Reliable object storage to support atomic actions

Maintaining consistency of on-line, long-lived, distributed data in the presence of hardware failures is a necessity for many applications. The Argus programming language and system, currently under development at M.I.T., provides users with linguistic constructs to implement such applications. Argus permits users to identify certain data objects as being resilient to failures, and the set of such resilient objects can vary dynamically as programs run. When resilient objects are modified, they are automatically copied by the Argus implementation to stable storage, storage that with very high probability does not lose information. The resilient objects are therefore guaranteed, with very high probability, to survive both media failures and node crashes. This paper presents a method for implementing resilient objects, using a log-based mechanism to organize the information on stable storage. Of particular interest is the handling of a dynamic, user-controlled set of resilient objects, and the use of early prepare to minimize delays in user activities. Permission to copy without fee all or part of this material is granted provided that the copies are not made or distributed for direct commercial advantage, the ACM copyright notice and the title of the publication and its date appear, and notice is given that copying is by permission of the Association for Computing Machinery. To copy otherwise, or to republish, requires a fee and/or specific permission. © 1985 A C M 0 8 9 7 9 1 1 7 4 1 1 2 / 8 5 0 1 4 7 $ 0 0 . 7 5 1. I n t r o d u c t i o n In banking systems, airline reservation systems, office automation systems, and other databases, the manipulation and preservation of long-lived, on-line, distributed data is of primary importance. The Argus programming language and system[12], currently under development at M.I.T., is designed to support such applications. A fundamental requirement in such systems is making data resilient to hardware failures, so that the crash of a node or storage device will not result in the loss of vital information. This paper discusses support for data resiliency in Argus. In Argus, data consistency in the presence of concurrency is achieved by making activities atomic. Atomic activities are referred to as actions or transactions [4, 5, 6]. An action is indivisib/e and total Indivisibility means that the execution of one action never appears to overlap the execution of any other action. Totalility means that the overall effect of an action is all-or-nothing, that is, either all changes made to the data by the action happen (the action commits), or none of these changes happen (the action aborts). While an action is running, the changes it makes to data objects are kept in volatile storage. If the action aborts, the changes are simply discarded. If the action commits, however, the changes become permanent. Our method of providing data resiliency is to write such changes to stable storage. Stable storage provides memory with a high probability of surviving node and media failures [11]. A stable storage device might provide block read and write operations just like a conventional disk device; the write operation, however, is atomic, meaning the data is either written completely or not written at all, even if there is a failure during the write. This atomicity ensures that the data will never be left in an inconsistent state in which the old value is gone and the new value is wrong. Lampson and Sturgis [10] call this kind of stable storage atomic stable