Crash Recovery

Review: The ACID properties

 A tomicity: All actions in the Xaction happen, or none happen.
 C onsistency: If each Xaction is consistent, and the DB starts
consistent, it ends up consistent.
 I solation: Execution of one Xaction is isolated from that of other Xacts.
 D urability: If a Xaction commits, its effects persist.

 CC guarantees Isolation and Atomicity.

 The Recovery Manager guarantees Atomicity & Durability.
 Why is recovery system necessary?
 Transaction failure :
 Logical errors: application errors (e.g. div by 0, segmentation fault)
 System errors: deadlocks
 Aborts

 System crash: hardware/software failure causes the system to

crash.

 Disk failure: head crash or similar disk failure destroys all or

part of disk storage
The data we will lose can be in main memory or in disk
 Storage Media
 Volatile storage:
 does not survive system crashes
 examples: main memory, cache memory
 Nonvolatile storage:
 survives system crashes
 examples: disk, tape, flash memory,
non-volatile (battery backed up) RAM
 Stable storage:
 a “mythical” form of storage that survives all failures
 approximated by maintaining multiple copies on distinct nonvolatile
media
 Recovery and Durability

 To achieve Durability: Put data on stable storage

 To approximate stable storage make two copies of

data

 Problem: data transfer failure

 Stable-Storage Implementation
 Solution:
 Write to the first disk
 Write to the second disk when the first disk completes
 The process is complete only after the second write completes
successfully

 Recovery (from disk failures, etc):

 Detect bad blocks with the checksum (e.g. parity)
 Two good copies, equal blocks: done
 One good, one bad : copy good to bad
 Two bad copies: ignore write
 Two good, unequal blocks?

Ans: Copy the second to the first

 Recovery and Atomicity

 Durability is achieved by making 2 copies of data

 What about atomicity…

 Crash may cause inconsistencies…

 Recovery and Atomicity

 Example: transfer $50 from account A to account B

 goal is either to perform all database modifications made by Ti or
none at all.
 Requires several inputs (reads) and outputs (writes)
 Failure after output to account A and before output to B….
 DB is corrupted!
 Recovery Algorithms
 Recovery algorithms are techniques to ensure database
consistency and transaction atomicity and durability despite
failures
 Recovery algorithms have two parts
1. Actions taken during normal transaction processing to ensure
enough information exists to recover from failures
2. Actions taken after a failure to recover the database contents to a
state that ensures atomicity, consistency and durability
 Log-Based Recovery
 Simplifying assumptions:
 Transactions run serially
 logs are written directly on the stable stogare
 Log: a sequence of log records; maintains a record of update
activities on the database. (Write Ahead Log, W.A.L.)
 Log records for transaction Tj:
 <Ti start >
 <Ti, X, V1, V2>
 <Ti commit >
 Two approaches using logs
 Deferred database modification
 Immediate database modification
 Log example

Transaction T1 Log

Read(A) <T1, start>

A =A-50 <T1, A, 1000, 950>
Write(A) <T1, B, 2000, 2050>
Read(B) <T1, commit>
B = B+50
Write(B)
 Deferred Database Modification
 Ti starts: write a <Ti start> record to log.
 Ti write(X)
 write <Ti, X, V> to log: V is the new value for X
 The write is deferred
 Note: old value is not needed for this scheme

 Ti partially commits:
 Write <Ti commit> to the log
 DB updates by reading and executing the log:
 <Ti start> …… <Ti commit>
 Deferred Database Modification
 How to use the log for recovery after a crash?
 Redo: if both <Ti start> and <Ti commit> are there in the log.
 Crashes can occur while
 the transaction is executing the original updates, or
 while recovery action is being taken

 example transactions T0 and T1 (T0 executes before T1):

T0: read (A) T1 : read (C)
A: - A - 50 C:- C- 100
Write (A) write (C)
read (B)
B:- B + 50
write (B)
 Deferred Database Modification (Cont.)
 Below we show the log as it appears at three instances of time.

<T0, start> <T0, start> <T0, start>

<T0, A, 950> <T0, A, 950> <T0, A, 950>
<T0, B, 2050> <T0, B, 2050> <T0, B, 2050>
<T0, commit> <T0, commit>
<T1, start> <T1, start>
(a) <T1, C, 600> <T1, C, 600>
<T1, commit>
(b)
(c)
 Immediate Database Modification
 Database updates of an uncommitted transaction is allowed

 Tighter logging rules are needed to ensure transaction are

undoable
 Write records must be of the form: <Ti, X, Vold, Vnew >

 log record must be written before database item is written

 Output of DB blocks can occur:

 Before or after commit
 In any order
 Immediate Database Modification Example
Log Write Output

<T0 start>
<T0, A, 1000, 950>
<To, B, 2000, 2050>
A = 950
B = 2050
<T0 commit>
<T1 start>
<T1, C, 700, 600>
C = 600
B B , BC
<T1 commit>
BA
 Note: BX denotes block containing X.
 Immediate Database Modification (Cont.)
 Recovery procedure :
 Undo : <Ti, start > is in the log but <Ti commit> is not. Undo:
 restore the value of all data items updated by Ti to their old
values, going backwards from the last log record for Ti
 Redo: <Ti start> and <Ti commit> are both in the log. Redo:
 sets the value of all data items updated by Ti to the new values,
going forward from the first log record for Ti
 Both operations must be idempotent: even if the operation is executed
multiple times the effect is the same as if it is executed once
 Undo operations are performed first, then redo operations. Why?
 I M Recovery Example
<T0, start> <T0, start>
<T0, start>
<T0, A, 1000, 950> <T0, A, 1000, 950>
<T0, A, 1000, 950>
<T0, B, 2000, 2050> <T0, B, 2000, 2050>
<T0, B, 2000, 2050>
<T0, commit> <T0, commit>
<T1, start> <T1, start>
(a) <T1, C, 700, 600> <T1, C, 700, 600>
<T1, commit>
(b)
Recovery actions in each case above are: (c)
(a) undo (T0): B is restored to 2000 and A to 1000.
(b) undo (T1) and redo (T0): C is restored to 700, and then A and B are
set to 950 and 2050 respectively.
(c) redo (T0) and redo (T1): A and B are set to 950 and 2050
respectively. Then C is set to 600
 Checkpoints

 Problems in recovery procedure as discussed earlier :

1. searching the entire log is time-consuming
2. we might unnecessarily redo transactions which have already
output their updates to the database.
 How to avoid redundant redoes?
 Put marks in the log indicating that at that point DB and log are
consistent. Checkpoint!
 Checkpoints
 At a checkpoint:
 Output all log records currently residing in main memory onto
stable storage.

 Output all modified buffer blocks to the disk.

 Write a log record < checkpoint> onto stable storage.

 Checkpoints (Cont.)

 Recovering from log with checkpoints:

1. Scan backwards from end of log to find the most recent
<checkpoint> record

2. Continue scanning backwards till a record <Ti start> is found.

3. Need only consider the part of log following above start record.
Why?

4. After that, recover from log with the rules that we had before.
 Example of Checkpoints

Tc Tf
T1
T2
T3
T4

checkpoint checkpoint system failure

T1 can be ignored (updates already output to disk due to checkpoint)

T2 and T3 redone.

T4 undone
 Recovery With Concurrent Transactions

 To permit concurrency:
 All transactions share a single disk buffer and a single log
 Concurrency control: Strict 2PL :i.e. Release eXclusive locks only
after commit. Why?
 Logging is done as described earlier.
 The checkpointing technique and actions taken on recovery have
to be changed (based on ARIES)
 since several transactions may be active when a checkpoint is
performed.
 Recovery With Concurrent Transactions (Cont.)
 Checkpoints for concurrent transactions:
< checkpoint L>
L: the list of transactions active at the time of the checkpoint
 We assume no updates are in progress while the checkpoint is carried
out
 Recovery for concurrent transactions, 3 phases:
1. Initialize undo-list and redo-list to empty
2. Scan the log backwards from the end, stopping when the first
<checkpoint L> record is found.
For each record found during the backward scan: ANALYSIS
 if the record is <Ti commit>, add Ti to redo-list
 if the record is <Ti start>, then if Ti is not in redo-list, add Ti to undo-list
 For every Ti in L, if Ti is not in redo-list, add Ti to undo-list
 Recovery With Concurrent Transactions
 Scan log backwards
 Perform undo(T) for every transaction in undo-list
 Stop when reach <T, start> for every T in undo-list. UNDO

 Locate the most recent <checkpoint L> record.

1. Scan log forwards from the <checkpoint L> record till the end of
the log.
2. perform redo for each log record that belongs to a transaction on
redo-list
REDO
 Example of Recovery
 Go over the steps of the recovery algorithm on the following log:
<T0 start>
<T0, A, 0, 10>
Redo-list{T3}
<T0 commit> Undo-list{T1, T2}
<T1 start>
<T1, B, 0, 10> Undo: Redo:
<T2 start> Set C to 10 Set A to 20
<T2, C, 0, 10> Set C to 0 Set D to 10
<T2, C, 10, 20> Set B to 0
<checkpoint {T1, T2}>
<T3 start>
<T3, A, 10, 20>
DB A B C D
<T3, D, 0, 10> Initial 0 0 0 0
<T3 commit> At crash 20 10 20 10
Crash!!!! After rec. 20 0 0 10