Using Tickets to Enforce the Serializability of Multidatabase Transactions

Home , Commitment ordering, Global serializability, Serializability

Wright State University CORE Scholar

The Ohio Center of Excellence in Knowledge- Kno.e.sis Publications Enabled Computing (Kno.e.sis)

2-1994

Dimitrios Georgakopoulos

Marek Rusinkiewicz

Amit P. Sheth Wright State University - Main Campus, [email protected]

Follow this and additional works at: https://corescholar.libraries.wright.edu/knoesis

Part of the Bioinformatics Commons, Communication Technology and New Media Commons, Databases and Information Systems Commons, OS and Networks Commons, and the Science and Technology Studies Commons

Repository Citation Georgakopoulos, D., Rusinkiewicz, M., & Sheth, A. P. (1994). Using Tickets to Enforce the Serializability of Multidatabase Transactions. IEEE Transactions on Knowledge and Data Engineering, 6 (1), 166-180. https://corescholar.libraries.wright.edu/knoesis/823

This Article is brought to you for free and open access by the The Ohio Center of Excellence in Knowledge-Enabled Computing (Kno.e.sis) at CORE Scholar. It has been accepted for inclusion in Kno.e.sis Publications by an authorized administrator of CORE Scholar. For more information, please contact [email protected].

IEEE TRANSACTIONS ON KNOWLEDGE AND DATA ENGINEERING VOL XX NO Y DECEMBER

Using Tickets to Enforce the Serializabil ity of

Multidatabase Transactions

Dimitrios Georgakop oulos Marek Rusinkiewicz and Amit Sheth

Abstract To enforce global serializabilityinamulti

global transaction

database environmentthemultidatabase transaction man

ager must takeinto account the indirect transitive con

icts b etween multidatabase transactions caused bylocal

transactions Such conicts are dicult to resolve b ecause

MDBS

local transaction local transaction

the b ehavior or even the existence of lo cal transactions is

not known to the multidatabase system Toovercome these

g g g

k diculties we prop ose to incorp orate additional data ma

T T

nipulation op erations in the subtransactions of eachmul

tidatabase transaction We show that if these op erations

create direct conicts b etween subtransactions at each par

LDBS

ticipating lo cal database system indirect conicts can b e

resolved even if the multidatabase system is not aware of

their existence Based on this approach weintro duce opti

data

mistic and conservativemultidatabase transaction manage

base

ment metho ds that require the lo cal database systems to

assure only lo cal serializability The prop osed metho ds do

not violate the autonomy of the lo cal database systems and

guarantee global serializabilitybypreventing multidatabase

transactions from b eing serialized in dierentways at the

participating database systems Renements of these meth

Fig Multidatabase system architecture

o ds are also prop osed for multidatabase environments where

the participating database systems allowschedules that are

cascadeless or transactions have analogous execution and se

rialization orders In particular weshow that forced lo cal

systems havetosolve transaction managementmecha

conicts can b e eliminated in rigorous lo cal systems lo cal

nisms in MDBSs must also cop e with heterogeneity and

cascadelessness simplies the design of a global scheduler

autonomy of the participating LDBSs and that lo cal strictness oers no signicantadvantages over

cascadelessness

The most imp ortant heterogeneities from the p ersp ec

Keywords multidatabase transactions serializabilityin

tive of transaction management are dissimilarities in i

direct conicts tickets analogous execution and serializa

the transaction management primitives and related error

tion orders rigorous scheduling

detection facilities available through the LDBS interfaces

and ii the concurrency control commitment and recov

I Introduction

ery schemes used by the LDBSs

Lo cal autonomy is the most fundamental assumption of

ULTIDATABASE SYSTEM MDBS is a fa

the MDBS concept Autonomy sp ecies the degree of in

cility that supp orts global applications accessing

dep endence and control the LDBSs haveover their data

data stored in multiple databases It is assumed that the

Since total autonomy means lack of co op eration and com

access to these databases is controlled by autonomous and

munication and hence total isolation some less extreme

p ossibly heterogeneous Local Database Systems LDBSs

notions of LDBS autonomyhave b een prop osed in the lit

The MDBS architecture Figure allows local transac

erature GarciaMolina and Kogan ex

tions and global transactions to co exist Lo cal transac

plored the concept of no de site autonomy in the con

tions are submitted directly to a single LDBS while the

text of a distributed system Veijalainen classies the

multidatabase global transactions are channeled through

LDBS autonomy requirementinto design autonomy execu

the MDBS interface The ob jectives of a multidatabase

tion autonomy and communication autonomy In addition

transaction management are to avoid inconsistent retrievals

to these notions of autonomy Sheth and Larson identify

and to preserve the global consistency in the presence of

additional LDBS prop erties that preserve asso ciation au

multidatabase up dates These ob jectives are more di

tonomy In this pap er we consider that LDBS autonomy

cult to achieve in MDBSs than in homogeneous distributed

is not violated if the following two conditions are satised

database systems b ecause in addition to the problems

The LDBS is not mo died in anyway

caused by data distribution that all distributed database

The lo cal transactions submitted to the LDBS need

not to b e mo died in anyway eg to takeinto ac

D Georgakop oulos is with the Distributed Ob ject Computing De

partment GTE Lab oratories Incorp orated Sylvan Road MS

count that the LDBS participates in a MDBS

Waltham MA

Inamultidatabase environment the serializability of lo

M Rusinkiewicz is with the Department of Computer Science Uni

cal schedules is by itself not sucient to maintain multi

versity of Houston Houston TX

A Sheth is with Bellcore Ho es Lane PiscatawayNJ database consistencyTo ensure that global serializability

IEEE TRANSACTIONS ON KNOWLEDGE AND DATA ENGINEERING VOL XX NO Y DECEMBER

cal database management systems are discussed in Section is not violated lo cal schedules must b e validated bythe

III In Section IV weintro duce the concept of a ticket MDBS However the lo cal serialization orders are neither

and prop ose the Optimistic Ticket Method OTM for mul rep orted by the lo cal database systems nor can they b e

tidatabase transaction management To guarantee global determined by controlling the submission of global sub

serializability OTM requires that the LDBSs ensure lo cal transactions or observing their execution order To deter

serializability In Section V weintro duce the Conservative mine the serialization order of the global transactions at

Ticket Method CTM that also requires global transac each LDBS the MDBS must deal not only with direct con

tions to taketickets but is free from global restarts Varia icts that may exist b etween the subtransactions of multi

tions of OTM and CTM that use simpler global schedulers database transactions but also with the indirect conicts

but work only in multidatabase systems in which all lo cal that may b e caused by lo cal transactions Since the MDBS

systems are cascadeless are presented in Section VI In has no information ab out the existence and b ehavior of lo

Section VI I weintro duce the concept of implicit tickets cal transactions determining if an execution of global and

and prop ose the Implicit Ticket Method ITM whichdoes lo cal transactions is globally serializable is dicult An

not require subtransaction tickets but works only in multi example illustrating this problem is presented in the next

database environments where the participating LDBSs are section

rigorous Integrating the metho ds ab ove in mixed multi

Several solutions have b een prop osed in the literature

database schedulers is discussed in Section VI I I Finally

to deal with this problem however most of them are not

in Section IX we summarize our results

satisfactory The main problem with the ma jorityofthe

prop osed solutions is that they do not provide a wayofas

II Problems in maintaining global

suring that the op eration execution order of global trans

serializability and related work

actions which can b e controlled by the MDBS is reected

in the lo cal serialization order of the global transactions

Many algorithms that have b een prop osed for transac

pro duced by the LDBSs For example it is p ossible that a

tion management in distributed systems are not directly

global transaction G is executed and committed at some

applicable in MDBSs b ecause of the p ossibility of indirect

LDBS b efore another global transaction G but their lo

conicts caused by the lo cal transactions To illustrate this

cal serialization order is reversed In this pap er we address

point consider Figure which depicts the execution of two

this problem byintro ducing a technique that disallows such

multidatabase transactions G and G and a lo cal trans

lo cal schedules and enables the MDBS to determine the se

action T If a transaction G reads a data item awe draw

rialization order of global transactions in each participating

an arc from a to G An arc from G to a denotes that

i i

LDBS Our metho d do es not violate the lo cal autonomy

G writes a In our example the global transactions have

and is applicable to all LDBSs that ensure lo cal serializ

subtransactions in b oth LDBSs In LDBS G reads a and

ability Unlike other solutions that have b een prop osed in

G later writes it Therefore G and G directly conict

the literature our technique can b e applied to LDBSs that

in LDBS and the serialization order of the transactions

provide interfaces at the level of setoriented queries and

is G G In LDBS G and G access dierentdata

up dates eg SQL or QUEL

items G writes c and later G reads b Hence there is

Having established a metho d to determine the lo cal se

no direct conict b etween G and G in LDBS However

rialization order of global transactions in LDBSs wein

since the lo cal transaction T writes b and and reads c G

tro duce optimistic and conservative metho ds that enforce

and G conict indirectly in LDBS This indirect con

global serializability In addition we prop ose ecient

ict is caused by the presence of the lo cal transaction T

renements of these metho ds for multidatabase environ

In this case the serialization order of the transactions in

ments where the participating database systems use cas

LDBS becomes G T G

cadeless or rigorous schedulers Weshow that mul

Inamultidatabase environment the MDBS has control

tidatabase scheduling is simplied in multidatabase envi

over the execution of global transactions and the op erations

ronments where all lo cal systems are cascadeless Further

they issue Therefore the MDBS can detect direct conicts

simplications are p ossible if LDBSs use one of the many

involving global transactions such as the conict b etween

common schedulers that assure that transaction serializa

G and G at LDBS in Figure However the MDBS has

tion orders are analogous to their commitment order We

no information ab out lo cal transactions and the indirect

show that in suchmultidatabase environments the lo cal se

conicts they maycauseFor example since the MDBS

rialization order of global transactions can b e determined

has no information ab out the lo cal transaction T it cannot

by controlling their commitment order at the participat

detect the indirect conict b etween G and G at LDBS

ing LDBSs Although we address the problem of enforcing

Although b oth lo cal schedules are serializable the global

global serializability in the context of a multidatabase sys

schedule is nonserializable ie there is no global order

tem the solutions describ ed in this pap er can b e applied

involving G G and T that is compatible with b oth lo cal

to a Distributed Ob ject Management System

schedules

In the early work in this area the problems caused byin This pap er is organized as follows In Section I I we

direct conicts were not fully recognized In Gligor and identify the diculties in maintaining global serializability

Pop escuZeletin stated that a schedule of multidatabase in MDBSs and review related work The multidatabase

transactions is correct if multidatabase transactions have mo del and our assumptions and requirements towards lo

GEORGAKOPOULOS RUSINKIEWICZ SHETH ENFORCING THE SERIALIZABILITY OF MULTIDATABASE TRANSACTIONS

Limitingmultidatabase memb ership to the LDBSs

G G

that use strict schedulers By disallowing lo cal exe

cutions that are serializable but not strict this approach

places additional restrictions on the execution of b oth

global and lo cal transactions at each participating LDBS

A solution in this category called the PC Agent Metho d

was prop osed in The PC Agent Metho d assumes

LD B S a b c LD B S

that the participating LDBSs use twophase lo cking PL

schedulers and pro duce only strict schedules The

basic idea in this metho d is that strict LDBSs will not

p ermit lo cal executions that violate global serializability

However even lo cal strictness is not sucient To illus

trate this problem consider the LDBSs in Figure and

the following lo cal schedules

a ie G G aw LDBS r

G G

G G acommit w acommit LDBS r

LDBS r cw cr bw b ie G T G

G G G G

T G G T

G G commit bcommit bw br LDBS r

G G G G G

Fig Serial execution of multidatabase transactions may violate

The schedule at LDBS is serial In LDBS G and G are

serializability

b oth able to obtain readlo cks and read b Next G releases

its read lo ckonb and do es not acquire any more lo cks

G is able to obtain a write lo ck and up date b before G

the same relative serialization order at each LDBS they di

commits This execution is allowed by PL Strictness in

rectly conict Breitbart and Silb erschatz have shown

PL is satised if each transaction holds only its writelocks

that the correctness criterion ab ove is insucient to guar

until its end Therefore b oth schedules ab ove are strict

antee global serializability in the presence of lo cal transac

and are allowed by PL However global serializabilityis

tions They proved that the sucient condition for global

violated

consistency requires multidatabase transactions to havethe

same relative serialization order at all sites they execute

Assume conicts among global transactions when

The solutions to the problem of concurrency control in

ever they execute at the same site This idea has b een

MDBSs prop osed in the literature can b e divided into sev

used by Logar and Sheth in the context of distributed

eral groups

deadlo cks in MDBSs and by Breitbart et al for concur

rency control in the Amo co Distributed Database System

Observing the execution of the global transactions

ADDS Both approaches are based on the notion of the

at each LDBS The execution order of global transac

site graph In the ADDS metho d when a global transac

tions do es not determine their relative serialization order at

tion issues a subtransaction to a LDBS undirectededges are

each LDBS For example at LDBS in Figure the global

added to connect the no des of the LDBSs that participate

transaction G is executed b efore G but G precedes G

in the execution of the global transaction If the addition

in the lo cal serialization order there To determine lo cal

of the edges for a global transaction do es not create a cycle

conicts b etween transactions Logar and Sheth pro

in the graph multidatabase consistency is preserved and

p osed using the commands of the lo cal op erating system

the global transaction is allowed to pro ceed Otherwise

and DBMS to sno op on the LDBS Such an approach

inconsistencies are p ossible and the global transaction is

may not always b e p ossible without violating the auton

ab orted

omy of the LDBS

The site graph metho d do es not violate the lo cal au

tonomy and correctly detects p ossible conicts b etween Controlling the submission and execution order of

multidatabase transactions However when used for con global transactions Alonso et al prop osed to use site

currency control it has signicantdrawbacks First the lo cking in the altruistic locking proto col to prevent

degree of concurrency allowed is rather low b ecause mul undesirable conicts b etween multidatabase transactions

tidatabase transactions cannot b e executed at the same Given a pair of multidatabase transactions G and G the

LDBS concurrently Second since site lo cking uses an simplest altruistic lo cking proto col allows the concurrent

undirected graph to represent conicts not all cycles in execution of G and G if they access dierent LDBSs If

the graph corresp ond to globally nonserializable schedules there is a LDBS that b oth G and G need to access G

Third and more imp ortantly the MDBS using site graphs cannot access it b efore G has nished its execution there

has no way to determine when it is safe to remove the edges Du et al have shown that global serializabilitymay

of a committed global transaction The edge removal p ol b e violated even when multidatabase transactions are sub

icy used in the Serialization Graph Testing algorithm mitted serially ie one after the completion of the other

is not applicable in this case since the site graph is undi to their corresp onding LDBS The scenario in Figure il

rected To illustrate this problem consider the LDBSs in lustrates the ab ove problem G is submitted to b oth sites

Figure and the following lo cal schedules executed completely and committed Only then is G sub

a w acommit LDBS r mitted for execution nevertheless the global consistency

G G G

LDBS r cw ccommit r b may b e violated

T G G G

IEEE TRANSACTIONS ON KNOWLEDGE AND DATA ENGINEERING VOL XX NO Y DECEMBER

The MDBS pro cesses each global transaction G as fol Since G and G p erform op erations in b oth LDBSs the

lows First the MDBS decomp oses G to subtransactions site graph that corresp onds to the schedules ab ovecon

g g g The decomp osition of G is based on the tains a cycle b etween G and G To resolve the cycle

lo cation of the data ob jects G accesses For example if G the site graph metho d ab orts G Supp ose that the edges

accesses data ob jects on LDBS the MDBS issues a sub corresp onding to G are removed from the site graph imme

transaction g to carry out the op erations of G at LDBS diately following the commitmentof G IfG is restarted

i i

We assume that subtransactions generated by the MDBS after the commitmentof G itwillbeallowed to com

satisfy the following requirements mit since there is no cycle in the site graph Now supp ose

that after G commits a lo cal transaction T issues w b

There is at most one subtransaction p er LDBS for

and commits The execution of these op erations results in

each global transaction

the schedules shown in Figure that lo cally serializable

Like global transactions subtransactions consists of

but globally nonserializable Therefore if the edges cor

database op erations and transaction managementop

resp onding to a global transaction are removed from the

erations All subtransaction op erations can b e ex

site graph immediately following its commitment global

ecuted lo cally by the LDBS A subtransaction may

serializabilitymay b e violated

perform a preparetocommit op eration b efore issuing

The site graph metho d maywork correctly if the removal

Commit if the LDBS provides this op eration in its

of the edges corresp onding to a committing transaction is

interface

delayed However concurrency will b e sacriced In the

Subtransactions haveavisible preparedtocommit

scenario represented by Figure the edge corresp onding

state

to G can b e removed after the commitment of the lo cal

Wesay that a transaction enters its preparedtocommit

transaction T However the MDBS has no wayofdeter

state when it completes the execution of its database

mining the time of commitmentoreven the existence of the

op erations and leaves this state when it is committed or

lo cal transaction T This problem has b een recognized in

ab orted During this time all up dates reside in its private

workspace and b ecome p ermanent in the database when

the transaction is committed The preparedtocommit

Mo difying the lo cal database systems andor ap

state is visible if the application program in this case the

plications Pu has shown that global serializability

MDBS can decide whether the transaction should commit

can b e ensured if LDBSs present their lo cal serialization

or ab ort To pro cess G the MDBS submits the subtrans

orders to the MDBS Since traditional DBMSs usually do

actions of G to their corresp onding LDBSs To ensure that

not provide their serialization order Pu suggests mo difying

the logically indivisible action to commit or ab ort G is con

the LDBSs to provide it Pons and Vilarem prop osed

sistently carried out in the participating sites the MDBS

mo difying existing applications so that all transactions in

uses the twophase commit PC proto col Since

cluding lo cal ones are channeled through multidatabase

LDBSs may reside at remote sites an MDBS agent pro cess

interfaces Both metho ds mentioned here preservemulti

is asso ciated with each LDBS to submit Gs op erations to

database consistency but at the exp ense of partially vio

the LDBS and handle the exchange and synchronization of

lating the lo cal autonomy

all messages to and from the MDBS

Rejecting serializability as the correctness crite

A Local database management systems assumptions

rion The concept of sagas has b een prop osed

to deal with longlived transactions by relaxing transac

We assume that a LDBS provides the following features

tion atomicity and isolation Quasiserializability as

without requiring any mo dication

sumes that no value dep endencies exist among databases

Permits only serializable and recoverable sched

so indirect conicts can b e ignored Stransactions and

ules

exible transactions use transaction semantics to allow

Ensures failure atomicity and durability of transac

nonserializable executions of global transactions These

tions If a subtransaction fails or is ab orted the

solutions do not violate the LDBS autonomy and can b e

DBMS automatically restores the database to the state

used whenever the correctness guarantees they oer are ap

pro duced by the last lo cally committed transaction

plicable In this pap er we assume that the global schedules

Supp orts the begin commit and abort rol lback trans

must b e serializable

action management op erations Each subtransaction

can either issue a commit and install its up dates in

I I I The multidatabase system model

the database or issue an abor t to roll back its eects

Noties the transaction programs of any action it Global transactions consist of a transaction begin op er

takes unilaterally In particular it is assumed that a ation a partially ordered collection of read and write op

DBMS interface is provided to inform subtransaction erations and a commit or abort rol lback op eration In

programs when they are unilaterally ab orted bythe the following discussion we refer to the collection of the

LDBS For example to resolve a deadlo ckaDBMS read and write op erations p erformed by a transaction T

may roll back one eg the youngest of the transac as the database operations of T We use the term transac

tions involved and notify the killed transaction ab out tion management operations to refer to the nondatabase

the rollback eg by setting a ag in the program op eration p erformed by T

GEORGAKOPOULOS RUSINKIEWICZ SHETH ENFORCING THE SERIALIZABILITY OF MULTIDATABASE TRANSACTIONS

not unilaterally ab ort any transaction after it has entered communication area

its simulated preparedtocommit state Transactions in These features are supp orted by the ma jorityofcom

this state cannot b e involved in deadlo cks b ecause they mercial DBMSs including DB INGRES ORACLE and

have successfully p erformed all their op erations and have SYBASE Furthermore all the features describ ed ab ove

acquired all their lo cks The same is true for LDBSs that

comply with the SQL and RDA standards

use ab orts and restarts to resolve conicts For example Most DBMSs use high level languages eg SQL to sup

timestamp ordering ab orts a transaction when it issues

p ort setoriented queries and up dates In our discussion we

an op eration that conicts with some op eration p erformed mo del global transactions their subtransactions and lo cal

earlier byayounger transaction Therefore timestamp or transactions as collections of read and write op erations We

dering schedulers never ab ort transactions after they have

havechosen the readwrite transaction mo del to simplify

successfully issued all their op erations and entered their the discussion of problems in enforcing global serializability

simulated preparedtocommit state The b ehavior of op

in a multidatabase environment and we use this mo del to

timistic concurrency control proto cols is similar No describ e corresp onding solutions However the use of the

transaction is ever ab orted after it passes validation readwrite mo del neither limits the generality of the solu

tion prop osed in this pap er nor makes it more dicult to

While DBMSs do not ab ort transactions in this state

apply them in a LDBS that supp orts interfaces at the level

for concurrency control and recovery reasons it is p ossi

of setoriented queries and up dates To illustrate this we

ble to argue that DBMSs must set timeouts to avoid hav

have included an App endix that discusses implementation

ing idle transactions holding resources forever However

related issues for LDBS using SQL interfaces

due to the diculties in determining whether a subtrans

action is idle and for how long the only timeouts set

B The preparedtocommit state in a multidatabase envi

by most DBMSs are on outstanding op erations eg in

ronment

SYBASE and ORACLE Therefore when the last read

or write op eration of a subtransaction is completed the

Earlier in Section I I I we listed the assumption that

MDBS can b e certain that the subtransaction has entered

subtransactions have a visible preparedtocommit state

a state which in practice is no dierent from the prepared

Many database management systems designed using the

tocommit state required by PC In the rest of this pap er

clientserver architecture eg SYBASE provide a visible

we do not distinguish whether a visible preparedtocommit

preparedtocommit state and can directly participate in

state is simulated or is provided by lo cal systems Addi

amultidatabase system On the other hand if the LDBS

tional issues related to the problem of eectively providing

do es not explicitly provide such a state the MDBS can

a preparedtocommit state are discussed in

simulate it

To simulate the preparedtocommit state of a subtrans

IV The Optimistic Ticket Method OTM

action the MDBS must determine whether all database

op erations issued by the subtransaction have b een success

In this section we describ e a metho d for multidatabase

fully completed One way to accomplish this is to force a

transaction management called OTM that do es not vio

handshake after each op eration ie the MDBS must sub

late LDBS autonomy and guarantees global serializability

mit the op erations of each subtransaction one at a time

if the participating LDBSs ensure lo cal serializabilityThe

and wait for the completion of the previous database op

prop osed metho d addresses two complementary issues

eration b efore submitting the next one Alternativelythe

How MDBS can obtain information ab out the relative

RDA standard allows asynchronous submission of sev

serialization order of subtransactions of global trans

eral database op erations and provides a mechanism to in

actions at eachLDBS

quire ab out the status of eachofthem

How MDBS can guarantee that the subtransactions of

Consider the state of a subtransaction that has success

eachmultidatabase transaction have the same relative

fully nished all its op erations but is neither committed

serialization order in all participating LDBSs

nor ab orted To distinguish such a state from a prepared

In the following discussion we do not consider site fail

tocommit state we refer to it as the simulatedpreparedto

ures commitment and recovery of multidatabase transac

commit state The basic dierence b etween the prepared

tions are discussed among others in

tocommit state and the simulated preparedtocommit

state is that a transaction in the simulated state has no

A Determining the local serialization order

rm assurance from the DBMS that it will not b e unilater

OTM uses tickets to determine the relative serialization

ally ab orted However database management systems do

order of the subtransactions of global transactions at each

Any mention of pro duct or vendors in this pap er is done for back

LDBS A ticket is a logical timestamp whose value is

ground information or to provide an example of a technology for

illustrative purp oses and should not b e construed as either a p ositive

WoundWait deadlo ckavoidance technique may ab ort a trans or negative commentary on that pro duct or vendor Neither inclusion

action holding a lo ck b ecause some other transaction requests the of a pro duct or a vendor in this pap er nor omission of a pro duct or

same lo ck This is the only p olicy we are aware of that may ab ort avendor should b e interpreted as indicating a p osition or opinion of

a transaction in its simulated preparedtocommit state Since its use that pro duct or vendor on the part of the authors or of Bellcore Each

is limited in commercial DBMSs we do not consider it in this pap er reader is encouragedtomake an indep endent determinationofwhat

and assume that a transaction in the simulated preparedtocommit pro ducts are in the marketplace and whether particular features meet

state is not ab orted by its LDBS their individual needs

IEEE TRANSACTIONS ON KNOWLEDGE AND DATA ENGINEERING VOL XX NO Y DECEMBER

c t r t w c r t w t w r stored as a regular data item in each LDBS Eachsub

T G G G G G

transaction of a global transaction is required to issue

b b w r

T G

the TakeATicket op eration which consist of reading the

the tickets obtained by G and G would reect their rela

value of the ticket ie r tick et and incrementing it ie

tive serialization order there and the lo cal schedule would

w tick et through regular data manipulation op era

b e p ermitted by the lo cal concurrency control at LDBS

tions The value of a ticket and all op erations on tickets

Although the transactions in our example take their tick

issued at each LDBS are sub ject to lo cal concurrency con

ets at the b eginning of their execution transactions may

trol and other database constraints Only a single ticket

take their tickets at any time during their lifetime without

value p er LDBS is needed The TakeATicket op eration

aecting the correctness of the TakeATicket approach

do es not violate lo cal autonomy b ecause no mo dication of

Theorem formally proves that the tickets obtained by

the lo cal systems is required Only the subtransactions of

the subtransactions at each LDBS are guaranteed to re

global transactions havetotake tickets lo cal transactions

ect their relative serialization order

are not aected

Theorem The tickets obtained by the subtransactions

of multidatabase transactions determine their relativeseri

alization order

G G

Pro of Let g and g b e the subtransactions of global trans

i j

actions G and G resp ectively at some LDBS Without

i j

loss of generalitywe can assume that g takes its ticket

b efore g ie r tick et precedes r tick et in the lo cal

Z B

j g g

i j H

execution order Since a subtransaction takes its ticket rst

and then increments the ticket value only the following ex

t a b c t

LDBS LDBS

ecution orders are p ossible

E r tick etr tick etw tick et w tick et

g g g g

i j i j

E r tick etr tick etw tick et w tick et

g g g g

i j j i

E r tick etw tick et r tick etw tick et

g g g g

i i j j

However among these executions only E is serializable

and can b e allowed by the LDBS concurrency control

LDBS r t w t r ar t w t

G G G G G

Therefore g increments the ticket value b efore g reads

i j

w a ie G G

it and g obtains a larger ticket than g

j i

LDBS r cr t w t w cr t

T G G G G

Toshownowthat g can only b e serialized b efore g it

i j

w t r bw b ie G T G

G G T

is sucient to p oint out that the op erations to takeandin

crement the ticket issued rst by g and then by g create a

i j

direct conict g g This direct conict forces g and g

i j i j

to b e serialized according to the order in which they take

Fig The eects of the TakeATicket approach

their tickets More sp ecically if there is another direct

conict b etween g and g such that g g Figure

i j i j

Figure illustrates the eects of the TakeATicket pro

a or indirect conict caused by lo cal transactions such

cess on the example in Figure The ticket data items at

that g T T T g n Figure c

i n j

LDBS and LDBS are denoted by t and t resp ectively

the resulting schedule is serializable and b oth g and g are

i j

In LDBS the t values obtained by the subtransactions

allowed to commit In this case g is serialized b efore g

i j

of G and G reect their relative serialization order This

and this is reected by the order of their tickets However

schedule will b e p ermitted by the lo cal concurrency con

if there is a direct conict g g Figure b or an

j i

troller at LDBS InLDBS the lo cal transaction T causes

indirect conict g T T T g n Fig

j n i

an indirect conict such that G T G However

ure d the ticket conict g g creates a cycle in the

i j

by requiring the subtransactions to taketickets we force

lo cal serialization graph Hence this execution b ecomes

an additional conict G G This additional ticket

nonserializable and is not allowed by the LDBS concur

conict causes the execution at LDBS to b ecome lo cally

rency control Therefore indirect conicts can b e resolved

nonserializable Therefore the lo cal schedule

through the use of tickets by the lo cal concurrency control

r cr t w t w c r t w t

T G G G G G

even if the MDBS cannot detect their existence

r b w b

G T

An implementation of tickets and the TakeATicket op

will b e not allowed by the lo cal concurrency control ie

eration in LDBSs using SQL is describ ed in App endix I

the subtransaction of G or the subtransaction of G or T

will b e blo cked or ab orted

B Enforcing global serializability

On the other hand if the lo cal schedule in LDBS were

To maintain global consistency OTM must ensure that

for example

the subtransactions of each global transaction havethe

This may create a hot sp ot in the LDBSs However since only

same relative serialization order in their corresp onding

subtransactions of multidatabase transactions and not lo cal LDBS

LDBSs Since the relative serialization order of the

transactions have to comp ete for tickets we do not consider this to

subtransactions at each LDBS is reected in the values of b e a ma jor problem aecting the p erformance of our metho d

GEORGAKOPOULOS RUSINKIEWICZ SHETH ENFORCING THE SERIALIZABILITY OF MULTIDATABASE TRANSACTIONS

multidatabase transaction G If the ticket obtained bya

g g

i j

subtransaction of G at some LDBS is smaller larger than

the ticket of the subtransaction of G there an edge G

c c

G G G is added to GSG If all such edges can

b e added without creating a cycle in GSG G is validated

Otherwise G do es not pass validation its no de together

g g

i j

with all incident edges is removed from the graph and G

is restarted This validation test is enclosed in a single

critical section

G is also restarted if at least one LDBS forces a sub

T T T

transaction of G to ab ort for lo cal concurrency control

reasons eg lo cal deadlo ck or its timeout expires eg

global deadlo ck If more than one of the participating

LDBSs uses a blo cking mechanism for concurrency con

trol the timeouts mentioned ab ove are necessary to resolve

g g

i j

global deadlo cks

The timeout assigned to a global transaction G is based

on a conservative estimate of the exp ected execution time

T T T

of G If it is dicult to estimate the exp ected duration of

B a global transaction G an alternative solution is to set a

dierent timeout for each subtransaction of G The latter

timeout strategy can b e combined with a waitfor graph

WFG The WFG is maintained by the MDBS and has

g g

i j

LDBSs as no des If a cycle is found in the WFG and

the cycle involves LDBSs that use a blo cking scheme to

synchronize conicting transactions a deadlo ck is p ossible

ticket conicts

MDBSs that maintain a WFG can resolve global deadlo cks

transaction conicts

by setting timeouts only for op erations issued at LDBSs

Fig The eects of ticket conicts in OTM

that are involved in a WFG cycle and in addition use

blo cking to enforce lo cal serializability and recoverability

In this pap er we do not discuss timeout strategies further

their tickets the basic idea in OTM is to allowthesub

b ecause the choice of the timeout strategy do es not eect

transactions of each global transaction to pro ceed but com

the correctness of OTM A decentralized deadlo ckfree re

mit them only if their ticket values have the same relative

nement of the Optimistic Ticket Metho d is describ ed in

order in all participating LDBSs This requires that all sub

transactions of global transactions have a visible prepared

As wementioned the serialization graph must contain

tocommit state

only the no des corresp onding to recently committed global

OTM pro cesses a multidatabase transaction G as follows

transactions Belowweprovide a condition for safe removal

Initially it sets a timeout for G and submits its subtrans

of transaction no des from the serialization graph

actions to their corresp onding LDBSs All subtransactions

Lemma A no de corresp onding to a committed trans

are allowed to interleave under the control of the LDBSs

action G can b e safely removed from the serialization

until they enter their preparedtocommit state If they

graph if it has no incoming edges and all transactions that

all enter their preparedtocommit states they wait for the

were active at the time G was committed are either com

OTM to validate GThevalidation can b e p erformed us

mitted or ab orted When a no de is removed from the

ing a Global Serialization Graph GSG test The no des

graph all edges incident to the no de can b e also removed

in GSG corresp ond to recently committed global trans

Pro of For a transaction no de to participate in a serial

actions For anypairofrecently committed global transac

ization cycle it must have at least one incoming edge No

c c c c

tions G and G GSG contains a directed edge G G

i j i j

transaction started after the commitmentof G can take

if at least one subtransaction of G was serialized b efore

its tickets b efore G so it cannot add incoming edges to

obtained a smaller ticket than the subtransaction of G

c c

thenodeofG Since we assume that G has no incoming

in the same LDBS A strategy for no de removal from the

Including the validation test in a critical section has b een origi

GSG is presented in Lemma b elow

nally prop osed by Kung and Robinson in Several schemes have

Initially GSG contains no cycles During the validation

b een prop osed in the literature eg the parallel validation schemes

of a global transaction G OTM rst creates a no de for

in to deal with the p ossibility of b ottlenecks caused by

such critical sections Although we could haveadoptedany of these

G in GSG Then it attempts to insert edges b etween Gs

schemes there is no evidence that they allow more throughput than

no de and no des corresp onding to every recently committed

p erforming transaction validation serially ie within a critical sec

tion as in OTM Most commercial implementations of optimistic con

currency control proto cols havechosen serial validation over parallel Other validation tests such as the certication scheme prop osed in

validation for similar reasons eg Datacycle can b e also used to validate global transactions

IEEE TRANSACTIONS ON KNOWLEDGE AND DATA ENGINEERING VOL XX NO Y DECEMBER

edges and all transactions that were active at the time G

a Preferred ticketing in a LDBS using PL

was committed are nished the no de corresp onding to G

will b e never involved in a serialization cycle Therefore is

lo ck t

can b e safely removed from the serialization graph

The following theorem proves the correctness of OTM

Theorem OTM guarantees global serializabilityifthe

following conditions hold

the concurrency control mechanisms of the LDBSs en

sure lo cal serializability

eachmultidatabase transaction has at most one sub

transaction at each LDBS and

b Preferred ticketing in a LDBS using TO

each subtransaction has a visible preparedtocommit

let tsg tsg

state

Pro of Wehave already shown that the order in whichsub

transactions take their tickets reects their relative serial

ization order Theorem After the tickets are obtained

abort g g

by a global transaction at all sites it executes OTM p er

forms the global serialization test describ ed earlier in this

section Global transactions pass validation and are al

lowed commit only if their relative serialization order is the

wt rt

same at all participating LDBSs Lemma shows that the

the serialization test involving only the recently committed

transactions is sucienttoguarantee global serializability

abort

wt rt

C Eect of the ticketing time on the performanceofOTM

OTM can pro cess anynumber of multidatabase transac

c Preferred ticketing in a LDBS using OCC

tions concurrentlyeven if they conict at multiple LDBS

However since OTM forces the subtransactions of multi

database transactions to directly conict on the ticket it

may cause some subtransactions to get ab orted or blo cked

b ecause of ticket conicts Figure b Since subtrans

actions may take their tickets at any time during their

validation

lifetime without aecting the correctness of OTM opti

g abort g

serial

mization based on the characteristics of each subtransac

Q g

parallel

tion eg numb er time and typ e of the data manipulation

abort g wt

op erations issued or their semantics is p ossible For ex

ample if all global transactions conict directly at some

LDBS there is no need for them to take tickets To deter

Fig Preferred ticketing in LDBSs

mine their relative serialization order there it is sucient

to observe the order in which they issue their conicting

op erations

and releases its ticket lo ck it gets blo cked until g is com

Cho osing the right time to to take a ticket during the

mitted The ticket values always reect the serialization

lifetime of a subtransaction can minimize the synchroniza

order of the subtransactions of multidatabase transactions

tion conicts among subtransactions For example if a

but ticket conicts are minimized if g takes its ticket as

LDBS uses PL it is more appropriate to take the ticket

close as p ossible to its commitmenttime

immediately b efore a subtransaction enters its prepared

tocommit state Toshow the eect of this convention con If a LDBS uses timestamp ordering TO Figure

sider a LDBS that uses PL for lo cal concurrency control b it is b etter to obtain the ticket when the subtransac

Figure a PL requires that each subtransaction sets tion b egins its execution TO assigns a timestamp tsg

a write lo ck on the ticket b efore it increments its value to a subtransaction g when it b egins its execution Let g

Given four concurrent subtransactions g g g and g b e another subtransaction such that tsg tsg If the

g do es not interfere with g which can take its ticket and ticket obtained by g has a larger value than the ticket of

commit b efore g takes its ticket Similarly g do es not in g then g is ab orted Clearlyifg increments the ticket

terfere with g so g can take its ticket and commit b efore value b efore g then since g is younger than g either

g takes its ticket However when g attempts to takeits tick etand tick et conicts with the w tick etorw r

g g g

ticket after g has taken its ticket but b efore g commits g is ab orted Hence only g is allowed to incrementthe

GEORGAKOPOULOS RUSINKIEWICZ SHETH ENFORCING THE SERIALIZABILITY OF MULTIDATABASE TRANSACTIONS

a global transaction G obtains its ticket b efore another ticket value b efore g Similarlyif g reads the ticket b e

global transaction G at some LDBS If in another LDBS tick etit fore g increments it then when g issues w

j g

G is able to obtain its ticket b efore G the MDBS sched tick et op eration issued b efore and conicts with the r

j i g

uler ab orts and restarts either G or G to disallow the glob g is ab orted Therefore given that tsg tsg either

i j

ally nonserializable execution of their ticket op erations In g takes its ticket b efore g or g is ab orted Hence it is

multidatabase systems in which the participating LDBSs b etter for subtransactions to take their tickets as close as

use blo cking for lo cal concurrency control the incompati p ossible to the p oint they are assigned their timestamps

ble orders in which G and G take their tickets in dierent under TO ie at the b eginning of their execution

i j

LDBSs causes a global dead lockTo resolve such a global

Another signicant optimization can b e used to com

deadlo ck the OTM scheduler ab orts and restarts the global

pletely eliminate tickets in LDBSs that use TO schedulers

transaction whose timeout expires rst If the LDBSs do

Let g and g b e a pair of subtransactions that do not take

not use blo cking for lo cal concurrency control then incom

tickets Since transactions under the control of a TO sched

patible execution orders of ticket op erations cause a cycle

uler are assigned their timestamp some time b etween their

in the GSG In this case the global transaction that enters

submission and the time they complete their rst database

global validation last is rejected and the OTM scheduler

op eration the global scheduler can ensure that g obtains

ab orts it

a lo cal timestamp smaller than the timestamp of g by

delaying the submission of g until g completes its rst

In this section we describ e CTM a metho d for multi

database op eration By using this technique the global

database transaction management that eliminates global

scheduler can ensure that the submission order of the sub

restarts Like OTM CTM requires subtransactions of

transactions determines their lo cal serialization order and

global transactions to taketickets at their corresp onding

that g is serialized b efore g in the lo cal system

LDBSs However unlike OTM CTM controls the order

Finally if a LDBS uses an optimistic concurrency control

in which the subtransactions take their tickets Toavoid

OCC proto col there is no b est time for the subtrans

global restarts CTM ensures that the relative order in

actions to take their tickets Figure c Transactions

which global transaction take their tickets is the same in

under the control of OCC have a read phase that is followed

all participating LDBS

byavalidation phase OCC uses transaction readsets and

CTM requires that all subtransactions of global trans

writesets to validate transactions Only transactions that

actions have a visible preparedtoTakeATicket state in

pass validation enter a write phase Thus each subtrans

addition to a visible preparedtocommit state A subtrans

action g reads the ticket value b efore it starts its serial

action enters its preparedtoTakeATicket state when it

or parallel validation but increments it at the end of its

successfully completes the execution of all its database op

write phase If another transaction g is able to increment

erations that precede the TakeATicket op erations and

the ticket in the meantime g do es not pass validation and

leaves this state when it reads the ticket value The visible

is restarted

preparedtoTakeATicket state can b e provided bythe

The basic advantages of OTM are that it requires the

multidatabase system by employing the same techniques

lo cal systems to ensure only lo cal serializability and that

that simulate the preparedtocommit state For exam

the optimistic global scheduler imp oses no restrictions on

ple one waytomake the preparedtoTakeATicket state

the lo cal execution of global transactions Its main disad

of a subtransaction visible is to force a handshake after

vantages are the following

each database op eration that precedes the TakeATicket

under optimistic scheduling global restarts are p ossi

op erations That is if all op erations that precede the

ble

TakeATicket op erations are completed successfullythe

the global scheduler must maintain a GSG and

MDBS can b e certain that the subtransaction has entered

tickets intro duce additional conicts b etween global

its preparedtoTakeATicket state Wesay that a global

transactions whichmay not conict otherwise

transaction b ecomes prepared to take its tickets when al l

In the following three sections we describ e solutions that

its subtransactions enter their preparedtoTakeATicket

address these issues resp ectively

state

CTM pro cesses a set G of global transactions as follows

V The Conservative Ticket Method CTM

Initially the CTM sets a timeout for each global trans

action in G and then submits its subtransactions to the OTM do es not aect the way in which the LDBSs han

corresp onding LDBSs The subtransactions of all global dle the execution of global transactions up to the p ointin

transactions are allowed to interleave under the control which their subtransactions enter their preparedtocommit

of the LDBSs until they enter their preparedtoTakeA state Optimistic global schedulers based on uncontrolled

Ticket state Without loss of generality supp ose that the lo cal execution of the global subtransactions such as OTM

subtransactions of global transactions G G G in are easier to implement and in some cases allow more con

G b ecome prepared to take their tickets b efore their time currency than conservativeschedulers However since op

out expires Furthermore supp ose that a subtransaction timistic global schedulers allow global transactions to take

of G enters its preparedtoTakeATicket state after all their tickets in any order they suer from global restarts

subtransactions of G b ecome prepared to take their tick caused by outoforder ticket op erations To explain the

ets ie G b ecomes prepared to take its tickets b efore problem of global restarts consider a situation in which

IEEE TRANSACTIONS ON KNOWLEDGE AND DATA ENGINEERING VOL XX NO Y DECEMBER

actions that previously wrote it commit or ab ort G a subtransaction of G b ecomes prepared to takeits

ticket after all subtransactions of G enter their prepared

Many commercial DBMSs allow only strict schedules to

toTakeATicket state ie G b ecomes prepared to take

eliminate cascading ab orts and also to b e able to en

its tickets b efore G and a subtransaction of G en

sure database consistency when b efore images are used for

ters its preparedtoTakeATicket state after all subtrans

database recovery

actions of G b ecome prepared to take tickets ie G

From the p ersp ective of the multidatabase scheduler

k k

b ecomes prepared to take its tickets b efore G The CTM

the cascadelessness of the LDBSs is imp ortant b ecause it

allows the subtransactions of such global transactions G

can b e used to eliminate the GSG Global Serialization

G G to take their tickets in the following order

Graph test required byOTMTotakeadvantage of cas

the subtransactions of G take their tickets b efore the sub

cadeless LDBSs weintro duce a renement of OTM called

transactions of G the subtransactions of G take tickets

the Cascadeless OTM Like OTM the Cascadeless OTM

b efore the subtransactions of G the subtransactions

ensures global serializabilitybypreventing the subtransac

of G take their tickets b efore the subtransactions of G

tions of eachmultidatabase transaction from b eing serial

k k

Global transactions are allowed to commit only if all

ized in dierentways at their corresp onding LDBSs Unlike

their subtransactions successfully take their tickets and re

OTM Cascadeless OTM takes advantage of the fact that if

p ort their preparedtocommit state On the other hand

all LDBSs pro duce cascadeless schedules then global trans

the MDBSs ab ort and restart anymultidatabase trans

actions cannot taketickets and commit unless their tickets

action that has a subtransaction that did not rep ort its

have the same relative order at all LDBSs

preparedtocommit state b efore its timeout expired Lo

Cascadeless OTM pro cesses each global transaction G

cal optimizations discussed in Section IVC can also b e

as follows Initially the MDBS sets a timeout for G and

applied on CTM

submits its subtransactions to the appropriate LDBSs All

Theorem CTM guarantees global serializabilityand

subtransactions are allowed to interleave under the control

it is free of global restarts if the following conditions are

of the LDBSs until they enter their preparedtocommit

satised

state If all subtransactions of G take their tickets and re

the concurrency control mechanisms of the LDBSs en

p ort their preparedtocommit state the Cascadeless OTM

sure lo cal serializability

allows G to commit Otherwise the MDBSs ab ort and

eachmultidatabase transaction has at most one sub

restart any global transaction that has a subtransaction

transaction at each LDBS and

that did not rep ort its preparedtocommit state b efore the

each subtransaction has a visible preparedtoTakeA

timeout of G expired Lo cal optimizations mentioned in

Ticket and a visible preparedtocommit state

Section IVC can b e also applied on Cascadeless OTM

Pro of Without loss of generality supp ose that global

Theorem Cascadeless OTM guarantees global serial

transactions in a set G b ecome prepared to take their tick

izability if the following conditions are satised

ets in the following order G G G Under the

the concurrency control mechanisms of the LDBSs en

control of CTM G takes all its tickets b efore G takes

sure lo cal serializability and cascadelessness

its tickets G takes tickets b efore G G takes its

eachmultidatabase transaction has at most one sub

tickets b efore G Since CTM ensures that the relative

transaction at each LDBS and

order in which the subtransactions of each global transac

each subtransaction has a visible preparedtocommit

tion take their tickets is the same in all participating LDBS

state

and wehave proven that the order in which the subtrans

Pro of Wehave already shown that the order in which

actions take their tickets reects their relative serialization

the subtransactions take their tickets reects their relative

order Theorem CTM guarantees global serializability

serialization order Theorem Toprove that global se

and avoids global restarts due to ticket conicts

rializability is enforced without a GSG test consider any

Another imp ortant prop erty of CTM is that it do es not

pair of global transactions G and G in a set G having

i j

require a GSG Hence the global CTM scheduler is simpler

subtransactions in multiple LDBSs including LDBS and

than the global OTM scheduler An optimistic scheduler

LDBS Without loss of generality assume that at LDBS

l k

that do es not require a GSG is describ ed next

the subtransaction of G takes its ticket b efore the sub

transaction of G but at LDBS the subtransaction of G

j l j

VI Cascadeless Tickets Methods

takes its ticket b efore the subtransaction of G Since the

LDBSs are cascadeless G cannot write its ticket value at To ensure correctness in the presence of failures and

LDBS b efore G commits and G cannot write its ticket at to simplify recovery and concurrency control transaction

k i i

LDBS before G commits Therefore there are two p ossi management mechanisms used in database management

l j

ble outcomes for the execution of a global transaction under systems often ensure not only serializability and recover

ability but also one of the prop erties dened b elow

Cascadeless OTM Either the tickets of its subtransactions

have the same relative order at all LDBSs and global seri

A transaction management mechanism is cascadeless

alizability is ensured or it has at least one subtransaction

if each transaction may read only data ob jects

that cannot commit

written by committed transactions

Like the OTM the Cascadeless OTM is not free of global A transaction management mechanism is strict if

restarts A Cascadeless CTM which is similar to CTM can no data ob ject may b e read or written until the trans

GEORGAKOPOULOS RUSINKIEWICZ SHETH ENFORCING THE SERIALIZABILITY OF MULTIDATABASE TRANSACTIONS

xofT in S and these op erations cedes an op eration op b e used to deal with global restarts

j T

conict at least one of these op erations is a write then

While lo cal cascadelessness can b e used to simplify the

in S precedes commit commit global optimistic scheduler ie there is no need to main

T T

j i

tain a GSG strictness oers no additional advantages over

A transaction managementmechanism is strongly recov

cascadelessness In the following section we showthatif

erable if its pro duces only strongly recoverable schedules

the schedulers of lo cal systems meet additional conditions

In wehaveshown that if a transaction management

ticket conicts can b e eliminated

mechanism is strongly recoverable it pro duces conict se

rializable schedules in which transaction execution and se

VI I Implicit Tickets and the Implicit Ticket

rialization orders are analogous The signicance of strong

Method ITM

recoverability in simplifying the enforcement of global seri

alizabilityinmultidatabase systems has b een recognized in

Wehave argued that the basic problem in multidatabase

the literature For example the notion of commitment or

concurrency control is that the lo cal serialization orders do

dering prop osed in as a solution to enforce global

not necessarily reect the order in which global transac

serializability without taking tickets is identical to strong

tions are submitted p erform their op erations or commit in

recoverability

the LDBSs To deal with this problem wehaveintro duced

Although strongly recoverable schedulers can b e realized

the concept of the ticket and prop osed several metho ds that

in real DBMSs most real transaction management mech

must take tickets to ensure global serializabilityHowever

anisms pro duce schedules that satisfy stronger prop erties

tickets intro duce additional conicts b etween global trans

that are easier to enforce

actions that may not conict otherwise Thus it is desir

The notion of rigorous schedules dened next ef

able to eliminate tickets whenever p ossible In the following

fectively eliminates conicts b etween uncommitted trans

sections we identify classes of schedules that include events

actions Thus it provides an even simpler way to ensure

that can b e used to determine the lo cal serialization or

that transaction execution and serialization orders are anal

der of transactions without forcing conicts b etween global

ogous

transactions We refer to suchevents as implicit tickets

Denition Aschedule is rigorous if the following two

A Determining the local serialization order

conditions hold i it is strict and ii no data item is writ

ten until the transactions that previously read it commit

In Section IVC wehave discussed how to eliminate

or ab ort

tickets in LDBSs that use TO for lo cal concurrency con

Wesay that a transaction managementmechanism is

trol This approach can b e applied to all LDBSs that allow

rigorous if it pro duces rigorous schedules and we use the

transactions to commit only if their resp ective lo cal serial

term rigorous LDBS to refer to a LDBS that uses a rigor

ization order reect their lo cal submission order That is

ous scheduler In wehaveshown that if a transaction

in the sub class of LDBSs that allowschedules in whichthe

managementmechanism ensures rigorousness it pro duces

transaction submission order determines their serialization

conict serializable schedules in which transaction exe

order the order transactions issue their beg in op erations

cution and serialization orders are analogous In we

constitutes their implicit tickets

proved that the class of rigorous schedules is a sub class of

Another imp ortant class of lo cal systems in which global

strongly recoverable schedules

transactions do not have to taketickets includes LDBSs

The class of rigorous transaction managementmecha

that allow only schedules in which the lo cal commitment

nisms includes several common conservativeschedulers

order of transactions determines their lo cal serialization or

such as conservativeTOandrigorous twophase

der ie the order transactions p erform their commit op

lo cking PL ie the variant of strict PL under which

erations constitutes their implicit tickets In we

a transaction must hold its read and write lo cks until it

have dened the class of schedules that transactions have

terminates Rigorous variations of TO and optimistic con

analogous execution commitment and serialization order

currency control proto cols havebeenintro duced in

as follows

However while many conservativeschedulers are rigor

Denition Let S b e a serializable schedule Wesay

ous enforcing rigorousness is to o restrictive for optimistic

that the transactions in S have analogous execution and

schedulers ie rigorous optimistic schedulers b ehave like

serialization order if for any pair of transactions T and

conservativeschedulers

T such that T is committed b efore T in S T is also

j i j i

The following class of schedules p ermits optimistic syn

serialized b efore T in S

chronization of op erations

The prop erty of analogous execution and serialization

Denition Aschedule is semirigorous if its commit

orders applies to b oth view serializable and conict seri

ted pro jection is rigorous

alizable schedules and is dicult to enforce directlyThe

Semirigorousness p ermits validation of transactions af sub class of schedules that are conict serializable and have

analogous executions and serialization order is character

ter they have nished all their op erations Therefore it

ized in terms of strong recoverability dened b elow

simplies the design of optimistic schedulers Most real

optimistic schedulers including the schedulers describ ed Denition Let S be a schedule WesaythatS is

in allow only semirigorous schedules While semi strongly recoverable if for any pair of committed transac

rigorousness simplies optimistic concurrency control it tions T and T whenever an op eration op xofT pre

i j T i i

IEEE TRANSACTIONS ON KNOWLEDGE AND DATA ENGINEERING VOL XX NO Y DECEMBER

controls the commitment order and thus the serialization

view serializability

order of multidatabase subtransactions as follows

Assuming rigorous LDBSs ITM guarantees that for any

pair of multidatabase transactions G and G either the

conict serializability

i j

subtransactions of G are committed b efore the subtrans

actions of G or the subtransactions of G are committed

j j

prior to the subtransactions of G This can b e easily en

i strong recoverability

forced by a distributed agreement proto col such as the PC

semirigorousness

proto col

ITM pro cesses a set G of global transactions as follows

Initially the ITM sets a timeout for each global trans

rigorousness

action in G and then submits its subtransactions to the

corresp onding LDBSs The subtransactions of all global

transactions are allowed to interleave under the control

of the LDBSs until they enter their preparedtocommit

state Without loss of generality supp ose that the sub

transactions of global transactions G G G in G

k analogous execution and

serialization orders

b ecome prepared to commit b efore their timeout expires

Furthermore supp ose that a subtransaction of G enters

its preparedtocommit state after all subtransactions of G

Fig Relationship among analogous execution and serialization

b ecome prepared to commit a subtransaction of G be

orders strong recoverability semirigorousness and rigorousness

comes prepared to commit after all subtransactions of G

enter their preparedtocommit state and a subtrans

action of G enters its preparedtocommit state after all

subtransactions of G b ecome prepared to commit The

do es not ensure recoverability as it is dened in There

ITM allows the subtransactions of such global transactions

fore most optimistic schedulers ensure cascadelessness or

to commit in the following order the subtransactions of

strictness in addition to semirigorousness For example

G b efore the subtransactions of G the subtransactions

schedulers that use the optimistic proto col with serial vali

of G b efore the subtransactions of G the subtrans

dation p ermit schedules that in addition to b eing semi

actions of G b efore the subtransactions of G Global

rigorous that are also strict

k k

transactions that have one or more subtransactions that

The class of semirigorous schedules includes the sup er

do not rep ort their preparedtocommit state b efore their

class of rigorous schedules and is a sub class of strongly re

timeout expires are ab orted and restarted by the MDBS

coverable schedules The relationship among analogous ex

Theorem ITM ensures global serializability if the fol

ecution and serialization orders strong recoverabilitysemi

lowing conditions hold

rigorousness and rigorousness is depicted in Figure

the concurrency control mechanisms of the LDBSs en

Finally note that strictness is not sucient to ensure

sure analogous executions and serialization orders

that the transaction execution order is analogous to the

eachmultidatabase transaction has at most one sub

transaction serialization order For example if we assume

transaction at each LDBS and

that transactions commit immediately after they complete

each subtransaction has a visible preparedtocommit

their last op eration the schedule at LDBS in Figure is

state

strict but the the execution order of the transactions is

not analogous to their serialization order

Pro of Without loss of generality supp ose that global

transactions in a set G enter their prepared to commit state

B Enforcing global serializability

in the following order G G G Under the control

of ITM the subtransaction of G commit b efore the sub

To take advantage of LDBSs that allow only analogous

transactions of G the subtransaction G commit b efore

execution and serialization orders weintro duce the Im

the subtransaction of G and the subtransactions of

plicit Ticket Method ITM Like OTM ITM ensures global

G commit b efore the subtransactions of G Since ITM

k k

serializabilitybypreventing the subtransactions of each

ensures that the relative order in which the subtransactions

multidatabase transaction from b eing serialized in dier

of each global transaction commit is the same in all partic

entways at their corresp onding LDBSs UnlikeOTMITM

ipating LDBSs and the LDBSs ensure that the subtransac

do es not need to maintain tickets and the subtransactions

tion commitment order reects their relative serialization

of global transactions do not need to take and increment

order ITM guarantees global serializability

tickets explicitly In LDBSs that allow only analogous ex

ecution and serialization orders the implicit ticket of each

VI I I Mixed Methods

subtransaction executed there is determined by its commit

In a multidatabase environment where rigorous cascade ment order That is the order in whichwe commit sub

less and noncascadeless LDBSs participate mixed ticket transactions at each LDBS determines the relativevalues of

metho ds that combine two or more of the metho ds de their implicit tickets Toachieve global serializabilityITM

GEORGAKOPOULOS RUSINKIEWICZ SHETH ENFORCING THE SERIALIZABILITY OF MULTIDATABASE TRANSACTIONS

in all participating LDBSs OTM requires LDBSs to guar scrib ed in the previous sections of this pap er can b e used

antee only lo cal serializability The basic idea in OTM is to ensure global serializability In this section we describ e a

to create direct conicts b etween multidatabase transac mixed ticket metho d that combines OTM CTM and their

tions at each LDBS that allow us to determine the relative cascadeless variations with ITM

serialization order of their subtransactions

A mixed metho d pro cesses a multidatabase transaction

G as follows

Wehave also intro duced a Conservative Ticket Metho d

CTM Under CTM global transactions must taketickets Sets a timeout for G and submits its subtransactions

but CTM do es not require global serialization testing and

to the corresp onding LDBSs

eliminates global restarts due to failed validation Rene Subtransactions that are controlled by ITM OTM

ments of OTM and CTM for multidatabase environments and the cascadeless variation of OTM are allowed to

where all participating LDBSs are cascadeless may use

interleaveuntil they enter their preparedtocommit

simpler global schedulers Unless the subtransactions of state Subtransactions that are controlled byCTM

multidatabase transactions take their tickets at approxi

and the cascadeless CTM are allowed to pro ceed until

mately the same time eg the subtransactions of each they enter their preparedtoTakeATicket state

global transaction take their tickets at the end of their exe If all subtransactions under the control of OTM and

cution and their duration is approximately the same con

the cascadeless OTM take tickets and rep ort their

servativeticket metho ds may allow a higher throughput preparedtocommit state global validation is applied

than the corresp onding optimistic ticket metho ds to make sure that these subtransactions are serialized

the same wayIfG do es not pass global validation it

Totakeadvantage of additional prop erties of LDBSs

is ab orted

we prop osed the Implicit Ticket Metho d ITM eliminates

Subtransactions under the control of CTM and the

ticket conicts but works only if the participating LDBSs

cascadeless CTM are allowed to take their tickets ac

disallowschedules in which transaction execution and se

cording to the serialization order of G determined ear

rialization orders are not analogous ITM uses the lo cal

lier by the validation pro cess To ensure this the

commitment order of each subtransaction to determine its

mixed metho d delays the TakeATicket op erations of

implicit ticket value It achieves global serializabilityby

the subtransactions of G that execute under the con

controlling the commitment execution order and thus the

trol of CTM and the cascadeless CTM until there is

serialization order of multidatabase transactions Com

no uncommitted global transaction G such that

pared to the the ADDS approach and Altruistic Lo cking

G has subtransactions that have not taken their tick

ITM can pro cess anynumber of multidatabase transactions

ets and

concurrentlyeven if they have concurrent and conicting

there is at least one LDBS in which the subtransac

subtransactions at multiple sites Both OTM and ITM do

tion of G has taken its ticket b efore the subtrans

not violate the autonomy of the LDBSs and can b e com

action of G

bined in a single comprehensivemechanism

If there is no global transaction that satises these

Analogous transaction execution and serialization orders

conditions the mixed metho d allows the the subtrans

is a very useful prop erty in a MDBS For example it can b e

actions of G to take their tickets under the control of

shown that the ADDS scheme Altruistic Lo cking

CTM

and PC Agent Metho d pro duce globally serial

If all subtransactions of G enter their preparedto

izable schedules if the participating LDBSs disallowsched

commit states the mixed metho d commits G Other

ules in which transaction execution and serialization orders

global transactions are allowed to commit either b e

are not analogous Similarly quasiserializable schedules

fore the rst subtransaction of G commits or after

b ecome serializable if all LDBSs p ermit only analo

the commitment of all subtransactions of G

gous transaction execution and serialization orders On the

If the timeout expires in any of these steps the

other hand if the lo cal systems allowschedules in which

MDBSs ab orts and restarts G

transaction execution and serialization orders are not anal

Simpler mixed metho ds eg combining only optimistic

ogous these metho ds may lead to schedules that are not

or only conservative ticket metho ds can b e develop ed sim

globally serializable

ilarly

Another imp ortant nding is that lo cal strictness in a

multidatabase environment oers no advantage over cas

IX Summary and Conclusion

cadelessness in simplifying the enforcement of global seri

alizability

Enforcing the serializability of global transactions in a

MDBS environmentismuch harder than in distributed

Further research and prototyping are currently p er

databases systems The additional diculties in this envi

formed at GTE Lab oratories Bellcore and the University

ronment are caused by the autonomy and the heterogeneity

of Houston These activities include p erformance evalua

of the participating LDBSs

tion of the prop osed ticket metho ds and b enchmarking of

a prototyp e implementation Current research conducted To enforce global serializabilityweintro duced OTM an

at GTE Lab oratories includes adaptation of ticket meth optimistic multidatabase transaction managementmecha

o ds to provide consistency in a Distributed Ob ject Man nism that p ermits the commitmentofmultidatabase trans

agement System DOMS in which global transactions actions only if their relative serialization order is the same

IEEE TRANSACTIONS ON KNOWLEDGE AND DATA ENGINEERING VOL XX NO Y DECEMBER

access homogeneous ob jects that encapsulate autonomous W Du A Elmagarmid Y Leu and S Osterman Eects

of autonomyonmaintaining global serializability in heteroge

concurrency control mechanisms andor attached ob jects

neous distributed database systems in Proceedings of the sec

that represent data and functionality of autonomous and

ond International Conference on Data and Know ledge Systems

for Manufacturing and Engineering Octob er

heterogeneous LDBSs

A Wolski and J Veijalainen PC Agent metho d Achieving

The TakeATicket op eration can b e viewed as a func

serializability in presence of failures in a heterogeneousmulti

tion that returns the serialization order of a transaction in

database in Proceedings of PARBASE ConferenceFebru

ary

a LDBS If such a function is provided bytheinterfaces

KPEswaran JN Gray RA Lorie and IL Traiger The

of future DBMSs multidatabase transaction management

notions of consistency and predicate lo cks in a database system

metho ds that use tickets to enforce global serializabilitycan

Communications of ACMvol no Novemb er

PA Bernstein V Hadzilacos and N Go o dman Concurrency

substitute the ticket op erations by calls to DBMSprovided

Control and Recovery in Database Systems AddisonWesley

serialization order functions and continue to enforce global

serializability without any mo dication

Y Breitbart A Silb erschatz and G Thompson An up date

mechanism for multidatabase systems A quarterly bul letin of

the Computer Society of the IEEE technical committeeonData

Acknowledgments

Engineeringvol no Septemb er

C Pu Sup erdatabases for comp osition of heterogeneous

The idea to use tickets in multidatabase transaction

databases in IEEE Proceedings of the th International Con

management had emerged during a discussion with Gomer

ference on Data Engineering

Thomas We thank Yuri Breitbart for p ointing out an error

J Pons and J Vilarem Mixed concurrency control Dealing

with heterogeneity in distributed database systems in Proceed

in one of our denitions in an earlier version of this pap er

ings of the Fourteenth International VLDB Conference August

Piotr Krychniak has implemented some of the ticket meth

Los Angeles

o ds in real DBMSs and contributed to the discussion of

JN Gray The transaction concept Virtues and limitations

in Proceedings of the th International Conference on VLDB

implementation issues in App endix I We also thank Mark

Septemb er

Hornick and Ole Anndsen for their useful comments

H GarciaMolina and K Salem SAGAS in Proceedings of

ACM SIGMOD Conference on Management of Data

References

W Du and A Elmagarmid QSR A correctness criterion for

global concurrencycontrol in InterBase in Proceedings of the

W Litwin From database systems to multidatabase systems

th International ConferenceonVery Large Databases

Why and how in British National Conference on Databases

J Veijalainen F Eliassen and B Holtkamp The S

Cambridge Press

Transaction mo del in AdvancedTransaction Models for New

A Sheth and J Larson Federated databases Architectures

Applications A Elmagarmid Ed MorganKaufmann

and integration ACM Computer Surveys Septemb er To

M Rusinkiewicz A Elmagarmid Y Leu and W Litwin Ex

b e published

tending the transaction mo del to capture more meaning SIG

J Veijalainen Transaction Concepts in Autonomous Database

MOD recordvol no March

Environments R OLDENBOURG VERLAG

J N Gray Operating Systems AnAdvanced Course Lecture

H GarciaMolina and B Kogan No de autonomyindis

Notes in Computer Science SpringerVerlag

tributed systems in Proceedings of International Symposium

CJ Date A Guide to The SQL Standard AddisonWesley

on Databases in Paral lel and Distributed Systems December

Publishing Company

Generic RDA Editor Jo el S Berson Information Processing

A Elmagarmid W Du and W Kim Eects of lo cal autonomy

Systems Open Systems Interconnection Remote Database Ac

on heterogeneous distributed database systems Tech Rep TR

cess Part Generic Model Service and Protocol ISOIEC

ACT OODS EI Micro electronics and Computer Corp o

JTC SC WG ISO

ration Austin TX February

D Georgakopoulos Transaction Management in Multidatabase

Y Breitbart D Georgakop oulos M Rusinkiewicz and A Sil

Systems PhD thesis University of Houston Departmentof

b erschatz Rigorous scheduling in multidatabase systems in

Computer Science

Workshop in Multidatabases and Semantic Interoperability Oc

D Georgakop oulos Multidatabase recoverability and recov

tob er

ery in Proceedings of the First International Workshop on

Y Breitbart D Georgakop oulos M Rusinkiewicz and A Sil

Interoperability in Multidatabase Systems

b erschatz On rigorous transaction scheduling IEEE Trans

DJ Rosenkrantz RE Stearns and PM Lewis System level

actions on Software Engineeringvol no

concurrency control for distributed database systems ACM

F Manola S Heiler D Georgakop oulos M Hornick and

Transactions on Database Systemsvol no June

M Bro die Distributed ob ject management International

HT Kung and JT Robinson On optimistic metho ds for con

Journal of Intel ligent and Cooperative Information Systemsvol

currency control ACM TODSvol no June

no March

A Wolski and J Veijalainen Prepare and commit certication

VD Gligor and R Pop escuZeletin Concurrency control issues

for decentralized transaction management in rigorous heteroge

in distributed heterogeneous database management systems in

neous multidatabases in Proceedings of the th International

Distributed Data Sharing Systems FA Schreb er and W Litwin

Conference on Data EngineeringFebruary

Eds NorthHolland

D Georgakop oulos and M Rusinkiewicz Transaction manage

Y Breitbart and A Silb erschatz Multidatabase up date is

mentinmultidatabase systems Tech Rep UHCS De

sues in Proceedings of ACM SIGMOD International Confer

partment of Computer Science University of Houston Septem

ence on Management of Data June

ber

AK Elmagarmid and AA Helal Supp orting up dates in het

Y Breitbart A Silb erschatz and G Thompson Reliable

erogeneous distributed database systems in IEEE Proceedings

transaction managementina multidatabase system Tech Rep

of the th International Conference onDataEngineering

UniversityofKentucky

T Logan and A Sheth Concurrency control issues in heteroge

CU Orji L Lillien and J Hyziak A p erformance analy

neous distributed database management systems Unpublished

sis of an optimistic and a basic timestampordering concurrency

July

control algorithms for centralized database systems in IEEE

R Alonso H GarciaMolina and K Salem Concurrency con

Proceedings of the th International Conference on Data Engi

trol and recovery for global pro cedures in federated database

neering

systems A quarterly bul letin of the Computer Society of the

T F Bowen G Gopal G Herman T Hickey K C Lee WH IEEE technical committee on Data Engineeringvol no

Manseld J Raitz and A Weinrib The datacycletm archi Septemb er

GEORGAKOPOULOS RUSINKIEWICZ SHETH ENFORCING THE SERIALIZABILITY OF MULTIDATABASE TRANSACTIONS

Dimitrios Georgakop oulos received the

tecture Communications of ACMvol no December

BS degree in pure mathematics from Aristote

lio University of Thessaloniki Greece in

R Batra M Rusinkiewicz and D Georgakop oulos A de

and the MS and PhD degrees from the Uni

centralized deadlo ckfree concurrency control metho d for mul

versity of Houston Houston Texas in

tidatabase transactions in Proceedings of th International

and resp ectively He is currently a Senior

Conference on Distributed Computing Systems June

Member of Technical Sta in the Distributed

Yoav Raz Extended commitment ordering or guaranteeing

Ob ject Computing Department at GTE Labs

global serializabilityby applying commitment order selectively

where he sp ecializes in the areas of transaction

to global transactions Tech Rep DECTR Digital Equip

and workow pro cessing His researchinterests

ment Corp oration Novemb er

include distributed ob ject computing systems

Yoav Raz The commitment order co ordinator co co of a re

multidatabase systems interop erable systems Dr Georgakop oulos

source manager or architecture for distributed commitmentor

has received the IEEE Computer So ciety Outstanding Pap er Award

dering based concurrencycontrol Tech Rep DECTR

He is a memb er of the ACM and the IEEE Computer So ciety

Digital Equipment Corp oration Decemb er

Appendix

I Implementation Issues

Marek Rusinkiewicz Marek Rusinkiewicz is

Professor of Computer Science at the Uni

System interfaces of many real DBMSs are at the level

versity of Houston His researchinterests

of setoriented queries and up dates eg SQL QUEL

include heterogeneous database systems dis

Transactions are implemented in a highlevel programming

tributed computing systems query languages

and transaction pro cessing He has published

language that includes DBMS calls emb edded in the trans

numerous journal and conference pap ers and

action program Such calls are supp orted byanembed

has consulted for industry and governmentor

ganizations in these areas Rusinkiewicz is the ded language interface provided by the DBMS In this pa

program chairman for the IEEECS In

p er wehave mo deled global transactions their subtransac

ternational Conference on Data Engineering

tions and the lo cal transactions as collections of read and

write op erations Wehavechosen the readwrite transac

tion mo del to simplify the discussion of problems and cor

resp onding solutions in enforcing global serializabilityin

Amit Sheth Amit P Sheth has led pro jects

amultidatabase environment The use of the readwrite

on developing a heterogeneous distributed

database system integration of AI systems

mo del to describ e transaction management issues neither

with database systems and to ols for schema

limits the generality of the prop osed solutions nor makes

integration and view up date Currently Dr

it more dicult to apply them in a LDBS that supp orts

Sheth is working on management of trans

actional workows and interdep endent data

interfaces at the level of setoriented queries and up dates

as well as a developing a corp orate hetero

To supp ort this claim we illustrate the implementation of

geneous information managementenvironment

the ticket data ob ject in a relational DBMS that supp ort

CHIME He was the general chair of the st

Intl Conf on Parallel and Distributed Sys

only an SQL interface

tems PDIS and a program cochair of RIDEIMS Currently he

To a DBMS the MDBS app ears as a regular user To

is an ACM lecturer and the program cochair of the rd PDIS

create the ticket data ob ject the MDBS creates a relation

Dr Sheth is a memb er of IEEECS and ACM

that has only one row and a single integer column We

refer to this relation as the tick et r el ation and we refer to

the integer value stored in this relation as the tick et value

To create the ticket data ob ject the MDBS p erforms the

following commands

CREATE TABLE OWNERmdbs

TABLE NAMEticket table

COLUMN NAMEticket value DATATYPEinteger

REVOKE INSERT DELETE UPDATE SELECT

ON TABLE NAMEticket table

FROM ALL USERS

The last statement is required to prevent lo cal transactions

from accessing the ticket

To take tickets the MDBS augments each subtransaction

of a global transaction with the following statements that

read and increment the ticket value

table UPDATE ticket

SET ticket value ticket value