What if transactions could write changes to the database before committing? This simple question opens the door to the Immediate Update technique—also known as UNDO/REDO—which represents the dominant approach in modern database management systems.

Unlike deferred update, which holds all modifications in memory until commit, immediate update allows the buffer manager to flush modified pages to disk at any time, even while transactions are still active. This flexibility solves the critical limitation of deferred update: transactions are no longer constrained by buffer pool size.

The Immediate Update technique relaxes the constraint imposed by deferred update:

Uncommitted data may be written to the stable database before a transaction commits.

This means that at any point during execution, the database on disk may contain a mixture of:

• Committed, persisted changes (normal, expected state)
• Uncommitted changes from active transactions (in-flight modificationss)
• Partial changes from transactions that will never commit (due to future abort or failure)

Why 'UNDO/REDO'?

The name describes the recovery operations required:

• UNDO: Changes from uncommitted transactions may be in the database and must be reversed
• REDO: Changes from committed transactions may NOT be in the database and must be reapplied

Both operations are necessary because we lose control over the relationship between transaction state and database state.

The Trade-off:

Immediate update trades recovery simplicity for operational flexibility. While deferred update offers a clean 'REDO-only' recovery, immediate update requires a more complex recovery procedure that must both undo incomplete work and redo lost committed work. This complexity is the price of supporting arbitrary transaction sizes and flexible memory management.

With uncommitted changes potentially on disk, we face a critical question: How do we ensure we can always undo them? The answer is Write-Ahead Logging (WAL)—the most important rule in database recovery.

The WAL Protocol:

Before any modification is written to the database, the corresponding log record must first be written to stable storage.

This rule has two components:

1. UNDO Rule (WAL for atomicity): Before writing a dirty page to disk, all log records for that page (containing before-images) must be on stable storage. This ensures we can undo any uncommitted change found in the database.

2. REDO Rule (WAL for durability): Before acknowledging a commit, all log records for the transaction (including the COMMIT record) must be on stable storage. This ensures we can redo any committed change not yet in the database.

Why WAL Works:

Consider what happens during recovery after a crash:

1. If an uncommitted change is in the database: The log contains the before-image (because of Rule 1). We can UNDO the change.

2. If a committed change is NOT in the database: The log contains the after-image (because of Rule 2). We can REDO the change.

WAL ensures that the log is always ahead of the database. The log contains everything we need to reconstruct any consistent state.

The Log Sequence Number (LSN):

LSNs are monotonically increasing identifiers assigned to each log record. Every database page also maintains a pageLSN indicating the most recent log record that modified it. This connection between pages and log records is essential for recovery:

• When flushing a page, we check: is the log flushed past this page's LSN?
• During REDO, we check: is this page already updated past this log record's LSN?

Under immediate update, log records must carry more information than in deferred update systems. Both UNDO and REDO operations require sufficient data to reconstruct or reverse any modification.

Essential Log Record Components:

• LSN (Log Sequence Number): Unique, monotonically increasing identifier
• Transaction ID: The transaction that generated this record
• Previous LSN: LSN of the previous log record for this transaction (enables transaction-specific processing)
• Record Type: START, WRITE, COMMIT, ABORT, CLR, etc.
• Page ID: For WRITE records, identifies the affected page
• Offset/Slot: Position within the page
• Before-Image: The original value (for UNDO)
• After-Image: The new value (for REDO)

Example Log Sequence:

Consider transaction T1 updating account A (balance: $500 → $400) and account B (balance: $200 → $300):

LSN=100: [START, T1]
LSN=101: [WRITE, T1, Page7, offset=24, before=500, after=400]  // A: 500→400
LSN=102: [WRITE, T1, Page12, offset=48, before=200, after=300] // B: 200→300
LSN=103: [COMMIT, T1]

Unlike deferred update, we record BOTH the before-image (500, 200) AND the after-image (400, 300). This allows:

• UNDO: If T1 must be rolled back, use before-images to restore original values
• REDO: If committed but changes lost, use after-images to reapply

The PrevLSN Chain:

Each log record includes a pointer to the previous log record for the same transaction. This creates per-transaction chains that simplify rollback:

LSN=100: [START, T1, prevLSN=null]
LSN=101: [WRITE, T1, ..., prevLSN=100]
LSN=102: [WRITE, T1, ..., prevLSN=101]
LSN=103: [COMMIT, T1, prevLSN=102]

To roll back T1, follow the chain backwards from the most recent record, undoing each WRITE.

The key advantage of immediate update is buffer management flexibility. The buffer manager can operate under a STEAL policy:

STEAL: The buffer manager may 'steal' a buffer frame by writing its dirty page to disk, even if the page contains modifications from uncommitted transactions.

This is the opposite of the NO-STEAL policy required by deferred update. With STEAL:

• The buffer pool is never 'blocked' by active transactions
• Any page can be evicted when memory is needed
• Transactions can modify more data than fits in memory
• The system gracefully handles memory pressure

FORCE vs NO-FORCE:

Orthogonal to STEAL/NO-STEAL is another policy choice:

• FORCE: All modified pages must be written to disk before commit completes
• NO-FORCE: Modified pages may remain in buffer after commit (written lazily)

Most modern systems use STEAL with NO-FORCE:

• STEAL enables unlimited transaction sizes
• NO-FORCE reduces commit latency (just force the log, not all data pages)

This combination (STEAL/NO-FORCE) requires both UNDO and REDO during recovery, which is exactly what immediate update provides.

Recovery in an immediate update system is more complex than deferred update because we must handle two distinct problems:

1. Uncommitted changes in the database: Must be undone
2. Committed changes NOT in the database: Must be redone

The classic recovery algorithm uses two passes:

Pass 1: REDO (Forward Scan)

Scan the log from the beginning (or last checkpoint) to the end, replaying ALL write operations regardless of whether the transaction committed. This restores the database to its exact pre-crash state, including uncommitted modifications.

Pass 2: UNDO (Backward Scan)

Scan the log backwards, undoing all modifications from transactions that didn't commit. This removes the effects of incomplete transactions.

Recovery Example:

Consider this log state at crash time:

LSN=100: [START, T1]
LSN=101: [WRITE, T1, A, before=500, after=400]
LSN=102: [COMMIT, T1]
LSN=103: [START, T2]
LSN=104: [WRITE, T2, B, before=200, after=300]
LSN=105: [START, T3]
LSN=106: [WRITE, T3, C, before=100, after=150]
LSN=107: [WRITE, T2, D, before=50, after=75]
LSN=108: [COMMIT, T3]
--- CRASH ---

Recovery Analysis:

REDO Phase (forward): Apply all writes (LSN 101, 104, 106, 107)

UNDO Phase (backward): Undo T2's writes in reverse order:

• Undo LSN 107: D restored to 50
• Undo LSN 104: B restored to 200

The basic UNDO/REDO algorithm can be optimized in several ways. Understanding these optimizations provides insight into how production systems achieve practical recovery times.

LSN-Based REDO Optimization:

Not every log record needs to be applied during REDO. If a page's pageLSN is greater than or equal to a log record's LSN, that modification is already present—the page was flushed after the modification occurred. We can skip the redo:

if page.pageLSN >= log_record.LSN:
    skip  // Already applied
else:
    apply_redo(log_record)  // Need to redo

This optimization is crucial because it means:

• Pages flushed shortly before the crash need minimal redo
• Hot pages that were updated frequently benefit most
• Clean pages (unmodified since last flush) are untouched

Checkpointing to Bound Recovery:

Without checkpoints, recovery must scan the entire log—potentially gigabytes or terabytes of data. Checkpoints create 'safe points' that limit how far back we need to look:

1. Record all active transactions
2. Record all dirty pages and their minimum LSN
3. Write a CHECKPOINT record

During recovery:

• Start REDO from the minimum recLSN of any dirty page at checkpoint time
• Only consider transactions active at or after the checkpoint

Parallel REDO:

Modern systems parallelize REDO by:

• Dividing the log into segments processed concurrently
• Partitioning pages across recovery threads
• Using page-level locking during recovery

UNDO Optimization:

UNDO is inherently serial for each transaction (must undo in reverse order), but:

• Multiple transactions can be undone in parallel
• Transactions with few modifications complete quickly
• Most transactions are short, limiting UNDO work

Before discussing recovery further, it's important to understand how immediate update handles transaction rollback during normal operation (not crash recovery). When a transaction explicitly aborts or must be rolled back due to conflicts, the system must undo its modifications.

The Rollback Process:

1. Follow the transaction's log chain backwards (using prevLSN pointers)
2. For each WRITE record encountered, apply the UNDO operation using the before-image
3. Write a CLR for each undone operation
4. Write an ABORT record to finalize

The CLRs serve two purposes:

• They record the rollback actions (for recovery if we crash mid-rollback)
• They point backwards, indicating how far we've undone

Why CLRs are Essential:

Consider what happens if the system crashes during a rollback:

1. Transaction T was being rolled back
2. Some WRITE records were undone, CLRs written
3. CRASH occurs
4. Recovery begins

Without CLRs, recovery would:

• REDO all of T's writes (restoring T's modifications)
• UNDO all of T's writes (since T never committed)
• But some writes were already undone before the crash!

With CLRs:

• REDO replays the CLRs, applying the undo operations
• UNDO sees that these operations are already compensated
• No double-undo occurs

The undoNextLSN Pointer:

Each CLR includes an undoNextLSN field pointing to the next log record that needs to be undone. This creates a 'skip chain' that allows UNDO to efficiently navigate past already-compensated operations.

The immediate update (UNDO/REDO) algorithm provides the flexibility needed by modern, general-purpose database systems. Let's consolidate the key concepts:

What's Next:

In the next page, we'll explore Shadow Paging—a fundamentally different approach to recovery that avoids logging entirely by maintaining shadow copies of modified pages. While elegant in concept, shadow paging has practical limitations that explain why logging-based approaches dominate.