125 case in Read Committed mode.
127 MERGE allows the user to specify various combinations of INSERT, UPDATE
128 and DELETE subcommands. A MERGE command with both INSERT and UPDATE
129 subcommands looks similar to INSERT with an ON CONFLICT DO UPDATE
130 clause but does not guarantee that either INSERT or UPDATE will occur.
131 If MERGE attempts an UPDATE or DELETE and the row is concurrently
132 updated but the join condition still passes for the current target and
133 the current source tuple, then MERGE will behave the same as the UPDATE
134 or DELETE commands and perform its action on the updated version of the
135 row. However, because MERGE can specify several actions and they can be
136 conditional, the conditions for each action are re-evaluated on the
137 updated version of the row, starting from the first action, even if the
138 action that had originally matched appears later in the list of
139 actions. On the other hand, if the row is concurrently updated so that
140 the join condition fails, then MERGE will evaluate the command's NOT
141 MATCHED BY SOURCE and NOT MATCHED [BY TARGET] actions next, and execute
142 the first one of each kind that succeeds. If the row is concurrently
143 deleted, then MERGE will evaluate the command's NOT MATCHED [BY TARGET]
144 actions, and execute the first one that succeeds. If MERGE attempts an
145 INSERT and a unique index is present and a duplicate row is
146 concurrently inserted, then a uniqueness violation error is raised;
147 MERGE does not attempt to avoid such errors by restarting evaluation of
150 Because of the above rules, it is possible for an updating command to
151 see an inconsistent snapshot: it can see the effects of concurrent
152 updating commands on the same rows it is trying to update, but it does
153 not see effects of those commands on other rows in the database. This
154 behavior makes Read Committed mode unsuitable for commands that involve
155 complex search conditions; however, it is just right for simpler cases.
156 For example, consider transferring $100 from one account to another:
158 UPDATE accounts SET balance = balance + 100.00 WHERE acctnum = 12345;
159 UPDATE accounts SET balance = balance - 100.00 WHERE acctnum = 7534;
162 If another transaction concurrently tries to change the balance of
163 account 7534, we clearly want the second statement to start with the
164 updated version of the account's row. Because each command is affecting
165 only a predetermined row, letting it see the updated version of the row
166 does not create any troublesome inconsistency.
168 More complex usage can produce undesirable results in Read Committed
169 mode. For example, consider a DELETE command operating on data that is
170 being both added and removed from its restriction criteria by another
171 command, e.g., assume website is a two-row table with website.hits
174 UPDATE website SET hits = hits + 1;
175 -- run from another session: DELETE FROM website WHERE hits = 10;
178 The DELETE will have no effect even though there is a website.hits = 10
179 row before and after the UPDATE. This occurs because the pre-update row
180 value 9 is skipped, and when the UPDATE completes and DELETE obtains a
181 lock, the new row value is no longer 10 but 11, which no longer matches
184 Because Read Committed mode starts each command with a new snapshot
185 that includes all transactions committed up to that instant, subsequent
186 commands in the same transaction will see the effects of the committed
187 concurrent transaction in any case. The point at issue above is whether
188 or not a single command sees an absolutely consistent view of the
191 The partial transaction isolation provided by Read Committed mode is
192 adequate for many applications, and this mode is fast and simple to
193 use; however, it is not sufficient for all cases. Applications that do
194 complex queries and updates might require a more rigorously consistent
195 view of the database than Read Committed mode provides.
197 13.2.2. Repeatable Read Isolation Level #
199 The Repeatable Read isolation level only sees data committed before the
200 transaction began; it never sees either uncommitted data or changes
201 committed by concurrent transactions during the transaction's
202 execution. (However, each query does see the effects of previous
203 updates executed within its own transaction, even though they are not
204 yet committed.) This is a stronger guarantee than is required by the
205 SQL standard for this isolation level, and prevents all of the
206 phenomena described in Table 13.1 except for serialization anomalies.
207 As mentioned above, this is specifically allowed by the standard, which
208 only describes the minimum protections each isolation level must
211 This level is different from Read Committed in that a query in a
212 repeatable read transaction sees a snapshot as of the start of the
213 first non-transaction-control statement in the transaction, not as of
214 the start of the current statement within the transaction. Thus,
215 successive SELECT commands within a single transaction see the same
216 data, i.e., they do not see changes made by other transactions that
217 committed after their own transaction started.
219 Applications using this level must be prepared to retry transactions
220 due to serialization failures.
222 UPDATE, DELETE, MERGE, SELECT FOR UPDATE, and SELECT FOR SHARE commands
223 behave the same as SELECT in terms of searching for target rows: they
224 will only find target rows that were committed as of the transaction
225 start time. However, such a target row might have already been updated
226 (or deleted or locked) by another concurrent transaction by the time it
227 is found. In this case, the repeatable read transaction will wait for
228 the first updating transaction to commit or roll back (if it is still
229 in progress). If the first updater rolls back, then its effects are
230 negated and the repeatable read transaction can proceed with updating
231 the originally found row. But if the first updater commits (and
232 actually updated or deleted the row, not just locked it) then the
233 repeatable read transaction will be rolled back with the message
234 ERROR: could not serialize access due to concurrent update
236 because a repeatable read transaction cannot modify or lock rows
237 changed by other transactions after the repeatable read transaction
240 When an application receives this error message, it should abort the
241 current transaction and retry the whole transaction from the beginning.
242 The second time through, the transaction will see the
243 previously-committed change as part of its initial view of the
244 database, so there is no logical conflict in using the new version of
245 the row as the starting point for the new transaction's update.
247 Note that only updating transactions might need to be retried;
248 read-only transactions will never have serialization conflicts.
250 The Repeatable Read mode provides a rigorous guarantee that each
251 transaction sees a completely stable view of the database. However,
252 this view will not necessarily always be consistent with some serial
253 (one at a time) execution of concurrent transactions of the same level.
254 For example, even a read-only transaction at this level may see a
255 control record updated to show that a batch has been completed but not
256 see one of the detail records which is logically part of the batch
257 because it read an earlier revision of the control record. Attempts to
258 enforce business rules by transactions running at this isolation level
259 are not likely to work correctly without careful use of explicit locks
260 to block conflicting transactions.
262 The Repeatable Read isolation level is implemented using a technique
263 known in academic database literature and in some other database
264 products as Snapshot Isolation. Differences in behavior and performance
265 may be observed when compared with systems that use a traditional
266 locking technique that reduces concurrency. Some other systems may even
267 offer Repeatable Read and Snapshot Isolation as distinct isolation
268 levels with different behavior. The permitted phenomena that
269 distinguish the two techniques were not formalized by database
270 researchers until after the SQL standard was developed, and are outside
271 the scope of this manual. For a full treatment, please see
276 Prior to PostgreSQL version 9.1, a request for the Serializable
277 transaction isolation level provided exactly the same behavior
278 described here. To retain the legacy Serializable behavior, Repeatable
279 Read should now be requested.
281 13.2.3. Serializable Isolation Level #
283 The Serializable isolation level provides the strictest transaction
284 isolation. This level emulates serial transaction execution for all
285 committed transactions; as if transactions had been executed one after
286 another, serially, rather than concurrently. However, like the
287 Repeatable Read level, applications using this level must be prepared
288 to retry transactions due to serialization failures. In fact, this
289 isolation level works exactly the same as Repeatable Read except that
290 it also monitors for conditions which could make execution of a
291 concurrent set of serializable transactions behave in a manner
292 inconsistent with all possible serial (one at a time) executions of
293 those transactions. This monitoring does not introduce any blocking
294 beyond that present in repeatable read, but there is some overhead to
295 the monitoring, and detection of the conditions which could cause a
296 serialization anomaly will trigger a serialization failure.
298 As an example, consider a table mytab, initially containing:
306 Suppose that serializable transaction A computes:
307 SELECT SUM(value) FROM mytab WHERE class = 1;
309 and then inserts the result (30) as the value in a new row with class =
310 2. Concurrently, serializable transaction B computes:
311 SELECT SUM(value) FROM mytab WHERE class = 2;
313 and obtains the result 300, which it inserts in a new row with class =
314 1. Then both transactions try to commit. If either transaction were
315 running at the Repeatable Read isolation level, both would be allowed
316 to commit; but since there is no serial order of execution consistent
317 with the result, using Serializable transactions will allow one
318 transaction to commit and will roll the other back with this message:
319 ERROR: could not serialize access due to read/write dependencies among transact
322 This is because if A had executed before B, B would have computed the
323 sum 330, not 300, and similarly the other order would have resulted in
324 a different sum computed by A.
326 When relying on Serializable transactions to prevent anomalies, it is
327 important that any data read from a permanent user table not be
328 considered valid until the transaction which read it has successfully
329 committed. This is true even for read-only transactions, except that
330 data read within a deferrable read-only transaction is known to be
331 valid as soon as it is read, because such a transaction waits until it
332 can acquire a snapshot guaranteed to be free from such problems before
333 starting to read any data. In all other cases applications must not
334 depend on results read during a transaction that later aborted;
335 instead, they should retry the transaction until it succeeds.
337 To guarantee true serializability PostgreSQL uses predicate locking,
338 which means that it keeps locks which allow it to determine when a
339 write would have had an impact on the result of a previous read from a
340 concurrent transaction, had it run first. In PostgreSQL these locks do
341 not cause any blocking and therefore can not play any part in causing a
342 deadlock. They are used to identify and flag dependencies among
343 concurrent Serializable transactions which in certain combinations can
344 lead to serialization anomalies. In contrast, a Read Committed or
345 Repeatable Read transaction which wants to ensure data consistency may
346 need to take out a lock on an entire table, which could block other
347 users attempting to use that table, or it may use SELECT FOR UPDATE or
348 SELECT FOR SHARE which not only can block other transactions but cause
351 Predicate locks in PostgreSQL, like in most other database systems, are
352 based on data actually accessed by a transaction. These will show up in
353 the pg_locks system view with a mode of SIReadLock. The particular
354 locks acquired during execution of a query will depend on the plan used
355 by the query, and multiple finer-grained locks (e.g., tuple locks) may
356 be combined into fewer coarser-grained locks (e.g., page locks) during
357 the course of the transaction to prevent exhaustion of the memory used
358 to track the locks. A READ ONLY transaction may be able to release its
359 SIRead locks before completion, if it detects that no conflicts can
360 still occur which could lead to a serialization anomaly. In fact, READ
361 ONLY transactions will often be able to establish that fact at startup
362 and avoid taking any predicate locks. If you explicitly request a
363 SERIALIZABLE READ ONLY DEFERRABLE transaction, it will block until it
364 can establish this fact. (This is the only case where Serializable
365 transactions block but Repeatable Read transactions don't.) On the
366 other hand, SIRead locks often need to be kept past transaction commit,
367 until overlapping read write transactions complete.
369 Consistent use of Serializable transactions can simplify development.
370 The guarantee that any set of successfully committed concurrent
371 Serializable transactions will have the same effect as if they were run
372 one at a time means that if you can demonstrate that a single
373 transaction, as written, will do the right thing when run by itself,
374 you can have confidence that it will do the right thing in any mix of
375 Serializable transactions, even without any information about what
376 those other transactions might do, or it will not successfully commit.
377 It is important that an environment which uses this technique have a
378 generalized way of handling serialization failures (which always return
379 with an SQLSTATE value of '40001'), because it will be very hard to
380 predict exactly which transactions might contribute to the read/write
381 dependencies and need to be rolled back to prevent serialization
382 anomalies. The monitoring of read/write dependencies has a cost, as
383 does the restart of transactions which are terminated with a
384 serialization failure, but balanced against the cost and blocking
385 involved in use of explicit locks and SELECT FOR UPDATE or SELECT FOR
386 SHARE, Serializable transactions are the best performance choice for
389 While PostgreSQL's Serializable transaction isolation level only allows
390 concurrent transactions to commit if it can prove there is a serial
391 order of execution that would produce the same effect, it doesn't
392 always prevent errors from being raised that would not occur in true
393 serial execution. In particular, it is possible to see unique
394 constraint violations caused by conflicts with overlapping Serializable
395 transactions even after explicitly checking that the key isn't present
396 before attempting to insert it. This can be avoided by making sure that
397 all Serializable transactions that insert potentially conflicting keys
398 explicitly check if they can do so first. For example, imagine an
399 application that asks the user for a new key and then checks that it
400 doesn't exist already by trying to select it first, or generates a new
401 key by selecting the maximum existing key and adding one. If some
402 Serializable transactions insert new keys directly without following
403 this protocol, unique constraints violations might be reported even in
404 cases where they could not occur in a serial execution of the
405 concurrent transactions.
407 For optimal performance when relying on Serializable transactions for
408 concurrency control, these issues should be considered:
409 * Declare transactions as READ ONLY when possible.
410 * Control the number of active connections, using a connection pool
411 if needed. This is always an important performance consideration,
412 but it can be particularly important in a busy system using
413 Serializable transactions.
414 * Don't put more into a single transaction than needed for integrity
416 * Don't leave connections dangling “idle in transaction” longer than
417 necessary. The configuration parameter
418 idle_in_transaction_session_timeout may be used to automatically
419 disconnect lingering sessions.
420 * Eliminate explicit locks, SELECT FOR UPDATE, and SELECT FOR SHARE
421 where no longer needed due to the protections automatically
422 provided by Serializable transactions.
423 * When the system is forced to combine multiple page-level predicate
424 locks into a single relation-level predicate lock because the
425 predicate lock table is short of memory, an increase in the rate of
426 serialization failures may occur. You can avoid this by increasing
427 max_pred_locks_per_transaction, max_pred_locks_per_relation, and/or
428 max_pred_locks_per_page.
429 * A sequential scan will always necessitate a relation-level
430 predicate lock. This can result in an increased rate of
431 serialization failures. It may be helpful to encourage the use of
432 index scans by reducing random_page_cost and/or increasing
433 cpu_tuple_cost. Be sure to weigh any decrease in transaction
434 rollbacks and restarts against any overall change in query
437 The Serializable isolation level is implemented using a technique known
438 in academic database literature as Serializable Snapshot Isolation,
439 which builds on Snapshot Isolation by adding checks for serialization
440 anomalies. Some differences in behavior and performance may be observed
441 when compared with other systems that use a traditional locking
442 technique. Please see [ports12] for detailed information.
begriffs.com / projects / ai-pg / blob