UNIT V

Transaction processing- Concurrency

control techniques

1
 • Understand the practical problems of concurrency
Course control and gain knowledge about failures and
Learnin recovery
g
Rational
e CLR - 6

• Appreciate the fundamental concepts of transaction

Course
processing ,concurrency control techniques and
learning recovery procedures
Outcom
es CLO-6
Contents
Transactions

Concurrency control

Phase Control Protocol

Log Based Recovery

Deadlock

Two phase Locking Protocol

 Transaction Concept
• A transaction is a unit of program execution that accesses and possibly
updates various data items.
• E.g., transaction to transfer $50 from account A to account B:
1. read(A)

2. A := A – 50

3. write(A)

4. read(B)

5. B := B + 50

6. write(B)

• Two main issues to deal with:

– Failures of various kinds, such as hardware failures and system crashes

– Concurrent execution of multiple transactions

 Required Properties of a Transaction
• Consider a transaction to transfer $50 from account A to account B:

1. read(A)

2. A := A – 50

3. write(A)

4. read(B)

5. B := B + 50

6. write(B)
• Atomicity requirement
– If the transaction fails after step 3 and before step 6, money will be “lost” leading to an inconsistent
database state
• Failure could be due to software or hardware

– The system should ensure that updates of a partially executed transaction are not reflected in the database

• Durability requirement — once the user has been notified that the transaction has completed (i.e., the transfer
of the $50 has taken place), the updates to the database by the transaction must persist even if there are

software or hardware failures.

 Required Properties of a Transaction (Cont.)

• Consistency requirement in above example:

– The sum of A and B is unchanged by the execution of the transaction

• In general, consistency requirements include

• Explicitly specified integrity constraints such as primary keys and foreign keys

• Implicit integrity constraints

– e.g., sum of balances of all accounts, minus sum of loan amounts must
equal value of cash-in-hand
• A transaction, when starting to execute, must see a consistent database.
• During transaction execution the database may be temporarily inconsistent.
• When the transaction completes successfully the database must be consistent
– Erroneous transaction logic can lead to inconsistency
 Required Properties of a Transaction (Cont.)
• Isolation requirement — if between steps 3 and 6 (of the fund transfer transaction) ,
another transaction T2 is allowed to access the partially updated database, it will see an
inconsistent database (the sum A + B will be less than it should be).

T1 T2
1. read(A)
2. A := A – 50
3. write(A)
read(A), read(B), print(A+B)
4. read(B)
5. B := B + 50
6. write(B)
• Isolation can be ensured trivially by running transactions serially
– That is, one after the other.
• However, executing multiple transactions concurrently has significant benefits, as we
will see later.
 Required Properties of a Transaction (Cont.)
• Isolation requirement
• Let X= 500, Y = 500.
Consider two transactions T and T”. Suppose T has been executed till Read (Y) and
then T’’ starts. As a result , interleaving of operations takes place due to which T’’ reads
correct value of X but incorrect value of Y and sum computed by
T’’: (X+Y = 50, 000+500=50, 500)
is thus not consistent with the sum at end of transaction:
T: (X+Y = 50, 000 + 450 = 50, 450).
This results in database inconsistency, due to a loss of 50 units. Hence, transactions
must take place in isolation and changes should be visible only after they have been
made to the main memory.
 ACID Properties
A transaction is a unit of program execution that accesses and possibly updates various
data items. To preserve the integrity of data the database system must ensure:

• Atomicity. Either all operations of the transaction are properly reflected in the
database or none are.
• Consistency. Execution of a transaction in isolation preserves the consistency of the
database.
• Isolation. Although multiple transactions may execute concurrently, each transaction
must be unaware of other concurrently executing transactions. Intermediate
transaction results must be hidden from other concurrently executed transactions.
– That is, for every pair of transactions Ti and Tj, it appears to Ti that either Tj, finished execution

before Ti started, or Tj started execution after Ti finished.

• Durability. After a transaction completes successfully, the changes it has made to the
database persist, even if there are system failures.
 Transaction State
• Active – the initial state; the transaction stays in this state while it is executing

• Partially committed – after the final statement has been executed.

• Failed -- after the discovery that normal execution can no longer proceed.

• Aborted – after the transaction has been rolled back and the database restored
to its state prior to the start of the transaction. Two options after it has been
aborted:
– Restart the transaction
• can be done only if no internal logical error

– Kill the transaction

• Committed – after successful completion.

Transaction State (Cont.)
• Serializability of Transactions

• Testing for serializability

• System recovery
Concurrent Executions

• Multiple transactions are allowed to run concurrently in the system.

Advantages are:

– Increased processor and disk utilization, leading to better

transaction throughput

E.g., one transaction can be using the CPU while another is reading from

or writing to the disk

– Reduced average response time for transactions: short

transactions need not wait behind long ones.

 Schedule
• Schedule – sequences of instructions that specify the order in which instructions of

concurrent transactions are executed

– A schedule for a set of transactions must consist of all instructions of those transactions

– Must preserve the order in which the instructions appear in each individual transaction.

• A transaction that successfully completes its execution will have a commit instructions as the

last statement

– By default transaction assumed to execute commit instruction as its last step

• A transaction that fails to successfully complete its execution will have an abort instruction

as the last statement

 Schedule 1

• Let T1 transfer $50 from A to B, and T2 transfer 10% of the

balance from A to B.
• A serial schedule in which T1 is followed by T2 :
 Schedule 2

• A serial schedule where T2 is followed by T1

 Schedule 3

• Let T1 and T2 be the transactions defined previously.

• The following schedule is not a serial schedule, but it is
equivalent to Schedule 1

In Schedules 1, 2 and 3, the sum A + B is

preserved.
 Schedule 4

• The following concurrent schedule does not preserve

the value of (A + B ).
 Serializability
• Each transaction preserves database consistency.

• Thus, serial execution of a set of transactions preserves

database consistency.
• A (possibly concurrent) schedule is serializable if it is
equivalent to a serial schedule.
• Different forms of schedule equivalence give rise to the notions
of:
1. Conflict serializability
2. View serializability
 Serializability
• Schedule - is a bundle (set) of transactions.

• Serializability is a property of a transaction schedule.

• It relates to the isolation property of a database transaction.

• Serializability of a schedule means equivalence to a serial

schedule.
• Conflict Serializable can occur on Non-Serializable Schedule on
following 3 conditions:
– They must belong to different transactions.

– They must operate on same value

– at least one of the should have write operation.

 Conflicting Instructions
• Instructions li and lj of transactions Ti and Tj respectively, conflict if and
only if there exists some item Q accessed by both li and lj, and at least
one of these instructions wrote Q.
1. li = read(Q), lj = read(Q). li and lj don’t conflict.
2. li = read(Q), lj = write(Q). They conflict.
3. li = write(Q), lj = read(Q). They conflict
4. li = write(Q), lj = write(Q). They conflict

• Intuitively, a conflict between li and lj forces a (logical) temporal order

between them.
• If li and lj are consecutive in a schedule and they do not conflict, their
results would remain the same even if they had been interchanged in the
schedule.
 Conflict Serializability
• If a schedule S can be transformed into a schedule S’ by a series of

swaps of non-conflicting instructions, we say that S and S’ are

conflict equivalent.

• A schedule S is conflict serializable if it is conflict equivalent to a

serial schedule
 Conflict Serializability (Cont.)
• Schedule 3 can be transformed into Schedule 6, a serial schedule

where T2 follows T1, by series of swaps of non-conflicting

instructions.

• Therefore Schedule 3 is conflict serializable

Schedule 3 Schedule 6
 Conflict Serializability (Cont.)
• Example of a schedule that is not conflict serializable:

We are unable to swap instructions in the above schedule to obtain

either the serial schedule < T3, T4 >, or the serial schedule < T4, T3

>.
Transaction States
Summary

• Transaction Concepts

• Properties of Transaction

• Transaction States
 Concurrent Executions

• Multiple transactions are allowed to run concurrently in the system.

Advantages are:
– Increased processor and disk utilization, leading to better transaction throughput
• E.g. one transaction can be using the CPU while another is reading from or writing to the
disk

– Reduced average response time for transactions: short transactions need not wait
behind long ones.

• Concurrency control schemes – mechanisms to achieve isolation

– That is, to control the interaction among the concurrent transactions in order to
prevent them from destroying the consistency of the database
 Schedules
• Schedule – a sequences of instructions that specify the chronological order in
which instructions of concurrent transactions are executed
– A schedule for a set of transactions must consist of all instructions of those
transactions
– Must preserve the order in which the instructions appear in each individual
transaction.

• A transaction that successfully completes its execution will have a commit

instructions as the last statement
– By default transaction assumed to execute commit instruction as its last step

• A transaction that fails to successfully complete its execution will have an abort
instruction as the last statement
 Schedule 1
• Let T1 transfer $50 from A to B, and T2 transfer 10% of the balance from A to B.
• An example of a serial schedule in which T1 is followed by T2 :
 Schedule 2
• A serial schedule in which T2 is followed by T1 :
 Schedule 3
• Let T1 and T2 be the transactions defined previously. The following schedule is
not a serial schedule, but it is equivalent to Schedule 1.

Note -- In schedules 1, 2 and 3, the sum “A + B” is preserved.

 Schedule 4

• The following concurrent schedule does not preserve the sum of “A + B “

 Concurrency Control and Recovery

• With concurrent transactions, all transactions share a single disk buffer and a single
log
– A buffer block can have data items updated by one or more transactions

• We assume that if a transaction Ti has modified an item, no other transaction can

modify the same item until Ti has committed or aborted

– i.e. the updates of uncommitted transactions should not be visible to other transactions
• Otherwise how to perform undo if T1 updates A, then T2 updates A and commits, and finally
T1 has to abort?

– Can be ensured by obtaining exclusive locks on updated items and holding the locks till
end of transaction (strict two-phase locking)

• Log records of different transactions may be spreaded in the log.

 Undo and Redo Operations

• Undo of a log record <Ti, X, V1, V2> writes the old value V1 to X

• Redo of a log record <Ti, X, V1, V2> writes the new value V2 to X

• Undo and Redo of Transactions

– undo(Ti) restores the value of all data items updated by Ti to their old values, going backwards

from the last log record for Ti

• each time a data item X is restored to its old value V a special log record <Ti , X, V> is written out

• when undo of a transaction is complete, a log record

<Ti abort> is written out.

– redo(Ti) sets the value of all data items updated by Ti to the new values, going forward from the

first log record for Ti

• No logging is done in this case
 Undo and Redo on Recovering from Failure
• When recovering after failure:
– Transaction Ti

– needs to be undone if the log

• contains the record <Ti start>,

• but does not contain either the record <Ti commit> or <Ti abort>.

– Transaction Ti needs to be redone if the log

• contains the records <Ti start>

• and contains the record <Ti commit> or <Ti abort>

• Note that If transaction Ti was undone earlier and the <Ti abort> record written to the log,

and then a failure occurs, on recovery from failure Ti is redone

– such a redo redoes all the original actions including the steps that restored old values
• Known as repeating history

• Seems wasteful, but simplifies recovery greatly

 Immediate DB Modification Recovery Example
Below we show the log as it appears at three instances of time.

Recovery actions in each case above are:

(a) undo (T0): B is restored to 2000 and A to 1000, and log records

<T0, B, 2000>, <T0, A, 1000>, <T0, abort> are written out

(b) redo (T0) and undo (T1): A and B are set to 950 and 2050 and C is restored to 700. Log records <T1, C, 700>, <T1, abort> are

written out.

(c) redo (T0) and redo (T1): A and B are set to 950 and 2050

respectively. Then C is set to 600

 Lock-Based Protocols

• A lock is a mechanism to control concurrent access to a data item

• Data items can be locked in two modes :

1. exclusive (X) mode. Data item can be both read as well as written. X-lock is requested using lock-X

instruction.

2. shared (S) mode. Data item can only be read. S-lock is requested using lock-S instruction.

• Lock requests are made to the concurrency-control manager by the programmer. Transaction can

proceed only after request is granted.

 Lock-Based Protocols (Cont.)

• Lock-compatibility matrix

• A transaction may be granted a lock on an item if the requested lock is compatible with
locks already held on the item by other transactions
• Any number of transactions can hold shared locks on an item,
– But if any transaction holds an exclusive on the item no other transaction may hold any lock on
the item.
• If a lock cannot be granted, the requesting transaction is made to wait till all incompatible
locks held by other transactions have been released. The lock is then granted.
 Lock-Based Protocols (Cont.)
• Example of a transaction performing locking:

T2: lock-S(A);

read (A);
unlock(A);
lock-S(B);
read (B);
unlock(B);
display(A+B)
• Locking as above is not sufficient to guarantee serializability — if A and B get updated in-between
the read of A and B, the displayed sum would be wrong.
• A locking protocol is a set of rules followed by all transactions while requesting and releasing
locks. Locking protocols restrict the set of possible schedules.
 The Two-Phase Locking Protocol

• This protocol ensures conflict-serializable schedules.

• Phase 1: Growing Phase

– Transaction may obtain locks

– Transaction may not release locks

• Phase 2: Shrinking Phase

– Transaction may release locks

– Transaction may not obtain locks

• The protocol assures serializability. It can be proved that the transactions can be serialized in the

order of their lock points (i.e., the point where a transaction acquired its final lock).
 The Two-Phase Locking Protocol (Cont.)

• There can be conflict serializable schedules that cannot be obtained if two-phase

locking is used.

• However, in the absence of extra information (e.g., ordering of access to data),

two-phase locking is needed for conflict serializability in the following sense:

– Given a transaction Ti that does not follow two-phase locking, we can find a transaction

Tj that uses two-phase locking, and a schedule for Ti and Tj that is not conflict

serializable.
 Lock Conversions

• Two-phase locking with lock conversions:

– First Phase:
– can acquire a lock-S on item

– can acquire a lock-X on item

– can convert a lock-S to a lock-X (upgrade)

– Second Phase:
– can release a lock-S

– can release a lock-X

– can convert a lock-X to a lock-S (downgrade)

• This protocol assures serializability. But still relies on the programmer to insert the
various locking instructions.
 Automatic Acquisition of Locks

• A transaction Ti issues the standard read/write instruction, without explicit locking calls.

• The operation read(D) is processed as:

if Ti has a lock on D

then
read(D)
else begin
if necessary wait until no other
transaction has a lock-X on D

grant Ti a lock-S on D;

read(D)
end
 Automatic Acquisition of Locks (Cont.)

• write(D) is processed as:

if Ti has a lock-X on D
then
write(D)
else begin
if necessary wait until no other transaction has any lock on D,
if Ti has a lock-S on D
then
upgrade lock on D to lock-X
else
grant Ti a lock-X on D
write(D)
end;
• All locks are released after commit or abort
 Deadlocks
• Consider the partial schedule

• Neither T3 nor T4 can make progress — executing lock-S(B) causes T4 to wait for T3 to release its lock on B, while

executing lock-X(A) causes T3 to wait for T4 to release its lock on A.

• Such a situation is called a deadlock.

– To handle a deadlock one of T3 or T4 must be rolled back

and its locks released.

 Deadlocks (Cont.)

• Two-phase locking does not ensure freedom from deadlocks.

• In addition to deadlocks, there is a possibility of starvation.
• Starvation occurs if the concurrency control manager is badly designed. For example:
– A transaction may be waiting for an X-lock on an item, while a sequence of other transactions
request and are granted an S-lock on the same item.
– The same transaction is repeatedly rolled back due to deadlocks.

• Concurrency control manager can be designed to prevent starvation.

 Deadlocks (Cont.)

• The potential for deadlock exists in most locking protocols. Deadlocks are a necessary evil.

• When a deadlock occurs there is a possibility of cascading roll-backs.

• Cascading roll-back is possible under two-phase locking. To avoid this, follow a modified protocol

called strict two-phase locking -- a transaction must hold all its exclusive locks till it

commits/aborts.

• Rigorous two-phase locking is even stricter. Here, all locks are held till commit/abort. In this

protocol transactions can be serialized in the order in which they commit.

 Implementation of Locking

• A lock manager can be implemented as a separate process to which transactions send

lock and unlock requests
• The lock manager replies to a lock request by sending a lock grant messages (or a
message asking the transaction to roll back, in case of a deadlock)
• The requesting transaction waits until its request is answered
• The lock manager maintains a data-structure called a lock table to record granted locks
and pending requests
• The lock table is usually implemented as an in-memory hash table indexed on the name
of the data item being locked
Lock Table
• Dark blue rectangles indicate granted
locks; light blue indicate waiting
requests
• Lock table also records the type of lock
granted or requested
• New request is added to the end of the
queue of requests for the data item, and
granted if it is compatible with all earlier
locks
• Unlock requests result in the request
being deleted, and later requests are
checked to see if they can now be
granted
• If transaction aborts, all waiting or
granted requests of the transaction are
deleted
– lock manager may keep a list of
locks held by each transaction, to
 Deadlock Handling

• System is deadlocked if there is a set of transactions such that every transaction

in the set is waiting for another transaction in the set.

• Deadlock prevention protocols ensure that the system will never enter into a

deadlock state. Some prevention strategies :

– Require that each transaction locks all its data items before it begins execution

(predeclaration).

– Impose partial ordering of all data items and require that a transaction can lock data

items only in the order specified by the partial order.

 More Deadlock Prevention Strategies

• Following schemes use transaction timestamps for the sake of deadlock

prevention alone.
• wait-die scheme — non-preemptive
– older transaction may wait for younger one to release data item (older means
smaller timestamp) . Younger transactions never wait for older ones; they are rolled
back instead.
– a transaction may die several times before acquiring needed data item
• wound-wait scheme — preemptive
– older transaction wounds (forces rollback) of younger transaction instead of waiting
for it. Younger transactions may wait for older ones.
– may be fewer rollbacks than wait-die scheme.
 Deadlock prevention (Cont.)

• Both in wait-die and in wound-wait schemes, a rolled back transactions is

restarted with its original timestamp. Older transactions thus have precedence
over newer ones, and starvation is hence avoided.
• Timeout-Based Schemes:
– a transaction waits for a lock only for a specified amount of time. If the lock has not
been granted within that time, the transaction is rolled back and restarted.
– Thus, deadlocks are not possible.

– simple to implement; but starvation is possible. Also difficult to determine good

value of the timeout interval.
 Deadlock Detection

• Deadlocks can be described as a wait-for graph, which consists of a pair G = (V,E),

– V is a set of vertices (all the transactions in the system)

– E is a set of edges; each element is an ordered pair Ti Tj.

• If Ti  Tj is in E, then there is a directed edge from Ti to Tj, implying that Ti is waiting for

Tj to release a data item.

• When Ti requests a data item currently being held by Tj, then the edge Ti  Tj is

inserted in the wait-for graph. This edge is removed only when Tj is no longer holding a

data item needed by Ti.

• The system is in a deadlock state if and only if the wait-for graph has a cycle. Must
invoke a deadlock-detection algorithm periodically to look for cycles.
 Deadlock Detection (Cont.)

Wait-for graph without a cycle Wait-for graph with a cycle

 Deadlock Recovery

• When deadlock is detected :

– Some transaction will have to rolled back (made a victim) to break deadlock.
Select that transaction as victim that will incur minimum cost.
– Rollback -- determine how far to roll back transaction
• Total rollback: Abort the transaction and then restart it.

• More effective to roll back transaction only as far as necessary to break deadlock.

– Starvation happens if same transaction is always chosen as victim. Include

the number of rollbacks in the cost factor to avoid starvation.
 Multiple Granularity

• Allow data items to be of various sizes and define a hierarchy of data

granularities, where the small granularities are nested within larger ones
• Can be represented graphically as a tree.

• When a transaction locks a node in the tree explicitly, it implicitly locks all the
node's descendents in the same mode.
• Granularity of locking (level in tree where locking is done):
– fine granularity (lower in tree): high concurrency, high locking overhead

– coarse granularity (higher in tree): low locking overhead, low concurrency

 Example of Granularity Hierarchy

The levels, starting from the coarsest (top) level are

– database
– area
– file
– record
 Intention Lock Modes
• In addition to S and X lock modes, there are three additional lock modes with multiple

granularity:

– intention-shared (IS): indicates explicit locking at a lower level of the tree but only with shared

locks.

– intention-exclusive (IX): indicates explicit locking at a lower level with exclusive or shared locks

– shared and intention-exclusive (SIX): the sub-tree rooted by that node is locked explicitly in

shared mode and explicit locking is being done at a lower level with exclusive-mode locks.

• intention locks allow a higher level node to be locked in S or X mode without having to

check all descendent nodes.

 Compatibility Matrix with Intention Lock Modes

• The compatibility matrix for all lock modes is:

 Multiple Granularity Locking Scheme

• Transaction Ti can lock a node Q, using the following rules:

1. The lock compatibility matrix must be observed.
2. The root of the tree must be locked first, and may be locked in any mode.

3. A node Q can be locked by Ti in S or IS mode only if the parent of Q is currently locked by Ti in either
IX or IS mode.

4. A node Q can be locked by Ti in X, SIX, or IX mode only if the parent of Q is currently locked by Ti in
either IX or SIX mode.

5. Ti can lock a node only if it has not previously unlocked any node (that is, Ti is two-phase).

6. Ti can unlock a node Q only if none of the children of Q are currently locked by Ti.

• Observe that locks are acquired in root-to-leaf order, whereas they are released in leaf-to-
root order.
• Lock granularity escalation: in case there are too many locks at a particular level, switch to
higher granularity S or X lock
Recovery System
 Recovery System
• Failure Classification
• Storage Structure
• Recovery and Atomicity
• Log-Based Recovery
• Remote Backup Systems
 Failure Classification
• Transaction failure :
– Logical errors: transaction cannot complete due to some internal error condition

– System errors: the database system must terminate an active transaction due to an error

condition (e.g., deadlock)

• System crash: a power failure or other hardware or software failure causes the

system to crash.
– Fail-stop assumption: non-volatile storage contents are assumed to not be corrupted by

system crash
• Database systems have numerous integrity checks to prevent corruption of disk data

• Disk failure: a head crash or similar disk failure destroys all or part of disk storage
– Destruction is assumed to be detectable: disk drives use checksums to detect failures
 Recovery Algorithms
• Consider transaction Ti that transfers $50 from account A to account B
– Two updates: subtract 50 from A and add 50 to B
• Transaction Ti requires updates to A and B to be output to the database.
– A failure may occur after one of these modifications have been made but before
both of them are made.
– Modifying the database without ensuring that the transaction will commit may
leave the database in an inconsistent state
– Not modifying the database may result in lost updates if failure occurs just after
transaction commits
• Recovery algorithms have two parts
1. Actions taken during normal transaction processing to ensure enough information
exists to recover from failures
2. Actions taken after a failure to recover the database contents to a state that ensures
atomicity, consistency and durability
 Storage Structure
• Volatile storage:
– does not survive system crashes
– examples: main memory, cache memory
• Nonvolatile storage:
– survives system crashes
– examples: disk, tape, flash memory,
non-volatile (battery backed up) RAM
– but may still fail, losing data
• Stable storage:
– a mythical form of storage that survives all failures
– approximated by maintaining multiple copies on distinct nonvolatile media
– See book for more details on how to implement stable storage
 Stable-Storage Implementation
• Maintain multiple copies of each block on separate disks
– copies can be at remote sites to protect against disasters such as fire or flooding.
• Failure during data transfer can still result in inconsistent copies: Block transfer can result in
– Successful completion
– Partial failure: destination block has incorrect information
– Total failure: destination block was never updated
• Protecting storage media from failure during data transfer (one solution):
– Execute output operation as follows (assuming two copies of each block):

1. Write the information onto the first physical block.

2. When the first write successfully completes, write the same information onto the
second physical block.
3. The output is completed only after the second write successfully completes.
 Stable-Storage Implementation (Cont.)

• Protecting storage media from failure during data transfer (cont.):

• Copies of a block may differ due to failure during output operation.
To recover from failure:
1. First find inconsistent blocks:
1. Expensive solution: Compare the two copies of every disk block.
2. Better solution:
 Record in-progress disk writes on non-volatile storage (Non-volatile RAM or special area
of disk).
 Use this information during recovery to find blocks that may be inconsistent, and only
compare copies of these.
 Used in hardware RAID systems
2. If either copy of an inconsistent block is detected to have an error (bad
checksum), overwrite it by the other copy. If both have no error, but are
different, overwrite the second block by the first block.
 Data Access

• Physical blocks are those blocks residing on the disk.

• Buffer blocks are the blocks residing temporarily in main memory.

• Block movements between disk and main memory are initiated through the
following two operations:
– input(B) transfers the physical block B to main memory.

– output(B) transfers the buffer block B to the disk, and replaces the appropriate
physical block there.

• We assume, for simplicity, that each data item fits in, and is stored inside, a
single block.
Example of Data Access
 Data Access (Cont.)
• Each transaction Ti has its private work-area in which local copies of all data
items accessed and updated by it are kept.
– Ti's local copy of a data item X is called xi.
• Transferring data items between system buffer blocks and its private work-
area done by:
– read(X) assigns the value of data item X to the local variable xi.
– write(X) assigns the value of local variable xi to data item {X} in the buffer block.
– Note: output(BX) need not immediately follow write(X). System can perform the
output operation when it deems fit.
• Transactions
– Must perform read(X) before accessing X for the first time (subsequent reads can
be from local copy)
– write(X) can be executed at any time before the transaction commits
 Recovery and Atomicity
• To ensure atomicity despite failures, we first output information describing
the modifications to stable storage without modifying the database itself.
• We study log-based recovery mechanisms in detail
– We first present key concepts
– And then present the actual recovery algorithm
• Less used alternative: shadow-copy and shadow-paging

shadow-copy
 Log-Based Recovery
• A log is kept on stable storage.
– The log is a sequence of log records, and maintains a record of update activities on the database.

• When transaction Ti starts, it registers itself by writing a

<Ti start>log record

• Before Ti executes write(X), a log record

<Ti, X, V1, V2>

is written, where V1 is the value of X before the write (the old value), and V2 is the value to be written to X
(the new value).

• When Ti finishes it last statement, the log record <Ti commit> is written.

• Two approaches using logs

– Deferred database modification
– Immediate database modification
 Immediate Database Modification
• The immediate-modification scheme allows updates of an uncommitted transaction to
be made to the buffer, or the disk itself, before the transaction commits
• Update log record must be written before database item is written
– We assume that the log record is output directly to stable storage

– (Will see later that how to postpone log record output to some extent)

• Output of updated blocks to stable storage can take place at any time before or after
transaction commit
• Order in which blocks are output can be different from the order in which they are
written.
• The deferred-modification scheme performs updates to buffer/disk only at the time of
transaction commit
– Simplifies some aspects of recovery

– But has overhead of storing local copy

 Transaction Commit

• A transaction is said to have committed when its commit log record is

output to stable storage

– all previous log records of the transaction must have been output already

• Writes performed by a transaction may still be in the buffer when the

transaction commits, and may be output later

 Immediate Database Modification Example
Log Write Output

<T0 start>
<T0, A, 1000, 950>
<To, B, 2000, 2050
A = 950
B = 2050
<T0 commit>
<T1 start> BC output before T1
<T1, C, 700, 600> commits
C = 600
BB , BC
<T1 commit>
BA BA output after T0
commits
• Note: BX denotes block containing X.
 Checkpoints

• Redoing/undoing all transactions recorded in the log can be very slow

1. processing the entire log is time-consuming if the system has run for a long time

2. we might unnecessarily redo transactions which have already output their updates
to the database.

• Streamline recovery procedure by periodically performing checkpointing

1. Output all log records currently residing in main memory onto stable storage.

2. Output all modified buffer blocks to the disk.

3. Write a log record < checkpoint L> onto stable storage where L is a list of all
transactions active at the time of checkpoint.
– All updates are stopped while doing checkpointing
 Checkpoints (Cont.)

• During recovery we need to consider only the most recent transaction Ti that started before

the checkpoint, and transactions that started after Ti.

1. Scan backwards from end of log to find the most recent <checkpoint L> record
– Only transactions that are in L or started after the checkpoint need to be redone or
undone
– Transactions that committed or aborted before the checkpoint already have all their
updates output to stable storage.
• Some earlier part of the log may be needed for undo operations

1. Continue scanning backwards till a record <Ti start> is found for every transaction Ti in L.

– Parts of log prior to earliest <Ti start> record above are not needed for recovery, and can
be erased whenever desired.
 Example of Checkpoints
Tc Tf
T1
T2
T3
T4

checkpoint system failure

• T1 can be ignored (updates already output to disk due to checkpoint)

• T2 and T3 redone.
• T4 undone
Recovery Algorithm
 Recovery Algorithm
• Logging (during normal operation):
– <Ti start> at transaction start

– <Ti, Xj, V1, V2> for each update, and

– <Ti commit> at transaction end

• Transaction rollback (during normal operation)

– Let Ti be the transaction to be rolled back

– Scan log backwards from the end, and for each log record of Ti of the form <Ti, Xj, V1, V2>

• perform the undo by writing V1 to Xj,

• write a log record <Ti , Xj, V1>

– such log records are called compensation log records

– Once the record <Ti start> is found stop the scan and write the log record <Ti abort>
 Recovery Algorithm (Cont.)

• Recovery from failure: Two phases

– Redo phase: replay updates of all transactions, whether they committed,
aborted, or are incomplete
– Undo phase: undo all incomplete transactions
• Redo phase:
1. Find last <checkpoint L> record, and set undo-list to L.
2. Scan forward from above <checkpoint L> record
1. Whenever a record <Ti, Xj, V1, V2> or <Ti, Xj, V2> is found, redo it by writing V2
to Xj
2. Whenever a log record <Ti start> is found, add Ti to undo-list
3. Whenever a log record <Ti commit> or <Ti abort> is found, remove Ti from
undo-list
 Recovery Algorithm (Cont.)
• Undo phase:
1. Scan log backwards from end

1. Whenever a log record <Ti, Xj, V1, V2> is found where Ti is in undo-list perform same actions as

for transaction rollback:

1. perform undo by writing V1 to Xj.

2. write a log record <Ti , Xj, V1>

2. Whenever a log record <Ti start> is found where Ti is in undo-list,

1. Write a log record <Ti abort>

2. Remove Ti from undo-list

3. Stop when undo-list is empty

 i.e. <Ti start> has been found for every transaction in undo-list

 After undo phase completes, normal transaction processing can commence

Example of Recovery
 Log Record Buffering
• Log record buffering: log records are buffered in main memory, instead of of being

output directly to stable storage.

– Log records are output to stable storage when a block of log records in the buffer is full, or

a log force operation is executed.

• Log force is performed to commit a transaction by forcing all its log records (including

the commit record) to stable storage.

• Several log records can thus be output using a single output operation, reducing the

I/O cost.
 Log Record Buffering (Cont.)

• The rules below must be followed if log records are buffered:

– Log records are output to stable storage in the order in which they are created.

– Transaction Ti enters the commit state only when the log record

<Ti commit> has been output to stable storage.

– Before a block of data in main memory is output to the database, all log records
pertaining to data in that block must have been output to stable storage.
• This rule is called the write-ahead logging or WAL rule
– Strictly speaking WAL only requires undo information to be output