Module 5: Database Recovery

Database Recovery
• Purpose of Database Recovery
– To bring the database into the last consistent
state, which existed prior to the failure.
– To preserve transaction properties (Atomicity,
Consistency, Isolation and Durability).
• Example:
– If the system crashes before a fund transfer transaction
completes its execution, then either one or both accounts
may have incorrect value. Thus, the database must be
restored to the state before the transaction modified any
of the accounts.
 Types Failures
• As well as maintaining consistency through concurrency
protocols, a DBMS must have policies to recover from the
various types of failure.
• All failures can be categorised into one of the three types:
– A computer failure (system crash).
– A transaction or system error.
– Local errors or exception conditions.
– Concurrency control enforcement.
– Disk failure.
– Physical problems and catastrophes.

• Transaction failures may require changes in the page cache to

be undone, systems failures may require recovery processing,
and media failure may require restoring from backup.
 Transaction Log
• For recovery from any type of failure, data values prior to
modification (BFIM - BeFore Image) and the value after modification
(AFIM – AFter Image) are required. new
• These values and other information is stored in a sequential file
called Transaction log. A sample log is given below. Back P and
Next P point to the previous and next log records of the same
transaction.
T ID Back P Next P Operation Data item BFIM AFIM
T1 0 1 Begin
T1 1 4 Write X X = 100 X = 200
T2 0 8 Begin
T1 2 5 W Y Y = 50 Y = 100
T1 4 7 R M M = 200 M = 200
T3 0 9 R N N = 400 N = 400
T1 5 nil End
 Recovery and Atomicity
• Modifying the database without ensuring that the
transaction will commit may leave the database in an
inconsistent state.
• Consider transaction Ti that transfers $50 from
account A to account B; goal is either to perform all
database modifications made by Ti or none at all.
• Several output operations may be required for Ti (to
output A and B). A failure may occur after one of these
modifications have been made but before all of them
are made.
 Recovery and Atomicity …
• To ensure atomicity despite failures, we first
output information describing the modifications
to stable storage without modifying the
database itself.
• We consider two approaches:
– log-based recovery, and
– shadow-paging
• We assume (initially) that transactions run
serially, that is, one after the other.
 Log-Based Recovery
• A log is kept on stable storage
– The log is a sequence of log records, and maintains a record of update activities on the
database.
• When transaction Ti starts, it registers itself by writing a
<Ti start>log record
• Before Ti executes write(X), a log record <Ti, X, V1, V2> is written, where V1 is the
value of X before the write, and V2 is the value to be written to X.
– Log record notes that Ti has performed a write on data item Xj Xj had value V1 before the
write, and will have value V2 after the write.
• When Ti finishes its last statement, the log record <Ti commit> is written.
• We assume for now that log records are written directly to stable storage (that is,
they are not buffered)
• Two approaches using logs
– Deferred database modification
– Immediate database modification
 Deferred Database Modification
• The deferred database modification scheme records all
modifications to the log, but defers all the writes to after partial
commit.
• Assume that transactions execute serially
• Transaction starts by writing <Ti start> record to log.
• A write(X) operation results in a log record <Ti, X, V> being written,
where V is the new value for X
– Note: old value is not needed for this scheme
• The write is not performed on X at this time, but is deferred.
• When Ti partially commits, <Ti commit> is written to the log
• Finally, the log records are read and used to actually execute the
previously deferred writes.
 Deferred Database Modification …
• Below we show the log as it appears at three instances of time.

• If log on stable storage at time of crash :

(a) No redo actions need to be taken
(b) redo(T0) must be performed since <T0 commit> is present
(c) redo(T0) must be performed followed by redo(T1) since
<T0 commit> and <Ti commit> are present
 Immediate Database Modification
• The immediate database modification scheme allows database updates
of an uncommitted transaction to be made as the writes are issued
– since undoing may be needed, update logs must have both old value and new
value
• Update log record must be written before database item is written
– We assume that the log record is output directly to stable storage
– Can be extended to postpone log record output, so long as prior to execution of
an output(B) operation for a data block B, all log records corresponding to items
B must be flushed to stable storage
• Output of updated blocks can take place at any time before or after
transaction commit
• Order in which blocks are output can be different from the order in
which they are written.
 Immediate Database Modification Example
Log Write Output

<T0 start>
<T0, A, 1000, 950>
<To, B, 2000, 2050>
A = 950
B = 2050
<T0 commit>
<T1 start>
<T1, C, 700, 600>
C = 600
BB, BC
<T1 commit>
BA
• Note: BX denotes block containing X.
 Presentation Topics
• Shadow Paging
• Commercial DBMSs use of transaction logging
 Immediate Database Modification …
• Recovery procedure has two operations instead of one:
– undo(Ti) restores the value of all data items updated by Ti to their
old values, going backwards from the last log record for Ti
– redo(Ti) sets the value of all data items updated by Ti to the new
values, going forward from the first log record for Ti
• When recovering after failure:
– Transaction Ti needs to be undone if the log contains the record
<Ti start>, but does not contain the record <Ti commit>.
– Transaction Ti needs to be redone if the log contains both the
record <Ti start> and the record <Ti commit>.
• Undo operations are performed first, then redo operations.
 Immediate DB Modification Recovery
Example
Below we show the log as it appears at three instances of time.

Recovery actions in each case above are:

(a) undo (T0): B is restored to 2000 and A to 1000.
(b) undo (T1) and redo (T0): C is restored to 700, and then A and B are
set to 950 and 2050 respectively.
(c) redo (T0) and redo (T1): A and B are set to 950 and 2050
respectively. Then C is set to 600
 Page Cache
• Operating systems typically manage the page cache, an area in
memory where recently accessed disk pages are held.
• The page cache can be used to order writes to disk, or “hold
back” writes until a transaction commits.
• More importantly, the cache can improve performance by
removing the need to go to disk for some disk reads and writes.
However, when a page in the cache is written to, it is marked as
“dirty” and will require writing to disk.
• In some cases, because transaction processing of DBMSs is
highly integrated with the page cache, the DBMS may manage
the cache itself by making low-level operating system calls.
 Logging
• Information that is required for recovery after
failure is logged.
• Logging writes sequential information to a
continually growing file (the file, however, can
be reset when a periodical dump of the
database is made).
• If the log is lost, then all current transactions
must be completed and written to disk and a
full backup of the database needs to be made.
 Write-ahead logging
• Write-ahead logging or WAL is the logging technique used in
most commercial database systems.
• Write-ahead logging is the protocol of writing all log entries
to disk before the corresponding changes are made to the
database, that is, before the transaction is committed.
• By using a write-through policy on the cache (where all log
pages are written immediately and not cached), storage of
the log on stable media can be guaranteed.
• Using write-ahead logging, the log can be used to rollback
uncommitted transactions and roll forward committed
transactions that had not yet reached disk.
 Rolling forward and back
• To allow the rolling forward of committed transaction to
disk and the rollback of uncommitted transactions, two
types of log records are required:
– Undo records (logging of write item transactions that store
the previous value of the item)
– Redo records (logging of write item transactions that store the
new value of the item)
• To rollback a transaction, undo records are used to
return the database to the previous state. To roll forward
a transaction, redo records are used to bring a
transaction to its committed state.
 Checkpoints in Logs
• Periodically, checkpoints are written to the log
to make restart processing more efficient after
failure.
• Checkpoints are stored in the log and record the
active transactions, the recently written log
records, and a list of dirty cache pages.
• On system restart, recovery analysis can begin at
the checkpoint, rather than at the beginning of
(what may potentially be) a large log file.
 Restarting after Failure

• The analysis pass gathers information about dirty pages and in-progress
transactions.
• Using the analysis, the redo pass is brings the database to the state described in
the log.
• The undo pass removes the effects of transactions that did not commit.
 Database Backup
• The techniques described so far are useful for transaction
and some database failures.
• However, more catastrophic events (the computer being
stolen, a fire, a disk head crash, etc.) require a database
backup
• Backing up a database requires that the whole database
and log be stored on a stable media, and the medias be
stored in a “safe” location.
• Additionally, the log alone may periodically be dumped to
stable storage media, ensuring that users do not lose
transactions performed since the last full backup.
 Presentation Topics
• The ARIES Recovery Algorithm
• Recovery in Multi-Database Systems- a single
transaction may require access to multiple
databases that may even be stored on
different types of DBMSs.