Snapshot isolation is remarkably powerful—it eliminates dirty reads, non-repeatable reads, and even phantom reads for read-only transactions. It enables high concurrency by letting readers and writers operate without blocking each other. It feels like we've solved the concurrency problem.\n\nBut there's a catch. A subtle, dangerous catch that has caused countless bugs in production systems, corrupted data in financial applications, and violated constraints in booking systems worldwide. This catch is called the Write Skew Anomaly.\n\nWrite skew occurs when two transactions read overlapping data, make decisions based on that data, and then write to non-overlapping data items—with the final result violating some constraint that neither transaction individually violated. It's the signature weakness of snapshot isolation, and understanding it is essential for any engineer working with databases.

Write skew is a concurrency anomaly where two transactions:\n\n1. Each read from an overlapping set of data items\n2. Each make decisions based on what they read\n3. Each write to different (non-overlapping) data items\n4. Both commit successfully under snapshot isolation\n5. The combined result violates some integrity constraint\n\nFormal Definition:\n\nA write skew occurs in a schedule $S$ with transactions $T_1$ and $T_2$ when:\n\n- $T_1$ reads items $\{x, y\}$ and writes item $x$\n- $T_2$ reads items $\{x, y\}$ and writes item $y$\n- Both transactions make modifications based on a constraint involving both $x$ and $y$\n- The constraint holds for each transaction's snapshot view\n- But the constraint is violated in the final committed state\n\nCritically, because $T_1$ writes $x$ and $T_2$ writes $y$, there's no write-write conflict. Snapshot isolation's First-Committer-Wins (FCW) rule only detects conflicts on the same data item. Write skew slips through because each transaction writes a different item.

Why FCW Doesn't Help:\n\nFirst-Committer-Wins detects when two transactions try to modify the same row. It prevents this schedule:\n\n\nT1: Read X → Write X\nT2: Read X → Write X (CONFLICT: same item X)\n\n\nBut write skew involves writing different items:\n\n\nT1: Read {X, Y} → Write X\nT2: Read {X, Y} → Write Y (NO CONFLICT: different items)\n\n\nThere's no write-write conflict because $X \neq Y$. Both transactions can commit under SI, even if the combination of their writes violates a constraint on $\{X, Y\}$.

The most famous illustration of write skew is the on-call doctors problem, described in the seminal paper on snapshot isolation.\n\nThe Scenario:\n\nA hospital requires that at least one doctor is always on call. The oncall table tracks which doctors are currently on duty:\n\nsql\nCREATE TABLE oncall (\n doctor_id INTEGER PRIMARY KEY,\n name VARCHAR(100),\n is_oncall BOOLEAN\n);\n\n-- Initial state: Alice and Bob are both on call\nINSERT INTO oncall VALUES (1, 'Alice', TRUE);\nINSERT INTO oncall VALUES (2, 'Bob', TRUE);\n\n-- Constraint: At least one doctor must always be on call\n-- COUNT(*) WHERE is_oncall = TRUE >= 1\n\n\nThe Write Skew Scenario:

Analysis:\n\n1. Both transactions took snapshots when 2 doctors were on-call\n2. Each saw that going off-call would leave 1 doctor (safe)\n3. Each modified a different row (Alice's row vs Bob's row)\n4. No write-write conflict (different rows)\n5. Both committed successfully\n6. Constraint violated: Zero doctors on-call\n\nEach transaction acted correctly according to its snapshot. The constraint was satisfied before each write. But the combined effect violates the constraint.

Write skew appears in many real-world scenarios. Recognizing these patterns is crucial for designing correct applications.

To understand why SI allows write skew, we need to examine what SI's conflict detection actually checks.\n\nWhat SI Checks:\n\n1. Write-Write Conflicts on Same Item: If T1 and T2 both write to item X, FCW ensures only one can commit with its version of X.\n\n2. Reading Your Own Writes: A transaction sees its own uncommitted modifications.\n\n3. Snapshot Consistency: All reads see a consistent point-in-time view.\n\nWhat SI Does NOT Check:\n\n1. Read-Write Dependencies Across Items: SI doesn't track that T1 read Y before writing X.\n\n2. Constraint Validation Across Transactions: SI doesn't know that there's a constraint linking X and Y.\n\n3. Dangerous Structure Detection: SI doesn't identify the "read overlapping, write different" pattern.

The Serialization Graph Perspective:\n\nFor a schedule to be serializable, its serialization graph must be acyclic. Write skew creates cycles:\n\n- T1 → T2: T1 read Y before T2 wrote Y (rw-dependency)\n- T2 → T1: T2 read X before T1 wrote X (rw-dependency)\n\nThis bidirectional dependency forms a cycle: T1 → T2 → T1\n\nSI doesn't detect these read-write antidependencies. It only enforces that write-write conflicts are resolved by FCW. The cycle goes undetected, and both transactions commit.\n\nContrast with Strict 2PL:\n\nUnder strict two-phase locking:\n- T1 reading Y would acquire S(Y)\n- T2 writing Y would need X(Y) and block on T1's S(Y)\n- Alternatively, T2 reading X while T1 holds a write intent would block\n- Either way, the cycle is broken by lock waits\n\nThis is why 2PL guarantees serializability but SI does not.

How do you identify code patterns that are vulnerable to write skew? Look for these warning signs:\n\nRed Flag #1: Read-Check-Write Pattern\n\nsql\n-- Vulnerable pattern\nSELECT COUNT(*) FROM oncall WHERE is_oncall = TRUE;\n-- Application checks: if count > 1, proceed\nUPDATE oncall SET is_oncall = FALSE WHERE doctor_id = ?;\n\n\nThe read (COUNT) and write (UPDATE) operate on related but potentially different rows. Other transactions can modify rows that affect the COUNT while this transaction proceeds.\n\nRed Flag #2: Aggregate-Based Decisions\n\nsql\n-- Vulnerable pattern \nSELECT SUM(balance) FROM accounts WHERE customer_id = ?;\n-- Application checks: if sum >= withdrawal_amount, proceed\nUPDATE accounts SET balance = balance - ? WHERE account_id = ?;\n\n\nThe decision depends on an aggregate (SUM) over multiple rows, but the write affects only one row. Other transactions can modify the other rows.

Code Review Checklist:\n\nWhen reviewing code for write skew vulnerabilities:\n\n1. Identify the constraint: What invariant must hold? (e.g., at least one on-call)\n\n2. Trace the data flow: Which rows are read? Which is written?\n\n3. Check for overlap: Does the read set include rows other than the write target?\n\n4. Consider concurrent execution: What if two instances run simultaneously?\n\n5. Verify enforcement mechanism: Is the constraint enforced by the database or only by application logic?\n\nIf a constraint spans multiple rows and is only enforced by application code, you likely have a write skew vulnerability.

Several strategies can prevent write skew, each with different trade-offs.

PostgreSQL's SERIALIZABLE isolation level uses Serializable Snapshot Isolation (SSI), an elegant extension of SI that detects write skew without blocking reads.\n\nHow SSI Works:\n\nSSI extends SI by tracking rw-antidependencies (read-write conflicts):\n\n1. When T1 reads data that T2 later writes, record T1 → T2 (rw-conflict)\n2. When T2 reads data that T1 later writes, record T2 → T1 (rw-conflict)\n3. At commit time, check for cycles involving rw-antidependencies\n4. If a "dangerous structure" (two consecutive rw-edges) is detected, abort one transaction

SSI Implementation Details:\n\nSIREAD Locks:\n\nSSI uses "predicate locks" or "SIREAD locks" to track what transactions have read. These don't block other transactions—they just record the read for later conflict detection.\n\nConflict Bookkeeping:\n\nFor each transaction, SSI maintains:\n- List of rw-conflicts where this transaction has an outgoing edge\n- List of rw-conflicts where this transaction has an incoming edge\n\nDangerous Structure Detection:\n\nA commit is rejected if it would create a "dangerous structure"—specifically, a pivot transaction with both:\n- An incoming rw-antidependency from a committed transaction\n- An outgoing rw-antidependency to a committed or committing transaction\n\nFalse Positives:\n\nSSI is conservative. Some schedules it aborts would actually be serializable. But false positives are better than false negatives (allowing non-serializable schedules).

Write skew is the canonical anomaly that separates snapshot isolation from full serializability. Understanding it is essential for designing correct concurrent applications.

What's Next:\n\nThe next page compares Snapshot Isolation vs Serializable Isolation in depth, examining the full spectrum of trade-offs between these isolation levels.