Page 190 - DCAP402_DCAO204_DATABASE MANAGEMENT SYSTEM_MANAGING DATABASE
P. 190
Unit 11: Recovery System
were carried off-site could be lost in such a disaster. More secure systems keep a copy of each Notes
block of stable storage at a remote site, writing it out over a computer network, in addition to
storing the block on a local disk system. Since the blocks are output to a remote system as and
when they are output to local storage, once an output operation is complete, the output is not
lost, even in the event of a disaster such as a fire or flood. We study such remote’ backup systems
In this section, we discuss how storage media can be protected from failure during data transfer.
Block transfer between memory and disk storage can result in:
1. Successful completion: The transferred information arrived safely at its destination.
2. Partial failure: A failure occurred in the midst of transfer, and the destination block has
incorrect information.
3. Total failure: The failure occurred sufficiently early during the transfer that the destination
block remains intact.
We require that, if a data-transfer failure occurs, the system detects it and invokes a recovery
procedure to restore the block to a consistent state. To do so, the system must maintain two
physical blocks for each logical database block; in the case of mirrored disks, both blocks are at
the same location; in the case of remote backup, one of the blocks is local, whereas the other is
at a remote site. An output operation is executed as follows:
1. Write the information onto the first physical block.
2. When the first write completes successfully, write the same information onto the second
physical block.
3. The output is completed only after the second write completes successfully.
During recovery, the system examines each pair of physical blocks. If both are the same and no
detectable error exists, then no further actions are necessary. (Recall that errors in a disk block,
such as a partial write to the block, are detected by storing a checksum with each block.) If the
system detects an error in one block, then it replaces its content with the content of the other
block. If both blocks contain no detectable error, but they differ in content, then the system
replaces the content of the first block with the value of the second. This recovery procedure
ensures that a write to stable storage either succeeds completely (that is, updates all copies) or
results in no change.
The requirement of comparing every corresponding pair of blocks during recovery is expensive
to meet. We can reduce the cost greatly by keeping track of block writes that are in progress,
using a small amount of nonvolatile RAM. On recovery, only blocks for which writes were in
progress need to be compared.
The protocols for writing out a block to a remote site are similar to the protocols for writing
blocks to a mirrored disk system
We can extend this procedure easily to allow the use of an arbitrarily large number of copies of
each block of stable storage. Although a large number of copies reduces the probability of a
failure to even lower than two copies-do, it is usually reasonable to simulate stable storage with
only two copies.
Data Access
The database system resides permanently on nonvolatile storage (usually disks), and is
partitioned into fixed-length storage units called blocks. Blocks are the units of data transfer to
and from disk, and may contain several data items. We shall assume that no data item spans two
LOVELY PROFESSIONAL UNIVERSITY 183
