I was surprised that this Jepsen report has never been discussed here before, but it really captures just how problematic the history of 'safe' database isolation levels has been. Some excerpts:
> For the last nine years, PostgreSQL’s “serializable” mode has justifiably claimed to offer serializability.
> [but] PostgreSQL’s “serializable” isolation level isn’t serializable: it allows G2-item during normal operation
> [...] These cycles are precisely what PostgreSQL’s SSI implementation is meant to prevent!
> This code has gone essentially untouched since the introduction of serializable snapshot isolation in 2011.
Making things appear to be serializable is really hard.
> For the last nine years, PostgreSQL’s “serializable” mode has justifiably claimed to offer serializability.
> [but] PostgreSQL’s “serializable” isolation level isn’t serializable: it allows G2-item during normal operation
> [...] These cycles are precisely what PostgreSQL’s SSI implementation is meant to prevent!
> This code has gone essentially untouched since the introduction of serializable snapshot isolation in 2011.
Making things appear to be serializable is really hard.