1. Technical Field
The present invention relates to a method of removing uncommitted changes made to stored data by a database management system such as, for example, a transaction processing system, and in particular to a transaction processing system in which a copy is made of stored data prior to making changes to that stored data; failure of the system during the processing of a transaction, i.e. making changes to stored data, is dealt with such that integrity of the data is not lost.
2. Description of the Prior Art
A transaction in an on-line transaction processing system, such as for example the IBM (IBM is a registered trademark of International Business Machines Corporation) Customer Information Control System, CICS, is a change or a number of changes made to data held in storage in the transaction processing system. In order to ensure integrity of data a transaction must be "all-or-nothing", meaning that either the complete change to the data is made or none of the changes must be made. Usually the change or changes making up the transaction are made sequentially and upon completion of all the changes a signal is sent to the system to instruct the system to "commit" the changes.
Should the system fail or a transaction terminate abnormally before all changes making up the transaction have been made and committed, the system must remove or "backout" all those changes which have not been committed by the system in order to preserve data integrity. It does this by replacing the changed data with a copy of the original data (a "before-image") which it saved just before the transaction performed its changes, thus re-instating the original data, and removing the unwanted changes.
It is possible for backout processing to fail during the course of replacement of the uncommitted changes (i.e. a backout failure occurs), for example because the storage device on which the data containing the uncommitted changes has malfunctioned. Failure of the system to replace uncommitted changes to the data has previously meant that, in order to maintain integrity of the data, action was required of an operator to prevent further changes being made to the data. In previous transaction processing systems this was done by shutting down the whole system, correcting the problem, and then restarting the system as an "emergency restart"; the operator either had to shut down the system leading to disruption of transaction processing, or accept that some data contained uncommitted changes. Shutdown of the system may have an effect on any "warm standby" systems, where another transaction processing system is standing-by ready to take over processing should the main system fail in any way. The standby system performs an emergency restart when it takes over, and any backout performed during this emergency restart will immediately fail again.