| blob | a66e40bccd58bb2a61ef6f4be6ab1fee7d76d770 |
1 /*
2 ** 2011-08-13
3 **
4 ** The author disclaims copyright to this source code. In place of
5 ** a legal notice, here is a blessing:
6 **
7 ** May you do good and not evil.
8 ** May you find forgiveness for yourself and forgive others.
9 ** May you share freely, never taking more than you give.
10 **
11 *************************************************************************
12 **
13 ** This file contains the implementation of LSM database logging. Logging
14 ** has one purpose in LSM - to make transactions durable.
15 **
16 ** When data is written to an LSM database, it is initially stored in an
17 ** in-memory tree structure. Since this structure is in volatile memory,
18 ** if a power failure or application crash occurs it may be lost. To
19 ** prevent loss of data in this case, each time a record is written to the
20 ** in-memory tree an equivalent record is appended to the log on disk.
21 ** If a power failure or application crash does occur, data can be recovered
22 ** by reading the log.
23 **
24 ** A log file consists of the following types of records representing data
25 ** written into the database:
26 **
27 ** LOG_WRITE: A key-value pair written to the database.
28 ** LOG_DELETE: A delete key issued to the database.
29 ** LOG_COMMIT: A transaction commit.
30 **
31 ** And the following types of records for ancillary purposes..
32 **
33 ** LOG_EOF: A record indicating the end of a log file.
34 ** LOG_PAD1: A single byte padding record.
35 ** LOG_PAD2: An N byte padding record (N>1).
36 ** LOG_JUMP: A pointer to another offset within the log file.
37 **
38 ** Each transaction written to the log contains one or more LOG_WRITE and/or
39 ** LOG_DELETE records, followed by a LOG_COMMIT record. The LOG_COMMIT record
40 ** contains an 8-byte checksum based on all previous data written to the
41 ** log file.
42 **
43 ** LOG CHECKSUMS & RECOVERY
44 **
45 ** Checksums are found in two types of log records: LOG_COMMIT and
46 ** LOG_CKSUM records. In order to recover content from a log, a client
47 ** reads each record from the start of the log, calculating a checksum as
48 ** it does. Each time a LOG_COMMIT or LOG_CKSUM is encountered, the
49 ** recovery process verifies that the checksum stored in the log
50 ** matches the calculated checksum. If it does not, the recovery process
51 ** can stop reading the log.
52 **
53 ** If a recovery process reads records (other than COMMIT or CKSUM)
54 ** consisting of at least LSM_CKSUM_MAXDATA bytes, then the next record in
55 ** the log must be either a LOG_CKSUM or LOG_COMMIT record. If it is
56 ** not, the recovery process also stops reading the log.
57 **
58 ** To recover the log file, it must be read twice. The first time to
59 ** determine the location of the last valid commit record. And the second
60 ** time to load data into the in-memory tree.
61 **
62 ** Todo: Surely there is a better way...
63 **
64 ** LOG WRAPPING
65 **
66 ** If the log file were never deleted or wrapped, it would be possible to
67 ** read it from start to end each time is required recovery (i.e each time
68 ** the number of database clients changes from 0 to 1). Effectively reading
69 ** the entire history of the database each time. This would quickly become
70 ** inefficient. Additionally, since the log file would grow without bound,
71 ** it wastes storage space.
72 **
73 ** Instead, part of each checkpoint written into the database file contains
74 ** a log offset (and other information required to read the log starting at
75 ** at this offset) at which to begin recovery. Offset $O.
76 **
77 ** Once a checkpoint has been written and synced into the database file, it
78 ** is guaranteed that no recovery process will need to read any data before
79 ** offset $O of the log file. It is therefore safe to begin overwriting
80 ** any data that occurs before offset $O.
81 **
82 ** This implementation separates the log into three regions mapped into
83 ** the log file - regions 0, 1 and 2. During recovery, regions are read
84 ** in ascending order (i.e. 0, then 1, then 2). Each region is zero or
85 ** more bytes in size.
86 **
87 ** |---1---|..|--0--|.|--2--|....
88 **
89 ** New records are always appended to the end of region 2.
90 **
91 ** Initially (when it is empty), all three regions are zero bytes in size.
92 ** Each of them are located at the beginning of the file. As records are
93 ** added to the log, region 2 grows, so that the log consists of a zero
94 ** byte region 1, followed by a zero byte region 0, followed by an N byte
95 ** region 2. After one or more checkpoints have been written to disk,
96 ** the start point of region 2 is moved to $O. For example:
97 **
98 ** A) ||.........|--2--|....
99 **
100 ** (both regions 0 and 1 are 0 bytes in size at offset 0).
101 **
102 ** Eventually, the log wraps around to write new records into the start.
103 ** At this point, region 2 is renamed to region 0. Region 0 is renamed
104 ** to region 2. After appending a few records to the new region 2, the
105 ** log file looks like this:
106 **
107 ** B) ||--2--|...|--0--|....
108 **
109 ** (region 1 is still 0 bytes in size, located at offset 0).
110 **
111 ** Any checkpoints made at this point may reduce the size of region 0.
112 ** However, if they do not, and region 2 expands so that it is about to
113 ** overwrite the start of region 0, then region 2 is renamed to region 1,
114 ** and a new region 2 created at the end of the file following the existing
115 ** region 0.
116 **
117 ** C) |---1---|..|--0--|.|-2-|
118 **
119 ** In this state records are appended to region 2 until checkpoints have
120 ** contracted regions 0 AND 1 UNTil they are both zero bytes in size. They
121 ** are then shifted to the start of the log file, leaving the system in
122 ** the equivalent of state A above.
123 **
124 ** Alternatively, state B may transition directly to state A if the size
125 ** of region 0 is reduced to zero bytes before region 2 threatens to
126 ** encroach upon it.
127 **
128 ** LOG_PAD1 & LOG_PAD2 RECORDS
129 **
130 ** PAD1 and PAD2 records may appear in a log file at any point. They allow
131 ** a process writing the log file align the beginning of transactions with
132 ** the beginning of disk sectors, which increases robustness.
133 **
134 ** RECORD FORMATS:
135 **
136 ** LOG_EOF: * A single 0x00 byte.
137 **
138 ** LOG_PAD1: * A single 0x01 byte.
139 **
140 ** LOG_PAD2: * A single 0x02 byte, followed by
141 ** * The number of unused bytes (N) as a varint,
142 ** * An N byte block of unused space.
143 **
144 ** LOG_COMMIT: * A single 0x03 byte.
145 ** * An 8-byte checksum.
146 **
147 ** LOG_JUMP: * A single 0x04 byte.
148 ** * Absolute file offset to jump to, encoded as a varint.
149 **
150 ** LOG_WRITE: * A single 0x06 or 0x07 byte,
151 ** * The number of bytes in the key, encoded as a varint,
152 ** * The number of bytes in the value, encoded as a varint,
153 ** * If the first byte was 0x07, an 8 byte checksum.
154 ** * The key data,
155 ** * The value data.
156 **
157 ** LOG_DELETE: * A single 0x08 or 0x09 byte,
158 ** * The number of bytes in the key, encoded as a varint,
159 ** * If the first byte was 0x09, an 8 byte checksum.
160 ** * The key data.
161 **
162 ** Varints are as described in lsm_varint.c (SQLite 4 format).
163 **
164 ** CHECKSUMS:
165 **
166 ** The checksum is calculated using two 32-bit unsigned integers, s0 and
167 ** s1. The initial value for both is 42. It is updated each time a record
168 ** is written into the log file by treating the encoded (binary) record as
169 ** an array of 32-bit little-endian integers. Then, if x[] is the integer
170 ** array, updating the checksum accumulators as follows:
171 **
172 ** for i from 0 to n-1 step 2:
173 ** s0 += x[i] + s1;
174 ** s1 += x[i+1] + s0;
175 ** endfor
176 **
177 ** If the record is not an even multiple of 8-bytes in size it is padded
178 ** with zeroes to make it so before the checksum is updated.
179 **
180 ** The checksum stored in a COMMIT, WRITE or DELETE is based on all bytes
181 ** up to the start of the 8-byte checksum itself, including the COMMIT,
182 ** WRITE or DELETE fields that appear before the checksum in the record.
183 **
184 ** VARINT FORMAT
185 **
186 ** See lsm_varint.c.
187 */
189 #ifndef _LSM_INT_H
191 #endif
193 /* Log record types */
194 #define LSM_LOG_EOF 0x00
195 #define LSM_LOG_PAD1 0x01
196 #define LSM_LOG_PAD2 0x02
197 #define LSM_LOG_COMMIT 0x03
198 #define LSM_LOG_JUMP 0x04
200 #define LSM_LOG_WRITE 0x06
201 #define LSM_LOG_WRITE_CKSUM 0x07
203 #define LSM_LOG_DELETE 0x08
204 #define LSM_LOG_DELETE_CKSUM 0x09
206 #define LSM_LOG_DRANGE 0x0A
207 #define LSM_LOG_DRANGE_CKSUM 0x0B
209 /* Require a checksum every 32KB. */
210 #define LSM_CKSUM_MAXDATA (32*1024)
212 /* Do not wrap a log file smaller than this in bytes. */
213 #define LSM_MIN_LOGWRAP (128*1024)
215 /*
216 ** szSector:
217 ** Commit records must be aligned to end on szSector boundaries. If
218 ** the safety-mode is set to NORMAL or OFF, this value is 1. Otherwise,
219 ** if the safety-mode is set to FULL, it is the size of the file-system
220 ** sectors as reported by lsmFsSectorSize().
221 */
232 };
234 /*
235 ** Return the result of interpreting the first 4 bytes in buffer aIn as
236 ** a 32-bit unsigned little-endian integer.
237 */
243 }
246 /*
247 ** This function is the same as logCksum(), except that pointer "a" need
248 ** not be aligned to an 8-byte boundary or padded with zero bytes. This
249 ** version is slower, but sometimes more convenient to use.
250 */
256 ){
267 }
275 }
279 }
281 /*
282 ** Update pLog->cksum0 and pLog->cksum1 so that the first nBuf bytes in the
283 ** write buffer (pLog->buf) are included in the checksum.
284 */
293 );
294 }
296 }
300 }
303 }
305 /*
306 ** If possible, reclaim log file space. Log file space is reclaimed after
307 ** a snapshot that points to the same data in the database file is synced
308 ** into the db header.
309 */
315 /* Test if there exists some other connection with a read-only transaction
316 ** open. If there does, then log file space may not be reclaimed. */
323 i64 iSyncedId;
325 /* Read the snapshot-id of the snapshot stored on meta-page iMeta. Note
326 ** that in theory, the value read is untrustworthy (due to a race
327 ** condition - see comments above lsmFsReadSyncedId()). So it is only
328 ** ever used to conclude that no log space can be reclaimed. If it seems
329 ** to indicate that it may be possible to reclaim log space, a
330 ** second call to lsmCheckpointSynced() (which does return trustworthy
331 ** values) is made below to confirm. */
345 }
349 }
350 }
351 }
353 }
355 /*
356 ** This function is called when a write-transaction is first opened. It
357 ** is assumed that the caller is holding the client-mutex when it is
358 ** called.
359 **
360 ** Before returning, this function allocates the LogWriter object that
361 ** will be used to write to the log file during the write transaction.
362 ** LSM_OK is returned if no error occurs, otherwise an LSM error code.
363 */
371 /* If the log file has not yet been opened, open it now. Also allocate
372 ** the LogWriter structure, if it has not already been allocated. */
379 }
386 }
389 /* The following call detects whether or not a new snapshot has been
390 ** synced into the database file. If so, it updates the contents of
391 ** the pDb->treehdr.log structure to reclaim any space in the log
392 ** file that is no longer required.
393 **
394 ** TODO: Calling this every transaction is overkill. And since the
395 ** call has to read and checksum a snapshot from the database file,
396 ** it is expensive. It would be better to figure out a way so that
397 ** this is only called occasionally - say for every 32KB written to
398 ** the log file.
399 */
401 }
405 }
407 /* Set the effective sector-size for this transaction. Sectors are assumed
408 ** to be one byte in size if the safety-mode is OFF or NORMAL, or as
409 ** reported by lsmFsSectorSize if it is FULL. */
415 }
417 /* There are now three scenarios:
418 **
419 ** 1) Regions 0 and 1 are both zero bytes in size and region 2 begins
420 ** at a file offset greater than LSM_MIN_LOGWRAP. In this case, wrap
421 ** around to the start and write data into the start of the log file.
422 **
423 ** 2) Region 1 is zero bytes in size and region 2 occurs earlier in the
424 ** file than region 0. In this case, append data to region 2, but
425 ** remember to jump over region 1 if required.
426 **
427 ** 3) Region 2 is the last in the file. Append to it.
428 */
438 /* Case 1. Wrap around to the start of the file. Write an LSM_LOG_JUMP
439 ** into the log file in this case. Pad it out to 8 bytes using a PAD2
440 ** record so that the checksums can be updated immediately. */
441 u8 aJump[] = {
443 };
454 /* Case 2. */
458 /* Case 3. */
461 }
464 i64 iRound;
470 }
474 }
476 /*
477 ** This function is called when a write-transaction is being closed.
478 ** Parameter bCommit is true if the transaction is being committed,
479 ** or false otherwise. The caller must hold the client-mutex to call
480 ** this function.
481 **
482 ** A call to this function deletes the LogWriter object allocated by
483 ** lsmLogBegin(). If the transaction is being committed, the shared state
484 ** in *pLog is updated before returning.
485 */
499 /* This happens when the transaction had to jump over some other
500 ** part of the log. */
506 }
507 }
508 }
515 ){
516 /* Determine if it is necessary to add an LSM_LOG_JUMP to jump over the
517 ** jump region before writing the LSM_LOG_WRITE or DELETE record. This
518 ** is necessary if there is insufficient room between the current offset
519 ** and the jump region to fit the new WRITE/DELETE record and the largest
520 ** possible JUMP record with up to 7 bytes of padding (a total of 17
521 ** bytes). */
524 ){
531 /* Serialize the JUMP record */
536 /* Adding padding to the contents of the buffer so that it will be a
537 ** multiple of 8 bytes in size after the JUMP record is appended. This
538 ** is not strictly required, it just makes the keeping the running
539 ** checksum up to date in this file a little simpler. */
549 }
552 }
554 /* Append the JUMP record to the buffer. Then flush the buffer to disk
555 ** and update the checksums. The next write to the log file (assuming
556 ** there is no transaction rollback) will be to offset iJump (just past
557 ** the jump region). */
569 }
572 }
578 /* Calculate the checksum value. Append it to the buffer. */
585 /* Write the contents of the buffer to disk. */
591 }
593 /*
594 ** Write the contents of the log-buffer to disk. Then write either a CKSUM
595 ** or COMMIT record, depending on the value of parameter eType.
596 */
605 /* Commit record is always 9 bytes in size. */
610 /* If this is a COMMIT, add padding to the log so that the COMMIT record
611 ** is aligned against the end of a disk sector. In other words, add padding
612 ** so that the first byte following the COMMIT record lies on a different
613 ** sector. */
617 /* Determine the value of nPad. */
635 }
636 }
637 }
639 /* Make sure there is room in the log-buffer to add the CKSUM or COMMIT
640 ** record. Then add the first byte of it. */
648 /* If this is a commit and synchronous=full, sync the log to disk. */
651 }
653 }
655 /*
656 ** Append an LSM_LOG_WRITE (if nVal>=0) or LSM_LOG_DELETE (if nVal<0)
657 ** record to the database log.
658 */
664 ){
679 /* Determine how many bytes of space are required, assuming that a checksum
680 ** will be embedded in this record (even though it may not be). */
684 /* Jump over the jump region if required. Set bCksum to true to tell the
685 ** code below to include a checksum in the record if either (a) writing
686 ** this record would mean that more than LSM_CKSUM_MAXDATA bytes of data
687 ** have been written to the log since the last checksum, or (b) the jump
688 ** is taken. */
694 }
698 /* Write the record header - the type byte followed by either 1 (for
699 ** DELETE) or 2 (for WRITE) varints. */
711 }
718 }
721 }
724 }
726 /*
727 ** Append an LSM_LOG_COMMIT record to the database log.
728 */
732 }
734 /*
735 ** Store the current offset and other checksum related information in the
736 ** structure *pMark. Later, *pMark can be passed to lsmLogSeek() to "rewind"
737 ** the LogWriter object to the current log file offset. This is used when
738 ** rolling back savepoint transactions.
739 */
743 ){
758 }
760 /*
761 ** Seek (rewind) back to the log file offset stored by an ealier call to
762 ** lsmLogTell() in *pMark.
763 */
767 ){
782 }
788 }
790 /*
791 ** This function does the work for an lsm_info(LOG_STRUCTURE) request.
792 */
797 /* If there is no read or write transaction open, read the latest
798 ** tree-header from shared-memory to report on. If necessary, update
799 ** it based on the contents of the database header.
800 **
801 ** No locks are taken here - these are passive read operations only.
802 */
806 }
815 );
817 }
821 }
823 /*************************************************************************
824 ** Begin code for log recovery.
825 */
837 };
845 ){
863 );
864 }
865 }
874 }
885 }
891 }
892 }
893 }
896 }
903 ){
912 }
913 }
914 }
920 }
928 /* Update in-memory (expected) checksums */
935 /* Read the checksums from the log file. Set *pbEof if they do not match. */
941 }
942 }
943 }
950 ){
959 }
961 /*
962 ** This function is called after reading the header of a LOG_DELETE or
963 ** LOG_WRITE record. Parameter nByte is the total size of the key and
964 ** value that follow the header just read. Return true if the size and
965 ** position of the record indicate that it should contain a checksum.
966 */
969 }
971 /*
972 ** Recover the contents of the log file.
973 */
998 /* The outer for() loop runs at most twice. The first iteration is to
999 ** count the number of committed transactions in the log. The second
1000 ** iterates through those transactions and updates the in-memory tree
1001 ** structure with their contents. */
1019 }
1035 }
1045 }
1046 }
1048 }
1059 }
1065 }
1067 }
1072 nCommit++;
1075 }
1090 }
1095 }
1096 }
1100 }
1102 }
1105 /* Including LSM_LOG_EOF */
1108 }
1109 }
1119 }
1120 }
1123 }
1124 }
1125 }
1127 /* Initialize DbLog object */
1132 }
1138 }
1142 }
1148 }
1155 }
1156 }