[whatwg] RFC: Alternatives to storage mutex for cookies and localStorage

Jeremy Orlow jorlow at chromium.org
Tue Sep 8 16:31:58 PDT 2009 

On Wed, Sep 9, 2009 at 4:39 AM, Chris Jones <cjones at mozilla.com> wrote:

> Aaron Boodman wrote:
>
>> On Tue, Sep 8, 2009 at 11:23 AM, Chris Jones<cjones at mozilla.com> wrote:
>>
>>> In general, I agree with Rob about this proposal.  What problem with
>>> storage
>>> mutex as spec'd today does your proposal solve?
>>>
>>
>> The spec requires a single storage mutex for the entire UA. Therefore
>> in a MELUA a web page can become unresponsive while waiting for some
>> other page to give up the lock. This is not good and something we have
>> tried to avoid everywhere else in the spec.
>>
>> Attempts to address this by doing per-origin locks wind up with
>> deadlocks being possible.
>>
>>  Aaron Boodman wrote:
>>>
>>>> On Tue, Sep 8, 2009 at 1:41 AM, Robert O'Callahan<robert at ocallahan.org>
>>>> wrote:
>>>>
>>>>> What is the intended semantics here? Chris' explicit commitTransaction
>>>>> would
>>>>> throw an exception if the transaction was aborted due to data
>>>>> inconsistency,
>>>>> leaving it up to the script to retry --- and making it clear to script
>>>>> authors that non-storage side effects during the transaction are not
>>>>> undone.
>>>>> How would you handle transaction aborts?
>>>>>
>>>> Calls to transaction() are queued and executed serially per-origin
>>>> with exclusive access. There is no such thing as a transaction abort
>>>> because there cannot be consistency problems because of the serialized
>>>> access.
>>>>
>>>>  No, transactions can still fail.  They can fail in ways immediately
>>> hidden
>>> from the script that requested them if the UA has to interrupt the
>>> conceptually executing transaction in the ways enumerated in a separate
>>> branch of this thread.  Later script executions can observe inconsistent
>>> state unless more is specified by your proposal.
>>>
>>> Transactions can also fail visibly if write-to-disk fails (probably also
>>> in
>>> other ways I haven't considered).  It's not clear what should happen wrt
>>> to
>>> your proposal in this case.
>>>
>>
>> If so, I agree with roc's responses to them that they could probably
>> be handled without surfacing errors to the developer.
>>
>> OTOH, I'm not really against adding the concept of fallibility here.
>>
>>  In fact, I believe that the "Synchronous database API" describes the same
>>> transaction semantics as I proposed in the OP.  That spec adds implicit
>>> begin/commitTransaction and read-only transactions, but otherwise the
>>> semantics are the same.
>>>
>>> So I'd like to amend my original proposal to be
>>>
>>>  Use Synchronous Web Database API transaction semantics.  Except do not
>>> offer readTransaction: a transaction is implicitly a read-only
>>> transaction
>>> if only getItem() is called on localStorage from within
>>> localStorage.transaction().
>>>
>>
>> Agree. That is what I was trying to propose, too. I'm not sure where
>> we disagree :). Is it just that my proposal has no concept of errors?
>> I'm not against adding them, mainly I was trying to keep my proposal
>> simple for purposes of discussion.
>>
>>
> Ay, there's the rub: I think the disagreement is between "mutex" vs.
> "transaction" semantics.  So far, I think perhaps "mutex" has been used as
> shorthand for "transaction."  But they aren't the same.
>
> I think we all agree that a script may fail to modify localStorage in some
> situations (irrespective of global mutex vs. per-domain mutex). One camp,
> wanting "mutex" semantics, would prefer to pretend that the failures never
> happen and let scripts clean up the mess (partially-applied changes) if they
> do occur.  This is semantically broken, IMHO.
>
> The second camp, wanting "transaction" semantics, explicitly acknowledge to
> web authors that localStorage is fallible, guarantee that modifications to
> localStorage are atomic, and notify scripts when modifications can't be made
> atomically.  This is the same approach taken by Web Database.  IMHO, this is
> much better semantically because (i) it gives web apps stronger guarantees;
> and (ii) it makes the discussion about global mutex/per-domain
> mutex/non-blocking an implementation issue rather semantic issue, as it
> should be.
>
> Can those in the first camp explain why "mutex" semantics is better than
> "transaction" semantics?  And why it's desirable to have one DB spec specify
> "transaction" semantics (Web Database) and a second specify "mutex"
> semantics (localStorage)?


The way I understand it, there's 3 camps...and I think they've been abusing
both the word transaction and mutex.  We should probably all start being
more precise with our wording in this respect.  :-)


Those who want pessimistic transactions.  I.e. using locking so that you
never need to do a rollback (because it can never "fail").  This would be
compatible with either a sync or an async interface.

Those who optimistic transactions.  I.e. rollback may happen.  Either we
need to restrict what can be done during a localStorage transaction or we
need to have an exception that tells the script to undo itself.  This was
the original proposal, AFAICT.  It would work with both a sync or an async
interface.

Those who want a queue.  I.e. those who want an asynchronous callback based
interface and the UA will only call one callback at a time.  Perhaps on a
per-origin basis.  Note that this can never "fail", need to be rolled back,
etc.


I believe Aaron is in the queue camp with me.  I'm becoming more and more
convinced that Chromium should/will not implement the storage mutex at all
(even for LocalStorage) unless we can come up with a way for event loops to
not be blocked.  And, as far as I can tell, Async interfaces are the only
way to accomplish this.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.whatwg.org/pipermail/whatwg-whatwg.org/attachments/20090909/13022eed/attachment-0002.htm>

More information about the whatwg mailing list