Clocks, Ordering & Causality

Trace: A sends m1: A.clock=1, m1.ts=1. B receives m1: B.clock=max(0,1)+1=2. B sends m2: B.clock=3, m2.ts=3. C receives m2: C.clock=max(0,3)+1=4. A sends m3: A.clock=2 (A's clock only increments locally), m3.ts=2. C receives m3: C.clock=max(4,2)+1=5. C's final clock=5. "C receives m2" (ts=4) vs "C receives m3" (ts=5) — yes, 4 < 5, m2 appears before m3. But this ordering may not reflect actual causality — m3 was sent independently. Lamport limitation: ts(X) < ts(Y) does NOT imply X happened-before Y; it only implies Y did NOT happen-before X. For true causality tracking, use vector clocks. Example: in a chat app, two users send messages concurrently — Lamport timestamps impose an arbitrary order that doesn't match conversation causality.

Comparison rules: A < B means all(A[i] <= B[i]) and any(A[i] < B[i]). VA=[3,1,0] vs VB=[2,2,0]: VA[0]=3 > VB[0]=2, VB[1]=2 > VA[1]=1 — neither dominates → CONCURRENT. VA=[3,1,0] vs VC=[3,2,0]: VA[0]=3=VC[0], VA[1]=1<VC[1]=2, VA[2]=0=VC[2] — VA < VC → VA happened-before VC (VC is newer). VB=[2,2,0] vs VC=[3,2,0]: VB[0]=2<VC[0]=3, all others equal → VB < VC (VC is newer). VA=[3,1,0] vs VD=[1,0,2]: VA[0]=3>VD[0]=1, VD[2]=2>VA[2]=0 → CONCURRENT. Concurrent pairs (VA,VB) and (VA,VD) must be stored as siblings. Application must reconcile on read (e.g., shopping cart: union the items). DynamoDB stores siblings to avoid silently losing writes — the application knows business logic best for merging.

External consistency: serializability says "there exists a serial order consistent with the execution." External consistency adds "that serial order must match real-time order." If T1 commits at 10:00:00.000 real time and T2 starts at 10:00:00.001, T2 must see T1's writes — even across datacenters. Commit-wait: s=TT.now().latest is the upper bound of current time. Waiting until TT.now().earliest > s ensures that ANY observer anywhere in the world, whose clock may run up to epsilon fast, will see s as already in the past. This prevents time-travel reads. Latency cost: commit-wait = 2*epsilon = 14ms added to every write. Google reduces epsilon using GPS (1µs accuracy) + atomic clocks (drift < 1ppb) synced by Google's time masters, achieving epsilon of 1–7ms. NTP achieves only 10–100ms. If atomic clock fails: Spanner falls back to GPS-only or increases epsilon — correctness is maintained but latency increases.

Clock skew scenario: EU-DC clock runs 80ms behind US-DC. Post P written in US at physical time T=1000. Reply R written in EU 50ms later at physical time T=970 (EU clock is behind). R.timestamp < P.timestamp — R appears before P in timestamp order. Wrong. Causal metadata: when user reads P (VP=[US:42, EU:0, AP:0, AW:0, SA:0]) from EU-DC, their client session stores VP. When they write reply R, the request carries depends_on=VP. EU-DC assigns R's vector clock as VR=[US:42, EU:15, ...] (incorporating VP). Causal barrier: EU-DC's Kafka consumer maintains a "received" vector clock. When it receives an event with depends_on=VC, it buffers the event until its received clock satisfies VC. This is a Causal Consistent delivery buffer. Storage: 40 bytes x 2M events/min = 80MB/min = 4.8GB/hour. Delta compression: store only the diff from the previous event's vector clock — most events increment only one DC counter, saving ~32 bytes per event (5 bytes avg diff vs 40 bytes full vector).