Presentation is loading. Please wait.

Presentation is loading. Please wait.

Crash recovery All-or-nothing atomicity & logging.

Published by Modified over 9 years ago

Similar presentations

Presentation on theme: "Crash recovery All-or-nothing atomicity & logging."— Presentation transcript:

1 Crash recovery All-or-nothing atomicity & logging

2 Crash at the “wrong time” is problematic Examples: –Failure during middle of online purchase –Failure during “mv /home/jinyang /home/jy” What guarantees do applications need?

3 All-or-nothing atomicity All-or-nothing operation –An operation either finishes or not at all. –No intermediate state exist upon recovery. In Database, it’s called transactions All-or-nothing is a useful guarantee

4 Crash may occur at any time Good normal case performance is desired. –Systems usually cache state Challenges of implementing all-or-nothing legal illegal

5 An Example Client program Storage server cache disk Transfer $1000 From A:$3000 To B:$2000 A:3000 B:2000 A:2000 B:3000 A:2000 B:2000

6 1st try at all-or-nothing Map all file pages in memory Modify A = A-1000 Modify B = B+1000 Write A to disk Write B to disk Client program Storage server dir F page table B A

7 2nd try at all-or-nothing Read A from F curr, read B from F curr A=A-1000; B = B+1000; Write A to F curr Write B to F curr Replace F shadow with F curr Client program Storage server dir F curr page table B A F shadow page table B A

8 Problems with the 2nd try Multiple transactions might share the same file: –Two concurrent transactions: T1: transfer 1000 from A to B T2: transfer 10 from C to D –Committing T1 would (falsely) write intermediate state of T2 to disk

9 3rd try is a charm Keep a log of all update actions Each action has 3 required operations DO UNDO REDO old state new state log record new state log record old state new state log record old state

10 SysR: logging Merge all actions into one log –Append-only –Reduce random access –Require linked list of actions within one transaction Each log record consists of: –Log record length –Transaction ID –Action ID –Timestamp –Pointer to previous record in this transaction –Action (file name, record name, old & new value)

11 SysR: logging How to commit a transaction? SysR logging rules: 1.Write log record to disk before modifying persistent state 2.At commit point, append a commit record and force all transaction’s log records to disk How to recover from a crash? (no checkpoint)

12 SysR: checkpoints Checkpoints make recovery fast –No need to start from a blank state How to checkpoint? 1.Wait till no transactions (or actions) are in progress (why?) 2.Write a checkpoint record to log Contains a list of all transactions in progress 3.Save all files 4.Atomically save checkpoint by updating root to point to latest checkpoint record (why?)

13 2. Read log to learn that T2, T3 are winners and T4 is a loser SysR: recovery checkpoint T1 T2 T3 T4 T5 1. Read most recent checkpoint to learn that T2, T4 are ongoing transactions 3. Read log to undo loser 4. Read log to redo winner

14 Example using logging Transfer $1000 From A:$3000 To B:$2000 Transfer $10 From C:$10 To D:$0 sysR File: F Rec: A Old: 3000 New: 2000 File: F Rec: B Old: 2000 New: 3000 File: F Rec: C Old: 10 New: 0 commit Checkpt T1,T2 T1T2 page table B A F

15 Example recovery Transfer $1000 From A:$3000 To B:$2000 Transfer $10 From C:$10 To D:$0 sysR File: F Rec: A Old: 3000 New: 2000 File: F Rec: B Old: 2000 New: 3000 File: F Rec: C Old: 10 New: 0 commit Checkpt T1,T2 T1T2 page table B A F Checkpoint state A:2000 B:2000 C:0 D:0

16 UNDO-only and REDO-only logs Do not always need both UNDO/REDO operations UNDO logs –Append write log record UNDO an not-done operation has no effect –Modify on-disk state (or not) –… –Append COMMIT log record REDO logs –Append write log record –Modify on-disk state (or not) REDO an operation twice produces the same result –… –Append COMMIT log record

17 Example using UNDO-log Transfer $1000 From A:$3000 To B:$2000 Transfer $10 From C:$10 To D:$0 sysR File: F Rec: A Old: 3000 File: F Rec: B Old: 2000 File: F Rec: C Old: 10 commit Checkpt T1T2 Checkpoint state A:3000 B:2000 C:10 D:0 Is checkpoint allowed here? Recovery goes forward UNDO uncommitted actions

18 Example using REDO-log Transfer $1000 From A:$3000 To B:$2000 Transfer $10 From C:$10 To D:$0 sysR File: F Rec: A New: 2000 File: F Rec: B New: 3000 File: F Rec: C New: 0 commit Checkpt T1T2 Checkpoint state A:3000 B:2000 C:10 D:0 Is checkpoint allowed here? Recovery goes forward REDO committed actions

19 Case study: disk file systems

20 FS is a complex data structure i-nodes and directory contents are called meta-data Also need a free i-node bitmap, a free data block bitmap root inode 0 home 1 user 2 inode 1 inode 2 f1.txt 3 inode 3 data dir block

21 Kernel caches used blocks Buffer cache holds recently used blocks Very effective for reads –e.g. access root i-node is extremely fast Delay writes –Multiple operations can be batched to reduce disk writes –Dirty blocks are lost during crash!

22 Handling crash recovery is hard Dangers if crash during meta-data modification –Files/dirs disappear completely –Files appear when they shouldn’t –Files have content belonging to different files Dangers of crashing during file content modification –Some writes are lost –File content are a mix of old and new data

23 Goal of FS recovery Leave file system in a good state w.r.t. meta-data It is okay to lose a few operations –To tradeoff for better performance during normal operation

24 A strawman recovery The fsck program –Descend the FS tree –Remembers allocated i-nodes & blocks –Initialized free i-node & data bitmaps based on step 2. –Also checks for invariants like: block used by two files file length != number of blocks etc. –Prompt user if problem cannot be fixed

25 Example crash problems fd = create(“d/f”, 0666); write(fd, “hello”, 5); 1.i-node bitmap (Get a free i-node for “f”) 2.“f”s i-node (write owner etc.) 3.“d”s dir content (add “f” to i-number mapping) 4.“d”s i-node (update length & mtime) 5.Block bitmap (get a free block for f’s data) 6.Data block 7.“f”s i-node (add block to list, update mtime & length) User program File system writes unlink(“d/f”); 8. “d”’ content (remove “f” entry) 9. “d”’ i-node (update length, mtime) 10. i-node bitmap 11 block bitmap

26 FS uses write-back cache If every write goes to disk, how fast? –10 ms per modification, 70 ms/file --> 14 files/s FS only writes to cache, so is quick When cache fills up with dirty blocks, flush some to disk –Writes 1,2,3,4,5 and 7 are amortized over many files

27 Can we recover with a write- back cache? Write-back cache may write to disk in any order. Worst case scenarios: –A few dirty blocks are flushed to disk, then crash, recover.

28 Example crash problems Wrote 1-8 Wrote just 3 Wrote 1-7 and 10 fd = create(“d/f”, 0666); write(fd, “hello”, 5); 1.i-node bitmap (Get a free i-node for “f”) 2.“f”s i-node (write owner etc.) 3.“d”s dir content (add “f” to i-number mapping) 4.“d”s i-node (update length & mtime) 5.Block bitmap (get a free block for f’s data) 6.Data block 7.“f”s i-node (add block to list, update mtime & length) unlink(“d/f”); 8. “d”’ content (remove “f” entry) 9. “d”’ i-node (update length, mtime) 10. i-node bitmap 11 block bitmap

29 A more serious crash Create happens to re-use i-node freed by unlink Only write #3 goes to disk –#3: update “d”’ content to add “f2” to i-number mapping Recovery: –Nothing to fix –But file “f2” has “f1”’ content –Serious undetected inconsistency unlink(“d/f1”); create(“d/f2”);

30 FS needs all-or-nothing meta- data update How Cedar performs FS operations: –Update name table B-tree in memory –Append name table modification to in- memory (REDO) log When is in-memory log forced to disk? –Group commit, every 1/2 second –Why?

31 Cedar’s logging When can modified disk cache pages be written to disk? –Before writing the log records? –After? What if it runs out of log space? –Flush parts of log to disk, re-use flushed log space

32 Cedar’s log space reclaimation Before reclaiming oldest 3rd, flush all its records to disk if the page is not found in later 3rds oldest 3rd middle 3rd newest 3rd End of log

33 Cedar’s recovery Recovery re-dos log records What’s the state of FS after recovery? –Are all completed operations before crash in the recovered state? –Cedar recovers a prefix of completed operations

34 Cedar only logs meta-data ops Why not log data? What might happen if Cedar crashes while modifying file?

35 Cedar is fast Cedar does 1/7 I/Os for small creates than its predecessor

Download ppt "Crash recovery All-or-nothing atomicity & logging."

Similar presentations

4/8/14CS161 Spring 201411 Journaling File Systems Learning Objectives Explain log journaling/logging can make a file system recoverable. Discuss tradeoffs.

4/8/14CS161 Spring Journaling File Systems Learning Objectives Explain log journaling/logging can make a file system recoverable. Discuss tradeoffs.
Crash Recovery John Ortiz. Lecture 22Crash Recovery2 Review: The ACID properties  Atomicity: All actions in the transaction happen, or none happens 

Crash Recovery John Ortiz. Lecture 22Crash Recovery2 Review: The ACID properties  Atomicity: All actions in the transaction happen, or none happens 
1 CSIS 7102 Spring 2004 Lecture 9: Recovery (approaches) Dr. King-Ip Lin.

1 CSIS 7102 Spring 2004 Lecture 9: Recovery (approaches) Dr. King-Ip Lin.
CS 440 Database Management Systems Lecture 10: Transaction Management - Recovery 1.

CS 440 Database Management Systems Lecture 10: Transaction Management - Recovery 1.
Transactions and Recovery Checkpointing Souhad Daraghma.

Transactions and Recovery Checkpointing Souhad Daraghma.
File Systems.

File Systems.
Copyright © 2007 Ramez Elmasri and Shamkant B. Navathe Slide 19- 1.

Copyright © 2007 Ramez Elmasri and Shamkant B. Navathe Slide
Copyright © 2011 Pearson Education, Inc. Publishing as Pearson Addison-Wesley Chapter 23 Database Recovery Techniques.

Copyright © 2011 Pearson Education, Inc. Publishing as Pearson Addison-Wesley Chapter 23 Database Recovery Techniques.
Chapter 20: Recovery. 421B: Database Systems - Recovery 2 Failure Types q Transaction Failures: local recovery q System Failure: Global recovery I Main.

Chapter 20: Recovery. 421B: Database Systems - Recovery 2 Failure Types q Transaction Failures: local recovery q System Failure: Global recovery I Main.
Jinze Liu. Have studied C.C. mechanisms used in practice - 2 PL - Multiple granularity - Tree (index) protocols - Validation.

Jinze Liu. Have studied C.C. mechanisms used in practice - 2 PL - Multiple granularity - Tree (index) protocols - Validation.
Recovery CPSC 356 Database Ellen Walker Hiram College (Includes figures from Database Systems by Connolly & Begg, © Addison Wesley 2002)

Recovery CPSC 356 Database Ellen Walker Hiram College (Includes figures from Database Systems by Connolly & Begg, © Addison Wesley 2002)
CSCI 3140 Module 8 – Database Recovery Theodore Chiasson Dalhousie University.

CSCI 3140 Module 8 – Database Recovery Theodore Chiasson Dalhousie University.
Chapter 19 Database Recovery Techniques

Chapter 19 Database Recovery Techniques
File Systems Examples.

File Systems Examples.
Transactions A process that reads or modifies the DB is called a transaction. It is a unit of execution of database operations. Basic JDBC transaction.

Transactions A process that reads or modifies the DB is called a transaction. It is a unit of execution of database operations. Basic JDBC transaction.
Jan. 2014Dr. Yangjun Chen ACS-49021 Database recovery techniques (Ch. 21, 3 rd ed. – Ch. 19, 4 th and 5 th ed. – Ch. 23, 6 th ed.)

Jan. 2014Dr. Yangjun Chen ACS Database recovery techniques (Ch. 21, 3 rd ed. – Ch. 19, 4 th and 5 th ed. – Ch. 23, 6 th ed.)
Recovery from Crashes. Transactions A process that reads or modifies the DB is called a transaction. It is a unit of execution of database operations.

Recovery from Crashes. Transactions A process that reads or modifies the DB is called a transaction. It is a unit of execution of database operations.
Recovery from Crashes. ACID A transaction is atomic -- all or none property. If it executes partly, an invalid state is likely to result. A transaction,

Recovery from Crashes. ACID A transaction is atomic -- all or none property. If it executes partly, an invalid state is likely to result. A transaction,
Recovery 10/18/05. Implementing atomicity Note, when a transaction commits, the portion of the system implementing durability ensures the transaction’s.

Recovery 10/18/05. Implementing atomicity Note, when a transaction commits, the portion of the system implementing durability ensures the transaction’s.
ACID A transaction is atomic -- all or none property. If it executes partly, an invalid state is likely to result. A transaction, may change the DB from.

ACID A transaction is atomic -- all or none property. If it executes partly, an invalid state is likely to result. A transaction, may change the DB from.

Similar presentations

Ads by Google