19 comments

• blopker 1 day ago
  UUIDs are way over used. There is almost always a better key to use, usually a bigint for databases. If you're making some kind of leaderless distributed data store, then maybe, but even then there are other ID sharding strategies I'd go for first depending on the constraints.

  For a single database, bigints are smaller and faster, with less footguns.

  UUIDs can be nice for an opaque public ID, however I'd still prefer something like a Sqid for space and usability.

  [-]
  • Fabricio20 1 day ago
    > bigints are smaller and faster, with less footguns

    But be careful!! Javascript WILL interpret your bigints as Number() and round them down because they are too big without telling you!!!

    Famously seen by every snowflake user that has interacted with Javascript, quite an annoying problem.

    [-]
    • Terr_ 8 hours ago
      > Javascript WILL interpret your bigints as Number()

      A similar horror story from PHP, which I discovered by diagnosing a test failure. (Or maybe it was in production? Long ago, can't remember.)

      I think the code in question was for some kind of web auth, comparing random 32-character hexadecimal strings. PHP has a "feature" where its == operator falls back to trying certain strings as numbers... and that includes a version with scientific notation. (12000 == "12000" == "12e3")

      Such a collision through bad comparison may seem unlikely, but there are two islands of higher odds: 0*10^X is zero for any X, and X*10^0 is one for any X. Finally, leading zeros can be included. ("0e1234" == "00000e1" and "1234e0" == "9e0000")

      The fix was simply going to stricter ===, but it definitely reinforced my dislike of "loose" languages.
    • silvestrov 1 day ago
      Good trick is to prefix all such keys with magic, i.e. a couple of letters that identify type type of key.

      Then it will always be a string and you will be free to change the format/type of the key in the future to UUID or whatever you like.

      [-]
      • zmj 1 day ago
        Rule of thumb: if you’re not doing math with a value, it’s not a number.
        [-]
        • throw-the-towel 15 hours ago
          Speaking of which, one of my favourite UX brainfarts is treating text fields where you enter a sum as numbers.

          Why, you ask? Let's you have a number like 10,000 and you want to replace it with 20,000. You delete the leading 1, and boom! The number is now zero, and three of the digits are gone, and you'll have to retype them like you got no other things to do with your life.
        • klysm 18 hours ago
          Indexes?
        • myko 22 hours ago
          I've been preaching this for years but nobody believes me until it bites them in the ass
    • Piezoid 1 day ago
      Using a Feistel cipher and base 32 encoding at the boundaries of the system can help catching vibe coded edge code that attempt to decode identifiers in javascript. It also somewhat obfuscate the cardinalities and fill rate of the tables.
    • sheept 1 day ago
      This can be avoided by supplying a reviver:

          const json = '{ "a": 9007199254740993 }'
          JSON.parse(json, (_key, value, context) => /^\d+$/.test(context.source) ? BigInt(context.source) : value)

      [-]
      • tyre 23 hours ago
        Which can be avoided by using UUIDs
        [-]
        • jraph 22 hours ago
          Or by putting that id between quotes so it's a string.
    • spiffytech 1 day ago
      Fortunately we're seeing more JS DB libraries offering to read large numbers as the BigInt type.
      [-]
      • shakna 1 day ago
        But frustratingly, a JS BigInt is nothing like a BigInt in any other language.

        In JS - BigInt is 64bit integer.

        In anything else - BigInt is a arbitrarily large integer.

        [-]
        • anematode 1 day ago
          Hm? JavaScript BigInts are arbitrary precision, and you need to use methods like BigInt.asIntN(64, a) to convert them to 64 bits
          [-]
          • mort96 1 day ago
            I hate this so much because you can’t nicely serialise a BigInt as JSON. Using a string is nicer but it only makes sense where int64 is used as an ID, not where it’s used as a number; and you don’t wanna have to configure this per field per query.
            [-]
            • marcosdumay 23 hours ago
              IMO, I'm tending toward thinking that having types on your readable serialization format is a mistake, and that they should be always input to the (de)serializer instead.
            • sheept 1 day ago
              You can serialize a BigInt by specifying a replacer:

                  const obj = { a: 9007199254740993n }
                  JSON.stringify(obj, (_key, value) => typeof value === 'bigint' ? JSON.rawJSON(value.toString()) : value)

              [-]
              • mort96 1 day ago
                And then you end up with strings on the other side, not numbers.
                [-]
                • sheept 1 day ago
                  No you don't? The example I gave produces

                      {"a":9007199254740993}
                  

                  not

                      {"a":"9007199254740993"}

                  [-]
                  • mort96 1 day ago
                    Oh, that's much worse! The JSON string `{"a":9007199254740993}` decodes to the object `{"a":9007199254740992}` with typical JSON parsers like JavaScript's `JSON.parse`.
                    [-]
                    • sheept 23 hours ago
                      If you're applying a replacer, then you'd supply a reviver when parsing:

                          const json = '{ "a": 9007199254740993 }'
                          JSON.parse(json, (_key, value, context) => /^\d+$/.test(context.source) ? BigInt(context.source) : value)

                      [-]
                      • mort96 23 hours ago
                        Yeah but now you have the world's biggest foot gun in your API.
            • nh2 1 day ago
              JSON has arbitrary length numbers in the spec only.
              [-]
              • mort96 1 day ago
                Completely and utterly irrelevant.
        • Etheryte 1 day ago
          This is simply not true? Or maybe I misunderstand what you mean?
    • paulddraper 1 day ago
      !!

      Node.js drivers will correctly read int64 as string or bigint, not number.

      E.g. pg for PostgreSQL

      Maybe there’s a buggy driver but I don’t know it.

      [-]
      • Fabricio20 1 day ago
        Browser!! The browser reads it as Number. If your rest api returns {"id": 1324535222364012585} for example, javascript will try and parse that as number from the response!!!

        You can of course, change the api such that it does {"id": "1324535222364012585"} instead and voila, it will no longer try parsing it as number. Or the many other workarounds people have recommended above (like appending a prefix, or using a different encoding), but why is it trying to parse a number thats too big and instead of throwing it just rounds down without telling you????!

        [-]
        • paulddraper 21 hours ago
          Huh? The subject was database drivers.

          You seem to be talking about JSON. (Which technically has no limit on number size or precision, but in practice is float64.)
  • JamesSwift 1 day ago
    UUIDs also have a nice benefit of it being impossible to query the wrong table with one if you mixup what an FK goes to
    [-]
    • sgarland 19 minutes ago
      Or just write tests, instead of relying on statistical improbability to prevent disaster.
    • chrismorgan 1 day ago
      You can achieve this with numeric sequences too, by having a consistent step and unique offset in all your sequences. For example, if you will never exceed 16 types, reserve four bits as the type discriminant. (You don’t have to use powers of two, but it may be convenient.)

      All sequences use step 16.

      Type A has discriminant/offset 0, yielding IDs {0, 16, 32, 48, 64, …}.

      Type B has discriminant/offset 1, mapping to IDs {1, 17, 33, 49, 65, …}.

      All the way up to Type P with discriminant/offset 15 and IDs {15, 31, 47, 63, 79, …}.

      This is also trivially invertible so that you can determine the type from the ID.

      A more common approach is to make IDs opaque strings and put a type prefix—A0, B12, P34, that kind of thing. But this way you can keep it as a number, if you wish.
    • throwawayo2oe 19 hours ago
      Alternatively just use a shared sequence for all tables.
    • pyuser583 1 day ago
      Yeah this is nice - also helps with grepping dump files.
    • mamcx 1 day ago
      How is this done?
      [-]
      • nickpeterson 1 day ago
        They just mean you catch incorrect joins more easily because there is usually no overlap in keys between unrelated tables. Using int, you’re usually going to have some shared values between two unrelated tables.
      • sudoshred 1 day ago
        Statistically impossible to inadvertently generate a collision using UUID keys. UUID is designed to be unique when generated across any computer system. Practically speaking if you have an exactly matching pair of UUIDs from disparate system you have found the exact record match. The name gives a hint "Universally unique identifier". -Not a cryptographer.
        [-]
        • usrnm 1 day ago
          It definitely is possible, just very improbable
          [-]
          • echoangle 1 day ago
            That’s probably what’s meant by statistically impossible.
          • pavo-etc 9 hours ago
            "very" is underselling it
          • ErroneousBosh 21 hours ago
            It definitely is possible, just very much a "woah, shit, guys come and look at this!" moment.
            [-]
            • beagle3 1 hour ago
              More like a moment that the guys can’t come because each one was independently struck by a lightning.
      • masklinn 1 day ago
        The U means if you join the wrong table your join will always come up empty.

        It does not actually make it impossible to query the wrong table it just tells you quickly when you’ve done so.
  • willtemperley 23 hours ago
    UUIDs make client code so much simpler. Just create a UUID, use it client side to create your object graph and commit or not as appropriate. No need to retrieve an incremented integer.
    [-]
    • sgarland 16 minutes ago
      Every DB, even MySQL can return the autoincrementing integer for you as part of the insert. Postgres, SQLite, and MariaDB (likely others, I’m just not familiar) can even return the rest of the data, should you need that.

      IME, most of the arguments for why UUIDs make things better are due to developer ignorance of RDBMS features (or B+tree performance).
  • andersmurphy 1 day ago
    Yes this matters even more if you are doing a lot of joins. Naive string UUIDs are 32 bytes (though I use binary uuid in the post which is 16) compared to 8 bytes for a 64-bit int. This matters even more with sqlite as it uses varint encoding. The upshot of all this is your indexes take up a lot less space in memory.
  • bob1029 1 day ago
    I am finding UUIDs help a lot if your primary schema consumer is an LLM.

    Inappropriate aliasing of integer keys allows for silent errors in queries because it will actually return some result a lot of the time. A UUID is immune to this problem. The model recognizes its mistake a lot more reliably when previously non-empty tables start showing up empty after attempting a join.
  • Fire-Dragon-DoL 1 day ago
    Providing an ID from the client is a big advantage that's missing though. Especially if you want a UI with optimistic rendering that's dealing with something async
  • PUSH_AX 1 day ago
    What are uuid foot guns?
  • crubier 1 day ago
    No one ever got fired for using UUIDs
• gvkhna 2 hours ago
  UUIDv7 as pk is inherently the best option besides just a bigint where you really don’t need a public id.

  But a Url62 as a url safe public id from the pk is simple and straightforward to use and comes with few risks of leak issues. Wish postgres had native base62 encoding for url62 now that it has uuidv7 native.
• adityaathalye 1 day ago
  Thanks for the benching, Anders! So grateful for the stuff you've shared over the years. Invariably, every single post has been useful and/or educational to me.

  I read this post more as an illustration of the *value* of UUIDv7 as primary key, over integer primary keys, in lieu of minimal loss of read/write performance, and marginally more data on disk bloat.

  SQLite's automatic integer rowID primary key is a no-brainer, when the SQLite application is local-only, such as application storage format (mobile and desktop). Or is never intended to grow beyond a single server instance. Basically, where each SQLite file is private to a singular instance of the application.

  However, if there is even an outside chance of needing to cooperate across application instances, e.g. the minimal limit case of a personal knowledge base that should seamlessly sync across a person's devices, as well as a hosted service, then a high-quality sequential random ID starts to make a lot more sense. (No-brainer arbitrary table merges / splits / remerges, de-duplication, etc.)

  Random ID primary key is a bad idea period, whether it be the UU kind or the SQ kind, or any other kind. As far as my DB knowledge goes, this class of ID destroys all tree-algorithms, and we are stuck with the fact that there is no practically better way, than an appropriate tree-structure, to group and organise a meaningful amount of data, efficiently and effectively.

  [-]
  • andersmurphy 1 day ago
    I've updated the article with the correct rowid alias (integer not int) so the rowid version is now 715ms. I've also added an example of rowid and a secondary index UUID4, and that also seems to be bad for performance (as although it's not a clustered index it's still random inserts into a b-tree).
    [-]
    • adityaathalye 22 hours ago
      Well, I expect to never need WITHOUT ROWID. And even if such an arcane situation hits my system, WITHOUT ROWID has so many ifs and buts that I'll probably elect to eat the $$$ cost of running an un-optimised normie SQLite as far as possible.

      cf. https://sqlite.org/withoutrowid.html

      > The WITHOUT ROWID syntax is an optimization. It provides no new capabilities. Anything that can be done using a WITHOUT ROWID table can also be done in exactly the same way, and exactly the same syntax, using an ordinary rowid table. The only advantage of a WITHOUT ROWID table is that it can sometimes use less disk space and/or perform a little faster than an ordinary rowid table.

      As of now, I am doing the following in my (Bitemporal data system) experiment (When will it see the light of day? Nobody knows.).

      All data are globally uniquely identified by a UUIDv7. However all tables have `rowid` integer primary key asc (which is just an alias for SQLite's autoincrement int id). The `rowid` is the basis for joins, and is the foreign key reference. This lets me offload some useful disambiguation work to the DB as well as have it enforce global (across data systems) record uniqueness guarantees, while retaining local (within process) query efficiency by retaining the ability to use integer rowids.

      While the idealised insert performance in your bench is indeed mind-boggling, the DB Schema isn't doing anything CPU-intensive during inserts (checks, constraints, triggers etc.). My schema / query pattern yields comparatively meagre throughput, but I am happy with the ballpark it has landed in, given all the work I'm making SQLite do for me on each `assert!` and `redact!`.

      cf. my dirty-but-useful-enough bench, with production-like record content:

      A poor man's napkin-mathy, append-only SQLite write/read benchmark

      https://gist.github.com/adityaathalye/3c8195dc70626b33c23867...

      Summary:

        ;; Okay, I think I can live with this...
      
        ;; - "facts" table: 12M+ records
        ;;     - single process writes to it
        ;;     - ~ 400 transactions/second
        ;;     - append-only table, enforced via SQLite "before" triggers
        ;; - "now" table: 
        ;;     - updates on every assert/redact on "facts" table, via triggers
        ;;     - currently at "limit case": for each read it is empty, or very small, because writes do back-to-back assert/redact of the same fact
        ;;     - gets reads from two reader threads (evenly split)
        ;;     - ~41,000 reads/second
        ;; - all reads are concurrent with writes (poor man's futures)
  • adityaathalye 1 day ago
    Aside: Specific to SQLite...

    Thanks to its oh so convenient automatic integer rowIDs, I believe one can amortise some of the other overheads of UUIDv7s for "in-between" queries, viz. indices, joins, ctes, virtual tables etc., with appropriate schema / query design.
• jdthedisciple 1 day ago
  So UUID isn't the problem but UUID v4 is, just like any random ID-scheme, correct?

  UUID v7 so far seems like the best solution if you want UUID benefits and ordering.

  [-]
  • scotty79 1 day ago
    It's " WITHOUT ROWID" problem.

    Why would you force database to order rows on the drive according to random id?

    [-]
    • chromatin 1 day ago
      If you had read the article, you'd have seen that UUIDv4 with Rowid was slightly slower than UUIDv7
      [-]
      • scotty79 6 hours ago
        That's unbelievable! As in "I did not believe it". I mean it's nominally true, but only because this table has almost nothing in it, so a second index on random uuid is a visible cost. If this was actual table in actual software it would hold few other indexes and many fields and uuid+rowid vs int primary key would be a rounding error.

        I never wished, gee, why didn't I use integer key. But so many times I wished I used uuid because eventually your data rows are going to need to have identity that is not local to this specific database instance.
• sedatk 23 hours ago
  UUIDv7 and sequential integers are quite similar. Sequential integers disclose count and neighboring IDs while UUIDv7 discloses timestamp. Either can be a security issue in certain cases.

  So, UUIDv4 as a PK on a clustered index can be perfectly feasible for cases where you want to avoid disclosing stuff and row insertion performance isn’t that important.
• andersmurphy 1 day ago
  This is actually a draft. I Wanted to add more details about how this changes with row size etc. I might get time to update it later today.
  [-]
  • ysleepy 1 day ago
    Maybe you could explain why one would use "without rowid" in the first place.

    I get saving 8 bytes per row seems attractive, but the tradeoff is not explained.

    [-]
    • andersmurphy 1 day ago
      Update the article there's now a section for UUID4 with rowid. It's less bad than UUID4 without rowid but it's still about 4-6x slower than UUID7 without rowid.
    • keynha 1 day ago
      The reason to use it is that it skips the double lookup. A normal rowid table with a UUID primary key keeps two B-trees: the table itself keyed by the hidden rowid, and a separate index from your UUID to that rowid. A lookup by UUID walks the index to find the rowid, then walks the table to find the row. WITHOUT ROWID makes the UUID the table's key directly, so the row sits in that leaf and you walk one tree instead of two, and you don't store the UUID a second time.

      The tradeoff is what the benchmark is hitting. Once the table is physically ordered by the key, a random v4 scatters every insert across the tree and you pay for the page splits. A plain rowid table keeps that churn in the secondary index, which is just the key plus a rowid, while the table itself stays append-ordered. So it only really pays off when the key is something you look up directly and is roughly sequential, which is why v7 comes back near baseline.
• bambax 1 day ago
  Why would you use UUIDs a primary keys? Let SQLite use rowids internally (which is automatic and invisible), and have a different (indexed) column with UUID if you need that for publishing the ID somewhere.
  [-]
  • elcomet 1 day ago
    UUID as key is useful when you have a distributed system where multiple workers create items independently
  • victorbjorklund 1 day ago
    Because another app can then create the id and add it to the db later.
• ItsBob 1 day ago
  My rule for primary keys and id's is simple: Sequential integer (or bigint) as the PK and if I need to make it public, I have a GUID (or UUID) in the row too, e.g. tbl_person would have Id (int|bigint) and person_guid as (UUID).

  The Integer id is used for joins and looks ups and such but that's it. If I need to send anything to the frontend or outside of the app/DB then that's the UUID.

  [-]
  • gvkhna 2 hours ago
    I agree technically but in most use cases the timestamp from uuidv7 is not a security leak. Especially where you’re already sharing that data in some way or another. A default guid is unnecessary if you use uuidv7 I think (in most situations).
• pyuser583 1 day ago
  Oh gosh the ints v uuids debate for pks. This is worse than vim v eMacs or brackets v braces.
• w10-1 1 day ago
  Isn't the solution just to use the rowid (after doing the read-id-after-insert dance)?

  How much trouble does SQLite reysing rowid's actually cause?

  [-]
  • andersmurphy 1 day ago
    You don't even need to that. SQLite auto increments the ids and is a single writer (which you should be coordinating at the application level.

    Regular rowids are definitely the way to go if you can use them.
• ac50hz 1 day ago
  I enjoy these carefully worded posts from Anders Murphy, illustrative and informative, not opinionated and preachy. Very useful, it’s great to see the process, and ofc bookmarkeable material for sharing with others.
• dumbledorf 1 day ago
  Wait how is sqlite doing a million inserts a second?
  [-]
  • JSR_FDED 1 day ago
    In batches
  • kg 1 day ago
    sqlite is really fast. I'm surprised it's only a million.
    [-]
    • andersmurphy 1 day ago
      It's running on an M1 mac with synchronous full. Wouldn't surprise me if it's possible to get higher numbers.
  • smitty1e 1 day ago
    ':memory:'

    https://sqlite.org/inmemorydb.html

    [-]
    • KPGv2 1 day ago
      Except this source code is not using :memory: The linked source code has

          (defonce db
            (d/init-db! "db/db.db"
              {:pool-size 4 :pragma {:synchronous "FULL"}}))
      

      That's writing to disk.
      [-]
      • andersmurphy 1 day ago
        Yes it's writing to disk (on a M1 mac which has terribly slow fsync). But, because of the transaction the fsync dance is done once per batch. Each row is the id + a 50 byte data blob.

        There's only one index so there's no real write amplification. The numbers will go down as you add more data and indexes.
• yepyoukno 1 day ago
  Perils of “UUIDv4”. Everyone knows that’s what UUIDv7 was really for, and you should always convert that to binary to optimize everything.
  [-]
  • JSR_FDED 1 day ago
    Small nit: uuid7 is 128 bits (16 bytes) by definition. So there’s no need to convert it to binary. It already is. Unless you’re working with a stringified version of the uuid7.
    [-]
    • yepyoukno 1 day ago
      Oh yes, I meant don’t store as an ID in its string format!
      [-]
      • dexterdog 1 day ago
        It's just s dumb as storing dates as strings, but people still do it.
        [-]
        • littlecranky67 1 day ago
          But SQLite does not have a native datetime type so you have to use strings
          [-]
          • voakbasda 1 day ago
            You can use an integer
            [-]
            • Volundr 1 day ago
              How do I know the time zone of an integer? Sure there are plenty of cases where one doesn't care, but there are also many cases where the original time zone is important.
              [-]
              • dexterdog 1 day ago
                The integer is a UTC time so it can be sorted. If you need the time zone you store than in a smaller field.
                [-]
                • everforward 16 hours ago
                  This has edge cases that are infrequent but messy because it depends presumes timezone changes are transitive across time and they often aren’t.

                  Eg I save a date 18 months in the future in US Western time at 0600. 3 months from now the US gets rid of Daylight Savings. You saved it as 1400 UTC (which was correct), which is now an hour off because the local time zone is different.

                  Encoding it in local time fixes that, because it delays the TZ conversion until you need it and your times stay correct as long as you update tzdb like once a month.
            • littlecranky67 1 day ago
              other comment said it already, timezone information is not saved. Easiest is just to use a string.
        • cenamus 1 day ago
          But also one of the recommended ways of doing it, as it has no native Datetime type.
  • antihero 1 day ago
    Doesn't Postgres' UUID type just do this for you anyway?

    Why would you store it as as str column and not the inbuilt type for this?

    https://www.postgresql.org/docs/current/datatype-uuid.html

    If you are using SQLite well I guess that doesn't work.
  • themafia 1 day ago
    > and you should always convert that to binary to optimize everything

    I disagree. I tried this once. Now you need a client access layer to touch the DB in any context. All your console tools no longer work well or at all. If they show up in URLs you need to deoptimize them for transport.

    You give up a lot of convenience for this optimization. You should be absolutely sure your design requires it before using it.
• kjgkjhfkjf 1 day ago
  The script to create the benchmark numbers appears to be inserting 100 batches, not 10. (The benchmark numbers in the table appear to be consistent with the text, so I guess the actual script used to create them was correct.)
  [-]
  • andersmurphy 1 day ago
    Yeah that was just a holdover from when I was playing with smaller batch sizes. It's not in the actual linked source.
• cropcirclbureau 1 day ago
  Is this relevant for other databases? For postgres for example, which supports concurrent writers, wouldn't sequential keys lead to contention on the page at the frontier?
  [-]
  • andersmurphy 1 day ago
    That's a good question. I don't know the answer. I will say, generally you can get higher write throughput with a single writer. Even more so if you're prepared to shard along boundaries where you don't need atomic transactions.

    Contention and coordination are real killers, concurrent writes (that require coordination like postgres) often underdeliver.
• michaelcampbell 1 day ago
  How much time is `(random-uuid7-bytes)` taking?
  [-]
  • andersmurphy 22 hours ago
    An insignificant amount for the comparison (why I didn't mention it), it's a fast implementation and the JVM C2 JIT has kicked in by the time the first batch has completed.
  • u1hcw9nx 23 hours ago
    I can't believe I had to scroll down to this far to see someone making this point.

    Also INSERT speed instead of SELECT? Typically most time is spend in SELECT or UPDATE.

    [-]
    • andersmurphy 22 hours ago
      Although not as prominent as insert SELECT and UPDATE both benefit from page cache locality, assuming rows that are stored near each other are often selected/updated together.
• knightops_dev 1 day ago
  [flagged]
• wood_spirit 1 day ago
  If you need (or want the convenience of) a uuid and the time of creation is not secret then use ulids eg uuid v7.