Chapter 17- Recovery System.ppt

《Chapter 17- Recovery System.ppt》由会员分享，可在线阅读，更多相关《Chapter 17- Recovery System.ppt（71页珍藏版）》请在麦多课文档分享上搜索。

1、Chapter 17: Recovery System,Failure Classification Storage Structure Recovery and Atomicity Log-Based Recovery Shadow Paging Recovery With Concurrent Transactions Buffer Management Failure with Loss of Nonvolatile Storage Advanced Recovery Techniques ARIES Recovery Algorithm Remote Backup Systems,Fa

2、ilure Classification,Transaction failure : Logical errors: transaction cannot complete due to some internal error condition System errors: the database system must terminate an active transaction due to an error condition (e.g., deadlock) System crash: a power failure or other hardware or software f

3、ailure causes the system to crash. Fail-stop assumption: non-volatile storage contents are assumed to not be corrupted by system crash Database systems have numerous integrity checks to prevent corruption of disk data Disk failure: a head crash or similar disk failure destroys all or part of disk st

4、orage Destruction is assumed to be detectable: disk drives use checksums to detect failures,Recovery Algorithms,Recovery algorithms are techniques to ensure database consistency and transaction atomicity and durability despite failures Focus of this chapter Recovery algorithms have two parts Actions

5、 taken during normal transaction processing to ensure enough information exists to recover from failures Actions taken after a failure to recover the database contents to a state that ensures atomicity, consistency and durability,Storage Structure,Volatile storage: does not survive system crashes ex

6、amples: main memory, cache memory Nonvolatile storage: survives system crashes examples: disk, tape, flash memory, non-volatile (battery backed up) RAM Stable storage: a mythical form of storage that survives all failures approximated by maintaining multiple copies on distinct nonvolatile media,Stab

7、le-Storage Implementation,Maintain multiple copies of each block on separate disks copies can be at remote sites to protect against disasters such as fire or flooding. Failure during data transfer can still result in inconsistent copies: Block transfer can result in Successful completion Partial fai

8、lure: destination block has incorrect information Total failure: destination block was never updated Protecting storage media from failure during data transfer (one solution): Execute output operation as follows (assuming two copies of each block): Write the information onto the first physical block

9、. When the first write successfully completes, write the same information onto the second physical block. The output is completed only after the second write successfully completes.,Stable-Storage Implementation (Cont.),Protecting storage media from failure during data transfer (cont.): Copies of a

10、block may differ due to failure during output operation. To recover from failure: First find inconsistent blocks: Expensive solution: Compare the two copies of every disk block. Better solution: Record in-progress disk writes on non-volatile storage (Non-volatile RAM or special area of disk). Use th

11、is information during recovery to find blocks that may be inconsistent, and only compare copies of these. Used in hardware RAID systems If either copy of an inconsistent block is detected to have an error (bad checksum), overwrite it by the other copy. If both have no error, but are different, overw

12、rite the second block by the first block.,Data Access,Physical blocks are those blocks residing on the disk. Buffer blocks are the blocks residing temporarily in main memory. Block movements between disk and main memory are initiated through the following two operations: input(B) transfers the physi

13、cal block B to main memory. output(B) transfers the buffer block B to the disk, and replaces the appropriate physical block there. Each transaction Ti has its private work-area in which local copies of all data items accessed and updated by it are kept.Tis local copy of a data item X is called xi. W

14、e assume, for simplicity, that each data item fits in, and is stored inside, a single block.,Data Access (Cont.),Transaction transfers data items between system buffer blocks and its private work-area using the following operations : read(X) assigns the value of data item X to the local variable xi.

15、 write(X) assigns the value of local variable xi to data item X in the buffer block. both these commands may necessitate the issue of an input(BX) instruction before the assignment, if the block BX in which X resides is not already in memory. Transactions Perform read(X) while accessing X for the fi

16、rst time; All subsequent accesses are to the local copy. After last access, transaction executes write(X). output(BX) need not immediately follow write(X). System can perform the output operation when it deems fit.,Example of Data Access,x,Y,A,B,x1,y1,buffer,Buffer Block A,Buffer Block B,input(A),ou

17、tput(B),read(X),write(Y),disk,work area of T1,work area of T2,memory,x2,Recovery and Atomicity,Modifying the database without ensuring that the transaction will commit may leave the database in an inconsistent state. Consider transaction Ti that transfers $50 from account A to account B; goal is eit

18、her to perform all database modifications made by Ti or none at all. Several output operations may be required for Ti (to output A and B). A failure may occur after one of these modifications have been made but before all of them are made.,Recovery and Atomicity (Cont.),To ensure atomicity despite f

19、ailures, we first output information describing the modifications to stable storage without modifying the database itself. We study two approaches: log-based recovery, and shadow-paging We assume (initially) that transactions run serially, that is, one after the other.,Log-Based Recovery,A log is ke

20、pt on stable storage. The log is a sequence of log records, and maintains a record of update activities on the database. When transaction Ti starts, it registers itself by writing a log record Before Ti executes write(X), a log record is written, where V1 is the value of X before the write, and V2 i

21、s the value to be written to X. Log record notes that Ti has performed a write on data item Xj Xj had value V1 before the write, and will have value V2 after the write. When Ti finishes it last statement, the log record is written. We assume for now that log records are written directly to stable st

22、orage (that is, they are not buffered) Two approaches using logs Deferred database modification Immediate database modification,Deferred Database Modification,The deferred database modification scheme records all modifications to the log, but defers all the writes to after partial commit. Assume tha

23、t transactions execute serially Transaction starts by writing record to log. A write(X) operation results in a log record being written, where V is the new value for X Note: old value is not needed for this scheme The write is not performed on X at this time, but is deferred. When Ti partially commi

24、ts, is written to the log Finally, the log records are read and used to actually execute the previously deferred writes.,Deferred Database Modification (Cont.),During recovery after a crash, a transaction needs to be redone if and only if both and are there in the log. Redoing a transaction Ti ( red

25、oTi) sets the value of all data items updated by the transaction to the new values. Crashes can occur while the transaction is executing the original updates, or while recovery action is being taken example transactions T0 and T1 (T0 executes before T1):T0: read (A) T1 : read (C)A: - A - 50 C:- C- 1

26、00Write (A) write (C)read (B)B:- B + 50write (B),Deferred Database Modification (Cont.),Below we show the log as it appears at three instances of time.If log on stable storage at time of crash is as in case:(a) No redo actions need to be taken(b) redo(T0) must be performed since is present (c) redo(

27、T0) must be performed followed by redo(T1) sinceand are present,Immediate Database Modification,The immediate database modification scheme allows database updates of an uncommitted transaction to be made as the writes are issued since undoing may be needed, update logs must have both old value and n

28、ew value Update log record must be written before database item is written We assume that the log record is output directly to stable storage Can be extended to postpone log record output, so long as prior to execution of an output(B) operation for a data block B, all log records corresponding to it

29、ems B must be flushed to stable storage Output of updated blocks can take place at any time before or after transaction commit Order in which blocks are output can be different from the order in which they are written.,Immediate Database Modification Example,Log Write OutputTo, B, 2000, 2050A = 950B

30、 = 2050C = 600BB, BCBA Note: BX denotes block containing X.,x1,Immediate Database Modification (Cont.),Recovery procedure has two operations instead of one:undo(Ti) restores the value of all data items updated by Ti to their old values, going backwards from the last log record for Ti redo(Ti) sets t

31、he value of all data items updated by Ti to the new values, going forward from the first log record for Ti Both operations must be idempotent That is, even if the operation is executed multiple times the effect is the same as if it is executed once Needed since operations may get re-executed during

32、recovery When recovering after failure: Transaction Ti needs to be undone if the log contains the record , but does not contain the record . Transaction Ti needs to be redone if the log contains both the record and the record . Undo operations are performed first, then redo operations.,Immediate DB

33、Modification Recovery Example,Below we show the log as it appears at three instances of time.Recovery actions in each case above are: (a) undo (T0): B is restored to 2000 and A to 1000. (b) undo (T1) and redo (T0): C is restored to 700, and then A and B are set to 950 and 2050 respectively. (c) redo

34、 (T0) and redo (T1): A and B are set to 950 and 2050 respectively. Then C is set to 600,Checkpoints,Problems in recovery procedure as discussed earlier : searching the entire log is time-consuming we might unnecessarily redo transactions which have already output their updates to the database. Strea

35、mline recovery procedure by periodically performing checkpointing Output all log records currently residing in main memory onto stable storage. Output all modified buffer blocks to the disk. Write a log record onto stable storage.,Checkpoints (Cont.),During recovery we need to consider only the most

36、 recent transaction Ti that started before the checkpoint, and transactions that started after Ti. Scan backwards from end of log to find the most recent record Continue scanning backwards till a record is found. Need only consider the part of log following above start record. Earlier part of log ca

37、n be ignored during recovery, and can be erased whenever desired. For all transactions (starting from Ti or later) with no , execute undo(Ti). (Done only in case of immediate modification.) Scanning forward in the log, for all transactions starting from Ti or later with a , execute redo(Ti).,Example

38、 of Checkpoints,T1 can be ignored (updates already output to disk due to checkpoint) T2 and T3 redone. T4 undone,Tc,Tf,T1,T2,T3,T4,checkpoint,system failure,Shadow Paging,Shadow paging is an alternative to log-based recovery; this scheme is useful if transactions execute serially Idea: maintain two

39、page tables during the lifetime of a transaction the current page table, and the shadow page table Store the shadow page table in nonvolatile storage, such that state of the database prior to transaction execution may be recovered. Shadow page table is never modified during execution To start with,

40、both the page tables are identical. Only current page table is used for data item accesses during execution of the transaction. Whenever any page is about to be written for the first time A copy of this page is made onto an unused page. The current page table is then made to point to the copy The up

41、date is performed on the copy,Sample Page Table,Example of Shadow Paging,Shadow and current page tables after write to page 4,Shadow Paging (Cont.),To commit a transaction :1. Flush all modified pages in main memory to disk2. Output current page table to disk3. Make the current page table the new sh

42、adow page table, as follows: keep a pointer to the shadow page table at a fixed (known) location on disk. to make the current page table the new shadow page table, simply update the pointer to point to current page table on disk Once pointer to shadow page table has been written, transaction is comm

43、itted. No recovery is needed after a crash new transactions can start right away, using the shadow page table. Pages not pointed to from current/shadow page table should be freed (garbage collected).,Show Paging (Cont.),Advantages of shadow-paging over log-based schemes no overhead of writing log re

44、cords recovery is trivial Disadvantages : Copying the entire page table is very expensive Can be reduced by using a page table structured like a B+-tree No need to copy entire tree, only need to copy paths in the tree that lead to updated leaf nodes Commit overhead is high even with above extension

45、Need to flush every updated page, and page table Data gets fragmented (related pages get separated on disk) After every transaction completion, the database pages containing old versions of modified data need to be garbage collected Hard to extend algorithm to allow transactions to run concurrently

46、Easier to extend log based schemes,Recovery With Concurrent Transactions,We modify the log-based recovery schemes to allow multiple transactions to execute concurrently. All transactions share a single disk buffer and a single log A buffer block can have data items updated by one or more transaction

47、s We assume concurrency control using strict two-phase locking; i.e. the updates of uncommitted transactions should not be visible to other transactions Otherwise how to perform undo if T1 updates A, then T2 updates A and commits, and finally T1 has to abort? Logging is done as described earlier. Lo

48、g records of different transactions may be interspersed in the log. The checkpointing technique and actions taken on recovery have to be changed since several transactions may be active when a checkpoint is performed.,Recovery With Concurrent Transactions (Cont.),Checkpoints are performed as before,

49、 except that the checkpoint log record is now of the form where L is the list of transactions active at the time of the checkpoint We assume no updates are in progress while the checkpoint is carried out (will relax this later) When the system recovers from a crash, it first does the following: Init

50、ialize undo-list and redo-list to empty Scan the log backwards from the end, stopping when the first record is found. For each record found during the backward scan: if the record is , add Ti to redo-list if the record is , then if Ti is not in redo-list, add Ti to undo-list For every Ti in L, if Ti is not in redo-list, add Ti to undo-list,