Recovery Guarantees for General Multi-Tier Applications

Database recovery does not mask failures to applications

and users. Recovery is needed that considers data,

messages, and application components. Special cases

have been studied, but clear principles for recovery

guarantees in general multi-tier applications such as

web-based e-services are missing. We develop a framework

for recovery guarantees that masks almost all

failures. The main concept is an interaction contract

between two components, a pledge as to message and

state persistence, and contract release. Contracts are

composed into system-wide agreements so that a set of

components is provably recoverable with exactly-once

message delivery and execution, except perhaps for

crash interrupted user input or output. Our implementation

techniques reduce logging cost, allow effective

log truncation, and provide independent recovery for

critical server components. Interaction contracts form

the basis for our Phoenix/COM project on persistent

components. Our framework’s utility is demonstrated

with a case study of a web-based e-service.

PDF file

In  ICDE Conference

Publisher  IEEE Computer Society
Copyright © 2007 IEEE. Reprinted from IEEE Computer Society. This material is posted here with permission of the IEEE. Internal or personal use of this material is permitted. However, permission to reprint/republish this material for advertising or promotional purposes or for creating new collective works for resale or redistribution must be obtained from the IEEE by writing to By choosing to view this document, you agree to all provisions of the copyright laws protecting it.


> Publications > Recovery Guarantees for General Multi-Tier Applications