2. 8/10/2017 2Md. Golam Moazzam, Dept. of CSE, JU
OUTLINE
System Failure
Classification of Failure
Storage Types
Redundant Arrays of Independent Disks (RAID)
Improvement of Reliability via Redundancy
Improvement in Performance via Parallelism
RAID Levels
Log-Based Recovery
Deferred Database modification technique
Immediate Database Modification Technique
3. System Failure
A computer system, like any other device, is subject to failure from a
variety of causes:
• Disk crash
• Power outage
• Software error
• A fire in the machine room
• Sabotage.
In any failure, information may be lost. Therefore, the database system
must take actions in advance to ensure that the atomicity and durability
properties of transactions are preserved.
8/10/2017 3Md. Golam Moazzam, Dept. of CSE, JU
Data Recovery System
4. Classification of Failure
There are various types of failure that may occur in a system:
- Transaction Failure
- System Crash
- Disk Failure.
8/10/2017 4Md. Golam Moazzam, Dept. of CSE, JU
Data Recovery System
5. Classification of Failure
Transaction Failure. There are two types of errors that may cause a
transaction to fail:
Logical error. The transaction can no longer continue with its normal
execution because of some internal condition, such as bad input, data
not found, overflow, or resource limit exceeded.
System error. The system has entered an undesirable state (for
example, deadlock) as a result of which a transaction cannot continue
with its normal execution. The transaction, however, can be re-executed
at a later time.
8/10/2017 5Md. Golam Moazzam, Dept. of CSE, JU
Data Recovery System
6. Classification of Failure
System Crash. There is a hardware malfunction, or a bug in the
database software or the operating system, that causes the loss of the
content of volatile storage, and brings transaction processing to a halt. The
content of nonvolatile storage remains intact, and is not corrupted.
Disk Failure. A disk block loses its content as a result of either a head
crash or failure during a data transfer operation. Copies of the data on
other disks, or archival backups on tertiary media, such as tapes, are used to
recover from the failure.
8/10/2017 6Md. Golam Moazzam, Dept. of CSE, JU
Data Recovery System
7. Storage Types
Volatile storage. Data in volatile storage, such as in RAM, are lost when
the computer crashes.
Nonvolatile storage. Data in nonvolatile storage, such as disk, are not lost
when the computer crashes, but may occasionally be lost because of
failures such as disk crashes (for example, head crash).
Stable storage. Data in stable storage are never lost. Although stable
storage is theoretically impossible to obtain, it can be closely approximated
by techniques that make data loss extremely unlikely.
8/10/2017 7Md. Golam Moazzam, Dept. of CSE, JU
Data Recovery System
8. Stable-Storage Implementation
To implement stable storage, we need to replicate the needed information
in several nonvolatile storage media (usually disk) with independent
failure modes, and to update the information in a controlled manner to
ensure that failure during data transfer does not damage the needed
information.
RAID systems guarantee that the failure of a single disk (even during data
transfer) will not result in loss of data. The simplest and fastest form of
RAID is the mirrored disk, which keeps two copies of each block, on
separate disks. Other forms of RAID offer lower costs, but at the expense
of lower performance.
8/10/2017 8Md. Golam Moazzam, Dept. of CSE, JU
Data Recovery System
9. Stable-Storage Implementation
RAID systems, however, cannot guard against data loss due to disasters
such as fires or flooding. More secure systems keep a copy of each block of
stable storage at a remote site, writing it out over a computer network, in
addition to storing the block on a local disk system. Since the blocks are
output to a remote system as and when they are output to local storage,
once an output operation is complete, the output is not lost, even in the
event of a disaster such as a fire or flood.
8/10/2017 9Md. Golam Moazzam, Dept. of CSE, JU
Data Recovery System
10. Redundant Arrays of Independent Disks (RAID)
The data storage requirements of some applications (in particular Web, database,
and multimedia data applications) have been growing so fast that a large number of
disks are needed to store data for such applications, even though disk drive
capacities have been growing very fast. Having a large number of disks in a system
presents opportunities for improving the rate at which data can be read or written, if
the disks are operated in parallel. Parallelism can also be used to perform several
independent reads or writes in parallel. Furthermore, this setup offers the potential
for improving the reliability of data storage, because redundant information can be
stored on multiple disks. Thus, failure of one disk does not lead to loss of data.
A variety of disk-organization techniques exist which is collectively known as
Redundant Arrays of Independent Disks (RAID).
8/10/2017 10Md. Golam Moazzam, Dept. of CSE, JU
Data Recovery System
11. Improvement of Reliability via Redundancy
Reliability can be improved via redundancy of disks. The simplest
approach is to duplicate every disk. This technique is called mirroring or
shadowing. A logical disk then consists of two physical disks, and every
write is carried out on both disks. If one of the disks fails, the data can be
read from the other. Data will be lost only if the second disk fails before the
first failed disk is repaired.
8/10/2017 11Md. Golam Moazzam, Dept. of CSE, JU
Data Recovery System
12. Improvement in Performance via Parallelism
Improve the transfer rate by striping data across multiple disks.
In its simplest form, data striping consists of splitting the bits of each
byte across multiple disks; such striping is called bit-level striping.
For example, if we have an array of eight disks, we write bit i of each
byte to disk i. The array of eight disks can be treated as a single disk
with sectors that are eight times the normal size, and, more important,
that has eight times the transfer rate.
8/10/2017 12Md. Golam Moazzam, Dept. of CSE, JU
Data Recovery System
13. Improvement in Performance via Parallelism
Every disk participates in every access, so the number of accesses that
can be processed per second is about the same as on a single disk, but
each access can read eight times as many data in the same time as on a
single disk.
Bit-level striping can be generalized to a number of disks that either is a
multiple of 8 or a factor of 8. For example, if we use an array of four
disks, bits i and 4 + i of each byte go to disk i.
8/10/2017 13Md. Golam Moazzam, Dept. of CSE, JU
Data Recovery System
14. Improvement in Performance via Parallelism
Block-level striping stripes blocks across multiple disks.
It treats the array of disks as a single large disk, and it gives blocks
logical numbers;
We assume the block numbers start from 0.
With an array of n disks, block-level striping assigns logical block i of
the disk array to disk (i mod n) + 1;
It uses the th physical block of the disk to store logical block i.
8/10/2017 14Md. Golam Moazzam, Dept. of CSE, JU
Data Recovery System
ni/
15. Improvement in Performance via Parallelism
For example, with 8 disks, logical block 0 is stored in physical block 0
of disk 1, while logical block 11 is stored in physical block 1 of disk 4.
When reading a large file, block-level striping fetches n blocks at a
time in parallel from the n disks, giving a high data transfer rate for
large reads.
When a single block is read, the data transfer rate is the same as on one
disk, but the remaining n − 1 disks are free to perform other actions.
Block level striping is the most commonly used form of data striping.
8/10/2017 15Md. Golam Moazzam, Dept. of CSE, JU
Data Recovery System
16. RAID Levels
RAID (redundant array of independent disks) is a storage technology
that combines multiple disk drive components into a logical unit. Data
is distributed across the drives in one of several ways called "RAID
levels", depending on the level of redundancy and performance
required.
Mirroring provides high reliability, but it is expensive.
Striping provides high data transfer rates, but does not improve
reliability. Various alternative schemes aim to provide redundancy at
lower cost by combining disk striping with “parity” bits. These
schemes have different cost–performance trade-offs.
8/10/2017 16Md. Golam Moazzam, Dept. of CSE, JU
Data Recovery System
17. RAID Levels
RAID level 0 refers to disk arrays with striping at the level of blocks, but
without any redundancy. It provides improved performance and
additional storage but no fault tolerance. Any drive failure destroys the
array, and the likelihood of failure increases with more drives in the array.
Figure shows an array of size 4.
8/10/2017 17Md. Golam Moazzam, Dept. of CSE, JU
Data Recovery System
18. RAID Levels
RAID level 1 refers to disk mirroring with block striping. Figure shows a
mirrored organization that holds four disks worth of data.
8/10/2017 18Md. Golam Moazzam, Dept. of CSE, JU
Data Recovery System
19. RAID Levels
RAID level 2, known as memory-style error-correcting-code (ECC)
organization, employs parity bits. Memory systems have long used parity
bits for error detection and correction. Each byte in a memory system may
have a parity bit associated with it that records whether the numbers of bits
in the byte that are set to 1 is even (parity = 0) or odd (parity = 1). If one of
the bits in the byte gets damaged (either a 1 becomes a 0, or a 0 becomes a
1), the parity of the byte changes and thus will not match the stored parity.
Similarly, if the stored parity bit gets damaged, it will not match the
computed parity. Thus, all 1-bit errors will be detected by the memory
system. Error-correcting schemes store 2 or more extra bits, and can
reconstruct the data if a single bit gets damaged.
8/10/2017 19Md. Golam Moazzam, Dept. of CSE, JU
Data Recovery System
20. RAID Levels
The idea of error-correcting codes can be used directly in disk arrays by
striping bytes across disks. For example, the first bit of each byte could be
stored in disk 1, the second bit in disk 2, and so on until the eighth bit is
stored in disk 8, and the error-correction bits are stored in further disks.
8/10/2017 20Md. Golam Moazzam, Dept. of CSE, JU
Data Recovery System
21. RAID Levels
Figure c shows the level 2 scheme. The disks labeled P store the error
correction bits. If one of the disks fails, the remaining bits of the byte and
the associated error-correction bits can be read from other disks, and can be
used to reconstruct the damaged data. Figure c shows an array of size 4;
RAID level 2 requires only three disks’ overhead for four disks of data,
unlike RAID level 1, which required four disks’ overhead.
RAID 2 stripes data at the bit level, and uses a Hamming code for error
correction. The disks are synchronized by the controller to spin at the same
angular orientation, so it generally cannot service multiple requests
simultaneously. In RAID 2, extremely high data transfer rates are possible
but there are no commercial applications of RAID 2.
8/10/2017 21Md. Golam Moazzam, Dept. of CSE, JU
Data Recovery System
22. RAID Levels
RAID level 3, bit-interleaved parity organization, improves on level 2 by
exploiting the fact that disk controllers can detect whether a sector has
been read correctly, so a single parity bit can be used for error correction,
as well as for detection. RAID level 3 is as good as level 2, but is less
expensive in the number of extra disks (it has only a one-disk overhead), so
level 2 is not used in practice.
8/10/2017 22Md. Golam Moazzam, Dept. of CSE, JU
Data Recovery System
23. RAID Levels
RAID level 4, block-interleaved parity organization, uses block-level
striping, like RAID 0, and in addition keeps a parity block on a separate
disk for corresponding blocks from N other disks. If one of the disks fails,
the parity block can be used with the corresponding blocks from the other
disks to restore the blocks of the failed disk.
8/10/2017 23Md. Golam Moazzam, Dept. of CSE, JU
Data Recovery System
24. RAID Levels
RAID level 5, block-interleaved distributed parity, improves on level 4 by
partitioning data and parity among all N + 1 disks, instead of storing data in
N disks and parity in one disk. In level 5, all disks can participate in
satisfying read requests, unlike RAID level 4, where the parity disk cannot
participate, so level 5 increases the total number of requests that can be met
in a given amount of time. For each set of N logical blocks, one of the disks
stores the parity, and the other N disks store the blocks.
8/10/2017 24Md. Golam Moazzam, Dept. of CSE, JU
Data Recovery System
25. RAID Levels
Figure f shows the setup. The P’s are distributed across all the disks. For
example, with an array of 5 disks, the parity block, labelled Pk, for logical
blocks 4k, 4k+1, 4k+2, 4k+3 is stored in disk (k mod 5)+1; the
corresponding blocks of the other four disks store the 4 data blocks 4k to 4k
+ 3. The following table indicates how the first 20 blocks, numbered 0 to
19, and their parity blocks are laid out. The pattern shown gets repeated on
further blocks. A parity block cannot store parity for blocks in the same
disk, since then a disk failure would result in loss of data as well as of
parity, and hence would not be recoverable. Level 5 subsumes level 4, since
it offers better read –write performance at the same cost, so level 4 is not
used in practice.
8/10/2017 25Md. Golam Moazzam, Dept. of CSE, JU
Data Recovery System
26. RAID Levels
RAID level 6, the P + Q redundancy scheme, is much like RAID level 5,
but stores extra redundant information to guard against multiple disk
failures. Instead of using parity, level 6 uses error-correcting codes such as
the Reed–Solomon codes. In the scheme in Figure g, 2 bits of redundant
data are stored for every 4 bits of data.
8/10/2017 26Md. Golam Moazzam, Dept. of CSE, JU
Data Recovery System
27. Log-Based Recovery
The most widely used structure for recording database modifications is the
log. The log is a sequence of log records, recording all the update activities
in the database. There are several types of log records. An update log
record describes a single database write. It has these fields:
Transaction identifier is the unique identifier of the transaction that
performed the write operation.
Data-item identifier is the unique identifier of the data item written.
Typically, it is the location on disk of the data item.
Old value is the value of the data item prior to the write.
New value is the value that the data item will have after the write.
8/10/2017 27Md. Golam Moazzam, Dept. of CSE, JU
Data Recovery System
28. Log-Based Recovery
We denote the various types of log records as:
– <Ti start>. Transaction Ti has started.
– <Ti, Xj, V1, V2>. Transaction Ti has performed a write on data item Xj .
Xj had value V1 before the write, and will have value V2 after the write.
– <Ti commit>. Transaction Ti has committed.
– <Ti abort>. Transaction Ti has aborted.
8/10/2017 28Md. Golam Moazzam, Dept. of CSE, JU
Data Recovery System
29. Log-Based Recovery
Whenever a transaction performs a write, it is essential that the log record
for that write be created before the database is modified. Once a log record
exists, we can output the modification to the database if that is desirable.
Also, we have the ability to undo a modification that has already been
output to the database. We undo it by using the old-value field in log
records.
8/10/2017 29Md. Golam Moazzam, Dept. of CSE, JU
Data Recovery System
30. Deferred Database Modification Technique for ensuring transaction
atomicity
The deferred-modification technique ensures transaction atomicity by
recording all database modifications in the log, but deferring the execution
of all write operations of a transaction until the transaction partially
commits.
When a transaction partially commits, the information on the log associated
with the transaction is used in executing the deferred writes. If the system
crashes before the transaction completes its execution, or if the transaction
aborts, then the information on the log is simply ignored.
The execution of transaction Ti proceeds as follows. Before Ti starts its
execution, a record <Ti start> is written to the log. A write(X) operation by
Ti results in the writing of a new record to the log. Finally, when Ti partially
commits, a record <Ti commit> is written to the log.
8/10/2017 30Md. Golam Moazzam, Dept. of CSE, JU
Data Recovery System
31. Deferred Database Modification Technique
Only the new value of the data item is required by the deferred modification
technique. To illustrate, reconsider our simplified banking system. Let T0 be a
transaction that transfers $50 from account A to account B:
T0: read(A);
A := A − 50;
write(A);
read(B);
B := B + 50;
write(B).
8/10/2017 31Md. Golam Moazzam, Dept. of CSE, JU
Data Recovery System
32. Deferred Database Modification Technique
Let T1 be a transaction that withdraws $100 from account C:
T1: read(C);
C := C − 100;
write(C).
8/10/2017 32Md. Golam Moazzam, Dept. of CSE, JU
Data Recovery System
33. Deferred Database Modification Technique
Suppose that these transactions are executed serially, in the order T0 followed by T1,
and that the values of accounts A, B, and C before the execution took place were
$1000, $2000, and $700, respectively. The portion of the log containing the relevant
information on these two transactions appears in the following Figure.
<T0 start>
<T0 , A, 950>
<T0 , B, 2050>
<T0 commit>
<T1 start>
<T1 , C, 600>
<T1 commit>
8/10/2017 33Md. Golam Moazzam, Dept. of CSE, JU
Data Recovery System
34. Deferred Database Modification Technique
There are various orders in which the actual outputs can take place to both the database
system and the log as a result of the execution of T0 and T1. One such order appears in Figure
below.
Log Database
<T0 start>
<T0 , A, 950>
<T0 , B, 2050>
<T0 commit>
A = 950
B = 2050
<T1 start>
<T1 , C, 600>
<T1 commit>
C = 600
8/10/2017 34Md. Golam Moazzam, Dept. of CSE, JU
Data Recovery System
35. Deferred Database Modification Technique
Using the log, the system can handle any failure that results in the loss of
information on volatile storage. The recovery scheme uses the following recovery
procedure:
redo(Ti) sets the value of all data items updated by transaction Ti to the new values.
After a failure, the recovery subsystem consults the log to determine which
transactions need to be redone. Transaction Ti needs to be redone if and only if the
log contains both the record <Ti start> and the record <Ti commit>. Thus, if the
system crashes after the transaction completes its execution, the recovery scheme
uses the information in the log to restore the system to a previous consistent state
after the transaction had completed.
8/10/2017 35Md. Golam Moazzam, Dept. of CSE, JU
Data Recovery System
36. Deferred Database Modification Technique for ensuring transaction
atomicity
As an illustration, consider the following log records:
Figure: The log at three different times.
8/10/2017 36Md. Golam Moazzam, Dept. of CSE, JU
Data Recovery System
<T0 start>
<T0, A, 950>
<T0, B, 2050>
(a)
<T0 start>
<T0, A, 950>
<T0, B, 2050>
<T0 commit>
<T1 start>
<T1, C, 600>
(b)
<T0 start>
<T0, A, 950>
<T0, B, 2050>
<T0 commit>
<T1 start>
<T1, C, 600>
<T1 commit>
(c)
37. Deferred Database Modification Technique
Assume that the crash occurs just after the log record for the step write(B) of
transaction T0 has been written to stable storage. The log at the time of the crash
appears in Figure (a). When the system comes back up, no redo actions need to
be taken, since no commit record appears in the log. The values of accounts A and
B remain $1000 and $2000, respectively. The log records of the incomplete
transaction T0 can be deleted from the log.
Now, let us assume the crash comes just after the log record for the step write(C) of
transaction T1 has been written to stable storage. In this case, the log at the time of
the crash is as in Figure (b). When the system comes back up, the operation
redo(T0) is performed, since the record <T0 commit> appears in the log on the
disk. After this operation is executed, the values of accounts A and B are $950 and
$2050, respectively. The value of account C remains $700. As before, the log
records of the incomplete transaction T1 can be deleted from the log.
8/10/2017 37Md. Golam Moazzam, Dept. of CSE, JU
Data Recovery System
38. Deferred Database Modification Technique
Finally, assume that a crash occurs just after the log record <T1 commit> is written
to stable storage. The log at the time of this crash is as in Figure (c). When the
system comes back up, two commit records are in the log: one for T0 and one for T1.
Therefore, the system must perform operations redo(T0) and redo(T1), in the order
in which their commit records appear in the log. After the system executes these
operations, the values of accounts A, B, and C are $950, $2050, and $600,
respectively.
8/10/2017 38Md. Golam Moazzam, Dept. of CSE, JU
Data Recovery System
39. Immediate Database Modification Technique for ensuring transaction
atomicity
The immediate-modification technique allows database modifications to be
output to the database while the transaction is still in the active state. Data
modifications written by active transactions are called uncommitted
modifications. In the event of a crash or a transaction failure, the system must use
the old-value field of the log records to restore the modified data items to the value
they had prior to the start of the transaction. The undo operation accomplishes this
restoration.
8/10/2017 39Md. Golam Moazzam, Dept. of CSE, JU
Data Recovery System
40. Immediate Database Modification Technique
Before a transaction Ti starts its execution, the system writes the record <Ti
start> to the log. During its execution, any write(X) operation by Ti is
preceded by the writing of the appropriate new update record to the log.
When Ti partially commits, the system writes the record <Ti commit> to
the log.
8/10/2017 40Md. Golam Moazzam, Dept. of CSE, JU
Data Recovery System
41. Immediate Database Modification Technique
As an illustration, let us reconsider our simplified banking system, with transactions
T0 and T1 executed one after the other in the order T0 followed by T1. The portion of
the log containing the relevant information concerning these two transactions
appears in Figure below.
<T0 start>
<T0 , A, 1000, 950>
<T0 , B, 2000, 2050>
<T0 commit>
<T1 start>
<T1 , C, 700, 600>
<T1 commit>
8/10/2017 41Md. Golam Moazzam, Dept. of CSE, JU
Data Recovery System
42. Immediate Database Modification Technique
The following Figure shows one possible order in which the actual outputs took place in both
the database system and the log as a result of the execution of T0 and T1.
Log Database
<T0 start>
<T0, A, 1000, 950>
<T0, B, 2000, 2050>
A = 950
B = 2050
<T0 commit>
<T1 start>
<T1, C, 700, 600>
C = 600
<T1 commit>
Figure: State of system log and database corresponding to T0 and T1.
8/10/2017 42Md. Golam Moazzam, Dept. of CSE, JU
Data Recovery System
43. Immediate Database Modification Technique
Using the log, the system can handle any failure that does not result in the loss of information
in nonvolatile storage. The recovery scheme uses two recovery procedures:
undo(Ti) restores the value of all data items updated by transaction Ti to the old values.
redo(Ti) sets the value of all data items updated by transaction Ti to the new values.
The set of data items updated by Ti and their respective old and new values can be found in
the log. After a failure has occurred, the recovery scheme consults the log to determine which
transactions need to be redone, and which need to be undone:
- Transaction Ti needs to be undone if the log contains the record <Ti start>, but does not
contain the record <Ti commit>.
- Transaction Ti needs to be redone if the log contains both the record <Ti start> and the
record <Ti commit>.
8/10/2017 43Md. Golam Moazzam, Dept. of CSE, JU
Data Recovery System
44. Immediate Database Modification Technique
As an illustration, suppose that the system crashes before the completion of the transactions.
We consider the following three cases. The state of the logs for each of these cases appears in
the following Figure.
Figure: The log shown at three different times.
8/10/2017 44Md. Golam Moazzam, Dept. of CSE, JU
Data Recovery System
<T0 start>
<T0, A, 1000, 950>
<T0, B, 2000,
2050>
(a)
<T0 start>
<T0, A, 1000, 950>
<T0, B, 2000,
2050>
<T0 commit>
<T1 start>
<T1, C, 700, 600>
(b)
<T0 start>
<T0, A, 1000, 950>
<T0, B, 2000,
2050>
<T0 commit>
<T1 start>
<T1, C, 700. 600>
<T1 commit>
(c)
45. Immediate Database Modification Technique
First, let us assume that the crash occurs just after the log record for the
step write(B) of transaction T0 has been written to stable storage (Figure a).
When the system comes back up, it finds the record <T0 start> in the log,
but no corresponding <T0 commit> record. Thus, transaction T0 must be
undone, so an undo(T0) is performed. As a result, the values in accounts A
and B (on the disk) are restored to $1000 and $2000, respectively.
8/10/2017 45Md. Golam Moazzam, Dept. of CSE, JU
Data Recovery System
46. Immediate Database Modification Technique
Next, let us assume that the crash comes just after the log record for the
step write(C) of transaction T1 has been written to stable storage (Figure b).
When the system comes back up, two recovery actions need to be taken.
The operation undo(T1) must be performed, since the record <T1 start>
appears in the log, but there is no record <T1 commit>. The operation
redo(T0) must be performed, since the log contains both the record <T0
start> and the record <T0 commit>. At the end of the entire recovery
procedure, the values of accounts A, B, and C are $950, $2050, and $700,
respectively. The undo(T1) operation is performed before the redo(T0). The
order of doing undo operations first, and then redo operations, is important
for the recovery algorithm.
8/10/2017 46Md. Golam Moazzam, Dept. of CSE, JU
Data Recovery System
47. Immediate Database Modification Technique
Finally, let us assume that the crash occurs just after the log record <T1
commit> has been written to stable storage (Figure c). When the system
comes back up, both T0 and T1 need to be redone, since the records <T0
start> and <T0 commit> appear in the log, as do the records <T1 start> and
<T1 commit>. After the system performs the recovery procedures redo(T0)
and redo(T1), the values in accounts A, B, and C are $950, $2050, and
$600, respectively.
8/10/2017 47Md. Golam Moazzam, Dept. of CSE, JU
Data Recovery System