Presentation is loading. Please wait.

Presentation is loading. Please wait.

RECOVERY MANAGER E0 261 Jayant Haritsa Computer Science and Automation

Published byGwen Matthews Modified over 6 years ago

Similar presentations

Presentation on theme: "RECOVERY MANAGER E0 261 Jayant Haritsa Computer Science and Automation"— Presentation transcript:

1 RECOVERY MANAGER E0 261 Jayant Haritsa Computer Science and Automation
Indian Institute of Science

2 RECOVERY MANAGER Atomicity: All actions in the Xact happen, or none happen. Durability: If a Xact commits, its effects persist. The Recovery Manager guarantees these properties.

3 Example Scenario crash! T1 T2 T3 T4 T5
Desired Behavior after system restarts: T1, T2 & T3 should be durable. T4 & T5 should be erased.

4 Design Issues Database Buffer Pool:
Updates: In-place or to “shadow” copy ? Buffer Pool: Commit-Force: Force every data write to disk at commit time, or No-Force ? Frame-Steal: Allow frames of uncommitted Xsactions to be taken by others, or No-Steal?

5 Simple Solution Shadow updates (instant recovery)
Force (provides durability), No-steal (provides atomicity) But, Shadow results in fragmentation Force results in poor response time No-steal results in poor throughput

6 High-performance Solution
In-place, No-force, Steal Mechanisms: In-place : By using logging No-force : By recording new value of P at commit time to support REDO of write to P Steal : By recording old value of P at steal time to support UNDO of write to P

7 LOG A temporally-ordered list of REDO/UNDO actions
One record for each update, containing <XID, pageID, offset, length, old data, new data> Sequentially written to separate disk Several updates captured in single log page

8 Write-Ahead Logging (WAL)
Must force the log record for an update before the corresponding data page gets to disk: guarantees Atomicity Must force all log records for a Xaction at commit: guarantees Durability.

9 Recovery Protocol Analysis Undo Losers Redo Winners Crash
Why is it important to do Undo Losers first and then Redo Winners? Assume that data item A initially has value 10, then updated by Ti to 20 and then Ti is aborted. So the value will be brought back to 10. Then let us say that there is transaction Tj which updates 10 to 30 and is committed. Later there is crash. At recovery time, the log will look like Ti, A, 10, 20 Ti, abort (local, not crash) <time elapses> Tj, A, 10, 30 Tj, commit <crash> If the redo pass is performed first, A will be set to 30; and then in undo pass, it will be made to 10, which is wrong. So, redo should be done after undo, otherwise you might undo the redo of a redo-ed (committed) transaction! In response to above, could say “Hey, why don’t you look at previous-image to check that you are undoing the right thing” – answer is what if the new value by Tj is also 20! Crash

10 Assumptions Page-level locking Simple lock types (S, X)
Physical logging (before-image, after-image) Trivially guaranteed idempotency of undo and redo operations (ensuring no impact of crashes during the recovery process)

11 To Increase Concurrency
Support operation logging describe operation, not effects of operation Support fancy lock modes e.g. increment/decrement Support fine-grained locking record-level

12  (Very) Careful design of recovery protocol
Implications Because of operation logging, no longer trivially idempotent ! (e.g. repeated undo of an increment operation is not equal to that of single undo) Because of fancy lock types, the value of a data item may reflect the effect of multiple uncommitted updates from different transactions. Because of record-level locking, a page may simultaneously contain updates of (eventual) losers and winners.  (Very) Careful design of recovery protocol

13 Solution: (SC) ARIES ! C. Mohan (IBM Fellow)
Industrial Strength Algorithm Implemented in several commercial products (e.g. IBM DB2) and research prototypes (e.g. Shore) Integrates well with other components of the system (data CC, index CC, ...) Main features: CLRs and REDO-ALL

14 The ARIES Method

15 WAL & the Log Each log record has a unique Log Sequence Number (LSN).
LSNs DB pageLSNs RAM flushedLSN WAL & the Log Each log record has a unique Log Sequence Number (LSN). LSNs always increasing. Each data page contains a pageLSN. The LSN of the most recent log record for an update to that page. System keeps track of flushedLSN. The max LSN flushed so far to disk. WAL: Before a data page is written to disk, pageLSN  flushedLSN “Log tail” in RAM Log records flushed to disk pageLSN

16 Log Records LogRecord fields: Possible log record types: Update
Prepared Commit Abort End Compensation Log Records Checkpoint Records type XID prevLSN length pageID offset before-image after-image update & CLR records only Note CLRs will not have after-image, only before-image values (these will be present in the after-image field perhaps). CLRs only UndoNxtLSN (Instead of before/after image, logical logging is also permitted)

17 Compensation Log Records
CLRs are redo-only records of the undos of the updates of aborted transactions Explicitly provide idempotency by keeping track of the rollback status of a transaction Permits operation logging, page-oriented redo (for efficient recovery), and logical undo (high concurrency during normal processing) A NO-OP Xaction is equivalent to a committed “aborted + CLR” transaction, hence ensures uniform treatment of losers and winners Does CLRs have to follow WAL? Yes, because they are redo records. Because of writing CLRs, the disk head has to move back and forth between the undo-ed update and the CLR, thereby making performance worse.

18 Transaction Table (TT)
One entry per active Xaction XID (transaction identifier) status (running/prepared/commited/aborted) lastLSN (latest log record written by Xaction) UndoNxtLSN (LSN of next log record to be undone) Use: ensures no repetition of previously done work Meant for UNDO pass

19 Dirty Page Table (DPT) One entry per dirty page in buffer pool
PageID (page identifier) recLSN (LSN of first log record that caused the page to be dirty). Use: indicates earliest log record which might have to be redone Meant for REDO pass

20 Checkpointing Periodically, the DBMS creates a checkpoint, in order to minimize the time taken to recover in the event of a system crash. Write to log: begin_checkpoint record: Indicates when checkpoint began. end_checkpoint record: Contains current transaction table and dirty page table. Other Xacts continue to run; so these tables are guaranteed to be uptodate only as of the time of the begin_checkpoint record. No attempt to force dirty pages to disk; effectiveness of checkpoint limited by oldest un-forced change to a dirty page. (So it’s a good idea to periodically flush dirty pages to disk!) Store LSN of begin_checkpoint record in a safe place (master record).

21 The Big Picture: What’s Stored Where
LOG RAM DB LogRecords Xact Table Xid lastLSN status undoNxtLSN Dirty Page Table PageID recLSN flushedLSN type XID prevLSN length pageID offset before-image after-image undoNxtLSN Data pages pageLSN master record

22 Normal Execution of a Transaction
Series of reads & writes, followed by commit or abort. Strict 2PL. STEAL, NO-FORCE buffer management, with Write-Ahead Logging.

23 Transaction Commit Write commit record to log.
All log records up to Xact’s lastLSN are flushed. Guarantees that flushedLSN ³ lastLSN. Commit() returns. Write end record to log.

24 Simple Transaction Abort
Explicit abort of a Xaction, no crash involved Write an Abort log record. “Play back” the log in reverse order, UNDOing updates. Get lastLSN of Xaction from TT . Follow chain of log records backward via the prevLSN field. I think that the last line above – for recovering from crash during Undo, is useful really only for the distributed case, where we would like to make distinction between prepared with no subsequent records (therefore, in-doubt) and abort (where decision is known).

25 Abort (contd) To perform UNDO, must have a lock on data!
No problem (because of strict 2PL) Before restoring old value of a page, write a CLR: You continue logging while you UNDO!! CLR has one extra field: undonextLSN Points to the next LSN to undo (i.e. the prevLSN of the record we’re currently undoing). CLRs never Undone (but they might be Redone when repeating history: guarantees Atomicity) At end of UNDO, write an “end” log record.

26 Crash Recovery: Big Picture
log Oldest log record of Xaction active at crash Start from a checkpoint (found via master record). Three phases. Need to: Figure out which Xactions committed since checkpoint, which failed (ANALYSIS). REDO all actions (repeat history) UNDO effects of failed Xacts. Smallest recLSN in dirty page table after Analysis Last chkpt CRASH A R U

27 Recovery: The Analysis Phase
Reconstruct state at checkpoint. via end_checkpoint record. Scan log forward from begin_checkpoint. End record: Remove Xaction from TT. Other records: Add Xaction to TT if not already there, set lastLSN=LSN, change Xaction status for control records. Update record: If page P not in DPT, add P to DPT, set its recLSN=LSN.

28 Output of Analysis Phase
TT is accurate as of crash, and gives the list of all transactions that were active at the time of the crash. DPT is also accurate as of crash, but may be “conservative” – may include some pages that may have been written to disk. Could be eliminated by writing an end_write log record at the end of each data page write, but again CISC versus RISC argument holds.

29 Recovery: The REDO Phase
We repeat History to reconstruct state at crash: Reapply all updates including CLRs. Scan forward from log record containing smallest recLSN in DPT. For each CLR or update log record, REDO the action unless: Affected page is not in DPT, or Affected page is in DPT, but has recLSN > LSN, or pageLSN (in DB) ³ LSN. To REDO an action: Reapply logged action. Set pageLSN = LSN . No additional logging! Condition 1: Means the page was written to disk either before the latest checkpoint (hence not present in DPT copy to checkpoint record), or even during the checkpoint (again, hence not present in DPT copy to checkpoint record). Note that a subsequent page write will NOT be known to system. This is a good exam question as to what kind of flushes (wrt time) could result in absence of page in DPT. Condition 2: recLSN > LSN means that the page had been written to disk subsequent to this update and subsequently re-read into memory and updated Condition 3: pageLSN > LSN means that the page had been written to disk subsequent to this update (and we won’t know because not logging data page flushes).

30 Recovery: The UNDO Phase
ToUndo={ l | l is a UndoNxtLSN of a loser Xaction} Repeat: Choose largest LSN among ToUndo. If this LSN is a CLR and undonextLSN==NULL Write an End record for this Xaction If this LSN is a CLR, and undonextLSN != NULL Add undonextLSN to ToUndo If this LSN is an update. Undo the update, write a CLR, add prevLSN to ToUndo. If this LSN is “abort” or “prepare”, add prevLSN to ToUndo. Remove LSN from ToUndo Until ToUndo is empty. In the above, Undo the update, write a CLR, should actually be “write a CLR, undo the update” but okay as long as WAL is being followed. Here write means write to memory, not flush. Also, we use lastLSN in first line, instead of Mohan’s UndoNxtLSN. The reason this is okay is that UndoNxtLSN = LastLSN for an active transaction and will be equal to the latest CLR’s UndoNxtLSN for an already aborted transaction. So, since we access the log record of the latest CLR explicitly and get the UndoNxtLSN from there, all that we are saving is the access of one log record (i.e. latest CLR) If the most recent log record is a CLR, the value of UndoNxtLSN is set equal to the UndoNxtLSN value from that CLR (Page 114).

31 Example of Recovery LSN LOG RAM ToUndo 00 05 10 20 30 40 45 50 60
begin_checkpoint end_checkpoint update: T1 writes P5 update T2 writes P3 T1 abort CLR: Undo T1 LSN 10 T1 End update: T3 writes P1 update: T2 writes P5 CRASH, RESTART Xact Table lastLSN status undoNxtLSN Dirty Page Table recLSN flushedLSN prevLSNs ToUndo

32 Example: Crash During Restart!
LSN LOG 00,05 10 20 30 40,45 50 60 70 80,85 90 begin_checkpoint, end_checkpoint update: T1 writes P5 update T2 writes P3 T1 abort CLR: Undo T1 LSN 10, T1 End update: T3 writes P1 update: T2 writes P5 CRASH, RESTART CLR: Undo T2 LSN 60 CLR: Undo T3 LSN 50, T3 end CLR: Undo T2 LSN 20, T2 end RAM undonextLSN Xact Table lastLSN status Dirty Page Table recLSN flushedLSN ToUndo

33 Additional Crash Issues
What happens if system crashes during Analysis? Restart the Analysis phase again During REDO? Some redos will not be redone since pageLSN will now be equal to update record’s LSN. How to limit the amount of work in REDO? Flush asynchronously in the background. How to limit the amount of work in UNDO? Avoid long-running Xactions.

34 SUMMARY of ARIES PRINCIPLES
WAL Repeating history during REDO Make db accurate as of CRASH Logging changes (with CLRs) during UNDO Bounded recovery effort

35 END TRANSACTION MANAGEMENT

Download ppt "RECOVERY MANAGER E0 261 Jayant Haritsa Computer Science and Automation"

Similar presentations

1 CS411 Database Systems 12: Recovery obama and eric schmidt sysadmin song

1 CS411 Database Systems 12: Recovery obama and eric schmidt sysadmin song
Crash Recovery R&G - Chapter 20

Crash Recovery R&G - Chapter 20
Transaction Management: Crash Recovery, part 2 CS634 Class 21, Apr 23, 2014 Slides based on “Database Management Systems” 3 rd ed, Ramakrishnan and Gehrke.

Transaction Management: Crash Recovery, part 2 CS634 Class 21, Apr 23, 2014 Slides based on “Database Management Systems” 3 rd ed, Ramakrishnan and Gehrke.
CS 440 Database Management Systems Lecture 10: Transaction Management - Recovery 1.

CS 440 Database Management Systems Lecture 10: Transaction Management - Recovery 1.
1 Crash Recovery Chapter 18. 2 Review: The ACID properties  A  A tomicity: All actions of the Xact happen, or none happen.  C  C onsistency: If each.

1 Crash Recovery Chapter Review: The ACID properties  A  A tomicity: All actions of the Xact happen, or none happen.  C  C onsistency: If each.
Jianlin Feng School of Software SUN YAT-SEN UNIVERSITY

Jianlin Feng School of Software SUN YAT-SEN UNIVERSITY
Database Management Systems, 3ed, R. Ramakrishnan and J. Gehrke 1 Crash Recovery Chapter 18.

Database Management Systems, 3ed, R. Ramakrishnan and J. Gehrke 1 Crash Recovery Chapter 18.
Crash Recovery R&G - Chapter 18.

Crash Recovery R&G - Chapter 18.
ARIES: Logging and Recovery Slides derived from Joe Hellerstein; Updated by A. Fekete If you are going to be in the logging business, one of the things.

ARIES: Logging and Recovery Slides derived from Joe Hellerstein; Updated by A. Fekete If you are going to be in the logging business, one of the things.
Crash Recovery, Part 1 If you are going to be in the logging business, one of the things that you have to do is to learn about heavy equipment. Robert.

Crash Recovery, Part 1 If you are going to be in the logging business, one of the things that you have to do is to learn about heavy equipment. Robert.
5/13/20151 PSU’s CS 587 16…. Recovery - Review (only for DB with updates…..!)  ACID: Atomicity & Durability  Trading execution time for recovery time.

5/13/20151 PSU’s CS …. Recovery - Review (only for DB with updates…..!)  ACID: Atomicity & Durability  Trading execution time for recovery time.
1 Crash Recovery Chapter 18. 2 Review: The ACID properties  A  A tomicity: All actions of the Xact happen, or none happen.  C  C onsistency: If each.

1 Crash Recovery Chapter Review: The ACID properties  A  A tomicity: All actions of the Xact happen, or none happen.  C  C onsistency: If each.
© Dennis Shasha, Philippe Bonnet 2001 Log Tuning.

© Dennis Shasha, Philippe Bonnet 2001 Log Tuning.
Introduction to Database Systems1 Logging and Recovery CC Lecture 2.

Introduction to Database Systems1 Logging and Recovery CC Lecture 2.
1 Crash Recovery Chapter 18. 2 Review: The ACID properties  A  A tomicity: All actions in the Xact happen, or none happen.  C  C onsistency: If each.

1 Crash Recovery Chapter Review: The ACID properties  A  A tomicity: All actions in the Xact happen, or none happen.  C  C onsistency: If each.
COMP9315: Database System Implementation 1 Crash Recovery Chapter 18 (3 rd Edition)

COMP9315: Database System Implementation 1 Crash Recovery Chapter 18 (3 rd Edition)
Database Management Systems, 2 nd Edition. R. Ramakrishnan and J. Gehrke 1 Crash Recovery Chapter 20 If you are going to be in the logging business, one.

Database Management Systems, 2 nd Edition. R. Ramakrishnan and J. Gehrke 1 Crash Recovery Chapter 20 If you are going to be in the logging business, one.
Transaction Management: Crash Recovery CS634 Class 20, Apr 16, 2014 Slides based on “Database Management Systems” 3 rd ed, Ramakrishnan and Gehrke.

Transaction Management: Crash Recovery CS634 Class 20, Apr 16, 2014 Slides based on “Database Management Systems” 3 rd ed, Ramakrishnan and Gehrke.
ICS 421 Spring 2010 Transactions & Recovery Asst. Prof. Lipyeow Lim Information & Computer Science Department University of Hawaii at Manoa 3/4/20101Lipyeow.

ICS 421 Spring 2010 Transactions & Recovery Asst. Prof. Lipyeow Lim Information & Computer Science Department University of Hawaii at Manoa 3/4/20101Lipyeow.
Crash Recovery Lecture 24 R&G - Chapter 18 If you are going to be in the logging business, one of the things that you have to do is to learn about heavy.

Crash Recovery Lecture 24 R&G - Chapter 18 If you are going to be in the logging business, one of the things that you have to do is to learn about heavy.

Similar presentations

Ads by Google