Oracle Database 9i 10g 11g编程艺术:深入数据库体系结构


Oracle Database Architecture Companion eBook Available Expert SECOND EDITION 7.5 x 9.25 spine = 1.5625" 832 page count THE EXPERT’S VOICE ® IN ORACLE Expert Oracle Database Architecture Oracle Database 9 i , 10 g , and 11 g Programming Techniques and Solutions Thomas Kyte Forewords by Jonathan Lewis and Ken Jacobs (aka “Dr. DBA”) SECOND EDITION Kyte this print for content only—size & color not accurate   CYAN   MAGENTA   YELLOW   BLACK   PANTONE 123 C BOOKS FOR PROFESSIONALS BY PROFESSIONALS ® US $59.99 Shelve in: Databases/Oracle User level: Intermediate–Advanced www.apress.com SOURCE CODE ONLINE Companion eBook See last page for details on $10 eBook version ISBN 978-1-4302-2946-9 9 781 4 30 22 946 9 5 5 9 9 9 THE APRESS RO ADMAP Expert Orac le Database Architecture Oracle SQL Recipes Beginning Oracle PL/SQL Beginning Oracle SQL T roubleshooting Oracle Performance Pro ODP .NET for Oracle Database 11g Expert Oracle Database Architecture: Oracle Database 9 i , 10 g , and 11 g Programming Techniques and Solutions, Second Edition Dear Reader, Expert Oracle Database Architecture, 2nd Edition is a book that explores and defines the Oracle database. In this book I’ve selected what I consider to be the most important Oracle architecture features, and I teach them in a proof- by-example manner. You’ll learn what each feature is, how it works, how to implement software using it, and the common pitfalls associated with it. Most importantly, you’ll avoid the pitfall of treating Oracle Database as a black box . This second edition adds material reflecting the way that Oracle Database 11g Release 2 works, updates stories about implementation pitfalls, and discusses new capabilities in the database such as transparent column and tablespace encryption. You may be surprised at the number of changes from the first edi - tion. I was. Many times in preparing this edition I learned of changes in the way that Oracle Database works that I was not yet aware of. Expert Oracle Database Architecture, 2nd Edition is a reflection of what I do every day. The material covers topics and questions that I see people continually struggling with, and I cover these issues from a perspective of “When I use this, I do it this way.” This book is the culmination of many years’ experience using the Oracle database, in myriad situations. Ultimately, my goal in this book is to help DBAs and developers work together to build correct, high-performance, and scalable Oracle applications. Don’t treat Oracle Database as a black box. Take time to understand Oracle Database, and you will find that there are few information management prob - lems that you cannot solve quickly and easily. Tom Kyte Thomas Kyte, Author of Expert Oracle Database Architecture, First Edition Expert One-On-One TM Oracle Effective Oracle by Design Co-author of: Beginning Oracle Programming Praise for Expert Oracle Database Architecture: 9i and 10g Programming Techniques and Solutions “This book will help you make the best use of Oracle technology. Emulating Tom’s rational methodology, and demand for proof by example, will make you a far better technology thinker. Without question, this is one of the most important Oracle books you can possess.” —Ken Jacobs, (aka “Dr. DBA”) Vice President of Product Strategy (Server Technologies), Oracle Corporation “It’s an excellent book, full of plenty of deep insights about Oracle technology.” —Sean Hull, Heavyweight Internet Group (http://iheavy.com) Expert Oracle Database Architecture Oracle Database 9i, 10g, and 11g Programming Techniques and Solutions Second Edition ■ ■ ■ Thomas Kyte Expert Oracle Database Architecture: Oracle Database 9i, 10g, and 11g Programming Techniques and Solutions, Second Edition Copyright © 2010 by Thomas Kyte All rights reserved. No part of this work may be reproduced or transmitted in any form or by any means, electronic or mechanical, including photocopying, recording, or by any information storage or retrieval system, without the prior written permission of the copyright owner and the publisher. ISBN-13 (pbk): 978-1-4302-2946-9 ISBN-13 (electronic): 978-1-4302-2947-6 Printed and bound in the United States of America 9 8 7 6 5 4 3 2 1 Trademarked names, logos, and images may appear in this book. Rather than use a trademark symbol with every occurrence of a trademarked name, logo, or image we use the names, logos, and images only in an editorial fashion and to the benefit of the trademark owner, with no intention of infringement of the trademark. The use in this publication of trade names, trademarks, service marks, and similar terms, even if they are not identified as such, are not to be taken as an expression of opinion as to whether or not they are subject to proprietary rights. President and Publisher: Paul Manning Lead Editor: Jonathan Gennick Technical Reviewers: Christopher Beck, Melanie Caffrey, and Jason Straub Editorial Board: Clay Andres, Steve Anglin, Mark Beckner, Ewan Buckingham, Gary Cornell, Jonathan Gennick, Jonathan Hassell, Michelle Lowman, Matthew Moodie, Duncan Parkes, Jeffrey Pepper, Frank Pohlmann, Douglas Pundick, Ben Renow-Clarke, Dominic Shakeshaft, Matt Wade, Tom Welsh Coordinating Editor: Debra Kelly Copy Editors: Mary Behr and Sharon Terdeman Compositor: Mary Sudul Indexer: BIM Indexing and Proofreading Services Artist: April Milne Cover Designer: Anna Ishchenko Distributed to the book trade worldwide by Springer Science+Business Media, LLC., 233 Spring Street, 6th Floor, New York, NY 10013. Phone 1-800-SPRINGER, fax (201) 348-4505, e-mail orders-ny@springer-sbm.com, or visit www.springeronline.com. For information on translations, please e-mail rights@apress.com, or visit www.apress.com. Apress and friends of ED books may be purchased in bulk for academic, corporate, or promotional use. eBook versions and licenses are also available for most titles. For more information, reference our Special Bulk Sales–eBook Licensing web page at www.apress.com/info/bulksales. The information in this book is distributed on an “as is” basis, without warranty. Although every precaution has been taken in the preparation of this work, neither the author(s) nor Apress shall have any liability to any person or entity with respect to any loss or damage caused or alleged to be caused directly or indirectly by the information contained in this work. The source code for this book is available to readers at www.apress.com. v Contents at a Glance ■ Chapter 1: Developing Successful Oracle Applications .......................................1 ■ Chapter 2: Architecture Overview......................................................................51 ■ Chapter 3: Files..................................................................................................67 ■ Chapter 4: Memory Structures.........................................................................121 ■ Chapter 5: Oracle Processes............................................................................165 ■ Chapter 6: Locking and Latching .....................................................................195 ■ Chapter 7: Concurrency and Multi-versioning.................................................243 ■ Chapter 8: Transactions...................................................................................267 ■ Chapter 9: Redo and Undo................................................................................299 ■ Chapter 10: Database Tables ...........................................................................345 ■ Chapter 11: Indexes .........................................................................................425 ■ Chapter 12: Datatypes......................................................................................493 ■ Chapter 13: Partitioning...................................................................................557 ■ Chapter 14: Parallel Execution.........................................................................621 ■ Chapter 15: Data Loading and Unloading.........................................................657 ■ Chapter 16: Data Encryption ............................................................................709 Index.....................................................................................................................751 ■ CONTENTS vi Contents Contents at a Glance.................................................................................................v Foreword .............................................................................................................xviii Foreword from the First Edition ............................................................................xix About the Author ..................................................................................................xxii About the Technical Reviewers ...........................................................................xxiii Acknowledgments ............................................................................................... xxiv Introduction.......................................................................................................... xxv Setting Up Your Environment ............................................................................. xxxii ■ Chapter 1: Developing Successful Oracle Applications .......................................1 My Approach....................................................................................................................2 The Black Box Approach..................................................................................................3 How (and How Not) to Develop Database Applications .................................................11 Understanding Oracle Architecture ......................................................................................................12 Understanding Concurrency Control.....................................................................................................21 Multi-Versioning ...................................................................................................................................25 Database Independence? .....................................................................................................................32 How Do I Make It Run Faster? ..............................................................................................................46 The DBA-Developer Relationship..........................................................................................................48 Summary .......................................................................................................................49 ■ CONTENTS vii ■ Chapter 2: Architecture Overview......................................................................51 Defining Database and Instance....................................................................................52 The SGA and Background Processes....................................................................................................58 Connecting to Oracle .....................................................................................................60 Dedicated Server ..................................................................................................................................60 Shared Server.......................................................................................................................................62 Mechanics of Connecting over TCP/IP..................................................................................................63 Summary .......................................................................................................................66 ■ Chapter 3: Files..................................................................................................67 Parameter Files..............................................................................................................68 What Are Parameters?..........................................................................................................................69 Legacy init.ora Parameter Files............................................................................................................73 Server Parameter Files (SPFILEs) ..................................................................................74 Converting to SPFILEs ..........................................................................................................................75 Trace Files .....................................................................................................................82 Requested Trace Files ..........................................................................................................................83 Trace Files Generated in Response to Internal Errors ..........................................................................88 Trace File Wrap-up ...............................................................................................................................93 Alert File ........................................................................................................................93 Data Files.......................................................................................................................96 A Brief Review of File System Mechanisms .........................................................................................96 The Storage Hierarchy in an Oracle Database......................................................................................97 Dictionary-Managed and Locally-Managed Tablespaces...................................................................101 Temp Files ...................................................................................................................103 Control Files.................................................................................................................105 Redo Log Files .............................................................................................................105 Online Redo Log..................................................................................................................................106 Archived Redo Log..............................................................................................................................108 Password Files.............................................................................................................109 ■ CONTENTS viii Change Tracking File...................................................................................................113 Flashback Logs............................................................................................................114 Flashback Database ...........................................................................................................................114 Flash Recovery Area...........................................................................................................................115 DMP Files (EXP/IMP Files)............................................................................................116 Data Pump Files...........................................................................................................117 Flat Files ......................................................................................................................120 Summary .....................................................................................................................120 ■ Chapter 4: Memory Structures.........................................................................121 The Process Global Area and User Global Area ...........................................................122 Manual PGA Memory Management ....................................................................................................123 Automatic PGA Memory Management................................................................................................129 Choosing Between Manual and Auto Memory Management..............................................................140 PGA and UGA Wrap-up........................................................................................................................142 The System Global Area...............................................................................................142 Fixed SGA ...........................................................................................................................................148 Redo Buffer.........................................................................................................................................148 Block Buffer Cache.............................................................................................................................149 Shared Pool ........................................................................................................................................156 Large Pool...........................................................................................................................................159 Java Pool ............................................................................................................................................160 Streams Pool ......................................................................................................................................160 Automatic SGA Memory Management................................................................................................161 Automatic Memory Management .......................................................................................................162 Summary .....................................................................................................................164 ■ Chapter 5: Oracle Processes............................................................................165 Server Processes.........................................................................................................166 Dedicated Server Connections ...........................................................................................................166 Shared Server Connections ................................................................................................................169 ■ CONTENTS ix Database Resident Connection Pooling (DRCP)..................................................................................170 Connections vs. Sessions...................................................................................................................170 Dedicated Server vs. Shared Server vs. DRCP ...................................................................................176 Dedicated/Shared Server Wrap-up.....................................................................................................179 Background Processes ................................................................................................180 Focused Background Processes.........................................................................................................181 Utility Background Processes.............................................................................................................190 Slave Processes...........................................................................................................193 I/O Slaves............................................................................................................................................193 Pnnn: Parallel Query Execution Servers .............................................................................................193 Summary .....................................................................................................................194 ■ Chapter 6: Locking and Latching .....................................................................195 What Are Locks?..........................................................................................................195 Locking Issues.............................................................................................................198 Lost Updates.......................................................................................................................................198 Pessimistic Locking............................................................................................................................199 Optimistic Locking..............................................................................................................................201 Optimistic or Pessimistic Locking?.....................................................................................................207 Blocking..............................................................................................................................................208 Deadlocks...........................................................................................................................................211 Lock Escalation...................................................................................................................................215 Lock Types...................................................................................................................216 DML Locks..........................................................................................................................................216 DDL Locks...........................................................................................................................................225 Latches...............................................................................................................................................230 Mutexes..............................................................................................................................................240 Manual Locking and User-Defined Locks...........................................................................................240 Summary .....................................................................................................................241 ■ CONTENTS x ■ Chapter 7: Concurrency and Multi-versioning.................................................243 What Are Concurrency Controls?.................................................................................243 Transaction Isolation Levels ........................................................................................244 READ UNCOMMITTED..........................................................................................................................246 READ COMMITTED ..............................................................................................................................248 REPEATABLE READ .............................................................................................................................249 SERIALIZABLE .....................................................................................................................................252 READ ONLY .........................................................................................................................................254 Implications of Multi-version Read Consistency..........................................................255 A Common Data Warehousing Technique That Fails..........................................................................255 An Explanation for Higher Than Expected I/O on Hot Tables ..............................................................256 Write Consistency........................................................................................................259 Consistent Reads and Current Reads .................................................................................................259 Seeing a Restart .................................................................................................................................262 Why Is a Restart Important to Us?......................................................................................................264 Summary .....................................................................................................................265 ■ Chapter 8: Transactions...................................................................................267 Transaction Control Statements ..................................................................................267 Atomicity......................................................................................................................269 Statement-Level Atomicity .................................................................................................................269 Procedure-Level Atomicity .................................................................................................................271 Transaction-Level Atomicity...............................................................................................................275 DDL and Atomicity ..............................................................................................................................275 Durability .....................................................................................................................275 WRITE Extensions to COMMIT.............................................................................................................276 COMMITS in a Non-Distributed PL/SQL Block ....................................................................................277 Integrity Constraints and Transactions........................................................................279 IMMEDIATE Constraints ......................................................................................................................279 DEFERRABLE Constraints and Cascading Updates.............................................................................280 ■ CONTENTS xi Bad Transaction Habits................................................................................................284 Committing in a Loop .........................................................................................................................284 Using Autocommit ..............................................................................................................................290 Distributed Transactions..............................................................................................291 Autonomous Transactions ...........................................................................................293 How Autonomous Transactions Work.................................................................................................293 When to Use Autonomous Transactions.............................................................................................295 Summary .....................................................................................................................298 ■ Chapter 9: Redo and Undo................................................................................299 What Is Redo?..............................................................................................................300 What Is Undo?..............................................................................................................300 How Redo and Undo Work Together............................................................................304 Example INSERT-UPDATE-DELETE Scenario ......................................................................................304 Commit and Rollback Processing ................................................................................308 What Does a COMMIT Do?..................................................................................................................308 What Does a ROLLBACK Do? ..............................................................................................................315 Investigating Redo .......................................................................................................316 Measuring Redo..................................................................................................................................316 Can I Turn Off Redo Log Generation? .................................................................................................318 Why Can’t I Allocate a New Log?........................................................................................................321 Block Cleanout....................................................................................................................................323 Log Contention....................................................................................................................................326 Temporary Tables and Redo/Undo .....................................................................................................328 Investigating Undo.......................................................................................................332 What Generates the Most and Least Undo? .......................................................................................332 ORA-01555: snapshot too old Error....................................................................................................334 Summary .....................................................................................................................344 ■ CONTENTS xii ■ Chapter 10: Database Tables ...........................................................................345 Types of Tables............................................................................................................345 Terminology.................................................................................................................347 Segment .............................................................................................................................................347 Segment Space Management ............................................................................................................350 High-water Mark ................................................................................................................................350 FREELISTS ..........................................................................................................................................352 PCTFREE and PCTUSED ......................................................................................................................356 LOGGING and NOLOGGING ..................................................................................................................359 INITRANS and MAXTRANS ..................................................................................................................359 Heap Organized Tables................................................................................................359 Index Organized Tables ...............................................................................................363 Index Organized Tables Wrap-up .......................................................................................................378 Index Clustered Tables ................................................................................................378 Index Clustered Tables Wrap-up ........................................................................................................386 Hash Clustered Tables.................................................................................................386 Hash Clustered Tables Wrap-up.........................................................................................................394 Sorted Hash Clustered Tables .....................................................................................395 Nested Tables..............................................................................................................397 Nested Tables Syntax.........................................................................................................................398 Nested Table Storage .........................................................................................................................405 Nested Tables Wrap-up......................................................................................................................408 Temporary Tables........................................................................................................409 Temporary Tables Wrap-up................................................................................................................415 Object Tables...............................................................................................................416 Object Tables Wrap-up.......................................................................................................................423 Summary .....................................................................................................................423 ■ CONTENTS xiii ■ Chapter 11: Indexes .........................................................................................425 An Overview of Oracle Indexes....................................................................................425 B*Tree Indexes ............................................................................................................427 Index Key Compression ......................................................................................................................430 Reverse Key Indexes ..........................................................................................................................433 Descending Indexes ...........................................................................................................................439 When Should You Use a B*Tree Index? ..............................................................................................441 B*Trees Wrap-up ................................................................................................................................452 Bitmap Indexes............................................................................................................452 When Should You Use a Bitmap Index?..............................................................................................453 Bitmap Join Indexes ...........................................................................................................................457 Bitmap Indexes Wrap-up....................................................................................................................459 Function-Based Indexes ..............................................................................................460 Important Implementation Details ......................................................................................................460 A Simple Function-Based Index Example...........................................................................................461 Indexing Only Some of the Rows........................................................................................................470 Implementing Selective Uniqueness ..................................................................................................472 Caveat Regarding ORA-01743 ............................................................................................................472 Function-Based Indexes Wrap-up ......................................................................................................473 Application Domain Indexes ........................................................................................474 Frequently Asked Questions and Myths About Indexes...............................................475 Do Indexes Work on Views? ...............................................................................................................475 Do Nulls and Indexes Work Together?................................................................................................475 Should Foreign Keys Be Indexed? ......................................................................................................477 Why Isn’t My Index Getting Used? ......................................................................................................479 Myth: Space Is Never Reused in an Index ..........................................................................................485 Myth: Most Discriminating Elements Should Be First ........................................................................488 Summary .....................................................................................................................491 ■ CONTENTS xiv ■ Chapter 12: Datatypes......................................................................................493 An Overview of Oracle Datatypes ................................................................................493 Character and Binary String Types..............................................................................496 NLS Overview .....................................................................................................................................496 Character Strings................................................................................................................................499 Binary Strings: RAW Types ..........................................................................................506 Number Types..............................................................................................................508 NUMBER Type Syntax and Usage .......................................................................................................510 BINARY_FLOAT/BINARY_DOUBLE Type Syntax and Usage.................................................................513 Non-native Number Types..................................................................................................................514 Performance Considerations ..............................................................................................................514 Long Types ..................................................................................................................516 Restrictions on LONG and LONG RAW Types ......................................................................................516 Coping with Legacy LONG Types........................................................................................................518 Dates, Timestamps, and Interval Types.......................................................................523 Formats ..............................................................................................................................................523 DATE Type ..........................................................................................................................................525 TIMESTAMP Type................................................................................................................................531 INTERVAL Type ...................................................................................................................................538 LOB Types....................................................................................................................541 Internal LOBs ......................................................................................................................................541 BFILEs.................................................................................................................................................552 ROWID/UROWID Types.................................................................................................554 Summary .....................................................................................................................555 ■ Chapter 13: Partitioning...................................................................................557 Partitioning Overview ..................................................................................................557 Increased Availability .........................................................................................................................558 Reduced Administrative Burden.........................................................................................................560 Enhanced Statement Performance.....................................................................................................564 ■ CONTENTS xv Table Partitioning Schemes.........................................................................................566 Range Partitioning ..............................................................................................................................567 Hash Partitioning ................................................................................................................................569 List Partitioning ..................................................................................................................................574 Interval Partitioning ............................................................................................................................575 Reference Partitioning........................................................................................................................581 Composite Partitioning .......................................................................................................................586 Row Movement...................................................................................................................................588 Table Partitioning Schemes Wrap-up.................................................................................................590 Partitioning Indexes.....................................................................................................591 Local Indexes vs. Global Indexes........................................................................................................592 Local Indexes......................................................................................................................................593 Global Indexes ....................................................................................................................................599 Partitioning and Performance, Revisited .....................................................................612 Auditing and Segment Space Compression.................................................................618 Summary .....................................................................................................................619 ■ Chapter 14: Parallel Execution.........................................................................621 When to Use Parallel Execution ...................................................................................622 A Parallel Processing Analogy ............................................................................................................623 Oracle Exadata.............................................................................................................624 Parallel Query ..............................................................................................................624 Parallel DML.................................................................................................................630 Parallel DDL .................................................................................................................633 Parallel DDL and Data Loading Using External Tables........................................................................634 Parallel DDL and Extent Trimming......................................................................................................636 Parallel Recovery.........................................................................................................645 Procedural Parallelism.................................................................................................645 Parallel Pipelined Functions ...............................................................................................................646 Do-It-Yourself Parallelism ..................................................................................................................649 ■ CONTENTS xvi Old School Do-It-Yourself Parallelism ................................................................................................652 Summary .....................................................................................................................656 ■ Chapter 15: Data Loading and Unloading.........................................................657 SQL*Loader..................................................................................................................657 Loading Data with SQLLDR FAQs........................................................................................................661 SQLLDR Caveats .................................................................................................................................686 SQLLDR Summary ..............................................................................................................................686 External Tables ............................................................................................................686 Setting Up External Tables .................................................................................................................687 Dealing with Errors.............................................................................................................................693 Using an External Table to Load Different Files..................................................................................696 Multiuser Issues .................................................................................................................................696 External Tables Summary...................................................................................................................697 Flat File Unload............................................................................................................698 Data Pump Unload .......................................................................................................706 Summary .....................................................................................................................708 ■ Chapter 16: Data Encryption ............................................................................709 Types of Encryption .....................................................................................................709 Data in Motion ....................................................................................................................................709 Data at Rest........................................................................................................................................710 Manual Application Encryption...........................................................................................................713 The Oracle Wallet ...............................................................................................................................714 Transparent Column Level Encryption................................................................................................717 Transparent Tablespace Encryption ...................................................................................................719 What Encryption Is Not About ......................................................................................722 Implementing Manual Application Encryption .............................................................723 Reasons to Avoid the Manual Approach.............................................................................................723 Performance Implications of the Manual Approach ...........................................................................724 When to Use the Manual Approach ....................................................................................................729 ■ CONTENTS xvii Implementing Column Level Encryption ......................................................................729 How to Use Column Encryption ..........................................................................................................729 Data Storage with Column Encryption................................................................................................730 Measuring the Performance Impact of Column Encryption................................................................734 Influences on the Magnitude..............................................................................................................734 Limitations of Column Encryption.......................................................................................................740 Implementing Tablespace Encryption..........................................................................741 How to Use Tablespace Encryption ....................................................................................................741 Data Storage with Tablespace Encryption..........................................................................................741 Measuring the Performance Impact of Tablespace Encryption..........................................................743 Deciding on an Encryption Technique .........................................................................748 Summary .....................................................................................................................749 Index.....................................................................................................................751 ■ FOREWORD FROM THE FIRST EDITION xviii Foreword I first met the Oracle RDBMS some time in 1988, or possibly 1987, when my manager dumped a small box on my desk and said something like: “There’s this new product called Oracle just coming into the country. Play around with it for a few weeks and then tell us what it’s good for.” The version was something like 5.0.22, and in those days it was a lot easier getting started with Oracle. The entire printed manual set—including Forms 2.0, SQL*Report, and everything else—would fit into a small briefcase and the documentation for the create table statement ran to about three pages. If you check the PDF file for the 11.2 SQL reference manual, you’ll find that create table currently starts at page 16-6 and runs on to page 16-79 for a total of 74 pages. The last time I checked the total page count was for 9i, and that was more than 20,000 pages—and I doubt if the number has dropped in 10g and 11g. With three (fairly slim) manuals for 5.0.22, it didn’t take me very long to learn about everything that Oracle was supposed to do and how to do it efficiently. There weren’t many options, so there weren’t many ways to do things wrong. But how do you get started today when the core of Oracle is hidden under a huge mass of options and features? Worse, the details you really need to understand are covered by a mountain of information that is nice to have, but not critical to getting started. The answer is simple. Step 1: Read the concepts manual so you have an idea of what it’s all about. Step 2: Read Tom Kyte’s book so that you can follow a rational progression of learning and experimenting that leads you from your first “select ‘hello world’ from dual” to the day when you can confidently say things like “we should use a range partitioned IOT with these columns in the overflow for this table because … .” Tom combines three things in this book: a conversational style that makes it easier to read about technical details and understand the “why” behind the “how”; a structured “storyline” so that you see the text building towards a target rather than scattering a disjointed collection of random tips; and an array of carefully constructed demonstrations that teach you how things work and how you should work and think. Consider just one example, indexing. There are many types of indexes, so we need a brief introduction to separate the different types. It’s good to have an idea of how B-tree indexes (for example) actually work so that we can understand their strengths and weaknesses. Then we can move on to the idea of function-based indexes—indexes on “data that don’t really exist.” This gets us to the point of understanding what Oracle can do, but we can (and do) go further with what we can do with Oracle. So we see how we can put the pieces together to create an index that guarantees uniqueness across subsets of the data, we see how we can—on a huge data set—create a tiny, low-maintenance index that identifies exactly the data that we really want to access and minimizes the risk of the optimizer producing a silly execution plan. In principle, it’s all in the manuals, but only if we have the insight to take the naked descriptions of the available commands and see how we can use them to construct solutions to real problems. Tom Kyte supplies that insight, and then encourages you to go further in developing your own insights. Frankly, if every DBA and developer in the world were made to work carefully through Tom Kyte’s book, I’d probably have to start offering consultancy services to SQL Server users because the number of clients needing Oracle consultancy would drop dramatically. Jonathan Lewis ■ FOREWORD FROM THE FIRST EDITION xix Foreword from the First Edition “THINK.” In 1914, Thomas J. Watson, Sr. joined the company that was to become IBM, and he brought with him this simple one-word motto. It was an exhortation to all IBM employees, no matter their role, to take care in decision-making and do their jobs with intelligence. “THINK” soon became an icon, appearing on publications, calendars, and plaques in the offices of many IT and business managers within and outside IBM, and even in The New Yorker magazine cartoons. “THINK” was a good idea in 1914, and it is a good idea now. “Think different.” More recently, Apple Computer used this slogan in a long-running advertising campaign to revitalize the company’s brand, and even more important, to revolutionize how people think of technology in their daily lives. Instead of saying “think differently,” suggesting how to think, Apple’s slogan used the word “different” as the object of the verb “think,” suggesting what to think (as in, “think big”). The advertising campaign emphasized creativity and creative people, with the implication that Apple’s computers uniquely enable innovative solutions and artistic achievements. When I joined Oracle Corporation (then Relational Software Incorporated) back in 1981, database systems incorporating the relational model were a new, emerging technology. Developers, programmers, and a growing group of database administrators were learning the discipline of database design using the methodology of normalization. The then unfamiliar, nonprocedural SQL language impressed people with its power to manipulate data in ways that previously took painstaking procedural programming. There was a lot to think about back then—and there still is. These new technologies challenged people not only to learn new ideas and approaches, but also to think in new ways. Those who did, and those who do, were and are the most successful in creating innovative, effective solutions to business problems using database technology to its best advantage. Consider the SQL database language that was first introduced commercially by Oracle. SQL permits application designers to manipulate sets of rows with a nonprocedural (or “declarative”) language, rather than writing iterative loops in conventional languages that process records one at a time. When I was first introduced to SQL, I found it required me to “think at 45 degrees” to figure out how to use set processing operations like joins and subqueries to achieve the result I wanted. Not only was the idea of set processing new to most people, but so also was the idea of a nonprocedural language, where you specified the result you wanted, not how to derive it. This new technology really did require me to “think differently” and also gave me an opportunity to “think different.” Set processing is far more efficient than one-at-a-time processing, so applications that fully exploit SQL in this way perform much better than those that do not. Yet, it is surprising how often applications deliver suboptimal performance. In fact, in most cases, it is application design—rather than Oracle parameter settings or other configuration choices—that most directly determines overall performance. Thus, application developers must learn not only details about database features and programming interfaces, but also new ways to think about and use these features and interfaces in their applications. Much conventional wisdom exists in the Oracle community about how to tune the system for best performance or the best way to use various Oracle features. Such wisdom sometimes becomes folklore or even mythology, with developers and database administrators adopting these ideas uncritically or extending these ideas without reasoning about them. One example is the idea that “if one is good, more—lots more—is better.” This idea is popular, but only rarely true. Take Oracle’s array interface, for example, which allows the developer to insert or retrieve multiple rows in a single system call. Clearly, reducing the number of network messages ■ FOREWORD FROM THE FIRST EDITION xx between the application and the database is a good thing. But, if you think about it, there is a point of diminishing returns. While fetching 100 rows at once is far better than one at a time, fetching 1,000 rows at once is generally not really any more efficient overall, especially when you consider memory requirements. Another example of uncritical thinking is to focus on the wrong aspects of system design or configuration, rather than those most likely to improve performance (or, for that matter, reliability, availability, or security). Consider the conventional wisdom of tuning the system to maximize the buffer hit ratio. For some applications, it’s true that maximizing the chance that required data is in memory will maximize performance. However, for most applications it’s better to focus attention on performance bottlenecks (what we call “wait states”) than it is to focus on specific system-level metrics. Eliminate those aspects of the application design that are causing delays, and you’ll get the best performance. I’ve found that breaking down a problem into smaller parts and solving each part separately is a great way to think about application design. In this way, you can often find elegant and creative uses of SQL to address application requirements. Often, it is possible to do things in a single SQL statement that at first seem to require complex procedural programming. When you can leverage the power of SQL to process sets of rows at a time, perhaps in parallel, not only are you more productive as an application developer, but the application runs faster as well! Sometimes, best practices that were based, even in part, on some degree of truth become no longer applicable as the facts change. Consider the old adage, “Put indexes and data in separate tablespaces for best performance.” I’ve often seen database administrators express strong opinions over the merits of this idea, without taking into account changes in disk speeds and capacities over time, or the specifics of given workloads. In evaluating this particular “rule,” you should think about the fact that the Oracle database caches frequently and recently used database blocks (often blocks belonging to an index) in memory, and the fact that it uses index and data blocks sequentially, not simultaneously, for any given request. The implication is that I/O operations for both index and data really should be spread across all simultaneous users, and across as many disk drives as you have. You might choose to separate index and data blocks for administrative reasons or for personal preference, but not for performance. (Tom Kyte provides valuable insights on this topic on the Ask Tom web site, http://asktom.oracle.com, where you can search for articles on “index data tablespace.”) The lesson here is to base your decisions on facts, and a complete set of current facts at that. No matter how fast our computers are or how sophisticated the database becomes, and regardless of the power of our programming tools, there simply is no substitute for human intelligence coupled with a “thinking discipline.” So, while it’s important to learn the intricacies of the technologies we use in our applications, it’s even more important to know how to think about using them appropriately. Tom Kyte is one of the most intelligent people I know, and one of the most knowledgeable about the Oracle database, SQL, performance tuning, and application design. I’m pretty sure Tom is an aficionado of the “THINK” and “Think different” slogans. Tom also quite obviously believes in that anonymous saying, “Give a man a fish and you feed him for a day. Teach a man to fish and you feed him for a lifetime.” Tom enjoys sharing his knowledge about Oracle, to the great benefit of our community, but rather than simply dispensing answers to questions, he helps others learn to think and reason. On his web site (http://asktom.oracle.com), in his public speaking engagements, and in this book, Tom implicitly challenges people to “think differently” too, as they design database applications with the Oracle database. He rejects conventional wisdom and speculation, instead insisting on relying on facts proven through examples. Tom takes a very pragmatic and simple approach to problem solving, and by following his advice and methodology, you can be more productive and develop better, faster applications. Not only will Tom’s book teach you about features of Oracle and how to use them, but it also reflects many of these simple thoughts: • Don’t believe in myths. Reason for yourself. • Don’t follow conventional wisdom. Often the things everybody knows are simply wrong! • Don’t trust rumors or opinions. Test things for yourself and base decisions on proven examples. ■ FOREWORD FROM THE FIRST EDITION xxi • Break apart a problem into simpler questions, and assemble the answers to each step into an elegant, efficient solution. • Don’t do things in your programs when the database can do them better and faster. • Understand the differences between the ideal and the real. • Ask questions about and be skeptical of unjustified company policies for technical standards. • Consider the big picture of what’s best overall for the requirements at hand. • Take the time to THINK. Tom encourages you to treat Oracle as much more than a black box. Instead of you just putting data into and taking data out of Oracle, Tom will help you understand how Oracle works and how to exploit its power. By learning how to apply Oracle technology creatively and thoughtfully, you will be able to solve most application design problems quickly and elegantly. As you read and enjoy this book, I know you’ll learn a lot of new facts about Oracle database technology and important concepts about application design. As you do, I’m confident that you’ll also start to “think differently” about the challenges you face. IBM’s Watson once said, “Thought has been the father of every advance since time began. ‘I didn’t think’ has cost the world millions of dollars.” This is a thought with which both Tom and I agree. Armed with the knowledge and techniques you’ll learn in this book, I hope you’ll be able to save the world (or at least your enterprise) millions of dollars, and enjoy the satisfaction of a job well done. Ken Jacobs aka “Dr. DBA” ■ FOREWORD FROM THE FIRST EDITION xxii About the Author ■ I am Tom Kyte. I have been working for Oracle since version 7.0.9 (that’s 1993 for people who don’t mark time by Oracle versions). However, I’ve been working with Oracle since about version 5.1.5c (the $99 single-user version for DOS on 360KB floppy disks). Before coming to work at Oracle, I worked for more than six years as a systems integrator, building large-scale, heterogeneous databases and applications, mostly for military and government customers. These days, I spend a great deal of my time working with the Oracle database and, more specifically, helping people who are using the Oracle database. I work directly with customers, either in specifying and building their systems or, more frequently, in helping them rebuild or tune them (“tuning” frequently being a synonym for rebuilding). In addition, I am the Tom behind the “Ask Tom” column in Oracle Magazine, where I answer people’s questions about the Oracle database and tools. On a typical day, I receive and answer dozens of questions at http://asktom.oracle.com. Every two months, I publish a “best of” in the magazine (all of the questions asked are available on the Web, stored in an Oracle database, of course). Additionally, I give technical seminars covering much of the material you’ll find in this book. Basically, I spend a lot of my time helping people be successful with the Oracle database. Oh yes, in my spare time, I build applications and develop software within Oracle Corporation itself. This book is a reflection of what I do every day. The material within covers topics and questions that I see people struggling with every day. These issues are covered from a perspective of “When I use this, I do it this way.” It is the culmination of many years of experience using the product in myriad situations. ■ FOREWORD FROM THE FIRST EDITION xxiii About the Technical Reviewers ■ Christopher Beck has a degree in computer science from Rutgers University and has been working with multiple DBMSs for more than 19 years. He has spent the last 15 years as an Oracle employee where he is currently a Principal Technologist focusing on core database technologies. He is a co-inventor of two US Patents on software methodologies, which were the basis for what is now known as Oracle Application Express. Chris has reviewed other Oracle books including Tom’s first book, Expert One-On-One, and is himself the co- author of two books, Beginning Oracle Programming and Mastering Oracle PL/SQL. He resides in Northern Virginia with his wife, Marta, and four children, and when not spending time with them, can usually be found wasting time playing video games or watching Series A football. ■ Melanie Caffrey is a senior development manager for Oracle Corporation, providing front-end and back-end Oracle solutions for the business needs of various clients. She is co-author of several technical publications including Expert Oracle Practices: Oracle Database Administration from the Oak Table published by Apress, as well as Oracle Web Application Programming for PL/SQL Developers, The Oracle DBA Interactive Workbook, and Oracle Database Administration: The Complete Video Course, all published by Prentice Hall. She instructed students in Columbia University’s Computer Technology and Applications program in New York City, teaching advanced Oracle database administration and PL/SQL development. She is also a frequent Oracle conference speaker. ■ Jason Straub has a bachelor's degree in mathematics and has been applying it to the computer science field for the past 15 years developing database driven Web applications. Jason is on his second tour at Oracle Corporation and worked for Microsoft Corporation in between. He has been developing Oracle database applications since version 8.0.6 and has worked with Microsoft's SQL Server since version 2000. Currently Jason is a principal developer for Oracle Corporation working on a Web development tool that is growing in popularity called Oracle Application Express. Jason's primary focus is integration features of Oracle Application Express, building support of Web services into the product. He is the author of several white papers available on the Oracle Technology Network and frequent presenter at various Oracle technology conferences such as ODTUG Kaleidoscope, RMOUG, and Oracle Open World. ■ INTRODUCTION xxiv Acknowledgments I would like to thank many people for helping me complete this book. First, I would like to thank you, the reader of this book. There is a high probability that if you are reading this book, you have participated in my site http://asktom.oracle.com/ in some fashion, perhaps by asking a question or two. It is that act—the act of asking questions, and of questioning the answers— that provides me with the material for the book and the knowledge behind the material. Without the questions, I would not be as knowledgeable about the Oracle database as I am. So, it is you who ultimately makes this book possible. I would like to thank Tony Davis for his previous work making my work read well. If you enjoy the flow of the sections, the number of section breaks, and the clarity, then that is in some part due to him. I have worked with Tony writing technical material since the year 2000 and have watched his knowledge of Oracle grow over that time. He now has the ability to not only edit the material, but in many cases tech edit it as well. Many of the examples in this book are there because of him (pointing out that the casual reader was not going to “get it” without them). Tony did not edit the second edition of this book, but the contents rely heavily on the first edition. This book would not be what it is without him. Without a technical review team of the caliber I had during the writing of this book and the previous edition, I would be nervous about the content. The first edition had Jonathan Lewis, Roderick Manalac, Michael Möller, and Gabe Romanescu as technical reviewers. They spent many hours poring over the material and verifying it was technically accurate as well as useful in the real world. This second edition had a team of similar caliber: Melanie Caffrey, Christopher Beck, and Jason Straub. I firmly believe a technical book should be judged not only by who wrote it, but also by who reviewed it. Given these seven people, I feel confident in the material. At Oracle, I work with the best and brightest people I have ever known, and they all have contributed in one way or another. I would like to thank Ken Jacobs in particular for his support and enthusiasm over the years. Ken is unfortunately (for us) no longer with Oracle Corporation, but his impact will long be felt. Lastly, but most important, I would like to acknowledge the unceasing support I’ve received from my family. You know you must be important to someone when you try to do something that takes a lot of “outside of work hours” and that someone lets you know about it. Without the continual support of my wife, Melanie (who also was a technical reviewer on the book!), son Alan, and daughter Megan, I don’t see how I could have finished this book. ■ INTRODUCTION xxv Introduction The inspiration for the material contained in this book comes from my experiences developing Oracle software, and from working with fellow Oracle developers to help them build reliable and robust applications based on the Oracle database. The book is basically a reflection of what I do every day and of the issues I see people encountering each and every day. I covered what I felt was most relevant, namely the Oracle database and its architecture. I could have written a similarly titled book explaining how to develop an application using a specific language and architecture—for example, one using JavaServer Pages that speaks to Enterprise JavaBeans, which in turn uses JDBC to communicate with Oracle. However, at the end of the day, you really do need to understand the topics covered in this book in order to build such an application successfully. This book deals with what I believe needs to be universally known to develop successfully with Oracle, whether you are a Visual Basic programmer using ODBC, a Java programmer using EJBs and JDBC, or a Perl programmer using DBI Perl. This book does not promote any specific application architecture; it does not compare three tier to client/server. Rather, it covers what the database can do and what you must understand about the way it works. Since the database is at the heart of any application architecture, the book should have a broad audience. As the title suggests, Expert Oracle Database Architecture concentrates on the database architecture and how the database itself works. I cover the Oracle database architecture in depth: the files, memory structures, and processes that comprise an Oracle database and instance. I then move on to discuss important database topics such as locking, concurrency controls, how transactions work, and redo and undo, and why it is important for you to know about these things. Lastly, I examine the physical structures in the database such as tables, indexes, and datatypes, covering techniques for making optimal use of them. What This Book Is About One of the problems with having plenty of development options is that it’s sometimes hard to figure out which one might be the best choice for your particular needs. Everyone wants as much flexibility as possible (as many choices as they can possibly have), but they also want things to be very cut and dried—in other words, easy. Oracle presents developers with almost unlimited choice. No one ever says, “You can’t do that in Oracle.” Rather, they say, “How many different ways would you like to do that in Oracle?” I hope that this book will help you make the correct choice. This book is aimed at those people who appreciate the choice but would also like some guidelines and practical implementation details on Oracle features and functions. For example, Oracle has a really neat feature called parallel execution. The Oracle documentation tells you how to use this feature and what it does. Oracle documentation does not, however, tell you when you should use this feature and, perhaps even more important, when you should not use this feature. It doesn’t always tell you the implementation details of this feature, and if you’re not aware of them, this can come back to haunt you (I’m not referring to bugs, but the way the feature is supposed to work and what it was really designed to do). ■ INTRODUCTION xxvi In this book I strove to not only describe how things work, but also explain when and why you would consider using a particular feature or implementation. I feel it is important to understand not only the “how” behind things, but also the “when” and “why” as well as the “when not” and “why not!” Who Should Read This Book The target audience for this book is anyone who develops applications with Oracle as the database back end. It is a book for professional Oracle developers who need to know how to get things done in the database. The practical nature of the book means that many sections should also be very interesting to the DBA. Most of the examples in the book use SQL*Plus to demonstrate the key features, so you won’t find out how to develop a really cool GUI—but you will find out how the Oracle database works, what its key features can do, and when they should (and should not) be used. This book is for anyone who wants to get more out of Oracle with less work. It is for anyone who wants to see new ways to use existing features. It is for anyone who wants to see how these features can be applied in the real world (not just examples of how to use the feature, but why the feature is relevant in the first place). Another category of people who would find this book of interest is technical managers in charge of the developers who work on Oracle projects. In some respects, it is just as important that they understand why knowing the database is crucial to success. This book can provide ammunition for managers who would like to get their personnel trained in the correct technologies or ensure that personnel already know what they need to know. To get the most out of this book, the reader should have • Knowledge of SQL. You don’t have to be the best SQL coder ever, but a good working knowledge will help. • An understanding of PL/SQL. This isn’t a prerequisite, but it will help you to absorb the examples. This book will not, for example, teach you how to program a FOR loop or declare a record type; the Oracle documentation and numerous books cover this well. However, that’s not to say that you won’t learn a lot about PL/SQL by reading this book. You will. You’ll become very intimate with many features of PL/SQL, you’ll see new ways to do things, and you’ll become aware of packages/features that perhaps you didn’t know existed. • Exposure to some third-generation language (3GL), such as C or Java. I believe that anyone who can read and write code in a 3GL language will be able to successfully read and understand the examples in this book. • Familiarity with the Oracle Concepts manual. A few words on that last point: due to the Oracle documentation set’s vast size, many people find it to be somewhat intimidating. If you’re just starting out or haven’t read any of it as yet, I can tell you that the Oracle Concepts manual is exactly the right place to start. It’s about 400 pages long (I know that because I wrote some of the pages and edited every one) and touches on many of the major Oracle concepts that you need to know about. It may not give you each and every technical detail (that’s what the other 10,000 to 20,000 pages of documentation are for), but it will educate you on all the important concepts. This manual touches the following topics (to name a few): • The structures in the database, and how data is organized and stored • Distributed processing • Oracle’s memory architecture • Oracle’s process architecture • Schema objects you will be using (tables, indexes, clusters, and so on) ■ INTRODUCTION xxvii • Built-in datatypes and user-defined datatypes • SQL stored procedures • How transactions work • The optimizer • Data integrity • Concurrency control I will come back to these topics myself time and time again. These are the fundamentals. Without knowledge of them, you will create Oracle applications that are prone to failure. I encourage you to read through the manual and get an understanding of some of these topics. How This Book Is Structured To help you use this book, most chapters are organized into four general sections (described in the list that follows). These aren’t rigid divisions, but they will help you navigate quickly to the area you need more information on. This book has 16 chapters, and each is like a “minibook”—a virtually stand-alone component. Occasionally, I refer to examples or features in other chapters, but you could pretty much pick a chapter out of the book and read it on its own. For example, you don’t have to read Chapter 10 on database tables to understand or make use of Chapter 14 on parallelism. The format and style of many of the chapters is virtually identical: • An introduction to the feature or capability. • Why you might want to use the feature or capability (or not). I outline when you would consider using this feature and when you would not want to use it. • How to use this feature. The information here isn’t just a copy of the material in the SQL reference; rather, it’s presented in step-by-step manner: here is what you need, here is what you have to do, and these are the switches you need to go through to get started. Topics covered in this section will include: • How to implement the feature • Examples, examples, examples • How to debug this feature • Caveats of using this feature • How to handle errors (proactively) • A summary to bring it all together. There will be lots of examples and lots of code, all of which is available for download from the Source Code area of http://www.apress.com. The following sections present a detailed breakdown of the content of each chapter. Chapter 1: Developing Successful Oracle Applications This chapter sets out my essential approach to database programming. All databases are not created equal, and in order to develop database-driven applications successfully and on time, you need to understand exactly what your particular database can do and how it does it. If you do not know what ■ INTRODUCTION xxviii your database can do, you run the risk of continually reinventing the wheel—developing functionality that the database already provides. If you do not know how your database works, you are likely to develop applications that perform poorly and do not behave in a predictable manner. The chapter takes an empirical look at some applications where a lack of basic understanding of the database has led to project failure. With this example-driven approach, the chapter discusses the basic features and functions of the database that you, the developer, need to understand. The bottom line is that you cannot afford to treat the database as a black box that will simply churn out the answers and take care of scalability and performance by itself. Chapter 2: Architecture Overview This chapter covers the basics of Oracle architecture. We start with some clear definitions of two terms that are very misunderstood by many in the Oracle world, namely “instance” and “database.” We also take a quick look at the System Global Area (SGA) and the processes behind the Oracle instance, and examine how the simple act of “connecting to Oracle” takes place. Chapter 3: Files This chapter covers in depth the eight types of files that make up an Oracle database and instance. From the simple parameter file to the data and redo log files, we explore what they are, why they are there, and how we use them. Chapter 4: Memory Structures This chapter covers how Oracle uses memory, both in the individual processes (Process Global Area, or PGA, memory) and shared memory (SGA). We explore the differences between manual and automatic PGA and, in Oracle 10g, SGA memory management, and see when each is appropriate. After reading this chapter, you will have an understanding of exactly how Oracle uses and manages memory. Chapter 5: Oracle Processes This chapter offers an overview of the types of Oracle processes (server processes versus background processes). It also goes into much more depth on the differences in connecting to the database via a shared server or dedicated server process. We’ll also take a look, process by process, at most of the background processes (such as LGWR, DBWR, PMON, and SMON) that we’ll see when starting an Oracle instance and discuss the functions of each. Chapter 6: Locking and Latching Different databases have different ways of doing things (what works well in SQL Server may not work as well in Oracle), and understanding how Oracle implements locking and concurrency control is absolutely vital to the success of your application. This chapter discusses Oracle’s basic approach to these issues, the types of locks that can be applied (DML, DDL, and latches), and the problems that can arise if locking is not implemented carefully (deadlocking, blocking, and escalation). ■ INTRODUCTION xxix Chapter 7: Concurrency and Multi-versioning In this chapter, we’ll explore my favorite Oracle feature, multi-versioning, and how it affects concurrency controls and the very design of an application. Here we will see that all databases are not created equal and that their very implementation can have an impact on the design of our applications. We’ll start by reviewing the various transaction isolation levels as defined by the ANSI SQL standard and see how they map to the Oracle implementation (as well as how the other databases map to this standard). Then we’ll take a look at what implications multiversioning, the feature that allows Oracle to provide non-blocking reads in the database, might have for us. Chapter 8: Transactions Transactions are a fundamental feature of all databases—they are part of what distinguishes a database from a file system. And yet, they are often misunderstood and many developers do not even know that they are accidentally not using them. This chapter examines how transactions should be used in Oracle and also exposes some bad habits that may have been picked up when developing with other databases. In particular, we look at the implications of atomicity and how it affects statements in Oracle. We also discuss transaction control statements (COMMIT, SAVEPOINT, and ROLLBACK), integrity constraints, distributed transactions (the two-phase commit, or 2PC), and finally autonomous transactions. Chapter 9: Redo and Undo It can be said that developers do not need to understand the detail of redo and undo as much as DBAs, but developers do need to know the role they play in the database. After first defining redo, we examine what exactly a COMMIT does. We discuss how to find out how much redo is being generated and how to significantly reduce the amount of redo generated by certain operations using the NOLOGGING clause. We also investigate redo generation in relation to issues such as block cleanout and log contention. In the undo section of the chapter, we examine the role of undo data and the operations that generate the most/least undo. Finally, we investigate the infamous ORA-01555: snapshot too old error, its possible causes, and how to avoid it. Chapter 10: Database Tables Oracle now supports numerous table types. This chapter looks at each different type—heap organized (i.e., the default, “normal” table), index organized, index clustered, hash clustered, nested, temporary, and object—and discusses when, how, and why you should use them. Most of time, the heap organized table is sufficient, but this chapter will help you recognize when one of the other types might be more appropriate. Chapter 11: Indexes Indexes are a crucial aspect of your application design. Correct implementation requires an in-depth knowledge of the data, how it is distributed, and how it will be used. Too often, indexes are treated as an afterthought in application development, and performance suffers as a consequence. This chapter examines in detail the different types of indexes, including B*Tree, bitmap, function- based, and application domain indexes, and discusses where they should and should not be used. I’ll also answer some common queries in the “Frequently Asked Questions and Myths About Indexes” section, such as “Do indexes work on views?” and “Why isn’t my index getting used?” ■ INTRODUCTION xxx Chapter 12: Datatypes There are a lot of datatypes to choose from. This chapter explores each of the 22 built-in datatypes, explaining how they are implemented, and how and when to use each one. First up is a brief overview of National Language Support (NLS), a basic knowledge of which is necessary to fully understand the simple string types in Oracle. We then move on to the ubiquitous NUMBER type and look at the new Oracle 10g options for storage of numbers in the database. The LONG and LONG RAW types are covered, mostly from a historical perspective. The main objective here is to show how to deal with legacy LONG columns in applications and migrate them to the LOB type. Next, we delve into the various datatypes for storing dates and time, and investigating how to manipulate the various datatypes to get what we need from them. The ins and outs of time zone support are also covered. Next up are the LOB datatypes. We’ll cover how they are stored and what each of the many settings such as IN ROW, CHUNK, RETENTION, CACHE, and so on mean to us. When dealing with LOBs, it is important to understand how they are implemented and how they are stored by default—especially when it comes to tuning their retrieval and storage. We close the chapter by looking at the ROWID and UROWID types. These are special types, proprietary to Oracle, that represent the address of a row. We’ll cover when to use them as a column datatype in a table (which is almost never!). Chapter 13: Partitioning Partitioning is designed to facilitate the management of very large tables and indexes by implementing a divide and conquer logic—basically breaking up a table or index into many smaller and more manageable pieces. It is an area where the DBA and developer must work together to maximize application availability and performance. This chapter covers both table and index partitioning. We look at partitioning using local indexes (common in data warehouses) and global indexes (common in OLTP systems). Chapter 14: Parallel Execution This chapter introduces the concept of and uses for parallel execution in Oracle. We’ll start by looking at when parallel processing is useful and should be considered, as well as when it should not be considered. After gaining that understanding, we move on to the mechanics of parallel query, the feature most people associate with parallel execution. Next, we cover parallel DML (PDML), which allows us to perform modifications using parallel execution. We’ll see how PDML is physically implemented and why that implementation leads to a series of restrictions regarding PDML. We then move on to parallel DDL. This, in my opinion, is where parallel execution really shines. Typically, DBAs have small maintenance windows in which to perform large operations. Parallel DDL gives DBAs the ability to fully exploit the machine resources they have available, permitting them to finish large, complex operations in a fraction of the time it would take to do them serially. The chapter closes on procedural parallelism, the means by which we can execute application code in parallel. We cover two techniques here. The first is parallel pipelined functions, or the ability of Oracle to execute stored functions in parallel dynamically. The second is “do it yourself” (DIY) parallelism, whereby we design the application to run concurrently. Chapter 15: Data Loading and Unloading This first half of this chapter focuses on SQL*Loader (SQLLDR) and covers the various ways in which we can use this tool to load and modify data in the database. Issues discussed include loading delimited data, updating existing rows and inserting new ones, unloading data, and calling SQLLDR from a stored procedure. Again, SQLLDR is a well-established and crucial tool, but it is the source of many questions ■ INTRODUCTION xxxi with regard to its practical use. The second half of the chapter focuses on external tables, an alternative and highly efficient means by which to bulk load and unload data. Chapter 16: Data Encryption This chapter looks at the opportunities for encrypting data in the Oracle database. A discussion of manual “do it yourself” encryption using the built-in database package DBMS_CRYPTO is included, but not emphasized. Rather, a discussion on why you should probably not be using that package is included. The focus of this chapter is on the implementation details of Transparent Data Encryption (TDE) in the Oracle Database. This chapter focuses on how both column level and tablespace level encryption are achieved and what it means to you as a developer or DBA. Not every possible configuration possibility is described (that is what the Oracle documentation is for), but rather the practical implementation details and how they will affect you are laid out. Source Code and Updates As you work through the examples in this book, you may decide that you prefer to type in all the code by hand. Many readers choose to do this because it is a good way to get familiar with the coding techniques that are being used. Whether you want to type the code in or not, all the source code for this book is available in the Source Code section of the Apress web site (http://www.apress.com). If you like to type in the code, you can use the source code files to check the results you should be getting—they should be your first stop if you think you might have typed in an error. If you don’t like typing, then downloading the source code from the Apress web site is a must! Either way, the code files will help you with updates and debugging. Errata Apress makes every effort to make sure that there are no errors in the text or the code. However, to err is human, and as such we recognize the need to keep you informed of any mistakes as they’re discovered and corrected. Errata sheets are available for all our books at http:// www.apress.com. If you find an error that hasn’t already been reported, please let us know. The Apress web site acts as a focus for other information and support, including the code from all Apress books, sample chapters, previews of forthcoming titles, and articles on related topics. ■ SETTING UP YOUR ENVIRONMENT xxxii Setting Up Your Environment In this section, I will cover how to set up an environment capable of executing the examples in this book. Specifically: • How to set up the SCOTT/TIGER demonstration schema properly • The environment you need to have up and running • Configuring AUTOTRACE, a SQL*Plus facility • Installing Statspack • Installing and running runstats, and other custom utilities used throughout the book • The coding conventions I use in this book All of the non-Oracle supplied scripts are available for download from the www.apress.com website. Setting up the SCOTT/TIGER Schema The SCOTT/TIGER schema will often already exist in your database. It is generally included during a typical installation, but it is not a mandatory component of the database. You may install the SCOTT example schema into any database account; there is nothing magic about using the SCOTT account. You could install the EMP/DEPT tables directly into your own database account if you wish. Many of my examples in this book draw on the tables in the SCOTT schema. If you would like to be able to work along with them, you will need these tables. If you are working on a shared database, it would be advisable to install your own copy of these tables in some account other than SCOTT to avoid side effects caused by other users mucking about with the same data. Executing the Script In order to create the SCOTT demonstration tables, you will simply: • cd [ORACLE_HOME]/sqlplus/demo • run demobld.sql when connected as any user ■ Note In Oracle 10g and above, you must install the demonstration subdirectories from the Companion CD. I have reproduced the necessary components of demobld.sql below as well. ■ SETTING UP YOUR ENVIRONMENT xxxiii demobld.sql will create and populate five tables. When it is complete, it exits SQL*Plus automatically, so don't be surprised when SQL*Plus disappears after running the script—it’s supposed to do that. The standard demo tables do not have any referential integrity defined on them. Some of my examples rely on them having referential integrity. After you run demobld.sql, it is recommended you also execute the following: alter table emp add constraint emp_pk primary key(empno); alter table dept add constraint dept_pk primary key(deptno); alter table emp add constraint emp_fk_dept foreign key(deptno) references dept; alter table emp add constraint emp_fk_emp foreign key(mgr) references emp; This finishes off the installation of the demonstration schema. If you would like to drop this schema at any time to clean up, you can simply execute [ORACLE_HOME]/sqlplus/demo/demodrop.sql. This will drop the five tables and exit SQL*Plus. Creating the Schema without the Script In the event you do not have access to demobld.sql, the following is sufficient to run the examples in this book: CREATE TABLE EMP (EMPNO NUMBER(4) NOT NULL, ENAME VARCHAR2(10), JOB VARCHAR2(9), MGR NUMBER(4), HIREDATE DATE, SAL NUMBER(7, 2), COMM NUMBER(7, 2), DEPTNO NUMBER(2) ); INSERT INTO EMP VALUES (7369, 'SMITH', 'CLERK', 7902, TO_DATE('17-DEC-1980', 'DD-MON-YYYY'), 800, NULL, 20); INSERT INTO EMP VALUES (7499, 'ALLEN', 'SALESMAN', 7698, TO_DATE('20-FEB-1981', 'DD-MON-YYYY'), 1600, 300, 30); INSERT INTO EMP VALUES (7521, 'WARD', 'SALESMAN', 7698, TO_DATE('22-FEB-1981', 'DD-MON-YYYY'), 1250, 500, 30); INSERT INTO EMP VALUES (7566, 'JONES', 'MANAGER', 7839, TO_DATE('2-APR-1981', 'DD-MON-YYYY'), 2975, NULL, 20); INSERT INTO EMP VALUES (7654, 'MARTIN', 'SALESMAN', 7698, TO_DATE('28-SEP-1981', 'DD-MON-YYYY'), 1250, 1400, 30); INSERT INTO EMP VALUES (7698, 'BLAKE', 'MANAGER', 7839, TO_DATE('1-MAY-1981', 'DD-MON-YYYY'), 2850, NULL, 30); INSERT INTO EMP VALUES (7782, 'CLARK', 'MANAGER', 7839, TO_DATE('9-JUN-1981', 'DD-MON-YYYY'), 2450, NULL, 10); INSERT INTO EMP VALUES (7788, 'SCOTT', 'ANALYST', 7566, TO_DATE('09-DEC-1982', 'DD-MON-YYYY'), 3000, NULL, 20); INSERT INTO EMP VALUES (7839, 'KING', 'PRESIDENT', NULL, TO_DATE('17-NOV-1981', 'DD-MON-YYYY'), 5000, NULL, 10); INSERT INTO EMP VALUES (7844, 'TURNER', 'SALESMAN', 7698, ■ SETTING UP YOUR ENVIRONMENT xxxiv TO_DATE('8-SEP-1981', 'DD-MON-YYYY'), 1500, 0, 30); INSERT INTO EMP VALUES (7876, 'ADAMS', 'CLERK', 7788, TO_DATE('12-JAN-1983', 'DD-MON-YYYY'), 1100, NULL, 20); INSERT INTO EMP VALUES (7900, 'JAMES', 'CLERK', 7698, TO_DATE('3-DEC-1981', 'DD-MON-YYYY'), 950, NULL, 30); INSERT INTO EMP VALUES (7902, 'FORD', 'ANALYST', 7566, TO_DATE('3-DEC-1981', 'DD-MON-YYYY'), 3000, NULL, 20); INSERT INTO EMP VALUES (7934, 'MILLER', 'CLERK', 7782, TO_DATE('23-JAN-1982', 'DD-MON-YYYY'), 1300, NULL, 10); CREATE TABLE DEPT (DEPTNO NUMBER(2), DNAME VARCHAR2(14), LOC VARCHAR2(13) ); INSERT INTO DEPT VALUES (10, 'ACCOUNTING', 'NEW YORK'); INSERT INTO DEPT VALUES (20, 'RESEARCH', 'DALLAS'); INSERT INTO DEPT VALUES (30, 'SALES', 'CHICAGO'); INSERT INTO DEPT VALUES (40, 'OPERATIONS', 'BOSTON'); If you create the schema by executing the commands above, do remember to go back to the previous subsection and execute the commands to create the constraints. Setting Your Environment Most of the examples in this book are designed to run 100 percent in the SQL*Plus environment. Other than SQL*Plus though, there is nothing else to set up and configure. I can make a suggestion, however, on using SQL*Plus. Almost all of the examples in this book use DBMS_OUTPUT in some fashion. In order for DBMS_OUTPUT to work, the SQL*Plus command SQL> set serveroutput on must be issued. If you are like me, typing this in each and every time would quickly get tiresome. Fortunately, SQL*Plus allows us to setup a login.sql file, a script that is executed each and every time we start SQL*Plus. Further, it allows us to set an environment variable, SQLPATH, so that it can find this login.sql script, no matter what directory it is in. The login.sql script I use for all examples in this book is: define _editor=vi set serveroutput on size 1000000 set trimspool on set long 5000 set linesize 100 set pagesize 9999 column plan_plus_exp format a80 column global_name new_value gname set termout off define gname=idle column global_name new_value gname select lower(user) || '@' || substr( global_name, 1, decode( dot, 0, length(global_name), dot-1) ) global_name ■ SETTING UP YOUR ENVIRONMENT xxxv from (select global_name, instr(global_name,'.') dot from global_name ); set sqlprompt '&gname> ' set termout on An annotated version of this file is as follows: • define _editor=vi - Set up the default editor SQL*Plus would use. You may set that to be your favorite text editor (not a word processor) such as Notepad or emacs. • set serveroutput on size unlimited - Enable DBMS_OUTPUT to be on by default (hence we don't have to type set serveroutput on every time). Also set the default buffer size to be as large as possible. • set trimspool on - When spooling text, lines will be blank-trimmed and not fixed width. If this is set off (the default), spooled lines will be as wide as your linesize setting • set long 5000 - Sets the default number of bytes displayed when selecting LONG and CLOB columns. • set linesize 100 - Set the width of the lines displayed by SQL*Plus to be 100 characters. • set pagesize 9999 - Set the pagesize, which controls how frequently SQL*Plus prints out headings, to a big number (we get one set of headings per page). • column plan_plus_exp format a80 - This sets the default width of the explain plan output we receive with AUTOTRACE. a80 is generally wide enough to hold the full plan. The next bit in the login.sql sets up my SQL*Plus prompt for me: define gname=idle column global_name new_value gname select lower(user) || '@' || substr( global_name, 1, decode( dot, 0, length(global_name), dot-1) ) global_name from (select global_name, instr(global_name,'.') dot from global_name ); set sqlprompt '&gname> ' The directive column global_name new_value gname tells SQL*Plus to take the last value it retrieves for any column named global_name, and place it into the substitution variable gname. I then select the global_name out of the database, and concatenate this with the username I am logged in with. That makes my prompt look like this ops$tkyte@ora11gr2> so I know who I am as well as where I am. Setting up Autotrace in SQL*Plus AUTOTRACE is a facility within SQL*Plus to show us the explain plan of the queries we've executed, and the resources they used. This book makes extensive use of this facility. There is more than one way to get AUTOTRACE configured. ■ SETTING UP YOUR ENVIRONMENT xxxvi Initial Setup This is what I like to do to get AUTOTRACE working: • cd [ORACLE_HOME]/rdbms/admin • log into SQL*Plus as SYSTEM • run @utlxplan • run CREATE PUBLIC SYNONYM PLAN_TABLE FOR PLAN_TABLE; • run GRANT ALL ON PLAN_TABLE TO PUBLIC; You can replace the GRANT TO PUBLIC with some user if you want. By making it public, you let anyone trace using SQL*Plus (not a bad thing, in my opinion). This prevents every user from having to install their own plan table. The alternative is for you to run @utlxplan in every schema from which you want to use AUTOTRACE. The next step is creating and granting the PLUSTRACE role: • cd [ORACLE_HOME]/sqlplus/admin • log into SQL*Plus as SYS or AS SYSDBA • run @plustrce • run GRANT PLUSTRACE TO PUBLIC; Again, you can replace PUBLIC in the GRANT command with some user if you want. Controlling the Report You can automatically get a report on the execution path used by the SQL optimizer and the statement execution statistics. The report is generated after successful SQL DML (that is, SELECT, DELETE, UPDATE, MERGE, and INSERT) statements. It is useful for monitoring and tuning the performance of these statements. You can control the report by setting the AUTOTRACE system variable. • SET AUTOTRACE OFF - No AUTOTRACE report is generated. This is the default. • SET AUTOTRACE ON EXPLAIN - The AUTOTRACE report shows only the optimizer execution path. • SET AUTOTRACE ON STATISTICS - The AUTOTRACE report shows only the SQL statement execution statistics. • SET AUTOTRACE ON - The AUTOTRACE report includes both the optimizer execution path and the SQL statement execution statistics. • SET AUTOTRACE TRACEONLY - Like SET AUTOTRACE ON, but suppresses the printing of the user's query output, if any. Setting up Statspack StatsPack is designed to be installed when connected as SYSDBA (CONNECT/AS SYSDBA). In order to install, you must be able to connect in the SYSDBA role. In many installations, installing StatsPack will be a task that you must ask the DBA or administrators to perform. ■ SETTING UP YOUR ENVIRONMENT xxxvii Once you have the ability to connect, installing StatsPack is trivial. You simply run @spcreate.sql. This script will be found in [ORACLE_HOME]\rdbms\admin and should be executed when connected as SYSDBA via SQL*Plus. You'll need to know three pieces of information before running the spcreate.sql script. They are: • The password you would like to use for the PERFSTAT schema that will be created • The default tablespace you would like to use for PERFSTAT • The temporary tablespace you would like to use for PERFSTAT Running the script will look something like this: $ sqlplus / as sysdba SQL*Plus: Release 11.2.0.1.0 Production on Fri May 28 10:52:52 2010 Copyright (c) 1982, 2009, Oracle. All rights reserved. Connected to: Oracle Database 11g Enterprise Edition Release 11.2.0.1.0 - Production With the Partitioning, OLAP, Data Mining and Real Application Testing options sys%ORA11GR2> @spcreate Choose the PERFSTAT user's password ----------------------------------- Not specifying a password will result in the installation FAILING Enter value for perfstat_password: … … The script will prompt you for the needed information as it executes. In the event you make a typo or inadvertently cancel the installation, you should use spdrop.sql found in $ORACLE_HOME/rdbms/admin to remove the user and installed views prior to attempting another install of StatsPack. The StatsPack installation will create a file called spcpkg.lis. You should review this file for any possible errors that might have occurred. The user, views, and PL/SQL code should install cleanly, however, as long as you supplied valid tablespace names (and didn't already have a user PERFSTAT). Custom Scripts In this section, I will describe the requirements (if any) needed by various scripts used throughout this book. As well, we will investigate the code behind the scripts. Runstats Runstats is a tool I developed to compare two different methods of doing the same thing and show which one is superior. You supply the two different methods and Runstats does the rest. Runstats simply measures three key things: • Wall clock or elapsed time— This is useful to know, but not the most important piece of information. • System statistics—This shows, side by side, how many times each approach did something (such as a parse call, for example) and the difference between the two. • Latching—This is the key output of this report. ■ SETTING UP YOUR ENVIRONMENT xxxviii As we’ll see in this book, latches are a type of lightweight lock. Locks are serialization devices. Serialization devices inhibit concurrency. Applications that inhibit concurrency are less scalable, can support fewer users, and require more resources. Our goal is always to build applications that have the potential to scale—ones that can service one user as well as 1,000 or 10,000. The less latching we incur in our approaches, the better off we will be. I might choose an approach that takes longer to run on the wall clock but that uses 10 percent of the latches. I know that the approach that uses fewer latches will scale substantially better than the approach that uses more latches. Runstats is best used in isolation; that is, on a single-user database. We will be measuring statistics and latching (locking) activity that result from our approaches. We do not want other sessions to contribute to the system’s load or latching while this is going on. A small test database is perfect for these sorts of tests. I frequently use my desktop PC or laptop, for example. ■ Note I believe all developers should have a test bed database they control to try ideas on, without needing to ask a DBA to do something all of the time. Developers definitely should have a database on their desktop, given that the licensing for the personal developer version is simply “use it to develop and test with, do not deploy, and you can just have it.” This way, there is nothing to lose! Also, I've taken some informal polls at conferences and seminars. Virtually every DBA out there started as a developer! The experience and training developers could get by having their own database—being able to see how it really works—pays dividends in the long run. In order to use Runstats, you need to set up access to several V$ views, create a table to hold the statistics, and create the Runstats package. You will need access to four V$ tables (those magic, dynamic performance tables): V$STATNAME, V$MYSTAT, V$TIMER and V$LATCH. Here is a view I use: create or replace view stats as select 'STAT...' || a.name name, b.value from v$statname a, v$mystat b where a.statistic# = b.statistic# union all select 'LATCH.' || name, gets from v$latch union all select 'STAT...Elapsed Time', hsecs from v$timer; ■ Note The actual object names you need to be granted access to will be V_$STATNAME, V_$MYSTAT, and so on—that is, the object name to use in the grant will start with V_$ not V$. The V$ name is a synonym that points to the underlying view with a name that starts with V_$. So, V$STATNAME is a synonym that points to V_$STATNAME – a view. You need to be granted access to the view. You can either have SELECT on V$STATNAME, V$MYSTAT, V$TIMER, and V$LATCH granted directly to you (so you can create the view yourself) or you can have someone that does have SELECT on those objects create the view for you and grant SELECT privileges on the view to you. ■ SETTING UP YOUR ENVIRONMENT xxxix Once you have that set up, all you need is a small table to collect the statistics: create global temporary table run_stats ( runid varchar2(15), name varchar2(80), value int ) on commit preserve rows; Last, you need to create the package that is Runstats. It contains three simple API calls: • RS_START (Runstats Start) to be called at the beginning of a Runstats test • RS_MIDDLE to be called in the middle, as you might have guessed • RS_STOP to finish off and print the report The specification is as follows: ops$tkyte%ORA11GR2> create or replace package runstats_pkg 2 as 3 procedure rs_start; 4 procedure rs_middle; 5 procedure rs_stop( p_difference_threshold in number default 0 ); 6 end; 7 / Package created. The parameter, p_difference_threshold, is used to control the amount of data printed at the end. Runstats collects statistics and latching information for each run, and then prints a report of how much of a resource each test (each approach) used and the difference between them. You can use this input parameter to see only the statistics and latches that had a difference greater than this number. By default, this is zero, and you see all of the outputs. Next, we'll look at the package body procedure by procedure. The package begins with some global variables. These will be used to record the elapsed times for our runs: ops$tkyte%ORA11GR2> create or replace package body runstats_pkg 2 as 3 4 g_start number; 5 g_run1 number; 6 g_run2 number; 7 Next is the RS_START routine. This will simply clear out our statistics holding table and then populate it with the "before" statistics and latches. It will then capture the current timer value, a clock of sorts that we can use to compute elapsed times in hundredths of seconds: 8 procedure rs_start 9 is 10 begin 11 delete from run_stats; 12 13 insert into run_stats 14 select 'before', stats.* from stats; 15 ■ SETTING UP YOUR ENVIRONMENT xl 16 g_start := dbms_utility.get_cpu_time; 17 end; 18 Next is the RS_MIDDLE routine. This procedure simply records the elapsed time for the first run of our test in G_RUN1. Then it inserts the current set of statistics and latches. If we were to subtract these values from the ones we saved previously in RS_START, we could discover how many latches the first method used, how many cursors (a statistic) it used, and so on. Last, it records the start time for our next run: 19 procedure rs_middle 20 is 21 begin 22 g_run1 := (dbms_utility.get_cpu_time-g_start); 23 24 insert into run_stats 25 select 'after 1', stats.* from stats; 26 g_start := dbms_utility.get_cpu_time; 27 28 end; 29 The next and final routine in this package is the RS_STOP routine. Its job is to print out the aggregate CPU times for each run and then print out the difference between the statistic/latching values for each of the two runs (only printing out those that exceed the threshold): 30 procedure rs_stop(p_difference_threshold in number default 0) 31 is 32 begin 33 g_run2 := (dbms_utility.get_cpu_time-g_start); 34 35 dbms_output.put_line 36 ( 'Run1 ran in ' || g_run1 || ' cpu hsecs' ); 37 dbms_output.put_line 38 ( 'Run2 ran in ' || g_run2 || ' cpu hsecs' ); 39 if ( g_run2 <> 0 ) 40 then 41 dbms_output.put_line 42 ( 'run 1 ran in ' || round(g_run1/g_run2*100,2) || 43 '% of the time' ); 44 end if; 45 dbms_output.put_line( chr(9) ); 46 47 insert into run_stats 48 select 'after 2', stats.* from stats; 49 50 dbms_output.put_line 51 ( rpad( 'Name', 30 ) || lpad( 'Run1', 12 ) || 52 lpad( 'Run2', 12 ) || lpad( 'Diff', 12 ) ); 53 54 for x in 55 ( select rpad( a.name, 30 ) || 56 to_char( b.value-a.value, '999,999,999' ) || 57 to_char( c.value-b.value, '999,999,999' ) || ■ SETTING UP YOUR ENVIRONMENT xli 58 to_char( ( (c.value-b.value)-(b.value-a.value)), '999,999,999' ) data 59 from run_stats a, run_stats b, run_stats c 60 where a.name = b.name 61 and b.name = c.name 62 and a.runid = 'before' 63 and b.runid = 'after 1' 64 and c.runid = 'after 2' 65 66 and abs( (c.value-b.value) - (b.value-a.value) ) 67 > p_difference_threshold 68 order by abs( (c.value-b.value)-(b.value-a.value)) 69 ) loop 70 dbms_output.put_line( x.data ); 71 end loop; 72 73 dbms_output.put_line( chr(9) ); 74 dbms_output.put_line 75 ( 'Run1 latches total versus runs -- difference and pct' ); 76 dbms_output.put_line 77 ( lpad( 'Run1', 12 ) || lpad( 'Run2', 12 ) || 78 lpad( 'Diff', 12 ) || lpad( 'Pct', 10 ) ); 79 80 for x in 81 ( select to_char( run1, '999,999,999' ) || 82 to_char( run2, '999,999,999' ) || 83 to_char( diff, '999,999,999' ) || 84 to_char( round( run1/decode( run2, 0, to_number(0), run2) *100,2 ), '99,999.99' ) || '%' data 85 from ( select sum(b.value-a.value) run1, sum(c.value-b.value) run2, 86 sum( (c.value-b.value)-(b.value-a.value)) diff 87 from run_stats a, run_stats b, run_stats c 88 where a.name = b.name 89 and b.name = c.name 90 and a.runid = 'before' 91 and b.runid = 'after 1' 92 and c.runid = 'after 2' 93 and a.name like 'LATCH%' 94 ) 95 ) loop 96 dbms_output.put_line( x.data ); 97 end loop; 98 end; 99 100 end; 101 / Package body created. Now you are ready to use Runstats. By way of example, we'll demonstrate how to use Runstats to see which is more efficient, a single bulk INSERT versus row-by-row processing. We’ll start by setting up two tables into which we’ll insert 1,000,000 rows (the BIG_TABLE creation script is provided later in this section): ■ SETTING UP YOUR ENVIRONMENT xlii ops$tkyte%ORA11GR2> create table t1 2 as 3 select * from big_table.big_table 4 where 1=0; Table created. ops$tkyte%ORA11GR2> create table t2 2 as 3 select * from big_table.big_table 4 where 1=0; Table created. And now we are ready to perform the first method of inserting the records, using a single SQL statement. We start by calling RUNSTATS_PKG.RS_START: ops$tkyte%ORA11GR2> exec runstats_pkg.rs_start; PL/SQL procedure successfully completed. ops$tkyte%ORA11GR2> insert into t1 2 select * 3 from big_table.big_table 4 where rownum <= 1000000; 1000000 rows created. ops$tkyte%ORA11GR2> commit; Commit complete. Now we are ready to perform the second method, row by row insertion of data: ops$tkyte%ORA11GR2> exec runstats_pkg.rs_middle; PL/SQL procedure successfully completed. ops$tkyte%ORA11GR2> begin 2 for x in ( select * 3 from big_table.big_table 4 where rownum <= 1000000 ) 5 loop 6 insert into t2 values X; 7 end loop; 8 commit; 9 end; 10 / PL/SQL procedure successfully completed. And finally, we’ll generate the report: ops$tkyte%ORA11GR2> exec runstats_pkg.rs_stop(1000000) Run1 ran in 411 cpu hsecs Run2 ran in 6192 cpu hsecs run 1 ran in 6.64% of the time Name Run1 Run2 Diff STAT...opened cursors cumulati 213 1,000,365 1,000,152 STAT...execute count 213 1,000,372 1,000,159 ■ SETTING UP YOUR ENVIRONMENT xliii LATCH.shared pool 2,820 1,006,421 1,003,601 STAT...recursive calls 3,256 1,014,103 1,010,847 STAT...physical read total byt 122,503,168 124,395,520 1,892,352 STAT...cell physical IO interc 122,503,168 124,395,520 1,892,352 STAT...physical read bytes 122,503,168 124,395,520 1,892,352 STAT...db block changes 110,810 2,087,125 1,976,315 STAT...file io wait time 5,094,828 438,102 -4,656,726 LATCH.cache buffers chains 571,469 5,510,416 4,938,947 STAT...undo change vector size 3,885,808 67,958,316 64,072,508 STAT...redo size 120,944,520 379,497,588 258,553,068 Run1 latches total versus runs -- difference and pct Run1 Run2 Diff Pct 804,522 6,840,599 6,036,077 11.76% PL/SQL procedure successfully completed. This confirms you have the RUNSTATS_PKG package installed and shows you why you should use a single SQL statement instead of a bunch of procedural code when developing applications whenever possible! Mystat Mystat.sql and its companion, mystat2.sql, are used to show the increase in some Oracle “statistic” before and after some operation. Mystat.sql captures the begin value of some statistic set echo off set verify off column value new_val V define S="&1" set autotrace off select a.name, b.value from v$statname a, v$mystat b where a.statistic# = b.statistic# and lower(a.name) like '%' || lower('&S')||'%' / set echo on and mystat2.sql reports the difference (&V is populated by running the first script, mystat.sql—it uses the SQL*Plus NEW_VAL feature for that. It contains the last VALUE selected from the query above): set echo off set verify off select a.name, b.value V, to_char(b.value-&V,'999,999,999,999') diff from v$statname a, v$mystat b where a.statistic# = b.statistic# and lower(a.name) like '%' || lower('&S')||'%' / set echo on ■ SETTING UP YOUR ENVIRONMENT xliv For example, to see how much redo is generated by some UPDATE statement we can: big_table@ORA11GR2> @mystat "redo size" big_table@ORA11GR2> set echo off NAME VALUE ------------------------------ ---------- redo size 496 big_table@ORA11GR2> update big_table set owner = lower(owner) 2 where rownum <= 1000; 1000 rows updated. big_table@ORA11GR2> @mystat2 big_table@ORA11GR2> set echo off NAME V DIFF ------------------------------ ---------- ---------------- redo size 89592 89,096 This shows our UPDATE of 1,000 rows generated 89,096 bytes of redo. Show_Space The SHOW_SPACE routine prints detailed space utilization information for database segments. Here is the interface to it: ops$tkyte@ORA11GR2> desc show_space PROCEDURE show_space Argument Name Type In/Out Default? ------------------------------ ----------------------- ------ -------- P_SEGNAME VARCHAR2 IN P_OWNER VARCHAR2 IN DEFAULT P_TYPE VARCHAR2 IN DEFAULT P_PARTITION VARCHAR2 IN DEFAULT The arguments are as follows: • P_SEGNAME - Name of the segment—the table or index name, for example. • P_OWNER - Defaults to the current user, but you can use this routine to look at some other schema. • P_TYPE - Defaults to TABLE and represents the type of object you are looking at. For example, select distinct segment_type from dba_segments lists valid segment types. • P_PARTITION - Name of the partition when you show the space for a partitioned object. SHOW_SPACE shows space for only a partition at a time. The output of this routine looks as follows, when the segment resides in an Automatic Segment Space Management (ASSM) tablespace: ■ SETTING UP YOUR ENVIRONMENT xlv big_table@ORA11GR2> exec show_space('BIG_TABLE'); Unformatted Blocks ..................... 0 FS1 Blocks (0-25) ..................... 0 FS2 Blocks (25-50) ..................... 0 FS3 Blocks (50-75) ..................... 0 FS4 Blocks (75-100)..................... 0 Full Blocks ..................... 14,469 Total Blocks............................ 15,360 Total Bytes............................. 125,829,120 Total MBytes............................ 120 Unused Blocks........................... 728 Unused Bytes............................ 5,963,776 Last Used Ext FileId.................... 4 Last Used Ext BlockId................... 43,145 Last Used Block......................... 296 PL/SQL procedure successfully completed. The items reported are as follows: • Unformatted Blocks – The number of blocks that are allocated to the table below the high water mark, but have not been used. Add unformatted and unused blocks together to get a total count of blocks allocated to the table but never used to hold data in an ASSM object. • FS1 Blocks-FS4 Blocks – Formatted blocks with data. The ranges of numbers after their name represent the emptiness of each block. For example, (0-25) is the count of blocks that are between 0 and 25 percent empty. • Full Blocks – The number of blocks that are so full that they are no longer candidates for future inserts. • Total Blocks, Total Bytes, Total Mbytes - The total amount of space allocated to the segment measured in database blocks, bytes, and megabytes. • Unused Blocks, Unused Bytes – Represents a portion of the amount of space never used. These are blocks allocated to the segment but are currently above the high water mark of the segment • Last Used Ext FileId – The file ID of the file that contains the last extent that contains data. • Last Used Ext BlockId – The block ID of the beginning of the last extent; the block ID within the last-used file. • Last Used Block – The block ID offset of the last block used in the last extent. When you use SHOW_SPACE to look at objects in user space managed tablespaces, the output resembles this: big_table@ORA11GR2> exec show_space( 'BIG_TABLE' ) Free Blocks............................. 1 Total Blocks............................ 147,456 Total Bytes............................. 1,207,959,552 Total MBytes............................ 1,152 Unused Blocks........................... 1,616 Unused Bytes............................ 13,238,272 Last Used Ext FileId.................... 7 ■ SETTING UP YOUR ENVIRONMENT xlvi Last Used Ext BlockId................... 139,273 Last Used Block......................... 6,576 PL/SQL procedure successfully completed. The only difference is the Free Blocks item at the beginning of the report. This is a count of the blocks in the first freelist group of the segment. My script reports only on this freelist group. You would need to modify the script to accommodate multiple freelist groups. The commented code follows. This utility is a simple layer on top of the DBMS_SPACE API in the database. create or replace procedure show_space ( p_segname in varchar2, p_owner in varchar2 default user, p_type in varchar2 default 'TABLE', p_partition in varchar2 default NULL ) -- this procedure uses authid current user so it can query DBA_* -- views using privileges from a ROLE and so it can be installed -- once per database, instead of once per user that wants to use it authid current_user as l_free_blks number; l_total_blocks number; l_total_bytes number; l_unused_blocks number; l_unused_bytes number; l_LastUsedExtFileId number; l_LastUsedExtBlockId number; l_LAST_USED_BLOCK number; l_segment_space_mgmt varchar2(255); l_unformatted_blocks number; l_unformatted_bytes number; l_fs1_blocks number; l_fs1_bytes number; l_fs2_blocks number; l_fs2_bytes number; l_fs3_blocks number; l_fs3_bytes number; l_fs4_blocks number; l_fs4_bytes number; l_full_blocks number; l_full_bytes number; -- inline procedure to print out numbers nicely formatted -- with a simple label procedure p( p_label in varchar2, p_num in number ) is begin dbms_output.put_line( rpad(p_label,40,'.') || to_char(p_num,'999,999,999,999') ); end; begin -- this query is executed dynamically in order to allow this procedure -- to be created by a user who has access to DBA_SEGMENTS/TABLESPACES -- via a role as is customary. -- NOTE: at runtime, the invoker MUST have access to these two -- views! -- this query determines if the object is an ASSM object or not begin ■ SETTING UP YOUR ENVIRONMENT xlvii execute immediate 'select ts.segment_space_management from dba_segments seg, dba_tablespaces ts where seg.segment_name = :p_segname and (:p_partition is null or seg.partition_name = :p_partition) and seg.owner = :p_owner and seg.tablespace_name = ts.tablespace_name' into l_segment_space_mgmt using p_segname, p_partition, p_partition, p_owner; exception when too_many_rows then dbms_output.put_line ( 'This must be a partitioned table, use p_partition => '); return; end; -- if the object is in an ASSM tablespace, we must use this API -- call to get space information, else we use the FREE_BLOCKS -- API for the user managed segments if l_segment_space_mgmt = 'AUTO' then dbms_space.space_usage ( p_owner, p_segname, p_type, l_unformatted_blocks, l_unformatted_bytes, l_fs1_blocks, l_fs1_bytes, l_fs2_blocks, l_fs2_bytes, l_fs3_blocks, l_fs3_bytes, l_fs4_blocks, l_fs4_bytes, l_full_blocks, l_full_bytes, p_partition); p( 'Unformatted Blocks ', l_unformatted_blocks ); p( 'FS1 Blocks (0-25) ', l_fs1_blocks ); p( 'FS2 Blocks (25-50) ', l_fs2_blocks ); p( 'FS3 Blocks (50-75) ', l_fs3_blocks ); p( 'FS4 Blocks (75-100)', l_fs4_blocks ); p( 'Full Blocks ', l_full_blocks ); else dbms_space.free_blocks( segment_owner => p_owner, segment_name => p_segname, segment_type => p_type, freelist_group_id => 0, free_blks => l_free_blks); p( 'Free Blocks', l_free_blks ); end if; -- and then the unused space API call to get the rest of the -- information dbms_space.unused_space ( segment_owner => p_owner, segment_name => p_segname, segment_type => p_type, partition_name => p_partition, total_blocks => l_total_blocks, ■ SETTING UP YOUR ENVIRONMENT xlviii total_bytes => l_total_bytes, unused_blocks => l_unused_blocks, unused_bytes => l_unused_bytes, LAST_USED_EXTENT_FILE_ID => l_LastUsedExtFileId, LAST_USED_EXTENT_BLOCK_ID => l_LastUsedExtBlockId, LAST_USED_BLOCK => l_LAST_USED_BLOCK ); p( 'Total Blocks', l_total_blocks ); p( 'Total Bytes', l_total_bytes ); p( 'Total MBytes', trunc(l_total_bytes/1024/1024) ); p( 'Unused Blocks', l_unused_blocks ); p( 'Unused Bytes', l_unused_bytes ); p( 'Last Used Ext FileId', l_LastUsedExtFileId ); p( 'Last Used Ext BlockId', l_LastUsedExtBlockId ); p( 'Last Used Block', l_LAST_USED_BLOCK ); end; / Big_Table For examples throughout this book, I use a table called BIG_TABLE. Depending on which system I use, this table has between one record and four million records and varies in size from 200MB to 800MB. In all cases, the table structure is the same. To create BIG_TABLE, I wrote a script that does the following: • Creates an empty table based on ALL_OBJECTS. This dictionary view is used to populate the BIG_TABLE. • Makes this table NOLOGGING. This is optional. I did it for performance. Using NOLOGGING mode for a test table is safe; you won't use it in a production system, so features like Oracle Data Guard will not be enabled. • Populates the table by seeding it with the contents of ALL_OBJECTS and then iteratively inserting into itself, approximately doubling its size on each iteration. • Creates a primary key constraint on the table. • Gathers statistics. To build the BIG_TABLE table, you can run the following script at the SQL*Plus prompt and pass in the number of rows you want in the table. The script will stop when it hits that number of rows. create table big_table as select rownum id, a.* from all_objects a where 1=0 / alter table big_table nologging; declare l_cnt number; l_rows number := &1; begin insert /*+ append */ ■ SETTING UP YOUR ENVIRONMENT xlix into big_table select rownum, a.* from all_objects a where rownum <= &1; l_cnt := sql%rowcount; commit; while (l_cnt < l_rows) loop insert /*+ APPEND */ into big_table select rownum+l_cnt, OWNER, OBJECT_NAME, SUBOBJECT_NAME, OBJECT_ID, DATA_OBJECT_ID, OBJECT_TYPE, CREATED, LAST_DDL_TIME, TIMESTAMP, STATUS, TEMPORARY, GENERATED, SECONDARY, NAMESPACE, EDITION_NAME from big_table where rownum <= l_rows-l_cnt; l_cnt := l_cnt + sql%rowcount; commit; end loop; end; / alter table big_table add constraint big_table_pk primary key(id); exec dbms_stats.gather_table_stats( user, 'BIG_TABLE', estimate_percent=> 1); I estimated baseline statistics on the table. The index associated with the primary key will have statistics computed automatically when it is created. Coding Conventions The one coding convention I use in this book that I would like to point out is how I name variables in PL/SQL code. For example, consider a package body like this: create or replace package body my_pkg as g_variable varchar2(25); procedure p( p_variable in varchar2 ) is l_variable varchar2(25); begin null; end; end; / Here I have three variables: a global package variable, G_VARIABLE; a formal parameter to the procedure, P_VARIABLE; and a local variable, L_VARIABLE. I name my variables after the scope they are contained in. All globals begin with G_, parameters with P_, and local variables with L_. The main reason ■ SETTING UP YOUR ENVIRONMENT l for this is to distinguish PL/SQL variables from columns in a database table. For example, a procedure such as create procedure p( ENAME in varchar2 ) as begin for x in ( select * from emp where ename = ENAME ) loop Dbms_output.put_line( x.empno ); end loop; end; would always print out every row in the EMP table where ENAME is not null. SQL sees ename = ENAME, and compares the ENAME column to itself (of course). We could use ename = P.ENAME; that is, qualify the reference to the PL/SQL variable with the procedure name, but this is too easy to forget, leading to errors. I just always name my variables after the scope. That way, I can easily distinguish parameters from local variables and global variables, in addition to removing any ambiguity with respect to column names and variable names. C H A P T E R 1 ■ ■ ■ 1 Developing Successful Oracle Applications I spend the bulk of my time working with Oracle database software and, more to the point, with people who use this software. Over the last eighteen years, I’ve worked on many projects—successful ones as well as complete failures—and if I were to encapsulate my experiences into a few broad statements, here’s what they would be: • An application built around the database—dependent on the database—will succeed or fail based on how it uses the database. As a corollary to this—all applications are built around databases; I can’t think of a single useful application that doesn’t store data persistently somewhere. • Applications come, applications go. The data, however, lives forever. It is not about building applications; it really is about the data underneath these applications. • A development team needs at its heart a core of database-savvy coders who are responsible for ensuring the database logic is sound and the system is built to perform from day one. Tuning after the fact—tuning after deployment—means you did not build it that way. These may seem like surprisingly obvious statements, but in my experience, too many people approach the database as if it were a black box—something that they don’t need to know about. Maybe they have a SQL generator that will save them from the hardship of having to learn SQL. Maybe they figure they’ll just use it like a flat file and do “keyed reads.” Whatever they assume, I can tell you that thinking along these lines is most certainly misguided; you simply can’t get away with not understanding the database. This chapter will discuss why you need to know about the database, specifically why you need to understand: • The database architecture, how it works, and what it looks like. • What concurrency controls are, and what they mean to you. • How to tune your application from day one. • How some things are implemented in the database, which is not necessarily the same as how you think they should be implemented. • What features your database already provides and why it is generally better to use a provided feature than to build your own. CHAPTER 1 ■ DEVELOPING SUCCESSFUL ORACLE APPLICATIONS 2 • Why you might want more than a cursory knowledge of SQL. • That the DBA and developer staff are on the same team, not enemy camps trying to outsmart each other at every turn. Now this may seem like a long list of things to learn before you start, but consider this analogy for a second: if you were developing a highly scalable, enterprise application on a brand-new operating system (OS), what would be the first thing you’d do? Hopefully you answered, “Find out how this new OS works, how things will run on it, and so on.” If that wasn’t your answer, you’d most likely fail. Consider, for example, Windows vs. Linux. If you are a long-time Windows programmer and were asked to develop a new application on the Linux platform, you’d have to relearn a couple of things. Memory management is done differently. Building a server process is considerably different—under Windows, you would develop a single process, a single executable with many threads. Under Linux, you wouldn’t develop a single standalone executable; you’d have many processes working together. It is true that both Windows and Linux are operating systems. They both provide many of the same services to developers—file management, memory management, process management, security, and so on. However, they are very different architecturally—much of what you learned in the Windows environment won’t apply to Linux (and vice versa, to be fair). You have to unlearn to be successful. The same is true of your database environment. What is true of applications running natively on operating systems is true of applications that will run on a database: understanding that database is crucial to your success. If you don’t understand what your particular database does or how it does it, your application will fail. If you assume that because your application ran fine on SQL Server, it will necessarily run fine on Oracle, again your application is likely to fail. And, to be fair, the opposite is true —a scalable, well-developed Oracle application will not necessarily run on SQL Server without major architectural changes. Just as Windows and Linux are both operating systems but fundamentally different, Oracle and SQL Server (pretty much any database could be noted here) are both databases but fundamentally different. My Approach Before we begin, I feel it is only fair that you understand my approach to development. I tend to take a database-centric approach to problems. If I can do it in the database, I will. There are a couple of reasons for this—the first and foremost being that I know that if I build functionality in the database, I can deploy it anywhere. I am not aware of a popular, commercially viable server operating system on which Oracle is not available—from Windows to dozens of UNIX and Linux systems, to AIX and more—the same exact Oracle software and options are available. I frequently build and test solutions on my laptop, running Oracle11g or Oracle10g under Linux or Windows on a virtual machine. I can then deploy them on a variety of servers running the same database software but different operating systems. When I have to implement a feature outside of the database, I find it extremely hard to deploy that feature anywhere I want. One of the main features that makes the Java language appealing to many people—the fact that their programs are always compiled in the same virtual environment, the Java Virtual Machine (JVM), and so are highly portable—is the exact same feature that make the database appealing to me. The database is my virtual machine. It is my virtual operating system. So I try to do everything I can in the database. If my requirements go beyond what the database environment can offer, I do it in Java outside of the database. In this way, almost every operating system intricacy will be hidden from me. I still have to understand how my “virtual machines” work (Oracle, and occasionally a JVM)—you need to know the tools you are using—but they, in turn, worry about how best to do things on a given OS for me. Thus, simply knowing the intricacies of this one “virtual OS” allows you to build applications that will perform and scale well on many operating systems. I don’t mean to imply that you can be totally ignorant of your underlying OS, just that as a software developer building database applications you can be fairly well insulated from it, and you will not have to deal with many of its nuances. Your DBA, CHAPTER 1 ■ DEVELOPING SUCCESSFUL ORACLE APPLICATIONS 3 responsible for running the Oracle software, will be infinitely more in tune with the OS (if he or she is not, please get a new DBA!). If you develop client-server software and the bulk of your code is outside of the database and outside of a VM (Java virtual machines being perhaps the most popular VM), of course you’ll have to be concerned about your OS once again. I have a pretty simple mantra when it comes to developing database software, one that has been consistent for many years: • You should do it in a single SQL statement if at all possible. And believe it or not, it is almost always possible. • If you can’t do it in a single SQL Statement, do it in PL/SQL—as little PL/SQL as possible! Follow the saying that goes “more code = more bugs, less code = less bugs.” • If you can’t do it in PL/SQL, try a Java stored procedure. The times this is necessary are extremely rare nowadays with Oracle9i and above. • If you can’t do it in Java, do it in a C external procedure. This is most frequently the approach when raw speed or using a third-party API written in C is needed. • If you can’t do it in a C external routine, you might want to seriously think about why it is you need to do it. Throughout this book, you will see the above philosophy implemented. We’ll use PL/SQL—and object types in PL/SQL—to do things that SQL itself can’t do or can’t do efficiently. PL/SQL has been around for a very long time—over twenty years of tuning (as of 2010) has gone into it; in fact, in Oracle10g, the PL/SQL compiler itself was rewritten to be an optimizing compiler for the first time. You’ll find no other language so tightly coupled with SQL, nor any as optimized to interact with SQL. Working with SQL in PL/SQL is a very natural thing—whereas in virtually every other language from Visual Basic to Java, using SQL can feel cumbersome. It never quite feels “natural”— it’s not an extension of the language itself. When PL/SQL runs out of steam—which is exceedingly rare today with current database releases—we’ll use Java. Occasionally, we’ll do something in C, but typically only when C is the only choice, or when the raw speed offered by C is required. Often, this last reason goes away with native compilation of Java—the ability to convert your Java bytecode into operating system-specific object code on your platform. This lets Java run just as fast as C in many cases. The Black Box Approach I have an idea, borne out by first-hand personal experience (meaning I made the mistake myself), as to why database-backed software development efforts so frequently fail. Let me be clear that I’m including here those projects that may not be documented as failures, but nevertheless take much longer to roll out and deploy than originally planned because of the need to perform a major rewrite, re-architecture, or tuning effort. Personally, I call such delayed projects failures: more often than not they could have been completed on schedule (or even faster). The single most common reason for failure is a lack of practical knowledge of the database—a basic lack of understanding of the fundamental tool that is being used. The black box approach involves a conscious decision to protect the developers from the database. They are actually encouraged not to learn anything about it! In many cases, they are prevented from exploiting it. The reasons for this approach appear to be FUD-related (Fear, Uncertainty, and Doubt). Developers have heard that databases are “hard,” that SQL, transactions, and data integrity are “hard.” The solution—don’t make anyone do anything hard. They treat the database as a black box and have some software tool generate all of the code. They try to insulate themselves with many layers of protection so that they don’t have to touch this “hard” database. CHAPTER 1 ■ DEVELOPING SUCCESSFUL ORACLE APPLICATIONS 4 This is an approach to database development that I’ve never been able to understand, in part because, for me, learning Java and C was a lot harder then learning the concepts behind the database. I’m now pretty good at Java and C but it took a lot more hands-on experience for me to become competent using them than it did to become competent using the database. With the database, you need to be aware of how it works but you don’t have to know everything inside and out. When programming in C or Java/J2EE, you do need to know everything inside and out—and these are huge languages. If you are building a database application, the most important piece of software is the database. A successful development team will appreciate this and will want its people to know about it, to concentrate on it. Many times I’ve walked into a project where almost the opposite was true. A typical scenario would be as follows: • The developers were fully trained in the GUI tool or the language they were using to build the front end (such as Java). In many cases, they had had weeks if not months of training in it. • The team had zero hours of Oracle training and zero hours of Oracle experience. Most had no database experience whatsoever. They would also have a mandate to be “database independent” —a mandate they couldn’t hope to follow for many reasons. The most obvious one is they didn’t know enough about what databases are or what they do to even find the lowest common denominator among them. • The developers encountered massive performance problems, data integrity problems, hanging issues, and the like (but very pretty screens). As a result of the inevitable performance problems, I now get called in to help solve the difficulties (in the past, I was the cause of such issues). On one particular occasion, I couldn’t fully remember the syntax of a new command we needed to use. I asked for the SQL Reference manual—and I was handed an Oracle 6.0 document. The development was taking place on version 7.3, five years after the release of version.6.0! It was all they had to work with, but this did not seem to concern them at all. Never mind the fact that the tool they really needed to know about for tracing and tuning didn’t really exist in version 6. Never mind the fact that features such as triggers, stored procedures, and many hundreds of others had been added in the five years since that documentation was written. It was very easy to determine why they needed help—fixing their problems was another issue all together. ■ Note Even today, I often find that the developers of database applications have spent no time reading the documentation. On my web site, asktom.oracle.com, I frequently get questions along the lines of “what is the syntax for …” coupled with “we don’t have the documentation so please just tell us.” I refuse to directly answer many of those questions, but rather point them to the online documentation freely available to anyone, anywhere in the world. In the last 15 years, the excuses of “we don’t have documentation” or “we don’t have access to resources” have virtually disappeared. The expansion of the Web and sites like otn.oracle.com (the Oracle Technology Network) and groups.google.com (Internet discussion forums) makes it inexcusable to not have a full set of documentation at your finger tips! Today, everyone has access to all of the documentation; they just have to read it or—even easier—search it. The very idea that developers building a database application should be shielded from the database is amazing to me, but that attitude persists. Many people still insist that developers can’t take the time to CHAPTER 1 ■ DEVELOPING SUCCESSFUL ORACLE APPLICATIONS 5 get trained in the database and, basically, that they shouldn’t have to know anything about the database. Why? Well, more than once I’ve heard “... but Oracle is the most scalable database in the world, my people don’t have to learn about it, it’ll just work.” That’s true; Oracle is the most scalable database in the world. However, I can write bad code that does not scale in Oracle as easily—if not more easily—as I can write good, scalable code in Oracle. You can replace Oracle with any piece of software and the same is true. This is a fact: it is easier to write applications that perform poorly than it is to write applications that perform well. It is sometimes too easy to build a single-user system in the world’s most scalable database if you don’t know what you are doing. The database is a tool and the improper use of any tool can lead to disaster. Would you take a nutcracker and smash walnuts with it as if it were a hammer? You could, but it wouldn’t be a proper use of that tool and the result would be a mess (and probably some seriously hurt fingers). Similar effects can be achieved by remaining ignorant of your database. I was called into a project that was in trouble. The developers were experiencing massive performance issues—it seemed their system was serializing many transactions, that is—so instead of many people working concurrently, everyone was getting into a really long line and waiting for everyone in front of them to complete. The application architects walked me through the architecture of their system—the classic 3-tier approach. They would have a web browser talk to a middle tier application server running Java Server Pages (JSPs). The JSPs would in turn utilize another layer—Enterprise Java Beans (EJBs)—that did all of the SQL. The SQL in the EJBs was generated by some third-party tool and was done in a database-independent fashion. Now, in this system it was very hard to diagnose anything, as none of the code was instrumented or traceable. Instrumenting code is the fine art of making every other line of developed code be debug code of some sort—so when you are faced with performance or capacity or even logic issues, you can track down exactly where the problem is. In this case, we could only locate the problem somewhere between the browser and the database—in other words, the entire system was suspect. The Oracle database is heavily instrumented, but the application needs to be able to turn the instrumentation on and off at appropriate points—something it was not designed to do. So, we were faced with trying to diagnose a performance issue with not too many details, just what we could glean from the database itself. Fortunately, in this case it was fairly easy. When someone who knew the Oracle V$ tables (the V$ tables are one way Oracle exposes its instrumentation, its statistics, to us) reviewed them, it became apparent that the major contention was around a single table—a queue table of sorts. The application would place records into this table while another set of processes would pull the records out of this table and process them. Digging deeper, we found a bitmap index on a column in this table (see the later chapter on indexing for more information about bitmapped indexes). The reasoning was that this column, the processed-flag column, had only two values—Y and N. As records were inserted, they would have a value of N for not processed. As the other processes read and processed the record, they would update the N to Y to indicate that processing was done. The developers needed to find the N records rapidly and hence knew they wanted to index that column. They had read somewhere that bitmap indexes are for low-cardinality columns—columns that have but a few distinct values—so it seemed a natural fit. (Go ahead, use Google to search for when to use bitmap indexes; low- cardinality will be there over and over.) But that bitmap index was the cause of all of their problems. In a bitmap index, a single key entry points to many rows, hundreds or more of them. If you update a bitmap index key, the hundreds of records that key points to are locked as well. So, someone inserting the new record with N would lock the N record in the bitmap index, effectively locking hundreds of other N records as well. Meanwhile, the process trying to read this table and process the records would be prevented from modifying some N record to be a Y (processed) record, because in order for it to update this column from N to Y, it would need to lock that same bitmap index key. In fact, other sessions just trying to insert a new record into this table would be blocked as well, as they would be attempting to lock the same bitmap key entry. In short, the developers had created a table that at most one person would be able to insert or update against at a time! We can see this easily using a simple scenario. CHAPTER 1 ■ DEVELOPING SUCCESSFUL ORACLE APPLICATIONS 6 ■ Note I will use autonomous transactions throughout this book to demonstrate locking, blocking, and concurrency issues. It is my firm belief that autonomous transactions are a feature that Oracle should not have exposed to developers—for the simple reason that most developers do not know when and how to use them properly. The improper use of an autonomous transaction can and will lead to logical data-integrity corruption issues. Beyond using them as a demonstration tool, autonomous transactions have exactly one other use—as an error-logging mechanism. If you wish to log an error in an exception block, you need to log that error into a table and commit it—without committing anything else. That would be a valid use of an autonomous transaction. If you find yourself using an autonomous transaction outside the scope of logging an error or demonstrating a concept, you are almost surely doing something very wrong. Here, I will use an autonomous transaction in the database to have two concurrent transactions in a single session. An autonomous transaction starts a “subtransaction” separate and distinct from any already established transaction in the session. The autonomous transaction behaves as if it were in an entirely different session—for all intents and purposes, the parent transaction is suspended. The autonomous transaction can be blocked by the parent transaction (as we’ll see) and, further, the autonomous transaction can’t see uncommitted modifications made by the parent transaction. For example: ops$tkyte%ORA11GR2>>> create table t 2 ( processed_flag varchar2(1) 3 ); Table created. ops$tkyte%ORA11GR2> create bitmap index 2 t_idx on t(processed_flag); Index created. ops$tkyte%ORA11GR2> insert into t values ( 'N' ); 1 row created. ops$tkyte%ORA11GR2> declare 2 pragma autonomous_transaction; 3 begin 4 insert into t values ( 'N' ); 5 commit; 6 end; 7 / declare * ERROR at line 1: ORA-00060: deadlock detected while waiting for resource ORA-06512: at line 4 CHAPTER 1 ■ DEVELOPING SUCCESSFUL ORACLE APPLICATIONS 7 Since I used an autonomous transaction and created a subtransaction, I received a deadlock— meaning my second insert was blocked by my first insert. Had I used two separate sessions, no deadlock would have occurred. Instead, the second insert would have just blocked and waited for the first transaction to commit or roll back. This symptom is exactly what the project in question was facing—the blocking, serialization issue. So we had an issue whereby not understanding the database feature (bitmap indexes) and how it worked doomed the database to poor scalability from the start. To further compound the problem, there was no reason for the queuing code to ever have been written. The database has built-in queuing capabilities and has had them since version 8.0 of Oracle—which was released in 1997. This built-in queuing feature gives you the ability to have many producers (the sessions that insert the N, the unprocessed records) concurrently put messages into an inbound queue and have many consumers (the sessions that look for N records to process) concurrently receive these messages. That is, no special code should have been written in order to implement a queue in the database. The developers should have used the built-in feature. And they might have, except they were completely unaware of it. Fortunately, once this issue was discovered, correcting the problem was easy. We did need an index on the processed-flag column, just not a bitmap index. We needed a conventional B*Tree index. It took a bit of convincing to get one created. No one wanted to believe that conventionally indexing a column with two distinct values was a good idea. But after setting up a simulation (I am very much into simulations, testing, and experimenting), we were able to prove it was not only the correct approach but also that it would work very nicely. When we created the index, we had to choose between the following approaches: • Just create an index on the processed-flag column. • Create an index only on the processed-flag column when the processed flag is N, that is, only index the values of interest. We typically don’t want to use an index when the processed flag is Y since the vast majority of the records in the table have the value Y. Notice that I did not say “We never want to use….” You might want to very frequently count the number of processed records for some reason, and then an index on the processed records might well come in very handy. In the chapter on indexing, we’ll go into more detail on both types. In the end, we created a very small index on just the records where the processed flag was N. Access to those records was extremely fast and the vast majority of Y records did not contribute to this index at all. We used a function-based index on a function decode( processed_flag, 'N', 'N' ) to return either N or NULL—since an entirely NULL key is not placed into a conventional B*Tree index, we ended up only indexing the N records. Was that the end of the story? No, not at all. My client still had a less than optimal solution on its hands. They still had to serialize on the “dequeue” of an unprocessed record. We could easily find the first unprocessed record—quickly— using select * from queue_table where decode( processed_flag, 'N', 'N') = 'N' FOR UPDATE, but only one session at a time could perform that operation. The project was using Oracle 10g and therefore could not yet make use of the relatively new SKIP LOCKED feature added in Oracle 11g Release 1. SKIP LOCKED would permit many sessions to concurrently find the first unlocked, unprocessed record, lock that record, and process it. Instead, we had to implement code to find the first unlocked record and lock it manually. Such code would in general look like the following in Oracle 10g and before. We begin by creating a table with the requisite index described above and populate it with some data: ops$tkyte%ORA11GR2> create table t 2 ( id number primary key, 3 processed_flag varchar2(1), 4 payload varchar2(20) 5 ); CHAPTER 1 ■ DEVELOPING SUCCESSFUL ORACLE APPLICATIONS 8 Table created. ops$tkyte%ORA11GR2> create index 2 t_idx on 3 t( decode( processed_flag, 'N', 'N' ) ); Index created. ops$tkyte%ORA11GR2> ops$tkyte%ORA11GR2> insert into t 2 select r, 3 case when mod(r,2) = 0 then 'N' else 'Y' end, 4 'payload ' || r 5 from (select level r 6 from dual 7 connect by level <= 5) 8 / 5 rows created. ops$tkyte%ORA11GR2> select * from t; ID P PAYLOAD ---------- - -------------------- 1 Y payload 1 2 N payload 2 3 Y payload 3 4 N payload 4 5 Y payload 5 Then we basically need to find any and all unprocessed records. One by one we ask the database “Is this row locked already? If not, then lock it and give it to me.” That code would look like: ops$tkyte%ORA11GR2> create or replace 2 function get_first_unlocked_row 3 return t%rowtype 4 as 5 resource_busy exception; 6 pragma exception_init( resource_busy, -54 ); 7 l_rec t%rowtype; 8 begin 9 for x in ( select rowid rid 10 from t 11 where decode(processed_flag,'N','N') = 'N') 12 loop 13 begin 14 select * into l_rec 15 from t 16 where rowid = x.rid and processed_flag='N' 17 for update nowait; 18 return l_rec; 19 exception 20 when resource_busy then null; when no_data_found then null; CHAPTER 1 ■ DEVELOPING SUCCESSFUL ORACLE APPLICATIONS 9 21 end; 22 end loop; 23 return null; 24 end; 25 / Function created. ■ Note In the above code, I ran some DDL—the CREATE OR REPLACE. Right before DDL runs, it automatically commits, so there was an implicit COMMIT in there. The rows we’ve inserted are committed in the database—and that fact is necessary for the following examples to work correctly. In general, I’ll use that fact in the remainder of the book. If you run these examples without performing the CREATE OR REPLACE, make sure to COMMIT first! Now, if we use two different transactions, we can see that both get different records. We also see that both get different records concurrently (using autonomous transactions once again to demonstrate the concurrency issues): ops$tkyte%ORA11GR2> declare 2 l_rec t%rowtype; 3 begin 4 l_rec := get_first_unlocked_row; 5 dbms_output.put_line( 'I got row ' || l_rec.id || ', ' || l_rec.payload ); 6 end; 7 / I got row 2, payload 2 PL/SQL procedure successfully completed. ops$tkyte%ORA11GR2> ops$tkyte%ORA11GR2> declare 2 pragma autonomous_transaction; 3 l_rec t%rowtype; 4 begin 5 l_rec := get_first_unlocked_row; 6 dbms_output.put_line( 'I got row ' || l_rec.id || ', ' || l_rec.payload ); 7 commit; 8 end; 9 / I got row 4, payload 4 PL/SQL procedure successfully completed. Now, in Oracle 11g Release 1 and above, we can achieve the above logic using the SKIP LOCKED clause. In the following example we’ll do two concurrent transactions again, observing that they each find and lock separate records concurrently. ops$tkyte%ORA11GR2> declare 2 l_rec t%rowtype; 3 cursor c 4 is CHAPTER 1 ■ DEVELOPING SUCCESSFUL ORACLE APPLICATIONS 10 5 select * 6 from t 7 where decode(processed_flag,'N','N') = 'N' 8 FOR UPDATE 9 SKIP LOCKED; 10 begin 11 open c; 12 fetch c into l_rec; 13 if ( c%found ) 14 then 15 dbms_output.put_line( 'I got row ' || l_rec.id || ', ' || l_rec.payload ); 16 end if; 17 close c; 18 end; 19 / I got row 2, payload 2 PL/SQL procedure successfully completed. ops$tkyte%ORA11GR2> ops$tkyte%ORA11GR2> declare 2 pragma autonomous_transaction; 3 l_rec t%rowtype; 4 cursor c 5 is 6 select * 7 from t 8 where decode(processed_flag,'N','N') = 'N' 9 FOR UPDATE 10 SKIP LOCKED; 11 begin 12 open c; 13 fetch c into l_rec; 14 if ( c%found ) 15 then 16 dbms_output.put_line( 'I got row ' || l_rec.id || ', ' || l_rec.payload ); 17 end if; 18 close c; 19 commit; 20 end; 21 / I got row 4, payload 4 PL/SQL procedure successfully completed. Both of the preceding “solutions” would help to solve the second serialization problem my client was having when processing messages. But how much easier would the solution have been if my client had just used Advanced Queuing and invoked DBMS_AQ.DEQUEUE? To fix the serialization issue for the message producer, we had to implement a function-based index. To fix the serialization issue for the consumer, we had to use that function-based index to retrieve the records and write code. So we fixed their major problem, caused by not fully understanding the tools they were using and found only after lots of looking and study since the system was not nicely instrumented. What we hadn’t fixed yet were the following issues: CHAPTER 1 ■ DEVELOPING SUCCESSFUL ORACLE APPLICATIONS 11 • The application was built without a single consideration for scaling at the database level. • The application was performing functionality (the queue table) that the database already supplied in a highly concurrent and scalable fashion. I’m referring to the Advance Queuing (AQ) software that is burned into the database, functionality they were trying to reinvent. • Experience shows that 80 to 90 percent of all tuning is done at the application level, not at the database level. • The developers had no idea what the beans did in the database or where to look for potential problems. This was hardly the end of the problems on this project. We also had to figure out • How to tune SQL without changing the SQL. In general, that is very hard to do. Oracle10g and above do permit us to accomplish this magic feat for the first time to some degree with SQL Profiles, and 11g and above with extended statistics. But inefficient SQL will remain inefficient SQL. • How to measure performance. • How to see where the bottlenecks were. • How and what to index. And so on. At the end of the week the developers, who had been insulated from the database, were amazed at what the database could actually provide for them and how easy it was to get that information. Most importantly, they saw how big of a difference taking advantage of database features could make to the performance of their application. In the end, they were successful—just behind schedule by a couple of weeks. My point about the power of database features is not a criticism of tools or technologies like Hibernate, EJBs, and container-managed persistence. It is a criticism of purposely remaining ignorant of the database and how it works and how to use it. The technologies used in this case worked well—after the developers got some insight into the database itself. The bottom line is that the database is typically the cornerstone of your application. If it does not work well, nothing else really matters. If you have a black box and it does not work, what are you going to do about it? About the only thing you can do is look at it and wonder why it is not working very well. You can’t fix it, you can’t tune it. Quite simply, you do not understand how it works—and you made the decision to be in this position. The alternative is the approach that I advocate: understand your database, know how it works, know what it can do for you, and use it to its fullest potential. How (and How Not) to Develop Database Applications That’s enough hypothesizing, for now at least. In the remainder of this chapter, I will take a more empirical approach, discussing why knowledge of the database and its workings will definitely go a long way towards a successful implementation (without having to write the application twice!). Some problems are simple to fix as long as you understand how to find them. Others require drastic rewrites. One of the goals of this book is to help you avoid the problems in the first place. CHAPTER 1 ■ DEVELOPING SUCCESSFUL ORACLE APPLICATIONS 12 ■ Note In the following sections, I discuss certain core Oracle features without delving into exactly what these features are and all of the ramifications of using them. I will refer you either to a subsequent chapter in this book or to the relevant Oracle documentation for more information. Understanding Oracle Architecture I have worked with many customers running large production applications—applications that had been “ported” from another database (for example, SQL Server) to Oracle. I quote “ported” simply because most ports I see reflect a “what is the least change we can make to have our SQL Server code compile and execute on Oracle” perspective. The applications that result from that line of thought are frankly the ones I see most often, because they are the ones that need the most help. I want to make clear, however, that I am not bashing SQL Server in this respect—the opposite is true! Taking an Oracle application and just plopping it down on top of SQL Server with as few changes as possible results in the same poorly performing code in reverse; the problem goes both ways. In one particular case, however, the SQL Server architecture and how you use SQL Server really impacted the Oracle implementation. The stated goal was to scale up, but these folks did not want to really port to another database. They wanted to port with as little work as humanly possible, so they kept the architecture basically the same in the client and database layers. This decision had two important ramifications: • The connection architecture was the same in Oracle as it had been in SQL Server. • The developers used literal (nonbound) SQL. These two ramifications resulted in a system that could not support the required user load (the database server simply ran out of available memory), and in a system that had abysmal performance. Use a Single Connection in Oracle Now, in SQL Server it is a very common practice to open a connection to the database for each concurrent statement you want to execute. If you are going to do five queries, you might well see five connections in SQL Server. In Oracle, on the other hand, if you want to do five queries or five hundred, the maximum number of connections you want to open is one. So, a practice that is common in SQL Server is something that is not only not encouraged in Oracle, it is actively discouraged; having multiple connections to the database is just something you don’t want to do. But do it they did. A simple web-based application would open 5, 10, 15, or more connections per web page, meaning that their server could support only 1/5, 1/10, or 1/15 the number of concurrent users that it should have been able to. Moreover, they were attempting to run the database on the Windows platform itself—just a plain Windows server without access to the “data center” version of Windows. This meant that the Windows single-process architecture limited the Oracle database server to about 1.75GB of RAM in total. Since each Oracle connection took at least a certain fixed amount of RAM, their ability to scale up the number of users using the application was severely limited. They had 8GB of RAM on the server, but could only use about 2GB of it. CHAPTER 1 ■ DEVELOPING SUCCESSFUL ORACLE APPLICATIONS 13 ■ Note There are ways to use more RAM in a 32-bit Windows environment, such as with the /AWE switch, but they required versions of the operating system that were not in use in this situation. There were three approaches to correcting this problem, and all three entailed quite a bit of work— and this was after the “port” was complete! The options were: • Re-architect the application to allow it to take advantage of the fact that it was running “on” Oracle, and use a single connection to generate a page, not somewhere between 5 to 15 connections. This is the only solution that would actually solve the problem. • Upgrade the operating system (no small chore) and utilize the larger memory model of the Windows Data Center version (itself not a small chore either as it involves a rather complicated database setup with indirect data buffers and other non-standard settings. • Migrate the database from a Windows-based OS to some other OS where multiple processes are used, effectively allowing the database to utilize all installed RAM. On a 32-bit Windows platform, you are limited to about 2GB of RAM for the combined PGA/SGA regions (2GB for both, together) since they are allocated by a single process. Using a multi-process platform that was also 32-bit would limit you to about 2GB for the SGA and 2GB per process for the PGA, going much further than the 32-bit Windows platform. As you can see, none of these are an “OK, we’ll do that this afternoon” sort of solutions. Each is a complex solution to a problem that could have most easily been corrected during the database port phase, while you were in the code poking around and changing things in the first place. Furthermore, a simple test to scale before rolling out to production would have caught such issues prior to the end users feeling the pain. Use Bind Variables If I were to write a book about how to build non-scalable Oracle applications, “Don’t Use Bind Variables” would be the first and last chapter. Not using bind variables is a major cause of performance issues and a major inhibitor of scalability—not to mention a security risk of huge proportions. The way the Oracle shared pool (a very important shared-memory data structure) operates is predicated on developers using bind variables in most cases. If you want to make Oracle run slowly, even grind to a total halt, just refuse to use them. A bind variable is a placeholder in a query. For example, to retrieve the record for employee 123, I can query: select * from emp where empno = 123; Alternatively, I can query: select * from emp where empno = :empno; In a typical system, you would query up employee 123 maybe once and then never again. Later, you would query up employee 456, then 789, and so on. Or, foregoing SELECT statements, if you do not use bind variables in your insert statements, your primary key values will be hard-coded in them, and I know CHAPTER 1 ■ DEVELOPING SUCCESSFUL ORACLE APPLICATIONS 14 for a fact that insert statement can’t ever be reused later!!! If you use literals (constants) in the query, then every query is a brand-new query, never before seen by the database. It will have to be parsed, qualified (names resolved), security-checked, optimized, and so on. In short, each and every unique statement you execute will have to be compiled every time it is executed. The second query uses a bind variable, :empno, the value of which is supplied at query execution time. This query is compiled once and then the query plan is stored in a shared pool (the library cache), from which it can be retrieved and reused. The difference between the two in terms of performance and scalability is huge, dramatic even. From the above description, it should be fairly obvious that parsing unique statements with hard- coded variables (called a hard parse) will take longer and consume many more resources than reusing an already parsed query plan (called a soft parse). What may not be so obvious is the extent to which the former will reduce the number of users your system can support. Obviously, this is due in part to the increased resource consumption, but an even more significant factor arises due to the latching mechanisms for the library cache. When you hard-parse a query, the database will spend more time holding certain low-level serialization devices called latches (see the chapter Locking and Latching for more details). These latches protect the data structures in Oracle’s shared memory from concurrent modifications by two sessions (otherwise Oracle would end up with corrupt data structures) and from someone reading a data structure while it is being modified. The longer and more frequently you have to latch these data structures, the longer the queue to get these latches will become. You will start to monopolize scarce resources. Your machine may appear to be underutilized at times, and yet everything in the database is running very slowly. The likelihood is that someone is holding one of these serialization mechanisms and a line is forming—you are not able to run at top speed. It only takes one ill-behaved application in your database to dramatically affect the performance of every other application. A single, small application that does not use bind variables will cause the relevant SQL of other well-tuned applications to get discarded from the shared pool over time. You only need one bad apple to spoil the entire barrel. If you use bind variables, then everyone who submits the same exact query that references the same object will use the compiled plan from the pool. You will compile your subroutine once and use it over and over again. This is very efficient and is the way the database intends you to work. Not only will you use fewer resources (a soft parse is much less resource-intensive), but also you will hold latches for less time and need them less frequently. This increases your performance and greatly increases your scalability. Just to give you a tiny idea of how huge a difference this can make performance-wise, you only need to run a very small test. In this test, we’ll just be inserting some rows into a table; the simple table we will use is: ops$tkyte%ORA11GR2> create table t ( x int ); Table created. Now we’ll create two very simple stored procedures. They both will insert the numbers 1 through 10,000 into this table; however, the first procedure uses a single SQL statement with a bind variable: ops$tkyte%ORA11GR2> create or replace procedure proc1 2 as 3 begin 4 for i in 1 .. 10000 5 loop 6 execute immediate 7 'insert into t values ( :x )' using i; 8 end loop; 9 end; 10 / Procedure created. CHAPTER 1 ■ DEVELOPING SUCCESSFUL ORACLE APPLICATIONS 15 The second procedure constructs a unique SQL statement for each row to be inserted: ops$tkyte%ORA11GR2> create or replace procedure proc2 2 as 3 begin 4 for i in 1 .. 10000 5 loop 6 execute immediate 7 'insert into t values ( '||i||')'; 8 end loop; 9 end; 10 / Procedure created. Now, the only difference between the two is that one uses a bind variable and the other does not. Both are using dynamic SQL and the logic is identical. The only difference is the use of a bind variable in the first. We are ready to evaluate the two approaches and we’ll use runstats, a simple tool I’ve developed, to compare the two in detail: ■ Note For details on runstats and other utilities, please see the appendix on Tools & Scripts used in this book. ops$tkyte%ORA11GR2> exec runstats_pkg.rs_start PL/SQL procedure successfully completed. ops$tkyte%ORA11GR2> exec proc1 PL/SQL procedure successfully completed. ops$tkyte%ORA11GR2> exec runstats_pkg.rs_middle PL/SQL procedure successfully completed. ops$tkyte%ORA11GR2> exec proc2 PL/SQL procedure successfully completed. ops$tkyte%ORA11GR2> exec runstats_pkg.rs_stop(10000) Run1 ran in 65 cpu hsecs Run2 ran in 1224 cpu hsecs run 1 ran in 5.31% of the time ■ Note You may not observe exactly the same values for cpu, nor in fact for any metric, as I report here. Differences will be caused by different Oracle versions, different operating systems, or different hardware platforms. The idea will be the same, but the exact numbers will undoubtedly be marginally different. Now, the preceding result clearly shows that based on CPU time, it took significantly longer and significantly more resources to insert 10,000 rows without bind variables than it did with them. In fact, it CHAPTER 1 ■ DEVELOPING SUCCESSFUL ORACLE APPLICATIONS 16 took almost 20 times as much CPU time to insert the rows without bind variables. For every insert without bind variables, we spent the vast preponderance of the time to execute the statement simply parsing the statement! But it gets worse. When we look at other information, we can see a significant difference in the resources utilized by each approach: Name Run1 Run2 Diff STAT...parse count (hard) 5 10,010 10,005 STAT...parse count (total) 34 10,055 10,021 STAT...consistent gets from ca 78 10,120 10,042 STAT...consistent gets 135 10,290 10,155 STAT...consistent gets from ca 135 10,290 10,155 LATCH.simulator hash latch 83 10,990 10,907 STAT...db block gets from cach 10,440 30,364 19,924 STAT...db block gets 10,440 30,364 19,924 STAT...db block gets from cach 79 20,041 19,962 LATCH.enqueues 40 20,372 20,332 LATCH.enqueue hash chains 74 20,414 20,340 STAT...session logical reads 10,575 40,654 30,079 STAT...recursive calls 10,326 40,960 30,634 LATCH.kks stats 23 65,141 65,118 STAT...session uga memory 0 65,512 65,512 STAT...session pga memory 0 65,536 65,536 LATCH.cache buffers chains 51,532 120,773 69,241 LATCH.shared pool simulator 42 104,558 104,516 LATCH.row cache objects 294 184,697 184,403 LATCH.shared pool 20,302 446,397 426,095 LATCH.JS slv state obj latch 1 435,890 435,889 Run1 latches total versus runs -- difference and pct Run1 Run2 Diff Pct 73,082 1,411,695 1,338,613 5.18% PL/SQL procedure successfully completed. The runstats utility produces a report that shows differences in latch utilization as well as differences in statistics. Here I asked runstats to print out anything with a difference greater than 10,000. You can see that we hard parsed 4 times in the first approach using bind variables, and that we hard parsed over 10,000 times without bind variables (once for each of the inserts). But that difference in hard parsing is just the tip of the iceberg. You can see here that we used almost 20 times as many “latches” in the non-bind variable approach as we did with bind variables. That difference might beg the question “What is a latch?” Let’s answer that question. A latch is a type of lock that is used to serialize access to shared data structures used by Oracle. The shared pool is an example; it’s a big shared data structure found in the System Global Area (SGA), and this is where Oracle stores parsed, compiled SQL. When you modify this shared structure, you must take care to allow only one process in at a time. (It is very bad if two processes or threads attempt to update the same in-memory data structure simultaneously—corruption would abound). So, Oracle employs a latching mechanism, a lightweight locking method to serialize access. Don’t be fooled by the word lightweight. Latches are serialization devices, allowing access one process at a time. The latches used by the hard-parsing implementation are some of the most used latches out there. These include the latches for the shared pool and for the library cache. Those are “big time” latches that people compete for frequently. What all this means is that as we increase the number of users attempting to hard parse statements simultaneously, our performance gets progressively worse CHAPTER 1 ■ DEVELOPING SUCCESSFUL ORACLE APPLICATIONS 17 over time. The more people parsing, the more people waiting in line to latch the shared pool, the longer the queues, the longer the wait. Executing SQL statements without bind variables is very much like compiling a subroutine before each method call. Imagine shipping Java source code to your customers where, before calling a method in a class, they had to invoke the Java compiler, compile the class, run the method, and then throw away the byte code. Next time they wanted to execute the same method, they would do the same thing: compile it, run it, and throw it away. You would never consider doing this in your application; you should never consider doing this in your database either. Another impact of not using bind variables, for developers employing string concatenation, is security—specifically something called SQL injection. If you are not familiar with this term, I encourage you to put aside this book for a moment and, using the search engine of your choice, look up SQL injection. There are almost one million hits returned for it as I write this edition. The problem of SQL injection is well-documented. ■ Note SQL injection is a security hole whereby the developer accepts input from an end user and concatenates that input into a query, then compiles and executes that query. In effect, the developer accepts snippets of SQL code from the end user, then compiles and executes those snippets. That approach allows the end user to potentially modify the SQL statement so that it does something the application developer never intended. It’s almost like leaving a terminal open with a SQL Plus session logged in and connected as SYSDBA. You are just begging someone to come by and type in some command, compile it, and then execute it. The results can be disastrous. It is a fact that if you do not use bind variables, that if you use the string concatenation technique in PROC2 shown earlier, your code is subject to SQL injection attacks and must be carefully reviewed. And it should be reviewed by people who don’t actually like the developer who wrote the code—because the code must be reviewed critically and objectively. If the reviewers are peers of the code author, or worse, friends or subordinates, the review will not be as critical as it should be. Developed code that does not use bind variables must be viewed with suspicion—it should be the exceptional case where bind variables are not used, not the norm. To demonstrate how insidious SQL injection can be, I present this small routine: ops$tkyte%ORA11GR2> create or replace procedure inj( p_date in date ) 2 as 3 l_rec all_users%rowtype; 4 c sys_refcursor; 5 l_query long; 6 begin 7 l_query := ' 8 select * 9 from all_users 10 where created = ''' ||p_date ||''''; 11 12 dbms_output.put_line( l_query ); 13 open c for l_query; 14 15 for i in 1 .. 5 16 loop 17 fetch c into l_rec; CHAPTER 1 ■ DEVELOPING SUCCESSFUL ORACLE APPLICATIONS 18 18 exit when c%notfound; 19 dbms_output.put_line( l_rec.username || '.....' ); 20 end loop; 21 close c; 22 end; 23 / Procedure created. ■ Note This code prints out only five records at most. It was developed to be executed in an “empty” schema. A schema with lots of existing tables could cause various effects that differ from the results shown below. One effect could be that you don’t see the table I’m trying to show you in the example—that would be because we print out only five records. Another might be a numeric or value error—that would be due to a long table name. None of these facts invalidate the example; they could all be worked around by someone wanting to steal your data. Now, most developers I know would look at that code and say that it’s safe from SQL injection. They would say this because the input to the routine must be an Oracle DATE variable, a 7-byte binary format representing a century, year, month, day, hour, minute, and second. There is no way that DATE variable could change the meaning of my SQL statement. As it turns out, they are very wrong. This code can be “injected”—modified at runtime, easily—by anyone who knows how (and, obviously, there are people who know how!). If you execute the procedure the way the developer “expects” the procedure to be executed, this is what you might expect to see: ops$tkyte%ORA11GR2> exec inj( sysdate ) select * from all_users where created = '09-DEC-09' PL/SQL procedure successfully completed. This result shows the SQL statement being safely constructed—as expected. So, how could someone use this routine in a nefarious way? Well, suppose you’ve got another developer in this project—the evil developer. The developers have access to execute that procedure, to see the users created in the database today, but they don’t have access to any of the other tables in the schema that owns this procedure. Now, they don’t know what tables exist in this schema—the security team has decided “security via obscurity” is good—so they don’t allow anyone to publish the table names anywhere. So, they don’t know that the following table in particular exists: ops$tkyte%ORA11GR2> create table user_pw 2 ( uname varchar2(30) primary key, 3 pw varchar2(30) 4 ); Table created. ops$tkyte%ORA11GR2> insert into user_pw 2 ( uname, pw ) 3 values ( 'TKYTE', 'TOP SECRET' ); CHAPTER 1 ■ DEVELOPING SUCCESSFUL ORACLE APPLICATIONS 19 1 row created. ops$tkyte%ORA11GR2> commit; Commit complete. The pw table looks like a pretty important table, but remember, users do not know it exists. However, they do have access to the INJ routine: ops$tkyte%ORA11GR2> grant execute on inj to scott; Grant succeeded. So the evil developer/user, can simply execute: scott%ORA11GR2> alter session set 2 nls_date_format = '"''union select tname,0,null from tab--"'; Session altered. scott%ORA11GR2> exec ops$tkyte.inj( sysdate ) select * from all_users where created = ''union select tname,0,null from tab--' USER_PW..... PL/SQL procedure successfully completed. Now, that NLS_DATE_FORMAT is interesting—most people don’t even know you can include character string literals with the NLS_DATE_FORMAT. (Heck, many people don’t even know you can change the date format like that even without this “trick.”) What the malicious user did here was to trick your code into querying a table you did not intend him to query using your set of privileges. The TAB dictionary view limits its view to the set of tables the current schema can see. When users run the procedure, the current schema used for authorization is the owner of that procedure (you, in short, not them). They can now see what tables reside in that schema. They see that table USER_PW and say “hmmm, sounds interesting.” So, they try to access that table: scott%ORA11GR2> select * from ops$tkyte.user_pw; select * from ops$tkyte.user_pw * ERROR at line 1: ORA-00942: table or view does not exist The malicious user can’t access the table directly; he lacks the SELECT privilege on the table. Not to worry, however, there is another way. The user wants to know about the columns in the table. Here’s one way to find out more about the table’s structure: scott%ORA11GR2> alter session set 2 nls_date_format = '"''union select tname||cname,0,null from col--"'; Session altered. scott%ORA11GR2> exec ops$tkyte.inj( sysdate ) select * from all_users where created = ''union select CHAPTER 1 ■ DEVELOPING SUCCESSFUL ORACLE APPLICATIONS 20 tname||cname,0,null from col--' USER_PWPW..... USER_PWUNAME..... There we go, we know the column names. Now that we know the table names and the column names of tables in that schema, we can change the NLS_DATE_FORMAT one more time to query that table— not the dictionary tables. So the malicious user can next do the following: scott%ORA11GR2> alter session set 2 nls_date_format = '"''union select uname,0,null from user_pw--"'; Session altered. scott%ORA11GR2> exec ops$tkyte.inj( sysdate ) select * from all_users where created = ''union select uname,0,null from user_pw--' TKYTE..... PL/SQL procedure successfully completed. scott%ORA11GR2> alter session set 2 nls_date_format = '"''union select pw,0,null from user_pw--"'; Session altered. scott%ORA11GR2> exec ops$tkyte.inj( sysdate ) select * from all_users where created = ''union select pw,0,null from user_pw--' TOP SECRET..... PL/SQL procedure successfully completed. And there we go—that evil developer/user now has your sensitive username and password information. How could you have protected yourself? By using bind variables. For example: ops$tkyte%ORA11GR2> create or replace procedure NOT_inj( p_date in date ) 2 as 3 l_rec all_users%rowtype; 4 c sys_refcursor; 5 l_query long; 6 begin 7 l_query := ' 8 select * 9 from all_users 10 where created = :x'; 11 12 dbms_output.put_line( l_query ); 13 open c for l_query USING P_DATE; 14 15 for i in 1 .. 5 CHAPTER 1 ■ DEVELOPING SUCCESSFUL ORACLE APPLICATIONS 21 16 loop 17 fetch c into l_rec; 18 exit when c%notfound; 19 dbms_output.put_line( l_rec.username || '.....' ); 20 end loop; 21 close c; 22 end; 23 / Procedure created. ops$tkyte%ORA11GR2> ops$tkyte%ORA11GR2> exec NOT_inj(sysdate) select * from all_users where created = :x PL/SQL procedure successfully completed. It is a plain and simple fact that if you use bind variables you can’t be subject to SQL injection. If you do not use bind variables, you have to meticulously inspect every single line of code and think like an evil genius (one who knows everything about Oracle, every single thing) and see if there is a way to attack that code. I don’t know about you, but if I could be sure that 99.9999 percent of my code was not subject to SQL injection and only had to worry about the remaining 0.0001 percent (that couldn’t use a bind variable for whatever reason), I’d sleep much better at night than if I had to worry about 100 percent of my code being subject to SQL injection. In any case, on the particular project I began describing at the beginning of this section, rewriting the existing code to use bind variables was the only possible course of action. The resulting code ran orders of magnitude faster and increased many times the number of simultaneous users that the system could support. And the code was more secure—the entire codebase did not need to be reviewed for SQL injection issues. However, that security came at a high price in terms of time and effort, because my client had to code the system and then code it again. It is not that using bind variables is hard, or error- prone, it’s just that they did not use them initially and thus were forced to go back and revisit virtually all of the code and change it. My client would not have paid this price if the developers had understood that it was vital to use bind variables in their application from day one. Understanding Concurrency Control Concurrency control is one area where databases differentiate themselves. It is an area that sets a database apart from a file system and databases apart from each other. As a programmer, it is vital that your database application works correctly under concurrent access conditions, and yet time and time again this is something people fail to test. Techniques that work well if everything happens consecutively do not necessarily work so well when everyone does them simultaneously. If you don’t have a good grasp of how your particular database implements concurrency control mechanisms, then you will: • Corrupt the integrity of your data. • Have applications run slower than they should with a small number of users. • Decrease your applications’ ability to scale to a large number of users. Notice I don’t say, ”you might...” or “you run the risk of...” but rather that invariably you will do these things. You will do these things without even realizing it. Without correct concurrency control, you will corrupt the integrity of your database because something that works in isolation will not work as you CHAPTER 1 ■ DEVELOPING SUCCESSFUL ORACLE APPLICATIONS 22 expect in a multiuser situation. Your application will run slower than it should because you’ll end up waiting for data. Your application will lose its ability to scale because of locking and contention issues. As the queues to access a resource get longer, the wait gets longer and longer. An analogy here would be a backup at a tollbooth. If cars arrive in an orderly, predictable fashion, one after the other, there won’t ever be a backup. If many cars arrive simultaneously, queues start to form. Furthermore, the waiting time does not increase linearly with the number of cars at the booth. After a certain point, considerable additional time is spent “managing” the people who are waiting in line, as well as servicing them (the parallel in the database would be context switching). Concurrency issues are the hardest to track down; the problem is similar to debugging a multithreaded program. The program may work fine in the controlled, artificial environment of the debugger but crashes horribly in the real world. For example, under race conditions, you find that two threads can end up modifying the same data structure simultaneously. These kinds of bugs are terribly hard to track down and fix. If you only test your application in isolation and then deploy it to dozens of concurrent users, you are likely to be (painfully) exposed to an undetected concurrency issue. Over the next two sections, I’ll relate two small examples of how the lack of understanding concurrency control can ruin your data or inhibit performance and scalability. Implementing Locking The database uses locks to ensure that, at most, one transaction is modifying a given piece of data at any given time. Basically, locks are the mechanism that allows for concurrency—without some locking model to prevent concurrent updates to the same row, for example, multiuser access would not be possible in a database. However, if overused or used improperly, locks can actually inhibit concurrency. If you or the database itself locks data unnecessarily, fewer people will be able to concurrently perform operations. Thus, understanding what locking is and how it works in your database is vital if you are to develop a scalable, correct application. What is also vital is that you understand that each database implements locking differently. Some have page-level locking, others row-level; some implementations escalate locks from row level to page level, some do not; some use read locks, others don’t; some implement serializable transactions via locking and others via read-consistent views of data (no locks). These small differences can balloon into huge performance issues or downright bugs in your application if you don’t understand how they work. The following points sum up Oracle’s locking policy: • Oracle locks data at the row level on modification. There is no lock escalation to a block or table level. • Oracle never locks data just to read it. There are no locks placed on rows of data by simple reads. • A writer of data does not block a reader of data. Let me repeat: reads are not blocked by writes. This is fundamentally different from many other databases, where reads are blocked by writes. While this sounds like an extremely positive attribute (and it generally is), if you do not understand this thoroughly and you attempt to enforce integrity constraints in your application via application logic, you are most likely doing it incorrectly. • A writer of data is blocked only when another writer of data has already locked the row it was going after. A reader of data never blocks a writer of data. You must take these facts into consideration when developing your application and you must also realize that this policy is unique to Oracle; every database has subtle differences in its approach to locking. Even if you go with lowest common denominator SQL in your applications, the locking and concurrency control models employed by each vendor assure something will be different. A developer who does not understand how his or her database handles concurrency will certainly encounter data CHAPTER 1 ■ DEVELOPING SUCCESSFUL ORACLE APPLICATIONS 23 integrity issues. (This is particularly common when a developer moves from another database to Oracle, or vice versa, and neglects to take the differing concurrency mechanisms into account in the application. Preventing Lost Updates One of the side effects of Oracle’s non-blocking approach is that if you actually want to ensure that no more than one user has access to a row at once, then you, the developer, need to do a little work yourself. A developer was demonstrating to me a resource-scheduling program (for conference rooms, projectors, etc.) that he had just developed and was in the process of deploying. The application implemented a business rule to prevent the allocation of a resource to more than one person for any given period of time. That is, the application contained code that specifically checked that no other user had previously allocated the time slot (at least the developer thought it did). This code queried the SCHEDULES table and, if no rows existed that overlapped that time slot, inserted the new row. So, the developer was basically concerned with two tables: ops$tkyte%ORA11GR2> create table resources 2 ( resource_name varchar2(25) primary key, 3 other_data varchar2(25) 4 ); Table created. ops$tkyte%ORA11GR2> create table schedules 2 ( resource_name varchar2(25) references resources, 3 start_time date, 4 end_time date 5 ); Table created. And, right after inserting a room reservation into SCHEDULES, and before committing, the application would query: ops$tkyte%ORA11GR2> select count(*) 2 from schedules 3 where resource_name = :resource_name 4 and (start_time < :new_end_time) 5 AND (end_time > :new_start_time) 6 / It looked simple and bulletproof (to the developer anyway); if the count came back as one, the room was yours. If it came back greater than one, you could not reserve it for that period. Once I knew what his logic was, I set up a very simple test to show him the error that would occur when the application went live—an error that would be incredibly hard to track down and diagnose after the fact. You’d be convinced it must be a database bug. All I did was get someone else to use the terminal next to him. Both navigated to the same screen and, on the count of three, each hit the Go button and tried to reserve the same room for the exact same time. Both got the reservation. The logic, which worked perfectly in isolation, failed in a multiuser environment. The problem in this case was caused in part by Oracle’s non-blocking reads. Neither session ever blocked the other session. Both sessions simply ran the query and then performed the logic to schedule the room. They could both run the query to look for a reservation, even if the other session had already started to modify the SCHEDULES table (the change wouldn’t be visible to the other session until commit, by which time it was too late). Since they were never attempting to modify the same row in the SCHEDULES table, they would never block each other and, thus, the business rule could not enforce what it was intended to enforce. CHAPTER 1 ■ DEVELOPING SUCCESSFUL ORACLE APPLICATIONS 24 The developer needed a method of enforcing the business rule in a multiuser environment—a way to ensure that exactly one person at a time made a reservation on a given resource. In this case, the solution was to impose a little serialization of his own. In addition to performing the preceding count(*),the developer first performed the following: select * from resources where resource_name = :resource_name FOR UPDATE;;; What he did here was to lock the resource (the room) to be scheduled immediately before scheduling it, in other words before querying the SCHEDULES table for that resource. By locking the resource he is trying to schedule, the developer ensures that no one else is modifying the schedule for this resource simultaneously. Everyone must wait until the transaction commits, at which point they would be able to see the schedule. The chance of overlapping schedules is removed. Developers must understand that, in a multiuser environment, they must at times employ techniques similar to those used in multithreaded programming. The FOR UPDATE clause is working like a semaphore in this case. It serializes access to the RESOURCES tables for that particular row—ensuring no two people can schedule it simultaneously. Using the FOR UPDATE approach is still highly concurrent as there are potentially thousands of resources to be reserved. What we have done is ensure that only one person modifies a resource at any time. This is a rare case where the manual locking of data we are not going to actually update is called for. You need to be able to recognize where you must manually lock and, perhaps as importantly, when not to (I’ll get to an example of this in a bit). Furthermore, the FOR UPDATE clause does not lock the resource from other people reading the data as it might in other databases. Hence the approach will scale very well. Issues such as the ones I’ve described in this section have massive implications when you’re attempting to port an application from database to database (I return to this theme a little later in the chapter), and this trips people up time and time again. For example, if you are experienced in other databases where writers block readers and vice versa, you may have grown reliant on that fact to protect you from data integrity issues. The lack of concurrency is one way to protect yourself from this—that’s how it works in many non-Oracle databases. In Oracle, concurrency rules supreme and you must be aware that, as a result, things will happen differently (or suffer the consequences). I have been in design sessions where the developers, even after being shown this sort of example, scoffed at the idea they would have to actually understand how it all works. Their response was “We just check the ‘transactional’ box in our Hibernate application and it takes care of all transactional things for us; we don’t have to know this stuff.” I said to them, “So Hibernate will generate different code for SQL Server and DB2 and Oracle, entirely different code, different amounts of SQL statements, different logic?” They said no, but it will be transactional. This misses the point. Transactional in this context simply means that you support commit and rollback, not that your code is transactionally consistent (read that as “not that your code is correct"). Regardless of the tool or framework you are using to access the database, knowledge of concurrency controls is vital if you want to not corrupt your data. Ninety-nine percent of the time, locking is totally transparent and you need not concern yourself with it. It’s that other one percent you must be trained to recognize. There is no simple checklist of “if you do this, you need to do this” for this issue. Successful concurrency control is a matter of understanding how your application will behave in a multiuser environment and how it will behave in your database. When we get to the chapters on locking and concurrency control, we’ll delve into this topic in much more depth. There you’ll learn that integrity constraint enforcement of the type presented in this section, where you must enforce a rule that crosses multiple rows in a single table or is between two or more tables (like a referential integrity constraint), are cases where you must always pay special attention and will most likely have to resort to manual locking or some other technique to ensure integrity in a multiuser environment. CHAPTER 1 ■ DEVELOPING SUCCESSFUL ORACLE APPLICATIONS 25 Multi-versioning This is a topic very closely related to concurrency control as it forms the foundation for Oracle’s concurrency control mechanism. Oracle operates a multi-version, read-consistent concurrency model. In Chapter 7 “Concurrency and Multi-versioning,” we’ll cover the technical aspects in more detail but, essentially, it is the mechanism by which Oracle provides for: • Read-consistent queries: Queries that produce consistent results with respect to a point in time. • Non-blocking queries: Queries are never blocked by writers of data, as they are in other databases. These are two very important concepts in the Oracle database. The term multi-versioning basically describes Oracle’s ability to simultaneously maintain multiple versions of the data in the database (since version 3.0 in 1983!). The term read-consistency reflects the fact that a query in Oracle will return results as of a consistent point in time: Every block used by a query will be as of the same exact point in time— even if it was modified or locked while you performed your query. If you understand how multi- versioning and read consistency work together, you will always understand the answers you get from the database. Before we explore in a little more detail how Oracle does this, here is the simplest way I know to demonstrate multi-versioning in Oracle: ops$tkyte%ORA11GR2> create table t 2 as 3 select * 4 from all_users 5 / Table created. ops$tkyte%ORA11GR2> set autoprint off ops$tkyte%ORA11GR2> variable x refcursor; ops$tkyte%ORA11GR2> begin 2 open :x for select * from t; 3 end; 4 / PL/SQL procedure successfully completed. ops$tkyte%ORA11GR2> declare 2 pragma autonomous_transaction; 3 -- you could do this in another 4 -- sqlplus session as well, the 5 -- effect would be identical 6 begin 7 delete from t; 8 commit; 9 end; 10 / PL/SQL procedure successfully completed. ops$tkyte%ORA11GR2> print x CHAPTER 1 ■ DEVELOPING SUCCESSFUL ORACLE APPLICATIONS 26 USERNAME USER_ID CREATED ------------------------------ ---------- ------------------- B 102 07-oct-2009 08:26am A 101 07-oct-2009 08:26am OPS$TKYTE 191 09-dec-2009 01:20pm … OUTLN 9 13-aug-2009 11:01pm SYSTEM 5 13-aug-2009 11:00pm SYS 0 13-aug-2009 11:00pm 40 rows selected. In this example, we created a test table, T, and loaded it with some data from the ALL_USERS table. We opened a cursor on that table. We fetched no data from that cursor: we just opened it and have kept it open. ■ Note Bear in mind that Oracle does not “answer” the query. It does not copy the data anywhere when you open a cursor—imagine how long it would take to open a cursor on a one-billion row table if it did. The cursor opens instantly and it answers the query as it goes along. In other words, the cursor just reads data from the table as you fetch from it. In the same session (or maybe another session would do this; it would work as well), we proceed to delete all data from the table. We even go as far as to COMMIT work on that delete action. The rows are gone—but are they? In fact, they are retrievable via the cursor. The fact is that the resultset returned to us by the OPEN command was preordained at the point in time we opened it. We had touched not a single block of data in that table during the open, but the answer was already fixed in stone. We have no way of knowing what the answer will be until we fetch the data; however, the result is immutable from our cursor’s perspective. It is not that Oracle copied all of the data above to some other location when we opened the cursor; it was actually the DELETE command that preserved our data for us by placing it into a data area called an undo or rollback segment. Flashback In the past, Oracle always decided the point in time at which our queries would be consistent. That is, Oracle made it such that any resultset we opened would be current with respect to one of two points in time: • The point in time the query was opened. This is the default behavior in READ COMMITTED isolation (we’ll be covering the differences between READ COMMITTED, READ ONLY, and SERIALIZABLE transaction levels in Chapter 7 “Concurrency and Multi-versioning”). • The point in time the transaction that the query is part of began. This is the default behavior in READ ONLY and SERIALIZABLE transaction levels. Starting with Oracle 9i’s flashback query feature, however, we can tell Oracle to execute a query “as of” (with certain reasonable limitations on the length of time you can go back into the past, of course). With this, you can “see” read consistency and multi-versioning even more directly. CHAPTER 1 ■ DEVELOPING SUCCESSFUL ORACLE APPLICATIONS 27 ■ Note The flashback data archive, used for long-term flashback queries (months or years into the past) and available with Oracle 11g Release 1 and above, does not use read consistency and multi-versioning to produce the version of data that was in the database at some prior point in time. Instead, it uses before-image copies of records it has placed into the archive. We’ll come back to the flashback data archive in a later chapter. Consider the following example. We start by getting an SCN (System Change or System Commit number; the terms are interchangeable). This SCN is Oracle’s internal clock: every time a commit occurs, this clock ticks upward (increments). We could use a date or timestamp as well, but here the SCN is readily available and very precise: scott%ORA11GR2> variable scn number scott%ORA11GR2> exec :scn := dbms_flashback.get_system_change_number; PL/SQL procedure successfully completed. scott%ORA11GR2> print scn SCN ---------- 6294346 ■ Note The DBMS_FLASHBACK package might have restricted access on your system. I granted execute on this package to SCOTT in my database; you may have to do the same. We got the SCN so we can tell Oracle the point in time we’d like to query “as of.” We want to be able to query Oracle later and see what was in this table at this precise moment in time. First, let’s see what is in the EMP table right now: scott%ORA11GR2> select count(*) from emp; COUNT(*) ---------- 14 Now let’s delete all of this information and verify that it’s “gone”: scott%ORA11GR2> delete from emp; 14 rows deleted. scott%ORA11GR2> select count(*) from emp; COUNT(*) ---------- 0 CHAPTER 1 ■ DEVELOPING SUCCESSFUL ORACLE APPLICATIONS 28 However, using the flashback query, either the AS OF SCN or AS OF TIMESTAMP clause, we can ask Oracle to reveal to us what was in the table as of that point in time: scott%ORA11GR2> select count(*), 2 :scn then_scn, 3 dbms_flashback.get_system_change_number now_scn 4 from emp as of scn :scn; COUNT(*) THEN_SCN NOW_SCN ---------- ---------- ---------- 14 6294536 6294537 Further, this capability works across transactional boundaries. We can even query the same object “as of two points in time” in the same query! That opens some interesting opportunities indeed: scott%ORA11GR2> commit; Commit complete. scott%ORA11GR2> select cnt_now, cnt_then, 2 :scn then_scn, 3 dbms_flashback.get_system_change_number now_scn 4 from (select count(*) cnt_now from emp), 5 (select count(*) cnt_then from emp as of scn :scn) 6 / CNT_NOW CNT_THEN THEN_SCN NOW_SCN ---------- ---------- ---------- ---------- 0 14 6294536 6294539 Finally, if you are using Oracle10g and above, you have a command called “flashback” that uses this underlying multi-versioning technology to allow you to return objects to the state they were at some prior point in time. In this case, we can put EMP back the way it was before we deleted all of the information: scott%ORA11GR2> flashback table emp to scn :scn; Flashback complete. scott%ORA11GR2> select cnt_now, cnt_then, 2 :scn then_scn, 3 dbms_flashback.get_system_change_number now_scn 4 from (select count(*) cnt_now from emp), 5 (select count(*) cnt_then from emp as of scn :scn) 6 / CNT_NOW CNT_THEN THEN_SCN NOW_SCN ---------- ---------- ---------- ---------- 14 14 6294536 6294552 This is what read consistency and multi-versioning are all about. If you don’t understand how Oracle’s multi-versioning scheme works and what it implies, you won’t be able to take full advantage of Oracle or write correct applications in Oracle (ones that will ensure data integrity). CHAPTER 1 ■ DEVELOPING SUCCESSFUL ORACLE APPLICATIONS 29 Read Consistency and Non-Blocking Reads Let’s look at the implications of multi-versioning: read-consistent queries and non-blocking reads. If you are not familiar with multi-versioning, what you see in the following code might be surprising. For the sake of simplicity, assume the table we are reading stores one row per database block (the smallest unit of storage in the database), and that we are full-scanning the table in this example. The table we will query is a simple ACCOUNTS table. It holds balances in accounts for a bank. It has a very simple structure: create table accounts ( account_number number primary key, account_balance number ); In reality the ACCOUNTS table would have hundreds of thousands of rows in it, but for simplicity we’re just going to consider a table with four rows, as shown in Table 1-1. (We will visit this example in more detail in Chapter 7 “Concurrency and Multi-versioning.”) Table 1-1. Accounts Table Contents Row Account Number Account Balance 1 123 $500.00 2 234 $250.00 3 345 $400.00 4 456 $100.00 We would like to run an end-of-day report that tells us how much money is in the bank. That’s an extremely simple query: select sum(account_balance) from accounts; And, of course, in this example the answer is obvious: $1250. However, what happens if we read row 1, and while we’re reading rows 2 and 3, an automated teller machine (ATM) generates transactions against this table and moves $400 from account 123 to account 456? Our query counts $500 in row 4 and comes up with the answer of $1650, doesn’t it? Well, of course, this is to be avoided, as it would be an error—at no time did this sum of money exist in the account balance column. Read consistency is the way Oracle avoids such occurrences. Oracle’s methods differ from those of most other databases, and you need to understand how. In many other databases, if you wanted to get a “consistent” and “correct” answer to this query, you’d either have to lock the whole table while the sum was calculated or you’d have to lock the rows as you read them. This prevents people from changing the answer as you are getting it. If you lock the table up front, you get the answer that was in the database at the time the query began. If you lock the data as you read it (commonly referred to as a shared read lock, which prevents updates but not other readers from accessing the data), you get the answer that was in the database at the point the query finished. Both of these methods inhibit concurrency a great deal. The table lock prevents any updates from taking place against the entire table for the duration of your query (for a table of four rows, this would only be a very short period, but for tables with hundreds of thousands of rows, it could be several minutes). The CHAPTER 1 ■ DEVELOPING SUCCESSFUL ORACLE APPLICATIONS 30 “lock as you go” method prevents updates on data you have read and already processed and could actually cause deadlocks between your query and other updates. Now, I said earlier that you wouldn’t be able to take full advantage of Oracle if you didn’t understand the concept of multi-versioning. Here is one reason why that is true. Oracle uses multi- versioning to get the answer, as it existed at the point in time the query began, and the query will take place without locking a single thing (while our account transfer transaction updates rows 1 and 4, these rows will be locked to other writers, but not locked to other readers, such as our SELECT SUM...query). In fact, Oracle doesn’t have a “shared read” lock (a type of lock common in other databases)—it doesn’t need it. Everything inhibiting concurrency that can be removed has been removed. I have seen actual cases where a report written by a developer who did not understand Oracle’s multi-versioning capabilities would lock an entire system up as tight as could be. The reason: the developer wanted to have read-consistent (i.e., correct) results from his queries. In every other database the developer had worked with, this required locking the tables, or using a SELECT … WITH HOLDLOCK (a SQL Server mechanism for locking rows in a shared mode as you go along). So the developer would either lock the tables prior to running the report or use SELECT …. FOR UPDATE (the closest he could find to WITH HOLDLOCK). This would cause the system to basically stop processing transactions—needlessly. So, how does Oracle get the correct, consistent answer ($1250) during a read without locking any data—in other words, without decreasing concurrency? The secret lies in the transactional mechanisms that Oracle uses. Whenever you modify data, Oracle creates entries in two different locations (most other databases would put both entries in the same location; for them undo and redo are just “transaction data”). One entry goes to the redo logs where Oracle stores enough information to redo or “roll forward” the transaction. For an insert, this would be the row inserted. For a delete, it is a message to delete the row in file X, block Y, row slot Z. And so on. The other entry is an undo entry, written to an undo segment. If your transaction fails and needs to be undone, Oracle will read the “before” image from the undo segment and restore the data. In addition to using this undo segment data to undo transactions, Oracle uses it to undo changes to blocks as it is reading them —to restore the block to the point in time your query began. This gives you the ability to read right through a lock and to get consistent, correct answers without locking any data yourself. So, as far as our example is concerned, Oracle arrives at its answer as shown in Table 1-2. Table 1-2. Multi-versioning in Action Time Query Account Transfer Transaction T1 Reads row 1; balance = $500; sum = $500 so far. T2 Updates row 1; puts an exclusive lock on row 1, preventing other updates (but not reads). Row 1 now has $100. T3 Reads row 2; balance = $250; sum = $750 so far. T4 Reads row 3 balance = $400; sum = $1150 so far. T5 Updates row 4; puts an exclusive lock on block 4, preventing other updates (but not reads). Row 4 now has $500. CHAPTER 1 ■ DEVELOPING SUCCESSFUL ORACLE APPLICATIONS 31 Time Query Account Transfer Transaction T6 Reads row 4; discovers that row 4 has been modified. It will actually roll back the block to make it appear as it did at time = T1. The query will read the value $100 from this block. T7 Commits transaction. T8 Presents $1250 as the answer. At time T6, Oracle is effectively “reading through” the lock that our transaction placed on row 4. This is how non-blocking reads are implemented: Oracle only looks to see if the data changed; it doesn’t care if the data is currently locked (which implies that the data may have changed). Oracle simply retrieves the old value from the undo segment and proceeds to the next block of data. This is another clear demonstration of multi-versioning. Multiple versions of the same piece of information, all at different points in time, are available in the database. Oracle is able to use these snapshots of data at different points in time to provide us with read-consistent queries and non- blocking reads. This read-consistent view of data is always performed at the SQL statement level. The results of any single SQL statement are consistent with respect to the point in time they began. This quality is what makes a statement like the following insert a predictable set of data: for x in (select * from t) loop insert into t values (x.username, x.user_id, x.created); end loop; The result of the SELECT * FROM T is preordained when the query begins execution. The SELECT will not see any of the new data generated by the INSERT. Imagine if it did—this statement might be a never- ending loop. If, as the INSERT generated more rows in T, the SELECT could “see” those newly inserted rows, the preceding code would create some unknown number of rows. If the table T started out with 10 rows, we might end up with 20, 21, 23, or an infinite number of rows in T when we finished. It would be totally unpredictable. This consistent read is provided to all statements so that an INSERT such as the following is predictable as well: insert into t select * from t; The INSERT statement will be provided a read-consistent view of T. It will not see the rows that it just inserted; rather, it will only insert the rows that existed at the time the SELECT began. Some databases won’t even permit recursive statements such as the preceding because they can’t tell how many rows might actually be inserted. So, if you are used to the way other databases work with respect to query consistency and concurrency, or you never had to grapple with such concepts (i.e., you have no real database experience), you can now see how understanding how this works will be important to you. In order to maximize Oracle’s potential, and to implement correct code, you need to understand these issues as they pertain to Oracle—not how they are implemented in other databases. CHAPTER 1 ■ DEVELOPING SUCCESSFUL ORACLE APPLICATIONS 32 Database Independence? By now, you might be able to see where I’m going in this section. I have made references above to other databases and how features are implemented differently in each. With the exception of some read-only applications, it is my contention that building a wholly database-independent application that is highly scalable is extremely hard—it is, in fact, quite impossible unless you know exactly how each database works in great detail. And, if you knew how each database worked in great detail, you’d understand that database independence is not something you really want to achieve (a very circular argument!). To illustrate, let’s revisit our initial resource scheduler example (prior to adding the FOR UPDATE clause). Let’s say this application had been developed on a database with an entirely different locking/concurrency model from that of Oracle. What I’ll show here is that if you migrate your application from one database to another, you’ll have to verify that it still works correctly in these different environments and substantially change it as you do! Let’s assume that we had deployed the initial resource scheduler application in a database that employed blocking reads (reads are blocked by writes). Also consider that the business rule was implemented via a database trigger (after the INSERT had occurred but before the transaction committed, we would verify that only our row existed in the table for that time slot). In a blocking read system, due to this newly inserted data, it would be true that insertions into this table would serialize. The first person would insert her request for “room A” from 2:00 pm to 3:00 pm on Friday and then run a query looking for overlaps. The next person would try to insert an overlapping request and, upon looking for overlaps, would become blocked (waiting for the newly inserted data to become available for reading). In that blocking read database, our application would be apparently well-behaved, though it could just as easily deadlock (a concept covered in the chapter on locking) if we both inserted our rows and then attempted to read each other’s data. Our checks on overlapping resource allocations would have happened one after the other, never concurrently. If we migrated this application to Oracle and simply assumed it would behave in the same way, we would be in for a shock. On Oracle, which does row-level locking and supplies non-blocking reads, it appears to be ill-behaved. As we saw previously, we had to use the FOR UPDATE clause to serialize access. Without this clause, two users could schedule the same resource for the same times. This is a direct consequence of not understanding how the database we have works in a multiuser environment. I have encountered issues such as this many times when an application is being moved from database A to database B. When an application that worked flawlessly in database A does not work or works in an apparently bizarre fashion on database B, the first thought is that database B is a “bad database.” The simple truth is that database B just works differently. Neither database is wrong or bad; they are just different. Knowing and understanding how they work will help you immensely in dealing with these issues. Taking an application from Oracle to SQL Server exposes SQL Server’s blocking reads and deadlock issues—it goes both ways. For example, I was asked to help convert some Transact SQL (the stored procedure language for SQL Server) into PL/SQL. The developer doing the conversion was complaining that the SQL queries in Oracle returned the “wrong” answer. The queries looked like this: declare l_some_variable varchar2(25); begin if ( some_condition ) then l_some_variable := f( … ); end if; for x in ( select * from T where x = l_some_variable ) loop ... CHAPTER 1 ■ DEVELOPING SUCCESSFUL ORACLE APPLICATIONS 33 The goal here was to find all of the rows in T where x was NULL if some condition was not met or where x equaled a specific value if some condition was met. The complaint was that, in Oracle, this query would return no data when L_SOME_VARIABLE was not set to a specific value (when it was left as NULL). In Sybase or SQL Server, this was not the case—the query would find the rows where x was set to a NULL value. I see this on almost every conversion from Sybase or SQL Server to Oracle. SQL is supposed to operate under tri-valued logic and Oracle implements NULL comparisons the way ANSI SQL requires them to be implemented. Under those rules, comparing x to a Null is neither true nor false—it is, in fact, unknown. The following snippet shows what I mean: ops$tkyte@ORA10G> select * from dual where null=null; no rows selected ops$tkyte@ORA10G> select * from dual where null <> null; no rows selected ops$tkyte@ORA10G> select * from dual where null is null; D - X This can be confusing the first time you see it. It proves that, in Oracle, NULL is neither equal to nor not equal to NULL. SQL Server, by default, does not do it that way: in SQL Server and Sybase, NULL is equal to NULL (by default; in current releases of SQL Server, the default behavior may be modified to reflect the ANSI standard). None of the databases’ processing is wrong—it is just different. And all of the databases are, in fact, ANSI compliant (ANSI compliance does not mean you support 100% of the standard, not by a long shot), but they still work differently. There are ambiguities, backward compatibility issues, and so on, to be overcome. For example, SQL Server supports the ANSI method of NULL comparison, just not by default (it would break thousands of existing legacy applications built on that database). In this case, one solution to the problem is to write the query like this instead: select * from t where ( x = l_some_variable OR (x is null and l_some_variable is NULL )) However, this leads to another problem. In SQL Server, this query would use an index on x. This might not be the case in Oracle since a B*Tree index (more on indexing techniques in the chapter on indexes) will not index an entirely NULL entry. Hence, if you need to find NULL values, B*Tree indexes are not always useful. ■ Note As long as at least one column of an Oracle B*Tree index is defined as NOT NULL, all rows in the table will, in fact, appear in the index and the predicate where x is null can and will use an index to retrieve the rows. What we did in this case, in order to minimize impact on the code, was to assign x some value that it could never in reality assume. Here, x, by definition, was a positive number – so we chose the number –1. Thus, the query became: select * from t where nvl(x,-1) = nvl(l_some_variable,-1) CHAPTER 1 ■ DEVELOPING SUCCESSFUL ORACLE APPLICATIONS 34 And we created a function-based index: create index t_idx on t( nvl(x,-1) ); With minimal change, we achieved the same end result. The important points to recognize from this example are that: • Databases are different. Experience with one will, in part, carry over to another but you must be ready for some fundamental differences as well as some very minor differences. • Minor differences (such as treatment of NULLs) can have as big an impact as fundamental differences (such as concurrency control mechanisms). • Being aware of the database, how it works, and how its features are implemented is the only way to overcome these issues. Developers frequently ask me (usually more than once a day) how to do something specific in the database, such as, “How do I create a temporary table in a stored procedure?” I don’t answer such questions directly. Instead, I respond with a question: “Why do you want to do that?” Many times, the answer that comes back is “In SQL Server we created temporary tables in our stored procedures and we need to do this in Oracle.” That’s what I expected to hear. My response, then, is easy: “You don’t want to create temporary tables in a stored procedure in Oracle—you only think you do.” That would, in fact, be a very bad thing to do in Oracle. If you created the tables in a stored procedure in Oracle you would find that: • Doing DDL is a scalability inhibitor. • Doing DDL constantly is not fast. • Doing DDL commits your transaction. • You would have to use Dynamic SQL in all of your stored procedures in order to access this table—no static SQL. • Dynamic SQL in PL/SQL is not as fast or as optimized as static SQL. The bottom line is that you don’t want to do it exactly as you did it in SQL Server (if you even need the temporary table in Oracle at all). You want to do things as they are best done in Oracle. Just as if you were going the other way from Oracle to SQL Server, you would not want to create a single table for all users to share for temporary data (that is how Oracle does it). That would limit scalability and concurrency in those other databases. All databases are not created equal; they are all very different. This is not to say that you can’t use temporary tables in Oracle. You can, you probably will. It is just that you will use them differently in Oracle than you did in SQL Server (and vice versa). The Impact of Standards If all databases are SQL99-compliant, then they must be the same. At least that’s often the assumption. In this section, I’d like to dispel that myth. SQL99 is an ANSI/ISO standard for databases. It was the successor to the SQL92 ANSI/ISO standard, which in turn superseded the SQL89 ANSI/ISO standard. It has now been superseded itself by the SQL2003 and SQL2008 standards updates. The standard defines a language (SQL) and behavior (transactions, isolation levels, and so on) that tell you how a database will behave. Did you know that many commercially available databases are SQL99-compliant to at least some degree? Did you also know that it means very little as far as query and application portability goes? CHAPTER 1 ■ DEVELOPING SUCCESSFUL ORACLE APPLICATIONS 35 Starting with the SQL92 standard, the standards have four levels: • Entry-level: This is the level to which most vendors have complied. It is a minor enhancement of the predecessor standard, SQL89. No database vendors have been certified higher and, in fact, the National Institute of Standards and Technology (NIST), the agency that used to certify for SQL-compliance, does not even certify anymore. I was part of the team that got Oracle 7.0 NIST-certified for SQL92 entry- level compliance in 1993. An entry level-compliant database has a feature set that is a subset of Oracle 7.0’s capabilities. • Transitional: This level is approximately halfway between entry level and intermediate level as far as a feature set goes. • Intermediate: This level adds many features including (this is not by any means an exhaustive list) • Dynamic SQL • Cascade DELETE for referential integrity • DATE and TIME data types • Domains • Variable length character strings • A CASE expression • CAST functions between data types • Full: Adds provisions for (again, this list is not exhaustive) • Connection management • A BIT string data type • Deferrable integrity constraints • Derived tables in the FROM clause • Subqueries in CHECK clauses • Temporary tables The entry-level standard does not include features such as outer joins, the new inner join syntax, and so on. Transitional does specify outer join syntax and inner join syntax. Intermediate adds more, and Full is, of course all of SQL92. Most books on SQL92 do not differentiate between the various levels, which leads to confusion on the subject. They demonstrate what a theoretical database implementing SQL92 full would look like. It makes it impossible to pick up a SQL92 book, and apply what you see in the book to just any SQL92 database. The bottom line is that SQL92 will not go very far at the entry level and, if you use any of the features of intermediate or higher, you risk not being able to port your application. SQL99 defines only two levels of conformance: Core and Enhanced. It attempted to go far beyond traditional SQL and introduced object relational constructs (arrays, collections, etc.). It covered a SQL MM (multi-media) type, object-relational types, and so on. No vendors are certifying databases to be SQL99 Core or Enhanced “compliant” and, in fact, I know of no vendor who is even claiming his product is fully compliant with either level of conformance. You should not be afraid to make use of vendor-specific features—after all, you are paying a lot of money for them. Every database has its own bag of tricks, and you can always find a way to perform a given operation in each database. Use what is best for your current database, and re-implement components as you go to other databases. Use good programming techniques to isolate yourself from CHAPTER 1 ■ DEVELOPING SUCCESSFUL ORACLE APPLICATIONS 36 these changes. The same techniques are employed by people writing OS-portable applications—such as the Oracle kernel developers. Make Sure You Can Adapt The goal is to fully use the facilities available to you, but ensure you can change the implementation on a case-by-case basis. As an analogy, Oracle is a portable application. It runs on many operating systems. On Windows, however, it runs the Windows way: using threads and other Windows-specific facilities. On UNIX, in contrast, Oracle runs as a multi-process server, using individual processes to do what threads do on Windows—that’s the UNIX way. The “core Oracle” functionality is available on both platforms but it is implemented in very different ways under the covers. Your database applications that must function on multiple databases will be the same. For example, a common function of many database applications is the generation of a unique key for each row. When you insert the row, the system should automatically generate a key for you. Oracle has implemented the database object called a SEQUENCE for this, SYS_GUID()is another function that provides for unique keys as well. Informix has a SERIAL data type. Sybase and SQL Server have an IDENTITY type. Each database has a way to do this. However, the methods are different, both in how you do it, and the possible outcomes. So, to the knowledgeable developer, there are two paths that can be pursued: • Develop a totally database-independent method of generating a unique key. • Accommodate the different implementations and use different techniques when implementing keys in each database. The theoretical advantage of the first approach is that to move from database to database you need not change anything. I call it a “theoretical” advantage because the downside of this implementation is so huge that it makes this solution totally infeasible. What you’d have to do to develop a totally database- independent process is to create a table such as ops$tkyte%ORA11GR2> create table id_table 2 ( id_name varchar2(30) primary key, 3 id_value number ); Table created. ops$tkyte%ORA11GR2> insert into id_table values ( 'MY_KEY', 0 ); 1 row created. ops$tkyte%ORA11GR2> commit; Commit complete. Then, in order to get a new key, you’d have to execute the following code: ops$tkyte%ORA11GR2> update id_table 2 set id_value = id_value+1 3 where id_name = 'MY_KEY'; 1 row updated. ops$tkyte%ORA11GR2> select id_value 2 from id_table 3 where id_name = 'MY_KEY'; ID_VALUE ---------- 1 CHAPTER 1 ■ DEVELOPING SUCCESSFUL ORACLE APPLICATIONS 37 Looks simple enough, but the outcomes (notice plural) are as follows: • Only one user at a time may process a transaction row. You need to update that row to increment a counter, and this will cause your program to serialize on that operation. At best, one person at a time will generate a new value for this key. • In Oracle (and the behavior might be different in other databases), all but the first user to attempt to concurrently perform this operation would receive the error “ORA-08177: can't serialize access for this transaction” in the SERIALIZABLE isolation level. For example, using a serializable transaction (which is more common in the J2EE environment, where many tools automatically use this as the default mode of isolation, often unbeknownst to the developers), you would observe the following behavior. Notice that the SQL prompt contains information about which session is active in this example: OPS$TKYTE session(261,2586)> set transaction isolation level serializable; Transaction set. OPS$TKYTE session(261,2586)> update id_table 2 set id_value = id_value+1 3 where id_name = 'MY_KEY'; 1 row updated. OPS$TKYTE session(261,2586)> select id_value 2 from id_table 3 where id_name = 'MY_KEY'; ID_VALUE ---------- 2 Now, we’ll go to another SQL*Plus session and perform the same operation, a concurrent request for a unique id: OPS$TKYTE session(271,1231)> set transaction isolation level serializable; Transaction set. OPS$TKYTE session(271,1231)> update id_table 2 set id_value = id_value+1 3 where id_name = 'MY_KEY'; This will block at this point, as only one transaction at a time can update the row. This demonstrates the first possible outcome—we would block and wait for the row. But since we’re using SERIALIZABLE in Oracle, we’ll observe the following behavior as we commit the first session’s transaction: OPS$TKYTE session(261,2586)> commit; Commit complete. The second session will immediately display the following error: OPS$TKYTE session(271,1231)> update id_table 2 set id_value = id_value+1 3 where id_name = 'MY_KEY'; CHAPTER 1 ■ DEVELOPING SUCCESSFUL ORACLE APPLICATIONS 38 update id_table * ERROR at line 1: ORA-08177: can't serialize access for this transaction That error would occur regardless of the ordering of the commit statement above. All it takes is for your transaction to attempt to modify any record that was modified by some other session since your transaction began. So, that database-independent piece of logic really isn’t database independent at all. It may not even perform reliably in a single database, depending on the isolation level! Sometimes we block and wait; sometimes we get an error message. To say the end user would be upset in either case (wait long time, or wait long time to get error) is putting it mildly. This issue is compounded by the fact that our transaction is much larger than just outlined. The UPDATE and SELECT in the example are only two statements of potentially many other statements that make up the transaction. We have yet to insert the row into the table with this key we just generated, and do whatever other work it takes to complete this transaction. This serialization will be a huge limiting factor in scaling. Think of the ramifications if this technique was used on web sites that processed orders, and this was how we generated order numbers. There would be no multiuser concurrency, so we would be forced to do everything sequentially. The correct approach to this problem is to use the best code for each database. In Oracle this would be (assuming the table that needs the generated primary key is T): ops$tkyte%ORA11GR2> create table t 2 ( pk number primary key, 3 other_data varchar2(20) 4 ) 5 / Table created. ops$tkyte%ORA11GR2> create sequence t_seq; Sequence created. ops$tkyte%ORA11GR2> create trigger t before insert on t 2 for each row 3 begin 4 :new.pk := t_seq.nextval; 5 end; 6 / Trigger created. ■ Note In releases before Oracle 11g, you will have to use SELECT T_SEQ.NEXTVAL INTO :NEW.PK FROM DUAL; in place of the assignment; direct assignment of a sequence in PL/SQL is a new 11g feature. This will have the effect of automatically—and transparently—assigning a unique key to each row inserted. A more performance-driven approach would be simply Insert into t ( pk, …. ) values ( t_seq.NEXTVAL, …. ); CHAPTER 1 ■ DEVELOPING SUCCESSFUL ORACLE APPLICATIONS 39 That is, skip the overhead of the trigger altogether (this is definitely my preferred approach). You can achieve the same effect in the other databases using their types. The CREATE TABLE syntax will be different but the net results will be the same. Here, we’ve gone out of our way to use each database’s feature to generate a non-blocking, highly concurrent unique key, and have introduced no real changes to the application code—all of the logic is contained in this case in the DDL. Layered Programming Once you understand that each database will implement features in a different way, another example of defensive programming to allow for portability is to layer your access to the database when necessary. Let’s say you are programming using JDBC. If all you use is straight SQL SELECTs, INSERTs, UPDATEs, and DELETEs, you probably don’t need a layer of abstraction. You may very well be able to code the SQL directly in your application, as long as you limit the constructs you use to those supported by each of the databases you intend to support—and that you have verified work exactly the same (remember the NULL= NULL discussion!). This means you’ll have poorly performing SQL, though—and you’ll apparently have in your head more knowledge about more databases than most anyone I know of (after all, that’s the only way to know if something has a chance of working the same on all databases!). Another approach that is both more portable and offers better performance, would be to use stored procedures to return resultsets. You will discover that every vendor’s database can return resultsets from stored procedures, but how they are returned is different. The actual source code you must write is different for different databases. Your two choices here are to either not use stored procedures to return resultsets, or to implement different code for different databases. I would definitely follow the different code for different vendors method and use stored procedures heavily. This might seem as if it would increase the time it takes to implement on a different database. However, you’ll find it is actually easier to implement on multiple databases with this approach. Instead of having to find the perfect SQL that works on all databases (perhaps better on some than on others), you will implement the SQL that works best on that database. You can do this outside of the application itself, which gives you more flexibility in tuning the application. You can fix a poorly performing query in the database, and deploy that fix immediately, without having to patch the application. Additionally, you can take advantage of vendor extensions to SQL using this method freely. For example, Oracle supports a wide variety of SQL extensions, such as analytic functions, the SQL model clause, and more. In Oracle, you are free to use these extensions to SQL since they are “outside” of the application (i.e., hidden in the database). In other databases, you would use whatever features they provide to achieve the same results, perhaps. You paid for these features so you might as well use them. Another argument for this approach—developing specialized code for the database you will deploy on—is that finding a single developer (let alone a team of developers) who is savvy enough to understand the nuances of the differences between Oracle, SQL Server, and DB2 (let’s limit the discussion to three databases in this case) is virtually impossible. I’ve worked mostly with Oracle for the last sixteen years (mostly, not exclusively). I learn something new about Oracle every single day I use it. To suggest that I could be expert in three databases simultaneously and understand what the differences between all three are and how those differences will affect the “generic code” layer I’d have to build is highly questionable. I doubt I would be able to do that accurately or efficiently. Also, consider that we are talking about individuals here; how many developers actually fully understand or use the database they currently have, let alone three of them? Searching for the unique individual who can develop bulletproof, scalable, database-independent routines is like searching for the holy grail. Building a team of developers that can do this is impossible. Finding an Oracle expert, a DB2 expert, and a SQL Server expert and telling them “We need a transaction to do X, Y and Z”—that’s relatively easy. They are told, “Here are your inputs, these are the outputs we need, and this is what this business process entails,” and from this they can produce transactional APIs (stored procedures) that fit the bill. Each will be implemented in the manner best for that particular database, according to that database’s unique set of capabilities. These developers are free to use the full power (or lack thereof, as the case may be) of the underlying database platform. CHAPTER 1 ■ DEVELOPING SUCCESSFUL ORACLE APPLICATIONS 40 These are the same techniques developers who implement multi-platform code use. Oracle Corporation, for example, uses this technique in the development of its own database. There is a large amount of code (though a small percentage of the database code overall) called OSD (Operating System Dependent) code that is implemented specifically for each platform. Using this layer of abstraction, Oracle is able to make use of many native OS features for performance and integration, without having to rewrite the majority of the database itself. The fact that Oracle can run as a multi-threaded application on Windows and a multi-process application on UNIX attests to this feature. The mechanisms for inter- process communication are abstracted to such a level that they can be re-implemented on an OS-by-OS basis, allowing for radically different implementations that perform as well as an application written directly, and specifically, for that platform. In addition to SQL syntactic differences, implementation differences, and differences in performance of the same query in different databases outlined above, there are the issues of concurrency controls, isolation levels, query consistency, and so on. We cover these items in some detail in Chapter 7 “Concurrency and Multi-versioning” in this book, and you’ll see how their differences may affect you. SQL92/SQL99 attempted to provide a straightforward definition of how a transaction should work and how isolation levels should be implemented, but in the end, you’ll get different results from different databases. It is all due to the implementation. In one database an application will deadlock and block all over the place. In another database, the same exact application will run smoothly. In one database, the fact that you did block (physically serialize) was used to your advantage but when you deploy on another database and it does not block, you get the wrong answer. Picking an application up and dropping it on another database takes a lot of hard work and effort, even if you followed the standard 100 percent. Features and Functions A natural extension of the argument that you shouldn’t necessarily strive for database independence is the idea that you should understand exactly what your specific database has to offer and make full use of it. This is not a section on all of the features that Oracle 11g has to offer—that would be an extremely large book in itself. The new features of Oracle 9i, 10g, and 11g themselves fill a book in the Oracle documentation set. With over 10,000 pages of documentation provided by Oracle, covering every feature and function would be quite an undertaking. Rather, this section explores the benefits of gaining at least a cursory knowledge of what is provided. As I’ve said before, I answer questions about Oracle on the Web. I’d say that 80 percent of my answers are simply URLs to the documentation (for every question you see that I’ve published—many of which are pointers into the documentation—there are two more questions I choose not to publish, almost all of which are “read this” answers). People ask how they might go about writing some complex piece of functionality in the database (or outside of it), and I just point them to the place in the documentation that tells them how Oracle has already implemented the feature they need and how to use it. Replication comes up frequently. Here’s a typical example of what I am asked: Is there a view that will show the literal SQL run? What I mean is that when I select from V$SQL, the SQL_TEXT looks like: INSERT INTO TABLE1 (COL1,COL2) VALUES (:1,:2). I need to see the actual data submitted. e.g. INSERT INTO TABLE1 (COL1,COL2) VALUES ('FirstVal',12) . What I am trying to get is a list of insert, update or delete statements run against one schema and run those same SQL statements against a second schema in the same order of execution. I am hopeful to be able to write something like: Select SQL_FULLTEXT from V$SQL where FIRST_LOAD_TIME > SYSDATE-(1/24) AND  (SQL_TEXT like 'INSERT%'...) order by FIRST_LOAD_TIME This recordset would be sent via a web service to schema2, which would process the statements. Is this possible? CHAPTER 1 ■ DEVELOPING SUCCESSFUL ORACLE APPLICATIONS 41 Here is someone trying to reinvent replication! He can’t get the literal SQL (and thank goodness for that!), but even if he could, this approach would never work. You can’t just take a concurrently executed set of SQL statements (what happens on a multi-CPU machine where two SQL statements are executed at exactly the same time?) and execute them serially (you’ll end up with different answers!). You’d need to replay them using the degree of concurrency you used on the originating system. For example, if you and I both execute INSERT INTO A_TABLE SELECT * FROM A_TABLE; at about the same time, we’d end up with A_TABLE having three times as many rows as it did when we started. For example, if A_TABLE started with 100 rows and I did that insert, it would now have 200 rows. If you did the insert right after me (before I commit), you would not see my 200 rows and you’d insert 100 more rows into A_TABLE, which would end up with 300 rows. Now, if we change things so that a web service performs my insert (A_TABLE grows from 100 to 200 rows) and then your insert (A_TABLE grows from 200 to 400 rows)—you can see the problem here. Replication is not trivial, it is, in fact, quite difficult. Oracle (and other databases) have been doing replication for over a decade now; it takes a lot of effort to implement and maintain. It's true you can write your own replication, and it might even be fun to do so, but at the end of the day, it’s not the smartest thing to do. The database does a lot of stuff. In general, it can do it better than we can ourselves. Replication, for example, is internalized in the kernel, written in C. It’s fast, it’s fairly easy, and it’s robust. It works across versions and across platforms. It is supported, so if you hit a problem, Oracle’s support team will be there to help. If you upgrade, replication will be supported there as well, probably with some new features. Now, consider if you were to develop your own. You’d have to provide support for all of the versions you wanted to support. Interoperability between old and new releases? That’d be your job. If it “broke,” you wouldn’t be calling support. At least, not until you could get a test case small enough to demonstrate your basic issue. When the new release of Oracle comes out, it would be up to you to migrate your replication code to that release. Knowing What’s Out There Not having a full understanding of what is available to you can come back to haunt you in the long run. I was working with some developers with years of experience developing database applications—on other databases. They built analysis software (trending, reporting, visualization software). It was to work on clinical data related to healthcare. They were not aware of SQL syntactical features like inline views, analytic functions, scalar subqueries. Their major problem was they needed to analyze data from a single parent table to two child tables; an Entity Relation Diagram (ERD) might look like Figure 1-1. Figure 1-1. Simple ERD The developers needed to be able to report on the parent record with aggregates from each of the child tables. The databases they worked with in the past did not support subquery factoring (WITH clause), nor did they support inline views—the ability to “query a query” instead of query a table. Not knowing these features existed, they wrote their own database of sorts in the middle tier. They would query the parent table and for each row returned run an aggregate query against each of the child tables. This resulted in their running thousands of tiny queries for each single query the end user wanted to run. Or, they would fetch the entire aggregated child tables into their middle tier into hash tables in memory—and do a hash join. In short, they were reinventing the database, performing the functional equivalent of a nested loops join or a hash join, without the benefit of temporary tablespaces, sophisticated query optimizers, and CHAPTER 1 ■ DEVELOPING SUCCESSFUL ORACLE APPLICATIONS 42 the like. They were spending their time developing, designing, fine-tuning, and enhancing software that was trying to do the same thing the database they already bought did! Meanwhile, end users were asking for new features but not getting them, because the bulk of the development time was in this reporting “engine,” which really was a database engine in disguise. I showed them that they could do things such as join two aggregations together in order to compare data that was stored at different levels of detail. Several approaches are possible, as illustrated in Listings 1-1 through 1-3. Listing 1-1. Inline Views to Query from a Query select p.id, c1_sum1, c2_sum2 from p, (select id, sum(q1) c1_sum1 from c1 group by id) c1, (select id, sum(q2) c2_sum2 from c2 group by id) c2 where p.id = c1.id and p.id = c2.id / Listing 1-2. Scalar Subqueries that Run Another Query per Row select p.id, (select sum(q1) from c1 where c1.id = p.id) c1_sum1, (select sum(q2) from c2 where c2.id = p.id) c2_sum2 from p where p.name = '1234' / Listing 1-3. Subquery Factoring via the WITH Clause with c1_vw as (select id, sum(q1) c1_sum1 from c1 group by id), c2_vw as (select id, sum(q2) c2_sum2 from c2 group by id), c1_c2 as (select c1.id, c1.c1_sum1, c2.c2_sum2 from c1_vw c1, c2_vw c2 where c1.id = c2.id ) select p.id, c1_sum1, c2_sum2 from p, c1_c2 where p.id = c1_c2.id / CHAPTER 1 ■ DEVELOPING SUCCESSFUL ORACLE APPLICATIONS 43 In addition to what you see in these listings, we can also do great things using the analytic functions like LAG, LEAD, ROW_NUMBER, the ranking functions, and so much more. Rather than spending the rest of the day trying to figure out how to tune their middle tier database engine, we spent the day with the SQL Reference Guide projected on the screen (coupled with SQL*Plus to create ad-hoc demonstrations of how things worked). The end goal was no longer tuning the middle tier; now it was turning off the middle tier as quickly as possible. Here’s another example: I have seen people set up daemon processes in an Oracle database that read messages off of pipes (a database IPC mechanism). These daemon processes execute the SQL contained within the pipe message and commit the work. They do this so they could execute auditing and error logging in a transaction that would not get rolled back if the bigger transaction did. Usually, if a trigger or something was used to audit an access to some data, but a statement failed later on, all of the work would be rolled back. So, by sending a message to another process, they could have a separate transaction do the work and commit it. The audit record would stay around, even if the parent transaction rolled back. In versions of Oracle before Oracle 8i, this was an appropriate (and pretty much the only) way to implement this functionality. When I told them of the database feature called autonomous transactions, they were quite upset with themselves. Autonomous transactions, implemented with a single line of code, do exactly what they were doing. On the bright side, this meant they could discard a lot of code and not have to maintain it. In addition, the system ran faster overall, and was easier to understand. Still, they were upset at the amount of time they had wasted reinventing the wheel. In particular, the developer who wrote the daemon processes was quite upset at having just written a bunch of “shelfware.” I see examples like these repeated time and time again—large complex solutions to problems that are already solved by the database itself. I’ve been guilty of this myself. I still remember the day when my Oracle sales consultant (I was the customer at the time) walked in and saw me surrounded by a ton of Oracle documentation. I looked up at him and just asked “Is this all true?” I spent the next couple of days just digging and reading. I had fallen into the trap that I knew all about databases because I had worked with SQL/DS, DB2, Ingress, Sybase, Informix, SQLBase, Oracle, and others. Rather than take the time to see what each had to offer, I would just apply what I knew from the others to whatever I was working on. (Moving to Sybase/SQL Server was the biggest shock to me—it worked nothing like the others at all.) Upon actually discovering what Oracle could do (and the others, to be fair), I started taking advantage of it and was able to move faster, with less code. This was in 1993. Imagine what you can do with the software today, almost two decades later. Take the time to learn what is available. You miss so much by not doing that. I learn something new about Oracle pretty much every single day. It requires some keeping up with; I still read the documentation. Solving Problems Simply There are always two ways to solve everything: the easy way and the hard way. Time and time again, I see people choosing the hard way. It is not always done consciously. More often, it is done out of ignorance. They never expected the database to be able to do “that.” I, on the other hand, expect the database to be capable of anything and only do it the hard way (by writing it myself) when I discover it can’t do something. For example, I am frequently asked, “How can I make sure the end user has only one session in the database?” (There are hundreds of other examples I could have used here). This must be a requirement of many applications, but none I’ve ever worked on—I’ve not found a good reason for limiting people in this way. However, people want to do it and when they do, they usually do it the hard way. For example, they will have a batch job run by the operating system that will look at the V$SESSION table and arbitrarily kill sessions of users who have more than one session. Alternatively, they will create their own tables and have the application insert a row when a user logs in and remove the row when they log out. This implementation invariably leads to lots of calls to the help desk because when the application crashes, the row never gets removed. I’ve seen lots of other “creative” ways to do this, but none is as easy as: CHAPTER 1 ■ DEVELOPING SUCCESSFUL ORACLE APPLICATIONS 44 ops$tkyte%ORA11GR2> create profile one_session limit sessions_per_user 1; Profile created. ops$tkyte%ORA11GR2> alter user scott profile one_session; User altered. ops$tkyte%ORA11GR2> alter system set resource_limit=true; System altered. ops$tkyte%ORA11GR2> connect scott/tiger Connected. scott%ORA11GR2> host sqlplus scott/tiger SQL*Plus: Release 11.2.0.1.0 Production on Wed Dec 9 16:02:39 2009 Copyright (c) 1982, 2009, Oracle. All rights reserved. ERROR: ORA-02391: exceeded simultaneous SESSIONS_PER_USER limit Enter user-name: That’s it—now any user with the ONE_SESSION profile can log on only once. When I bring up this solution, I can usually hear the smacking of a hand on the forehead followed by the statement “I never knew it could do that.” Taking the time to familiarize yourself with what the tools you have to work with are capable of doing can save you lots of time and energy in your development efforts. The same “keep it simple” argument applies at the broader architecture level. I would urge people to think carefully before adopting very complex implementations. The more moving parts you have in your system, the more things you have that can go wrong, and tracking down exactly where that error is occurring in an overly complex architecture is not easy. It may be really “cool” to implement using umpteen tiers, but it’s not the right choice if a simple stored procedure can do it better, faster, and with less resources. I’ve seen projects where application development has been going on for months, with no end in sight. The developers are using the latest and greatest technologies and languages, but development is not going very fast. It wasn’t that big of an application—and perhaps that was the problem. If you are building a doghouse (a small woodworking job), you wouldn’t bring in the heavy machinery. You’d use a few small power tools, but you wouldn’t have any use for the “big stuff.” On the other hand, if you were building an apartment complex, you’d have a cast of hundreds working on the project, you’d have the big machines—you’d use totally different tools to approach this problem. The same is true of application development. There is not a single “perfect architecture.” There is not a single “perfect language.” There is not one single “perfect approach.” For example, to build my web site I used APEX (Application Express). It’s a smallish application, there was a single developer (or two) working on it. It has maybe 20 screens. PL/SQL and APEX was the correct choice for this implementation—it did not need a cast of dozens, coding in Java, making EJBs, using Hibernate, and so on. It was a simple problem, solved simply. There are few complex, large-scale, huge applications (we buy most of those today: our HR systems, our ERP systems, and so on), but there are thousands of small applications. We need to use the proper approach and tools for the job. I will always go with the simplest architecture that solves the problem completely over a complex one any day. The payback can be enormous. Every technology has its place. Not every problem is a nail, so we can use more than a hammer in our toolbox. CHAPTER 1 ■ DEVELOPING SUCCESSFUL ORACLE APPLICATIONS 45 Openness I frequently see people doing things the hard way for another reason, and again it relates to the idea that we should strive for openness and database independence at all costs. The developers wish to avoid using closed, proprietary database features—even those as simple as stored procedures or sequences— because doing so will lock them into a database system. Well, let me put forth the idea that the instant you develop a read/write application, you are already somewhat locked in. You will find subtle (and sometimes not-so-subtle) differences between the databases as soon as you start running queries and modifications. For example, in one database you might find that your SELECT COUNT(*) FROM T deadlocks with a simple update of two rows. In Oracle, you’ll find that the SELECT COUNT(*) never blocks on a writer of the data being counted. You’ve seen the case where a business rule appears to get enforced on one database, due to side effects of the database’s locking model, and does not get enforced in another database. You’ll find that, given the same exact transaction mix, reports come out with different answers in different databases, all because of fundamental implementation differences. You will find that it is a very rare application that can simply be picked up and moved from one database to another. Differences in the way the SQL is interpreted (for instance, the NULL=NULL example) and processed will always be there. On one project, the developers were building a web-based product using Visual Basic, ActiveX Controls, IIS server, and the Oracle database. I was told that the development folks had expressed concern that since the business logic had been written in PL/SQL, the product had become database dependent and was asked, “How can we correct this?” I was a little taken aback by this question. In looking at the list of chosen technologies I could not figure out how being database dependent was a “bad” thing: • The developers had chosen a language that locked them into a single operating system supplied by a single vendor (they could have opted for Java). • They had chosen a component technology that locked them into a single operating system and vendor (they could have opted for J2EE). • They had chosen a web server that locked them into a single vendor and single platform (why not Apache?). Every other technology choice they had made locked them into a very specific configuration—in fact, the only technology that offered them any choice in terms of operating systems was the database. Regardless of this (they must have had good reasons to choose the technologies they did) we still have a group of developers making a conscious decision to not use the functionality of a critical component in their architecture, and doing so in the name of openness. It is my belief that you pick your technologies carefully and then you exploit them to the fullest extent possible. You paid a lot for these technologies—isn’t it in your best interest to exploit them fully? I had to assume they were looking forward to using the full potential of the other technologies, so why was the database an exception? This was an even harder question to answer in light of the fact that it was crucial to their success. We can put a slightly different spin on this argument if we consider it from the perspective of openness. You put all of your data into the database. The database is a very open tool. It supports data access via a large variety of open systems protocols and access mechanisms. Sounds great so far, the most open thing in the world. Then, you put all of your application logic and more importantly, your security outside of the database. Perhaps in your beans that access the data. Perhaps in the JSPs that access the data. Perhaps in your Visual Basic code running under Microsoft’s Transaction Server (MTS). Perhaps in your Hibernate- generated code. The end result is that you have just closed off your database —you have made it “non- open.” No longer can people hook in existing technologies to make use of this data; they must use your access methods (or bypass security altogether). This sounds all well and good today, but what you must remember is that the whiz-bang technology of today is yesterday’s concept, and tomorrow’s old, tired technology. What has persevered for over 30 years in the relational world (and probably most of the CHAPTER 1 ■ DEVELOPING SUCCESSFUL ORACLE APPLICATIONS 46 object implementations as well) is the database itself. The front ends to the data change almost yearly, and as they do, the applications that have all of the security built inside themselves, not in the database, become obstacles, roadblocks to future progress. The Oracle database provides a feature called fine-grained access control (FGAC). In a nutshell, this technology allows developers to embed procedures in the database that can modify queries as they are submitted to the database. This query modification is used to restrict the rows the client will receive or modify. The procedure can look at who is running the query, when they are running the query, what application is requesting the data, what terminal they are running the query from, and so on, and can constrain access to the data as appropriate. With FGAC, we can enforce security such that, for example: • Any query executed outside of normal business hours by a certain class of users returns zero records. • Any data can be returned to a terminal in a secure facility but only non-sensitive information can be returned to a remote client terminal. Basically, FGAC allows us to locate access control in the database, right next to the data. It no longer matters if the user comes at the data from a bean, a JSP, a Visual Basic application using ODBC, or SQL*PLUS—the same security protocols will be enforced. You are well-situated for the next technology that comes along. Now I ask you, which implementation is more “open?” The one that makes all access to the data possible only through calls to the Visual Basic code and ActiveX controls (replace Visual Basic with Java and ActiveX with EJB if you like—I’m not picking on a particular technology but an implementation here) or the solution that allows access from anything that can talk to the database, over protocols as diverse as SSL, HTTP, and Oracle Net (and others) or using APIs such as ODBC, JDBC, OCI, and so on? I have yet to see an ad hoc reporting tool that will “query” your Visual Basic code. I know of dozens that can do SQL, though. The decision to strive for database independence and total openness is one that people are absolutely free to take, and many try, but I believe it is the wrong decision. No matter what database you are using, you should exploit it fully, squeezing every last bit of functionality you can out of that product. You’ll find yourself doing that in the tuning phase (which again always seems to happen right after deployment) anyway. It is amazing how quickly the database independence requirement can be dropped when you can make the application run five times faster just by exploiting the software’s capabilities. How Do I Make It Run Faster? The question in the heading is one I get asked all the time. Everyone is looking for the fast = true switch, assuming “database tuning” means that you tune the database. In fact, it is my experience that more than 80 percent (frequently 100 percent) of all performance gains are to be realized at the application design and implementation level—not the database level. You can’t tune a database until you have tuned the applications that run on the database. As time goes on, there are some switches we can throw at the database level to help lessen the impact of egregious programming blunders. For example, Oracle 8.1.6 added a new parameter, CURSOR_SHARING=FORCE. This feature implements an auto binder, if you will. It will silently take a query written as SELECT * FROM EMP WHERE EMPNO = 1234 and rewrite it for us as SELECT * FROM EMP WHERE EMPNO = :x. This can dramatically decrease the number of hard parses, and decrease the library latch waits we discussed in the Architecture sections—but (there is always a but) it can have some side effects. A common side effect with cursor sharing is something like this: CHAPTER 1 ■ DEVELOPING SUCCESSFUL ORACLE APPLICATIONS 47 ops$tkyte%ORA11GR2> select /* TAG */ substr( username, 1, 1 ) 2 from all_users au1 3 where rownum = 1; S - S ops$tkyte%ORA11GR2> alter session set cursor_sharing=force; Session altered. ops$tkyte%ORA11GR2> select /* TAG */ substr( username, 1, 1 ) 2 from all_users au2 3 where rownum = 1; SUBSTR(USERNAME,1,1) ------------------------------ S What happened there? Why is the column reported by SQL*Plus suddenly so large for the second query, which is arguably the same query? If we look at what the cursor sharing setting did for us, it (and something else) will become obvious: ops$tkyte%ORA11GR2> select sql_text from v$sql where sql_text like 'select /* TAG */ %'; SQL_TEXT ------------------------------------------------------------------------------- select /* TAG */ substr( username, 1, 1 ) from all_users au1 where rownum = 1 select /* TAG */ substr( username, :"SYS_B_0", :"SYS_B_1" ) from all_users au2 where rownum = :"SYS_B_2" The cursor sharing removed information from the query. It found every literal, including the substr constants we were using. It removed them from the query and replaced them with bind variables. The SQL engine no longer knows that the column is a substr of length 1—it is of indeterminate length. Also, you can see that where rownum = 1 is now bound as well. This seems like a good idea; however, the optimizer has just had some important information removed. It no longer knows that “this query will retrieve a single row;” it now believes “this query will return the first N rows and N could be any number at all.” This can have a negative impact on your generated query plans. Additionally, I have shown that while CURSOR_SHARING = FORCE runs much faster than parsing and optimizing lots of unique queries (refer to the section on bind variables above), I have also found it to be slower than using queries where the developer did the binding. This arises not from any inefficiency in the cursor-sharing code, but rather in inefficiencies in the program itself. In many cases, an application that does not use bind variables is not efficiently parsing and reusing cursors either. Since the application believes each query is unique (it built them as unique statements), it will never use a cursor more than once. The fact is that if the programmer had used bind variables in the first place, she could have parsed a query once and reused it many times. It is this overhead of parsing that decreases the overall potential performance. Basically, it is important to keep in mind that simply turning on CURSOR_SHARING = FORCE will not necessarily fix your problems. It may very well introduce new ones. CURSOR_SHARING is, in some cases, a very useful tool, but it is not a silver bullet. A well-developed application would never need it. In the long term, using bind variables where appropriate, and constants when needed, is the correct approach. CHAPTER 1 ■ DEVELOPING SUCCESSFUL ORACLE APPLICATIONS 48 ■ Note There are no silver bullets, none. If there were, they would be the default behavior and you would never hear about them. Even if there are some switches that can be thrown at the database level, and they are truly few and far between, problems relating to concurrency issues and poorly executing queries (due to poorly written queries or poorly structured data) can’t be fixed with a switch. These situations require rewrites (and frequently a re-architecture). Moving data files around, adjusting parameters, and other database- level switches frequently have a minor impact on the overall performance of an application. Definitely not anywhere near the two, three, ... n times increase in performance you need to achieve to make the application acceptable. How many times has your application been 10 percent too slow? 10 percent too slow, no one complains about. Five times too slow, people get upset. I repeat: you will not get a five times increase in performance by moving data files around. You will only achieve large increments in performance by fixing the application, perhaps by making it do significantly less I/O. ■ Note This is just to note how things change over time. I’ve often written that you will not get a five times increase in performance by moving data files around. With the advent of hardware solutions such as Oracle Exadata—a storage area network device designed as an extension to the database—you can in fact get a five times, ten times, fifty times or more decrease in response time by simply moving data files around. But that is more of a “we completely changed our hardware architecture” story than a “we reorganized some of our storage.” Performance is something you have to design for, build to, and test for continuously throughout the development phase. It should never be something to be considered after the fact. I am amazed at how often people wait until the application has been shipped to the customer, put in place, and is actually running before they even start to tune it. I’ve seen implementations where applications are shipped with nothing more than primary keys—no other indexes whatsoever. The queries have never been tuned or stress-tested. The application has never been tried out with more than a handful of users. Tuning is considered to be part of the installation of the product. To me, that is an unacceptable approach. Your end users should be presented with a responsive, fully tuned system from day one. There will be enough “product issues” to deal with without having poor performance be the first thing users experience. Users expect a few bugs from a new application, but at least don’t make the users wait a painfully long time for those bugs to appear on screen. The DBA-Developer Relationship It’s certainly true that the most successful information systems are based on a symbiotic relationship between the DBA and the application developer. In this section I just want to give a developer’s perspective on the division of work between developer and DBA (assuming that every serious development effort has a DBA team). As a developer, you should not necessarily have to know how to install and configure the software. That should be the role of the DBA and perhaps the system administrator (SA). Setting up Oracle Net, getting the listener going, configuring the shared server, enabling connection pooling, installing the database, creating the database, and so on—these are functions I place in the hands of the DBA/SA. CHAPTER 1 ■ DEVELOPING SUCCESSFUL ORACLE APPLICATIONS 49 In general, a developer should not have to know how to tune the operating system. I myself generally leave this task to the SAs for the system. As a software developer for database applications, you will need to be competent in the use of your operating system of choice, but you shouldn’t expect to have to tune it. The single largest DBA responsibility is database recovery. Note I did not say “backup.” I said “recovery,” and I would say that this is the sole responsibility of the DBA. Understanding how rollback and redo work—yes, that is something a developer has to know. Knowing how to perform a tablespace point-in-time recovery is something a developer can skip over. Knowing that you can do it might come in handy, but actually having to do it—no. Tuning at the database instance level and figuring out what the optimum PGA_AGGREGATE_TARGET should be—that’s typically the job of the DBAs (and the database is quite willing and able to assist them in determining the correct figure). There are exceptional cases where a developer might need to change some setting for a session, but at the database level, the DBA is responsible for that. A typical database supports more than just a single developer’s application. Only the DBA who supports all of the applications can make the right decision. Allocating space and managing the files is the job of the DBA. Developers will contribute their estimations for space (how much they feel they will need) but the DBA/SA will take care of the rest. Basically, developers do not need to know how to run the database. They need to know how to run in the database. The developer and the DBA will work together on different pieces of the same puzzle. The DBA will be visiting you, the developer, when your queries are consuming too many resources, and you will be visiting the DBA when you can’t figure out how to make the system go any faster (that’s when instance tuning can be done, when the application is fully tuned). This will all vary by environment, but I would like to think that there is a division. A good developer is usually a very bad DBA, and vice versa. They are two different skill sets, two different mind-sets, and two different personalities in my opinion. Summary In this chapter, we have taken a somewhat anecdotal look at why you need to know the database. The examples I presented are not isolated—they happen every day, day in and day out. I observe a continuous cycle of such issues happening, over and over. Let’s quickly recap the key points. If you are developing with Oracle: • You need to understand the Oracle architecture. You don’t have to know it so well that you are able to rewrite the server, but you should know it well enough that you are aware of the implications of using a particular feature. • You need to understand locking and concurrency control and that every database implements these features differently. If you don’t, your database will give “wrong” answers and you will have large contention issues, leading to poor performance. • Do not treat the database as a black box—something you need not understand. The database is the most critical piece of most applications. Trying to ignore it would be fatal. • Do not reinvent the wheel. I’ve seen more than one development team get into trouble, not only technically but on a personal level, due to a lack of awareness as to what Oracle provides for free. This happens when someone points out that the feature they just spent the last couple of months implementing was actually a core feature of the database all along. Read the Oracle Database Concepts Guide—the New Features guide—the documentation that comes free with the software! CHAPTER 1 ■ DEVELOPING SUCCESSFUL ORACLE APPLICATIONS 50 • Solve problems as simply as possible, using as much of Oracle’s built-in functionality as possible. You paid a lot for it. • Software projects come and go, as do programming languages and frameworks. We developers are expected to have systems up and running in weeks, maybe months, and then move on to the next problem. If you reinvent the wheel over and over, you will never come close to keeping up with the frantic pace of development. Just as you would never build your own hash table class in Java— since it comes with one—you should use the database functionality you have at your disposal. The first step to being able to do that, of course, is to understand what it is you have at your disposal. Read on. And building on that last point, software projects and programming languages may come and go—but the data is here forever. We build applications that use data, and that data will be used by many applications over time. It is not about the application—it is about the data. Use techniques and implementations that permit the data to be used and reused. If you use the database as a bit bucket, making it so that all access to any data must come through your application, you have missed the point. You can’t “ad hoc query” your application. You can’t build a new application on top of your old application. But if you use the database, you’ll find adding new applications, reports, or whatever to be much easier over time. C H A P T E R 2 ■ ■ ■ 51 Architecture Overview Oracle is designed to be a very portable database—it is available on every platform of relevance, from Windows to UNIX to mainframes. However, the physical architecture of Oracle looks different on different operating systems. For example, on a UNIX operating system, you’ll see Oracle implemented as many different operating system processes, virtually a process per major function. On UNIX, this is the correct implementation, as it works on a multiprocess foundation. On Windows, however, this architecture would be inappropriate and would not work very well (it would be slow and nonscalable). On the Windows platform, Oracle is implemented as a single process with multiple threads. On IBM mainframe systems, running OS/390 and z/OS, the Oracle operating system–specific architecture exploits multiple OS/390 address spaces, all operating as a single Oracle instance. Up to 255 address spaces can be configured for a single database instance. Moreover, Oracle works together with OS/390 Workload Manager (WLM) to establish the execution priority of specific Oracle workloads relative to each other and relative to all other work in the OS/390 system. Even though the physical mechanisms used to implement Oracle from platform to platform vary, the architecture is sufficiently generalized that you can get a good understanding of how Oracle works on all platforms. In this chapter, I present a broad picture of this architecture. We’ll take a look at the Oracle server and define some terms such as “database” and “instance” (terms that always seem to cause confusion). We’ll take a look at what happens when you “connect” to Oracle and, at a high level, how the server manages memory. In the subsequent three chapters, we’ll look in detail at the three major components of the Oracle architecture: • Chapter 3 covers files. Here we’ll look at the five general categories of files that make up the database: parameter, data, temp, control, and redo log files. We’ll also cover other types of files, including trace, alert, dump (DMP), data pump, and simple flat files. We’ll look at the new file area (Oracle 10g and above) called Flashback Recovery, and we’ll also discuss the impact that Automatic Storage Management (ASM) has on file storage. • Chapter 4 covers the Oracle memory structures referred to as the System Global Area (SGA), Process Global Area (PGA), and User Global Area (UGA). We’ll examine the relationships between these structures, and we’ll also discuss the shared pool, large pool, Java pool, and various other SGA components. • Chapter 5 covers Oracle’s physical processes or threads. We’ll look at the three different types of processes that will be running on the database: server processes, background processes, and slave processes. It was hard to decide which of these components to cover first. The processes use the SGA, so discussing the SGA before the processes might not make sense. On the other hand, when discussing the processes and what they do, I’ll need to make references to the SGA. These two components are closely CHAPTER 2 ■ ARCHITECTURE OVERVIEW 52 tied: the files are acted on by the processes and won’t make sense without first understanding what the processes do. What I’ll do, then, is define some terms and give a general overview of what Oracle looks like (if you were to draw it on a whiteboard). You’ll then be ready to get into some of the details. Defining Database and Instance There are two terms that, when used in an Oracle context, seem to cause a great deal of confusion: “database and “instance.” In Oracle terminology, the definitions of these terms are as follows: • Database: A collection of physical operating system files or disks. When using Oracle Automatic Storage Management (ASM) or RAW partitions, the database may not appear as individual, separate files in the operating system, but the definition remains the same. • Instance: A set of Oracle background processes or threads and a shared memory area, which is memory that is shared across those threads or processes running on a single computer. This is the place for volatile, nonpersistent stuff, some of which gets flushed to disk. A database instance can exist without any disk storage whatsoever. It might not be the most useful thing in the world, but thinking about it that way definitely helps draw the line between the instance and the database. The two terms are sometimes used interchangeably, but they embrace very different concepts. The relationship between them is that a database may be mounted and opened by many instances. An instance may mount and open just a single database at any point in time. In fact, it is true to say that an instance will mount and open at most a single database in its entire lifetime! We’ll look at an example of that in a moment. Confused even more? Some further explanation should help clear up these concepts. An instance is simply a set of operating system processes, or a single process with many threads, and some memory. These processes can operate on a database, which is just a collection of files (data files, temporary files, redo log files, and control files). At any time, an instance will have only one set of files (one database) associated with it. In most cases, the opposite is true as well: a database will have only one instance working on it. However, in the special case of Oracle Real Application Clusters (RAC), an Oracle option that allows it to function on many computers in a clustered environment, we may have many instances simultaneously mounting and opening this one database, which resides on a set of shared physical disk. This gives us access to this single database from many different computers at the same time. Oracle RAC provides for extremely highly available systems and has the potential to architect extremely scalable solutions. Let’s start by taking a look at a simple example. Say we’ve just installed Oracle 11g version 11.2.0.1 on our Linux-based computer. We did a software-only installation. No starter databases, nothing—just the software. The pwd command shows the current working directory, dbs (on Windows, this would be the database directory) and the ls –l command shows the directory is empty. There is no init.ora file and no SPFILES (stored parameter files; these will be discussed in detail in Chapter 3). [ora11gr2@dellpe dbs]$ pwd /home/ora11gr2/dbs [ora11gr2@dellpe dbs]$ ls -l total 0 Using the ps (process status) command, we can see all processes being run by the user ora11gr2 (the Oracle software owner in this case). There are no Oracle database processes whatsoever at this point. CHAPTER 2 ■ ARCHITECTURE OVERVIEW 53 [ora11gr2@dellpe dbs]$ ps -aef | grep ora11gr2 ora11gr2 4447 4446 0 13:15 pts/1 00:00:00 -bash ora11gr2 4498 4447 0 13:17 pts/1 00:00:00 ps -aef ora11gr2 4499 4447 0 13:17 pts/1 00:00:00 grep ora11gr2 We then enter the ipcs command, a UNIX command that is used to show interprocess communication devices, such as shared memory, semaphores, and the like. Currently there are none in use on this system at all. [ora11gr2@dellpe dbs]$ ipcs -a ------ Shared Memory Segments -------- key shmid owner perms bytes nattch status ------ Semaphore Arrays -------- key semid owner perms nsems ------ Message Queues -------- key msqid owner perms used-bytes messages We then start up SQL*Plus (Oracle’s command-line interface) and connect as sysdba (the account that is allowed to do virtually anything in the database). Initially, assuming you haven’t yet set the environment variable ORACLE_SID, you’ll see: [ora11gr2@dellpe dbs]$ sqlplus / as sysdba SQL*Plus: Release 11.2.0.1.0 Production on Fri Dec 11 14:07:14 2009 Copyright (c) 1982, 2009, Oracle. All rights reserved. ERROR: ORA-12162: TNS:net service name is incorrectly specified Enter user-name: This error occurs because the database software has no idea what to try to connect to. When you connect, the Oracle software will look for a TNS connect string (a network connection). If, as in our example, the connect string is not supplied, the Oracle software will look at the environment for a variable named ORACLE_SID (on Windows, it would look also in the registry for the ORACLE_SID variable). The ORACLE_SID is the Oracle “site identifier;” it is sort of a key to gain access to an instance. If we set our ORACLE_SID: [ora11gr2@dellpe dbs]$ export ORACLE_SID=ora11g the connection is successful and SQL*Plus reports we are connected to an idle instance: [ora11gr2@dellpe dbs]$ sqlplus / as sysdba SQL*Plus: Release 11.2.0.1.0 Production on Fri Dec 11 13:48:01 2009 Copyright (c) 1982, 2009, Oracle. All rights reserved. CHAPTER 2 ■ ARCHITECTURE OVERVIEW 54 Connected to an idle instance. SQL> Our “instance” right now consists solely of the Oracle server process shown in bold in the following output. There is no shared memory allocated yet and no other processes. SQL> !ps -aef | grep ora11gr2 ora11gr2 4447 4446 0 13:15 pts/1 00:00:00 -bash ora11gr2 4668 4667 0 13:48 pts/2 00:00:00 sqlplus as sysdba ora11gr2 4669 4668 0 13:48 ? 00:00:00 oracleora11g (DESCRIPTION=(LOCAL=YES)(ADDRESS=(PROTOCOL=beq))) ora11gr2 4678 4668 0 13:48 pts/2 00:00:00 /bin/bash -c ps -aef | grep ora11gr2 ora11gr2 4679 4678 0 13:48 pts/2 00:00:00 ps -aef ora11gr2 4680 4678 0 13:48 pts/2 00:00:00 grep ora11gr2 SQL> !ipcs -a ------ Shared Memory Segments -------- key shmid owner perms bytes nattch status ------ Semaphore Arrays -------- key semid owner perms nsems ------ Message Queues -------- key msqid owner perms used-bytes messages SQL> ■ Note On Windows, Oracle executes as a single process with threads; you won’t see separate processes as on Linux. Moreover, the Windows threads will not have the same names as the processes just shown. I am using Linux specifically here so we can differentiate the individual processes and “see” them clearly. One interesting thing to note from this ps output is the process named oracle ora11g. No matter how hard you look on your system, you will not find an executable by that name. The Oracle binary that is executing is really the binary file $ORACLE_HOME/bin/oracle. ■ Note It is assumed that the environment variable (on UNIX) or registry setting (on Windows) named ORACLE_HOME has been set and represents the fully qualified path to where the Oracle software is installed. The Oracle developers simply rename the process as it is loaded into memory. The name of the single Oracle process that is running right now (our dedicated server process; more on what a dedicated server process is later) is oracle$ORACLE_SID. That naming convention makes it very easy to see what processes are associated with which instances and so on. So, let’s try to start the instance now: CHAPTER 2 ■ ARCHITECTURE OVERVIEW 55 SQL> startup ORA-01078: failure in processing system parameters LRM-00109: could not open parameter file '/home/ora11gr2/dbs/initora11gr2.ora' SQL> Notice the error about a missing file named initora11gr2.ora. That file, referred to colloquially as an init.ora file, or more properly as a parameter file, is the sole file that must exist to start up an instance—we need either a parameter file (a simple flat file that I’ll describe in more detail shortly) or a stored parameter file. We’ll create the parameter file now and put into it the minimal information we need to actually start a database instance. (Normally, we’d specify many more parameters, such as the database block size, control file locations, and so on). By default, this file is located in the $ORACLE_HOME/dbs directory and has the name init${ORACLE_SID}.ora: [ora11gr2@dellpe ~]$ cd $ORACLE_HOME/dbs [ora11gr2@dellpe dbs]$ echo db_name=ora11g > initora11g.ora [ora11gr2@dellpe dbs]$ cat initora11g.ora db_name=ora11g and then, once we get back into SQL*Plus: SQL> startup nomount ORACLE instance started. Total System Global Area 150667264 bytes Fixed Size 1335080 bytes Variable Size 92274904 bytes Database Buffers 50331648 bytes Redo Buffers 6725632 bytes SQL> We used the nomount option to the startup command since we don’t actually have a database to mount yet (the SQL*Plus documentation includes all of the startup and shutdown options). ■ Note On Windows, prior to running the startup command, you’ll need to execute a service creation statement using the oradim.exe utility Now we have what I’d call an instance. The background processes needed to actually run a database are all there, including process monitor (pmon), log writer (lgwr), and so on (these processes are covered in detail in Chapter 5). Let’s take a look: SQL> !ps -aef | grep ora11gr2 ora11gr2 4447 4446 0 13:15 pts/1 00:00:00 -bash ora11gr2 4900 4899 0 14:15 pts/2 00:00:00 /home/ora11gr2/bin/sqlplus ora11gr2 4904 1 0 14:16 ? 00:00:00 ora_pmon_ora11g ora11gr2 4906 1 0 14:16 ? 00:00:00 ora_vktm_ora11g ora11gr2 4910 1 0 14:16 ? 00:00:00 ora_gen0_ora11g ora11gr2 4912 1 0 14:16 ? 00:00:00 ora_diag_ora11g ora11gr2 4914 1 0 14:16 ? 00:00:00 ora_dbrm_ora11g CHAPTER 2 ■ ARCHITECTURE OVERVIEW 56 ora11gr2 4916 1 0 14:16 ? 00:00:00 ora_psp0_ora11g ora11gr2 4918 1 0 14:16 ? 00:00:00 ora_dia0_ora11g ora11gr2 4920 1 0 14:16 ? 00:00:00 ora_mman_ora11g ora11gr2 4922 1 0 14:16 ? 00:00:00 ora_dbw0_ora11g ora11gr2 4924 1 0 14:16 ? 00:00:00 ora_lgwr_ora11g ora11gr2 4926 1 0 14:16 ? 00:00:00 ora_ckpt_ora11g ora11gr2 4928 1 0 14:16 ? 00:00:00 ora_smon_ora11g ora11gr2 4930 1 0 14:16 ? 00:00:00 ora_reco_ora11g ora11gr2 4932 1 0 14:16 ? 00:00:00 ora_mmon_ora11g ora11gr2 4934 1 0 14:16 ? 00:00:00 ora_mmnl_ora11g ora11gr2 4935 4900 0 14:16 ? 00:00:00 oracleora11g  (DESCRIPTION=(LOCAL=YES)(ADDRESS=(PROTOCOL=beq))) ora11gr2 4953 4900 0 14:18 pts/2 00:00:00 /bin/bash -c ps -aef | grep ora11gr2 ora11gr2 4954 4953 0 14:18 pts/2 00:00:00 ps -aef ora11gr2 4955 4953 0 14:18 pts/2 00:00:00 grep ora11gr2 Additionally, ipcs, for the first time, reports the use of shared memory and semaphores—two important interprocess communication devices on UNIX: SQL> !ipcs -a ------ Shared Memory Segments -------- key shmid owner perms bytes nattch status 0x873d6bdc 753667 ora11gr2 660 153092096 16 ------ Semaphore Arrays -------- key semid owner perms nsems 0x420a82a0 1015808 ora11gr2 660 104 ------ Message Queues -------- key msqid owner perms used-bytes messages SQL> Note we have no “database” yet. We have the name of a database (in the parameter file we created), but no actual database. If we try to “mount” this database, it would fail because, quite simply, the database does not yet exist. Let’s create it. I’ve been told that creating an Oracle database involves quite a few steps, but let’s see: SQL> create database; Database created. That is actually all there is to creating a database. In the real world, however, we’d use a slightly more complicated form of the CREATE DATABASE command because we would want to tell Oracle where to put the log files, data files, control files, and so on. But we do now have a fully operational database. We still need to run the $ORACLE_HOME/rdbms/admin/catalog.sql script and other catalog scripts to build the rest of the data dictionary we use every day (the views we use such as ALL_OBJECTS are not yet present in this database), but we have an actual database here. We can use a simple query against some Oracle V$ views, specifically V$DATAFILE, V$LOGFILE, and V$CONTROLFILE, to list the files that make up this database: CHAPTER 2 ■ ARCHITECTURE OVERVIEW 57 SQL> select name from v$datafile; NAME -------------------------------------------------------------------------------- /home/ora11gr2/dbs/dbs1ora11g.dbf /home/ora11gr2/dbs/dbx1ora11g.dbf /home/ora11gr2/dbs/dbu1ora11g.dbf SQL> select member from v$logfile; MEMBER -------------------------------------------------------------------------------- /home/ora11gr2/dbs/log1ora11g.dbf /home/ora11gr2/dbs/log2ora11g.dbf SQL> select name from v$controlfile; NAME -------------------------------------------------------------------------------- /home/ora11gr2/dbs/cntrlora11g.dbf SQL> Oracle used defaults to put everything together and created a database as a set of persistent files. If we close this database and try to open it again, we’ll discover that we can’t: SQL> alter database close; Database altered. SQL> alter database open; alter database open * ERROR at line 1: ORA-1619c6: database has been previously opened and closed An instance can mount and open at most one database in its life. Remember, the instance consists simply of the processes and shared memory. This is still up and running. All we did was close the database, that is, the physical files. We must discard this instance (shutdown) and create a new one (startup) in order to open this or any other database. To recap, • An instance is a set of background processes and shared memory. • A database is a collection of data stored on disk. • An instance can mount and open only a single database, ever. • A database may be mounted and opened by one or more instances (using RAC) and the number of instances mounting a single database can fluctuate over time. As noted earlier, in most cases there’s a one-to-one relationship between an instance and a database. This is probably why the confusion surrounding the terms arises. In most peoples’ experience, a database is an instance, and an instance is a database. In many test environments, however, this is not the case. On my disk, I might have five separate databases. On the test machine, at any point in time there is only one instance of Oracle running, but the CHAPTER 2 ■ ARCHITECTURE OVERVIEW 58 database it is accessing may be different from day to day or hour to hour, depending on my needs. By simply having many different parameter files, I can mount and open any one of these databases. Here, I have one instance at a time but many databases, only one of which is accessible at any time. So now when people talk about an instance, you’ll know they mean the processes and memory of Oracle. When they mention the database, they are talking about the physical files that hold the data. A database may be accessible from many instances, but an instance will provide access to exactly one database at a time. The SGA and Background Processes You’re probably ready now for an abstract picture of what an Oracle instance and database look like, so take a look at Figure 2-1. Figure 2-1. Oracle instance and database Figure 2-1 shows an Oracle instance and database in their simplest form. Oracle has a large chunk of memory called the SGA that it uses, for example, to do the following: • Maintain many internal data structures that all processes need access to. • Cache data from disk; buffer redo data before writing it to disk. • Hold parsed SQL plans. • And so on. Oracle has a set of processes that are “attached” to this SGA, and the mechanism by which they attach differs by operating system. In a UNIX environment, the processes will physically attach to a large shared memory segment, a chunk of memory allocated in the OS that may be accessed by many processes concurrently (generally using shmget() and shmat()). Under Windows, these processes simply use the C call, malloc() to allocate the memory, since they are really threads in one big process and hence share the same virtual memory space. Oracle will also have a set of files that the database processes or threads read and write (and Oracle processes are the only ones allowed to read or write these files). These files hold all of our table data, indexes, temporary space, redo logs, and so on. If you were to start up Oracle on a UNIX-based system and execute a ps command, you’d see that many physical processes are running, with various names. You saw an example of that earlier when you CHAPTER 2 ■ ARCHITECTURE OVERVIEW 59 observed the pmon, smon, and other processes. I cover these processes in Chapter 5, so just be aware for now that they are commonly referred to as the Oracle background processes. They are persistent processes that make up the instance, and you’ll see them from the time you start the instance until you shut it down. It is interesting to note that these are processes, not individual programs. There is only one Oracle binary executable on UNIX; it has many “personalities,” depending on what it was told to do when it starts up. The same binary executable that was run to start ora_pmon_ora11g was also used to start the process ora_ckpt_ora11g. There is only one binary executable program, named simply oracle. It is just executed many times with different names. On Windows, using the pstat tool (part of the Windows XP Resource Kit; search for “pstat download” using your favorite search engine if you don’t have it), we’ll find only one process, oracle.exe. Again, on Windows there is only one binary executable (oracle.exe). Within this process, we’ll find many threads representing the Oracle background processes. Using pstat (or any of a number of tools, such as tasklist, which comes with many Windows versions), we can see these processes: C:\WINDOWS> pstat Pstat version 0.3: memory: 523760 kb uptime: 0 1:37:54.375 PageFile: \??\C:\pagefile.sys Current Size: 678912 kb Total Used: 228316 kb Peak Used 605488 kb Memory: 523760K Avail: 224492K TotalWs: 276932K InRam Kernel: 872K P:20540K Commit: 418468K/ 372204K Limit:1169048K Peak:1187396K Pool N:10620K P:24588K User Time Kernel Time Ws Faults Commit Pri Hnd Thd Pid Name 56860 2348193 File Cache 0:00:00.000 1:02:23.109 28 0 0 0 0 1 0 Idle Process 0:00:00.000 0:01:50.812 32 4385 28 8 694 52 4 System 0:00:00.015 0:00:00.109 60 224 172 11 19 3 332 smss.exe 0:00:33.234 0:00:32.046 2144 33467 1980 13 396 14 556 csrss.exe 0:00:00.343 0:00:01.750 3684 6811 7792 13 578 20 580 winlogon.exe 0:00:00.078 0:00:01.734 1948 3022 1680 9 275 16 624 services.exe 0:00:00.218 0:00:03.515 1896 5958 3932 9 363 25 636 lsass.exe 0:00:00.015 0:00:00.078 80 804 592 8 25 1 812 vmacthlp.exe 0:00:00.093 0:00:00.359 1416 2765 3016 8 195 17 828 svchost.exe 0:00:00.062 0:00:00.453 1340 3566 1764 8 244 10 896 svchost.exe 0:00:00.828 0:01:16.593 9632 36387 11708 8 1206 59 1024 svchost.exe 0:00:00.046 0:00:00.640 1020 2315 1300 8 81 6 1100 svchost.exe 0:00:00.015 0:00:00.234 736 2330 1492 8 165 11 1272 svchost.exe 0:00:00.015 0:00:00.218 128 1959 3788 8 117 10 1440 spoolsv.exe 0:00:01.312 0:00:19.828 13636 35525 14732 8 575 19 1952 explorer.exe 0:00:00.250 0:00:00.937 956 1705 856 8 29 1 228 VMwareTray.exe 0:00:00.812 0:00:04.562 1044 4619 3800 8 165 4 240 VMwareUser.exe 0:00:00.015 0:00:00.156 88 1049 1192 8 88 4 396 svchost.exe 0:00:00.109 0:00:04.640 744 1229 2432 8 81 3 460 cvpnd.exe 0:00:02.015 0:00:12.078 1476 17578 1904 13 139 3 600 VMwareService.exe 0:00:00.031 0:00:00.093 124 1004 1172 8 105 6 192 alg.exe 0:00:00.062 0:00:00.937 2648 13977 22656 8 101 3 720 TNSLSNR.EXE 0:04:00.359 0:02:57.734164844 2009785 279168 8 550 29 1928 oracle.exe 0:00:00.093 0:00:00.437 6736 2316 2720 8 141 6 1224 msiexec.exe 0:00:00.015 0:00:00.031 2668 701 1992 8 34 1 804 cmd.exe 0:00:00.015 0:00:00.000 964 235 336 8 11 1 2856 pstat.exe CHAPTER 2 ■ ARCHITECTURE OVERVIEW 60 Here we can see there are 29 threads (Thd in the display) contained in the single Oracle process. These threads represent what were processes on UNIX—they are the pmon, arch, lgwr, and so on. They each represent a separate bit of the Oracle process. Paging down through the pstat report, we can see more details about each thread: pid:788 pri: 8 Hnd: 550 Pf:2009785 Ws: 164844K oracle.exe tid pri Ctx Swtch StrtAddr User Time Kernel Time State 498 9 651 7C810705 0:00:00.000 0:00:00.203 Wait:Executive 164 8 91 7C8106F9 0:00:00.000 0:00:00.000 Wait:UserRequest … a68 8 42 7C8106F9 0:00:00.000 0:00:00.031 Wait:UserRequest We can’t see the thread “names” like we could on UNIX (ora_pmon_ora11g and so on), but we can see the thread IDs (Tid), priorities (Pri), and other operating system accounting information about them. Connecting to Oracle In this section, we’ll take a look at the mechanics behind the two most common ways to have requests serviced by an Oracle server: dedicated server and shared server connections. We’ll see what happens on the client and the server in order to establish connections, so we can log in and actually do work in the database. Lastly, we’ll take a brief look at how to establish TCP/IP connections; TCP/IP is the primary networking protocol used to connect over the network to Oracle. And we’ll look at how the listener process on our server, which is responsible for establishing the physical connection to the server, works differently in the cases of dedicated and shared server connections. Dedicated Server Figure 2-1 and the pstat output presented a picture of what Oracle looks like immediately after starting. If we were now to log into this database using a dedicated server, we would see a new thread get created just to service us: C:\Documents and Settings\tkyte>sqlplus tkyte/tkyte SQL*Plus: Release 11.1.0.7.0 - Production on Fri Dec 11 18:05:32 2009 Copyright (c) 1982, 2008, Oracle. All rights reserved. Connected to: Oracle Database 11g Enterprise Edition Release 11.1.0.7.0 - Production With the Partitioning, OLAP, Data Mining and Real Application Testing options SQL> host pstat Microsoft Windows XP [Version 5.1.2600] (C) Copyright 1985-2001 Microsoft Corp. Pstat version 0.3: memory: 523760 kb uptime: 0 1:40:36.687 PageFile: \??\C:\pagefile.sys Current Size: 678912 kb Total Used: 227744 kb Peak Used 605488 kb Memory: 523760K Avail: 194928K TotalWs: 315172K InRam Kernel: 876K P:20616K CHAPTER 2 ■ ARCHITECTURE OVERVIEW 61 Commit: 447888K/ 401420K Limit:1169048K Peak:1187396K Pool N:10636K P:24628K User Time Kernel Time Ws Faults Commit Pri Hnd Thd Pid Name ... 0:04:00.515 0:02:58.546166948 2020411 279216 8 549 30 1928 oracle.exe ... SQL> Now you can see there are 30 threads instead of 29, the extra thread being our dedicated server process (more information on what exactly a dedicated server process is shortly). When we log out, the extra thread will go away. On UNIX, we would see another process get added to the list of Oracle processes running, and that would be our dedicated server. [tkyte@dellpe ~]$ ps -aef | grep oracle$ORACLE_SID tkyte 26935 19699 0 16:05 pts/5 00:00:00 grep oracleora11gr2 [tkyte@dellpe ~]$ sqlplus / SQL*Plus: Release 11.2.0.1.0 Production on Mon May 10 16:05:22 2010 Copyright (c) 1982, 2009, Oracle. All rights reserved. Connected to: Oracle Database 11g Enterprise Edition Release 11.2.0.1.0 - Production With the Partitioning, OLAP, Data Mining and Real Application Testing options ops$tkyte%ORA11GR2> !ps -aef | grep oracle$ORACLE_SID ora11gr2 26938 26937 1 16:05 ? 00:00:00 oracleora11gr2 (DESCRIPTION=(LOCAL=YES)(ADDRESS=(PROTOCOL=beq))) tkyte 26947 26945 0 16:05 pts/2 00:00:00 grep oracleora11gr2 This brings us to the next iteration of our diagram. If we were to connect to Oracle in its most commonly used configuration, we would see something like Figure 2-2. Figure 2-2. Typical dedicated server configuration CHAPTER 2 ■ ARCHITECTURE OVERVIEW 62 As noted, typically Oracle will create a new process for me when I log in. This is commonly referred to as the dedicated server configuration, since a server process will be dedicated to me for the life of my session. For each session, a new dedicated server will appear in a one-to-one mapping. This dedicated server process is not (by definition) part of the instance. My client process (whatever program is trying to connect to the database) will be in direct communication with this dedicated server over some networking conduit, such as a TCP/IP socket. It is this server process that will receive my SQL and execute it for me. It will read data files if necessary, and it will look in the database’s cache for my data. It will perform my update statements. It will run my PL/SQL code. Its only goal is to respond to the SQL calls I submit to it. Shared Server Oracle can also accept connections in a manner called shared server, in which you wouldn’t see an additional thread created or a new UNIX process appear for each user connection. ■ Note In Version 7.x and 8.x of Oracle, shared server was known as Multi-Threaded Server or MTS. That legacy name is not in use anymore. In shared server, Oracle uses a pool of shared processes for a large community of users. Shared servers are simply a connection pooling mechanism. Instead of having 10,000 dedicated servers (that’s a lot of processes or threads) for 10,000 database sessions, shared server lets us have a small percentage of this number of processes or threads, which would be (as the name implies) shared by all sessions. This allows Oracle to connect many more users to the instance than would otherwise be possible. Our machine might crumble under the load of managing 10,000 processes, but managing 100 or 1,000 processes is doable. In shared server mode, the shared processes are generally started up with the database and appear in the ps list. A big difference between shared and dedicated server connections is that the client process connected to the database never talks directly to a shared server, as it would to a dedicated server. It can’t talk to a shared server because that process is, in fact, shared. In order to share these processes, we need another mechanism through which to “talk.” Oracle employs a process (or set of processes) called a dispatcher for this purpose. The client process will talk to a dispatcher process over the network. The dispatcher process will put the client’s request into the request queue in the SGA (one of the many things the SGA is used for). The first shared server that is not busy will pick up this request and process it (e.g., the request could be UPDATE T SET X = X+5 WHERE Y = 2). Upon completion of this command, the shared server will place the response in the invoking dispatcher’s response queue. The dispatcher process monitors this queue and, upon seeing a result, will transmit it to the client. Conceptually, the flow of a shared server request looks like Figure 2-3. CHAPTER 2 ■ ARCHITECTURE OVERVIEW 63 Figure 2-3. Steps in a shared server request As shown in Figure 2-3, the client connection will send a request to the dispatcher. The dispatcher will first place this request onto the request queue in the SGA (1). The first available shared server will dequeue this request (2) and process it. When the shared server completes, the response (return codes, data, and so on) is placed into the response queue (3), subsequently picked up by the dispatcher (4), and transmitted back to the client. As far as the developer is concerned, there is conceptually no difference between a shared server connection and a dedicated server connection. Architecturally they are quite different, but that’s not apparent to an application. Now that you understand what dedicated server and shared server connections are, you may have the following questions: • How do I get connected in the first place? • What would start this dedicated server? • How might I get in touch with a dispatcher? The answers depend on your specific platform, but the sections that follow outline the process in general terms. Mechanics of Connecting over TCP/IP We’ll investigate the most common networking case: a network-based connection request over TCP/IP. In this case, the client is situated on one machine and the server resides on another, with the two connected on a TCP/IP network. It all starts with the client. The client makes a request using the Oracle client software (a set of provided application program interfaces, or APIs) to connect to a database. For example, the client issues the following: [tkyte@dellpe ~]$ sqlplus scott/tiger@orcl SQL*Plus: Release 11.2.0.1.0 Production on Fri Dec 11 16:00:31 2009 Copyright (c) 1982, 2009, Oracle. All rights reserved. Connected to: Oracle Database 11g Enterprise Edition Release 11.2.0.1.0 - Production With the Partitioning, OLAP, Data Mining and Real Application Testing options scott%ORA11GR2> CHAPTER 2 ■ ARCHITECTURE OVERVIEW 64 ■ Note The string orcl used above is unique to my configuration. I have a tnsnames.ora entry (more on that below) named orcl. It is a TNS connect string that points to an existing, installed configured Oracle Database 11g Release 2 instance on my network. You will be using your own TNS connect strings, unique to your installation. Here, the client is the program SQL*Plus, scott/tiger is the username and password, and orcl is a TNS service name. TNS stands for Transparent Network Substrate and is “foundation” software built into the Oracle client that handles remote connections, allowing for peer-to-peer communication. The TNS connection string tells the Oracle software how to connect to the remote database. Generally, the client software running on your machine will read a file called tnsnames.ora. This is a plain-text configuration file commonly found in the $ORACLE_HOME/network/admin directory ($ORACLE_HOME represents the full path to your Oracle installation directory). It will have entries that look like this: [tkyte@dellpe ~]$ cat $ORACLE_HOME/network/admin/tnsnames.ora ORCL = (DESCRIPTION = (ADDRESS = (PROTOCOL = TCP) (HOST = somehost.somewhere.com) (PORT = 1521) ) (CONNECT_DATA = (SERVER = DEDICATED) (SERVICE_NAME = orcl) ) ) [tkyte@dellpe ~]$ This configuration information allows the Oracle client software to map the TNS connection string we used, orcl, into something useful—namely, a hostname, a port on that host on which a listener process will accept connections, the service name of the database on the host to which we wish to connect, and so on. A service name represents groups of applications with common attributes, service level thresholds, and priorities. The number of instances offering the service is transparent to the application, and each database instance may register with the listener as willing to provide many services. So, services are mapped to physical database instances and allow the DBA to associate certain thresholds and priorities with them. This string, orcl, could have been resolved in other ways. For example, it could have been resolved using Oracle Internet Directory (OID), which is a distributed Lightweight Directory Access Protocol (LDAP) server, similar in purpose to DNS for hostname resolution. However, use of the tnsnames.ora file is common in most small to medium installations where the number of copies of such a configuration file is manageable. Now that the client software knows where to connect to, it will open a TCP/IP socket connection to the server with the hostname somehost.somewhere.com on port 1521. If the DBA for our server has installed and configured Oracle Net, and has the listener listening on port 1521 for connection requests, this connection may be accepted. In a network environment, we will be running a process called the TNS listener on our server. This listener process is what will get us physically connected to our database. When it receives the inbound connection request, it inspects the request and, using its own configuration files, either rejects the request (because there is no such service, for example, or CHAPTER 2 ■ ARCHITECTURE OVERVIEW 65 perhaps our IP address has been disallowed connections to this host) or accepts it and goes about getting us connected. If we are making a dedicated server connection, the listener process will create a dedicated server for us. On UNIX, this is achieved via fork() and exec() system calls (the only way to create a new process after initialization in UNIX is via fork()). The new dedicated server process inherits the connection established by the listener, and we are now physically connected to the database. On Windows, the listener process requests the database process to create a new thread for a connection. Once this thread is created, the client is “redirected” to it, and we are physically connected. Diagrammatically in UNIX, it would look as shown in Figure 2-4. Figure 2-4. The listener process and dedicated server connections However, the listener will behave differently if we are making a shared server connection request. This listener process knows the dispatcher(s) we have running in the instance. As connection requests are received, the listener will choose a dispatcher process from the pool of available dispatchers. The listener will either send back to the client the connection information describing how the client can connect to the dispatcher process or, if possible, hand off the connection to the dispatcher process (this is OS- and database version–dependent, but the net effect is the same). When the listener sends back the connection information, it is done because the listener is running on a well-known hostname and port on that host, but the dispatchers also accept connections on randomly assigned ports on that server. The listener is made aware of these random port assignments by the dispatcher and will pick a dispatcher for us. The client then disconnects from the listener and connects directly to the dispatcher. We now have a physical connection to the database. Figure 2-5 illustrates this process. Figure 2-5. The listener process and shared server connections CHAPTER 2 ■ ARCHITECTURE OVERVIEW 66 Summary This completes our overview of the Oracle architecture. In this chapter, we defined the terms “instance” and “database” and saw how to connect to the database through either a dedicated server connection or a shared server connection. Figure 2-6 sums up the material covered in the chapter and shows the interaction between a client using a shared server connection and a client using a dedicated server connection. It also shows that an Oracle instance may use both connection types simultaneously. (In fact, an Oracle database always supports dedicated server connections—even when configured for shared server.) Figure 2-6. Connection overview Now you’re ready to take a more in-depth look at the files that comprise the database and the processes behind the server—what they do and how they interact with each other. You’re also ready to look inside the SGA to see what it contains and what its purpose is. You’ll start in the next chapter by looking at the types of files Oracle uses to manage the data and the role of each file type. C H A P T E R 3 ■ ■ ■ 67 Files In this chapter, we will examine the eight major file types that make up a database and instance. The files associated with an instance are simply • Parameter files: These files tell the Oracle instance where to find the control files, and they also specify certain initialization parameters that define how big certain memory structures are, and so on. We will investigate the two options available for storing database parameter files. • Trace files: These are diagnostic files created by a server process, generally in response to some exceptional error condition. • Alert files: These are similar to trace files, but they contain information about “expected” events, and they also alert the DBA in a single, centralized file of many database events. The files that make up the database are • Data files: These are for the database; they hold your tables, indexes, and all other data segment types. • Temp files: These are used for disk-based sorts and temporary storage. • Control files: These tell you where the data files, temp files, and redo log files are, as well as other relevant metadata about their state. They also contain backup information maintained by RMAN (Recovery Manager, the backup and recovery tool). • Redo log files: These are your transaction logs. • Password files: These are used to authenticate users performing administrative activities over the network. We will not discuss these files in any great detail as they are not a necessary component of any Oracle database. In Oracle 10gand above, there are a couple of new optional file types that are used by Oracle to facilitate faster backup and faster recovery operations. These two new files are • Change-tracking file: This file facilitates a true incremental backup of Oracle data. It does not have to be located in the Flash Recovery Area, but as it relates purely to database backup and recovery, we’ll discuss it in the context of that area. • Flashback log files: These files store “before images” of database blocks in order to facilitate the new FLASHBACK DATABASE command. CHAPTER 3 ■ FILES 68 We’ll also take a look at other types of files commonly associated with the database, such as • Dump (DMP) files: These files are generated by the Export database utility and consumed by the Import database utility. • Data Pump files: These files are generated by the Oracle Data Pump Export process and consumed by the Data Pump Import process. This file format may also be created and consumed by external tables. • Flat files: These are plain old files you can view in a text editor. You normally use these for loading data into the database. The most important files in the previous lists are the data files and the redo log files, because they contain the data you worked so hard to accumulate. I can lose any and all of the remaining files and still get to my data. If I lose my redo log files, I may start to lose some data. If I lose my data files and all of their backups, I’ve definitely lost that data forever. We will now take a look at the types of files, where they are usually located, how they are named and what we might expect to find in them. Parameter Files There are many different parameter files associated with an Oracle database, from a tnsnames.ora file on a client workstation (used to “find” a server on the network), to a listener.ora file on the server (for the network listener startup), to the sqlnet.ora, cman.ora, and ldap.ora files, to name a few. The most important parameter file, however, is the database’s parameter file—without this, we can’t even get an instance started, as demonstrated in Chapter 2 “Architecture Overview.” The remaining files are important; they are all related to networking and getting connected to the database. However, they are beyond the scope of our discussion. For information on their configuration and setup, I refer you to the Net Services Administrator’s Guide. Since you’re a developer, typically these files would be set up for you, not by you. The parameter file for a database is commonly known as an init file, or an init.ora file. This is due to its historic default name, which is init.ora. I call it “historic” because starting with Oracle9i Release 1, a vastly improved method of storing parameter settings for the database was introduced: the server parameter file, or simply SPFILE. This file has the default name of spfile.ora. We’ll take a look at both kinds of parameter files. ■ Note For those who are unfamiliar with the term SID or ORACLE_SID, a full definition is called for. The SID is a site identifier. It and ORACLE_HOME (where the Oracle software is installed) are hashed together in UNIX to create a unique key name for creating or attaching a Shared Global Area (SGA) memory region. If your ORACLE_SID or ORACLE_HOME is not set correctly, you’ll get the ORACLE NOT AVAILABLE error, since you can’t attach to a shared memory segment that is identified by this unique key. On Windows, shared memory isn’t used in the same fashion as on UNIX, but the SID is still important. You can have more than one database under the same ORACLE_HOME, so you need a way to uniquely identify the instance associated with each one, along with their configuration files. CHAPTER 3 ■ FILES 69 Without a parameter file, you can’t start an Oracle database. This makes the parameter file fairly important, and as of Oracle9i Release 2 (versions 9.2 and above), the backup and recovery tool Recovery Manager (RMAN) recognizes this file’s importance and will allow you to include the server parameter file (but not the legacy init.ora parameter file type) in your backup set. However, since the init.ora file is simply a plain text file that you can create with any text editor, it is not a file you have to necessarily guard with your life. You can re-create it, as long as you know what was in it (e.g., you can retrieve that information from the database’s alert log, if you have access to that, and reconstruct your entire init.ora parameter file). We will now examine both types of database startup parameter files (init.ora and SPFILE) in turn, but before we do that, let’s see what a database parameter file looks like. What Are Parameters? In simple terms, a database parameter may be thought of as a key/value pair. You saw an important parameter, db_name, in the preceding chapter. The db_name parameter was stored as db_name = ora11g. The key here is db_name and the value is ora11g. This is our key/value pair. To see the current value of an instance parameter, you can query the V$ view V$PARAMETER. Alternatively, in SQL*Plus you can use the SHOW PARAMETER command, for example: ops$tkyte%ORA11GR2> select value 2 from v$parameter 3 where name = 'db_block_size' 4 / VALUE ------------------------------------------------------------------------------- 8192 ops$tkyte%ORA11GR2> show parameter db_block_s NAME TYPE VALUE ------------------------------------ ----------- ------------------------------ db_block_size integer 8192 Both outputs show basically the same information, although you can get more information from V$PARAMETER (there are many more columns to choose from than displayed in this example). But SHOW PARAMETER wins for me in ease of use and the fact that it “wildcards” automatically. Notice that I typed in only db_block_s; SHOW PARAMETER adds % to the front and back. ■ Note All V$ views and all dictionary views are fully documented in the Oracle Database Reference manual. Please regard that manual as the definitive source of what is available in a given view. If you were to execute the preceding example as a less-privileged user (OPS$TKYTE has been granted the DBA role for purposes of this book), you would see instead: CHAPTER 3 ■ FILES 70 ops$tkyte%ORA11GR2> connect scott/tiger Connected. scott%ORA11GR2> select value 2 from v$parameter 3 where name = 'db_block_size' 4 / from v$parameter * ERROR at line 2: ORA-00942: table or view does not exist scott%ORA11GR2> show parameter db_block_s ORA-00942: table or view does not exist “Normal” accounts are not granted access to the V$ performance views by default. Don’t let that get you down, however. There is a documented API typically available to all users that permits you to see the contents of V$PARAMETER; this little helper function helps you see what is set as a parameter. For example: scott%ORA11GR2> create or replace 2 function get_param( p_name in varchar2 ) 3 return varchar2 4 as 5 l_param_type number; 6 l_intval binary_integer; 7 l_strval varchar2(256); 8 invalid_parameter exception; 9 pragma exception_init( invalid_parameter, -20000 ); 10 begin 11 begin 12 l_param_type := 13 dbms_utility.get_parameter_value 14 ( parnam => p_name, 15 intval => l_intval, 16 strval => l_strval ); 17 exception 18 when invalid_parameter 19 then 20 return '*access denied*'; 21 end; 22 if ( l_param_type = 0 ) 23 then 24 l_strval := to_char(l_intval); 25 end if; 26 return l_strval; 27 end get_param; 28 / Function created. CHAPTER 3 ■ FILES 71 If you execute this function in SQL*Plus, you’ll see: scott%ORA11GR2> exec dbms_output.put_line( get_param( 'db_block_size' ) ); 8192 PL/SQL procedure successfully completed. Not every parameter is available via the dbms_utility.get_parameter_value API call. Specifically, the memory-related parameters such as sga_max_size, db_cache_size, pga_aggregate_target and the like are not visible. We deal with that in the code on lines 17 through 21—we return ‘*access denied*’ when we hit a parameter that we are not allowed to see. If you are curious about the entire list of restricted parameters, you can (as can any account that has been granted EXECUTE on this function) issue the following query: ops$tkyte%ORA11GR2> select name, scott.get_param( name ) val 2 from v$parameter 3 where scott.get_param( name ) = '*access denied*'; NAME VAL ------------------------------------ ---------------------------------------- sga_max_size *access denied* shared_pool_size *access denied* … olap_page_pool_size *access denied* 24 rows selected. ■ Note You’ll see different results for this query on different versions. You should expect the number and values of inaccessible parameters to go up and down over time as the number of parameters changes. If you were to count the number of documented parameters you can set in each of the database versions—9i Release 2, 10g Release 2, 11g Release 1 and 11g Release 2—you’d probably find 258, 259, 294, and 342 different parameters, respectively (I’m sure there could be additional parameters available on an operating system–specific basis). In other words, the number of parameters (and their names) varies by release. Most parameters, like db_block_size, are very long-lived (they won’t go away from release to release), but over time many other parameters become obsolete as implementations change. For example, in Oracle 9.0.1 and before—back to version 6 of Oracle—there was a distributed_transactions parameter that could be set to some positive integer and that controlled the number of concurrent distributed transactions the database could perform. It was available in prior releases, but it is not found in any release subsequent to 9.0.1. In fact, attempting to use that parameter with subsequent releases raises an error. For example: ops$tkyte%ORA11GR2> alter system set distributed_transactions = 10; alter system set distributed_transactions = 10 * ERROR at line 1: ORA-25138: DISTRIBUTED_TRANSACTIONS initialization parameter has been made obsolete CHAPTER 3 ■ FILES 72 If you would like to review the parameters and get a feeling for what is available and what each parameter does, refer to the Oracle Database Reference manual. The first chapter of this manual examines every documented parameter in detail. On the whole, the default value assigned to each parameter (or the derived value for parameters that obtain their default settings from other parameters) is sufficient for most systems. In general, the values of parameters such as the control_files parameter (which specifies the location of the control files on your system), db_block_size, various memory-related parameters, and so on, need to be set uniquely for each database. Notice I used the term “documented” in the preceding paragraph. There are undocumented parameters as well. You can identify these because their names begin with an underscore (_). There is a great deal of speculation about these parameters. Since they are undocumented, some people believe they must be “magical,” and many people assume that they are well-known and used by Oracle insiders. In fact, I find the opposite to be true. They are not well-known and they are hardly ever used. Most of these undocumented parameters are rather boring, actually, as they represent deprecated functionality and backward-compatibility flags. Others help in the recovery of data, not of the database itself; for example, some of them enable the database to start up in certain extreme circumstances, but only long enough to get data out. You have to rebuild after that. Unless you are so directed by Oracle Support, there is no reason to have an undocumented parameter in your configuration. Many have side effects that could be devastating. In my development database, I use only one undocumented setting: _TRACE_FILES_PUBLIC = TRUE This parameter makes trace files readable by all, not just the DBA group. On my development database, I want my developers to use SQL_TRACE, TIMED_STATISTICS, and the TKPROF utility frequently (well, I demand it actually); hence they need to be able to read the trace files. As we’ll see, with the advent of external tables in Oracle 9.0.1 and above, we need not use even this parameter to permit access to trace files. ■ Note _TRACE_FILES_PUBLIC allows trace files to be read by anyone. Trace files can and do contain sensitive information; in a production database, this parameter should not be set to true for security purposes. In my production database, I don’t use any undocumented settings. In fact, the seemingly “safe” undocumented parameter just mentioned can have undesirable side effects in a live system. Think about the sensitive information you might find in a trace file, such as SQL and even data values (see the upcoming section titled “Trace Files”) and ask yourself, “Do I really want any end user to have read access to that data?” The answer is most likely no. ■ Caution Use undocumented parameters only at the request of Oracle Support. Their use can be damaging to a database, and their implementation can—and will—change from release to release. You may set the various parameter values in one of two ways: either just for the current instance or persistently. It is up to you to make sure that the parameter files contain the values you want them to. When using legacy init.ora parameter files, this is a manual process. To change a parameter value persistently, to have that new setting be in place across server restarts, you must manually edit and CHAPTER 3 ■ FILES 73 modify the init.ora parameter file. With server parameter files, you’ll see that this has been more or less fully automated for you in a single command. Legacy init.ora Parameter Files The legacy init.ora file is a very simple file in terms of its construction. It is a series of variable key/value pairs. A sample init.ora file might look like this: control_files='/home/ora11gr2/app/ora11gr2/oradata/orcl/control01.ctl','/home/ora11gr2 /app/ora11gr2/flash_recovery_area/orcl/control02.ctl' db_block_size=8192 db_name='orcl' In fact, this is pretty close to the most basic init.ora file you could get away with in real life, though if the block size I was using was the default on my platform (the default block size varies by platform), I could remove that parameter. The parameter file is used at the very least to get the name of the database and the location of the control files. The control files tell Oracle the location of every other file, so they are very important to the “bootstrap” process that starts the instance. Now that you know what these legacy database parameter files are and where to get more details about the valid parameters you can set, you also need to know where to find them on disk. The naming convention for this file by default is init$ORACLE_SID.ora (Unix environment variable) init%ORACLE_SID%.ora (Windows environment variable) and by default it will be found in $ORACLE_HOME/dbs (Unix) %ORACLE_HOME%\DATABASE (Windows) It is interesting to note that, in many cases, you’ll find the entire contents of this parameter file to be something like IFILE= C:\app\tkyte\admin\orcl\pfile\init.ora' The IFILE directive works in a similar fashion to an #include in C. It includes in the current file the contents of the named file. Here, this directive includes an init.ora file from a nondefault location. It should be noted that the parameter file does not have to be in any particular location. When starting an instance, you can use the pfile=filename option to the startup command. This is most useful when you’d like to try out different init.ora parameters on your database to see the effects of different settings. Legacy parameter files can be maintained by using any text editor. For example, on UNIX/Linux, I’d use vi; on the many Windows operating system versions, I’d use Notepad; and on a mainframe, I would perhaps use Xedit. It is important to note that you are fully responsible for editing and maintaining this file. There are no commands within the Oracle database itself that you can use to maintain the values in the init.ora file. For example, when you use the init.ora parameter file, issuing an ALTER SYSTEM command to change the size of an SGA component would not be reflected as a permanent change in that file. If you want that change to be made permanent—in other words, if you’d like it to be the default for subsequent restarts of the database—it’s up to you to make sure all init.ora parameter files that might be used to start this database are manually updated. The last interesting point of note is that the legacy parameter file is not necessarily located on the database server. One of the reasons the parameter file that that we’ll discuss shortly was introduced was CHAPTER 3 ■ FILES 74 to remedy this situation. The legacy parameter file must be present on the client machine attempting to start the database, meaning that if you run a UNIX server but administer it using SQL*Plus installed on your Windows desktop machine over the network, then you need the parameter file for the database on your desktop. I still remember how I made the painful discovery that the parameter files are not stored on the server. This goes back many years to when a brand-new (now retired) tool called SQL*DBA was introduced. This tool allowed us to perform remote operations, specifically, remote administrative operations. From my server (running SunOS at the time), I was able to connect remotely to a mainframe database server. I was also able to issue the shutdown command. However, it was at that point I realized I was in a bit of a jam—when I tried to start up the instance, SQL*DBA would complain about not being able to find the parameter file. I learned that these parameter files—the init.ora plain text files—were located on the machine with the client; they had to exist on the client machine—not on the server. SQL*DBA was looking for a parameter file on my local system to start the mainframe database. Not only did I not have any such file, I had no idea what to put into one to get the system started up again! I didn’t know the db_name or control file locations (even just getting the correct naming convention for the mainframe files would have been a bit of a stretch), and I didn’t have access to log into the mainframe system itself. I’ve not made that same mistake since; it was a painful lesson to learn. When DBAs realized that the init.ora parameter file had to reside on the client’s machine that starts the database, it led to a proliferation of these files. Every DBA wanted to run the administrative tools from his desktop, so every DBA needed a copy of the parameter file on his desktop machine. Tools such as Oracle Enterprise Manager (OEM) would add yet another parameter file to the mix. These tools would attempt to centralize the administration of all databases in an enterprise on a single machine, sometimes referred to as a “management server.” This single machine would run software that would be used by all DBAs to start up, shut down, back up, and otherwise administer a database. That sounds like a perfect solution: centralize all parameter files in one location and use the GUI tools to perform all operations. But the reality is that sometimes it’s much more convenient to issue the administrative startup command from within SQL*Plus on the database server machine itself during the course of some administrative task, so we ended up with multiple parameter files again: one on the management server and one on the database server. These parameter files would then get out of sync with each other and people would wonder why the parameter change they made last month might “disappear,” then reappear in seemingly randomly manner. Enter the server parameter file (SPFILE), which can now be a single source of truth for the database. Server Parameter Files (SPFILEs) SPFILEs represent a fundamental change in the way Oracle accesses and maintains parameter settings for the instance. An SPFILE eliminates the two serious issues associated with legacy parameter files: • It stops the proliferation of parameter files. An SPFILE is always stored on the database server; the SPFILE must exist on the server machine itself and can’t be located on the client machine. This makes it practical to have a single source of “truth” with regard to parameter settings. • It removes the need (in fact, it removes the ability) to manually maintain parameter files outside of the database using a text editor. The ALTER SYSTEM command lets you write values directly into the SPFILE. Administrators no longer have to find and maintain all of the parameter files by hand. The naming convention for this file by default is $ORACLE_HOME/dbs/spfile$ORACLE_SID.ora (Unix environment variable) %ORACLE_HOME/database/spfile%ORACLE_SID%.ora (Windows environment variable) CHAPTER 3 ■ FILES 75 I strongly recommend using the default location; doing otherwise defeats the simplicity SPFILEs represent. When an SPFILE is in its default location, everything is more or less done for you. Moving the SPFILE to a nondefault location means you have to tell Oracle where to find the SPFILE, leading to the original problems of legacy parameter files all over again! Converting to SPFILEs Suppose you have a database that is using a legacy parameter file. The move to an SPFILE is quite simple—you use the CREATE SPFILE command. ■ Note You can also use a “reverse” command to create a parameter file (PFILE) from an SPFILE. I’ll explain shortly why you might want to do that. So, assuming you have an init.ora parameter file and that init.ora parameter file is in the default location on the server, you simply issue the CREATE SPFILE command and restart your server instance: ops$tkyte%ORA11GR2> show parameter spfile NAME TYPE VALUE ------------------------------------ ----------- ------------------------------ spfile string ops$tkyte%ORA11GR2> create spfile from pfile; create spfile from pfile * ERROR at line 1: ORA-01031: insufficient privileges Well, that SHOW PARAMETER command shows that we did not create an SPFILE: the value is blank. We are not privileged enough to create the SPFILE, even though I am logged in as a DBA. Creating an SPFILE is considered to be very privileged, and you can do it only if you are connected using credentials that allow you to startup and shutdown the database. So let’s do that: ops$tkyte%ORA11GR2> connect / as sysoper; Connected. public%ORA11GR2> create spfile from pfile; File created. public%ORA11GR2> startup force ORACLE instance started. Database mounted. Database opened. I used the least privileged account I can to perform that operation, an account (mine) that uses the SYSOPER role. SYSOPER is allowed to manage the parameter files, start and stop the database, but not much else; that’s why the output of the startup command looks different—there is no SGA report, the memory settings are not visible, in fact: CHAPTER 3 ■ FILES 76 public%ORA11GR2> show parameter spfile ORA-00942: table or view does not exist While the SYSOPER role can start and stop the database, it can’t access V$ views and so on. It is very limited in what it can do. We can verify that we are using the SPFILE by connecting as an account privileged enough to do so: ops$tkyte%ORA11GR2> show parameter spfile NAME TYPE VALUE ------------------------------------ ----------- ------------------------------ spfile string /home/ora11gr2/dbs/spfileora11 gr2.ora To recap, we used the SHOW PARAMETER command here to show that initially we were not using an SPFILE, but after we created one and restarted the instance, we were using one and it had the default name. ■ Note In a clustered environment, using Oracle RAC, all instances share the same SPFILE, so this process of converting over to an SPFILE from a PFILE should be done in a controlled fashion. The single SPFILE can contain all of the parameter settings, even instance-specific settings, but you’ll have to merge all of the necessary parameter files into a single PFILE using the format that follows. In a clustered environment, in order to convert from individual PFILEs to an SPFILE shared by all, you’d merge your individual PFILEs into a single file resembling this: *.cluster_database_instances=2 *.cluster_database=TRUE *.cluster_interconnects='10.10.10.0' *.compatible='11.2.0.0.0' *.control_files='/ocfs/d1/O11G/control01.ctl','/ocfs/d2/O11G/control02.ctl' *.db_name='O11G' ... *.processes=150 *.undo_management='AUTO' O11G1.instance_number=1 O11G2.instance_number=2 O11G1.local_listener='LISTENER_O11G1' O11G2.local_listener='LISTENER_O11G2' O11G1.remote_listener='LISTENER_O11G2' O11G2.remote_listener='LISTENER_O11G1' O11G1.thread=1 O11G2.thread=2 O11G1.undo_tablespace='UNDOTBS1' O11G2.undo_tablespace='UNDOTBS2' CHAPTER 3 ■ FILES 77 That is, parameter settings that are common to all instances in the cluster would start with *.. Parameter settings that are specific to a single instance, such as the INSTANCE_NUMBER and the THREAD of redo to be used, are prefixed with the instance name (the Oracle SID). In the preceding example, • The PFILE would be for a two-node cluster with instances named O11G1 and O11G2. • The *.db_name = 'O11G assignment indicates that all instances using this SPFILE will be mounting a database named O11G. • O11G1.undo_tablespace='UNDOTBS1' indicates that the instance named O11G1 will use that specific undo tablespace, and so on. Setting Values in SPFILEs Once our database is up and running on the SPFILE, the next question relates to how we set and change values contained therein. Remember, SPFILEs are binary files and we can’t just edit them using a text editor. The answer is to use the ALTER SYSTEM command, which has the following syntax (portions in <> are optional, and the presence of the pipe symbol indicates “one of the list”): Alter system set parameter=value The ALTER SYSTEM SET command, by default, will update the currently running instance and make the change to the SPFILE for you. This greatly eases administration, and it eliminates the problems that arose when you used ALTER SYSTEM to add or modify parameter settings, but you forgot to update or missed an init.ora parameter file. Let’s take a look at each element of the command: • The parameter=value assignment supplies the parameter name and the new value for the parameter. For example, pga_aggregate_target = 1024m would set the pga_aggregate_target parameter to a value of 1,024MB (1GB). • comment='text' is an optional comment you can associate with this setting of the parameter. The comment will appear in the UPDATE_COMMENT field of the V$PARAMETER view. If you use the option to save the change to the SPFILE, the comment will be written into the SPFILE and preserved across server restarts as well, so future restarts of the database will see the comment. • deferred specifies whether the system change takes place for subsequent sessions only (not currently established sessions, including the one making the change). By default, the ALTER SYSTEM command will take effect immediately, but some parameters can’t be changed immediately—they can be changed only for newly established sessions. We can use the following query to see what parameters mandate the use of deferred: ops$tkyte%ORA11GR2> select name 2 from v$parameter 3 where issys_modifiable='DEFERRED'; NAME ------------------------------ backup_tape_io_slaves recyclebin audit_file_dest object_cache_optimal_size CHAPTER 3 ■ FILES 78 object_cache_max_size_percent sort_area_size sort_area_retained_size olap_page_pool_size 8 rows selected. ■ Note Your results may differ; from version to version, the list of which parameters may be set online—but must be deferred—can and will change. The code shows that SORT_AREA_SIZE is modifiable at the system level, but only in a deferred manner. The following code shows what happens if we try to modify its value with and without the deferred option: ops$tkyte%ORA11GR2> alter system set sort_area_size = 65536; alter system set sort_area_size = 65536 * ERROR at line 1: ORA-02096: specified initialization parameter is not modifiable with this option ops$tkyte%ORA11GR2> alter system set sort_area_size = 65536 deferred; System altered. • SCOPE=MEMORY|SPFILE|BOTH indicates the “scope” of this parameter setting. Here are our choices for setting the parameter value: • SCOPE=MEMORY changes the setting in the instance(s) only; it will not survive a database restart. The next time you start the database, the setting will be whatever was already recorded in the SPFILE. • SCOPE=SPFILE changes the value in the SPFILE only. The change will not take place until the database is restarted and the SPFILE is processed again. Some parameters can be changed only by using this option. For example, the processes parameter must use SCOPE=SPFILE, as you can’t change the active instance value. • SCOPE=BOTH means the parameter change takes place both in memory and in the SPFILE. The change will be reflected in the current instance and, the next time you start, this change will still be in effect. This is the default value for scope when using an SPFILE. With an init.ora parameter file, the default and only valid value is SCOPE=MEMORY. • sid='sid|*' is useful mostly in a clustered environment; sid='*' is the default. This lets you specify a parameter setting uniquely for any given instance in the cluster. Unless you are using Oracle RAC, you will not need to specify the sid= setting. CHAPTER 3 ■ FILES 79 A typical use of this command might be simply ops$tkyte%ORA11GR2> alter system set pga_aggregate_target=512m; System altered. ■ Note The preceding command—and in fact many of the ALTER SYSTEM commands in this book—may fail on your system. If you use other settings that are incompatible with my example (other memory parameters, for example), you may well receive an error. That doesn’t mean the command doesn’t work, but rather, the settings you attempted to use are not compatible with your overall setup. Better yet, perhaps, would be using the COMMENT= assignment to document when and why a particular change was made: ops$tkyte%ORA11GR2> alter system set pga_aggregate_target=512m 2 comment = 'Changed 14-dec-2009, AWR recommendation'; System altered. ops$tkyte%ORA11GR2> select value, update_comment 2 from v$parameter 3 where name = 'pga_aggregate_target' 4 / VALUE UPDATE_COMMENT -------------------- ---------------------------------------- 536870912 Changed 14-dec-2009, AWR recommendation Unsetting Values in SPFILEs The next question that arises is, how do we unset a value that we previously set. In other words, we don’t want that parameter setting in our SPFILE anymore. Since we can’t edit the file using a text editor, how do we accomplish that? This, too, is done via the ALTER SYSTEM command, but using the RESET clause: Alter system reset parameter sid='sid|*' So, for example, if we wanted to remove the sort_area_size parameter, to allow it to assume the default value we specified previously, we could do so as follows: ops$tkyte%ORA11GR2> alter system reset sort_area_size scope=spfile ; System altered. CHAPTER 3 ■ FILES 80 ■ Note In prior releases, specifically in Oracle 10g Release 2 and earlier, the SID= clause was not optional as it is now. In those releases, you’d include SID='*' on the end of the ALTER SYSTEM command to reset the parameter for all instances in the SPFILE. Or you’d specify SID='some_sid' to reset it for a single instance. The sort_area_size is removed from the SPFILE, which you can verify by issuing the following: ops$tkyte%ORA11GR2> connect / as sysoper; Connected. public%ORA11GR2> create pfile='/tmp/pfile.tst' from spfile; File created. You can then review the contents of /tmp/pfile.tst, which will be generated on the database server. You’ll find the sort_area_size parameter does not exist in the parameter files anymore. Creating PFILEs from SPFILEs The CREATE PFILE...FROM SPFILE command we just saw is the opposite of CREATE SPFILE. It takes the binary SPFILE and creates a plain text file from it—one that can be edited in any text editor and subsequently used to start up the database. You might use this command for at least two things on a regular basis: • To create a one-time parameter file with some special settings, to start up the database for maintenance. So, you’d issue CREATE PFILE...FROM SPFILE and edit the resulting text PFILE, modifying the required settings. You’d then start the database, using the PFILE= option to specify your PFILE instead of the SPFILE. After you finished, you’d just up normally without specifying the PFILE=, and the database would use the SPFILE. • To maintain a history of commented changes. In the past, many DBAs heavily commented their parameter files with a change history. If they changed the size of the buffer cache 20 times, for example, they would have 20 comments in front of the db_cache_size init.ora parameter setting, stating the date and reason for making the change. The SPFILE does not support this, but you can achieve the same effect if you get into the habit of doing the following: public%ORA11GR2> connect / as sysdba Connected. sys%ORA11GR2> create pfile='init_14_dec_2009_ora11g.ora' from spfile; File created. sys%ORA11GR2> alter system set pga_aggregate_target=512m 2 comment = 'Changed 14-dec-2009, AWR recommendation'; System altered. In this way, your history will be saved in the series of parameter files over time. CHAPTER 3 ■ FILES 81 Fixing Corrupted SPFILEs The last question that comes up with regard to SPFILEs is, “SPFILEs are binary files, so what happens if one gets corrupted and the database won’t start? At least the init.ora file was just text, so we could edit it and fix it.” Well, SPFILEs shouldn’t go corrupt any more than should a data file, redo log file, control file, and so forth. However, in the event one does—or if you have set a value in your spfile that does not allow the database to start—you have a couple of options. First, the amount of binary data in the SPFILE is very small. If you are on a UNIX platform, a simple strings command will extract all of your settings: [ora11gr2@dellpe dbs]$ strings spfile$ORACLE_SID.ora *.audit_file_dest='/home/ora11gr2/app/ora11gr2/admin/orcl/adump' *.audit_trail='db' … *.resource_limit=TRUE *.undo_tablespace='UNDOTBS1' On Windows, simply open the file with write.exe (WordPad). WordPad will display all of the clear text in the file, and by simply cutting and pasting into init.ora, you can create a PFILE to use to start your instance. In the event that the SPFILE has just “gone missing” (for whatever reason—not that I’ve seen an SPFILE disappear), you can also resurrect the information for your parameter file from the database’s alert log (more on the alert log shortly). Every time you start the database, the alert log will contain a section like this: Starting up: Oracle Database 11g Enterprise Edition Release 11.2.0.1.0 - Production With the Partitioning, OLAP, Data Mining and Real Application Testing options. Using parameter settings in server-side spfile /home/ora11gr2/dbs/spfileora11gr2.ora System parameters with non-default values: processes = 150 resource_limit = TRUE memory_target = 800M … db_name = "orcl" open_cursors = 300 diagnostic_dest = "/home/ora11gr2/app/ora11gr2" Mon Dec 14 14:42:14 2009 PMON started with pid=2, OS id=24977 From this section, you can easily create a PFILE to be converted into a new SPFILE using the CREATE SPFILE command. Parameter File Wrap-up In this section, we covered the basics of managing Oracle initialization parameters and parameter files. We looked at how to set parameters, view parameter values, and have those settings persist across database restarts. We explored the two types of database parameter files: legacy PFILEs (simple text files) and the newer SPFILEs. For all existing databases, using SPFILEs is recommended for the ease of administration and clarity they bring. The ability to have a single source of parameter “truth” for the database, along with the ability of the ALTER SYSTEM command to persist the parameter values, make SPFILEs a compelling feature. I started using them the instant they became available and haven’t looked back. CHAPTER 3 ■ FILES 82 Trace Files Trace files are a source of debugging information. When the server encounters a problem, it generates a trace file full of diagnostic information. When a developer executes DBMS_MONITOR.SESSION_TRACE_ENABLE, the server generates a trace file full of performance-related information. Trace files are available to us because Oracle is a heavily instrumented piece of software. By “instrumented,” I mean that the programmers who wrote the database kernel put in debugging code—lots and lots of it. And they left it in, on purpose. I’ve met many developers who consider debugging code to be overhead—something that must be ripped out before an application goes into production in a vain attempt to squeeze every ounce of performance out of the code. Later, of course, they discover that their code has a bug or it isn’t running as fast as it should (which end users tend to call a bug as well. To an end user, poor performance is a bug!). At that point, they really wish that the debug code was still in the code (or had been in there if it never was), especially since you can’t drop debug code into the production system. You have to test any new code before putting it into a production environment, and that’s not something you do at the drop of a hat. The Oracle database (and Application Server and Oracle applications and various tools such as Application Express (APEX)) is heavily instrumented. Signs of this instrumentation in the database are • V$ views: Most V$ views contain “debug” information. V$WAITSTAT, V$SESSION_EVENT, and many others exist solely to let us know what is going on deep in the kernel. • The AUDIT command: This command allows you to specify what events the database should record for later analysis. • Resource Manager (DBMS_RESOURCE_MANAGER): This feature lets you micromanage resources (CPU, I/O, and the like) within the database. What makes a Resource Manager in the database possible is that it has access to all of the runtime statistics describing how the resources are being used. • Oracle events: These enable you to ask Oracle to produce trace or diagnostic information as needed. • DBMS_TRACE: This facility within the PL/SQL engine exhaustively records the call tree of stored procedures, exceptions raised, and errors encountered. • Database event triggers: These triggers, such as ON SERVERERROR, allow you to monitor and log any condition you feel is “exceptional” or out of the ordinary. For example, you can log the SQL that was running when an “out of temp space” error was raised. • SQL_TRACE/DBMS_MONITOR: This is used to view the exact SQL, wait events and other performance/behavior related diagnostic information generated by running your application. The SQL Trace facility is also available in an extended fashion via the 10046 Oracle event. among others. Instrumentation is vital in application design and development, and the Oracle database becomes better instrumented with each release. In fact, the amount of additional instrumentation in the database between Oracle9i Release 2 and Oracle 10g, and now Oracle 11g, is phenomenal. Oracle 10g took code instrumentation in the kernel to a whole new level with the introduction of the Automatic Workload Repository (AWR) and Active Session History (ASH) features. Oracle 11g takes that further with options such as the Automatic Diagnostic Repository (ADR) and the SQL Performance Analyzer (SPA). CHAPTER 3 ■ FILES 83 In this section we’re going to focus on the information you can find in various types of trace files. We’ll cover what they are, where they are stored, and what we can do with them. There are two general types of trace file, and what we do with each kind is very different: • Trace files you expected and want: These are, for example, the result of enabling DBMS_MONITOR.SESSION_TRACE_ENABLE. They contain diagnostic information about your session and will help you tune your application to optimize its performance and diagnose any bottlenecks it is experiencing. • Trace files you were not expecting but the server generated as the result of an ORA- 00600 “Internal Error”, ORA-03113 “End of file on communication channel”, or ORA-07445 “Exception Encountered” type of error. These traces contain diagnostic information that is most useful to an Oracle Support analyst and, beyond showing where in our application the internal error was raised, are of limited use to us. Requested Trace Files The trace files you typically expect to be generated as the result of enabling trace via DBMS_MONITOR (ALTER SESSION SET SQL_TRACE=TRUE in Oracle 9i Release 2 and before), or using the extended trace facility via the 10046 event, might be as follows: ops$tkyte%ORA11GR2> alter session set events 2 '10046 trace name context forever, level 12' 3 / Session altered. These trace files contain diagnostic and performance related information. They provide invaluable insights into the inner workings of your database application. You will see these trace files more often than any other kind of trace file in a normally operating database. File Locations Whether you use DBMS_MONITOR, SQL_TRACE or the extended trace facility, Oracle will start generating a trace file on the database server machine in one of two locations: • If you are using a dedicated server connection, the trace file will be generated in the directory specified by the user_dump_dest parameter. • If you are using a shared server connection, the trace file will be generated in the directory specified by the background_dump_dest parameter. To see where the trace files will go, you can issue the show parameter dump_dest command from SQL*Plus, query the V$PARAMETER view, use the routine we created above (SCOTT.GET_PARAM), or query the new V$DIAG_INFO view. We’ll demonstrate each in turn below. ops$tkyte%ORA11GR2> show parameter dump_dest NAME TYPE VALUE ------------------------------------ ----------- ------------------------------ background_dump_dest string /home/ora11gr2/app/ora11gr2/di ag/rdbms/orcl/ora11gr2/trace core_dump_dest string /home/ora11gr2/app/ora11gr2/di ag/rdbms/orcl/ora11gr2/cdump user_dump_dest string /home/ora11gr2/app/ora11gr2/di ag/rdbms/orcl/ora11gr2/trace CHAPTER 3 ■ FILES 84 This shows the three dump (trace) destinations. The background dump destination is used by any “server” process (see Chapter 5, “Oracle Processes,” for a comprehensive list of Oracle background processes and their functions). The core dump destination is used for a “core dump” (very detailed process diagnostic information) when a serious problem arises, i.e., a process crash. The user dump destination is used by dedicated servers (covered in Chapter 2 “Architecture Overview”) when they generate a trace file. To continue with the various methods of examining these dump destinations, let’s take a look at the V$ tables available: ops$tkyte%ORA11GR2> select name, value 2 from v$parameter 3 where name like '%dump_dest%'; NAME VALUE -------------------- ------------------------- background_dump_dest /home/ora11gr2/app/ora11g r2/diag/rdbms/orcl/ora11g r2/trace user_dump_dest /home/ora11gr2/app/ora11g r2/diag/rdbms/orcl/ora11g r2/trace core_dump_dest /home/ora11gr2/app/ora11g r2/diag/rdbms/orcl/ora11g r2/cdump We could, of course, use the DBMS_UTILITY package we put in our earlier SCOTT.GET_PARAM function to query the V$PARAMETER table as well: ops$tkyte%ORA11GR2> set serveroutput on ops$tkyte%ORA11GR2> exec dbms_output.put_line( scott.get_param( 'user_dump_dest' ) ) /home/ora11gr2/app/ora11gr2/diag/rdbms/orcl/ora11gr2/trace PL/SQL procedure successfully completed. In Oracle database 11g, a new facility, the ADR, was added. As part of this new facility, there’s a new V$ view—V$DIAG_INFO. ■ Note V$DIAG_INFO is a view new to Oracle Database 11g and is not available in older releases. It is an easier interface to the trace information used by the new ADR facility. For readability purposes, in the following query against V$DIAG_INFO, I’ve factored out the long path name to the ADR Home directory, replacing it with $home$ in the output. This just makes it easier to read the output in the book; it is not something you need to do: ops$tkyte%ORA11GR2> with home 2 as 3 (select value home CHAPTER 3 ■ FILES 85 4 from v$diag_info 5 where name = 'ADR Home' 6 ) 7 select name, 8 case when value <> home.home 9 then replace(value,home.home,'$home$') 10 else value 11 end value 12 from v$diag_info, home 13 / NAME VALUE ------------------------------ ---------------------------------------- Diag Enabled TRUE ADR Base /home/ora11gr2/app/ora11gr2 ADR Home /home/ora11gr2/app/ora11gr2/diag/rdbms/o rcl/ora11gr2 Diag Trace $home$/trace Diag Alert $home$/alert Diag Incident $home$/incident Diag Cdump $home$/cdump Health Monitor $home$/hm Default Trace File $home$/trace/ora11gr2_ora_1787.trc Active Problem Count 1 Active Incident Count 50 11 rows selected. As you can see, the rows contain paths to the locations of various trace files. Oracle Database 11g revamped where many files are stored by default, organizing them a bit better to ease the support process when you log a service request with Oracle. The most important rows are • Diag Trace: This is where the trace files, both background and user dump destinations, go to in Oracle 11g. • Default Trace File: This is the name of your current session’s trace file. In earlier releases, this file name could be tricky to figure out (we’ll see how below). In Oracle Database 11g, a simple query against V$DIAG_INFO returns the fully qualified file name. Prior to Oracle Database 11g and the addition of the Default Trace File information, you had to locate your trace file manually. If you use a shared server connection to Oracle, you are using a background process so the location of your trace files is defined by background_dump_dest. If you use a dedicated server connection, you are using a user or foreground process to interact with Oracle so your trace files will go in the directory specified by the user_dump_dest parameter. The core_dump_dest parameter defines where a “core” file would be generated in the event of a serious Oracle internal error (such as a segmentation fault on UNIX), or if Oracle Support had you generate one for additional debug information. In general, the two destinations of interest are the background and user dump destinations. Unless otherwise stated, we will be using dedicated server connections in the course of this book, so all of our trace files will be generated in the user_dump_dest location. CHAPTER 3 ■ FILES 86 Naming Convention The trace file naming convention changes from time to time in Oracle, but if you have an example trace file name from your system, it is easy to see the template in use. For example, on my various Linux servers, a trace file name looks like those in Table 3-1. Table 3-1. Sample Trace File Names Trace File Name Database Version ora_10583.trc 9i Release 1 ora9ir2_ora_1905.trc 9i Release 2 ora10gr2_ora_6793.trc 10g Release 2 ora11gr2_ora_1990.trc 11g Release 2 On my servers, the trace file name can be broken down as follows: • The first part of the file name is the ORACLE_SID (with the exception of Oracle9i Release 1, where Oracle decided to leave that off). • The next bit of the file name is just ora. • The number in the trace file name is the process ID of your dedicated server, available to you from the V$PROCESS view. Therefore, prior to Oracle Database 11g, which has the easy to use V$DIAG_INFO view, in practice (assuming dedicated server mode) you need access to four views to determine your trace file name: • V$PARAMETER, which is used t locate the trace file for user_dump_dest and to find the optional tracefile_identifier that might be used in your trace file name. • V$PROCESS, which is used to find the process ID. • V$SESSION, which is used to correctly identify your session’s information in the other views. • V$INSTANCE, which is used to get the ORACLE_SID. As noted earlier, you can use the DBMS_UTILITY to find the location, and often you simply “know” the ORACLE_SID, so technically you might only need access to V$SESSION and V$PROCESS, but for ease of use you’d want access to all four. A query, then, to generate your trace file name could be: ops$tkyte%ORA11GR2> column trace new_val T ops$tkyte%ORA11GR2> select c.value || '/' || d.instance_name || '_ora_' || 2 a.spid || '.trc' || 3 case when e.value is not null then '_'||e.value end trace 4 from v$process a, v$session b, v$parameter c, v$instance d, v$parameter e 5 where a.addr = b.paddr 6 and b.audsid = userenv('sessionid') 7 and c.name = 'user_dump_dest' 8 and e.name = 'tracefile_identifier' CHAPTER 3 ■ FILES 87 9 / TRACE --------------------------------------------------------------------------------- /home/ora11gr2/app/ora11gr2/diag/rdbms/orcl/ora11gr2/trace/ora11gr2_ora_1990.trc And this just shows that if the file exists, you’ll be able to access it via that name (assuming you have the permissions to read the trace directory!). The following example generates a trace file, showing how the file is created once the trace is enabled: ops$tkyte%ORA11GR2> !ls &T ls: /home/ora11gr2/app/ora11gr2/diag/rdbms/orcl/ora11gr2/trace/ora11gr2_ora_1990.trc: No such file or directory ops$tkyte%ORA11GR2> exec dbms_monitor.session_trace_enable PL/SQL procedure successfully completed. ops$tkyte%ORA11GR2> !ls &T /home/ora11gr2/app/ora11gr2/diag/rdbms/orcl/ora11gr2/trace/ora11gr2_ora_1990.trc As you can see, before we enabled tracing in that session, no file existed; as soon as tracing is enabled, however, we are able to see it. It should be obvious that on Windows you’d replace the / with \. If you are using 9i Release 1, instead of adding the instance name into the trace file name, you’d simply issue the following: select c.value || 'ora_' || a.spid || '.trc' Tagging Trace Files There is a way to “tag” your trace file so that you can find it even if you are not permitted access to V$PROCESS and V$SESSION. Assuming you have access to read the user_dump_dest directory, you can use the session parameter tracefile_identifier. With this, you can add a uniquely identifiable string to the trace file name, for example: ops$tkyte%ORA11GR2> connect / Connected. ops$tkyte%ORA11GR2> alter session set tracefile_identifier = 'Look_For_Me'; Session altered. ops$tkyte%ORA11GR2> !ls /home/ora11gr2/app/ora11gr2/diag/rdbms/orcl /ora11gr2/trace/*Look_For_Me*.trc ls: /home/ora11gr2/app/ora11gr2/diag/rdbms/orcl/ora11gr2/trace/*Look_For_Me*.trc: No such file or directory ops$tkyte%ORA11GR2> exec dbms_monitor.session_trace_enable PL/SQL procedure successfully completed. ops$tkyte%ORA11GR2> !ls /home/ora11gr2/app/ora11gr2/diag/rdbms/orcl /ora11gr2/trace/*Look_For_Me*.trc /home/ora11gr2/app/ora11gr2/diag/rdbms/orcl/ora11gr2/trace/ora11gr2_ora_2161_Look_For_Me.trc CHAPTER 3 ■ FILES 88 As you can see, the trace file is now named in the standard _ora_ format, but it also has the unique string we specified associated with it, making it easy to find “our” trace file name. Trace Files Generated in Response to Internal Errors I’d like to close this section with a discussion about those other kinds of trace files—the ones we did not expect that were generated as a result of an ORA-00600 or some other internal error. Is there anything we can do with them? The short answer is that, in general, they are not for you and me. They are useful to Oracle Support. However, they can be helpful when we file a service request with Oracle Support. That point is crucial: if you are getting internal errors, the only way they will ever be corrected is if you file a service request. If you just ignore them, they will not get fixed by themselves, except by accident. For example, in Oracle 10g Release 1, if you create the following table and run the query, you may well get an internal error (or not; it was filed as a bug and is corrected in later patch releases): ops$tkyte@ORA10G> create table t ( x int primary key ); Table created. ops$tkyte@ORA10G> insert into t values ( 1 ); 1 row created. ops$tkyte@ORA10G> exec dbms_stats.gather_table_stats( user, 'T' ); PL/SQL procedure successfully completed. ops$tkyte@ORA10G> select count(x) over () 2 from t; from t * ERROR at line 2: ORA-00600: internal error code, arguments: [12410], [], [], [], [], [], [], [] Now, suppose you are the DBA and all of a sudden this trace file pops up in the trace area. Or you are the developer and your application raises an ORA-00600 error and you want to find out what happened. There is a lot of information in that trace file (some 35,000 lines, in fact), but in general it’s not useful to you and me. We would generally just compress the trace file and upload it as part of our service request processing. Starting in Oracle database 11g, the process of gathering the trace information and uploading it to support has been modified (and made significantly easier). A new command-line tool, in conjunction with a user interface via Enterprise Manager, allows you to review the trace information in the ADR, and package and transmit it to Oracle Support. The ADRCI tool allows you to review “problems” (critical errors in the database) and incidents (occurrences of those critical errors) and to package them up for transmission to support. The packaging step includes retrieving not only the trace information, but also details from the database alert log and other configuration/test case information. For example, I set up a situation in my database that raised a critical error (no, I won’t say what it is. You have to generate your own critical errors.). I knew I had a “problem” in my database because the ADRCI tool told me so: CHAPTER 3 ■ FILES 89 $ adrci ADRCI: Release 11.2.0.1.0 - Production on Wed Jan 20 14:15:16 2010 Copyright (c) 1982, 2009, Oracle and/or its affiliates. All rights reserved. ADR base = "/home/ora11gr2/app/ora11gr2" adrci> show problem ADR Home = /home/ora11gr2/app/ora11gr2/diag/rdbms/orcl/ora11gr2: ************************************************************************* PROBLEM_ID PROBLEM_KEY LAST_INCIDENT LASTINC_TIME -------------------- ----------------------------------------------------------- ----------- --------- ---------------------------------------- 1 ORA 4031 7228 2009-12-15 03:32:51.964000 -05:00 1 rows fetched On December 15, 2009 I caused an ORA-4031, a serious problem, in the database. I can now see what was affected by that error by issuing the show incident command: adrci> show incident ADR Home = /home/ora11gr2/app/ora11gr2/diag/rdbms/orcl/ora11gr2: ************************************************************************* INCIDENT_ID PROBLEM_KEY CREATE_TIME -------------------- ----------------- -------------------------- 6201 ORA 4031 2009-12-15 03:22:54.854000 -05:00 6105 ORA 4031 2009-12-15 03:23:05.169000 -05:00 6177 ORA 4031 2009-12-15 03:23:07.543000 -05:00 6202 ORA 4031 2009-12-15 03:23:12.963000 -05:00 6203 ORA 4031 2009-12-15 03:23:21.175000 -05:00 5 rows fetched I can see there were five incidents, and I can identify the information related to each incident via the show tracefile command: adrci> show tracefile -I 6177 diag/rdbms/orcl/ora11gr2/incident/incdir_6177/ora11gr2_ora_26528_i6177.trc adrci> This shows me the location of the trace file for incident number 6177. Further, I can see a lot of detail about the incident if I so choose: adrci> show incident -mode detail -p "incident_id=6177" ADR Home = /home/ora11gr2/app/ora11gr2/diag/rdbms/orcl/ora11gr2: ************************************************************************* ********************************************************** INCIDENT INFO RECORD 1 ********************************************************** INCIDENT_ID 6177 STATUS ready CHAPTER 3 ■ FILES 90 CREATE_TIME 2009-12-15 03:23:07.543000 -05:00 PROBLEM_ID 1 CLOSE_TIME FLOOD_CONTROLLED none ERROR_FACILITY ORA ERROR_NUMBER 4031 ERROR_ARG1 3920 ERROR_ARG2 shared pool ERROR_ARG3 EMD_NOTIFICATION ERROR_ARG4 TCHK^ef65fa09 ERROR_ARG5 kggec.c.kggfa ERROR_ARG6 ERROR_ARG7 ERROR_ARG8 ERROR_ARG9 ERROR_ARG10 ERROR_ARG11 ERROR_ARG12 SIGNALLING_COMPONENT KGH SIGNALLING_SUBCOMPONENT SUSPECT_COMPONENT SUSPECT_SUBCOMPONENT ECID IMPACTS 0 PROBLEM_KEY ORA 4031 FIRST_INCIDENT 6201 FIRSTINC_TIME 2009-12-15 03:22:54.854000 -05:00 LAST_INCIDENT 7228 LASTINC_TIME 2009-12-15 03:32:51.964000 -05:00 IMPACT1 34668547 IMPACT2 34668546 IMPACT3 0 IMPACT4 0 KEY_NAME PQ KEY_VALUE (0, 1260827857) KEY_NAME ProcId KEY_VALUE 22.142 KEY_NAME Client ProcId KEY_VALUE oracle@dellpe (TNS V1-V3).26528_3077348000 KEY_NAME SID KEY_VALUE 130.415 OWNER_ID 1 INCIDENT_FILE /home/ora11gr2/app/ora11gr2/diag/rdbms/orcl/ora11gr2 /incident/incdir_6177/ora11gr2_ora_26528_i6177.trc OWNER_ID 1 INCIDENT_FILE /home/ora11gr2/app/ora11gr2/diag/rdbms/orcl /ora11gr2/trace/ora11gr2_ora_26528.trc 1 rows fetched And, finally, I can create a “package” of the incident that is useful for support. The package will contain everything a support analyst needs to begin working on the problem. Here’s an example command to create such a package: CHAPTER 3 ■ FILES 91 adrci> ips create package incident 6177 Created package 1 based on incident id 6177, correlation level typical This section is not intended to be a full overview or introduction to the ADRCI command, which is documented fully in the Oracle Database Utilities 11g Release 2 (11.2) manual. Rather, I just wanted to introduce the existence of the tool—a tool that makes using trace files easy. Prior to ADRCI in 11g, was there anything you could do with the unexpected trace files beyond sending them to support? Yes, there is some information in a trace file that can help you track down the who, what, and where of an error. The trace file can also help you find out if the problem is something others have experienced. The previous example shows that ADRCI is an easy way to interrogate the trace files in Oracle Database 11g (I showed just a small fraction of the commands available). In 10g and before, you can do the same thing, albeit it a bit more manually. For example, a quick inspection of the very top of a trace file provides some useful information. Here’s an example: /home/ora10gr1/admin/ora10gr1/udump/ora10gr1_ora_2578.trc Oracle Database 10g Enterprise Edition Release 10.1.0.4.0 - Production With the Partitioning, OLAP and Data Mining options ORACLE_HOME = /home/ora10gr1 System name: Linux Node name: dellpe Release: 2.6.9-11.ELsmp Version: #1 SMP Fri May 20 18:26:27 EDT 2005 Machine: i686 Instance name: ora10gr1 Redo thread mounted by this instance: 1 Oracle process number: 16 Unix process pid: 2578, image: oracle@dellpe (TNS V1-V3) The database information is important to have when you go to http://metalink.oracle.com to file the service request or to search to see if what you are experiencing is a known problem. In addition, you can see the Oracle instance on which the error occurred. It is quite common to have many instances running concurrently, so isolating the problem to a single instance is useful. Here’s another section of the trace file to be aware of: *** 2010-01-20 14:32:40.007 *** ACTION NAME:() 2010-01-20 14:32:39.988 *** MODULE NAME:(SQL*Plus) 2010-01-20 14:32:39.988 *** SERVICE NAME:(SYS$USERS) 2010-01-20 14:32:39.988 This part of the trace file is new with Oracle 10g and above and won’t be there in Oracle9i and before. It shows the session information available in the columns ACTION and MODULE from V$SESSION. Here we can see that it was a SQL*Plus session that caused the error to be raised (you and your developers can and should set the ACTION and MODULE information; some environments such as Oracle Forms and APEX already do this for you). Additionally, we have the SERVICE NAME. This is the actual service name used to connect to the database—SYS$USERS, in this case—indicating we didn’t connect via a TNS service. If we logged in using user/pass@ora10g.localdomain, we might see: *** SERVICE NAME:(SYS$USERS) 2010-01-20 14:32:39.988 CHAPTER 3 ■ FILES 92 where ora10g is the service name (not the TNS connect string; rather, it’s the ultimate service registered in a TNS listener to which it connected). This is also useful in tracking down which process or module is affected by this error. Lastly, before we get to the actual error, we can see the session ID and related date/time information (all releases) as further identifying information: *** SESSION ID:(19.27995) 2010-01-20 14:32:39.988 Now we are ready to get into the error itself: ksedmp: internal or fatal error ORA-00600: internal error code, arguments: [12410], [], [], [], [], [], [], [] Current SQL statement for this session: select count(x) over () from t ----- Call Stack Trace ----- _ksedmp+524 _ksfdmp.160+14 _kgeriv+139 _kgesiv+78 _ksesic0+59 _qerixAllocate+4155 _qknRwsAllocateTree+281 _qknRwsAllocateTree+252 _qknRwsAllocateTree+252 _qknRwsAllocateTree+252 _qknDoRwsAllocate+9 ... Here we see a couple of important pieces of information. First, we find the SQL statement that was executing when the internal error was raised, which is very useful for tracking down what application(s) was affected. Also, since we see the SQL here, we can start investigating possible workarounds—trying different ways to code the SQL to see if we can quickly work around the issue while working on the bug. Furthermore, we can cut and paste the offending SQL into SQL*Plus and see if we have a nicely reproducible test case for Oracle Support (these are the best kinds of test cases, of course). The other important pieces of information are the error code (typically 600, 3113, or 7445) and other arguments associated with the error code. Using these, along with some of the stack trace information that shows the set of Oracle internal subroutines that were called in order, we might be able to find an existing bug (and workarounds, patches, and so on). For example, we might use the search string ora-00600 12410 ksesic0 qerixAllocate qknRwsAllocateTree Using MetaLink’s advanced search (using all of the words, search the bug database), we immediately find the bug 3800614, “ORA-600 [12410] ON SIMPLE QUERY WITH ANALYTIC FUNCTION”. If we go to http://metalink.oracle.com and search using that text, we will discover this bug, see that it is fixed in the next release, and note that patches are available—all of this information is available to us. I often find that the error I receive is one that has happened before and there are fixes or workarounds for it. CHAPTER 3 ■ FILES 93 Trace File Wrap-up You now know the two types of general trace files, where they are located, and how to find them. Hopefully you’ll use trace files mostly for tuning and increasing the performance of your application, rather than for filing service requests. As a last note, Oracle Support does have access to many undocumented “events” that are very useful for dumping out tons of diagnostic information whenever the database hits any error. For example, if you are getting an ORA-01555 Snapshot Too Old that you absolutely feel you should not be getting, Oracle Support can guide you through the process of setting such diagnostic events to help you track down precisely why that error is getting raised, by creating a trace file every time that error is encountered Alert File The alert file (also known as the alert log) is the diary of the database. It is a simple text file written to from the day the database is “born” (created) to the end of time (when you erase it). In this file, you’ll find a chronological history of your database—the log switches; the internal errors that might be raised; when tablespaces were created, taken offline, put back online; and so on. It is an incredibly useful file for viewing the history of a database. I like to let mine grow fairly large before “rolling” (archiving) it. The more information the better, I believe, for this file. I will not describe everything that goes into an alert log—that’s a fairly broad topic. I encourage you to take a look at yours, however, and see the wealth of information it holds. Instead, in this section we’ll take a look at a specific example of how to mine information from this alert log, in this case to create an uptime report. In the past, I’ve used the alert log file for the http://asktom.oracle.com web site and to generate an uptime report for my database. Instead of poking through the file and figuring that out manually (the shutdown and startup times are in there), I decided to take advantage of the database and SQL to automate that work, thus creating a technique for generating a dynamic uptime report straight from the alert log. Using an EXTERNAL TABLE (which is covered in much more detail in Chapter 10, “Database Tables”), we can actually query our alert log and see what is in there. I discovered that a pair of records was produced in my alert log every time I started the database: Thu May 6 14:24:42 2004 Starting ORACLE instance (normal) That is, I always saw a timestamp record, in that constant, fixed-width format, coupled with the message Starting ORACLE instance. I also noticed that before these records would be an ALTER DATABASE CLOSE message (during a clean shutdown), or a shutdown abort message, or nothing—no message, indicating a system crash. But any message would have some timestamp associated with it as well. So, as long as the system didn’t crash, some meaningful timestamp would be recorded in the alert log (and in the event of a system crash, some timestamp would be recorded shortly before the crash, as the alert log is written to quite frequently). I discovered that I could easily generate an uptime report if I • Collected all of the records like Starting ORACLE instance %. • Collected all of the records that matched the date format (that were in fact dates). • Associated with each Starting ORACLE instance record the prior two records (which would be dates). CHAPTER 3 ■ FILES 94 The following code creates an external table to make it possible to query the alert log. (Note: replace /background/dump/dest/ with your actual background dump destination and use your alert log name in the CREATE TABLE statement.) ops$tkyte%ORA11GR2> create or replace 2 directory data_dir 3 as 4 '/home/ora11gr2/app/ora11gr2/diag/rdbms/orcl/ora11gr2/trace' 5 / Directory created. ops$tkyte%ORA11GR2> ops$tkyte%ORA11GR2> CREATE TABLE alert_log 2 ( 3 text_line varchar2(255) 4 ) 5 ORGANIZATION EXTERNAL 6 ( 7 TYPE ORACLE_LOADER 8 DEFAULT DIRECTORY data_dir 9 ACCESS PARAMETERS 10 ( 11 records delimited by newline 12 fields 13 ) 14 LOCATION 15 ( 16 'alert_ora11gr2.log' 17 ) 18 ) 19 / Table created. We can now query that information anytime: ops$tkyte%ORA11GR2> select to_char(last_time,'dd-mon-yyyy hh24:mi') shutdown, 2 to_char(start_time,'dd-mon-yyyy hh24:mi') startup, 3 round((start_time-last_time)*24*60,2) mins_down, 4 round((last_time-lag(start_time) over (order by r)),2) days_up, 5 case when (lead(r) over (order by r) is null ) 6 then round((sysdate-start_time),2) 7 end days_still_up 8 from ( 9 select r, 10 to_date(last_time, 'Dy Mon DD HH24:MI:SS YYYY') last_time, 11 to_date(start_time,'Dy Mon DD HH24:MI:SS YYYY') start_time 12 from ( 13 select r, 14 text_line, 15 lag(text_line,1) over (order by r) start_time, 16 lag(text_line,2) over (order by r) last_time 17 from ( CHAPTER 3 ■ FILES 95 18 select rownum r, text_line 19 from alert_log 20 where text_line like '___ ___ __ __:__:__ 20__' 21 or text_line like 'Starting ORACLE instance %' 22 ) 23 ) 24 where text_line like 'Starting ORACLE instance %' 25 ) 26 / SHUTDOWN STARTUP MINS_DOWN DAYS_UP DAYS_STILL_UP ----------------- ----------------- ---------- ---------- ------------- 14-sep-2009 17:11 10-oct-2009 07:00 19-oct-2009 14:54 13433.93 25.58 31-oct-2009 05:00 07-nov-2009 08:32 10291.32 11.59 11-dec-2009 13:15 11-dec-2009 14:33 77.25 34.2 14-dec-2009 14:40 14-dec-2009 14:41 .02 3.01 14-dec-2009 14:42 14-dec-2009 14:42 0 0 15-dec-2009 08:31 15-dec-2009 08:31 .03 .74 36.27 7 rows selected. I won’t go into the nuances of the SQL query here, but the innermost query from lines 18 through 21 collects the “Starting” and date lines (remember, when using a LIKE clause, _ matches precisely one character—at least one and at most one). That query also numbers the lines using rownum. Then, the next level of query uses the built-in LAG() analytic function to reach back one and two rows for each row, and slide that data up so the third row of this query has the data from rows 1, 2, and 3. Row 4 has the data from rows 2, 3, and 4, and so on. We end up keeping just the rows that were like Starting ORACLE instance %, which now have the two preceding timestamps associated with them. From there, computing downtime is easy: we just subtract the two dates. Computing the uptime is not much harder (now that you’ve seen the LAG() function): we just reach back to the prior row, get its startup time, and subtract that from this line’s shutdown time. My Oracle 11g Release 2 database came into existence on 14-Sep-2009 and it has been shut down six times (and as of this writing it has been up for 36.27 days in a row). If you are interested in seeing another example of mining the alert log for useful information, go to http://tinyurl.com/y8wkhjt. This page shows a demonstration of how to compute the average time it took to archive a given online redo log file. Once you understand what is in the alert log, generating these queries on your own becomes easy. In addition to using an external table to query the alert log in 11g, you can easily view the alert log using the ADRCI tool. That tool lets you find, edit (review), and monitor (interactively display new records as they appear in the alert log). Also, the alert log in 11g and above is available in two versions— the old version we just used and an XML version: ops$tkyte%ORA11GR2> select value from v$diag_info where name = 'Diag Alert'; VALUE ------------------------------------------------------------------------------- /home/ora11gr2/app/ora11gr2/diag/rdbms/orcl/ora11gr2/alert ops$tkyte%ORA11GR2> !ls /home/ora11gr2/app/ora11gr2/diag/rdbms/orcl/ora11gr2/alert log.xml ops$tkyte%ORA11GR2> !head /home/ora11gr2/app/ora11gr2/diag/rdbms/orcl/ora11gr2/alert/log.xml CHAPTER 3 ■ FILES 96 Starting ORACLE instance (normal) create tablespace dmt 2 datafile '/tmp/dmt.dbf' size 2m 3 extent management dictionary; create tablespace dmt * ERROR at line 1: ORA-12913: Cannot create dictionary managed tablespace CHAPTER 3 ■ FILES 103 ops$tkyte%ORA11GR2> !oerr ora 12913 12913, 00000, "Cannot create dictionary managed tablespace" // *Cause: Attemp to create dictionary managed tablespace in database // which has system tablespace as locally managed // *Action: Create a locally managed tablespace. Note that Oerr is a Unix-only utility; on non-Unix platforms, you’ll need to refer to the Oracle Error Messages documentation for the details on the error you receive. ■ Note You might wonder why I wrote “It’s not that dictionary-managed tablespaces are not supported in a database where SYSTEM is locally managed, it’s that they simply can’t be created.” If they can’t be created, why would we need to support them? The answer lies in the transportable tablespace feature. You can transport a dictionary-managed tablespace into a database with a SYSTEM tablespace that is locally managed. You can plug that tablespace in and have a dictionary-managed tablespace in your database, but you can’t create one from scratch in that database. The inability to create dictionary-managed tablespaces is a positive side effect, as it prohibits you from using the legacy storage mechanism, which was less efficient and dangerously prone to space fragmentation. Locally-managed tablespaces, in addition to being more efficient in space allocation and deallocation, also prevent tablespace fragmentation. We’ll take an in-depth look at this in Chapter 10 “Database Tables.” Temp Files Temporary data files (temp files) in Oracle are a special type of data file. Oracle will use temporary files to store the intermediate results of large sort operations and hash operations, as well as to store global temporary table data, or resultset data, when there is insufficient memory to hold it all in RAM. Permanent data objects, such as a table or an index, will never be stored in a temp file, but the contents of a temporary table and its indexes would be. So, you’ll never create your application tables in a temp file, but you might store data there when you use a temporary table. Temp files are treated in a special way by Oracle. Normally, every change you make to an object will be recorded in the redo logs; these transaction logs can be replayed at a later date to “redo a transaction,” which you might do during recovery from failure. Temp files are excluded from this process. Temp files never have REDO generated for them, although they can have UNDO generated. Thus, there will be REDO generated working with temporary tables since UNDO is always protected by REDO, as you will see in detail in Chapter 9 “Redo and Undo.” The UNDO generated for global temporary tables is to support rolling back work you’ve done in your session, either due to an error processing data or because of some general transaction failure. A DBA never needs to back up a temporary data file, and, in fact, attempting to do so would be a waste of time, as you can never restore a temporary data file. It is recommended that your database be configured with locally-managed temporary tablespaces. You’ll want to make sure that as a DBA, you use a CREATE TEMPORARY TABLESPACE command. You don’t want to just alter a permanent tablespace to a temporary one, as you do not get the benefits of temp files that way. CHAPTER 3 ■ FILES 104 One of the nuances of true temp files is that if the OS permits it, the temporary files will be created sparse—that is, they will not actually consume disk storage until they need to. You can see that easily in this example (on Red Hat Linux): ops$tkyte%ORA11GR2> !df -h /tmp Filesystem Size Used Avail Use% Mounted on /dev/mapper/VolGroup00-LogVol00 132G 79G 47G 63% / ops$tkyte%ORA11GR2> create temporary tablespace temp_huge 2 tempfile '/tmp/temp_huge.dbf' size 2048m; Tablespace created. ops$tkyte%ORA11GR2> !df -h /tmp Filesystem Size Used Avail Use% Mounted on /dev/mapper/VolGroup00-LogVol00 132G 79G 47G 63% / ops$tkyte%ORA11GR2> !ls -l /tmp/temp_huge.dbf -rw-rw---- 1 ora11gr2 ora11gr2 2147491840 Jan 20 15:45 /tmp/temp_huge.dbf ■ Note The UNIX command df shows “disk free” space. This command showed that I have 47GB free in the file system containing /tmp before I added a 2GB temp file to the database. After I added that file, I still had 47GB free in the file system. Apparently it didn’t take much storage to hold that file. If we look at the ls output, it appears to be a normal 2GB file, but it is, in fact, consuming only a few kilobytes of storage currently. So we could actually create hundreds of these 2GB temporary files, even though we have roughly 47GB of disk space free. Sounds great—free storage for all! The problem is, as we start to use these temp files and they start expanding out, we would rapidly hit errors stating “no more space.” Since the space is allocated or physically assigned to the file as needed by the OS, we stand a definite chance of running out of room (especially if after we create the temp files, someone else fills up the file system with other stuff). How to solve this differs from OS to OS. On Linux, you can use dd to fill the file with data, causing the OS to physically assign disk storage to the file, or use cp to create a nonsparse file, for example: ops$tkyte%ORA11GR2> !cp --sparse=never /tmp/temp_huge.dbf /tmp/temp_huge_not_sparse.dbf ops$tkyte%ORA11GR2> !df -h /tmp Filesystem Size Used Avail Use% Mounted on /dev/mapper/VolGroup00-LogVol00 132G 81G 45G 65% / ops$tkyte%ORA11GR2> drop tablespace temp_huge including contents and datafiles; Tablespace dropped. CHAPTER 3 ■ FILES 105 ops$tkyte%ORA11GR2> create temporary tablespace temp_huge 2 tempfile '/tmp/temp_huge_not_sparse.dbf' reuse; Tablespace created. After copying the sparse 2GB file to /tmp/temp_huge_not_sparse.dbf and creating the temporary tablespace using that temp file with the REUSE option, we are assured that temp file has allocated all of its file system space and our database actually has 2GB of temporary space to work with. ■ Note In my experience, Windows NTFS does not do sparse files, and this applies to UNIX/Linux variants. On the plus side, if you have to create a 15GB temporary tablespace on UNIX/Linux and have temp file support, you’ll find it happens very fast (instantaneously); just make sure you have 15GB free and reserve it in your mind. Control Files Control files are fairly small files (they can grow up to 64MB or so in extreme cases) that contain a directory of the other files Oracle needs. The parameter file tells the instance where the control files are, and the control files tell the instance where the database and online redo log files are. The control files also tell Oracle other things, such as information about checkpoints that have taken place, the name of the database (which should match the db_name parameter in the parameter file), the timestamp of the database as it was created, an archive redo log history (this can make a control file large in some cases), RMAN information, and so on. Control files should be multiplexed either by hardware (RAID) or by Oracle when RAID or mirroring is not available. More than one copy should exist, and the copies should be stored on separate disks to avoid losing them in case you have a disk failure. It is not fatal to lose your control files—it just makes recovery that much harder. Control files are something a developer will probably never have to actually deal with. To a DBA, they are an important part of the database, but to a software developer they are not really relevant. Redo Log Files Redo log files are crucial to the Oracle database. These are the transaction logs for the database. They are generally used only for recovery purposes, but they can be used for the following as well: • Instance recovery after a system crash • Media recovery after a data file restore from backup • Standby database processing • Input into “Streams,” a redo log mining process for information sharing (a fancy way of saying replication) Their main purpose in life is to be used in the event of an instance or media failure, or as a method of maintaining a standby database for failover. If the power goes off on your database machine, causing an instance failure, Oracle will use the online redo logs to restore the system to exactly the point it was at immediately prior to the power outage. If your disk drive containing your data file fails permanently, Oracle will use archived redo logs, as well as online redo logs, to recover a backup of that drive to the CHAPTER 3 ■ FILES 106 correct point in time. Additionally, if you “accidentally” drop a table or remove some critical information and commit that operation, you can restore a backup and have Oracle restore it to the point just before the accident using these online and archive redo log files. Virtually every operation you perform in Oracle generates some amount of redo to be written to the online redo log files. When you insert a row into a table, the end result of that insert is written to the redo logs. When you delete a row, the fact that you deleted that row is written. When you drop a table, the effects of that drop are written to the redo log. The data from the table you dropped is not written; however, the recursive SQL that Oracle performs to drop the table does generate redo. For example, Oracle will delete a row from the SYS.OBJ$ table (and other internal dictionary objects), and this will generate redo, and if various modes of supplemental logging are enabled, the actual DROP TABLE statement will be written into the redo log stream. Some operations may be performed in a mode that generates as little redo as possible. For example, I can create an index with the NOLOGGING attribute. This means that the initial creation of the index data will not be logged, but any recursive SQL Oracle performed on my behalf will be. For example, the insert of a row into SYS.OBJ$ representing the existence of the index will be logged, as will all subsequent modifications of the index using SQL inserts, updates, and deletes. But the initial writing of the index structure to disk will not be logged. I’ve referred to two types of redo log file: online and archived. We’ll take a look at each in the sections that follow. In Chapter 9, “Redo and Undo,” we’ll take another look at redo in conjunction with rollback segments, to see what impact they have on you as a developer. For now, we’ll just concentrate on what they are and what their purpose is. Online Redo Log Every Oracle database has at least two online redo log file groups. Each redo log group consists of one or more redo log members (redo is managed in groups of members). The individual redo log file members of these groups are true mirror images of each other. These online redo log files are fixed in size and are used in a circular fashion. Oracle will write to log file group 1, and when it gets to the end of this set of files, it will switch to log file group 2 and rewrite the contents of those files from start to end. When it has filled log file group 2, it will switch back to log file group 1 (assuming we have only two redo log file groups; if we have three, it would, of course, proceed to the third group). This is shown in Figure 3-4. Figure 3-4. Writing to log file groups The act of switching from one log file group to another is called a log switch. It is important to note that a log switch may cause a temporary “pause” in a poorly configured database. Since the redo logs are used to recover transactions in the event of a failure, we must be certain we won’t need the contents of a redo log file before we are able to use it. If Oracle isn’t sure that it won’t need the contents of a log file, it will suspend operations in the database momentarily and make sure that the data in the cache that this redo “protects” is safely written (checkpointed) onto disk. Once Oracle is sure of that, processing will resume and the redo file will be reused. CHAPTER 3 ■ FILES 107 We’ve just started to talk about a key database concept: checkpointing. To understand how online redo logs are used, you’ll need to know something about checkpointing, how the database buffer cache works, and what a process called Database Block Writer (DBWn) does. The database buffer cache and DBWn are covered in more detail a later on,, but we’ll skip ahead a little anyway and touch on them now. The database buffer cache is where database blocks are stored temporarily. This is a structure in Oracle’s SGA. As blocks are read, they are stored in this cache, hopefully so we won’t have to physically reread them later. The buffer cache is first and foremost a performance-tuning device. It exists solely to make the very slow process of physical I/O appear to be much faster than it is. When we modify a block by updating a row on it, these modifications are done in memory to the blocks in the buffer cache. Enough information to redo this modification is stored in the redo log buffer, another SGA data structure. When we COMMIT our modifications, making them permanent, Oracle does not go to all of the blocks we modified in the SGA and write them to disk. Rather, it just writes the contents of the redo log buffer out to the online redo logs. As long as that modified block is in the buffer cache and not on disk, we need the contents of that online redo log in case the database fails. If, at the instant after we committed, the power was turned off, the database buffer cache would be wiped out. If this happens, the only record of our change is in that redo log file. Upon restart of the database, Oracle will actually replay our transaction, modifying the block again in the same way we did and committing it for us. So, as long as that modified block is cached and not written to disk, we can’t reuse that redo log file. This is where DBWn comes into play. This Oracle background process is responsible for making space in the buffer cache when it fills up and, more important, for performing checkpoints. A checkpoint is the writing of dirty (modified) blocks from the buffer cache to disk. Oracle does this in the background for us. Many things can cause a checkpoint to occur, the most common being a redo log switch. As we filled up log file 1 and switched to log file 2, Oracle initiated a checkpoint. At this point, DBWn started writing to disk all of the dirty blocks that are protected by log file group 1. Until DBWn flushes all of these blocks protected by that log file, Oracle can’t reuse it. If we attempt to use it before DBWn has finished its checkpoint, we’ll get a message like this in our database’s ALERT log: ... Thread 1 cannot allocate new log, sequence 66 Checkpoint not complete Current log# 2 seq# 65 mem# 0: /home/ora11gr2/app/ora11gr2/oradata/orcl/redo01.log ... So, when this message appeared, processing was suspended in the database while DBWn hurriedly finished its checkpoint. Oracle gave all the processing power it could to DBWn at that point in the hope it would finish faster. This is a message you never want to see in a nicely tuned database instance. If you do see it, you know for a fact that you have introduced artificial, unnecessary waits for your end users. This can always be avoided. The goal (and this is for the DBA, not the developer necessarily) is to have enough online redo log files allocated so that you never attempt to reuse a log file before the checkpoint initiated by it completes. If you see this message frequently, it means a DBA has not allocated sufficient online redo logs for the application, or that DBWn needs to be tuned to work more efficiently. Different applications will generate different amounts of redo log. A Decision Support System (DSS, query only) or DW system will naturally generate significantly less online redo logging than an OLTP (transaction processing) system would, day to day. A system that does a lot of image manipulation in Binary Large Objects (BLOBs) in the database may generate radically more redo than a simple order- entry system. An order-entry system with 100 users will probably generate a tenth the amount of redo 1,000 users would generate. Thus, there is no “right” size for your redo logs, although you do want to ensure they are large enough for your unique workload. You must take many things into consideration when setting both the size of and the number of online redo logs. Many of them are beyond the scope of this book, but I’ll list some of them to give you an idea: CHAPTER 3 ■ FILES 108 • Peak workloads: You’d like your system to not have to wait for checkpoint-not- complete messages, to not get bottlenecked during your peak processing. You should size your redo logs not for average hourly throughput, but rather for your peak processing. If you generate 24GB of log per day, but 10GB of that log is generated between 9:00 am and 11:00 am, you’ll want to size your redo logs large enough to carry you through that two-hour peak. Sizing them for an average of 1GB per hour would probably not be sufficient. • Lots of users modifying the same blocks: Here you might want large redo log files. Since everyone is modifying the same blocks, you’d like to update them as many times as possible before writing them out to disk. Each log switch will fire a checkpoint, so you’d like to switch logs infrequently. This may, however, affect your recovery time. • Mean time to recover: If you must ensure that a recovery takes as little time as possible, you may be swayed toward smaller redo log files, even if the previous point is true. It will take less time to process one or two small redo log files than a gargantuan one upon recovery. The overall system will run slower than it absolutely could day to day perhaps (due to excessive checkpointing), but the amount of time spent in recovery will be shorter. There are other database parameters that may also be used to reduce this recovery time, as an alternative to the use of small redo log files. Archived Redo Log The Oracle database can run in one of two modes: ARCHIVELOG mode and NOARCHIVELOG mode. The difference between these two modes is simply what happens to a redo log file when Oracle goes to reuse it. “Will we keep a copy of that redo or should Oracle just overwrite it, losing it forever?” is an important question to answer. Unless you keep this file, you can’t recover data from a backup to that point in time. Say you take a backup once a week on Saturday. Now, on Friday afternoon, after you have generated hundreds of redo logs over the week, your hard disk fails. If you have not been running in ARCHIVELOG mode, the only choices you have right now are as follows: • Drop the tablespace(s) associated with the failed disk. Any tablespace that had a file on that disk must be dropped, including the contents of that tablespace. If the SYSTEM tablespace (Oracle’s data dictionary) or some other important system- related tablespace like your UNDO tablespace is affected, you can’t do this. You will have to use the next option instead. • Restore last Saturday’s data and lose all of the work you did that week. Neither option is very appealing. Both imply that you lose data. If you had been executing in ARCHIVELOG mode, on the other hand, you simply would have found another disk and restored the affected files from Saturday’s backup onto it. Then, you would have applied the archived redo logs and, ultimately, the online redo logs to them (in effect replaying the week’s worth of transactions in fast- forward mode). You lose nothing. The data is restored to the point of the failure. People frequently tell me they don’t need ARCHIVELOG mode for their production systems. I have yet to meet anyone who was correct in that statement. I believe that a system is not a production system unless it is in ARCHIVELOG mode. A database that is not in ARCHIVELOG mode will, some day, lose data. It is inevitable; you will lose data (not might, but will) if your database is not in ARCHIVELOG mode. “We are using RAID-5, so we are totally protected” is a common excuse. I’ve seen cases where, due to a manufacturing error, all disks in a RAID set froze, all at about the same time. I’ve seen cases where the hardware controller introduced corruption into the data files, so people safely protected corrupt data with their RAID devices. RAID also does not do anything to protect you from operator error, one of the CHAPTER 3 ■ FILES 109 most common causes of data loss. RAID does not mean the data is safe, it might be more available, it might be safer, but data solely on a RAID device will be lost someday; it is a matter of time. “If we had the backups from before the hardware or operator error and the archives were not affected, we could have recovered.” The bottom line is that there is no excuse for not being in ARCHIVELOG mode on a system where the data is of any value. Performance is no excuse; properly configured archiving adds little to no overhead. This, and the fact that a fast system that loses data is useless, means that even if archiving added 100 percent overhead, you still need to do it. A feature is overhead if you can remove it and lose nothing important; overhead is like icing on the cake. Preserving your data, and making sure you don’t lose your data isn’t overhead—it’s the DBA’s primary job! Only a test or maybe a development system should execute in NOARCHIVELOG mode. Most development systems should be run in ARCHIVELOG mode for two reasons: • This is how you will process the data in production; you want development to act and react as your production system would. • In many cases, the developers pull their code out of the data dictionary, modify it, and compile it back into the database. The development database holds the current version of the code. If the development database suffers a disk failure in the afternoon, what happens to all of the code you compiled and recompiled all morning? It’s lost. Don’t let anyone talk you out of being in ARCHIVELOG mode. You spent a long time developing your application, so you want people to trust it. Losing their data will not instill confidence in your system. ■ Note There are some cases in which a large DW could justify being in NOARCHIVELOG mode—if it made judicious use of READ ONLY tablespaces and was willing to fully rebuild any READ WRITE tablespace that suffered a failure by reloading the data. Password Files The password file is an optional file that permits the remote SYSDBA or administrator access to the database. When you attempt to start Oracle, there is no database available that can be consulted to verify passwords. When you start Oracle on the local system (i.e., not over the network, but from the machine the database instance will reside on), Oracle will use the OS to perform the authentication. When Oracle was installed, the person performing the installation was asked to specify a group for the administrators. Normally, on UNIX/Linux, this group will be DBA by default, and OSDBA on Windows. It can be any legitimate group name on that platform, however. That group is “special,” in that any user in that group can connect to Oracle “as SYSDBA” without specifying a username or password. For example, in my Oracle 11g Release 2 install, I specified an ora11gr2 group. Anyone in the ora11gr2 group may connect without a username/password: $ groups tkyte ora11gr2 $ sqlplus / as sysdba CHAPTER 3 ■ FILES 110 SQL*Plus: Release 11.2.0.1.0 Production on Wed Jan 20 16:17:26 2010 Copyright (c) 1982, 2009, Oracle. All rights reserved. Connected to: Oracle Database 11g Enterprise Edition Release 11.2.0.1.0 - Production With the Partitioning, OLAP, Data Mining and Real Application Testing options sys%ORA11GR2> show user USER is "SYS" That worked. I’m connected and I could now start up this database, shut it down, or perform whatever administration I wanted to. But suppose I wanted to perform these operations from another machine, over the network. In that case, I would attempt to connect using @tns-connect-string. However, this would fail: $ sqlplus /@ora11gr2 as sysdba SQL*Plus: Release 11.2.0.1.0 Production on Wed Jan 20 16:19:44 2010 Copyright (c) 1982, 2009, Oracle. All rights reserved. ERROR: ORA-01031: insufficient privileges OS authentication won’t work over the network for SYSDBA, even if the very unsafe (for security reasons) parameter REMOTE_OS_AUTHENT is set to true. So, OS authentication won’t work and, as discussed earlier, if you’re trying to start up an instance to mount and open a database, then by definition there’s no database yet in which to look up authentication details. It is the proverbial chicken and egg problem. Enter the password file. The password file stores a list of usernames and passwords that are allowed to remotely authenticate as SYSDBA over the network. Oracle must use this file to authenticate them, not the normal list of passwords stored in the database. So, let’s correct our situation. First, we’ll start up the database locally so we can set the REMOTE_LOGIN_PASSWORDFILE. Its default value is NONE, meaning there is no password file; there are no remote SYSDBA logins. It has two other settings: SHARED (more than one database can use the same password file) and EXCLUSIVE (only one database uses a given password file). We’ll set ours to EXCLUSIVE, as we want to use it for only one database (i.e., the normal use): sys%ORA11GR2> alter system set remote_login_passwordfile=exclusive scope=spfile; System altered. This setting can’t be changed dynamically while the instance is up and running, so we’ll have to shut down and this will take effect upon the next restart. The next step is to use the command-line tool (on UNIX and Windows) named orapwd to create and populate the initial password file: $ orapwd Usage: orapwd file= entries= force= ignorecase= nosysdba= where file is the name of password file (required); password is the password for SYS; it will be prompted if not specified at command line; entries are the maximum number of distinct DBAs (optional); CHAPTER 3 ■ FILES 111 force indicates whether to overwrite existing file (optional); ignorecase specifies whether passwords are case-insensitive (optional); nosysdba indicates whether to shut out the SYSDBA logon (optional Database Vault only). There must be no spaces around the equal-to (=) character. The command we’ll use when logged into the operating system account that owns the Oracle software is $ orapwd file=orapw$ORACLE_SID password=bar entries=20 This creates a password file named orapworcl in my case (my ORACLE_SID is orcl). That’s the naming convention for this file on most UNIX platforms (see your installation/OS admin guide for details on the naming of this file on your platform), and it resides in the $ORACLE_HOME/dbs directory. On Windows, this file is named PW%ORACLE_SID%.ora and it’s located in the %ORACLE_HOME%\database directory. You should navigate to the correct directory prior to running the command to create that file, or move that file into the correct directory afterward.. Now, currently the only user in that file is SYS, even if there are other SYSDBA accounts on that database (they are not in the password file yet). Using that knowledge, however, we can for the first time connect as SYSDBA over the network: $ sqlplus sys/bar@ora11gr2 as sysdba SQL*Plus: Release 11.2.0.1.0 Production on Wed Jan 20 16:32:07 2010 Copyright (c) 1982, 2009, Oracle. All rights reserved. Connected to an idle instance. idle> ■ Note If you experience an ORA-12505 “TNS:listener does not currently know of SID given in connect Descriptor” error during this step, that means that the database listener is not configured with a static registration entry for this server. The DBA has not permitted remote SYSDBA connections when the database instance is not up. This will be the case for most Oracle installations for version 9i and above. You would need to configure static server registration in your listener.ora configuration file. Please search for "Configuring Static Service Information" (in quotes) on the OTN (Oracle Technology Network) documentation search page for the version of the database you are using for details on configuring this static service. We have been authenticated, so we are in. We can now successfully start up, shut down, and remotely administer this database using the SYSDBA account. Now, we have another user, OPS$TKYTE, who has been granted SYSDBA, but will not be able to connect remotely yet: $ sqlplus 'ops$tkyte/foobar' as sysdba SQL*Plus: Release 11.2.0.1.0 Production on Wed Jan 20 16:37:35 2010 … CHAPTER 3 ■ FILES 112 With the Partitioning, OLAP, Data Mining and Real Application Testing options sys%ORA11GR2> show user USER is "SYS" sys%ORA11GR2> exit $ sqlplus 'ops$tkyte/foobar'@ora11gr2 as sysdba SQL*Plus: Release 11.2.0.1.0 Production on Wed Jan 20 16:37:46 2010 Copyright (c) 1982, 2009, Oracle. All rights reserved. ERROR: ORA-01031: insufficient privileges Enter user-name: The reason for this is that OPS$TKYTE is not yet in the password file. In order to get OPS$TKYTE into the password file, we need to “regrant” that account SYSDBA: $ sqlplus / as sysdba SQL*Plus: Release 11.2.0.1.0 Production on Wed Jan 20 16:38:43 2010 … With the Partitioning, OLAP, Data Mining and Real Application Testing options sys%ORA11GR2> grant sysdba to ops$tkyte; Grant succeeded. sys%ORA11GR2> exit $ sqlplus 'ops$tkyte/foobar'@ora11gr2 as sysdba SQL*Plus: Release 11.2.0.1.0 Production on Wed Jan 20 16:38:53 2010 … With the Partitioning, OLAP, Data Mining and Real Application Testing options sys%ORA11GR2> This created an entry in the password file for us, and Oracle will now keep the password in sync. If OPS$TKYTE alters his password, the old one will cease working for remote SYSDBA connections and the new one will start: sys%ORA11GR2> alter user ops$tkyte identified by something_else; User altered. sys%ORA11GR2> exit Disconnected from Oracle Database 11g Enterprise Edition Release 11.2.0.1.0 - Production With the Partitioning, OLAP, Data Mining and Real Application Testing options $ sqlplus 'ops$tkyte/foobar'@ora11gr2 as sysdba SQL*Plus: Release 11.2.0.1.0 Production on Wed Jan 20 16:40:12 2010 CHAPTER 3 ■ FILES 113 Copyright (c) 1982, 2009, Oracle. All rights reserved. ERROR: ORA-01017: invalid username/password; logon denied Enter user-name: ops$tkyte/something_else@ora11gr2 as sysdba Connected to: Oracle Database 11g Enterprise Edition Release 11.2.0.1.0 - Production With the Partitioning, OLAP, Data Mining and Real Application Testing options The same process is repeated for any user who was a SYSDBA but is not yet in the password file. Change Tracking File The change-tracking file is a new, optional file for use with Oracle 10g Enterprise Edition and above. The sole purpose of this file is to track what blocks have modified since the last incremental backup. With this, the Recovery Manager (RMAN) tool can back up only the database blocks that have actually been modified without having to read the entire database. In releases prior to Oracle 10g, an incremental backup would have had to read the entire set of database files to find blocks that had been modified since the last incremental backup. So, if you had a 1TB database to which you simply added 500MB of new data (e.g., a data warehouse load), the incremental backup would have read 1TB of data to find that 500MB of new information to back up. So, the incremental backup would have stored significantly less data in the backup, and it would have still read the entire database. In Oracle 10g Enterprise Edition and up, that’s no longer the case. As Oracle is running, and as blocks are modified, Oracle optionally maintains a file that tells RMAN what blocks have been changed. Creating this change-tracking file is rather simple and is accomplished via the ALTER DATABASE command: sys%ORA11GR2> alter database enable block change tracking 2 using file 3 '/home/ora11gr2/app/ora11gr2/oradata/orcl/ORCL/changed_blocks.bct'; Database altered. ■ Caution I’ll say this from time to time throughout the book: please bear in mind that commands that set parameters, modify the database, or make fundamental changes should not be done lightly, and definitely should be tested prior to performing them on your “real” system. The preceding command will, in fact, cause the database to do more work. It will consume resources. To turn off and remove the block change-tracking file, you’d use the ALTER DATABASE command once again: sys%ORA11GR2> alter database disable block change tracking; Database altered. CHAPTER 3 ■ FILES 114 Note that this command will erase the block change-tracking file. It does not just disable the feature—it removes the file as well. ■ Note On certain operating systems, such as Windows, you might find that if you run my example—creating a block change-tracking file and then disabling it—the file appears to still exist. This is an OS-specific issue—it does not happen on many operating systems. It will happen only if you CREATE and DISABLE the change-tracking file from a single session. The session that created the block change-tracking file will leave that file open and some operating systems will not permit you to erase a file that has been opened by some process. This is harmless; you just need to remove the file yourself later. You can enable this new block change-tracking feature in either ARCHIVELOG or NOARCHIVELOG mode. But remember, a database in NOARCHIVELOG mode, where the redo log generated daily is not retained, can’t recover all changes in the event of a media (disk or device) failure! A NOARCHIVELOG mode database will lose data some day. We will cover these two database modes in more detail in Chapter 9 “Redo and Undo.” Flashback Logs Flashback logs were introduced in Oracle 10g in support of the FLASHBACK DATABASE command, a new feature of the Enterprise Edition of the database in that release. Flashback logs contain “before images” of modified database blocks that can be used to return the database to the way it was at some prior point in time. Flashback Database The FLASHBACK DATABASE command was introduced to speed up the otherwise slow process of point-in- time database recovery. It can be used in place of a full database restore and a rolling forward using archive logs, and it is primarily designed to speed up the recovery from an “accident.” For example, let’s take a look at what a DBA might do to recover from an accidentally dropped schema, in which the right schema was dropped, just in the wrong database (it was meant to be dropped in the test environment). The DBA immediately recognizes the mistake he has made and shuts down the database right away. Now what? Prior to the FLASHBACK DATABASE capability, what would probably happen is this: 1. The DBA would shut down the database. 2. The DBA would restore the last full backup of database from tape (typically), generally a long process. 3. The DBA would restore all archive redo logs generated since the backup that were not available on the system. 4. The DBA would roll the database forward and stop rolling forward at a point in time just before the erroneous DROP USER command. 5. The database would be opened with the RESETLOGS option. CHAPTER 3 ■ FILES 115 This was a nontrivial process with many steps and would generally consume a large piece of time (time when no one could access the database, of course). The causes of a point-in-time recovery like this are many: an upgrade script gone awry, an upgrade gone bad, an inadvertent command issued by someone with the privilege to issue it (a mistake, probably the most frequent cause), or some process introducing data integrity issues into a large database (again, an accident; maybe it was run twice instead of just once, or maybe it had a bug). Whatever the reason, the net effect was a large period of downtime. The steps to recover in Oracle 10g Enterprise Edition and above, assuming you configured the flashback database capability, would be as follows: 1. The DBA shuts down the database. 2. The DBA startup-mounts the database and issues the flashback database command, using either an SCN, the Oracle internal clock, or a timestamp (wall clock time), which would be accurate to within a couple of seconds. 3. The DBA opens the database with resetlogs. To use this feature, the database must be in ARCHIVELOG mode and must have been set up to enable the FLASHBACK DATABASE command. What I’m trying to say is that you need to set up this capability before you ever need to use it. It is not something you can enable after the damage is done; you must make a conscious decision to use it, whether you have it on continuously or whether you use it to set restore points. Flash Recovery Area The Flash Recovery Area is a new concept in Oracle 10g and above. Starting with 10g and for the first time in many years (over 25 years), the basic concept behind database backups has changed in Oracle. In the past, the design of backup and recovery in the database was built around the concept of a sequential medium, such as a tape device. That is, random access devices (disk drives) were always considered too expensive to waste for mere backups. You used relatively inexpensive tape devices with large storage capacities. Today, however, you can buy terabytes of disk storage at a very low cost. In fact, my son Alan is the first kid on the block with a 1TB NAS (network attached storage device). It cost $125.00 USD. I remember my first hard drive on my personal computer: a whopping 40MB. I actually had to partition it into two logical disks because the OS I was using (MS-DOS at the time) could not recognize a disk larger than 32MB. Things have certainly changed in the last 25 years or so. The Flash Recovery Area in Oracle is a location where the database will manage many of the files related to database backup and recovery. In this area (an area being a part of a disk set aside for this purpose; a directory, for example), you could find • Copies of data files on disk • Incremental backups of your database • Redo logs (archived redo logs) • Control files and backups of control files • Flashback logs Oracle uses this new area to manage these files, so the server will know what is on disk and what is not on disk (and perhaps on tape elsewhere). Using this information, the database can perform operations like a disk-to-disk restore of a damaged data file or the flashing back (a “rewind” operation) of the database to undo an operation that should not have taken place. For example, you could use the FLASHBACK DATABASE command to put the database back the way it was five minutes ago (without doing a CHAPTER 3 ■ FILES 116 full restore of the database and a point-in-time recovery). That would allow you to “undrop” that accidentally dropped user account. The Flash Recovery Area is more of a logical concept. It is a holding area for the file types discussed in this chapter. Its use is optional—you don’t need to use it, but if you want to use some advanced features such as the Flashback Database, you must use this area to store the information. DMP Files (EXP/IMP Files) Export and Import are venerable Oracle data extraction and load tools that have been around for many versions. Export’s job is to create a platform-independent DMP file that contains all of the required metadata (in the form of CREATE and ALTER statements), and optionally the data itself to re-create tables, schemas, or even entire databases. Import’s sole job is to read these DMP files, and execute the DDL statements and load any data it finds. ■ Note Export is officially deprecated with Oracle Database 11g Release 2. It is supplied only for use with legacy database structures. New datatypes, new structures, new database features will not be supported by this tool. I strongly recommend using Data Pump, the export/import replacement tool introduced with Oracle 10g a few years back. DMP files are designed to be forward-compatible, meaning that newer releases can read older releases’ DMP files and process them successfully. I have heard of people exporting a version 5 database and successfully importing it into Oracle 10g (just as a test!). So Import can read older version DMP files and process the data therein. The converse, however, is most definitely not true: the Import process that comes with Oracle9i Release 1 can’t—will not—successfully read a DMP file created by Oracle9i Release 2 or Oracle 10g Release 1. For example, I exported a simple table from Oracle 11g Release 2. Upon trying to use these DMP files in Oracle 10g Release 2, I soon discovered Oracle 10g Release 2 Import will not even attempt to process the Oracle 11g Release 2 DMP file: $ imp userid=/ full=y Import: Release 10.2.0.4.0 - Production on Wed Jan 20 18:21:03 2010 Copyright (c) 1982, 2007, Oracle. All rights reserved. Connected to: Oracle Database 10g Enterprise Edition Release 10.2.0.4.0 - Production With the Partitioning, OLAP, Data Mining and Real Application Testing options IMP-00010: not a valid export file, header failed verification IMP-00000: Import terminated unsuccessfully Even in the cases where IMP was able to recognize the file, there would be a great chance that the DDL generated by the 11g Release 2 EXP tool would not be DDL that the earlier version of Oracle would recognize. For example, suppose you export from any release of Oracle version 9i Release 2 or above. You would find in the export file that every CREATE TABLE has a COMPRESS or NOCOMPRESS option added to it. Oracle 9i Release 2 added basic table compression as a feature. If you were able to get any release of CHAPTER 3 ■ FILES 117 Oracle older than 9i Release 2 to read that export file, you’d find that the DDL it contains would fail—100 percent of the time. Not a single CREATE TABLE statement would work because the NOCOMPRESS/COMPRESS keywords would not be recognized by the older release. DMP files are platform-independent, so you can safely take an export from any platform, transfer it to another, and import it (as long as the versions of Oracle permit). One caveat, however, with Windows and FTPing of files is that Windows will consider a DMP file a text file by default and will tend to convert linefeeds (the end-of-line marker on UNIX) into carriage return/linefeed pairs, thus totally corrupting the DMP file. When transferring a DMP file in Windows, make sure you’re doing a binary transfer. If your subsequent import won’t work, check the source and target file sizes to make sure they’re the same. I can’t recall how many times this issue has brought things to a screeching halt while the file had to be retransferred. DMP files are binary files, meaning you won’t be editing them to change them. You can extract a large amount of information from them—CREATE DDL and more—but you won’t be editing them in a text editor (or any sort of editor, actually). In the book Expert One-on-One Oracle, I spent a great deal of time discussing the Import and Export utilities and working with DMP files. Because these tools are falling out of favor, in place of the infinitely more flexible Data Pump utilities, I’ll defer a full discussion of how to manipulate them, extract data from them, and use them in general to the existing first edition of this book. Data Pump Files Data Pump is a file format used by at least two tools in Oracle. External tables can load and unload data in the Data Pump format, and the new import/export tools IMPDP and EXPDP use this file format in much the same way IMP and EXP used the DMP file format. ■ Note The Data Pump format is exclusive to Oracle 10g Release 1 and above—it did not exist in any Oracle9i release, nor can it be used with that release. Pretty much all of the same caveats that applied to DMP files mentioned previously will apply over time to Data Pump files as well. They are cross-platform (portable) binary files that contain metadata (not stored in CREATE/ALTER statements, but rather in XML) and possibly data. That they use XML as a metadata representation structure is actually relevant to you and me as end users of the tools. IMPDP and EXPDP have some sophisticated filtering and translation capabilities never seen in the IMP/EXP tools of old. This is in part due to the use of XML and to the fact that a CREATE TABLE statement is not stored as a CREATE TABLE, but rather as a marked-up document. This permits easy implementation of a request like “Please replace all references to tablespace FOO with tablespace BAR.” When the metadata was stored in the DMP file as CREATE/ALTER statements, the Import utility would have had to basically parse each SQL statement before executing it in order to accomplish the feat of changing tablespace names (something it does not do). IMPDP, however, just has to apply a simple XML transformation to accomplish the same. FOO, when it refers to a TABLESPACE, would be surrounded by FOO tags (or some other similar representation). The fact that XML is used has allowed the EXPDP and IMPDP tools to literally leapfrog the old EXP and IMP tools with regard to their capabilities. In Chapter 15 “Data Loading and Unloading,” we’ll take a closer look at these tools. Before we get there, however, let’s see how we can use this Data Pump format to quickly extract some data from database A and move it to database B. We’ll be using an “external table in reverse” here. CHAPTER 3 ■ FILES 118 External tables, originally introduced in Oracle9i Release 1, gave us the ability to read flat files— plain old text files—as if they were database tables. We had the full power of SQL to process them. They were read-only and designed to get data from outside Oracle in. External tables in Oracle 10g Release 1 and above can go the other way: they can be used to get data out of the database in the Data Pump format to facilitate moving the data to another machine or another platform. To start this exercise, we’ll need a DIRECTORY object, telling Oracle the location to unload to: ops$tkyte%ORA11GR1> create or replace directory tmp as '/tmp' 2 / Directory created. ops$tkyte%ORA11GR1> create table all_objects_unload 2 organization external 3 ( type oracle_datapump 4 default directory TMP 5 location( 'allobjects.dat' ) 6 ) 7 as 8 select * from all_objects 9 / Table created. And that literally is all there is to it: we have a file in /tmp named ALLOBJECTS.DAT that contains the contents of the query select * from all_objects. We can peek at this information: ops$tkyte%ORA11GR1> !strings /tmp/allobjects.dat | head "OPS$TKYTE"."U" Linuxi386/Linux-2.0.34-8.1.0 WE8MSWIN1252 11.01.00.00.00 001:001:000001:000001 1 That’s just the head, or top, of the file. Now, using a binary FTP (same caveat as for a DMP file!), I moved this ALLOBJECTS.DAT file to a Windows server and created a directory object and table to map to it: C:\TEMP>sqlplus tkyte/tkyte SQL*Plus: Release 11.1.0.7.0 - Production on Wed Jan 20 18:56:45 2010 Copyright (c) 1982, 2008, Oracle. All rights reserved. Connected to: Oracle Database 11g Enterprise Edition Release 11.1.0.7.0 - Production With the Partitioning, OLAP, Data Mining and Real Application Testing options CHAPTER 3 ■ FILES 119 ops$tkyte%ora11gr1> create or replace directory TMP as 'c:\temp\' 2 / Directory created. ops$tkyte%ora11gr1> ops$tkyte%ora11gr1> create table t 2 ( OWNER VARCHAR2(30), 3 OBJECT_NAME VARCHAR2(30), 4 SUBOBJECT_NAME VARCHAR2(30), 5 OBJECT_ID NUMBER, 6 DATA_OBJECT_ID NUMBER, 7 OBJECT_TYPE VARCHAR2(19), 8 CREATED DATE, 9 LAST_DDL_TIME DATE, 10 TIMESTAMP VARCHAR2(19), 11 STATUS VARCHAR2(7), 12 TEMPORARY VARCHAR2(1), 13 GENERATED VARCHAR2(1), 14 SECONDARY VARCHAR2(1) 15 ) 16 organization external 17 ( type oracle_datapump 18 default directory TMP 19 location( 'allobjects.dat' ) 20 ) 21 / Table created. And now I’m able to query the data unloaded from the other database immediately: ops$tkyte%ora11gr1> select count(*) from t 2 / COUNT(*) ---------- 68742 That is the power of the Data Pump file format: immediate transfer of data from system to system, over “sneaker net” if need be. Think about that the next time you’d like to take a subset of data home to work with over the weekend while testing. Even if the database character sets differ (they did not in this example), Oracle has the ability now to recognize the differing character sets due to the Data Pump format and deal with them. Character-set conversion can be performed on the fly as needed to make the data “correct” in each database’s representation. Again, we’ll come back to the Data Pump file format in Chapter 15 “Data Loading and Unloading,” but this section should give you an overall feel for what it is about and what might be contained in the file. CHAPTER 3 ■ FILES 120 Flat Files Flat files have been around since the dawn of electronic data processing. We see them literally every day. The text alert log described previously is a flat file. I found the following definition for “flat file” on the Web, and feel it pretty much wraps things up: “An electronic record that is stripped of all specific application (program) formats. This allows the data elements to be migrated into other applications for manipulation. This mode of stripping electronic data prevents data loss due to hardware and proprietary software obsolescence.” 1 A flat file is simply a file whereby each “line” is a “record,” and each line has some text delimited, typically by a comma or pipe (vertical bar). Flat files are easily read by Oracle using either the legacy data-loading tool SQLLDR or external tables. In fact, I will cover this in detail in Chapter 15 “Data Loading and Unloading” (External tables are also covered in Chapter 10 in “Database Tables”). However, flat files are not something produced so easily by Oracle. For whatever reason, there is no simple command-line tool to export information to a flat file. Tools such as APEX, SQL Developer, and Enterprise Manager facilitate this process, but there are no official command-line tools that are easily usable in scripts and such to perform this operation. That’s one reason I decided to mention flat files in this chapter: to propose a set of tools capable of producing simple flat files. I have over the years developed three methods to accomplish this task, each appropriate in its own right. The first uses PL/SQL and UTL_FILE with dynamic SQL to accomplish the job. With small volumes of data (hundreds or thousands of rows), this tool is sufficiently flexible and fast enough to get the job done. However, it must create its files on the database server machine, which is sometimes not the location we’d like for them. To that end, I have a SQL*Plus utility that creates flat files on the machine that is running SQL*Plus. Since SQL*Plus can connect to an Oracle server anywhere on the network, this gives us the ability to unload to a flat file any data from any database on the network. Lastly, when the need for total speed is there, nothing but C will do (if you ask me). So I also have a Pro*C command-line unloading tool to generate flat files. All of these tools are freely available at http://tkyte.blogspot.com/2009/10/httpasktomoraclecomtkyteflat.html, and any new tools developed for unloading to flat files will appear there as well. Summary In this chapter, we explored the important types of files used by the Oracle Database, from lowly parameter files (without which you won’t even be able to get started) to the all important redo log and data files. We examined the storage structures of Oracle from tablespaces to segments and extents, and finally down to database blocks, the smallest unit of storage. We briefly reviewed how checkpointing works in the database, and we even started to look ahead at what some of the physical processes or threads of Oracle do. We also covered many optional file types such as password files, change-tracking files, Data Pump files and more. In the next chapter we are ready to look at the Oracle memory structures. 1 See http://osulibrary.oregonstate.edu/archives/handbook/definitions C H A P T E R 4 ■ ■ ■ 121 Memory Structures In this chapter, we'll look at Oracle's three major memory structures: • System Global Area (SGA): This is a large, shared memory segment that virtually all Oracle processes will access at one point or another. • Process Global Area (PGA): This is memory that is private to a single process or thread; it is not accessible from other processes/threads. • User Global Area (UGA): This is memory associated with your session. It is located either in the SGA or the PGA, depending whether you are connected to the database using a shared server (it will be in the SGA), or a dedicated server (it will be in the PGA). ■ Note In earlier releases of Oracle, shared server was referred to as Multi-Threaded Server or MTS. In this book, we will always use the term shared server. When we discuss memory management in Oracle, we have two methods to investigate. The first is manual memory management, whereby is responsible for sizing absolutely everything relating to how Oracle uses memory, from the amount of memory Oracle uses to sort data in memory, to the amount of memory it uses to cache database blocks in the buffer cache. We’ll also examine automatic memory management, in which the DBA sets only a few (as few as one) initialization parameters and the database itself figures out the most appropriate usage of memory. When talking about automatic memory management, we actually have two levels of management to explore. In the first level, the DBA sets two parameters—to size the SGA and PGA memory regions. In the second level, available only in Oracle 11g and above, the DBA sets just one parameter—the MEMORY_TARGET parameter—to allow the database to determine how to size all of the memory regions. We’ll attack both methods by first discussing PGA and UGA memory management, first manual and then automatic. We’ll then move onto the SGA, again looking at both manual and then automatic memory management. We’ll close with a look at how to manage memory using just a single parameter to control both the SGA and PGA regions. CHAPTER 4 ■ MEMORY STRUCTURES 122 The Process Global Area and User Global Area The PGA is a process-specific piece of memory. In other words, it is memory specific to a single operating system process or thread. This memory is not accessible by any other process or thread in the system. It is typically allocated via either of the C runtime calls malloc() or memmap(), and it may grow (or even shrink) at runtime. The PGA is never allocated in Oracle's SGA; it is always allocated locally by the process or thread—the P in PGA stands for process or program; it is not shared. The UGA is, in effect, your session's state. It is memory that your session must always be able to get to. The location of the UGA is wholly dependent on how you connect to Oracle. If you connect via a shared server, the UGA must be stored in a memory structure that every shared server process has access to—and that’s the SGA. In this way, your session can use any one of the shared servers, since any of them can read and write your session's data. On the other hand, if you are using a dedicated server connection, there’s no need for universal access to your session state, and the UGA becomes virtually synonymous with the PGA; it will, in fact, be contained in the PGA of your dedicated server. When you look at the system statistics, you'll find the UGA reported in the PGA in dedicated server mode (the PGA will be greater than or equal to the UGA memory used; the PGA memory size will include the UGA size as well). So, the PGA contains process memory and may include the UGA. The other areas of PGA memory are generally used for in-memory sorting, bitmap merging, and hashing. It would be safe to say that, besides the UGA memory, these are the largest contributors by far to the PGA. Starting with Oracle9i Release 1 and above, there are two ways to manage this other non-UGA memory in the PGA: • Manual PGA memory management, where you tell Oracle how much memory it can use to sort and hash any time it needs to sort or hash in a specific process. • Automatic PGA memory management, where you tell Oracle how much memory it should attempt to use system wide. Starting in Oracle 11g Release 1, automatic PGA memory management can be implemented using one of two techniques: • By setting the PGA_AGGREGATE_TARGET initialization parameter and telling Oracle how much PGA memory to attempt to use. • By setting the MEMORY_TARGET initialization parameter and telling Oracle how much total memory the database instance should use for both the SGA and the PGA; the PGA size will be figured out by the database itself from this parameter. The manner in which memory is allocated and used differs greatly in each case, so we'll discuss each in turn. ■ Note It should be noted that in Oracle9i, when using a shared server connection, you can use only manual PGA memory management. This restriction was lifted with Oracle 10g Release 1 (and above). In that release, you can use either automatic or manual PGA memory management with shared server connections. PGA memory management modes are controlled by the database initialization parameter WORKAREA_SIZE_POLICY and may be altered at the session level. This initialization parameter defaults to AUTO, for automatic PGA memory management when possible in Oracle9i Release 2 and above. In Oracle9i Release 1, the default setting was MANUAL. CHAPTER 4 ■ MEMORY STRUCTURES 123 In the sections that follow, we'll take a look at each approach. Manual PGA Memory Management In manual PGA memory management, the parameters that have the largest impact on the size of your PGA, outside of the memory allocated by your session for PL/SQL tables and other variables, are: • SORT_AREA_SIZE: The total amount of RAM that will be used to sort information before swapping out to disk. • SORT_AREA_RETAINED_SIZE: The amount of memory that will be used to hold sorted data after the sort is complete. That is, if SORT_AREA_SIZE is 512KB and SORT_AREA_RETAINED_SIZE is 256KB, your server process would use up to 512KB of memory to sort data during the initial processing of the query. When the sort was complete, the sorting area would "shrink" down to 256KB, and any sorted data that did not fit in that 256KB would be written out to the temporary tablespace. • HASH_AREA_SIZE: The amount of memory your server process can use to store hash tables in memory. These structures are used during a hash join, typically when joining a large set with another set. The smaller of the two sets would be hashed into memory and anything that didn't fit in the hash area region of memory would be stored in the temporary tablespace by the join key. These parameters control the amount of space Oracle will use to sort or hash data before writing (swapping) it to disk, and how much of that memory segment will be retained after the sort is done. The SORT_AREA_SIZE-SORT_AREA_RETAINED_SIZE calculated value is generally allocated out of your PGA, and the SORT_AREA_RETAINED_SIZE value will be in your UGA. You can discover your current use of PGA and UGA memory and monitor its size by querying special Oracle V$ views, also referred to as dynamic performance views. For example, let's run a small test whereby in one session we'll sort lots of data and, from a second session, we'll monitor the UGA/PGA memory use in that first session. To do this in a predictable manner, we'll make a copy of the ALL_OBJECTS table, with about 72,000 rows in this case, without any indexes (so we know a sort has to happen when we use ORDER BY on this table): ops$tkyte%ORA11GR2> create table t as select * from all_objects; Table created. ops$tkyte%ORA11GR2> exec dbms_stats.gather_table_stats( user, 'T' ); PL/SQL procedure successfully completed. To remove any side effects from the initial hard parsing of queries, we'll run the following script three times, but for now ignore its output. We'll run the script again in a fresh session so as to see the effects on memory usage in a controlled environment. We'll use the sort area sizes of 64KB, 1MB, and 1GB in turn, so save this script as run_query.sql: connect / set serveroutput off set echo on column sid new_val SID select sid from v$mystat where rownum = 1; alter session set workarea_size_policy=manual; alter session set sort_area_size = &1; prompt run @reset_stat &SID and @watch_stat in another session here! pause CHAPTER 4 ■ MEMORY STRUCTURES 124 set termout off select * from t order by 1, 2, 3, 4; set termout on prompt run @watch_stat in another session here! Pause and then run: @run_query 65536 @run_query 1048576 @run_query 1073741820 Just ignore the output for now; we are just warming up the shared pool and getting everything “even.” ■ Note When we process SQL in the database, we must first parse the SQL statement. There are two types of parses. The first is a hard parse, which is what happens the first time a query is parsed by the database instance and includes query plan generation and optimization. The second is a soft parse, which can skip many of the steps a hard parse must do. We hard parsed the previous queries so as to not measure the work performed by that operation in the following section. I suggest logging out of that SQL*Plus session and logging back in before continuing, in order to get a consistent environment, or one in which no work has been done yet. Now, we will want to be able to measure the session memory of the session running the big ORDER BY queries from a second separate session. If we used the same session, our query to see how much memory we are using for sorting might itself influence the very numbers we are looking at. To measure the memory from this second session, we'll use a small SQL*Plus script I developed for this. It is actually a pair of scripts; you’ll be told when to run them by the run_query.sql script. The one that resets a small table and sets a SQL*Plus variable to the SID we want to watch is called reset_stat.sql: drop table sess_stats; create table sess_stats ( name varchar2(64), value number, diff number ); variable sid number exec :sid := &1 ■ Note Before using this script (or any script, for that matter), make sure you understand what the script does. This script drops and re-creates a table called SESS_STATS. If your schema already has such a table, you'll probably want to use a different name! CHAPTER 4 ■ MEMORY STRUCTURES 125 The other script is called watch_stat.sql, and for this case study, it uses the MERGE SQL statement so we can initially INSERT the statistic values for a session and then later come back and update them— without needing a separate INSERT/UPDATE script: merge into sess_stats using ( select a.name, b.value from v$statname a, v$sesstat b where a.statistic# = b.statistic# and b.sid = :sid and (a.name like '%ga %' or a.name like '%direct temp%') ) curr_stats on (sess_stats.name = curr_stats.name) when matched then update set diff = curr_stats.value - sess_stats.value, value = curr_stats.value when not matched then insert ( name, value, diff ) values ( curr_stats.name, curr_stats.value, null ) / select name, case when name like '%ga %' then round(value/1024,0) else value end kbytes_writes, case when name like '%ga %' then round(diff /1024,0) else value end diff_kbytes_writes from sess_stats order by name; I emphasize the phrase "for this case study" because of the lines in bold—the names of the statistics we're interested in looking at change from example to example. In this particular case, we're interested in anything with ga in it (pga and uga), or anything with direct temp, which in Oracle 10g and above will show us the direct reads and writes against temporary space (how much I/O we did reading and writing to temp). ■ Note In Oracle9i, direct I/O to temporary space was not labeled as such, so we used a WHERE clause that included (and a.name like '%ga %' or a.name like '%physical % direct%') in it. When this watch_stat.sql script is run from the SQL*Plus command line, we'll see a listing of the PGA and UGA memory statistics for the session, as well as temporary I/O. Now, if you run the script “@run_query 65536” in a session, you’ll see output like this: CHAPTER 4 ■ MEMORY STRUCTURES 126 ops$tkyte%ORA11GR2> @run_query 65536 ops$tkyte%ORA11GR2> connect / Connected. ops$tkyte%ORA11GR2> set serveroutput off ops$tkyte%ORA11GR2> set echo on ops$tkyte%ORA11GR2> column sid new_val SID ops$tkyte%ORA11GR2> select sid from v$mystat where rownum = 1; SID ---------- 133 ops$tkyte%ORA11GR2> alter session set workarea_size_policy=manual; Session altered. ops$tkyte%ORA11GR2> alter session set sort_area_size = &1; old 1: alter session set sort_area_size = &1 new 1: alter session set sort_area_size = 65536 Session altered. ops$tkyte%ORA11GR2> prompt run @reset_stat &SID and @watch_stat in another session here! run @reset_stat 133 and @watch_stat in another session here! ops$tkyte%ORA11GR2> pause We can see the SID of this new session (133), and we’ve set our PGA memory management to manual and our SORT_AREA_SIZE to 65,536 (64KB). Now the script tells us to run the two other scripts in another session, so we’ll do that: ops$tkyte%ORA11GR2> @reset_stat 133 Table dropped. Table created. PL/SQL procedure successfully completed. ops$tkyte%ORA11GR2> @watch_stat 6 rows merged. NAME KBYTES_WRITES DIFF_KBYTES_WRITES --------------------------------------------- ------------- ------------------ physical reads direct temporary tablespace 0 0 physical writes direct temporary tablespace 0 0 session pga memory 673 session pga memory max 673 session uga memory 300 session uga memory max 300 6 rows selected. CHAPTER 4 ■ MEMORY STRUCTURES 127 ■ Note The watch_stat script must be run in the same session as the reset_stat script; reset_stat sets the :sid bind variable necessary for the MERGE statement. Alternatively, you can execute exec :sid := , where is the SID you observe in your testing. So, before we begin we can see that we have about 300KB of data in the UGA and 673KB of data in the PGA. The first question is, “How much memory are we using between the PGA and UGA?” That is, are we using 300KB + 673KB of memory, or are we using some other amount? This is a trick question, and one that you can’t answer unless you know whether the monitored session with SID 133 was connected to the database via a dedicated server or a shared server—and even then it might be hard to figure out. In dedicated server mode, the UGA is totally contained within the PGA, in which case we would be consuming 673KB of memory in our process or thread. In shared server mode, the UGA is allocated from the SGA, and the PGA is in the shared server. So, in shared server mode, by the time we get the last row from the preceding query, the shared server process may be in use by someone else. That PGA isn't "ours" anymore, so technically we are using 300KB of memory (except when we are actually running the query, at which point we are using 973KB of memory between the combined PGA and UGA). In this case, I used a dedicated server (it would be impossible to do the test accurately otherwise) and we are using a grand total of 673KB of memory in the combined PGA and UGA. So, let's now run the first big query in session 133, which is using manual PGA memory management in dedicated server mode. We just have to go back to that session where we ran run_query.sql and hit enter to start the query running: ■ Note Since we haven't set a SORT_AREA_RETAINED_SIZE, its reported value will be zero, but its used value will match SORT_AREA_SIZE. ops$tkyte%ORA11GR2> set termout off ops$tkyte%ORA11GR2> prompt run @watch_stat in another session here! run @watch_stat in another session here! ops$tkyte%ORA11GR2> pause The point where you see set termout off is the point where the large query is executing, we told SQL*plus to run the query but not print on the screen (it would take a while for over 70,000 lines to be printed). Now if we run our watch_stat.sql script again in the second session, we'll see something like the following: ops$tkyte%ORA11GR2> @watch_stat 6 rows merged. NAME KBYTES_WRITES DIFF_KBYTES_WRITES --------------------------------------------- ------------- ------------------ physical reads direct temporary tablespace 3120 3120 physical writes direct temporary tablespace 3120 3120 session pga memory 737 64 session pga memory max 801 128 CHAPTER 4 ■ MEMORY STRUCTURES 128 session uga memory 364 64 session uga memory max 364 64 6 rows selected. Notice this time that the session xxx memory and session xxx memory max values don’t match. The session xxx memory value represents how much memory we are using right now. The session xxx memory max value represents the peak value we used at some time during our session while processing the query. ■ Note In these examples, I wouldn’t expect that you’d see exactly the same numbers I’ve printed here. The amount of memory used is affected by many things, such as Oracle version, the operating system and its features and capabilities, the amount of data placed into the table T, and so on. You should expect variations in memory amounts, but the overall picture will be the same. As you can see, our memory usage went up—we've done some sorting of data. Our UGA increased from 300KB to 364KB (64KB) during the processing of our query. To perform our query and the sorting, Oracle allocated a sort area for our session. Additionally, the PGA memory went from 673KB to 737KB. Also, we can see that we did 3,120 writes and reads to and from temp (since the data we sorted could not have fit into 64KB, our SORT_AREA_SIZE). By the time we finish our query and exhaust the resultset, we can see that our PGA has shrunk somewhat (note that in Oracle8i and before, you wouldn’t expect to see the PGA shrink back at all; this is a new feature with Oracle9i and later). Let's retry that operation but play around with the size of our SORT_AREA_SIZE by increasing it to 1MB. We'll log out of the session we're monitoring and log back in, following the directions to increase our SORT_AREA_SIZE to 1MB. Remember that in the other session we are monitoring from, you must run the reset_stat.sql script to start over. As the beginning numbers are consistent (the output of the first watch_stat.sql should be the same in a new session), I don't display them here—only the final results: NAME KBYTES_WRITES DIFF_KBYTES_WRITES --------------------------------------------- ------------- ------------------ physical reads direct temporary tablespace 1057 1057 physical writes direct temporary tablespace 1057 1057 session pga memory 609 -64 session pga memory max 2017 1344 session uga memory 300 0 session uga memory max 1329 1029 6 rows selected. As you can see, our PGA has grown considerably this time during the processing of our query. It temporarily grew by about 1,300KB (a little more than 1MB, our SORT_AREA_SIZE), but the amount of physical I/O we had to do to sort this data dropped considerably as well (use more memory, swap to disk less often). We may have avoided a multipass sort as well, a condition that happens when there are so many little sets of sorted data to merge together that Oracle ends up writing the data to temp more than once. Now, let's go to an extreme here and use a 1GB SORT_AREA_SIZE: CHAPTER 4 ■ MEMORY STRUCTURES 129 NAME KBYTES_WRITES DIFF_KBYTES_WRITES --------------------------------------------- ------------- ------------------ physical reads direct temporary tablespace 0 0 physical writes direct temporary tablespace 0 0 session pga memory 609 -64 session pga memory max 9825 9152 session uga memory 300 0 session uga memory max 9449 9149 6 rows selected. We can observe that even though we allowed for up to 1GB of memory to the SORT_AREA_SIZE, we really only used about 9MB. This shows that the SORT_AREA_SIZE setting is an upper bound, not the default and only allocation size. Notice also that we did only one sort again, but this time it was entirely in memory; there was no temporary space on disk used, as evidenced by the lack of physical I/O. If you run this same test on various versions of Oracle, or perhaps even on different operating systems, you might see different behavior, and I would expect that your numbers in all cases would be a little different from mine. But the general behavior should be the same. In other words, as you increase the permitted sort area size and perform large sorts, the amount of memory used by your session will increase. You might notice the PGA memory going up and down, or it might remain constant over time, as just shown. For example, if you were to execute the previous test in Oracle8i, I’m sure you’d notice that PGA memory does not shrink back in size (i.e., the SESSION PGA MEMORY equals the SESSION PGA MEMORY MAX in all cases). This is to be expected, as the PGA is managed as a heap in 8i releases and is created via malloc()-ed memory. In 9hi and above, new methods attach and release work areas as needed using operating system-specific memory allocation calls. Here are the important things to remember about using the *_AREA_SIZE parameters: • These parameters control the maximum amount of memory used by a SORT, HASH, or BITMAP MERGE operation. • A single query may have many operations taking place that use this memory, and multiple sort/hash areas could be created. Remember that you may have many cursors opened simultaneously, each with its own SORT_AREA_RETAINED needs. So, if you set the sort area size to 10MB, you could use 10, 100, 1,000 or more megabytes of RAM in your session. These settings are not session limits; rather, they are limits on a single operation, and your session could have many sorts in a single query or many queries open that require a sort. • The memory for these areas is allocated on an “as needed” basis. If you set the sort area size to 1GB as we did, it doesn’t mean you’ll allocate 1GB of RAM. It only means that you’ve given the Oracle process the permission to allocate that much memory for a sort/hash operation. Automatic PGA Memory Management Starting with Oracle9i Release 1, a new way to manage PGA memory was introduced that avoids using the SORT_AREA_SIZE, BITMAP_MERGE_AREA_SIZE, and HASH_AREA_SIZE parameters. It was introduced to address a few issues: • Ease of use: Much confusion surrounded how to set the proper *_AREA_SIZE parameters. There was also much confusion over how those parameters actually worked and how memory was allocated. • Manual allocation was a "one-size-fits-all" method: Typically, as the number of users running similar applications against a database went up, the amount of CHAPTER 4 ■ MEMORY STRUCTURES 130 memory used for sorting and hashing went up linearly as well. If 10 concurrent users with a sort area size of 1MB used 10MB of memory, 100 concurrent users would probably use 100MB, 1,000 would probably use 1000MB, and so on. Unless the DBA was sitting at the console continually adjusting the sort/hash area size settings, everyone would pretty much use the same values all day long. Consider the previous example, where you saw for yourself how the physical I/O to temp decreased as the amount of RAM we allowed ourselves to use went up. If you run that example for yourself, you will almost certainly see a decrease in response time as the amount of RAM available for sorting increases. Manual allocation fixes the amount of memory to be used for sorting at a more or less constant number, regardless of how much memory is actually available. Automatic memory management allows us to use the memory when it is available; it dynamically adjusts the amount of memory we use based on the workload. • Memory control: As a result of the previous point, it was hard, if not impossible, to keep the Oracle instance inside a "box" memory-wise. You couldn’t control the amount of memory the instance was going to use, as you had no real control over the number of simultaneous sorts and hashes taking place. It was far too easy to attempt to use more real memory (actual physical free memory) than was available on the machine. Enter automatic PGA memory management. Here, you first simply set up and size the SGA. The SGA is a fixed-size piece of memory so you can very accurately see how big it is, and that will be its total size (unless and until you change it). You then tell Oracle, "This is how much memory you should try to limit yourself to across all work areas” (a new umbrella term for the sorting and hashing areas you use). Now, you could in theory take a machine with 2GB of physical memory and allocate 768MB of memory to the SGA and 768MB of memory to the PGA, leaving 512MB of memory for the OS and other processes. I say "in theory" because it doesn't work exactly that cleanly, but it's close. Before I discuss why that’s true, let’s take a look at how to set up automatic PGA memory management and turn it on. The process of setting this up involves deciding on the proper values for two instance initialization parameters: • WORKAREA_SIZE_POLICY: This parameter may be set to either MANUAL, which will use the sort area and hash area size parameters to control the amount of memory allocated, or AUTO, in which case the amount of memory allocated will vary based on the current workload in the database. The default and recommended value is AUTO. • PGA_AGGREGATE_TARGET: This parameter controls how much memory the instance should allocate, in total, for all work areas used to sort or hash data. Its default value varies by version and may be set by various tools such as the DBCA. In general, if you are using automatic PGA memory management, you should explicitly set this parameter. ■ Note In Oracle 11g Release 1 and above, instead of setting the PGA_AGGREGATE_TARGET, you can set the MEMORY_TARGET parameter. When the database uses the MEMORY_TARGET parameter, it decides how much memory to allocate to the SGA and PGA respectively. It may also decide to reallocate these memory amounts while the database is up and running. This fact, however, doesn’t affect how automatic PGA memory management (described below) works; rather it just decides the setting for the PGA_AGGREGATE_TARGET. CHAPTER 4 ■ MEMORY STRUCTURES 131 So, assuming that WORKAREA_SIZE_POLICY is set to AUTO and PGA_AGGREGATE_TARGET has a nonzero value, you will be using the new (as of Oracle 9i) automatic PGA memory management. You can “turn it on” in your session via the ALTER SESSION command or at the system level via the ALTER SYSTEM command. ■ Note Bear in mind the previous caveat that in Oracle9i, shared server connections will not use automatic memory management; rather, they will use the SORT_AREA_SIZE and HASH_AREA_SIZE parameters to decide how much RAM to allocate for various operations. In Oracle 10g and up, automatic PGA memory management is available to both connection types. It is important to properly set the SORT_AREA_SIZE and HASH_AREA_SIZE parameters when using shared server connections with Oracle9i. So, the entire goal of automatic PGA memory management is to maximize the use of RAM while at the same time not using more RAM than you want. Under manual memory management, this was a virtually impossible goal to achieve. If you set SORT_AREA_SIZE to 10MB, when one user was performing a sort operation that user would use up to 10MB for the sort work area. If 100 users were doing the same, they would use up to 1,000MB of memory. If you had 500MB of free memory, the single user performing a sort by himself could have used much more memory, and the 100 users should have used much less. That is what automatic PGA memory management was designed to do. Under a light workload, memory usage could be maximized as the load increases on the system, and as more users perform sort or hash operations, the amount of memory allocated to them would decrease—to reach the goal of using all available RAM, but not attempting to use more than physically exists. Determining How the Memory Is Allocated Questions that come up frequently are "How is this memory allocated?" and "What will be the amount of RAM used by my session?" These are hard questions to answer for the simple reason that the algorithms for serving out memory under the automatic scheme are not documented and can and will change from release to release. When using things that begin with "A"—for automatic—you lose a degree of control, as the underlying algorithms decide what to do and how to control things. We can make some observations based on information from MetaLink note 147806.1: • The PGA_AGGREGATE_TARGET is a goal of an upper limit. It is not a value that is pre- allocated when the database is started up. You can observe this by setting the PGA_AGGREGATE_TARGET to a value much higher than the amount of physical memory you have available on your server. You will not see any large allocation of memory as a result. • A serial (nonparallel query) session will use a small percentage of the PGA_AGGREGATE_TARGET, typically about 5 percent or less. So, if you’ve set the PGA_AGGREGATE_TARGET to 100MB, you’d expect to use no more than about 5MB per work area (e.g., the sort or hash work area). You may well have multiple work areas in your session for multiple queries, or more than one sort or hash operation in a single query, but each work area will be about 5 percent or less of the PGA_AGGREGATE_TARGET. Note that this 5 percent is not a hard and fast rule; things change over time, the automatic algorithms can and will change in the database. CHAPTER 4 ■ MEMORY STRUCTURES 132 • As the workload on your server goes up (more concurrent queries, concurrent users), the amount of PGA memory allocated to your work areas will go down. The database will try to keep the sum of all PGA allocations under the threshold set by PGA_AGGREGATE_TARGET. This is analogous to having a DBA sit at a console all day, setting the SORT_AREA_SIZE and HASH_AREA_SIZE parameters based on the amount of work being performed in the database. We will directly observe this behavior shortly in a test. • A parallel query may use up to about 30 percent of the PGA_AGGREGATE_TARGET, with each parallel process getting its slice of that 30 percent. That is, each parallel process would be able to use about 0.3 * PGA_AGGREGATE_TARGET / (number of parallel processes). OK, so how can we observe the different work area sizes being allocated to our session? By applying the same technique we used earlier in the manual memory management section to observe the memory used by our session and the amount of I/O to temp we performed. I performed the following test on a Red Hat Advanced Server 4.0 Linux machine using Oracle 11.2.0.1 and dedicated server connections. This was a two-CPU Dell PowerEdge with hyperthreading enabled, so it was as if there were four CPUs available. We begin by creating a table to hold the metrics we’d like to monitor: create table sess_stats as select name, value, 0 active from ( select a.name, b.value from v$statname a, v$sesstat b where a.statistic# = b.statistic# and b.sid = (select sid from v$mystat where rownum=1) and (a.name like '%ga %' or a.name like '%direct temp%') union all select 'total: ' || a.name, sum(b.value) from v$statname a, v$sesstat b, v$session c where a.statistic# = b.statistic# and (a.name like '%ga %' or a.name like '%direct temp%') and b.sid = c.sid and c.username is not null group by 'total: ' || a.name ); The columns in this table we’ll be using for the metrics represent: • NAME: the name of the statistic we are gathering (PGA and UGA information from V$SESSTAT for the current session, plus all of the memory information for the database instance as well as temporary tablespace writes). • VALUE: the value of the given metric. • ACTIVE: the number of other sessions doing work in the database. Before we start, we assume an “idle” database; we are the only user session right now, hence the value of zero. CHAPTER 4 ■ MEMORY STRUCTURES 133 I then ran the following SQL*Plus script in an interactive session. The table T had been created beforehand (above) with about 70,000 rows in it. connect / set echo on declare l_first_time boolean default true; begin for x in ( select * from t order by 1, 2, 3, 4 ) loop if ( l_first_time ) then insert into sess_stats ( name, value, active ) select name, value, (select count(*) from v$session where status = 'ACTIVE' and username is not null) from ( select a.name, b.value from v$statname a, v$sesstat b where a.statistic# = b.statistic# and b.sid = (select sid from v$mystat where rownum=1) and (a.name like '%ga %' or a.name like '%direct temp%') union all select 'total: ' || a.name, sum(b.value) from v$statname a, v$sesstat b, v$session c where a.statistic# = b.statistic# and (a.name like '%ga %' or a.name like '%direct temp%') and b.sid = c.sid and c.username is not null group by 'total: ' || a.name ); l_first_time := false; end if; end loop; end; / commit; This script sorts the big table T using PGA automatic memory management. Then, for that session, it captures all of the PGA/UGA memory settings as well as sort-to-disk activity. In addition, the UNION ALL adds system-level metrics about the same (total PGA memory, total UGA memory and so on). I ran that script against a database started with the following initialization settings: *.compatible='11.2.0.0.0' *.control_files='/home/ora11gr2/app/ora11gr2/oradata/orcl/control01.ctl','/home/ora11gr2/app /ora11gr2/flash_recovery_area/orcl/control02.ctl' *.db_block_size=8192 *.db_name='orcl' CHAPTER 4 ■ MEMORY STRUCTURES 134 *.db_recovery_file_dest='/home/ora11gr2/app/ora11gr2/flash_recovery_area' *.db_recovery_file_dest_size=4039114752 *.diagnostic_dest='/home/ora11gr2/app/ora11gr2' *.pga_aggregate_target=256m *.sga_target=256m *.open_cursors=300 *.processes=600 *.remote_login_passwordfile='EXCLUSIVE' *.resource_limit=TRUE *.undo_tablespace='UNDOTBS1' These settings show I was using automatic PGA memory management with a PGA_AGGREGATE_TARGET of 256MB, meaning I wanted Oracle to use up to about 256MB of PGA memory for sorting. I set up another script to be run in other sessions to generate a large sorting load on the machine. This script loops and uses a built-in package, DBMS_ALERT, to see if it should continue processing. If it should, it runs the same big query, sorting the entire T table. When the simulation finished, a session could signal all of the sorting processes, the load generators, to "stop" and exit. Here’s the script used to perform the sort: declare l_msg long; l_status number; begin dbms_alert.register( 'WAITING' ); for i in 1 .. 999999 loop dbms_application_info.set_client_info( i ); dbms_alert.waitone( 'WAITING', l_msg, l_status, 0 ); exit when l_status = 0; for x in ( select * from t order by 1, 2, 3, 4 ) loop null; end loop; end loop; end; / Exit and here’s the script to stop these processes from running: begin dbms_alert.signal( 'WAITING', '' ); commit; end; To observe the differing amounts of RAM allocated to the session I was measuring, I initially ran the SELECT in isolation—as the only session. I captured the statistics and saved them into the SESS_STATS table, along with the count of active sessions. Then I added 25 sessions to the system (i.e., I ran the preceding benchmark script with the for i in 1 .. 999999 loop in 25 new sessions). I waited a short period of time—one minute for the system to adjust to this new load—and then I created a new session and ran the single sort query from above, capturing of the metrics the first time through the loop. I did this repeatedly, for up to 500 concurrent users. It should be noted that I asked the database instance to do an impossible thing here. As mentioned previously, based on the first time we ran watch_stat.sql, each connection to Oracle—before even CHAPTER 4 ■ MEMORY STRUCTURES 135 doing a single sort—consumed a little more than .5MB of RAM. At 500 users, we would be very close to the PGA_AGGREGATE_TARGET setting just by having them all logged in, let alone actually doing any work! This drives home the point that the PGA_AGGREGATE_TARGET is just that: a target, not a directive. We can and will exceed this value for various reasons. Now we are ready to report on the finding; for reasons of space, we’ll stop the output at 250 users— since the data starts to get quite repetitive: ops$tkyte%ORA11GR2> column active format 999 ops$tkyte%ORA11GR2> column pga format 999.9 ops$tkyte%ORA11GR2> column "tot PGA" format 999.9 ops$tkyte%ORA11GR2> column pga_diff format 999.99 ops$tkyte%ORA11GR2> column "temp write" format 9,999 ops$tkyte%ORA11GR2> column "tot writes temp" format 99,999,999 ops$tkyte%ORA11GR2> column writes_diff format 9,999,999 ops$tkyte%ORA11GR2> select active, 2 pga, 3 "tot PGA", 4 "tot PGA"-lag( "tot PGA" ) over (order by active) pga_diff, 5 "temp write", 6 "tot writes temp", 7 "tot writes temp"-lag( "tot writes temp" ) over (order by active) writes_diff 8 from ( 9 select * 10 from ( 11 select active, 12 name, 13 case when name like '%ga mem%' then round(value/1024/1024,1) else value end val 14 from sess_stats 15 where active < 275 16 ) 17 pivot ( max(val) for name in ( 18 'session pga memory' as "PGA", 19 'total: session pga memory' as "tot PGA", 20 'physical writes direct temporary tablespace' as "temp write", 21 'total: physical writes direct temporary tablespace' as "tot writes temp" 22 ) ) 23 ) 24 order by active 25 / ACTIVE PGA tot PGA PGA_DIFF temp write tot writes temp WRITES_DIFF ------ ------ ------- -------- ---------- --------------- ----------- 0 2.0 6.2 0 6,658 1 11.4 15.6 9.40 0 6,658 0 26 9.7 103.0 87.40 0 115,179 108,521 51 1.2 164.3 61.30 1,055 345,960 230,781 76 2.8 196.2 31.90 1,057 588,922 242,962 102 1.2 177.8 -18.40 1,715 727,835 138,913 127 1.1 171.3 -6.50 3,699 1,206,949 479,114 151 1.0 191.9 20.60 5,724 1,864,445 657,496 177 1.0 216.9 25.00 6,677 2,736,554 872,109 201 1.0 255.7 38.80 6,686 3,994,030 1,257,476 227 1.0 286.9 31.20 6,683 5,723,449 1,729,419 253 1.0 304.0 17.10 6,669 7,992,572 2,269,123 10 rows selected. CHAPTER 4 ■ MEMORY STRUCTURES 136 Before we analyze the results, let’s look at the query I used for reporting. My query uses a new Oracle Database 11g Release 1 and above feature called pivot to pivot a resultset. Here’s an alternate way to write lines 11 through 22 of that SQL query that would work in 10g Release 2 and before: 11 select active, 12 max( decode(name,'session pga memory',val) ) pga, 13 max( decode(name,'total: session pga memory',val) ) as "tot PGA", 14 max( decode(name, 'physical writes direct temporary tablespace', val) ) as "temp write", 15 max( decode(name, 'total: physical writes direct temporary tablespace', val) ) as "tot writes temp" 16 from ( 17 select active, 18 name, 19 case when name like '%ga mem%' then round(value/1024/1024,1) else value end val 20 from sess_stats 21 where active < 275 22 ) 23 group by active 24 ) This part of the query retrieved the records from the table of metrics when there were less than 225 active sessions, converted the metrics for memory (UGA/PGA memory) from bytes into megabytes, and then pivoted—turned rows into columns—on the four interesting metrics. Once we got those four metrics in a single record, we used analytics (the LAG() function specifically) to add to each row the prior rows’ total observed PGA and total observed IO to temp so we could easily see the incremental differences in these values. Back to the data—as you can see, when I had a few active sessions, my sorts were performed entirely in memory. For an active session count of 1 to somewhere less than 50, I could sort entirely in memory. However, by the time I had 50 users logged in and actively sorting, the database started reining in the amount of memory I was allowed to use at a time. It would have taken a couple of minutes before the amount of PGA being used fell back within acceptable limits (the 256MB request), but eventually it would at these low concurrent user levels. The amount of PGA memory allocated to the session we were watching dropped from 11.4MB to 9.7MB to 1.2MB (and popped back up a bit and then went back down again), and eventually went down to around 1.1 to 1.0MB (remember, parts of that PGA are not for sorting, but are for other operations; just the act of logging in created a .5MB PGA allocation). The total PGA in use by the system remained within tolerable limits until somewhere around 225 users. At that point, I started to exceed on a regular basis the PGA_AGGREGATE_TARGET, and continued to do so until the end of the test. I gave the database instance in this case an impossible task; the very act of having 250 users, most executing PL/SQL, plus the sort they were all requesting, just did not fit into the 256MB of RAM I had targeted. It simply could not be done. Each session therefore used as little memory as possible, but had to allocate as much memory as it needed. By the time I finished this test, 250 active sessions were using a total of 304MB of PGA memory—as little as they could. You should, however, consider what that output would look like under a manual memory management situation. Suppose the SORT_AREA_SIZE had been set to 5MB. The math is very straightforward: each session would be able to perform the sort in RAM (or virtual memory as the machine ran out of real RAM), and thus would consume 6 to 7MB of RAM per session (the amount used without sorting to disk in the previous single-user case). The memory use would look something like this: CHAPTER 4 ■ MEMORY STRUCTURES 137 ops$tkyte%ORA11GR2> column total_pga format 9,999 ops$tkyte%ORA11GR2> with data(users) 2 as 3 (select 1 users from dual 4 union all 5 select users+25 from data where users+25 <= 275) 6 select users, 7 my_pga, 7*users total_pga 7 from data 8 order by users 9 / USERS MY_PGA TOTAL_PGA ---------- ---------- --------- 1 7 7 26 7 182 51 7 357 76 7 532 101 7 707 126 7 882 151 7 1,057 176 7 1,232 201 7 1,407 226 7 1,582 251 7 1,757 11 rows selected. ■ Note This query uses a new technique—recursive subquery factoring—that is available only in Oracle Database 11g Release 2 and above. It will not work in earlier releases. Had I run this test (I have 2GB of real memory on this server and my SGA is 256MB), by the time I got to 250 users, the machine would have begun paging and swapping to the point where it would have been impossible to continue; at 500 users I would have allocated around 3,514MB of RAM! So, the DBA would probably not set the SORT_AREA_SIZE to 5MB on this system, but rather to about 0.5 MB, in an attempt to keep the maximum PGA usage at a bearable level at peak. At 500 users, I would have had about 500MB of PGA allocated, perhaps similar to what we observed with automatic memory management, but even when there were fewer users, we would still have written to temp rather than performing the sort in memory. Manual memory management represents a very predictable—but suboptimal—use of memory as the workload increases or decreases over time. Automatic PGA memory management was designed specifically to allow a small community of users to use as much RAM as possible when it was available, to back off on this allocation over time as the load increased, and increase the amount of RAM allocated for individual operations over time as the load decreased. CHAPTER 4 ■ MEMORY STRUCTURES 138 Using PGA_AGGREGATE_TARGET to Control Memory Allocation Earlier, I wrote that "in theory" we can use the PGA_AGGREGATE_TARGET to control the overall amount of PGA memory used by the instance. We saw in the last example that this is not a hard limit, however. The instance will attempt to stay within the bounds of the PGA_AGGREGATE_TARGET, but if it can’t, it won’t stop processing; rather, it will just be forced to exceed that threshold. Another reason this limit is "theory" is because work areas, though large contributors to PGA memory, are not the only contributors to PGA memory. Many factors contribute to PGA memory allocation and only the work areas are under the control of the database instance. If you create and execute a PL/SQL block of code that fills in a large array with data in dedicated server mode where the UGA is in the PGA, Oracle can’t do anything but allow you to do it. Consider the following quick example. We'll create a package that can hold some persistent (global) data in the server: ops$tkyte%ORA11GR2> create or replace package demo_pkg 2 as 3 type array is table of char(2000) index by binary_integer; 4 g_data array; 5 end; 6 / Package created. Now we'll measure the amount of memory our session is currently using in the PGA/UGA (I used a dedicated server in this example, so the UGA is a subset of the PGA memory): ops$tkyte%ORA11GR2> select a.name, to_char(b.value, '999,999,999') bytes, 2 to_char(round(b.value/1024/1024,1), '99,999.9' ) mbytes 3 from v$statname a, v$mystat b 4 where a.statistic# = b.statistic# 5 and a.name like '%ga memory%'; NAME BYTES MBYTES ------------------------------ ------------ --------- session uga memory 1,367,116 1.3 session uga memory max 1,367,116 1.3 session pga memory 1,868,392 1.8 session pga memory max 1,868,392 1.8 Initially we are using about 1.8MB of PGA memory in our session (as a result of compiling a PL/SQL package, running this query, etc.). Now, we'll run our query against T again using the same 256MB PGA_AGGREGATE_TARGET (this was done in an otherwise idle instance; we are the only session requiring memory right now): ops$tkyte%ORA11GR2> set autotrace traceonly statistics; ops$tkyte%ORA11GR2> select * from t order by 1,2,3,4; 71917 rows selected. Statistics ---------------------------------------------------------- 0 recursive calls 0 db block gets CHAPTER 4 ■ MEMORY STRUCTURES 139 1031 consistent gets 0 physical reads 0 redo size 4078637 bytes sent via SQL*Net to client 53154 bytes received via SQL*Net from client 4796 SQL*Net roundtrips to/from client 1 sorts (memory) 0 sorts (disk) 71917 rows processed ops$tkyte%ORA11GR2> set autotrace off As you can see, the sort was done entirely in memory, and in fact if we peek at our session's PGA/UGA usage, we can see how much we used: ops$tkyte%ORA11GR2> select a.name, to_char(b.value, '999,999,999') bytes, 2 to_char(round(b.value/1024/1024,1), '99,999.9' ) mbytes 3 from v$statname a, v$mystat b 4 where a.statistic# = b.statistic# 5 and a.name like '%ga memory%'; NAME BYTES MBYTES ------------------------------ ------------ --------- session uga memory 1,367,116 1.3 session uga memory max 9,674,632 9.2 session pga memory 1,802,856 1.7 session pga memory max 10,257,000 9.8 We see the same 9-10MB of RAM we observed earlier in the prior test for sorting. Now we’ll fill up that CHAR array we have in the package (a CHAR datatype is blank-padded so each of these array elements is exactly 2,000 characters in length): ops$tkyte%ORA11GR2> begin 2 for i in 1 .. 200000 3 loop 4 demo_pkg.g_data(i) := 'x'; 5 end loop; 6 end; 7 / PL/SQL procedure successfully completed. If we then measure our session's current PGA utilization, we find something similar to the following: ops$tkyte%ORA11GR2> select a.name, to_char(b.value, '999,999,999') bytes, 2 to_char(round(b.value/1024/1024,1), '99,999.9' ) mbytes 3 from v$statname a, v$mystat b 4 where a.statistic# = b.statistic# 5 and a.name like '%ga memory%'; NAME BYTES MBYTES ------------------------------ ------------ --------- session uga memory 469,319,332 447.6 CHAPTER 4 ■ MEMORY STRUCTURES 140 session uga memory max 469,319,332 447.6 session pga memory 470,188,648 448.4 session pga memory max 470,188,648 448.4 Now, that is memory allocated in the PGA that the database itself can’t control. We already exceeded the PGA_AGGREGATE_TARGET set for the entire system in this single session—and there is quite simply nothing the database can do about it. It would have to fail our request if it did anything, and it will do that only when the OS reports back that there is no more memory to give. If we wanted, we could allocate more space in that array and place more data in it, and the database would just have to do it for us. However, the database is aware of what we have done. It does not ignore the memory it can’t control; it simply recognizes that the memory is being used and backs off the size of memory allocated for work areas accordingly. So if we rerun the same sort query, we see that this time we sorted to disk— the database did not give us the 9MB or so of RAM needed to do this in memory since we had already exceeded the PGA_AGGREGATE_TARGET: ops$tkyte%ORA11GR2> set autotrace traceonly statistics; ops$tkyte%ORA11GR2> select * from t order by 1,2,3,4; 71917 rows selected. Statistics ---------------------------------------------------------- 9 recursive calls 7 db block gets 1031 consistent gets 1055 physical reads 0 redo size 4078637 bytes sent via SQL*Net to client 53154 bytes received via SQL*Net from client 4796 SQL*Net roundtrips to/from client 0 sorts (memory) 1 sorts (disk) 71917 rows processed ops$tkyte%ORA11GR2> set autotrace off So, because some PGA memory is outside of Oracle's control, it is easy to exceed the PGA_AGGREGATE_TARGET simply by allocating lots of really large data structures in our PL/SQL code. I am not recommending you do this by any means. I'm just pointing out that the PGA_AGGREGATE_TARGET is more of a request than a hard limit. Choosing Between Manual and Auto Memory Management So, which method should you use, manual or automatic? My preference is to use the automatic PGA memory management by default. CHAPTER 4 ■ MEMORY STRUCTURES 141 ■ Caution I'll repeat this from time to time in this book: please do not make any changes to a production system—a live system—without first testing for any side effects. For example, please do not read this chapter, check your system and find you are using manual memory management—and then just turn on automatic memory management. Query plans may change, and performance may be impacted. One of three things could happen: • Things run exactly the same. • Things run better than they did before. • Things run much worse than they did before. Exercise caution before making changes; test the proposed change first. One of the most perplexing things for a DBA can be setting the individual parameters, especially parameters such as SORT|HASH_AREA_SIZE and so on. I often see systems running with incredibly small values for these parameters—values so small that system performance is massively impacted in a negative way. This is probably a result of the fact that the default values are very small themselves: 64KB for sorting and 128KB for hashing. There’s a lot of confusion over how big or small these values should be. Not only that, but the values you should use for them might vary over time, as the day goes by. At 8:00 am, with two users, a 50MB sort area size might be reasonable for the two users logged in. However, at 12:00 pm with 500 users, 50MB might not be appropriate. This is where the WORKAREA_SIZE_POLICY = AUTO setting and the corresponding PGA_AGGREGATE_TARGET come in handy. Setting the PGA_AGGREGATE_TARGET, the amount of memory you would like Oracle to feel free to use to sort and hash, is conceptually easier than trying to figure out the perfect SORT|HASH_AREA_SIZE, especially since there isn't a perfect value for these parameters; the perfect value varies by workload. Historically, DBAs configured the amount of memory Oracle would use by setting the size of the SGA (the buffer cache; the log buffer; and the shared, large, and Java pools). The remaining memory on the machine would then be used by the dedicated or shared servers in the PGA region. The DBA had little control over how much of this memory would or would not be used. She could set the SORT_AREA_SIZE, but if there were 10 concurrent sorts, Oracle could use as much as 10 * SORT_AREA_SIZE bytes of RAM. If there were 100 concurrent sorts, Oracle would use 100 * SORT_AREA_SIZE bytes; for 1,000 concurrent sorts, 1,000 * SORT_AREA_SIZE; and so on. Couple that with the fact that other things go into the PGA, and you really didn't have good control over the maximal use of PGA memory on the system. What you’d like to happen is for this memory to be allocated differently as the memory demands on the system grow and shrink. The more users, the less RAM each should use. The fewer users, the more RAM each should use. Setting WORKAREA_SIZE_POLICY = AUTO is just the way to achieve this. The DBA specifies a single size now, the PGA_AGGREGATE_TARGET or the maximum amount of PGA memory that the database should strive to use. Oracle then distributes this memory over the active sessions as it sees fit. Further, with Oracle9i Release 2 and up, there is even a PGA advisory (part of statspack and AWR, available via a V$ dynamic performance view and visible in Enterprise Manager), much like the buffer cache advisor. It will tell you over time what the optimal PGA_AGGREGATE_TARGET for your system is to minimize physical I/O to your temporary tablespaces. You can use this information to either dynamically change the PGA size online (if you have sufficient RAM) or decide whether you need more RAM on your server to achieve optimal performance. Are there times, however, when you won't want to use it? Absolutely, but fortunately they seem to be the exception and not the rule. The automatic memory management was designed to be multiuser “fair.” In anticipation of additional users joining the system, the automatic memory management will CHAPTER 4 ■ MEMORY STRUCTURES 142 limit the amount of memory allocated as a percentage of the PGA_AGGREGATE_TARGET. But what happens when you don't want to be fair, when you know that you should get all of the memory available? Well, that would be time to use the ALTER SESSION command to disable automatic memory management in your session (leaving it in place for all others) and to manually set your SORT|HASH_AREA_SIZE as needed. For example, that large batch process that takes place at 2:00 am and does tremendously large hash joins, some index builds, and the like? It should be permitted to use all of the resources on the machine. It does not want to be "fair" about memory use—it wants it all, as it knows it is the only thing happening in the database right now. That batch job can certainly issue the ALTER SESSION command and make use of all resources available. So, in short, I prefer to use automatic PGA memory management for end-user sessions—for the applications that run day to day against my database. Manual memory management makes sense for large batch jobs that run during periods when they are the only activities in the database. PGA and UGA Wrap-up So far, we have looked at two memory structures: the PGA and the UGA. You should understand now that the PGA is private to a process. It is the set of variables that an Oracle dedicated or shared server needs to have independent of a session. The PGA is a "heap" of memory in which other structures may be allocated. The UGA is also a heap of memory in which various session-specific structures may be defined. The UGA is allocated from the PGA when you use a dedicated server to connect to Oracle, and from the SGA under a shared server connection. This implies that when using a shared server, you must size your SGA's large pool to have enough space to cater to every possible user that will ever connect to your database concurrently. So, the SGA of a database supporting shared server connections is generally much larger than the SGA for a similarly configured dedicated server mode-only database. We'll cover the SGA in more detail next. The System Global Area Every Oracle instance has one big memory structure referred to as the System Global Area (SGA). This is a large, shared memory structure that every Oracle process will access at one point or another. It varies in size from a few megabytes on small test systems, to hundreds of megabytes on medium-to-large systems, up to many gigabytes for really big systems. On UNIX, the SGA is a physical entity you can "see" from the OS command line. It is physically implemented as a shared memory segment—a standalone piece of memory to which processes may attach. It is possible to have an SGA on a system without having any Oracle processes; the memory stands alone. It should be noted, however, that if you have an SGA without any Oracle processes, this is an indication that the database crashed in some fashion. It is an unusual situation, but it can happen. This is what an SGA "looks like" on Red Hat Linux: $ ipcs -m | grep ora 0xbba344b8 1540099 ora11gr2 660 270532608 26 0x39381320 1179655 ora10gr2 660 538968064 16 0x6b08d4e8 491529 ora11gr1 640 270532608 21 0x0d998a20 557067 ora9ir2 660 253755392 8 0xe5b0179c 622604 ora10gr1 660 610271232 15 CHAPTER 4 ■ MEMORY STRUCTURES 143 ■ Note I have five instances on my test/demo machine. This is highly unusual. I needed five instances to test the various concepts presented in this book on different releases. The only reasonable, correct number of instances on a production machine is one. In real life, never have more than one instance on a given production server. If you need more than one instance on a physical server, you should use virtualization to split that one server into many virtual servers—each with its own instance of Oracle. Five SGAs are represented here and the report shows the OS account that owns the SGA (ora11gr2 for the first one, for example) and the size of the SGA—258MB for the first example. On Windows, you really can’t see the SGA as a distinct entity the way you can in UNIX/Linux. Because on the Windows platform Oracle executes as a single process with a single address space, the SGA is allocated as private memory to the oracle.exe process. If you use the Windows Task Manager or some other performance tool, you can see how much memory oracle.exe has allocated, but you can’t see what is the SGA versus any other piece of allocated memory. ■ Note Unless you have my parameter settings and you are running my exact same version of Oracle on my exact same OS, you will almost certainly see different numbers than I do. The SGA sizing is very version/OS/parameter- dependent. Within Oracle itself, you can see the SGA regardless of platform, using another magic V$ view called V$SGASTAT. It might look as follows: ops$tkyte%ORA11GR2> compute sum of bytes on pool ops$tkyte%ORA11GR2> break on pool skip 1 ops$tkyte%ORA11GR2> ops$tkyte%ORA11GR2> select pool, name, bytes 2 from v$sgastat 3 order by pool, name; POOL NAME BYTES ------------ ------------------------------ ---------- java pool free memory 4194304 ************ ---------- sum 4194304 large pool PX msg pool 3894304 free memory 300000 ************ ---------- sum 4194304 shared pool 1:kngisga 16052 ADR_CONTROL 1056 ADR_INVALIDATION 464 AQ Propagation Scheduling 16000 ASH buffers 5368712 .. CHAPTER 4 ■ MEMORY STRUCTURES 144 xsoqsehift 2404 xssinfo 5560 ************ ---------- sum 159388244 buffer_cache 92274688 fixed_sga 1335924 log_buffer 6438912 ************ ---------- sum 100049524 863 rows selected. The SGA is broken up into various pools. Here are the major ones you’ll see: • Java pool: The Java pool is a fixed amount of memory allocated for the JVM running in the database. In Oracle10g, the Java pool may be resized online while the database is up and running. • Large pool: The large pool is used by shared server connections for session memory, by parallel execution features for message buffers, and by RMAN backup for disk I/O buffers. This pool is resizable online. • Shared pool: The shared pool contains shared cursors, stored procedures, state objects, dictionary caches, and many dozens of other bits of data. This pool is resizable online in both Oracle 10g and 9i. • Streams pool: This is a pool of memory used exclusively by Oracle Streams, a data- sharing tool within the database. This pool is new in Oracle 10g and is resizable online. If the Streams pool is not configured and you use the Streams functionality, Oracle will use up to 10 percent of the shared pool for streams memory. • The “Null” pool: This one doesn’t really have a name. It is the memory dedicated to block buffers (cached database blocks), the redo log buffer, and a “fixed SGA” area. A typical SGA might look as shown in Figure 4-1. Figure 4-1. Typical SGA CHAPTER 4 ■ MEMORY STRUCTURES 145 The parameters that have the greatest effect on the overall size of the SGA are as follows: • JAVA_POOL_SIZE: Controls the size of the Java pool. • SHARED_POOL_SIZE: Controls the size of the shared pool (to some degree). • LARGE_POOL_SIZE: Controls the size of the large pool. • DB_*_CACHE_SIZE: Eight of these cache_size parameters control the sizes of the various buffer caches available. • LOG_BUFFER: Controls the size of the redo buffer (to some degree). • SGA_TARGET: Used with automatic SGA memory management in Oracle 10g and above. • SGA_MAX_SIZE: Used to control the maximum size to which the SGA can be resized while the database is up and running. • MEMORY_TARGET: Used with automatic memory management (both PGA and SGA automatic memory management). • MEMORY_MAX_SIZE: Used to control the maximum amount of memory Oracle should strive to use over both the PGA and SGA sizes under automatic memory management. This is really just a target; the PGA may exceed the optimum size if the number of users increases beyond some level or a session(s) allocates large untunable bits of memory as demonstrated above. In Oracle9i, the various SGA components must be manually sized by the DBA. Starting in Oracle 10g and above, however, there is a new option to consider: automatic SGA memory management, whereby the database instance will allocate and reallocate the various SGA components at runtime in response to workload conditions. Moreover, starting in Oracle 11g, there’s another new option: automatic memory management, whereby the database instance will not only perform automatic SGA memory management and automatic PGA memory management, it will also decide the optimum size of the SGA and PGA for you—reallocating these allotments automatically when deemed reasonable. Using the automatic SGA memory management with Oracle 10g and above is simply a matter of setting the SGA_TARGET parameter to the desired SGA size, leaving out the other SGA-related parameters altogether. The database instance will take it from there, allocating memory to the various pools as needed and even taking memory away from one pool to give to another over time. When using automatic memory management with Oracle 11g and above, you simply set the MEMORY_TARGET. The database instance will then decide the optimal SGA size and PGA size—and those components will be set up appropriately and do their own automatic memory management within their respective boundaries. Further, the database can and will resize the SGA and PGA allocations as the workload changes over time. Regardless of whether you are using automatic or manual memory management, you’ll find that memory is allocated to the various pools in the SGA in units called granules. A single granule is an area of memory of 4MB, 8MB, or 16MB in size. The granule is the smallest unit of allocation, so if you ask for a Java pool of 5MB and your granule size is 4MB, Oracle will actually allocate 8MB to the Java pool (8 being the smallest number greater than or equal to 5 that is a multiple of the granule size of 4). The size of a granule is determined by the size of your SGA (this sounds recursive to a degree, as the size of the SGA is dependent on the granule size). You can view the granule sizes used for each pool by querying V$SGA_DYNAMIC_COMPONENTS. In fact, we can use this view to see how the total SGA size might affect the size of the granules: CHAPTER 4 ■ MEMORY STRUCTURES 146 ops$tkyte%ORA11GR2> show parameter sga_target NAME TYPE VALUE ------------------------------------ ----------- ------------------------------ sga_target big integer 256M ops$tkyte%ORA11GR2> select component, granule_size from v$sga_dynamic_components; COMPONENT GRANULE_SIZE ---------------------------------------------------------------- ------------ shared pool 4194304 large pool 4194304 java pool 4194304 streams pool 4194304 DEFAULT buffer cache 4194304 KEEP buffer cache 4194304 RECYCLE buffer cache 4194304 DEFAULT 2K buffer cache 4194304 DEFAULT 4K buffer cache 4194304 DEFAULT 8K buffer cache 4194304 DEFAULT 16K buffer cache 4194304 DEFAULT 32K buffer cache 4194304 Shared IO Pool 4194304 ASM Buffer Cache 4194304 14 rows selected. ■ Note This is the SGA information for the Oracle instance started with the initialization parameter file in the previous example. We specified the SGA and PGA sizes ourselves in that parameter file. Therefore we are using automatic SGA memory management and automatic PGA memory management, but not the new in Oracle 11g “memory management” setting, which would have sized and resized our PGA/SGA settings for us. In this example, I used automatic SGA memory management and controlled the size of the SGA via the single parameter SGA_TARGET. When my SGA size is under about 1GB, the granule is 4MB. When the SGA size is increased to some threshold over 1GB (it will vary slightly from operating system to operating system and even from release to release), I see an increased granule size. First we convert to using a stored parameter file to make altering the SGA_TARGET easier: sys%ORA11GR2> create spfile from pfile; File created. sys%ORA11GR2> startup force; ORACLE instance started. Total System Global Area 267825152 bytes Fixed Size 1335924 bytes Variable Size 130026892 bytes Database Buffers 130023424 bytes CHAPTER 4 ■ MEMORY STRUCTURES 147 Redo Buffers 6438912 bytes Database mounted. Database opened. Then we modify the SGA_TARGET: sys%ORA11GR2> alter system set sga_target = 1512m scope=spfile; System altered. sys%ORA11GR2> startup force ORACLE instance started. Total System Global Area 1590267904 bytes Fixed Size 1336792 bytes Variable Size 218106408 bytes Database Buffers 1358954496 bytes Redo Buffers 11870208 bytes Database mounted. Database opened. sys%ORA11GR2> show parameter sga_target NAME TYPE VALUE ------------------------------------ ----------- ------------------------------ sga_target big integer 1520M Now when we look at the SGA components: sys%ORA11GR2> select component, granule_size from v$sga_dynamic_components; COMPONENT GRANULE_SIZE ---------------------------------------------------------------- ------------ shared pool 16777216 large pool 16777216 java pool 16777216 streams pool 16777216 DEFAULT buffer cache 16777216 KEEP buffer cache 16777216 RECYCLE buffer cache 16777216 DEFAULT 2K buffer cache 16777216 DEFAULT 4K buffer cache 16777216 DEFAULT 8K buffer cache 16777216 DEFAULT 16K buffer cache 16777216 DEFAULT 32K buffer cache 16777216 Shared IO Pool 16777216 ASM Buffer Cache 16777216 14 rows selected. As you can see, at 1.5GB of SGA, my pools will be allocated using 16MB granules, so any given pool size will be some multiple of 16MB. With this in mind, let's look at each of the major SGA components in turn. CHAPTER 4 ■ MEMORY STRUCTURES 148 Fixed SGA The fixed SGA is a component of the SGA that varies in size from platform to platform and from release to release. It is "compiled" into the Oracle binary itself at installation time (hence the name "fixed"). The fixed SGA contains a set of variables that point to the other components of the SGA, as well as variables that contain the values of various parameters. The size of the fixed SGA is something over which we have no control, and it is generally very small. Think of this area as a "bootstrap" section of the SGA— something Oracle uses internally to find the other bits and pieces of the SGA. Redo Buffer The redo buffer is where data that needs to be written to the online redo logs will be cached temporarily, before it is written to disk. Since a memory-to-memory transfer is much faster than a memory-to-disk transfer, use of the redo log buffer can speed up database operation. The data will not reside in the redo buffer for very long. In fact, LGWR initiates a flush of this area in one of the following scenarios: • Every three seconds • Whenever someone commits • When LGWR is asked to switch log files • When the redo buffer gets one-third full or contains 1MB of cached redo log data For these reasons, it will be a very rare system that will benefit from a redo buffer of more than a couple of tens of megabytes in size. A large system with lots of concurrent transactions might benefit somewhat from large redo log buffers because while LGWR (the process responsible for flushing the redo log buffer to disk) is writing a portion of the log buffer, other sessions could be filling it up. In general, a long-running transaction that generates a lot of redo log will benefit the most from a larger than normal log buffer, as it will be continuously filling up part of the redo log buffer while LGWR is busy writing out some of it (we’ll cover this phenomenon of writing uncommitted data to the datafiles at length in Chapter 9 “Redo and Undo”). The larger and longer the transaction, the more benefit it could receive from a generous log buffer. The default size of the redo buffer, as controlled by the LOG_BUFFER parameter, varies widely by operating system, database version, and other parameter settings. Rather than try to explain what the most common default size is (there isn’t such a thing), I’ll refer you to the documentation for your release of Oracle (the Reference Guide). My default LOG_BUFFER—given the instance we just started above with a 1.5GB SGA—is shown by the following query: ops$tkyte%ORA11GR2> select value, isdefault 2 from v$parameter 3 where name = 'log_buffer' 4 / VALUE ISDEFAULT -------------------- --------- 11583488 TRUE The size is about 11MB. The minimum size of the default log buffer is OS-dependent. If you’d like to find out what that is, just set your LOG_BUFFER to 1 byte and restart your database. For example, on my Red Hat Linux instance I see the following: CHAPTER 4 ■ MEMORY STRUCTURES 149 ops$tkyte%ORA11GR2> alter system set log_buffer=1 scope=spfile; System altered. ops$tkyte%ORA11GR2> connect / as sysdba; Connected. sys%ORA11GR2> startup force; ORACLE instance started. Total System Global Area 1590267904 bytes Fixed Size 1336792 bytes Variable Size 234883624 bytes Database Buffers 1342177280 bytes Redo Buffers 11870208 bytes Database mounted. Database opened. sys%ORA11GR2> show parameter log_buffer NAME TYPE VALUE ------------------------------------ ----------- ------------------------------ log_buffer integer 1703936 sys%ORA11GR2> select 1703936/1024/1024 from dual; 1703936/1024/1024 ----------------- 1.625 The smallest log buffer I can really have, regardless of my settings, is going to be 1.625MB on this system. Block Buffer Cache So far, we have looked at relatively small components of the SGA. Now we are going to look at one that is potentially huge in size. The block buffer cache is where Oracle stores database blocks before writing them to disk and after reading them in from disk. This is a crucial area of the SGA for us. Make it too small and our queries will take forever to run. Make it too big and we'll starve other processes (e.g., we won't leave enough room for a dedicated server to create its PGA, and we won't even get started). In earlier releases of Oracle, there was a single block buffer cache, and all blocks from any segment went into this single area. Starting with Oracle 8.0, we had three places to store cached blocks from individual segments in the SGA: • Default pool: The location where all segment blocks are normally cached. This is the original—and, previously, the only—buffer pool. • Keep pool: An alternate buffer pool where by convention you assign segments that are accessed fairly frequently, but still get aged out of the default buffer pool due to other segments needing space. • Recycle pool: An alternate buffer pool where by convention you assign large segments that you access very randomly, and which would therefore cause excessive buffer flushing of many blocks from many segments. There’s no benefit to caching such segments because by the time you wanted the block again, it would have been aged out of the cache. You would separate these segments out CHAPTER 4 ■ MEMORY STRUCTURES 150 from the segments in the default and keep pools so they would not cause those blocks to age out of the cache. Note that in the keep and recycle pool descriptions I used the phrase "by convention." There is nothing in place to ensure that you use either the keep pool or the recycle pool in the fashion described. In fact, the three pools manage blocks in a mostly identical fashion; they do not have radically different algorithms for aging or caching blocks. The goal here was to give the DBA the ability to segregate segments to hot, warm, and “do not care to cache” areas. The theory was that objects in the default pool would be hot enough (i.e., used enough) to warrant staying in the cache all by themselves. The cache would keep them in memory since they were very popular blocks. If you had some segments that were fairly popular but not really hot, these would be considered the warm blocks. These segments’ blocks could get flushed from the cache to make room for blocks you used infrequently (the “do not care to cache” blocks). To keep these warm segments' blocks cached, you could do one of the following: • Assign these segments to the keep pool, in an attempt to let the warm blocks stay in the buffer cache longer. • Assign the “do not care to cache” segments to the recycle pool, keeping the recycle pool fairly small so as to let the blocks come into the cache and leave the cache rapidly (decrease the overhead of managing them all). Having to do one of these two things increased the management work the DBA had to perform, as there were three caches to think about, size, and assign objects to. Remember also that there is no sharing among them, so if the keep pool has lots of unused space, it won't give it to the overworked default or recycle pool. All in all, these pools were generally regarded as a very fine, low-level tuning device, only to be used after most other tuning alternatives had been looked at (if I could rewrite a query to do one-tenth the I/O rather then set up multiple buffer pools, that would be my choice!). Starting in Oracle9i, the DBA had up to four more optional caches, the db_Nk_caches, to consider in addition to the default, keep, and recycle pools. These caches were added in support of multiple blocksizes in the database. Prior to Oracle9i, a database would have a single blocksize (typically 2KB, 4KB, 8KB, 16KB, or 32KB). Starting with Oracle9i, however, a database can have a default blocksize, which is the size of the blocks stored in the default, keep, or recycle pool, as well as up to four nondefault blocksizes, as explained in Chapter 3 “Files”. The blocks in these buffer caches are managed in the same way as the blocks in the original default pool—there are no special algorithm changes for them either. Let's now move on to see how the blocks are managed in these pools. Managing Blocks in the Buffer Cache For simplicity, assume that there’s just a single default pool. Because the other pools are managed in the same way, we need only discuss one of them. The blocks in the buffer cache are basically managed in a single place with two different lists pointing at them: • The list of dirty blocks that need to be written by the database block writer (DBWn; we'll take a look at that process a little later) • A list of nondirty blocks The list of nondirty blocks used to be a Least Recently Used (LRU) list in Oracle 8.0 and before. Blocks were listed in order of use. The algorithm has been modified slightly in Oracle8i and in later versions. Instead of maintaining the list of blocks in some physical order, Oracle employs a touch count algorithm, which effectively increments a counter associated with a block as you hit it in the cache. This count is not incremented every time you hit the block, but about once every three seconds if you hit it continuously. You can see this algorithm at work in one of the truly magic sets of tables: the X$ CHAPTER 4 ■ MEMORY STRUCTURES 151 tables. The X$ tables are wholly undocumented by Oracle, but information about them leaks out from time to time. ■ Note I am using a user connected as SYSDBA in the following examples, because the X$ tables are by default visible only to that account. You shouldn’t in practice use the SYSDBA account to run queries. The need to query for information about blocks in the buffer cache is a rare exception to that rule. The X$BH table shows information about the blocks in the block buffer cache (which offers more information than the documented V$BH view). Here, we can see the touch count get incremented as we hit blocks. We can run the following query against that view to find the five "currently hottest blocks" and join that information to the DBA_OBJECTS view to see what segments they belong to. The query orders the rows in X$BH by the TCH (touch count) column and keeps the first five. Then we join the X$BH information to DBA_OBJECTS by X$BH.OBJ to DBA_OBJECTS.DATA_OBJECT_ID: sys%ORA11GR2> select tch, file#, dbablk, 2 case when obj = 4294967295 3 then 'rbs/compat segment' 4 else (select max( '('||object_type||') ' || 5 owner || '.' || object_name ) || 6 decode( count(*), 1, '', ' maybe!' ) 7 from dba_objects 8 where data_object_id = X.OBJ ) 9 end what 10 from ( 11 select tch, file#, dbablk, obj 12 from x$bh 13 where state <> 0 14 order by tch desc 15 ) x 16 where rownum <= 5 17 / TCH FILE# DBABLK WHAT ---------- ---------- ---------- ------------------------------ 65 1 2009 (TABLE) SYS.JOB$ 65 1 2008 (TABLE) SYS.JOB$ 11 1 345 (INDEX) SYS.I_OBJ2 11 1 337 (INDEX) SYS.I_OBJ1 10 1 44528 (INDEX) SYS.I_OBJ2 CHAPTER 4 ■ MEMORY STRUCTURES 152 ■ Note The (2^32 - 1) or 4,294,967,295 referred to in the CASE statement is a magic number used to denote "special" blocks. If you’d like to understand what the underlying block in that instance is associated with, use the query select * from dba_extents where file_id = and block_id <= and block_id+blocks-1 >= . You might be asking what is meant by the 'maybe!' and the use of MAX() in the preceding scalar subquery. This is due to the fact that DATA_OBJECT_ID is not a "primary key" in the DBA_OBJECTS view, as evidenced by the following: sys%ORA11GR2> select data_object_id, count(*) 2 from dba_objects 3 where data_object_id is not null 4 group by data_object_id 5 having count(*) > 1; DATA_OBJECT_ID COUNT(*) -------------- ---------- 29 3 6 3 73317 2 2 18 73350 2 8 3 633 3 664 3 73314 2 73318 2 267 2 420 2 503 7 10 3 0 4 15 rows selected. This is due to clusters (discussed in Chapter 10 on Tables), which may contain multiple tables. Therefore, when joining from X$BH to DBA_OBJECTS to print out a segment name, we would technically have to list all of the names of all of the objects in the cluster, as a database block does not belong to a single table all of the time. We can even watch as Oracle increments the touch count on a block that we query repeatedly. We will use the magic table DUAL in this example—we know it is a one row, one column table. CHAPTER 4 ■ MEMORY STRUCTURES 153 ■ Note Prior to Oracle 10g, querying DUAL would incur a full table scan of a real table named DUAL stored in the data dictionary. If you set autotrace on and query SELECT DUMMY FROM DUAL, you’ll observe some I/O in all releases of Oracle (consistent gets). In 9i and earlier, if you query SELECT SYSDATE FROM DUAL or variable := SYSDATE in PL/SQL, you’ll also see real I/O occur. However, in Oracle 10g, that SELECT SYSDATE is recognized as not needing to actually query the DUAL table (since you are not asking for the column or rowid from DUAL) and is done in a manner similar to calling a function. Therefore DUAL does not undergo a full table scan—only SYSDATE is returned to the application. This small change can dramatically decrease the number of consistent gets a system that uses DUAL heavily performs. So every time we run the following query, we should be hitting the real DUAL table (since we explicitly reference the DUMMY column): sys%ORA11GR2> select tch, file#, dbablk, DUMMY 2 from x$bh, (select dummy from dual) 3 where obj = (select data_object_id 4 from dba_objects 5 where object_name = 'DUAL' 6 and data_object_id is not null) 7 / TCH FILE# DBABLK D ---------- ---------- ---------- - 1 1 929 X 2 1 928 X sys%ORA11GR2> exec dbms_lock.sleep(3.2); PL/SQL procedure successfully completed. sys%ORA11GR2> / TCH FILE# DBABLK D ---------- ---------- ---------- - 2 1 929 X 3 1 928 X sys%ORA11GR2> exec dbms_lock.sleep(3.2); PL/SQL procedure successfully completed. sys%ORA11GR2> / TCH FILE# DBABLK D ---------- ---------- ---------- - 3 1 929 X 4 1 928 X CHAPTER 4 ■ MEMORY STRUCTURES 154 sys%ORA11GR2> exec dbms_lock.sleep(3.2); PL/SQL procedure successfully completed. sys%ORA11GR2> / TCH FILE# DBABLK D ---------- ---------- ---------- - 4 1 929 X 5 1 928 X I expect output to vary by Oracle release; you may well see more than two rows returned. You might observe TCH not getting incremented every time. On a multiuser system, the results will be even more unpredictable. Oracle will attempt to increment the TCH once every three seconds (there is a TIM column that shows the last update time to the TCH column), but it is not considered important that the number be 100 percent accurate, as it is close. Also, Oracle will intentionally "cool" blocks and decrement the TCH count over time. So, if you run this query on your system, be prepared to see potentially different results. So, in Oracle8i and above, a block buffer no longer moves to the head of the list as it used to; rather, it stays where it is in the list and has its touch count incremented. Blocks will naturally tend to "move" in the list over time, however. I put the word "move" in quotes because the block doesn't physically move; rather, multiple lists are maintained that point to the blocks and the block will "move" from list to list. For example, modified blocks are pointed to by a dirty list (to be written to disk by DBWn). Also, as they are reused over time, when the buffer cache is effectively full, and some block with a small touch count is freed, it will be "placed" into approximately the middle of the list with the new data block. The whole algorithm used to manage these lists is fairly complex and changes subtly from release to release of Oracle as improvements are made. The actual full details are not relevant to us as developers, beyond the fact that heavily used blocks will be cached, and blocks that are not used heavily will not be cached for long. ■ Note If you’ve been following along, running the examples in your database, take this opportunity to log out of the SYSDBA account and get back in with your own account! Multiple Block Sizes Starting in Oracle9i, you can have multiple database blocksizes in the same database. Previously, all blocks in a single database were the same size and in order to have a different blocksize, you had to rebuild the entire database. Now you can have a mixture of the "default" blocksize (the blocksize you used when you initially created the database; the size that is used for the SYSTEM and all TEMPORARY tablespaces) and up to four other blocksizes. Each unique blocksize must have its own buffer cache area. The default, keep, and recycle pools will only cache blocks of the default size. In order to have a nondefault blocksize in your database, you need to have configured a buffer pool to hold them. In this example, my default blocksize is 8KB. I will attempt to create a tablespace with a 16KB blocksize: ops$tkyte%ORA11GR2> create tablespace ts_16k 2 datafile '/tmp/ts_16k.dbf' 3 size 5m 4 blocksize 16k; CHAPTER 4 ■ MEMORY STRUCTURES 155 create tablespace ts_16k * ERROR at line 1: ORA-29339: tablespace block size 16384 does not match configured block sizes ops$tkyte%ORA11GR2> show parameter 16k NAME TYPE VALUE ------------------------------------ ----------- ------------------------------ db_16k_cache_size big integer 0 Right now, since I have not configured a 16KB cache, I can’t create such a tablespace. I could do one of a couple of things right now to rectify this situation. I could set the db_16k_cache_size parameter and restart the database. I could shrink one of my other SGA components in order to make room for a 16KB cache in the existing SGA. Or, I might be able to just allocate a 16KB cache if the SGA_MAX_SIZE parameter was larger than my current SGA size. ■ Note Starting in Oracle9i, you can resize various SGA components while the database is up and running. If you want to be able to "grow" the size of the SGA beyond its initial allocation, you must have set the SGA_MAX_SIZE parameter to some value larger than the allocated SGA. For example, if after startup your SGA size was 128MB and you wanted to add an additional 64MB to the buffer cache, you would have had to set the SGA_MAX_SIZE to 192MB or larger to allow for the growth. In this example, I will set the db_16k_cache_size and restart, since I’m using automatic SGA memory management and don ‘t wish to set any of the other caches manually: ops$tkyte%ORA11GR2> alter system set sga_target = 256m scope=spfile; System altered. ops$tkyte%ORA11GR2> alter system set db_16k_cache_size = 16m scope=spfile; System altered. ops$tkyte%ORA11GR2> connect / as sysdba Connected. sys%ORA11GR2> startup force ORACLE instance started. Total System Global Area 267825152 bytes Fixed Size 1335924 bytes Variable Size 134221196 bytes Database Buffers 130023424 bytes Redo Buffers 2244608 bytes Database mounted. Database opened. CHAPTER 4 ■ MEMORY STRUCTURES 156 sys%ORA11GR2> show parameter 16k NAME TYPE VALUE ------------------------------------ ----------- ------------------------------ db_16k_cache_size big integer 16M So, now I have another buffer cache set up: one to cache any blocks that are 16KB in size. The default pool will consume the rest of the buffer cache space, as you can see by querying V$SGASTAT. These two caches are mutually exclusive; if one "fills up," it can’t use space in the other. This gives the DBA a very fine degree of control over memory use, but it comes at a price. That price is complexity and management. These multiple blocksizes were not intended as a performance or tuning feature (if you need multiple caches, you have the default, keep and recycle pools already!), but rather came about in support of transportable tablespaces—the ability to take formatted data files from one database and transport or attach them to another database. They were implemented in order to take datafiles from a transactional system that was using an 8KB blocksize and transport that information to a data warehouse using a 16KB or 32KB blocksize. The multiple blocksizes do serve a good purpose, however, in testing theories. If you want to see how your database would operate with a different blocksize—how much space, for example, a certain table would consume if you used a 4KB block instead of an 8KB block—you can now test that easily without having to create an entirely new database instance. You may also be able to use multiple blocksizes as a very finely focused tuning tool for a specific set of segments, by giving them their own private buffer pools. Or, in a hybrid system, transactional users could use one set of data and reporting/warehouse users could query a separate set of data. The transactional data would benefit from the smaller blocksizes due to less contention on the blocks (less data/rows per block means fewer people in general would go after the same block at the same time) as well as better buffer cache utilization (users read into the cache only the data they are interested in—the single row or small set of rows). The reporting/warehouse data, which might be based on the transactional data, would benefit from the larger blocksizes due in part to less block overhead (it takes less storage overall) and larger logical I/O sizes perhaps. And since reporting/warehouse data does not have the same update contention issues, the fact that there are more rows per block is not a concern but a benefit. Moreover, the transactional users get their own buffer cache in effect; they don’t have to worry about the reporting queries overrunning their cache. But in general, the default, keep, and recycle pools should be sufficient for fine-tuning the block buffer cache, and multiple blocksizes would be used primarily for transporting data from database to database and perhaps for a hybrid reporting/transactional system. Shared Pool The shared pool is one of the most critical pieces of memory in the SGA, especially with regard to performance and scalability. A shared pool that is too small can kill performance to the point that the system appears to hang. A shared pool that is too large can have the same effect. A shared pool that is used incorrectly will be a disaster as well. What exactly is the shared pool? The shared pool is where Oracle caches many bits of "program" data. When we parse a query, the parsed representation is cached there. Before we go through the job of parsing an entire query, Oracle searches the shared pool to see if the work has already been done. PL/SQL code that you run is cached in the shared pool, so the next time you run it, Oracle doesn't have to read it in from disk again. PL/SQL code is not only cached here, it is shared here as well. If you have 1,000 sessions all executing the same code, only one copy of the code is loaded and shared among all sessions. Oracle stores the system parameters in the shared pool. The data dictionary cache (cached information about database objects) is stored here. In short, everything but the kitchen sink is stored in the shared pool. CHAPTER 4 ■ MEMORY STRUCTURES 157 The shared pool is characterized by lots of small (generally 4KB or less) chunks of memory. Bear in mind that 4KB is not a hard limit. There will be allocations that exceed that size, but in general the goal is to use small chunks of memory to prevent the fragmentation that would occur if memory chunks were allocated in radically different sizes, from very small to very large. The memory in the shared pool is managed on an LRU basis. It is similar to the buffer cache in that respect—if you don't use it, you'll lose it. A supplied package called DBMS_SHARED_POOL may be used to change this behavior—to forcibly pin objects in the shared pool. You can use this procedure to load up your frequently used procedures and packages at database startup time, and make it so they are not subject to aging out. Normally, though, if over time a piece of memory in the shared pool is not reused, it will become subject to aging out. Even PL/SQL code, which can be rather large, is managed in a paging mechanism so that when you execute code in a very large package, only the code that is needed is loaded into the shared pool in small chunks. If you don't use it for an extended period of time, it will be aged out if the shared pool fills up and space is needed for other objects. The easiest way to break Oracle's shared pool is to not use bind variables. As you saw in Chapter 1 “Developing Successful Oracle Applications,” not using bind variables can bring a system to its knees for two reasons: • The system spends an exorbitant amount of CPU time parsing queries. • The system uses large amounts of resources managing the objects in the shared pool as a result of never reusing queries. If every query submitted to Oracle is a unique query with the values hard-coded, the concept of the shared pool is substantially defeated. The shared pool was designed so that query plans would be used over and over again. If every query is a brand-new, never-before-seen query, then caching only adds overhead. The shared pool becomes something that inhibits performance. A common but misguided technique that many use to try to solve this issue is adding more space to the shared pool, which typically only makes things worse than before. As the shared pool inevitably fills up once again, it gets to be even more of an overhead than the smaller shared pool, for the simple reason that managing a big, full shared pool takes more work than managing a smaller, full shared pool. The only true solution to this problem is to use shared SQL to reuse queries. Earlier, in Chapter 1, we briefly looked at the parameter CURSOR_SHARING, which can work as a short-term crutch in this area. The only real way to solve this issue, however, is to use reusable SQL in the first place. Even on the largest of large systems, I find that there are typically at most 10,000 to 20,000 unique SQL statements. Most systems execute only a few hundred unique queries. The following real-world example demonstrates just how bad things can get if you use the shared pool poorly. I was asked to work on a system where the standard operating procedure was to shut down the database every night, to wipe out the SGA and restart it clean. The reason for doing this was that the system was having issues during the day whereby it was totally CPU-bound and, if the database were left to run for more than a day, performance really started to decline. They were using a 1GB shared pool inside of a 1.1GB SGA. This is true: 0.1GB dedicated to block buffer cache and other elements and 1GB dedicated to caching unique queries that would never be executed again. The reason for the cold start was that if they left the system running for more than a day, they would run out of free memory in the shared pool. At that point, the overhead of aging structures out (especially from a structure so large) was such that it overwhelmed the system and performance was massively degraded (not that performance was that great anyway, since they were managing a 1GB shared pool). Furthermore, the people working on this system constantly wanted to add more and more CPUs to the machine, as hard-parsing SQL is so CPU-intensive. By correcting the application and allowing it to use bind variables, not only did the physical machine requirements drop (they then had many times more CPU power than they needed), but also the allocation of memory to the various pools was reversed. Instead of a 1GB shared pool, they had less than 100MB allocated—and they never used it all over many weeks of continuous uptime. One last comment about the shared pool and the parameter SHARED_POOL_SIZE. In Oracle9i and before, there is no direct relationship between the outcome of the query CHAPTER 4 ■ MEMORY STRUCTURES 158 ops$tkyte@ORA9IR2> select sum(bytes) from v$sgastat where pool = 'shared pool'; SUM(BYTES) ---------- 100663296 and the SHARED_POOL_SIZE parameter ops$tkyte@ORA9IR2> show parameter shared_pool_size NAME TYPE VALUE ------------------------------------ ----------- ------------------------------ shared_pool_size big integer 83886080 other than the fact that the SUM(BYTES) FROM V$SGASTAT will always be larger than the SHARED_POOL_SIZE. The shared pool holds many other structures that are outside the scope of the corresponding parameter. The SHARED_POOL_SIZE is typically the largest contributor to the shared pool as reported by the SUM(BYTES), but it is not the only contributor. For example, the parameter CONTROL_FILES contributes 264 bytes per file to the "miscellaneous" section of the shared pool. It is unfortunate that the "shared pool" in V$SGASTAT and the parameter SHARED_POOL_SIZE are named as they are, since the parameter contributes to the size of the shared pool, but it is not the only contributor. In Oracle 10g and above, however, you should see a one-to-one correspondence between the two, assuming you are using manual SGA memory management (i.e., you have set the shared_pool_size parameter yourself): ops$tkyte@ORA10G> select sum(bytes)/1024/1024 mbytes 2 from v$sgastat where pool = 'shared pool'; MBYTES ---------- 128 ops$tkyte@ORA10G> show parameter shared_pool_size; NAME TYPE VALUE ------------------------------------ ----------- ------------------------------ shared_pool_size big integer 128M ■ Note I was using manual memory management in this example! This is a relatively important change as you go from Oracle9i and before to 10g. In Oracle 10g, the SHARED_POOL_SIZE parameter controls the size of the shared pool, whereas in Oracle9i and before, it was just the largest contributor to the shared pool. You should review your 9i and before actual shared pool size (based on V$SGASTAT) and use that figure to set your SHARED_POOL_SIZE parameter in Oracle 10g and above. The various other components that used to add to the size of the shared pool now expect you to allocate that memory for them. CHAPTER 4 ■ MEMORY STRUCTURES 159 Large Pool The large pool is not so named because it is a "large" structure (although it may very well be large in size). It is so named because it is used for allocations of large pieces of memory that are bigger than the shared pool is designed to handle. Prior to the introduction of the large pool in Oracle 8.0, all memory allocation took place in the shared pool. This was unfortunate if you were using features that made use of "large" memory allocations, such as shared server UGA memory allocations. This issue was further confounded by the fact that processing, which tended to need a lot of memory allocation, would use the memory in a manner different from the way the shared pool managed it. The shared pool manages memory on an LRU basis, which is perfect for caching and reusing data. Large memory allocations, however, tend to get a chunk of memory, use it, and then be done with it. There was no need to cache this memory. What Oracle needed was something similar to the recycle and keep buffer pools implemented for the block buffer cache, and that’s exactly what the large pool and shared pool are now. The large pool is a recycle-style memory space, whereas the shared pool is more like the keep buffer pool—if people appear to be using something frequently, then you keep it cached. Memory allocated in the large pool is managed in a heap, much in the way C manages memory via malloc() and free(). As soon as you "free" a chunk of memory, it can be used by other processes. In the shared pool, there really was no concept of freeing a chunk of memory. You would allocate memory, use it, and then stop using it. After a while, if that memory needed to be reused, Oracle would age out your chunk of memory. The problem with using only a shared pool is that one size doesn't always fit all. The large pool is used specifically by: • Shared server connections, to allocate the UGA region in the SGA. • Parallel execution of statements, to allow for the allocation of interprocess message buffers, which are used to coordinate the parallel query servers. • Backup for RMAN disk I/O buffers in some cases. As you can see, none of these memory allocations should be managed in an LRU buffer pool designed to manage small chunks of memory. With shared server connection memory, for example, once a session logs out, this memory is never going to be reused so it should be immediately returned to the pool. Also, shared server UGA memory allocation tends to be "large." If you review the earlier examples with the SORT_AREA_RETAINED_SIZE or PGA_AGGREGATE_TARGET, you’ll remember that the UGA can grow very large and is definitely bigger than 4KB chunks. Putting shared server memory into the shared pool causes it to fragment into odd-sized pieces and, furthermore, you will find that large pieces of memory that will never be reused will age out memory that could be reused. This forces the database to do more work to rebuild that memory structure later. The same is true for parallel query message buffers, since they are not LRU-manageable. They are allocated and can’t be freed until they are done being used. Once they have delivered their message, they are no longer needed and should be released immediately. With backup buffers, this applies to an even greater extent—they are large, and once Oracle is done using them, they should just "disappear." The large pool is not mandatory when using shared server connections, but it is highly recommended. If you don’t have a large pool and use a shared server connection, the allocations come out of the shared pool as they always did in Oracle 7.3 and before. This will definitely lead to degraded performance over some period of time and should be avoided. The large pool will default to some size if the parameter DBWR_IO_SLAVES or PARALLEL_MAX_SERVERS is set to some positive value. You should set the size of the large pool manually if you are using a feature that employs it. The default mechanism is typically not the appropriate value for your situation. CHAPTER 4 ■ MEMORY STRUCTURES 160 Java Pool The Java pool was added in version 8.1.5 of Oracle to support running Java in the database. If you code a stored procedure in Java, Oracle will use this chunk of memory when processing that code. The parameter JAVA_POOL_SIZE is used to fix the amount of memory allocated to the Java pool for all session-specific Java code and data. The Java pool is used in different ways, depending on the mode in which the Oracle server is running. In dedicated server mode, the Java pool includes the shared part of each Java class, which is actually used per session. These are basically the read-only parts (execution vectors, methods, etc.) and are about 4KB to 8KB per class. Thus, in dedicated server mode the total memory required for the Java pool is quite modest and can be determined based on the number of Java classes you’ll be using. Note that none of the per-session state is stored in the SGA in dedicated server mode, as this information is stored in the UGA and, as you will recall, the UGA is included in the PGA in dedicated server mode. When connecting to Oracle using a shared server connection, the Java pool includes both of the following: • The shared part of each Java class. • Some of the UGA used for per-session state of each session, which is allocated from the JAVA_POOL within the SGA. The remainder of the UGA will be located as usual in the shared pool, or if the large pool is configured, it will be located there instead. As the total size of the Java pool is fixed in Oracle9i and before, application developers will need to estimate the total requirement of their applications and multiply this estimate by the number of concurrent sessions they need to support. This number will dictate the overall size of the Java pool. Each Java UGA will grow or shrink as needed, but bear in mind that the pool must be sized such that all UGAs combined can fit in it at the same time. In Oracle 10g and above, this parameter may be modified, and the Java pool may grow and shrink over time without the database being restarted. Streams Pool The Streams pool is a new SGA structure starting in Oracle 10g. Streams itself is a new database feature as of Oracle9i Release 2 and above. It was designed as a data sharing/replication tool and is one of Oracle's stated directions going forward for data replication. ■ Note The statement that Streams “is one of Oracle’s stated directions going forward for data replication” should not be interpreted as meaning that Advanced Replication, Oracle's now legacy replication feature, is going away anytime soon. Rather, Advanced Replication will continue to be supported in future releases. To learn more about Streams itself, see the “Streams Concepts Guide” at http://otn.oracle.com in the documentation section. The Streams pool (or up to 10 percent of the shared pool if no Streams pool is configured) is used to buffer queue messages used by the Streams process as it moves or copies data from one database to another. Instead of using permanent disk-based queues, with their attendant overhead, Streams uses in- memory queues. If these queues fill up, they eventually spill over to disk. If the Oracle instance with the CHAPTER 4 ■ MEMORY STRUCTURES 161 memory queue fails for some reason, due to an instance failure (software crash), power failure, or whatever, these in-memory queues are rebuilt from the redo logs. So, the Streams pool will only be important in systems using the Streams database feature. In those environments, it should be set in order to avoid "stealing" 10 percent of the shared pool for this feature. Automatic SGA Memory Management Just as there are two ways to manage PGA memory, there are two ways to manage SGA memory starting in Oracle 10g and above: manually by setting all of the necessary pool and cache parameters, and automatically by setting just a few memory parameters and a single SGA_TARGET parameter. By setting the SGA_TARGET parameter, you are allowing the instance to size and resize various SGA components. ■ Note In Oracle9i and before, only manual SGA memory management was available—the parameter SGA_TARGET did not exist and the parameter SGA_MAX_SIZE was a limit, not a dynamic target. In Oracle 10g and above, memory-related parameters are classified into one of two areas: • Auto-tuned SGA parameters: Currently these are db_cache_size, shared_pool_size, large_pool_size, and java_pool_size. • Manual SGA parameters: These include log_buffer, streams_pool, db_Nk_cache_size, db_keep_cache_size, and db_recycle_cache_size. At any time in Oracle 10g and above, you may query V$SGAINFO to see which components of the SGA are resizable: ops$tkyte%ORA11GR2> select * from V$SGAINFO; NAME BYTES RES ---------------------------------------- ---------- --- Fixed SGA Size 1335924 No Redo Buffers 2244608 No Buffer Cache Size 113246208 Yes Shared Pool Size 142606336 Yes Large Pool Size 4194304 Yes Java Pool Size 4194304 Yes Streams Pool Size 0 Yes Shared IO Pool Size 0 Yes Granule Size 4194304 No Maximum SGA Size 267825152 No Startup overhead in Shared Pool 109051904 No Free SGA Memory Available 0 12 rows selected. CHAPTER 4 ■ MEMORY STRUCTURES 162 ■ Note To use automatic SGA memory management, the parameter statistics_level must be set to TYPICAL or ALL. If statistics collection is not enabled, the database will not have the historical information needed to make the necessary sizing decisions. Under automatic SGA memory management, the primary parameter for sizing the auto-tuned components is SGA_TARGET, which may be dynamically sized while the database is up and running, up to the setting of the SGA_MAX_SIZE parameter. This defaults to be equal to the SGA_TARGET, so if you plan on increasing the SGA_TARGET, you must have set the SGA_MAX_SIZE larger before starting the database instance. The database will use the SGA_TARGET value, minus the size of any of the other manually sized components such as the db_keep_cache_size, db_recycle_cache_size, and so on, and use that amount of memory to size the default buffer pool, shared pool, large pool, and Java pool. Dynamically at runtime, the instance will allocate and reallocate memory among those four memory areas as needed. Instead of returning an ORA-04031 "Unable to allocate N bytes of shared memory" error to a user when the shared pool runs out of memory, the instance could instead choose to shrink the buffer cache by some number of megabytes (a granule size) and increase the shared pool by that amount. Over time, as the memory needs of the instance are ascertained, the size of the various SGA components would become more or less fixed in size. The database also remembers the sizes of these four components across database startup and shutdown so that it doesn't have to start all over again figuring out the right size for your instance each time. It does this via four double-underscore parameters: __db_cache_size, __java_pool_size, __large_pool_size, and __shared_pool_size. During a normal or immediate shutdown, the database will record these values to the stored parameter file and use them at startup to set the default sizes of each area. ■ Note This last feature, of storing the recommended values for the pools, only works if you are using stored parameter files. Additionally, if you know you want a certain minimum value to be used for one of the four areas, you may set that parameter in addition to setting the SGA_TARGET. The instance will use your setting as the lower bound, or the smallest size that particular area may be. Automatic Memory Management Starting in Oracle Database 11g Release 1 and above, the database also offers automatic memory management—sort of a one stop shop for all of your memory settings. With Oracle 10g and automatic SGA memory management—the DBA could get away with just two major memory settings—the pga_aggregrate_target and the sga_target. The database would automatically allocate and reallocate memory chunks within each as described above. In Oracle Database 11g, the DBA can now get away with setting a single memory parameter—the memory_target. This memory_target represents the total amount of memory the combined SGA and PGA allocations should strive to stay within (remember, the PGA memory can be somewhat uncontrollable!). The database will dynamically determine what the proper SGA size is and what the proper PGA size is, based on workload history). Over time, as the workload performed in the database changes, the allocations to the SGA and PGA will change as well. For example, if you are heavy OLTP (Online Transaction Processing) during the day and heavy batch CHAPTER 4 ■ MEMORY STRUCTURES 163 processing at night, you might discover that the daytime SGA is much larger than the PGA and the nighttime SGA is much smaller than the PGA. This would reflect the different memory needs of these two application types. Just as with automatic SGA memory management, the DBA can set up lower bounds for the size of each memory area by setting the SGA_TARGET and PGA_AGGREGATE_TARGET, or the lower bound of each of the pools in the SGA by setting their values to that lower bound. The database will remember the optimal settings for the pools and the SGA and PGA in the stored parameter file if you are using one. For example, on one of my test systems I’ve set: • memory_target = 756m • sga_target = 256m • pga_aggregate_target = 256m The stored parameter file for that database currently has: sys%ORA11GR2> create pfile='/tmp/pfile' from spfile; File created. sys%ORA11GR2> !cat /tmp/pfile; ora11gr2.__db_cache_size=88080384 ora11gr2.__java_pool_size=4194304 ora11gr2.__large_pool_size=4194304 ora11gr2.__pga_aggregate_target=524288000 ora11gr2.__sga_target=268435456 ora11gr2.__shared_io_pool_size=0 ora11gr2.__shared_pool_size=146800640 ora11gr2.__streams_pool_size=0 *.compatible='11.2.0.0.0' *.control_files='/home/ora11gr2/app/ora11gr2/oradata/orcl/control01.ctl','/home/ora11gr2/ app/ora11gr2/flash_recovery_area/orcl/control02.ctl' *.db_16k_cache_size=16777216 *.db_block_size=8192 *.db_name='orcl' *.db_recovery_file_dest='/home/ora11gr2/app/ora11gr2/flash_recovery_area' *.db_recovery_file_dest_size=4039114752 *.diagnostic_dest='/home/ora11gr2/app/ora11gr2' *.log_buffer=1 *.memory_target=792723456 *.open_cursors=300 *.pga_aggregate_target=256m *.processes=600 *.remote_login_passwordfile='EXCLUSIVE' *.resource_limit=TRUE *.sga_target=268435456 *.undo_tablespace='UNDOTBS1' As you can see, the double-underscore parameters in bold now include the __sga_target and __pga_aggregate_target settings as well as the various pools. These values are derived based on the last three memory parameters shown in bold, as well as the observed server workload. In this fashion, Oracle will remember your last optimal SGA/PGA settings and use them upon the next restart. CHAPTER 4 ■ MEMORY STRUCTURES 164 Summary In this chapter, we took a look at the Oracle memory structure. We started at the process and session level, examining the PGA and UGA and their relationship. We saw how the mode in which we connect to Oracle dictates how memory is organized. A dedicated server connection implies more memory used in the server process than under a shared server connection, but that use of a shared server connection implies there will be the need for a significantly larger SGA. Then we discussed the main structures of the SGA itself. We discovered the differences between the shared pool and the large pool, and looked at why we might want a large pool to "save" our shared pool. We covered the Java pool and how it is used under various conditions, and we looked at the block buffer cache and how that can be subdivided into smaller, more focused pools. Now we are ready to move on to the physical processes that make up the rest of an Oracle instance. C H A P T E R 5 ■ ■ ■ 165 Oracle Processes We’ve reached the last piece of the architecture puzzle. We’ve investigated the database and the set of physical files that constitute a database. In covering the memory used by Oracle, we’ve looked at one half of an instance. The last remaining architectural issue to cover is the set of processes that constitute the other half of the instance. Each process in Oracle will perform a particular task or set of tasks, and each will have internal memory (PGA memory) allocated by it to perform its job. An Oracle instance has three broad classes of processes: • Server processes: These perform work based on a client’s request. We have already looked at dedicated and shared servers to some degree. These are the server processes. • Background processes: These are the processes that start up with the database and perform various maintenance tasks, such as writing blocks to disk, maintaining the online redo log, cleaning up aborted processes, maintaining Automatic Workload Repository (AWR) and so on. • Slave processes: These are similar to background processes, but they are processes that perform extra work on behalf of either a background or a server process. Some of these processes, such as the database block writer (DBWn) and the log writer (LGWR), have cropped up already, but here we’ll take a closer look at the function of each, and what each does and why. ■ Note When I use the term process in this chapter, consider it to be synonymous with the term thread on operating systems where Oracle is implemented with threads (such as Windows). In the context of this chapter, I use the term process to cover both processes and threads. If you are using an implementation of Oracle that is multiprocess, such as you see on UNIX, the term process is totally appropriate. If you are using a single-process implementation of Oracle, such as you see on Windows, the term process will actually mean thread within the Oracle process. So, for example, when I talk about the DBWn process, the equivalent on Windows is the DBWn thread within the Oracle process. CHAPTER 5 ■ ORACLE PROCESSES 166 Server Processes Server processes are those that perform work on behalf of a client session. They are the processes that ultimately receive and act on the SQL statements our applications send to the database. In Chapter 2, “Architecture Overview,” we briefly touched on the two main connection types to Oracle, namely the following: • Dedicated server: There is a dedicated process on the server for your connection. There is a one-to-one mapping between a connection to the database and a server process or thread. • Shared server: Many sessions share a pool of server processes spawned and managed by the Oracle instance. Your connection is to a database dispatcher, not to a dedicated server process created just for your connection. ■ Note It is important to understand the difference between a connection and a session in Oracle terminology. A connection is just a physical path between a client process and an Oracle instance (e.g., a network connection between you and the instance). A session, on the other hand, is a logical entity in the database, where a client process can execute SQL and so on. Many independent sessions can be associated with a single connection, and these sessions can even exist independently of a connection. We will discuss this further shortly. Both dedicated and shared server processes have the same job: they process all of the SQL you give to them. When you submit a SELECT * FROM EMP query to the database, an Oracle dedicated/shared server process parses the query and places it into the shared pool (or finds it in the shared pool already, hopefully). This process comes up with the query plan, if necessary, and executes the query plan, perhaps finding the necessary data in the buffer cache or reading the data from disk into the buffer cache. These server processes are the workhorse processes. Often, you will find these processes to be the highest consumers of CPU time on your system, as they are the ones that do your sorting, your summing, your joining—pretty much everything. Dedicated Server Connections In dedicated server mode, there will be a one-to-one mapping between a client connection and a server process (or thread, as the case may be). If you have 100 dedicated server connections on a UNIX machine, there will be 100 processes executing on their behalf. Graphically, it looks as shown in Figure 5-1. CHAPTER 5 ■ ORACLE PROCESSES 167 Figure 5-1. Typical dedicated server connection Your client application will have Oracle libraries linked into it. These libraries provide the APIs you need in order to talk to the database. These APIs know how to submit a query to the database and process the cursor that is returned. They know how to bundle your requests into network calls that the dedicated server will know how to unbundle. This piece of software is called Oracle Net, although in prior releases you might have known it as SQL*Net or Net8. This is the networking software/protocol that Oracle employs to allow for client/server processing (even in an n-tier architecture, there is a client/server program lurking). Oracle employs this same architecture even if Oracle Net is not technically involved in the picture. That is, even when the client and server are on the same machine this two-process (also known as two-task) architecture is still employed. This architecture provides two benefits: • Remote execution: It is very natural for the client application to be executing on a machine other than the database itself. • Address space isolation: The server process has read-write access to the SGA. An errant pointer in a client process could easily corrupt data structures in the SGA if the client process and server process were physically linked together. In Chapter 2, “Architecture Overview,” we saw how these dedicated servers are spawned or created by the Oracle listener process. I won’t cover that process again; rather, we’ll quickly look at what happens when the listener isn’t involved. The mechanism is much the same as it was with the listener, but instead of the listener creating the dedicated server via a fork()/exec() in UNIX or an interprocess communication (IPC) call in Windows, the client process itself creates it. CHAPTER 5 ■ ORACLE PROCESSES 168 ■ Note There are many variants of the fork() and exec() calls, such as vfork() and execve(). The call used by Oracle may vary by operating system and implementation, but the net effect is the same. fork() creates a new process that is a clone of the parent process; on UNIX, this is the only way to create a new process. exec() loads a new program image over the existing program image in memory, thus starting a new program. So, SQL*Plus can fork (copy itself) and then exec the Oracle binary, the dedicated server, overlaying the copy of itself with this new program. We can see this parent/child process creation clearly on UNIX when we run the client and server on the same machine: $ sqlplus / SQL*Plus: Release 11.2.0.1.0 Production on Sun Jan 24 07:28:13 2010 Copyright (c) 1982, 2009, Oracle. All rights reserved. Connected to: Oracle Database 11g Enterprise Edition Release 11.2.0.1.0 - Production With the Partitioning, OLAP, Data Mining and Real Application Testing options ops$tkyte%ORA11GR2> select a.spid dedicated_server, 2 b.process clientpid 3 from v$process a, v$session b 4 where a.addr = b.paddr 5 and b.sid = (select sid from v$mystat where rownum=1) 6 / DEDICATED_SERVER CLIENTPID ------------------------ ------------------------ 19168 19167 ops$tkyte%ORA11GR2> ops$tkyte%ORA11GR2> !/bin/ps -fp 19168 19167 UID PID PPID C STIME TTY STAT TIME CMD tkyte 19167 19166 0 07:30 pts/2 Ss+ 0:00 /home/ora11gr2/app/…/bin/sqlplus ora11gr2 19168 19167 0 07:30 ? Ss 0:00 oracleorcl (DESCRIPTION=(LOCAL=… Here, I used a query to discover the process ID (PID) associated with my dedicated server (the SPID from V$PROCESS is the operating system PID of the process that was being used during the execution of that query). The output of /bin/ps –fp includes the parent process id (PPID) and shows the dedicated server process, 19168, is the child of my SQL*Plus process: process id 19167. CHAPTER 5 ■ ORACLE PROCESSES 169 Shared Server Connections Let’s now take a look at the shared server process in more detail. This type of connection mandates the use of Oracle Net even if the client and server are on the same machine—you cannot use shared server without using the Oracle TNS listener. As described earlier, the client application will connect to the Oracle TNS listener and will be redirected or handed off to a dispatcher. The dispatcher acts as the conduit between the client application and the shared server process. Figure 5-2 is a diagram of the architecture of a shared server connection to the database. Figure 5-2. Typical shared server connection Here, we can see that the client applications, with the Oracle libraries linked in, will be physically connected to a dispatcher process. We may have many dispatchers configured for any given instance, but it is not uncommon to have just one dispatcher for many hundreds—even thousands—of users. The dispatcher is simply responsible for receiving inbound requests from the client applications and putting them into a request queue in the SGA. The first available shared server process from the pool of pre- created shared server processes will pick up the request from the queue and attach the UGA of the associated session (the boxes labeled “S” in Figure 5-2). The shared server will process that request and place any output from it into the response queue. The dispatcher constantly monitors the response queue for results and transmits them back to the client application. As far as the client is concerned, it can’t really tell if it is connected via a dedicated server or a shared connection—they appear to be the same. Only at the database level is the difference apparent. CHAPTER 5 ■ ORACLE PROCESSES 170 Database Resident Connection Pooling (DRCP) Database Resident Connection Pooling (DRCP) is an optional, new method of connecting to the database and establishing a session. It is designed as a more efficient method of connection pooling for application interfaces that do not support efficient connection pooling natively–such as PHP, a general purpose web scripting language. DRCP is a mixture of dedicated server and shared server concepts. It inherits from shared server the concept of server process pooling, only the processes being pooled will be dedicated servers not shared servers; it inherits from the dedicated server the concept of–well–being dedicated. In a shared server connection, the shared server process is shared among many sessions and a single session will tend to use many shared servers. With DRCP, this is not true; the dedicated server process that is selected from the pool will become dedicated to the client process for the life of its session. In shared server, if I execute three statements against the database in my session, there is a good chance that the three statements will be executed by three different shared server processes. Using DRCP, those same three statements would be executed by the dedicated server assigned to me from the pool–that dedicated server would be mine until my session releases it back to the pool. So DRCP has the pooling capabilities of shared server and the performance characteristics of dedicated server. We’ll explore performance of dedicated versus shared server more below.) Connections vs. Sessions It surprises many people to discover that a connection is not synonymous with a session. In most people’s eyes they are the same, but the reality is they do not have to be. A connection may have zero, one, or more sessions established on it. Each session is separate and independent, even though they all share the same physical connection to the database. A commit in one session does not affect any other session on that connection. In fact, each session using that connection could use different user identities! In Oracle, a connection is simply a physical circuit between your client process and the database instance—a network connection, most commonly. The connection may be to a dedicated server process or to a dispatcher. As previously stated, a connection may have zero or more sessions, meaning that a connection may exist with no corresponding sessions. Additionally, a session may or may not have a connection. Using advanced Oracle Net features such as connection pooling, a physical connection may be dropped by a client, leaving the session intact (but idle). When the client wants to perform some operation in that session, it would reestablish the physical connection. Let’s define these terms in more detail: • Connection: A connection is a physical path from a client to an Oracle instance. A connection is established either over a network or over an IPC mechanism. A connection is typically between a client process and either a dedicated server or a dispatcher. However, using Oracle’s Connection Manager (CMAN), a connection may be between a client and CMAN, and CMAN and the database. Coverage of CMAN is beyond the scope of this book, but Oracle Net Services Administrator’s Guide (freely available from http://otn.oracle.com) covers it in some detail. • Session: A session is a logical entity that exists in the instance. It is your session state, or a collection of data structures in memory that represents your unique session. It is what would come first to most people’s minds when thinking of a database connection. It is your session on the server, where you execute SQL, commit transactions, and run stored procedures. We can use SQL*Plus to see connections and sessions in action, and also to recognize that it could be a very common thing indeed for a connection to have more than one session. We’ll simply use the CHAPTER 5 ■ ORACLE PROCESSES 171 AUTOTRACE command and discover that we have two sessions! Over a single connection, using a single process, we’ll establish two sessions. Here is the first: ops$tkyte%ORA11GR2> select username, sid, serial#, server, paddr, status 2 from v$session 3 where username = USER 4 / USERNAME SID SERIAL# SERVER PADDR STATUS --------- ---------- ---------- --------- -------- -------- OPS$TKYTE 49 225 DEDICATED 32BC2B84 ACTIVE Now, that shows right now that we have one session: a single dedicated server–connected session. The PADDR column is the address of our sole dedicated server process. Next, we turn on AUTOTRACE to see the statistics of statements we execute in SQL*Plus: ops$tkyte%ORA11GR2> set autotrace on statistics ops$tkyte%ORA11GR2> select username, sid, serial#, server, paddr, status 2 from v$session 3 where username = USER 4 / USERNAME SID SERIAL# SERVER PADDR STATUS --------- ---------- ---------- --------- -------- -------- OPS$TKYTE 30 5476 DEDICATED 32BC2B84 INACTIVE OPS$TKYTE 49 225 DEDICATED 32BC2B84 ACTIVE Statistics ---------------------------------------------------------- 0 recursive calls 0 db block gets 0 consistent gets 0 physical reads 0 redo size 831 bytes sent via SQL*Net to client 419 bytes received via SQL*Net from client 2 SQL*Net roundtrips to/from client 0 sorts (memory) 0 sorts (disk) 2 rows processed ops$tkyte%ORA11GR2> set autotrace off In doing so, we now have two sessions, but both are using the same single dedicated server process, as evidenced by them both having the same PADDR value. We can confirm in the operating system that no new processes were created and that we are using a single process—a single connection—for both sessions. Note that one of the sessions (the original session) is ACTIVE. That makes sense: it is running the query to show this information, so of course it is active. But that INACTIVE session—what is that one for? That is the AUTOTRACE session. Its job is to watch our real session and report on what it does. When we enable AUTOTRACE in SQL*Plus, SQL*Plus will perform the following actions when we execute DML operations (INSERT, UPDATE, DELETE, SELECT, and MERGE): CHAPTER 5 ■ ORACLE PROCESSES 172 1. It will create a new session using the current connection, if the secondary session does not already exist. 2. It will ask this new session to query the V$SESSTAT view to remember the initial statistics values for the session in which we will run the DML. This is very similar to the function the watch_stat.sql script performed for us in Chapter 4, “Memory Structures.” 3. It will run the DML operation in the original session. 4. Upon completion of that DML statement, SQL*Plus will request the other session to query V$SESSTAT again and produce the report displayed previously showing the difference in the statistics for the session that executed the DML. If you turn off AUTOTRACE, SQL*Plus will terminate this additional session and you will no longer see it in V$SESSION. Why does SQL*Plus do this trick? The answer is fairly straightforward. SQL*Plus does it for the same reason that we used a second SQL*Plus session in Chapter 4, “Memory Structures,” to monitor memory and temporary space usage: if we had used a single session to monitor memory usage, we would have been using memory to do the monitoring. By observing the statistics in a single session, we necessarily would change those statistics. If SQL*Plus used a single session to report on the number of I/Os performed, how many bytes were transferred over the network, and how many sorts happened, then the queries used to find these details would be adding to the statistics themselves. They could be sorting, performing I/O, transferring data over the network (one would assume they would!), and so on. Hence, we need to use another session to measure correctly. So far, we’ve seen a connection with one or two sessions. Now we’d like to use SQL*Plus to see a connection with no session. That one is pretty easy. In the same SQL*Plus window used in the previous example, simply type the misleadingly named command, DISCONNECT: ops$tkyte%ORA11GR2> disconnect Disconnected from Oracle Database 11g Enterprise Edition Release 11.2.0.1.0 - Production With the Partitioning, OLAP, Data Mining and Real Application Testing options Technically, that command should be called DESTROY_ALL_SESSIONS instead of DISCONNECT, since we haven’t really disconnected physically. ■ Note The true disconnect in SQL*Plus is “exit,” as you would have to exit to completely destroy the connection. We have, however, closed all of our sessions. If we open another session using some other user account and query (replacing OPS$TKYTE with your account name, of course): $ sqlplus / as sysdba SQL*Plus: Release 11.2.0.1.0 Production on Wed May 12 14:08:16 2010 Connected to: Oracle Database 11g Enterprise Edition Release 11.2.0.1.0 - Production With the Partitioning, OLAP, Data Mining and Real Application Testing options sys%ORA11GR2> select * from v$session where username = 'OPS$TKYTE'; no rows selected CHAPTER 5 ■ ORACLE PROCESSES 173 We can see that we have no sessions—but we still have a process, a physical connection (using the previous ADDR value): sys%ORA11GR2> select username, program 2 from v$process 3 where addr = hextoraw( '32BC2B84' ); USERNAME PROGRAM --------------- ------------------------------------------------ tkyte oracle@localhost.localdomain (TNS V1-V3) So, here we have a connection with no sessions associated with it. We can use the also misnamed SQL*Plus CONNECT command to create a new session in this existing process (the CONNECT command might be better named CREATE_SESSION). Using the SQL*Plus instance we disconnected in, we’ll execute the following: ops$tkyte%ORA11GR2> connect / Connected. ops$tkyte%ORA11GR2> select username, sid, serial#, server, paddr, status 2 from v$session 3 where username = USER; USERNAME SID SERIAL# SERVER PADDR STATUS --------- ---------- ---------- --------- -------- -------- OPS$TKYTE 37 404 DEDICATED 32BC2B84 ACTIVE Notice that we have the same PADDR as before, so we are using the same physical connection, but we have (potentially) a different SID. I say potentially because we could get assigned the same SID—it just depends on whether other people logged in while we were logged out and whether the original SID we had was available. ■ Note On Windows or other thread-based operating systems, you might see different results–the process address may change since you are connected to a threaded process, not just a single purpose process as you would on Unix. So far, these tests were performed using a dedicated server connection, so the PADDR was the process address of our dedicated server process. What happens if we use a shared server? ■ Note To connect via shared server, your database instance would have to have been started with the necessary setup. Coverage of how to configure a shared server is beyond the scope of this book but is covered in detail in the Oracle Net Services Administrator's Guide. CHAPTER 5 ■ ORACLE PROCESSES 174 Let’s log in using shared server and in that session query: ops$tkyte%ORA11GR2> select a.username, a.sid, a.serial#, a.server, 2 a.paddr, a.status, b.program 3 from v$session a left join v$process b 4 on (a.paddr = b.addr) 5 where a.username = 'OPS$TKYTE' 6 / USERNAME SID SERIAL# SERVER PADDR STATUS PROGRAM --------- --- ------- --------- -------- -------- ----------------------------------- OPS$TKYTE 49 239 SHARED 32BC20AC ACTIVE oracle@localhost.localdomain (S000) Our shared server connection is associated with a process—the PADDR is there and we can join to V$PROCESS to pick up the name of this process. In this case, we see it is a shared server, as identified by the text S000. However, if we use another SQL*Plus window to query this same bit of information, while leaving our shared server session idle, we see something like this: sys%ORA11GR2> select a.username, a.sid, a.serial#, a.server, 2 a.paddr, a.status, b.program 3 from v$session a left join v$process b 4 on (a.paddr = b.addr) 5 where a.username = 'OPS$TKYTE' 6 / USERNAME SID SERIAL# SERVER PADDR STATUS PROGRAM --------- ---- ------- --------- -------- -------- ------------------------------------ OPS$TKYTE 49 239 NONE 32BC15D4 INACTIVE oracle@localhost.localdomain (D000) Notice that our PADDR is different and the name of the process we are associated with has also changed. Our idle shared server connection is now associated with a dispatcher, D000. Hence we have yet another method for observing multiple sessions pointing to a single process. A dispatcher could have hundreds, or even thousands, of sessions pointing to it. An interesting attribute of shared server connections is that the shared server process we use can change from call to call. If I were the only one using this system (as I am for these tests), running that query over and over as OPS$TKYTE would tend to produce the same PADDR of 32BC20AC over and over. However, if I were to open up more shared server connections and start to use those shared server connections in other sessions, then I might notice that the shared server I use varies. Consider this example. I’ll query my current session information, showing the shared server I’m using. Then in another shared server session, I’ll perform a long-running operation (i.e., I’ll monopolize that shared server). When I ask the database what shared server I’m using again, I’ll (in my current session) most likely see a different one (if the original one is off servicing the other session). In the following example, the code in bold represents a second SQL*Plus session that was connected via shared server: ops$tkyte%ORA11GR2> select a.username, a.sid, a.serial#, a.server, 2 a.paddr, a.status, b.program 3 from v$session a left join v$process b 4 on (a.paddr = b.addr) 5 where a.username = 'OPS$TKYTE' 6 / CHAPTER 5 ■ ORACLE PROCESSES 175 USERNAME SID SERIAL# SERVER PADDR STATUS PROGRAM --------- ---- ------- --------- -------- -------- ----------------------------------- OPS$TKYTE 49 241 SHARED 32BC20AC ACTIVE oracle@localhost.localdomain (S000) scott%ORA11GR2> connect scott/tiger@orcl_ss Connected. scott%ORA11GR2> exec dbms_lock.sleep(20); PL/SQL procedure successfully completed. ops$tkyte%ORA11GR2> select a.username, a.sid, a.serial#, a.server, 2 a.paddr, a.status, b.program 3 from v$session a left join v$process b 4 on (a.paddr = b.addr) 5 where a.username = 'OPS$TKYTE' 6 / USERNAME SID SERIAL# SERVER PADDR STATUS PROGRAM --------- ---- ------- --------- -------- -------- ----------------------------------- OPS$TKYTE 49 241 SHARED 32BC8D1C ACTIVE oracle@localhost.localdomain (S001) ■ Note You need to use an account that has execute privileges on the DBMS_LOCK package. I granted my demo account SCOTT execute privileges on the DBMS_LOCK package to accomplish this: sys%ORA11GR2> grant execute on dbms_lock to scott; Notice that the first time I queried, I was using S000 as the shared server. Then, in another session, I executed a long-running statement that monopolized the shared server, which just happened to be S000 this time. The first non-busy shared server is the one that gets assigned to do the work, and in this case no one else was asking to use the S000 shared server, so the DBMS_LOCK command took it. When I queried again in the first SQL*Plus session, I got assigned to another shared server process, S001, since the S000 shared server was busy. It is interesting to note that the parse of a query (returns no rows yet) could be processed by shared server S000, the fetch of the first row by S001, the fetch of the second row by S002, and the closing of the cursor by S003. That is, an individual statement might be processed bit by bit by many shared servers. So, what we have seen in this section is that a connection—a physical pathway from a client to a database instance—may have zero, one, or more sessions established on it. We have seen one use case of that when using SQL*Plus’s AUTOTRACE facility. Many other tools employ this ability as well. For example, Oracle Forms uses multiple sessions on a single connection to implement its debugging facilities. The n-tier proxy authentication feature of Oracle, used to provide end-to-end identification of users from the browser to the database, makes heavy use of the concept of a single connection with multiple sessions, but each session would use a potentially different user account. We have seen that sessions can use many processes over time, especially in a shared server environment. Also, if we are using connection pooling with Oracle Net, then our session might not be associated with any process at all; the client would drop the connection after an idle time and reestablish it transparently upon detecting activity. In short, there is a many-to-many relationship between connections and sessions. However, the most common case, the one most of us see day to day, is a one-to-one relationship between a dedicated server and a single session. CHAPTER 5 ■ ORACLE PROCESSES 176 Dedicated Server vs. Shared Server vs. DRCP Before we examine the rest of the processes, let’s discuss why there are three main connection modes and when one might be more appropriate than the other. When to Use Dedicated Server As noted previously, in dedicated server mode there is a one-to-one mapping between client connection and server process. This is by far the most common method of connection to the Oracle database for all SQL-based applications. It is the simplest to set up and provides the easiest way to establish connections. It requires little to no configuration. Since there is a one-to-one mapping, you do not have to be concerned that a long-running transaction will block other transactions. Those other transactions will simply proceed via their own dedicated processes. Therefore, it is the only mode you should consider using in a non-OLTP environment where you may have long-running transactions. Dedicated server is the recommended configuration for Oracle, and it scales rather nicely. As long as your server has sufficient hardware (CPU and RAM) to service the number of dedicated server processes your system needs, dedicated server may be used for thousands of concurrent connections. Certain operations must be done in a dedicated server mode, such as database startup and shutdown, so every database will have either both or just a dedicated server set up. When to Use Shared Server Shared server setup and configuration, while not difficult, involves an extra step beyond dedicated server setup. The main difference between the two is not, however, in their setup; it is in their mode of operation. With dedicated server, there is a one-to-one mapping between client connections and server processes. With shared server, there is a many-to-one relationship: many clients to a shared server. As its name implies, shared server is a shared resource, whereas a dedicated server is not. When using a shared resource, you must be careful to not monopolize it for long periods of time. As you saw previously, use of a simple DBMS_LOCK.SLEEP(20) in one session would monopolize a shared server process for 20 seconds. Monopolization of these shared server resources can lead to a system that appears to hang. Figure 5-2 depicts two shared servers. If I have three clients and all of them attempt to run a 45- second process more or less at the same time, two of them will get their response in 45 seconds and the third will get its response in 90 seconds. This is rule number one for shared server: make sure your transactions are short in duration. They can be frequent, but they should be short (as characterized by OLTP systems). If they are not short, you will get what appears to be a total system slowdown due to shared resources being monopolized by a few processes. In extreme cases, if all of the shared servers are busy, the system will appear to hang for all users except the lucky few who are monopolizing the shared servers. Another interesting situation that you may observe when using shared server is that of an artificial deadlock. With shared server, a number of server processes are being shared by a potentially large community of users. Consider a situation where you have five shared servers and one hundred user sessions established. At most, five of those user sessions can be active at any point in time. Suppose one of these user sessions updates a row and does not commit. While that user sits there and ponders his or her modification, five other user sessions try to lock that same row. They will, of course, become blocked and will patiently wait for that row to become available. Now the user session that holds the lock on this row attempts to commit its transaction (hence releasing the lock on the row). That user session will find that all of the shared servers are being monopolized by the five waiting sessions. We have an artificial deadlock situation here: the holder of the lock will never get a shared server to permit the commit, unless one of the waiting sessions gives up its shared server. But, unless the waiting sessions are waiting for the CHAPTER 5 ■ ORACLE PROCESSES 177 lock with a timeout, they will never give up their shared server (you could, of course, have an administrator kill their session via a dedicated server to release this logjam). For these reasons, shared server is only appropriate for an OLTP system characterized by short, frequent transactions. In an OLTP system, transactions are executed in milliseconds; nothing ever takes more than a fraction of a second. Shared server is highly inappropriate for a data warehouse. Here, you might execute a query that takes one, two, five, or more minutes. Under shared server, this would be deadly. If you have a system that is 90 percent OLTP and 10 percent “not quite OLTP,” then you can mix and match dedicated servers and shared server on the same instance. In this fashion, you can reduce the number of server processes on the machine dramatically for the OLTP users, and make it so that the “not quite OLTP” users do not monopolize their shared servers. In addition, the DBA can use the built-in Resource Manager to further control resource utilization. Of course, a big reason to use shared server is when you have no choice. Many advanced connection features require the use of shared server. If you want to use Oracle Net connection pooling, you must use shared server. If you want to use database link concentration between databases, then you must use shared server for those connections. ■ Note If you are already using a connection pooling feature in your application (e.g., you are using the J2EE connection pool), and you have sized your connection pool appropriately, using shared server will only be a performance inhibitor. You already sized your connection pool to cater for the number of concurrent connections that you will get at any point in time; you want each of those connections to be a direct dedicated server connection. Otherwise, you just have a connection pooling feature connecting to yet another connection pooling feature. Potential Benefits of Shared Server What are the benefits of shared server, bearing in mind that you have to be somewhat careful about the transaction types you let use it? Shared server does three things: it reduces the number of operating system processes/threads, it artificially limits the degree of concurrency, and it reduces the memory needed on the system. Let’s discuss these points in more detail. Reduces the Number of Operating System Processes/Threads On a system with thousands of users, the operating system may quickly become overwhelmed in trying to manage thousands of processes. In a typical system, only a fraction of the thousands of users are concurrently active at any point in time. For example, I’ve worked on systems with 5,000 concurrent users. At any one point in time, at most 50 were active. This system would work effectively with 50 shared server processes, reducing the number of processes the operating system has to manage by two orders of magnitude (100 times). The operating system can now, to a large degree, avoid context switching. Artificially Limits the Degree of Concurrency Speaking as a person who has been involved in many benchmarks, the benefits of this seem obvious. When running benchmarks, people frequently ask to run as many users as possible until the system breaks. One of the outputs of these benchmarks is always a chart that shows the number of concurrent users versus the number of transactions (see Figure 5-3). CHAPTER 5 ■ ORACLE PROCESSES 178 Figure 5-3. Concurrent users vs. transactions per second Initially, as you add concurrent users, the number of transactions increases. At some point, however, adding additional users does not increase the number of transactions you can perform per second; the graph tends to flatten off. The throughput has peaked and now response time starts to increase. In other words, you are doing the same number of transactions per second, but the end users are observing slower response times. As you continue adding users, you will find that the throughput will actually start to decline. The concurrent user count before this drop-off is the maximum degree of concurrency you want to allow on the system. Beyond this point, the system becomes flooded and queues begin forming to perform work. Much like a backup at a tollbooth, the system can no longer keep up. Not only does response time rise dramatically at this point, but throughput from the system may fall, too, as the overhead of simply context switching and sharing resources between too many consumers takes additional resources itself. If we limit the maximum concurrency to the point right before this drop, we can sustain maximum throughput and minimize the increase in response time for most users. Shared server allows us to limit the maximum degree of concurrency on our system to this number. An analogy for this process could be a simple door. The width of the door and the width of people limit the maximum people per minute throughput. At low load, there is no problem; however, as more people approach, some forced waiting occurs (CPU time slice). If a lot of people want to get through the door, we get the fallback effect—there are so many people saying “after you” and so many false starts that the throughput falls. Everybody gets delayed getting through. Using a queue means the throughput increases, some people get through the door almost as fast as if there was no queue, while others (the ones put at the end of the queue) experience the greatest delay and might fret that “this was a bad idea.” But when you measure how fast everybody (including the last person) gets through the door, the queued model (shared server) performs better than a free-for-all approach (even with polite people; but conjure up the image of the doors opening when a store has a large sale, with everybody pushing very hard to get through). CHAPTER 5 ■ ORACLE PROCESSES 179 Reduces the Memory Needed on the System This is one of the most highly touted reasons for using shared server: it reduces the amount of required memory. It does, but not as significantly as you might think, especially given the new automatic PGA memory management discussed in Chapter 4, “Memory Structures,” where work areas are allocated to a process, used, and released—and their size varies based on the concurrent workload. So, this was a fact that was truer in older releases of Oracle but is not as meaningful today. Also, remember that when you use shared server, the UGA is located in the SGA. This means that when switching over to shared server, you must be able to accurately determine your expected UGA memory needs and allocate appropriately in the SGA via the LARGE_POOL_SIZE parameter. The SGA requirements for the shared server configuration are typically very large. This memory must typically be preallocated and thus can only be used by the database instance. ■ Note It is true that with a resizable SGA, you may grow and shrink this memory over time, but for the most part, it will be owned by the database instance and will not be usable by other processes. Contrast this with dedicated server, where anyone can use any memory not allocated to the SGA. If the SGA is much larger due to the UGA being located in it, where does the memory savings come from? It comes from having that many fewer PGAs allocated. Each dedicated/shared server has a PGA. This is process information. It is sort areas, hash areas, and other process-related structures. It is this memory need that you are removing from the system by using shared server. If you go from using 5,000 dedicated servers to 100 shared servers, it is the cumulative sizes of the 4,900 PGAs (excluding their UGAs) you no longer need that you are saving with shared server. DRCP So, what about DRCP, the new 11g feature? It has many of the benefits of shared server such as reduced processes (we are pooling), possible memory savings without the drawbacks. There is no chance of artificial deadlock; for example, the session that holds the lock on the resource in the example above would have its own dedicated server dedicated to it from the pool, and that session would be able to release the lock eventually. It doesn’t have the multi-threading capability of shared server; when a client process gets a dedicated server from the pool, it owns that process until that client process releases it. Therefore, it is best suited for client applications that frequently connect, do some relatively short process, and disconnect–over and over and over again; in short, for client processes that have an API that do not have an efficient connection pool of their own. Dedicated/Shared Server Wrap-up Unless your system is overloaded, or you need to use a shared server for a specific feature, a dedicated server will probably serve you best. A dedicated server is simple to set up (in fact, there is no setup!) and makes tuning easier. CHAPTER 5 ■ ORACLE PROCESSES 180 ■ Note With shared server connections, a session’s trace information (SQL_TRACE=TRUE output) may be spread across many individual trace files; thus, reconstructing what that session has done is more difficult. With the advent of the DBMS_MONITOR package in Oracle Database 10g and above, much of the difficulty has been removed, but it still complicates matters. If you have a very large user community and know that you will be deploying with shared server, I would urge you to develop and test with shared server. It will increase your likelihood of failure if you develop under just a dedicated server and never test on shared server. Stress the system, benchmark it, and make sure that your application is well behaved under shared server. That is, make sure it does not monopolize shared servers for too long. If you find that it does so during development, it is much easier to fix at that stage than during deployment. You can use features such as the Advanced Queuing (AQ) to turn a long-running process into an apparently short one, but you have to design that into your application. These sorts of things are best done when you are developing. Also, historically, there have been differences between the feature set available to shared server connections versus dedicated server connections. We already discussed the lack of automatic PGA memory management in Oracle 9i, for example, but also in the past, things as basic as a hash join between two tables were not available in shared server connections. (Hash joins are available in the current 9i and above releases with shared server!) Background Processes The Oracle instance is made up of two things: the SGA and a set of background processes. The background processes perform the mundane maintenance tasks needed to keep the database running. For example, there is a process that maintains the block buffer cache for us, writing blocks out to the data files as needed. Another process is responsible for copying an online redo log file to an archive destination as it fills up. Yet another process is responsible for cleaning up after aborted processes, and so on. Each of these processes is pretty focused on its job, but works in concert with all of the others. For example, when the process responsible for writing to the log files fills one log and goes to the next, it will notify the process responsible for archiving that full log file that there is work to be done. There is a V$ view you can use to see all of the possible Oracle background processes and determine which ones are in use in your system currently: ops$tkyte%ORA11GR2> select paddr, name, description 2 from v$bgprocess 3 order by paddr desc 4 / PADDR NAME DESCRIPTION -------- ---- ---------------------------------------------------------------- 32BC8D1C VKRM Virtual sKeduler for Resource Manager 32BC8244 SMCO Space Manager Process 32BC4C0C CJQ0 Job Queue Coordinator 32BC365C QMNC AQ Coordinator ... 00 ACFS ACFS CSS 00 XDMG cell automation manager 00 XDWK cell automation worker actions 295 rows selected. CHAPTER 5 ■ ORACLE PROCESSES 181 Rows in this view with a PADDR other than 00 are processes (threads) configured and running on your system. There are two classes of background processes: those that have a focused job to do (as just described) and those that do a variety of other jobs (i.e., utility processes). For example, there is a utility background process for the internal job queues accessible via the DBMS_JOB/DBMS_SCHEDULER packages. This process monitors the job queues and runs whatever is inside them. In many respects, it resembles a dedicated server process, but without a client connection. Let’s examine each of these background processes, starting with the ones that have a focused job, and then look into the utility processes. Focused Background Processes The number, names, and types of focused background processes varies by release. Figure 5-4 depicts a typical set of Oracle background processes that have a focused purpose: Figure 5-4. Focused background processes For example, in Oracle Database 11g Release 2, a database started using a minimum number of init.ora parameters ops$tkyte%ORA11GR2> !cat /tmp/pfile *.compatible='11.2.0.0.0' *.control_files='/home/ora11gr2/app/ora11gr2/oradata/orcl/control01.ctl', '/home/ora11gr2/app/ora11gr2/flash_recovery_area/orcl/control02.ctl' *.db_block_size=8192 *.db_name='orcl' *.memory_target=314572800 *.undo_tablespace='UNDOTBS1' CHAPTER 5 ■ ORACLE PROCESSES 182 would have about 17 background processes started up ops$tkyte%ORA11GR2> select paddr, name, description 2 from v$bgprocess 3 where paddr <> '00' 4 order by paddr desc 5 / PADDR NAME DESCRIPTION -------- ---- ---------------------------------------------------------------- 32AF0E64 CJQ0 Job Queue Coordinator 32AEF8B4 QMNC AQ Coordinator 32AEE304 MMNL Manageability Monitor Process 2 32AED82C MMON Manageability Monitor Process 32AECD54 RECO distributed recovery 32AEC27C SMON System Monitor Process 32AEB7A4 CKPT checkpoint 32AEACCC LGWR Redo etc. 32AEA1F4 DBW0 db writer process 0 32AE971C MMAN Memory Manager 32AE8C44 DIA0 diagnosibility process 0 32AE816C PSP0 process spawner 0 32AE7694 DBRM DataBase Resource Manager 32AE6BBC DIAG diagnosibility process 32AE60E4 GEN0 generic0 32AE560C VKTM Virtual Keeper of TiMe process 32AE4B34 PMON process cleanup 17 rows selected. Using the same init.ora, only replacing memory_target with sga_target and pga_aggregate_target, in Oracle Database 10g Release 2, you might only see 12: ops$tkyte %ORA10GR2> select paddr, name, description 2 from v$bgprocess 3 where paddr <> '00' 4 order by paddr desc 5 / PADDR NAME DESCRIPTION -------- ---- ---------------------------------------------------------------- 23D27AC4 CJQ0 Job Queue Coordinator 23D27508 QMNC AQ Coordinator 23D26990 MMNL Manageability Monitor Process 2 23D263D4 MMON Manageability Monitor Process 23D25E18 RECO distributed recovery 23D2585C SMON System Monitor Process 23D252A0 CKPT checkpoint 23D24CE4 LGWR Redo etc. 23D24728 DBW0 db writer process 0 23D2416C MMAN Memory Manager 23D23BB0 PSP0 process spawner 0 23D235F4 PMON process cleanup 12 rows selected. CHAPTER 5 ■ ORACLE PROCESSES 183 Note that you may not see all of these processes when you start your instance, but the majority of them will be present. You will only see ARCn (the archiver) if you are in ARCHIVELOG mode and have enabled automatic archiving. You will only see the LMD0, LCKn, LMON, and LMSn (more details on those processes shortly) processes if you are running Oracle RAC, a configuration of Oracle that allows many instances on different machines in a cluster to mount and open the same physical database. So, Figure 5-4 depicts roughly what you might see if you started an Oracle instance, and mounted and opened a database. On an operating system where Oracle implements a multi-process architecture, such as on a Linux system, you can physically see these processes. After starting the instance, I observed the following: $ ps -aef | grep ora_...._$ORACLE_SID | grep -v grep ora11gr2 21646 1 0 09:04 ? 00:00:00 ora_pmon_orcl ora11gr2 21648 1 0 09:04 ? 00:00:00 ora_vktm_orcl ora11gr2 21652 1 0 09:04 ? 00:00:00 ora_gen0_orcl ora11gr2 21654 1 0 09:04 ? 00:00:00 ora_diag_orcl ora11gr2 21656 1 0 09:04 ? 00:00:00 ora_dbrm_orcl ora11gr2 21658 1 0 09:04 ? 00:00:00 ora_psp0_orcl ora11gr2 21660 1 0 09:04 ? 00:00:00 ora_dia0_orcl ora11gr2 21662 1 0 09:04 ? 00:00:00 ora_mman_orcl ora11gr2 21664 1 0 09:04 ? 00:00:00 ora_dbw0_orcl ora11gr2 21666 1 0 09:04 ? 00:00:00 ora_lgwr_orcl ora11gr2 21668 1 0 09:04 ? 00:00:00 ora_ckpt_orcl ora11gr2 21670 1 0 09:04 ? 00:00:00 ora_smon_orcl ora11gr2 21672 1 0 09:04 ? 00:00:00 ora_reco_orcl ora11gr2 21674 1 0 09:04 ? 00:00:00 ora_mmon_orcl ora11gr2 21676 1 0 09:04 ? 00:00:00 ora_mmnl_orcl ora11gr2 21678 1 0 09:04 ? 00:00:00 ora_d000_orcl ora11gr2 21680 1 0 09:04 ? 00:00:00 ora_s000_orcl ora11gr2 21698 1 0 09:05 ? 00:00:00 ora_qmnc_orcl ora11gr2 21712 1 0 09:05 ? 00:00:00 ora_cjq0_orcl ora11gr2 21722 1 0 09:05 ? 00:00:00 ora_q000_orcl ora11gr2 21724 1 0 09:05 ? 00:00:00 ora_q001_orcl ora11gr2 21819 1 0 09:10 ? 00:00:00 ora_smco_orcl ora11gr2 21834 1 0 09:10 ? 00:00:00 ora_w000_orcl ora11gr2 22005 1 0 09:18 ? 00:00:00 ora_q002_orcl ora11gr2 22056 1 0 09:20 ? 00:00:00 ora_j000_orcl ora11gr2 22058 1 0 09:20 ? 00:00:00 ora_j001_orcl ora11gr2 22074 1 0 09:21 ? 00:00:00 ora_m000_orcl It is interesting to note the naming convention used by these processes. The process name starts with ora_. It is followed by four characters representing the actual name of the process, which are followed by _orcl. As it happens, my ORACLE_SID (site identifier) is orcl. On UNIX, this makes it very easy to identify the Oracle background processes and associate them with a particular instance (on Windows, there is no easy way to do this, as the backgrounds are threads in a larger, single process). What is perhaps most interesting, but not readily apparent from the preceding code, is that they are all really the same exact binary executable program—there is not a separate executable for each “program.” Search as hard as you like, but you will not find the ora_pmon_orcl binary executable on disk anywhere. You will not find ora_lgwr_orcl or ora_reco_orcl. These processes are all really oracle (that’s the name of the binary executable that is run). They just alias themselves upon startup to make it easier to identify which process is which. This enables a great deal of object code to be efficiently shared on the UNIX platform. On Windows, this is not nearly as interesting, as they are just threads within the process, so of course they are one big binary. CHAPTER 5 ■ ORACLE PROCESSES 184 Let’s now take a look at the function performed by each major process of interest, starting with the primary Oracle background processes. For a complete listing of the possible background processes and a short synopsis of the function they perform, I will direct you to the appendix of the Oracle Server Reference Manual available freely on http://otn.oracle.com/. PMON: The Process Monitor This process is responsible for cleaning up after abnormally terminated connections. For example, if your dedicated server “fails” or is killed for some reason, PMON is the process responsible for fixing (recovering or undoing work) and releasing your resources. PMON will initiate the rollback of uncommitted work, release locks, and free SGA resources allocated to the failed process. In addition to cleaning up after aborted connections, PMON is responsible for monitoring the other Oracle background processes and restarting them if necessary (and if possible). If a shared server or a dispatcher fails (crashes), PMON will step in and restart another one (after cleaning up for the failed process). PMON will watch all of the Oracle processes and either restart them or terminate the instance as appropriate. For example, it is appropriate to fail the instance in the event the database log writer process, LGWR, fails. This is a serious error, and the safest path of action is to terminate the instance immediately and let normal recovery fix the data. (Note that this is a rare occurrence and should be reported to Oracle Support immediately.) The other thing PMON does for the instance is to register it with the Oracle TNS listener. When an instance starts up, the PMON process polls the well-known port address, unless directed otherwise, to see whether or not a listener is up and running. The well-known/default port used by Oracle is 1521. Now, what happens if the listener is started on some different port? In this case, the mechanism is the same, except that the listener address needs to be explicitly specified by the LOCAL_LISTENER parameter setting. If the listener is running when the database instance is started, PMON communicates with the listener and passes to it relevant parameters, such as the service name and load metrics of the instance. If the listener was not started, PMON will periodically attempt to contact it to register itself. SMON: The System Monitor SMON is the process that gets to do all of the system-level jobs. Whereas PMON was interested in individual processes, SMON takes a system-level perspective of things and is a sort of garbage collector for the database. Some of the jobs it does include the following: • Cleans up temporary space: With the advent of true temporary tablespaces, the chore of cleaning up temporary space has lessened, but it has not gone away. For example, when building an index, the extents allocated for the index during the creation are marked as TEMPORARY. If the CREATE INDEX session is aborted for some reason, SMON is responsible for cleaning them up. Other operations create temporary extents that SMON would be responsible for as well. • Coalesces free space: If you are using dictionary-managed tablespaces, SMON is responsible for taking extents that are free in a tablespace and contiguous with respect to each other and coalescing them into one larger free extent. This occurs only on dictionary-managed tablespaces with a default storage clause that has pctincrease set to a nonzero value. • Recovers transactions active against unavailable files: This is similar to its role during database startup. Here, SMON recovers failed transactions that were skipped during instance/crash recovery due to a file(s) not being available to recover. For example, the file may have been on a disk that was unavailable or not mounted. When the file does become available, SMON will recover it. CHAPTER 5 ■ ORACLE PROCESSES 185 • Performs instance recovery of a failed node in RAC: In an Oracle RAC configuration, when a database instance in the cluster fails (e.g., the machine the instance was executing on fails), some other node in the cluster will open that failed instance’s redo log files and perform a recovery of all data for that failed instance. • Cleans up OBJ$: OBJ$ is a low-level data dictionary table that contains an entry for almost every object (table, index, trigger, view, and so on) in the database. Many times, there are entries in here that represent deleted objects, or objects that represent “not there” objects, used in Oracle’s dependency mechanism. SMON is the process that removes these rows that are no longer needed. • Shrinks undo segments: SMON will perform the automatic shrinking of a rollback segment to its optimal size, if it is set. • Offlines rollback segments: It is possible for the DBA to offline, or make unavailable, a rollback segment that has active transactions. It may be possible that active transactions are using this offlined rollback segment. In this case, the rollback is not really offlined; it is marked as “pending offline.” In the background, SMON will periodically try to truly take it offline, until it succeeds. That should give you a flavor of what SMON does. It does many other things, such as flush the monitoring statistics that show up in the DBA_TAB_MONITORING view, flush the SCN to timestamp mapping information found in the SMON_SCN_TIME table, and so on. The SMON process can accumulate quite a lot of CPU over time, and this should be considered normal. SMON periodically wakes up (or is woken up by the other background processes) to perform these housekeeping chores. RECO: Distributed Database Recovery RECO has a very focused job: it recovers transactions that are left in a prepared state because of a crash or loss of connection during a two-phase commit (2PC). A 2PC is a distributed protocol that allows for a modification that affects many disparate databases to be committed atomically. It attempts to close the window for distributed failure as much as possible before committing. In a 2PC between N databases, one of the databases—typically (but not always) the one the client logged into initially—will be the coordinator. This one site will ask the other N-1 sites if they are ready to commit. In effect, this one site will go to the N-1 sites and ask them to be prepared to commit. Each of the N-1 sites reports back its prepared state as YES or NO. If any one of the sites votes NO, the entire transaction is rolled back. If all sites vote YES, then the site coordinator broadcasts a message to make the commit permanent on each of the N-1 sites. Say a site votes YES and is prepared to commit, but before it gets the directive from the coordinator to actually commit, the network fails or some other error occurs, then the transaction becomes an in- doubt distributed transaction. The 2PC tries to limit the window of time in which this can occur, but cannot remove it. If there is a failure right then and there, the transaction will become the responsibility of RECO. RECO will try to contact the coordinator of the transaction to discover its outcome. Until it does that, the transaction will remain in its uncommitted state. When the transaction coordinator can be reached again, RECO will either commit the transaction or roll it back. It should be noted that if the outage is to persist for an extended period of time, and you have some outstanding transactions, you can commit/roll them back manually. You might want to do this since an in-doubt distributed transaction can cause writers to block readers—this is the one time this can happen in Oracle. Your DBA could call the DBA of the other database and ask her to query the status of those in- doubt transactions. Your DBA can then commit or roll them back, relieving RECO of this task. CHAPTER 5 ■ ORACLE PROCESSES 186 CKPT: Checkpoint Process The checkpoint process doesn’t, as its name implies, do a checkpoint (checkpoints were discussed in Chapter 3, “Files,” in the section on redo logs)—that’s mostly the job of DBWn. It simply assists with the checkpointing process by updating the file headers of the data files. It used to be that CKPT was an optional process, but starting with version 8.0 of the database, it is always started, so if you do a ps on UNIX, you’ll always see it there. The job of updating data files’ headers with checkpoint information used to belong to the LGWR; however, as the number of files increased along with the size of a database over time, this additional task for LGWR became too much of a burden. If LGWR had to update dozens, or hundreds, or even thousands, of files, there would be a good chance sessions waiting to commit these transactions would have to wait far too long. CKPT removes this responsibility from LGWR. DBWn: Database Block Writer The database block writer (DBWn) is the background process responsible for writing dirty blocks to disk. DBWn will write dirty blocks from the buffer cache, usually to make more room in the cache (to free buffers for reads of other data) or to advance a checkpoint (to move forward the position in an online redo log file from which Oracle would have to start reading, to recover the instance in the event of failure). As we discussed in Chapter 3, “Files,” when Oracle switches log files, a checkpoint is signaled. Oracle needs to advance the checkpoint so that it no longer needs the online redo log file it just filled up. If it hasn’t been able to do that by the time we need to reuse that redo log file, we get the “checkpoint not complete” message and we must wait. ■ Note Advancing log files is only one of many ways for checkpoint activity to occur. There are incremental checkpoints controlled by parameters such as FAST_START_MTTR_TARGET and other triggers that cause dirty blocks to be flushed to disk. As you can see, the performance of DBWn can be crucial. If it does not write out blocks fast enough to free buffers (buffers that can be reused to cache some other blocks) for us, we will see both the number and duration of waits on Free Buffer Waits and Write Complete Waits start to grow. We can configure more than one DBWn; in fact, we can configure up to 36 (DBW0 . . . DBW9, DBWa . . . DBWz). Most systems run with one database block writer, but larger, multi-CPU systems can make use of more than one. This is generally done to distribute the workload of keeping a large block buffer cache in the SGA clean, flushing the dirtied (modified) blocks to disk. Optimally, the DBWn uses asynchronous I/O to write blocks to disk. With asynchronous I/O, DBWn gathers up a batch of blocks to be written and gives them to the operating system. DBWn does not wait for the operating system to actually write the blocks out; rather, it goes back and collects the next batch to be written. As the operating system completes the writes, it asynchronously notifies DBWn that it completed the writes. This allows DBWn to work much faster than if it had to do everything serially. We’ll see later in the “Slave Processes” section how we can use I/O slaves to simulate asynchronous I/O on platforms or configurations that do not support it. I would like to make one final point about DBWn. It will, almost by definition, write out blocks scattered all over disk—DBWn does lots of scattered writes. When you do an update, you’ll be modifying index blocks that are stored here and there, and data blocks that are also randomly distributed on disk. LGWR, on the other hand, does lots of sequential writes to the redo log. This is an important distinction and one of the reasons that Oracle has a redo log and the LGWR process as well as the DBWn process. Scattered writes are significantly slower than sequential writes. By having the SGA buffer dirty blocks and the LGWR process do CHAPTER 5 ■ ORACLE PROCESSES 187 large sequential writes that can re-create these dirty buffers, we achieve an increase in performance. The fact that DBWn does its slow job in the background while LGWR does its faster job while the user waits gives us better overall performance. This is true even though Oracle may technically be doing more I/O than it needs to (writes to the log and to the data file); the writes to the online redo log could in theory be skipped if, during a commit, Oracle physically wrote the modified blocks out to disk instead. In practice, it does not happen this way. LGWR writes the redo information to the online redo logs for every transaction, and DBWn flushes the database blocks to disk in the background. LGWR: Log Writer The LGWR process is responsible for flushing to disk the contents of the redo log buffer located in the SGA. It does this when one of the following is true: • Every three seconds • Whenever a commit is issued by any transaction • When the redo log buffer is one-third full or contains 1MB of buffered data For these reasons, having an enormous (hundreds/thousands of megabytes) redo log buffer is not practical; Oracle will never be able to use it all since it pretty much continuously flushes it. The logs are written to with sequential writes as compared to the scattered I/O DBWn must perform. Doing large batch writes like this is much more efficient than doing many scattered writes to various parts of a file. This is one of the main reasons for having a LGWR and redo logs in the first place. The efficiency in just writing out the changed bytes using sequential I/O outweighs the additional I/O incurred. Oracle could just write database blocks directly to disk when you commit, but that would entail a lot of scattered I/O of full blocks, and this would be significantly slower than letting LGWR write the changes out sequentially. ARCn: Archive Process The job of the ARCn process is to copy an online redo log file to another location when LGWR fills it up. These archived redo log files can then be used to perform media recovery. Whereas online redo log is used to fix the data files in the event of a power failure (when the instance is terminated), archived redo logs are used to fix data files in the event of a hard disk failure. If we lose the disk drive containing the data file, /d01/oradata/ora11g/system.dbf, we can go to our backups from last week, restore that old copy of the file, and ask the database to apply all of the archived and online redo logs generated since that backup took place. This will catch up that file with the rest of the data files in our database, and we can continue processing with no loss of data. ARCn typically copies online redo log files to at least two other locations (redundancy being a key to not losing data!). These other locations may be disks on the local machine or, more appropriately, at least one will be located on another machine altogether, in the event of a catastrophic failure. In many cases, these archived redo log files are copied by some other process to some tertiary storage device, such as tape. They may also be sent to another machine to be applied to a standby database, a failover option offered by Oracle. We’ll discuss the processes involved in that shortly. DIAG: Diagnosability Process In past releases, the DIAG process was used exclusively in a RAC environment. As of Oracle Database 11g, with the new ADR (Advanced Diagnostic Repository), it is responsible for monitoring the overall health of the instance, and it captures information needed in the processing of instance failures. This applies to both single instance configurations as well as multi-instance RAC configurations. CHAPTER 5 ■ ORACLE PROCESSES 188 FBDA: Flashback Data Archiver Process This process is new in Oracle Database 11g Release 1 and above. It is the key component of the new flashback data archive capability–the ability to query data “as of” long periods of time ago (for example, to query data in a table as it appeared one year ago, five years ago, and so on). This long term historical query capability is achieved by maintaining a history of the row changes made to every row in a table over time. This history, in turn, is maintained by the FBDA process in the background. This process functions by working soon after a transaction commits. The FBDA process will read the UNDO generated by that transaction and roll back the changes made by the transaction. It will then record these rolled back (the original values) rows in the flashback data archive for us. DBRM: Database ResourceManager Process This process implements the resource plans that may be configured for a database instance. It sets the resource plans in place and performs various operations related to enforcing/implementing those resource plans. The resource manager allows the administrators of a database to have fine grained control over the resources used by the database instance, by applications accessing the database, or by individual users accessing the database. GEN0: General Task Execution Process This process provides, as expected by its name, a general task execution thread for the database. The main goal of this process is to offload potentially blocking processing (processing that would cause a process to stop while it occurs) from some other process and perform it in the background. For example, if the main ASM process needs to perform some blocking file operation, but that operation could safely be done in the background (ASM can safely continue processing before the operation completes), then the ASM process may request the GEN0 process to perform this operation and let GEN0 notify it upon completion. It is similar in nature to the slave processes described further below. Remaining Common Focused Processes Depending on the features of Oracle you are using, other focused processes may be visible. Some are listed here with a brief description of their function. ■ Note Appendix F of the Server Reference Manual, available on http://otn.oracle.com/, has a complete listing of the background processes and their functions. Most of the processes described previously are nonnegotiable—you will have them if you have an Oracle instance running. (ARCn is technically optional but is, in my opinion, mandatory for all production databases!) The following processes are optional and will appear only if you make use of the specific feature. The following processes are unique to a database instance using ASM, as discussed in Chapter 3, “Files”: CHAPTER 5 ■ ORACLE PROCESSES 189 • Automatic Storage Management Background (ASMB) process: The ASMB process runs in a database instance that is making use of ASM. It is responsible for communicating to the ASM instance that is managing the storage, providing updated statistics to the ASM instance, and providing a heartbeat to the ASM instance, letting it know that it is still alive and functioning. • ReBALance (RBAL) process: The RBAL process also runs in a database instance that is making use of ASM. It is responsible for processing a rebalance request (a redistribution request) as disks are added/removed to and from an ASM disk group. The following processes are found in an Oracle RAC instance. RAC is a configuration of Oracle whereby multiple instances, each running on a separate node (typically a separate physical computer) in a cluster, may mount and open a single database. It gives you the ability to have more than one instance accessing, in a full read-write fashion, a single set of database files. The primary goals of RAC are twofold: • High availability: With Oracle RAC, if one node/computer in the cluster fails due to a software, hardware, or human error, the other nodes may continue to function. The database will be accessible via the other nodes. You might lose some computing power, but you won’t lose access to the database. • Scalability: Instead of buying larger and larger machines to handle an increasing workload (known as vertical scaling), RAC allows you to add resources in the form of more machines in the cluster (known as horizontal scaling). Instead of trading your 4 CPU machine in for one that can grow to 8 or 16 CPUs, RAC gives you the option of adding another relatively inexpensive 4 CPU machine (or more than one). The following processes are unique to a RAC environment. You will not see them otherwise. • Lock monitor (LMON) process: The LMON process monitors all instances in a cluster to detect the failure of an instance. It then facilitates the recovery of the global locks held by the failed instance. It is also responsible for reconfiguring locks and other resources when instances leave or are added to the cluster (as they fail and come back online, or as new instances are added to the cluster in real time). • Lock manager daemon (LMD0) process: The LMD process handles lock manager service requests for the global cache service (keeping the block buffers consistent between instances). It works primarily as a broker sending requests for resources to a queue that is handled by the LMSn processes. The LMD handles global deadlock detection/resolution and monitors for lock timeouts in the global environment. • Lock manager server (LMSn) process: As noted earlier, in a RAC environment, each instance of Oracle is running on a different machine in a cluster, and they all access, in a read-write fashion, the same exact set of database files. To achieve this, the SGA block buffer caches must be kept consistent with respect to each other. This is one of the main goals of the LMSn process. In earlier releases of Oracle Parallel Server (OPS) this was accomplished via a ping. That is, if a node in the cluster needed a read-consistent view of a block that was locked in exclusive mode by another node, the exchange of data was done via a disk flush (the block was pinged). This was a very expensive operation just to read data. Now, with the LMSn, this exchange is done via very fast cache-to-cache exchange over the clusters’ high-speed connection. You may have up to ten LMSn processes per instance. CHAPTER 5 ■ ORACLE PROCESSES 190 • Lock (LCK0) process: This process is very similar in functionality to the LMD process described earlier, but it handles requests for all global resources other than database block buffers. The following are common background processes seen with most single instance or RAC instances: • Process Spawner (PSP0) Process: This process is responsible for spawning (starting/creating) the various background processes. It is the process that creates new processes/threads for the Oracle Instance. It does most of its work during instance startup. • Virtual Keeper of Time (VKTM ) Process: Implements a consistent, fine-grained clock for the Oracle instance. It is responsible for providing both wall clock time (human readable) as well as an extremely high resolution timer (not necessarily built using wall clock time, more of a ticker that increments for very small units of time) used to measure durations and intervals. • Space Management Coordinator (SMCO ) Process: This process is part of the manageability infrastructure. It coordinates the proactive space management features of the database such as the processes that discover space that could be reclaimed and the processes that perform the reclamation. Utility Background Processes These background processes are totally optional, based on your need for them. They provide facilities not necessary to run the database day to day, unless you are using them yourself, such as the job queues, or are making use of a feature that uses them, such as the new Oracle 10g diagnostic capabilities. These processes will be visible in UNIX as any other background process would be. If you do a ps, you will see them. In my ps listing from the beginning of the focused background processes section (reproduced in part here), you can see that I have • Job queues configured. The CJQ0 process is the job queue coordinator. • Oracle AQ configured, as evidenced by the Q000 (AQ queue process) and QMNC (AQ monitor process). • Automatic memory management enabled, as evidenced by the Memory Manager (MMAN) process. • Oracle manageability/diagnostic features enabled, as evidenced by the Manageability Monitor (MMON) and Manageability Monitor Light (MMNL) processes. Let’s take a look at the various processes you might see depending on the features you are using. CJQ0 and Jnnn Processes: Job Queues In the first 7.0 release, Oracle provided replication in the form of a database object known as a snapshot. Job queues were the internal mechanism by which these snapshots were refreshed, or made current. A job queue process monitored a job table that told it when it needed to refresh various snapshots in the system. In Oracle 7.1, Oracle Corporation exposed this facility for all to use via a database package called DBMS_JOB. So a process that was solely the domain of the snapshot in 7.0 became the “job queue” in 7.1 and later versions. Over time, the parameters for controlling the behavior of the job queue (how frequently it should be checked and how many queue processes there should be) changed in name from SNAPSHOT_REFRESH_INTERVAL and SNAPSHOT_REFRESH_PROCESSES to JOB_QUEUE_INTERVAL and CHAPTER 5 ■ ORACLE PROCESSES 191 JOB_QUEUE_PROCESSES. In current releases only the JOB_QUEUE_PROCESSES parameter is exposed as a user- tunable setting. You may have up to 1,000 job queue processes. Their names will be J000 . . . J999. These processes are used heavily in replication as part of the materialized view refresh process. Streams-based replication (new with Oracle9i Release 2) uses AQ for replication and therefore does not use the job queue processes. Developers also frequently use the job queues in order to schedule one-off (background) jobs or recurring jobs such as sending an e-mail in the background or processing a long- running batch process in the background. By doing some work in the background, you can make a long task seem to take much less time to an impatient end user (he feels like it went faster, even though it might not be done yet). This is similar to what Oracle does with LGWR and DBWn processes; they do much of their work in the background, so you don’t have to wait for them to complete all tasks in real time. The Jnnn, where nnn represents a number, processes are very much like a shared server, but with aspects of a dedicated server. They are shared in the sense that they process one job after the other, but they manage memory more like a dedicated server would (their UGA memory is in the PGA, not the SGA). Each job queue process will run exactly one job at a time, one after the other, to completion. That is why we may need multiple processes if we wish to run jobs at the same time. There is no threading or preempting of a job. Once a job is running, it will run to completion (or failure). You will notice that the Jnnn processes come and go over time. That is, if you configure up to 1,000 of them, you will not see 1,000 of them start up with the database. Rather, a sole process, the Job Queue Coordinator (CJQ0) will start up, and as it sees jobs that need to be run in the job queue table, it will start the Jnnn processes. As the Jnnn processes complete their work and discover no new jobs to process, they will start to exit, to go away. So, if you schedule most of your jobs to run at 2:00 AM when no one is around, you might well never actually see these Jnnn processes. QMNC and Qnnn: Advanced Queues The QMNC process is to the AQ tables what the CJQ0 process is to the job table. It monitors the advanced queues and alerts waiting message dequeuers that a message has become available. QMNC and Qnnn are also responsible for queue propagation—that is, the ability of a message that was enqueued (added) in one database to be moved to a queue in another database for dequeueing. The Qnnn process are to the QMNC process what the Jnnn processes are to the CJQ0 process. They are notified by the QMNC process of work that needs to be performed, and they process the work. The QMNC and Qnnn processes are optional background processes. The parameter AQ_TM_PROCESSES specifies creation of up to ten of these processes named Q000 . . . Q009, and a single QMNC process. Unlike the Jnnn processes used by the job queues, the Qnnn processes are persistent. If you set AQ_TM_PROCESSES to 10, you will see ten Qnnn processes and the QMNC process at database startup and for the entire life of the instance. EMNC: Event Monitor Processes The EMNC process is part of the AQ architecture. It is used to notify queue subscribers of messages they would be interested in. This notification is performed asynchronously. There are Oracle Call Interface (OCI) functions available to register a callback for message notification. The callback is a function in the OCI program that will be invoked automatically whenever a message of interest is available in the queue. The EMNn background process is used to notify the subscriber. The EMNC process is started automatically when the first notification is issued for the instance. The application may then issue an explicit message_receive(dequeue) to retrieve the message. CHAPTER 5 ■ ORACLE PROCESSES 192 MMAN: Memory Manager This process is new with Oracle 10g and above and is used by the automatic SGA sizing feature. The MMAN process coordinates the sizing and resizing of the shared memory components (the default buffer pool, the shared pool, the Java pool, and the large pool). MMON, MMNL, and Mnnn: Manageability Monitors These processes are used to populate the Automatic Workload Repository (AWR), a new feature in Oracle 10g. The MMNL process flushes statistics from the SGA to database tables on a scheduled basis. The MMON process is used to auto-detect database performance issues and implement the new self-tuning features. The Mnnn processes are similar to the Jnnn or Qnnn processes for the job queues; the MMON process will request these slave processes to perform work on its behalf. The Mnnn processes are transient in nature—they will come and go as needed. CTWR: Change Tracking Processes This is a new optional process of the Oracle 10g database. The CTWR process is responsible for maintaining the new change tracking file, as described in Chapter 3. RVWR: Recovery Writer This process, another new optional process of the Oracle 10g database, is responsible for maintaining the before images of blocks in the Flash Recovery Area (described in Chapter 3) used with the FLASHBACK DATABASE command. DMnn/DWnn: Data Pump Master/Worker Processes Data Pump was a new feature added in Oracle 10g Release 1 of the database. It was designed as a complete rewrite of the legacy export/import processes. Data Pump runs entirely in the server and the API to it is via PL/SQL. Since Data Pump runs in the server, support for performing the various Data Pump operations were added. The Data Pump master (DMnn) collects all inputs from client processes (it is the process that receives the API inputs) and then coordinates the worker processes (the DWnn) which perform the real work–the DMnn processes do the actual processing of the metadata and data. Remaining Utility Background Processes So, is that the complete list? No, there are others. For example, Oracle Data Guard has a set of processes associated with it to facilitate the shipping of redo information from one database to another and apply it (see the Data Guard Concepts and Administration Guide from Oracle for details). There are Streams apply and capture processes as well. However, the preceding list covers most of the common background processes you |will encounter. CHAPTER 5 ■ ORACLE PROCESSES 193 Slave Processes Now we are ready to look at the last class of Oracle processes: the slave processes. There are two types of slave processes with Oracle, I/O slaves and parallel query slaves. I/O Slaves I/O slaves are used to emulate asynchronous I/O for systems or devices that do not support it. For example, tape devices (which are notoriously slow) do not support asynchronous I/O. By using I/O slaves, we can mimic for tape drives what the operating system normally provides for disk drives. Just as with true asynchronous I/O, the process writing to the device batches a large amount of data and hands it off to be written. When the data is successfully written, the writer (our I/O slave this time, not the operating system) signals the original invoker, who removes this batch of data from its list of data that needs to be written. In this fashion, we can achieve a much higher throughput, since the I/O slaves are the ones waiting for the slow device, while their caller is off doing other important work getting the data together for the next write. I/O slaves are used in a couple of places in Oracle. DBWn and LGWR can make use of them to simulate asynchronous I/O, and RMAN will make use of them when writing to tape. Two parameters control the use of I/O slaves: • BACKUP_TAPE_IO_SLAVES: This parameter specifies whether I/O slaves are used by RMAN to back up, copy, or restore data to tape. Since this parameter is designed around tape devices, and tape devices may be accessed by only one process at any time, this parameter is a Boolean, and not the number of slaves to use, as you might expect. RMAN will start up as many slaves as necessary for the number of physical devices being used. When BACKUP_TAPE_IO_SLAVES = TRUE, an I/O slave process is used to write to or read from a tape device. If this parameter is FALSE (the default), then I/O slaves are not used for backups. Instead, the dedicated server process engaged in the backup will access the tape device. • DBWR_IO_SLAVES: This parameter specifies the number of I/O slaves used by the DBW0 process. The DBW0 process and its slaves always perform the writing to disk of dirty blocks in the buffer cache. By default, the value is 0 and I/O slaves are not used. Note that if you set this parameter to a nonzero value, LGWR and ARCH will use their own I/O slaves as well, up to four I/O slaves for LGWR and ARCH will be permitted. The DBWR I/O slaves appear with the name I1nn, and the LGWR I/O slaves appear with the name I2nn. Pnnn: Parallel Query Execution Servers Oracle 7.1.6 introduced the parallel query capability into the database. This is the capability to take a SQL statement such as a SELECT, CREATE TABLE, CREATE INDEX, UPDATE, and so on and create an execution plan that consists of many execution plans that can be done simultaneously. The outputs of each of these plans are merged together into one larger result. The goal is to do an operation in a fraction of the time it would take if you did it serially. For example, say you have a really large table spread across ten different files. You have 16 CPUs at your disposal, and you need to execute an ad hoc query on this table. It might be advantageous to break the query plan into 32 little pieces and really make use of that machine, as opposed to just using one process to read and process all of that data serially. When using parallel query, you will see processes named Pnnn—these are the parallel query execution servers themselves. During the processing of a parallel statement, your server process will be CHAPTER 5 ■ ORACLE PROCESSES 194 known as the Parallel Query Coordinator. Its name won’t change at the operating system level, but as you read documentation on parallel query, when you see references to the coordinator process, know that it is simply your original server process. Summary We’ve covered the files used by Oracle, from the lowly but important parameter file to data files, redo log files, and so on. We’ve taken a look inside the memory structures used by Oracle, both in the server processes and the SGA. We’ve seen how different server configurations, such as shared server versus dedicated server mode for connections, will have a dramatic impact on how memory is used by the system. Lastly, we looked at the processes (or threads, depending on the operating system) that enable Oracle to do what it does. Now we are ready to look at the implementation of some other features of Oracle, such as locking, concurrency controls, and transactions. C H A P T E R 6 ■ ■ ■ 195 Locking and Latching One of the key challenges in developing multiuser, database-driven applications is to maximize concurrent access and, at the same time, ensure that each user is able to read and modify the data in a consistent fashion. The locking mechanisms that allow this to happen are key features of any database, and Oracle excels in providing them. However, Oracle’s implementation of these features is specific to Oracle—just as SQL Server’s implementation is to SQL Server—and it is up to you, the application developer, to ensure that when your application performs data manipulation, it uses these mechanisms correctly. If you fail to do so, your application will behave in an unexpected way, and inevitably the integrity of your data will be compromised (as was demonstrated in Chapter 1 “Developing Successful Oracle Applications”). In this chapter, we’ll take a detailed look at how Oracle locks both data (e.g., rows in tables) and shared data structures (such as those found in the SGA). We’ll investigate the granularity to which Oracle locks data and what that means to you, the developer. When appropriate, I’ll contrast Oracle’s locking scheme with other popular implementations, mostly to dispel the myth that row-level locking adds overhead; in reality, it adds overhead only if the implementation adds overhead. In the next chapter, we’ll continue this discussion and investigate Oracle’s multi-versioning techniques and how locking strategies interact with them. What Are Locks? Locks are mechanisms used to regulate concurrent access to a shared resource. Note how I used the term “shared resource” and not “database row.” It is true that Oracle locks table data at the row level, but it also uses locks at many other levels to provide concurrent access to various resources. For example, while a stored procedure is executing, the procedure itself is locked in a mode that allows others to execute it, but it will not permit another user to alter that instance of that stored procedure in any way. Locks are used in the database to permit concurrent access to these shared resources, while at the same time providing data integrity and consistency. In a single-user database, locks are not necessary. There is, by definition, only one user modifying the information. However, when multiple users are accessing and modifying data or data structures, it is crucial to have a mechanism in place to prevent concurrent modification of the same piece of information. This is what locking is all about. It is very important to understand that there are as many ways to implement locking in a database as there are databases. Just because you have experience with the locking model of one particular relational database management system (RDBMS) does not mean you know everything about locking. For example, before I got heavily involved with Oracle, I used other databases including as Sybase, Microsoft SQL Server, and Informix. All three of these databases provide locking mechanisms for concurrency control, but there are deep and fundamental differences in the way locking is implemented in each one. CHAPTER 6 ■ LOCKING AND LATCHING 196 To demonstrate this, I’ll outline my progression from a Sybase SQL Server developer to an Informix user and finally to an Oracle developer. This happened many years ago, and the SQL Server fans out there will tell me “But we have row-level locking now!” It is true: SQL Server may now use row-level locking, but the way it is implemented is totally different from the way it is done in Oracle. It is a comparison between apples and oranges, and that is the key point. As a SQL Server programmer, I would hardly ever consider the possibility of multiple users inserting data into a table concurrently. It was something that just didn’t often happen in that database. At that time, SQL Server provided only for page-level locking and, since all the data tended to be inserted into the last page of nonclustered tables, concurrent inserts by two users was simply not going to happen. ■ Note A SQL Server clustered table (a table that has a clustered index) is in some regard similar to, but very different from, an Oracle cluster. SQL Server used to only support page (block) level locking; if every row inserted was to go to the “end” of the table, you would never have had concurrent inserts or concurrent transactions in that database. The clustered index in SQL Server was used to insert rows all over the table, in sorted order by the cluster key, and as such improved concurrency in that database. Exactly the same issue affected concurrent updates (since an UPDATE was really a DELETE followed by an INSERT in SQL Server). Perhaps this is why SQL Server, by default, commits or rolls back immediately after execution of each and every statement, compromising transactional integrity in an attempt to gain higher concurrency. So in most cases, with page-level locking, multiple users could not simultaneously modify the same table. Compounding this was the fact that while a table modification was in progress, many queries were also effectively blocked against that table. If I tried to query a table and needed a page that was locked by an update, I waited (and waited and waited). The locking mechanism was so poor that providing support for transactions that took more than a second was deadly—the entire database would appear to freeze. I learned a lot of bad habits as a result. I learned that transactions were “bad” and that you ought to commit rapidly and never hold locks on data. Concurrency came at the expense of consistency. You either wanted to get it right or get it fast. I came to believe that you couldn’t have both. When I moved on to Informix, things were better, but not by much. As long as I remembered to create a table with row-level locking enabled, then I could actually have two people simultaneously insert data into that table. Unfortunately, this concurrency came at a high price. Row-level locks in the Informix implementation were expensive, both in terms of time and memory. It took time to acquire and unacquire (release) them, and each lock consumed real memory. Also, the total number of locks available to the system had to be computed prior to starting the database. If you exceeded that number, you were just out of luck. Consequently, most tables were created with page-level locking anyway, and, as with SQL Server, both row and page-level locks would stop a query in its tracks. As a result, I found that once again I would want to commit as fast as I could. The bad habits I picked up using SQL Server were simply reinforced and, furthermore, I learned to treat a lock as a very scarce resource—something to be coveted. I learned that you should manually escalate locks from row level to table level to try to avoid acquiring too many of them and bringing the system down, and bring it down I did—many times. When I started using Oracle, I didn’t really bother reading the manuals to find out how locking worked in this particular database. After all, I had been using databases for quite a while and was considered something of an expert in this field (in addition to Sybase, SQL Server, and Informix, I had used Ingress, DB2, Gupta SQLBase, and a variety of other databases). I had fallen into the trap of believing that I knew how things should work, so I thought of course they would work in that way. I was wrong in a big way. CHAPTER 6 ■ LOCKING AND LATCHING 197 It was during a benchmark that I discovered just how wrong I was. In the early days of these databases (around 1992/1993), it was common for the vendors to benchmark for really large procurements to see who could do the work the fastest, the easiest, and with the most features. The benchmark was between Informix, Sybase SQL Server, and Oracle. Oracle went first. Their technical people came on-site, read through the benchmark specs, and started setting it up. The first thing I noticed was that the technicians from Oracle were going to use a database table to record their timings, even though we were going to have many dozens of connections doing work, each of which would frequently need to insert and update data in this log table. Not only that, but they were going to read the log table during the benchmark as well! Being a nice guy, I pulled one of the Oracle technicians aside to ask him if they were crazy. Why would they purposely introduce another point of contention into the system? Wouldn’t the benchmark processes all tend to serialize around their operations on this single table? Would they jam the benchmark by trying to read from this table as others were heavily modifying it? Why would they want to introduce all of these extra locks that they would need to manage? I had dozens of “Why would you even consider that?”–type questions. The technical folks from Oracle thought I was a little daft at that point. That is, until I pulled up a window into either Sybase SQL Server or Informix, and showed them the effects of two people inserting into a table, or someone trying to query a table with others inserting rows (the query returns zero rows per second). The differences between the way Oracle does it and the way almost every other database does it are phenomenal— they are night and day. Needless to say, neither the Informix nor the SQL Server technicians were too keen on the database log table approach during their attempts. They preferred to record their timings to flat files in the operating system. The Oracle people left with a better understanding of exactly how to compete against Sybase SQL Server and Informix: just ask the audience “How many rows per second does your current database return when data is locked?” and take it from there. The moral to this story is twofold. First, all databases are fundamentally different. Second, when designing an application for a new database platform, you must make no assumptions about how that database works. You must approach each new database as if you had never used a database before. Things you would do in one database are either not necessary or simply won’t work in another database. In Oracle you will learn that: • Transactions are what databases are all about. They are a good thing. • You should defer committing until the correct moment. You should not do it quickly to avoid stressing the system, as it does not stress the system to have long or large transactions. The rule is commit when you must, and not before. Your transactions should only be as small or as large as your business logic dictates. (Interesting side note: I just wrote that rule for committing—“when you must, and not before”—on http://asktom.oracle.com just this morning, probably for the millionth time. Some things never change). • You should hold locks on data as long as you need to. They are tools for you to use, not things to be avoided. Locks are not a scarce resource. Conversely, you should hold locks on data only as long as you need to. Locks may not be scarce, but they can prevent other sessions from modifying information. • There is no overhead involved with row-level locking in Oracle—none. Whether you have 1 row lock or 1,000,000 row locks, the number of resources dedicated to locking this information will be the same. Sure, you’ll do a lot more work modifying 1,000,000 rows rather than 1 row, but the number of resources needed to lock 1,000,000 rows is the same as for 1 row; it is a fixed constant. • You should never escalate a lock (e.g., use a table lock instead of row locks) because it would be “better for the system.” In Oracle, it won’t be better for the system—it will save no resources. There are times to use table locks, such as in a batch process, when you know you will update the entire table and you do not CHAPTER 6 ■ LOCKING AND LATCHING 198 want other sessions to lock rows on you. But you are not using a table lock to make it easier for the system by avoiding having to allocate row locks; you are using a table lock to ensure you can gain access to all of the resources your batch program needs in this case. • Concurrency and consistency can be achieved simultaneously. You can get it fast and correct, every time. Readers of data are not blocked by writers of data. Writers of data are not blocked by readers of data. This is one of the fundamental differences between Oracle and most other relational databases. As we cover the remaining components in this chapter and the next, I’ll reinforce these points. Locking Issues Before we discuss the various types of locks that Oracle uses, it is useful to look at some locking issues, many of which arise from badly designed applications that do not make correct use (or make no use) of the database’s locking mechanisms. Lost Updates A lost update is a classic database problem. Actually, it is a problem in all multiuser computer environments. Simply put, a lost update occurs when the following events occur, in the order presented here: 1. A transaction in Session1 retrieves (queries) a row of data into local memory and displays it to an end user, User1. 2. Another transaction in Session2 retrieves that same row, but displays the data to a different end user, User2. 3. User1, using the application, modifies that row and has the application update the database and commit. Session1’s transaction is now complete. 4. User2 modifies that row also, and has the application update the database and commit. Session2’s transaction is now complete. This process is referred to as a lost update because all of the changes made in Step 3 will be lost. Consider, for example, an employee update screen that allows a user to change an address, work number, and so on. The application itself is very simple: a small search screen to generate a list of employees and then the ability to drill down into the details of each employee. This should be a piece of cake. So, we write the application with no locking on our part, just simple SELECT and UPDATE commands. Then an end user (User1) navigates to the details screen, changes an address on the screen, clicks Save, and receives confirmation that the update was successful. Fine, except that when User1 checks the record the next day to send out a tax form, the old address is still listed. How could that have happened? Unfortunately, it can happen all too easily. In this case, another end user (User2) queried the same record just after User1 did—after User1 read the data, but before User1 modified it. Then, after User2 queried the data, User1 performed her update, received confirmation, and even re-queried to see the change for herself. However, User2 then updated the work telephone number field and clicked Save, blissfully unaware of the fact that he just overwrote User1’s changes to the address field with the old data! The reason this can happen in this case is that the application developer wrote the program such that when one particular field is updated, all fields for that record are refreshed (simply because it’s easier to update all the columns instead of figuring out exactly which columns changed and only updating those). CHAPTER 6 ■ LOCKING AND LATCHING 199 Note that for this to happen, User1 and User2 didn’t even need to be working on the record at the exact same time. They simply needed to be working on the record at about the same time. I’ve seen this database issue crop up time and again when GUI programmers with little or no database training are given the task of writing a database application. They get a working knowledge of SELECT, INSERT, UPDATE, and DELETE and set about writing the application. When the resulting application behaves in the manner just described, it completely destroys a user’s confidence in it, especially since it seems so random, so sporadic, and totally irreproducible in a controlled environment (leading the developer to believe it must be user error). Many tools, such as Oracle Forms and APEX (Application Express, the tool we used to create the AskTom website), transparently protect you from this behavior by ensuring the record is unchanged from the time you query it and locked before you make any changes to it (known as optimistic locking), but many others (such as a handwritten Visual Basic or Java program) do not. What the tools that protect you do behind the scenes, or what the developers must do themselves, is use one of two types of locking strategies: pessimistic or optimistic. Pessimistic Locking The pessimistic locking method would be put into action the instant before a user modifies a value on the screen. For example, a row lock would be placed as soon as the user indicates his intention to perform an update on a specific row that he has selected and has visible on the screen (by clicking a button on the screen, say). That row lock would persist until the application applied the users' modifications to the row in the database and committed. Pessimistic locking is useful only in a stateful or connected environment—that is, one where your application has a continual connection to the database and you are the only one using that connection for at least the life of your transaction. This was the prevalent way of doing things in the early to mid 1990s with client/server applications. Every application would get a direct connection to the database to be used solely by that application instance. This method of connecting, in a stateful fashion, has become less common (though it is not extinct), especially with the advent of application servers in the mid to late 1990s. Assuming you are using a stateful connection, you might have an application that queries the data without locking anything: scott%ORA11GR2> select empno, ename, sal from emp where deptno = 10; EMPNO ENAME SAL ---------- ---------- ---------- 7782 CLARK 2450 7839 KING 5000 7934 MILLER 1300 Eventually, the user picks a row she would like to update. Let’s say in this case, she chooses to update the MILLER row. Our application will, at that point, (before the user makes any changes on the screen but after the row has been out of the database for a while) bind the values the user selected so we can query the database and make sure the data hasn’t been changed yet. In SQL*Plus, to simulate the bind calls the application would make, we can issue the following: scott%ORA11GR2> variable empno number scott%ORA11GR2> variable ename varchar2(20) scott%ORA11GR2> variable sal number scott%ORA11GR2> exec :empno := 7934; :ename := 'MILLER'; :sal := 1300; PL/SQL procedure successfully completed. CHAPTER 6 ■ LOCKING AND LATCHING 200 Now in addition to simply querying the values and verifying that they have not been changed, we are going to lock the row using FOR UPDATE NOWAIT. The application will execute the following query: scott%ORA11GR2> select empno, ename, sal 2 from emp 3 where empno = :empno 4 and decode( ename, :ename, 1 ) = 1 5 and decode( sal, :sal, 1 ) = 1 6 for update nowait 7 / EMPNO ENAME SAL ---------- ---------- ---------- 7934 MILLER 1300 ■ Note Why did we use “decode( column, :bind_variable, 1 ) = 1”? It is simply a shorthand way of expressing “where (column = :bind_variable OR (column is NULL and :bind_variable is NULL)”. You could code either approach, the decode() is just more compact in this case, and since NULL = NULL is never true (nor false!) in SQL, one of the two approaches would be necessary if either of the columns permitted NULLs. The application supplies values for the bind variables from the data on the screen (in this case 7934, MILLER, and 1300) and re-queries this same row from the database, this time locking the row against updates by other sessions; hence this approach is called pessimistic locking. We lock the row before we attempt to update because we doubt—we are pessimistic—that the row will remain unchanged otherwise. Since all tables should have a primary key (the preceding SELECT will retrieve at most one record since it includes the primary key, EMPNO) and primary keys should be immutable (we should never update them), we’ll get one of three outcomes from this statement: • If the underlying data has not changed, we will get our MILLER row back, and this row will be locked from updates (but not reads) by others. • If another user is in the process of modifying that row, we will get an ORA-00054 resource busy error. We must wait for the other user to finish with it. • If, in the time between selecting the data and indicating our intention to update, someone has already changed the row, then we will get zero rows back. That implies the data on our screen is stale. To avoid the lost update scenario previously described, the application needs to re-query and lock the data before allowing the end user to modify it. With pessimistic locking in place, when User2 attempts to update the telephone field, the application would now recognize that the address field had been changed and would re-query the data. Thus, User2 would not overwrite User1’s change with the old data in that field. Once we have locked the row successfully, the application will bind the new values, issue the update, and commit the changes: CHAPTER 6 ■ LOCKING AND LATCHING 201 scott%ORA11GR2> update emp 2 set ename = :ename, sal = :sal 3 where empno = :empno; 1 row updated. scott%ORA11GR2> commit; Commit complete. We have now very safely changed that row. It is not possible for us to overwrite someone else’s changes, as we verified the data did not change between when we initially read it out and when we locked it—our verification made sure no one else changed it before we did, and our lock ensures no one else can change it while we are working with it. Optimistic Locking The second method, referred to as optimistic locking, defers all locking up to the point right before the update is performed. In other words, we will modify the information on the screen without a lock being acquired. We are optimistic that the data will not be changed by some other user; hence we wait until the very last moment to find out if we are right. This locking method works in all environments, but it does increase the probability that a user performing an update will lose. That is, when that user goes to update her row, she finds that the data has been modified, and she has to start over. One popular implementation of optimistic locking is to keep the old and new values in the application, and upon updating the data, use an update like this: Update table Set column1 = :new_column1, column2 = :new_column2, .... Where primary_key = :primary_key And decode( column1, :old_column1, 1 ) = 1 And decode( column2, :old_column2, 1 ) = 1 ... Here, we are optimistic that the data doesn’t get changed. In this case, if our update updates one row, we got lucky; the data didn’t change between the time we read it and the time we got around to submitting the update. If we update zero rows, we lose; someone else changed the data and now we must figure out what we want to do to continue in the application. Should we make the end user re-key the transaction after querying the new values for the row (potentially causing the user frustration, as there is a chance the row will have changed yet again)? Should we try to merge the values of the two updates by performing update conflict-resolution based on business rules (lots of code)? The preceding UPDATE will, in fact, avoid a lost update, but it does stand a chance of being blocked, hanging while it waits for an UPDATE of that row by another session to complete. If all of your applications use optimistic locking, then using a straight UPDATE is generally OK since rows are locked for a very short duration as updates are applied and committed. However, if some of your applications use pessimistic locking, which will hold locks on rows for relatively long periods of time, or if there is any application (such as a batch process) that might lock rows for a long period of time (more than a second or two is considered long!), then you should consider using a SELECT FOR UPDATE NOWAIT instead to verify the row was not changed, and lock it immediately prior to the UPDATE to avoid getting blocked by another session. CHAPTER 6 ■ LOCKING AND LATCHING 202 There are many methods of implementing optimistic concurrency control. We’ve discussed one whereby the application will store all of the before images of the row in the application itself. In the following sections, we’ll explore two others, namely: • Using a special column that is maintained by a database trigger or application code to tell us the “version” of the record • Using a checksum or hash that was computed using the original data Optimistic Locking Using a Version Column This is a simple implementation that involves adding a single column to each database table you wish to protect from lost updates. This column is generally either a NUMBER or DATE/TIMESTAMP column. It is typically maintained via a row trigger on the table, which is responsible for incrementing the NUMBER column or updating the DATE/TIMESTAMP column every time a row is modified. ■ Note I said it was typically maintained via a row trigger. I did not, however, say that was the best way or right way to maintain it. I would personally prefer this column be maintained by the UPDATE statement itself, not via a trigger because triggers that are not absolutely necessary (as this one is) should be avoided. For background on why I avoid triggers, refer to my “Trouble With Triggers” article from Oracle Magazine, found on the Oracle Technology Network at http://www.oracle.com/technology/oramag/oracle/08-sep/o58asktom.html. The application you want to implement optimistic concurrency control would need only to save the value of this additional column, not all of the before images of the other columns. The application would only need to verify that the value of this column in the database at the point when the update is requested matches the value that was initially read out. If these values are the same, then the row has not been updated. Let’s look at an implementation of optimistic locking using a copy of the SCOTT.DEPT table. We could use the following Data Definition Language (DDL) to create the table: ops$tkyte%ORA11GR2> create table dept 2 ( deptno number(2), 3 dname varchar2(14), 4 loc varchar2(13), 5 last_mod timestamp with time zone 6 default systimestamp 7 not null, 8 constraint dept_pk primary key(deptno) 9 ) 10 / Table created. Then we INSERT a copy of the DEPT data into this table: ops$tkyte%ORA11GR2> insert into dept( deptno, dname, loc ) 2 select deptno, dname, loc 3 from scott.dept; CHAPTER 6 ■ LOCKING AND LATCHING 203 4 rows created. ops$tkyte%ORA11GR2> commit; Commit complete. That code recreates the DEPT table, but with an additional LAST_MOD column that uses the TIMESTAMP WITH TIME ZONE datatype (available in Oracle9i and above). We have defined this column to be NOT NULL so that it must be populated, and its default value is the current system time. This TIMESTAMP datatype has the highest precision available in Oracle, typically going down to the microsecond (millionth of a second). For an application that involves user think time, this level of precision on the TIMESTAMP is more than sufficient, as it is highly unlikely that the process of the database retrieving a row and a human looking at it, modifying it, and issuing the update back to the database could take place within a fraction of a second. The odds of two people reading and modifying the same row in the same fraction of a second are very small indeed. Next, we need a way of maintaining this value. We have two choices: either the application can maintain the LAST_MOD column by setting its value to SYSTIMESTAMP when it updates a record, or a trigger/stored procedure can maintain it. Having the application maintain LAST_MOD is definitely more performant than a trigger-based approach, since a trigger will add additional processing on top of that already done by Oracle. However, this does mean that you are relying on all of the applications to maintain LAST_MOD consistently in all places that they modify this table. So, if each application is responsible for maintaining this field, it needs to consistently verify that the LAST_MOD column was not changed and set the LAST_MOD column to the current SYSTIMESTAMP. For example, if an application queries the row where DEPTNO=10:(?) ops$tkyte%ORA11GR2> variable deptno number ops$tkyte%ORA11GR2> variable dname varchar2(14) ops$tkyte%ORA11GR2> variable loc varchar2(13) ops$tkyte%ORA11GR2> variable last_mod varchar2(50) ops$tkyte%ORA11GR2> ops$tkyte%ORA11GR2> begin 2 :deptno := 10; 3 select dname, loc, to_char( last_mod, 'DD-MON-YYYY HH.MI.SSXFF AM TZR' ) 4 into :dname,:loc,:last_mod 5 from dept 6 where deptno = :deptno; 7 end; 8 / PL/SQL procedure successfully completed. which we can see is currently ops$tkyte%ORA11GR2> select :deptno dno, :dname dname, :loc loc, :last_mod lm 2 from dual; DNO DNAME LOC LM ---------- ---------- ---------- ---------------------------------------- 10 ACCOUNTING NEW YORK 17-FEB-2010 02.18.08.908754 PM -05:00 it would use this next update statement to modify the information. The last line does the very important check to make sure the timestamp has not changed and uses the built-in function TO_TIMESTAMP_TZ (tz is short for time zone ) to convert the string we saved in from the SELECT statement(?) back into the proper datatype. Additionally, line 3 of the UPDATE statement(?) updates the LAST_MOD column to be the current time if the row is found to be updated: CHAPTER 6 ■ LOCKING AND LATCHING 204 ops$tkyte%ORA11GR2> update dept 2 set dname = initcap(:dname), 3 last_mod = systimestamp 4 where deptno = :deptno 5 and last_mod = to_timestamp_tz(:last_mod, 'DD-MON-YYYY HH.MI.SSXFF AM TZR' ); 1 row updated. As you can see, one row was updated, the row of interest. We updated the row by primary key (DEPTNO) and verified that the LAST_MOD column had not been modified by any other session between the time we read it first and the time we did the update. If we were to try to update that same record again, using the same logic but without retrieving the new LAST_MOD value, we would observe the following: ops$tkyte%ORA11GR2> update dept 2 set dname = upper(:dname), 3 last_mod = systimestamp 4 where deptno = :deptno 5 and last_mod = to_timestamp_tz(:last_mod, 'DD-MON-YYYY HH.MI.SSXFF AM TZR' ); 0 rows updated.. Notice how 0 rows updated is reported this time because the predicate on LAST_MOD was not satisfied. While DEPTNO 10 still exists, the value at the moment we wish to update no longer matches the timestamp value at the moment we queried the row. So, the application knows that the data has been changed in the database, based on the fact that no rows were modified—and it must now figure out what it wants to do about that. You would not rely on each application to maintain this field for a number of reasons. For one, it adds code to an application, and it is code that must be repeated and correctly implemented anywhere this table is modified. In a large application, that could be in many places. Furthermore, every application developed in the future must also conform to these rules. There are many chances to miss a spot in the application code and thus not have this field properly used. So, if the application code itself isn’t responsible for maintaining this LAST_MOD field, then I believe that the application shouldn’t be responsible for checking this LAST_MOD field either (if it can do the check, it can certainly do the update!). So, in this case, I suggest encapsulating the update logic in a stored procedure and not allowing the application to update the table directly at all. If it cannot be trusted to maintain the value in this field, then it cannot be trusted to check it properly either. So, the stored procedure would take as inputs the bind variables we used in the previous updates and do exactly the same update. Upon detecting that zero rows were updated, the stored procedure could raise an exception back to the client to let the client know the update had, in effect, failed. An alternate implementation uses a trigger to maintain this LAST_MOD field, but for something as simple as this, my recommendation is to avoid the trigger and let the DML take care of it. Triggers introduce a measurable amount of overhead, and in this case they would be unnecessary. Furthermore, the trigger would not be able to confirm that the row has not been modified (it would only be able to supply the value for LAST_MOD, not check it during the update!), hence the application has to be made painfully aware of this column and how to properly use it. So the trigger is not by itself sufficient. Optimistic Locking Using a Checksum This is very similar to the previous version column method, but it uses the base data itself to compute a “virtual” version column. I’ll quote the Oracle 11g Release 2 PL/SQL Supplied Packages Guide (before showing how to use one of the supplied packages!) to help explain the goal and concepts behind a checksum or hash function: CHAPTER 6 ■ LOCKING AND LATCHING 205 A one-way hash function takes a variable-length input string, the data, and converts it to a fixed-length (generally smaller) output string called a hash value. The hash value serves as a unique identifier (like a fingerprint) of the input data. You can use the hash value to verify whether data has been changed or not. Note that a one-way hash function is a hash function that works in one direction. It is easy to compute a hash value from the input data, but it is hard to generate data that hashes to a particular value. http://download.oracle.com/docs/cd/E11882_01/appdev.112/e10577/d_crypto.htm#ARPLS65700 We can use these hashes or checksums in the same way that we used our version column. We simply compare the hash or checksum value we obtain when we read data out of the database with that we obtain before modifying the data. If someone modified the row’s values after we read it out, but before we updated it, then the hash or checksum will almost certainly be different. There are many ways to compute a hash or checksum. I’ll list four of these and demonstrate one in this section. All of these methods are based on supplied database functionality. • OWA_OPT_LOCK.CHECKSUM: This method is available on Oracle8i version 8.1.5 and up. There is a function that, given a string, returns a 16-bit checksum, and another function that, given a ROWID, will compute the 16-bit checksum of that row and lock it at the same time. Possibilities of collision are 1 in 65,536 strings (the highest chance of a false positive). • DBMS_OBFUSCATION_TOOLKIT.MD5: This method is available in Oracle8i version 8.1.7 and up. It computes a 128-bit message digest. The odds of a collision are about 1 in 3.4028E+38 (very small). • DBMS_CRYPTO.HASH: This method is available in Oracle 10g Release 1 and up. It is capable of computing a Secure Hash Algorithm 1 (SHA-1) or MD4/MD5 message digests. It is recommended that you use the SHA-1 algorithm. • ORA_HASH: This method is available in Oracle 10g Release 1 and up. This is a built-in SQL function that takes a varchar2 value as input and (optionally) another pair of inputs that control the return value. The returned value is a number—by default a number between 0 and 4294967295. ■ Note An array of hash and checksum functions are available in many programming languages, so there may be others at your disposal outside the database. That said, if you use built-in database capabilities, you will have increased your portability (to new languages, new approaches) in the future. The following example shows how you might use the ORA_HASH built-in function in Oracle 10g and above to compute these hashes/checksums. The technique would also be applicable for the other three listed approaches; the logic would not be very much different, but the APIs you call would be. First, we’ll start by getting rid of the column we used in the previous example ops$tkyte%ORA11GR2> alter table dept drop column last_mod; Table altered. CHAPTER 6 ■ LOCKING AND LATCHING 206 and then have our application query and display the information for department 10 . Note that while we query the information, we compute the hash using the ORA_HASH built-in. This is the version information that we retain in our application. Following is our code to query and display: ops$tkyte%ORA11GR2> variable deptno number ops$tkyte%ORA11GR2> variable dname varchar2(14) ops$tkyte%ORA11GR2> variable loc varchar2(13) ops$tkyte%ORA11GR2> variable hash number ops$tkyte%ORA11GR2> begin 2 select deptno, dname, loc, 3 ora_hash( dname || '/' || loc ) hash 4 into :deptno, :dname, :loc, :hash 5 from dept 6 where deptno = 10; 7 end; 8 / PL/SQL procedure successfully completed. ops$tkyte%ORA11GR2> select :deptno, :dname, :loc, :hash 2 from dual; :DEPTNO :DNAME :LOC :HASH ---------- ---------- ---------- ---------- 10 Accounting NEW YORK 2721972020 As you can see, the hash is just some number. It is the value we would want to use before updating. To update that row, we would lock the row in the database as it exists right now, and then compare the hash value of that row with the hash value we computed when we read the data out of the database. The logic for doing so could look like the following: ops$tkyte%ORA11GR2> exec :dname := lower(:dname); PL/SQL procedure successfully completed. ops$tkyte%ORA11GR2> update dept 2 set dname = :dname 3 where deptno = :deptno 4 and ora_hash( dname || '/' || loc ) = :hash 5 / 1 row updated. ops$tkyte%ORA11GR2> select dept.*, 2 ora_hash( dname || '/' || loc ) hash 3 from dept 4 where deptno = :deptno; DEPTNO DNAME LOC HASH ---------- ---------- ---------- ---------- 10 accounting NEW YORK 2818855829 Upon re-querying the data and computing the hash again after the update, we can see that the hash value is different. If someone had modified the row before we did, our hash values would not have compared. We can see this by attempting our update again, using the old hash value we read out the first time: CHAPTER 6 ■ LOCKING AND LATCHING 207 ops$tkyte%ORA11GR2> update dept 2 set dname = :dname 3 where deptno = :deptno 4 and ora_hash( dname || '/' || loc ) = :hash 5 / 0 rows updated. As you see, there were zero rows updated, since our hash value did not match the data currently in the database. In order for this hash-based approach to work properly, we must ensure every application uses the same approach when computing the hash, specifically they must concatenate dname with ‘/' with loc – in that order. To make that approach universal, I would suggest adding a virtual column to the table (in Oracle 11g Release 1 and above) or using a view to add a column, so that the function is hidden from the application itself. Adding a column would look like this in Oracle Database 11g Release 1 and above: ops$tkyte%ORA11GR2> alter table dept 2 add hash as 3 ( ora_hash(dname || '/' || loc ) ); Table altered. ops$tkyte%ORA11GR2> ops$tkyte%ORA11GR2> select * 2 from dept 3 where deptno = :deptno; DEPTNO DNAME LOC HASH ---------- ---------- ---------- ---------- 10 accounting NEW YORK 2818855829 The added column is a virtual column and as such incurs no storage overhead. The value is not computed and stored on disk. Rather, it is computed upon retrieval of the data from the database. This example showed how to implement optimistic locking with a hash or checksum. You should bear in mind that computing a hash or checksum is a somewhat CPU-intensive operation; it is computationally expensive. On a system where CPU bandwidth is a scarce resource, you must take this fact into consideration. However, this approach is much more network-friendly because the transmission of a relatively small hash instead of a before-and-after image of the row (to compare column by column) over the network will consume much less of that resource. Optimistic or Pessimistic Locking? So which method is best? In my experience, pessimistic locking works very well in Oracle (but perhaps not so well in other databases) and has many advantages over optimistic locking. However, it requires a stateful connection to the database, like a client/server connection. This is because locks are not held across connections. This single fact makes pessimistic locking unrealistic in many cases today. In the past, with client/server applications and a couple dozen or hundred users, it would have been my first and only choice. Today, however, optimistic concurrency control is what I would recommend for most applications. Having a connection for the entire duration of a transaction is just too high a price to pay. Of the methods available, which do I use? I tend to use the version column approach with a timestamp column. It gives me the extra update information in a long-term sense. Furthermore, it’s less computationally expensive than a hash or checksum, and it doesn’t run into the issues potentially CHAPTER 6 ■ LOCKING AND LATCHING 208 encountered with a hash or checksum when processing LONG, LONG RAW, CLOB, BLOB, and other very large columns. If I had to add optimistic concurrency controls to a table that was still being used with a pessimistic locking scheme (e.g., the table was accessed in both client/server applications and over the Web), I would opt for the ORA_HASH approach. The reason is that the existing legacy application might not appreciate a new column appearing. Even if we took the additional step of hiding the extra column, the application might not appreciate the overhead of the necessary trigger. The ORA_HASH technique would be nonintrusive and lightweight in that respect. The hashing/checksum approach can be very database independent, especially if we compute the hashes or checksums outside of the database. However, by performing the computations in the middle tier rather than the database, we will incur higher resource usage penalties in terms of CPU usage and network transfers. Blocking Blocking occurs when one session holds a lock on a resource that another session is requesting. As a result, the requesting session will be blocked—it will hang until the holding session gives up the locked resource. In almost every case, blocking is avoidable. In fact, if you do find that your session is blocked in an interactive application, then you have probably been suffering from the lost update bug as well, perhaps without realizing it. That is, your application logic is flawed and that is the cause of the blocking. The five common DML statements that will block in the database are INSERT, UPDATE, DELETE, MERGE, and SELECT FOR UPDATE. The solution to a blocked SELECT FOR UPDATE is trivial: simply add the NOWAIT clause and it will no longer block. Instead, your application will report back to the end user that the row is already locked. The interesting cases are the remaining four DML statements. We’ll look at each of them and see why they should not block and how to correct the situation if they do. Blocked Inserts There are few times when an INSERT will block. The most common scenario is when you have a table with a primary key or unique constraint placed on it and two sessions attempt to insert a row with the same value. One of the sessions will block until the other session either commits (in which case the blocked session will receive an error about a duplicate value) or rolls back (in which case the blocked session succeeds). Another case involves tables linked together via referential integrity constraints. An INSERT into a child table may become blocked if the parent row it depends on is being created or deleted. Blocked INSERTs typically happen with applications that allow the end user to generate the primary key/unique column value. This situation is most easily avoided by using a sequence or the SYS_GUID() built-in function to generate the primary key/unique column value. Sequences/SYS_GUID() were designed to be highly concurrent methods of generating unique keys in a multiuser environment. In the event that you cannot use either and must allow the end user to generate a key that might be duplicated, you can use the following technique, which avoids the issue by using manual locks implemented via the built-in DBMS_LOCK package. ■ Note The following example demonstrates how to prevent a session from blocking on an insert statement (?) due to a primary key or unique constraint. It should be stressed that the fix demonstrated here should be considered a short-term solution while the application architecture itself is inspected. This approach adds obvious overhead and should not be implemented lightly. A well-designed application would not encounter this issue. This should be considered a last resort and is definitely not something you want to do to every table in your application “just in case.” CHAPTER 6 ■ LOCKING AND LATCHING 209 With inserts, there’s no existing row to select and lock; there’s no way to prevent others from inserting a row with the same value, thus blocking our session and causing an indefinite wait. Here is where DBMS_LOCK comes into play. To demonstrate this technique, we will create a table with a primary key and a trigger that will prevent two (or more) sessions from inserting the same values simultaneously. The trigger will use DBMS_UTILITY.GET_HASH_VALUE to hash the primary key into some number between 0 and 1,073,741,823 (the range of lock ID numbers permitted for our use by Oracle). In this example, I’ve chosen a hash table of size 1,024, meaning we will hash our primary keys into one of 1,024 different lock IDs. Then we will use DBMS_LOCK.REQUEST to allocate an exclusive lock based on that ID. Only one session at a time will be able to do that, so if someone else tries to insert a record into our table with the same primary key, that person’s lock request will fail (and the error resource busy will be raised): ■ Note To successfully compile this trigger, execute permission on DBMS_LOCK must be granted directly to your schema. The privilege to execute DBMS_LOCK may not come from a role. scott%ORA11GR2> create table demo ( x int primary key ); Table created. scott%ORA11GR2> create or replace trigger demo_bifer 2 before insert on demo 3 for each row 4 declare 5 l_lock_id number; 6 resource_busy exception; 7 pragma exception_init( resource_busy, -54 ); 8 begin 9 l_lock_id := 10 dbms_utility.get_hash_value( to_char( :new.x ), 0, 1024 ); 11 if ( dbms_lock.request 12 ( id => l_lock_id, 13 lockmode => dbms_lock.x_mode, 14 timeout => 0, 15 release_on_commit => TRUE ) not in (0,4) ) 16 then 17 raise resource_busy; 18 end if; 19 end; 20 / Trigger created. scott%ORA11GR2> insert into demo(x) values (1); 1 row created. Now, to demonstrate us catching this blocking INSERT problem in a single session, we’ll use an AUTONOMOUS_TRANSACTION so that it seems as if this next block of code was executed in another SQL*Plus session. In fact, if you use another session, the behavior will be the same. Here we go: CHAPTER 6 ■ LOCKING AND LATCHING 210 scott%ORA11GR2> declare 2 pragma autonomous_transaction; 3 begin 4 insert into demo(x) values (1); 5 commit; 6 end; 7 / declare * ERROR at line 1: ORA-00054: resource busy and acquire with NOWAIT specified or timeout expired ORA-06512: at "SCOTT.DEMO_BIFER", line 14 ORA-04088: error during execution of trigger 'SCOTT.DEMO_BIFER' ORA-06512: at line 4 The concept here is to take the supplied primary key value of the table protected by the trigger and put it in a character string. We can then use DBMS_UTILITY.GET_HASH_VALUE to come up with a mostly unique hash value for the string. As long as we use a hash table smaller than 1,073,741,823, we can lock that value exclusively using DBMS_LOCK. After hashing, we take that value and use DBMS_LOCK to request that lock ID to be exclusively locked with a timeout of ZERO (this returns immediately if someone else has locked that value). If we timeout or fail for any reason, we raise ORA-54 Resource Busy. Otherwise, we do nothing—it is OK to insert, we won’t block. Upon committing our transaction, all locks, including those allocated by this DBMS_LOCK call, will be released. Of course, if the primary key of your table is an INTEGER and you don’t expect the key to go over 1 billion, you can skip the hash and just use the number as the lock ID. You’ll need to play with the size of the hash table (1,024 in this example) to avoid artificial resource busy messages due to different strings hashing to the same number. The size of the hash table will be application (data)-specific, and it will be influenced by the number of concurrent insertions as well. You might also add a flag to the trigger to allow people to turn the check on and off. If I were going to insert hundreds or thousands of records, for example, I might not want this check enabled. Blocked Merges, Updates, and Deletes In an interactive application—one where you query some data out of the database, allow an end user to manipulate it, and then put it back into the database—a blocked UPDATE or DELETE indicates that you probably have a lost update problem in your code. (I’ll call it a bug in your code if you do.) You are attempting to UPDATE a row that someone else is already updating (in other words, one that someone else already has locked). You can avoid the blocking issue by using the SELECT FOR UPDATE NOWAIT query to • Verify the data has not changed since you queried it out (preventing lost updates). • Lock the row (preventing the UPDATE or DELETE from blocking). As discussed earlier, you can do this regardless of the locking approach you take. Both pessimistic and optimistic locking may employ the SELECT FOR UPDATE NOWAIT query to verify the row has not changed. Pessimistic locking would use that SELECT FOR UPDATE NOWAIT statement the instant the user indicated her intention to modify the data. Optimistic locking would use that statement immediately prior to updating the data in the database. Not only will this resolve the blocking issue in your application, but it’ll also correct the data integrity issue. Since a MERGE is simply an INSERT and UPDATE (and in 10g and above, with the enhanced MERGE syntax, it’s a DELETE as well), you would use both techniques simultaneously. CHAPTER 6 ■ LOCKING AND LATCHING 211 Deadlocks Deadlocks occur when you have two sessions, each of which is holding a resource that the other wants. For example, if I have two tables, A and B, in my database, and each has a single row in it, I can demonstrate a deadlock easily. All I need to do is open two sessions (e.g., two SQL*Plus sessions). In session A, I update table A. In session B, I update table B. Now, if I attempt to update table A in session B, I will become blocked. Session A has this row locked already. This is not a deadlock; it is just blocking. I have not yet deadlocked because there is a chance that session A will commit or roll back, and session B will simply continue at that point. If I go back to session A and then try to update table B, I will cause a deadlock. One of the two sessions will be chosen as a victim and will have its statement rolled back. For example, the attempt by session B to update table A may be rolled back, with an error such as the following: update a set x = x+1 * ERROR at line 1: ORA-00060: deadlock detected while waiting for resource Session A’s attempt to update table B will remain blocked—Oracle will not roll back the entire transaction. Only one of the statements that contributed to the deadlock is rolled back. Session B still has the row in table B locked, and session A is patiently waiting for the row to become available. After receiving the deadlock message, session B must decide whether to commit the outstanding work on table B, roll it back, or continue down an alternate path and commit later. As soon as this session does commit or roll back, the other blocked session will continue on as if nothing happened. Oracle considers deadlocks to be so rare and unusual that it creates a trace file on the server each time one does occur. The contents of the trace file will look something like this: *** 2010-02-17 16:15:02.359 *** SESSION ID:(703.25021) 2010-02-17 16:15:02.359 *** CLIENT ID:() 2010-02-17 16:15:02.359 *** SERVICE NAME:(SYS$USERS) 2010-02-17 16:15:02.359 *** MODULE NAME:(SQL*Plus) 2010-02-17 16:15:02.359 *** ACTION NAME:() 2010-02-17 16:15:02.359 *** 2010-02-17 16:15:02.359 DEADLOCK DETECTED ( ORA-00060 ) [Transaction Deadlock] The following deadlock is not an ORACLE error. It is a deadlock due to user error in the design of an application or from issuing incorrect ad-hoc SQL. The following information may aid in determining the deadlock: Obviously, Oracle considers these application deadlocks a self-induced error on the part of the application and, for the most part, Oracle is correct. Unlike in many other RDBMSs, deadlocks are so rare in Oracle they can be considered almost nonexistent. Typically, you must come up with artificial conditions to get one. The number one cause of deadlocks in the Oracle database, in my experience, is unindexed foreign keys. (The number two cause is bitmap indexes on tables subject to concurrent updates, which we’ll CHAPTER 6 ■ LOCKING AND LATCHING 212 cover in Chapter 11 “Indexes”). Oracle will place a full table lock on a child table after modification of the parent table in three scenarios: • If you update the parent table’s primary key (a very rare occurrence if you follow the rule of relational databases stating that primary keys should be immutable), the child table will be locked in the absence of an index on the foreign key. • If you delete a parent table row, the entire child table will be locked (in the absence of an index on the foreign key) as well. • If you merge into the parent table, the entire child table will be locked (in the absence of an index on the foreign key) as well. Note this is only true in Oracle 9i and 10g and is no longer true in Oracle 11g Release 1 and above. These full table locks are a short-term occurrence in Oracle9i and above, meaning they need to be taken for the duration of the DML operation, not the entire transaction. Even so, they can and do cause large locking issues. As a demonstration of the first point, if we have a pair of tables set up as follows ops$tkyte%ORA11GR2> create table p ( x int primary key ); Table created. ops$tkyte%ORA11GR2> create table c ( x references p ); Table created. ops$tkyte%ORA11GR2> insert into p values ( 1 ); 1 row created. ops$tkyte%ORA11GR2> insert into p values ( 2 ); 1 row created. ops$tkyte%ORA11GR2> commit; Commit complete. ops$tkyte%ORA11GR2> insert into c values ( 2 ); 1 row created. nothing untoward happens yet. But if we go into another session and attempt to delete the first parent record ops$tkyte%ORA11GR2> delete from p where x = 1; we’ll find that session gets immediately blocked. It is attempting to gain a full table lock on table C before it does the delete. Now no other session can initiate a DELETE, INSERT, or UPDATE of any rows in C (the sessions that had already started may continue, but no new sessions may start to modify C). This blocking would happen with an update of the primary key value as well. Because updating a primary key is a huge no-no in a relational database, this is generally not an issue with updates. However, I have seen this updating of the primary key become a serious issue when developers use tools that generate SQL for them, and those tools update every single column, regardless of whether the end user actually modified that column or not. For example, say that we use Oracle Forms and create a default layout on any table. Oracle Forms by default will generate an update that modifies every single column in the table we choose to display. If we build a default layout on the DEPT table and include all three fields, Oracle Forms will execute the following command whenever we modify any of the columns of the DEPT table: update dept set deptno=:1,dname=:2,loc=:3 where rowid=:4 CHAPTER 6 ■ LOCKING AND LATCHING 213 In this case, if the EMP table has a foreign key to DEPT and there is no index on the DEPTNO column in the EMP table, then the entire EMP table will be locked during an update to DEPT. This is something to watch out for carefully if you are using any tools that generate SQL for you. Even though the value of the primary key does not change, the child table EMP will be locked after the execution of the preceding SQL statement. In the case of Oracle Forms, the solution is to set that table’s UPDATE CHANGED COLUMNS ONLY property to YES. Oracle Forms will generate an UPDATE statement that includes only the changed columns (not the primary key). Problems arising from deletion of a row in a parent table are far more common. As I demonstrated, if I delete a row in table P, then the child table, C, will become locked during the DML operation, thus preventing other updates against C from taking place for the duration of the transaction (assuming no one else was modifying C, of course; in which case the delete will wait). This is where the blocking and deadlock issues come in. By locking the entire table C, I have seriously decreased the concurrency in my database to the point where no one will be able to modify anything in C. In addition, I have increased the probability of a deadlock, since I now own lots of data until I commit. The probability that some other session will become blocked on C is now much higher; any session that tries to modify C will get blocked. Therefore, I’ll start seeing lots of sessions that hold some preexisting locks on other resources getting blocked in the database. If any of these blocked sessions are, in fact, locking a resource that my session also needs, we will have a deadlock. The deadlock in this case is caused by my session preventing access to many more resources (in this case, all of the rows in a single table) than it ever needed. When someone complains of deadlocks in the database, I have them run a script that finds unindexed foreign keys; 99 percent of the time we locate an offending table. By simply indexing that foreign key, the deadlocks—and lots of other contention issues—go away. The following example demonstrates the use of this script to locate the unindexed foreign key in table C: ops$tkyte%ORA11GR1> column columns format a30 word_wrapped ops$tkyte%ORA11GR1> column tablename format a15 word_wrapped ops$tkyte%ORA11GR1> column constraint_name format a15 word_wrapped ops$tkyte%ORA11GR1> select table_name, constraint_name, 2 cname1 || nvl2(cname2,','||cname2,null) || 3 nvl2(cname3,','||cname3,null) || nvl2(cname4,','||cname4,null) || 4 nvl2(cname5,','||cname5,null) || nvl2(cname6,','||cname6,null) || 5 nvl2(cname7,','||cname7,null) || nvl2(cname8,','||cname8,null) 6 columns 7 from ( select b.table_name, 8 b.constraint_name, 9 max(decode( position, 1, column_name, null )) cname1, 10 max(decode( position, 2, column_name, null )) cname2, 11 max(decode( position, 3, column_name, null )) cname3, 12 max(decode( position, 4, column_name, null )) cname4, 13 max(decode( position, 5, column_name, null )) cname5, 14 max(decode( position, 6, column_name, null )) cname6, 15 max(decode( position, 7, column_name, null )) cname7, 16 max(decode( position, 8, column_name, null )) cname8, 17 count(*) col_cnt 18 from (select substr(table_name,1,30) table_name, 19 substr(constraint_name,1,30) constraint_name, 20 substr(column_name,1,30) column_name, 21 position 22 from user_cons_columns ) a, 23 user_constraints b 24 where a.constraint_name = b.constraint_name 25 and b.constraint_type = 'R' CHAPTER 6 ■ LOCKING AND LATCHING 214 26 group by b.table_name, b.constraint_name 27 ) cons 28 where col_cnt > ALL 29 ( select count(*) 30 from user_ind_columns i 31 where i.table_name = cons.table_name 32 and i.column_name in (cname1, cname2, cname3, cname4, 33 cname5, cname6, cname7, cname8 ) 34 and i.column_position <= cons.col_cnt 35 group by i.index_name 36 ) 37 / TABLE_NAME CONSTRAINT_NAME COLUMNS ------------------------------ --------------- ------------------------------ C SYS_C0018055 X This script works on foreign key constraints that have up to eight columns in them (if you have more than that, you probably want to rethink your design). It starts by building an inline view named CONS in the previous query. This inline view transposes the appropriate column names in the constraint from rows into columns, with the result being a row per constraint and up to eight columns that have the names of the columns in the constraint. Additionally, there is a column, COL_CNT, which contains the number of columns in the foreign key constraint itself. For each row returned from the inline view, we execute a correlated subquery that checks all of the indexes on the table currently being processed. It counts the columns in that index that match columns in the foreign key constraint and then groups them by index name. So, it generates a set of numbers, each of which is a count of matching columns in some index on that table. If the original COL_CNT is greater than all of these numbers, then there is no index on that table that supports that constraint. If COL_CNT is less than all of these numbers, then there is at least one index that supports that constraint. Note the use of the NVL2 function, which we used to “glue” the list of column names into a comma-separated list. This function takes three arguments: A, B, C. If argument A is not null, then it returns argument B; otherwise, it returns argument C. This query assumes that the owner of the constraint is the owner of the table and index as well. If another user indexed the table or the table is in another schema (both rare events), it will not work correctly. So, this script shows that table C has a foreign key on the column X but no index. By indexing X, we can remove this locking issue all together. In addition to this table lock, an unindexed foreign key can also be problematic in the following cases: • When you have an ON DELETE CASCADE and have not indexed the child table. For example, EMP is child of DEPT. DELETE DEPTNO = 10 should CASCADE to EMP. If DEPTNO in EMP is not indexed, you will get a full table scan of EMP for each row deleted from the DEPT table. This full scan is probably undesirable, and if you delete many rows from the parent table, the child table will be scanned once for each parent row deleted. • When you query from the parent to the child. Consider the EMP/DEPT example again. It is very common to query the EMP table in the context of a DEPTNO. If you frequently run the following query (say, to generate a report), you’ll find that not having the index in place will slow down the queries: select * from dept, emp where emp.deptno = dept.deptno and dept.deptno = :X; When do you not need to index a foreign key? The answer is, in general, when the following conditions are met: CHAPTER 6 ■ LOCKING AND LATCHING 215 • You do not delete from the parent table. • You do not update the parent table’s unique/primary key value (watch for unintended updates to the primary key by tools!). • You do not join from the parent to the child (like DEPT to EMP). If you satisfy all three conditions, feel free to skip the index; it’s not needed. If you meet any of the preceding conditions, be aware of the consequences. This is the one rare instance when Oracle tends to overlock data. Lock Escalation When lock escalation occurs, the system is decreasing the granularity of your locks. An example would be the database system turning your 100 row-level locks against a table into a single table-level lock. You are now using one lock to lock everything and, typically, you are also locking a whole lot more data than you were before. Lock escalation is used frequently in databases that consider a lock to be a scarce resource and overhead to be avoided. ■ Note Oracle will never escalate a lock. Never. Oracle never escalates locks, but it does practice lock conversion or lock promotion, terms that are often confused with lock escalation. ■ Note The terms lock conversion and lock promotion are synonymous. Oracle typically refers to the process as lock conversion. Oracle will take a lock at the lowest level possible (i.e., the least restrictive lock possible) and convert that lock to a more restrictive level if necessary. For example, if you select a row from a table with the FOR UPDATE clause, two locks will be created. One lock is placed on the row(s) you selected (and this will be an exclusive lock; no one else can lock that specific row in exclusive mode). The other lock, a ROW SHARE TABLE lock, is placed on the table itself. This will prevent other sessions from placing an exclusive lock on the table and thus prevent them from altering the structure of the table, for example. Another session can modify any other row in this table without conflict. As many commands as possible that could execute successfully given there is a locked row in the table will be permitted. Lock escalation is not a database “feature.” It is not a desired attribute. The fact that a database supports lock escalation implies there is some inherent overhead in its locking mechanism and significant work is performed to manage hundreds of locks. In Oracle, the overhead to have 1 lock or 1 million locks is the same: none. CHAPTER 6 ■ LOCKING AND LATCHING 216 Lock Types The three general classes of locks in Oracle are as follows: • DML locks: DML stands for Data Manipulation Language. In general this means SELECT, INSERT, UPDATE, MERGE, and DELETE statements. DML locks are the mechanism that allows for concurrent data modifications. DML locks will be, for example, locks on a specific row of data or a lock at the table level that locks every row in the table. • DDL locks: DDL stands for Data Definition Language, (CREATE and ALTER statements, and so on). DDL locks protect the definition of the structure of objects. • Internal locks and latches: Oracle uses these locks to protect its internal data structures. For example, when Oracle parses a query and generates an optimized query plan, it will latch the library cache to put that plan in there for other sessions to use. A latch is a lightweight, low-level serialization device employed by Oracle, similar in function to a lock. Do not confuse or be misled by the term lightweight; latches are a common cause of contention in the database, as you will see. They are lightweight in their implementation, but not their effect. We will now take a more detailed look at the specific types of locks within each of these general classes and the implications of their use. There are more lock types than I can cover here. The ones I cover in the sections that follow are the most common and are held for a long duration. The other types of locks are generally held for very short periods of time. DML Locks DML locks are used to ensure that only one person at a time modifies a row and that no one can drop a table upon which you are working. Oracle will place these locks for you, more or less transparently, as you do work. TX (Transaction) Locks A TX lock is acquired when a transaction initiates its first change, and it is held until the transaction performs a COMMIT or ROLLBACK. It is used as a queuing mechanism so that other sessions can wait for the transaction to complete. Each and every row you modify or SELECT FOR UPDATE in a transaction will point to an associated TX lock for that transaction. While this sounds expensive, it is not. To understand why this is, you need a conceptual understanding of where locks live and how they are managed. In Oracle, locks are stored as an attribute of the data (see Chapter 10 “Database Tables” for an overview of the Oracle block format). Oracle does not have a traditional lock manager that keeps a long list of every row that is locked in the system. Many other databases do it that way because, for them, locks are a scarce resource, the use of which needs to be monitored. The more locks are in use, the more these systems have to manage, so it is a concern in these systems if too many locks are being used. In a database with a traditional memory-based lock manager, the process of locking a row would resemble the following: 1. Find the address of the row you want to lock. 2. Get in line at the lock manager (which must be serialized, as it is a common in- memory structure). 3. Lock the list. CHAPTER 6 ■ LOCKING AND LATCHING 217 4. Search through the list to see if anyone else has locked this row. 5. Create a new entry in the list to establish the fact that you have locked the row. 6. Unlock the list. Now that you have the row locked, you can modify it. Later, as you commit your changes, you must continue the procedure as follows: 1. Get in line again. 2. Lock the list of locks. 3. Search through the list and release all of your locks. 4. Unlock the list. As you can see, the more locks acquired, the more time spent on this operation, both before and after modifying the data. Oracle does not do it that way. Oracle’s process looks like this: 1. Find the address of the row you want to lock. 2. Go to the row. 3. Lock the row right there, right then—at the location of the row, not in a big list somewhere (waiting for the transaction that has it locked to end if it is already locked, unless you are using the NOWAIT option). That’s it. Since the lock is stored as an attribute of the data, Oracle does not need a traditional lock manager. The transaction will simply go to the data and lock it (if it is not locked already). The interesting thing is that the data may appear locked when you get to it, even if it’s not. When you lock rows of data in Oracle, the row points to a copy of the transaction ID that is stored with the block containing the data, and when the lock is released that transaction ID is left behind. This transaction ID is unique to your transaction and represents the undo segment number, slot, and sequence number. You leave that on the block that contains your row to tell other sessions that you own this data (not all of the data on the block—just the one row you are modifying). When another session comes along, it sees the transaction ID and, using the fact that it represents a transaction, it can quickly see if the transaction holding the lock is still active. If the lock is not active, the session is allowed access to the data. If the lock is still active, that session will ask to be notified as soon as the lock is released. Hence, you have a queuing mechanism: the session requesting the lock will be queued up waiting for that transaction to complete, and then it will get the data. Here is a small example showing how this happens, using three V $ tables: • V$TRANSACTION, which contains an entry for every active transaction. • V$SESSION, which shows the sessions logged in. • V$LOCK, which contains an entry for all enqueue locks being held as well as for sessions that are waiting on locks. You will not see a row in this view for each row locked by a session. As stated earlier, that master list of locks at the row level doesn’t exist. If a session has one row in the EMP table locked, there will be one row in this view for that session indicating that fact. If a session has millions of rows in the EMP table locked, there will still be just one row in this view. This view shows what enqueue locks individual sessions have. First, let’s get a copy of the EMP and DEPT tables. If you already have them in your schema, replace them with the following definitions: CHAPTER 6 ■ LOCKING AND LATCHING 218 ops$tkyte%ORA11GR2> create table dept 2 as select * from scott.dept; Table created. ops$tkyte%ORA11GR2> create table emp 2 as select * from scott.emp; Table created. ops$tkyte%ORA11GR2> alter table dept 2 add constraint dept_pk 3 primary key(deptno); Table altered. ops$tkyte%ORA11GR2> alter table emp 2 add constraint emp_pk 3 primary key(empno); Table altered. ops$tkyte%ORA11GR2> alter table emp 2 add constraint emp_fk_dept 3 foreign key (deptno) 4 references dept(deptno); Table altered. ops$tkyte%ORA11GR2> create index emp_deptno_idx 2 on emp(deptno); Index created. Let’s start a transaction now: ops$tkyte%ORA11GR2> update dept 2 set dname = initcap(dname); 4 rows updated. Now, let’s look at the state of the system at this point. This example assumes a single-user system; otherwise, you may see many rows in V$TRANSACTION. Even in a single-user system, do not be surprised to see more than one row in V$TRANSACTION, as many of the background Oracle processes may be performing a transaction as well. ops$tkyte%ORA11GR2> select username, 2 v$lock.sid, 3 trunc(id1/power(2,16)) rbs, 4 bitand(id1,to_number('ffff','xxxx'))+0 slot, 5 id2 seq, 6 lmode, 7 request 8 from v$lock, v$session 9 where v$lock.type = 'TX' 10 and v$lock.sid = v$session.sid 11 and v$session.username = USER; CHAPTER 6 ■ LOCKING AND LATCHING 219 USERNAME SID RBS SLOT SEQ LMODE REQUEST --------- ---------- ---------- ---------- ---------- ---------- ---------- OPS$TKYTE 703 2 26 8297 6 0 ops$tkyte%ORA11GR2> select XIDUSN, XIDSLOT, XIDSQN 2 from v$transaction; XIDUSN XIDSLOT XIDSQN ---------- ---------- ---------- 2 26 8297 The interesting points to note here are as follows: • The LMODE is 6 in the V$LOCK table and the request is 0. If you refer to the definition of the V$LOCK table in the Oracle Server Reference manual, you will find that LMODE=6 is an exclusive lock. A value of 0 in the request means you are not making a request; you have the lock. • There is only one row in this table. This V$LOCK table is more of a queuing table than a lock table. Many people expect four rows in V$LOCK since we have four rows locked. Remember, however, that Oracle does not store a master list of every row locked anywhere. To find out if a row is locked, we must go to that row. • I took the ID1 and ID2 columns and performed some manipulation on them. Oracle needed to save three 16-bit numbers, but only had two columns in order to do it. So, the first column ID1 holds two of these numbers. By dividing by 2^16 with trunc(id1/power(2,16)) rbs, and by masking out the high bits with bitand(id1,to_number('ffff','xxxx'))+0 slot, I am able to get back the two numbers that are hiding in that one number. • The RBS, SLOT, and SEQ values match the V$TRANSACTION information. This is my transaction ID. Now we’ll start another session using the same username, update some rows in EMP, and then try to update DEPT: ops$tkyte%ORA11GR2> update emp set ename = upper(ename); 14 rows updated. ops$tkyte%ORA11GR2> update dept set deptno = deptno-10; We’re now blocked in this session. If we run the V$ queries again, we see the following: ops$tkyte%ORA11GR2> select username, 2 v$lock.sid, 3 trunc(id1/power(2,16)) rbs, 4 bitand(id1,to_number('ffff','xxxx'))+0 slot, 5 id2 seq, 6 lmode, 7 request 8 from v$lock, v$session 9 where v$lock.type = 'TX' 10 and v$lock.sid = v$session.sid 11 and v$session.username = USER; CHAPTER 6 ■ LOCKING AND LATCHING 220 USERNAME SID RBS SLOT SEQ LMODE REQUEST --------- ---------- ---------- ---------- ---------- ---------- ---------- OPS$TKYTE 7 2 26 8297 0 6 OPS$TKYTE 703 2 26 8297 6 0 OPS$TKYTE 7 7 13 8215 6 0 ops$tkyte%ORA11GR2> ops$tkyte%ORA11GR2> select XIDUSN, XIDSLOT, XIDSQN 2 from v$transaction; XIDUSN XIDSLOT XIDSQN ---------- ---------- ---------- 2 26 8297 7 13 8215 What we see here is that a new transaction has begun, with a transaction ID of (7,13,8215). Our new session, SID=7, has two rows in V$LOCK this time. One row represents the locks that it owns (where LMODE=6). It also has a row that shows a REQUEST with a value of 6. This is a request for an exclusive lock. The interesting thing to note here is that the RBS/SLOT/SEQ values of this request row are the transaction ID of the holder of the lock. The transaction with SID=703 is blocking the transaction with SID=7. We can see this more explicitly simply by doing a self-join of V$LOCK: ops$tkyte%ORA11GR2> select 2 (select username from v$session where sid=a.sid) blocker, 3 a.sid, 4 ' is blocking ', 5 (select username from v$session where sid=b.sid) blockee, 6 b.sid 7 from v$lock a, v$lock b 8 where a.block = 1 9 and b.request > 0 10 and a.id1 = b.id1 11 and a.id2 = b.id2; BLOCKER SID 'ISBLOCKING' BLOCKEE SID --------- ---------- ------------- --------- ---------- OPS$TKYTE 703 is blocking OPS$TKYTE 7 Now, if we commit our original transaction, SID=703, and rerun our lock query, we find that the request row has gone: ops$tkyte%ORA11GR2> select username, 2 v$lock.sid, 3 trunc(id1/power(2,16)) rbs, 4 bitand(id1,to_number('ffff','xxxx'))+0 slot, 5 id2 seq, 6 lmode, 7 request 8 from v$lock, v$session 9 where v$lock.type = 'TX' 10 and v$lock.sid = v$session.sid 11 and v$session.username = USER; CHAPTER 6 ■ LOCKING AND LATCHING 221 USERNAME SID RBS SLOT SEQ LMODE REQUEST --------- ---------- ---------- ---------- ---------- ---------- ---------- OPS$TKYTE 7 7 13 8215 6 0 ops$tkyte%ORA11GR2> ops$tkyte%ORA11GR2> select XIDUSN, XIDSLOT, XIDSQN 2 from v$transaction; XIDUSN XIDSLOT XIDSQN ---------- ---------- ---------- 7 13 8215 The request row disappeared the instant the other session gave up its lock. That request row was the queuing mechanism. The database is able to wake up the blocked sessions the instant the transaction is completed. There are prettier displays with various GUI tools, but in a pinch, having knowledge of the tables you need to look at is very useful. However, before we can say that we have a good understanding of how the row locking in Oracle works, we must look at one last topic: how the locking and transaction information is managed with the data itself. It is part of the block overhead. In Chapter 10 “Database Tables”, we’ll get into the details of the block format, but suffice it to say that at the top of a database block is some leading overhead space in which to store a transaction table for that block. This transaction table contains an entry for each real transaction that has locked some data in that block. The size of this structure is controlled by two physical attribute parameters on the CREATE statement for an object: • INITRANS: The initial, preallocated size of this structure. This defaults to 2 for indexes and tables. • MAXTRANS: The maximum size to which this structure may grow. It defaults to 255 and has a minimum of 2 practically. In Oracle 10g and above, this setting has been deprecated, so it no longer applies. MAXTRANS is 255 regardless in that release and later. Each block starts life with, by default, two transaction slots. The number of simultaneous active transactions that a block can ever have is constrained by the value of MAXTRANS and by the availability of space on the block. You may not be able to achieve 255 concurrent transactions on the block if there is not sufficient space to grow this structure. We can artificially demonstrate how this works by creating a table with lots of rows packed into a single block such that the block is very full from the start; there will be very little room left on the block after we initially load our data. The presence of these rows will limit how large the transaction table can grow, due to the lack of space. I was using an 8KB block size and I tested this particular example in all versions of Oracle from 9i Release 2 through 11g Release 2 with the same results (so, if you have an 8KB blocksize, you should be able to reproduce this). We’ll start by creating our packed table. I played around with different lengths of data until I arrived at this very special size: ops$tkyte%ORA11GR2> create table t 2 ( x int primary key, 3 y varchar2(4000) 4 ) 5 / Table created. ops$tkyte%ORA11GR2> insert into t (x,y) 2 select rownum, rpad('*',148,'*') 3 from dual 4 connect by level <= 46; CHAPTER 6 ■ LOCKING AND LATCHING 222 46 rows created. ops$tkyte%ORA11GR2> select length(y), 2 dbms_rowid.rowid_block_number(rowid) blk, 3 count(*), min(x), max(x) 4 from t 5 group by length(y), dbms_rowid.rowid_block_number(rowid); LENGTH(Y) BLK COUNT(*) MIN(X) MAX(X) ---------- ---------- ---------- ---------- ---------- 148 4599 46 1 46 So, our table has 46 rows, all on the same block. I chose 148 characters because if it was one character more, we’d need two blocks to hold these same 46 records. Now, we need a way to see what happens when many transactions try to lock data on this single block simultaneously. For that, we’ll use an AUTONOMOUS_TRANSACTION again, just so we can use a single session and not have to run lots of concurrent SQL*Plus sessions. Our stored procedure will lock a row in the table by the primary key starting with a primary key value of 1 (the first record inserted). If our procedure gets the lock on this row without having to wait (without getting blocked), it will simply increase the primary key value by 1 and, using recursion, do it all over again. So, the second call will try to lock record 2, the third call record 3, and so on. If the procedure is made to wait, it will raise an ORA-54 resource busy error and we’ll print out “locked out trying to select row ”. That will indicate we ran out of transaction slots on this block before we ran out of rows to lock. On the other hand, if we find no row to lock, that means we’ve already locked every row on this block and we print out success (meaning, the transaction table in the block header was able to grow to accommodate all of the transactions). Here is that stored procedure: ops$tkyte%ORA11GR2> create or replace procedure do_update( p_n in number ) 2 as 3 pragma autonomous_transaction; 4 l_rec t%rowtype; 5 resource_busy exception; 6 pragma exception_init( resource_busy, -54 ); 7 begin 8 select * 9 into l_rec 10 from t 11 where x = p_n 12 for update NOWAIT; 13 14 do_update( p_n+1 ); 15 commit; 16 exception 17 when resource_busy 18 then 19 dbms_output.put_line( 'locked out trying to select row ' || p_n ); 20 commit; 21 when no_data_found 22 then 23 dbms_output.put_line( 'we finished - no problems' ); 24 commit; 25 end; 26 / Procedure created. CHAPTER 6 ■ LOCKING AND LATCHING 223 The magic is on line 14 where we recursively call ourselves with a new primary key value to lock over and over. If you run the procedure after populating the table with 148 character strings, you should observe: ops$tkyte%ORA11GR2> exec do_update(1); locked out trying to select row 38 PL/SQL procedure successfully completed. This output shows that we were able to lock 37 rows but ran out of transaction slots for the 38th row. For this given block, a maximum of 37 transactions can concurrently access it. If we redo the example with a slightly smaller string ops$tkyte%ORA11GR2> truncate table t; Table truncated. ops$tkyte%ORA11GR2> insert into t (x,y) 2 select rownum, rpad('*',147,'*') 3 from dual 4 connect by level <= 46; 46 rows created. ops$tkyte%ORA11GR2> ops$tkyte%ORA11GR2> select length(y), 2 dbms_rowid.rowid_block_number(rowid) blk, 3 count(*), min(x), max(x) 4 from t 5 group by length(y), dbms_rowid.rowid_block_number(rowid); LENGTH(Y) BLK COUNT(*) MIN(X) MAX(X) ---------- ---------- ---------- ---------- ---------- 147 4663 46 1 46 ops$tkyte%ORA11GR2> exec do_update(1); we finished - no problems PL/SQL procedure successfully completed.. This time we completed successfully—the difference a single byte makes! In this case, having the extra 46 bytes of space free on the block (each of the 46 strings was just one byte smaller) allowed us to have at least 9 more transactions active on the block. This example demonstrates what happens when many transactions attempt to access the same block simultaneously—a wait on the transaction table may occur if there is an extremely high number of concurrent transactions. Blocking may occur if the INITRANS is set low and there is not enough space on a block to dynamically expand the transaction. In most cases, the default of 2 for INITRANS is sufficient, as the transaction table will dynamically grow (space permitting), but in some environments you may need to increase this setting to increase concurrency and decrease waits. An example of when you might need to increase the setting would be on a table or, even more frequently, on an index (since index blocks can get many more rows on them than a table can typically hold) that is frequently modified and has a lot of rows per block on average. You may need to increase either PCTFREE (discussed in Chapter 10 “Database Tables”) or INITRANS to set aside ahead of time sufficient space on the block for the number of expected concurrent transactions. This is especially true if you anticipate the blocks will be nearly full to begin with, meaning there is no room for the dynamic expansion of the transaction structure on the block. CHAPTER 6 ■ LOCKING AND LATCHING 224 TM (DML Enqueue) Locks TM locks are used to ensure that the structure of a table is not altered while you are modifying its contents. For example, if you have updated a table, you will acquire a TM lock on that table. This will prevent another user from executing DROP or ALTER commands on that table. If another user attempts to perform DDL on the table while you have a TM lock on it, he’ll receive the following error message: drop table dept * ERROR at line 1: ORA-00054: resource busy and acquire with NOWAIT specified ■ Note In Oracle Database 11g Release 2 and above, you may set DDL_LOCK_TIMEOUT in order to have DDL wait. This is achieved typically via the ALTER SESSION command. For example, you could issue ALTER SESSION SET DDL_LOCK_TIMEOUT=60; before issuing the DROP TABLE command. The DROP TABLEcommand issued would then wait 60 seconds before returning an error (or it could succeed of course as well!) The ORA-00054 message is a confusing message at first, since there is no direct method to specify NOWAIT or WAIT on a DROP TABLE at all. It is just the generic message you get when you attempt to perform an operation that would be blocked, but the operation does not permit blocking. As you’ve seen before, it’s the same message you get if you issue a SELECT FOR UPDATE NOWAIT against a locked row. The following shows how these locks would appear in the V$LOCK table: ops$tkyte%ORA11GR2> create table t1 ( x int ); Table created. ops$tkyte%ORA11GR2> create table t2 ( x int ); Table created. ops$tkyte%ORA11GR2> connect / Connected. ops$tkyte%ORA11GR2> insert into t1 values ( 1 ); 1 row created. ops$tkyte%ORA11GR2> insert into t2 values ( 1 ); 1 row created. ops$tkyte%ORA11GR2> select (select username 2 from v$session 3 where sid = v$lock.sid) username, 4 sid, 5 id1, 6 id2, 7 lmode, 8 request, block, v$lock.type 9 from v$lock 10 where sid = (select sid CHAPTER 6 ■ LOCKING AND LATCHING 225 11 from v$mystat 12 where rownum=1) 13 / USERNAME SID ID1 ID2 LMODE REQUEST BLOCK TY --------- ---------- ---------- ---------- ---------- ---------- ---------- -- OPS$TKYTE 5 100 0 4 0 0 AE OPS$TKYTE 5 89786 0 3 0 0 TM OPS$TKYTE 5 89787 0 3 0 0 TM OPS$TKYTE 5 1507344 13 6 0 0 TX ops$tkyte%ORA11GR2> select object_name, object_id 2 from user_objects 3 where object_id in (89756,89787))) 4 / OBJECT_NAME OBJECT_ID ------------------------------ ---------- T1 89786 T2 89787 ■ Note The AE lock is an edition lock, new in Oracle Database 11g. It is part of the Edition Based Redefinition feature (not covered in this particular book). ID1 is the object id of the edition that SID is using currently. This edition lock protects the referenced edition from modification (dropping of the edition, for example) in much the same way the TM locks protect the tables they point to from structural modification. Whereas we get only one TX lock per transaction, we can get as many TM locks as the objects we modify. Here, the interesting thing is that the ID1 column for the TM lock is the object ID of the DML- locked object, so it is easy to find the object on which the lock is being held. An interesting aside to the TM lock: the total number of TM locks allowed in the system is configurable by you (for details, see the DML_LOCKS parameter definition in the Oracle Database Reference manual). It may, in fact, be set to zero. This does not mean that your database becomes a read-only database (no locks), but rather that DDL is not permitted. This is useful in very specialized applications, such as RAC implementations, to reduce the amount of intra-instance coordination that would otherwise take place. You can also remove the ability to gain TM locks on an object-by-object basis using the ALTER TABLE TABLENAME DISABLE TABLE LOCK command. This is a quick way to make it harder to accidentally drop a table, as you will have to re-enable the table lock before dropping the table. It can also be used to detect a full table lock as a result of the unindexed foreign key we discussed previously. DDL Locks DDL locks are automatically placed against objects during a DDL operation to protect them from changes by other sessions. For example, if I perform the DDL operation ALTER TABLE T, the table T will in general have an exclusive DDL lock placed against it, preventing other sessions from getting DDL locks and TM locks on this table. CHAPTER 6 ■ LOCKING AND LATCHING 226 ■ Note Oracle Database 11g has modified what used to be a rule. In the past, ALTER TABLE T would have an exclusive DDL lock placed against it. In this example, table T prevents other sessions from performing DDL and acquiring TM locks (used to modify the contents of the table). Now, many ALTER commands can be performed online—without preventing modifications. DDL locks are held for the duration of the DDL statement and are released immediately afterward. This is done, in effect, by always wrapping DDL statements in implicit commits (or a commit/rollback pair). For this reason, DDL always commits in Oracle. Every CREATE, ALTER, and so on statement is really executed as shown in this pseudo-code: Begin Commit; DDL-STATEMENT Commit; Exception When others then rollback; End; So, DDL will always commit, even if it is unsuccessful. DDL starts by committing; be aware of this. It commits first so that if it has to roll back, it will not roll back your transaction. If you execute DDL, it will make permanent any outstanding work you have performed, even if the DDL is not successful. If you need to execute DDL, but you do not want it to commit your existing transaction, you may use an autonomous transaction. There are three types of DDL locks: • Exclusive DDL locks: These prevent other sessions from gaining a DDL lock or TM (DML) lock themselves. This means that you may query a table during a DDL operation, but you may not modify it in any way. • Share DDL locks: These protect the structure of the referenced object against modification by other sessions, but allow modifications to the data. • Breakable parse locks: These allow an object, such as a query plan cached in the shared pool, to register its reliance on some other object. If you perform DDL against that object, Oracle will review the list of objects that have registered their dependence and invalidate them. Hence, these locks are breakable—they do not prevent the DDL from occurring. Most DDL takes an exclusive DDL lock. If you issue a statement such as Alter table t move; the table T will be unavailable for modifications during the execution of that statement. The table may be queried using SELECT during this time, but most other operations will be prevented, including all other DDL statements. In Oracle, some DDL operations may now take place without DDL locks. For example, I can issue the following: create index t_idx on t(x) ONLINE; CHAPTER 6 ■ LOCKING AND LATCHING 227 The ONLINE keyword modifies the method by which the index is actually built. Instead of taking an exclusive DDL lock, preventing modifications of data, Oracle will only attempt to acquire a low-level (mode 2) TM lock on the table. This will effectively prevent other DDL from taking place, but it will allow DML to occur normally. Oracle accomplishes this feat by keeping a record of modifications made to the table during the DDL statement and applying these changes to the new index as it finishes the CREATE action. This greatly increases the availability of data. To see this for yourself, you could create a table of some size ops$tkyte%ORA11GR2> create table t as select * from all_objects; Table created. ops$tkyte%ORA11GR2> select object_id from user_objects where object_name = 'T'; OBJECT_ID ---------- 89791 and then run the create index against that table ops$tkyte%ORA11GR2> create index t_idx on t(owner,object_type,object_name) ONLINE; Index created. while at the same time running this query in another session to see the locks taken against that newly created table (remember, ID1=89791 is specific to my example, you’ll want to use YOUR object_id!) ops$tkyte%ORA11GR2> select (select username 2 from v$session 3 where sid = v$lock.sid) username, 4 sid, 5 id1, 6 id2, 7 lmode, 8 request, block, v$lock.type 9 from v$lock 10 where id1 = 89791 11 / USERNAME SID ID1 ID2 LMODE REQUEST BLOCK TY --------- ---- ---------- ---------- ---------- ---------- ---------- -- OPS$TKYTE 702 89791 0 3 0 0 DL OPS$TKYTE 702 89791 0 3 0 0 DL OPS$TKYTE 702 89791 0 4 0 0 OD OPS$TKYTE 702 89791 0 2 0 0 TM So, here we see four locks taken out against our object. The two DL locks are direct load locks. They are used to prevent a direct path load into our base table while the index creation is taking place (which implies, of course, that you cannot directly path load the table AND create the index simultaneously!). The OD lock is a new lock type in Oracle Database 11g (you would not see that lock in 10g or 9i) that permits truly online DDL. In the past (10g and before), online DDL such as CREATE INDEX ONLINE was not 100 percent online. It would take a lock at the beginning and end of the CREATE statement— preventing other concurrent activities (modifications of the base table data). It was mostly online but not completely online. Starting with 11g, the CREATE INDEX ONLINE command is completely online; it does not require exclusionary locks at the beginning/end of the command. Part of the implementation to CHAPTER 6 ■ LOCKING AND LATCHING 228 accomplish this feat was the introduction of the OD (Online DDL) lock; it is used internally to allow truly online DDL operations. Other types of DDL take share DDL locks. These are taken out against dependent objects when you create stored, compiled objects, such as procedures and views. For example, if you execute Create view MyView as select emp.empno, emp.ename, dept.deptno, dept.dname from emp, dept where emp.deptno = dept.deptno; share DDL locks will be placed against both EMP and DEPT while the CREATE VIEW command is being processed. You can modify the contents of these tables, but you cannot modify their structure. The last type of DDL lock is a breakable parse lock. When your session parses a statement, a parse lock is taken against every object referenced by that statement. These locks are taken in order to allow the parsed, cached statement to be invalidated (flushed) in the shared pool if a referenced object is dropped or altered in some way. A view that is invaluable for looking at this information is DBA_DDL_LOCKS. There is no V$ view. The DBA_DDL_LOCKS view is built on the more mysterious X$ tables and, by default, it might not be installed in your database. You can install this and other locking views by running the catblock.sql script found in the directory [ORACLE_HOME]/rdbms/admin. This script must be executed as the user SYS in order to succeed. Once you have executed this script, you can run a query against the view. For example, in a freshly connected session, I might see the following: ops$tkyte%ORA11GR2> connect / Connected. ops$tkyte%ORA11GR2> set linesize 1000 ops$tkyte%ORA11GR2> select session_id sid, owner, name, type, 2 mode_held held, mode_requested request 3 from dba_ddl_locks 4 where session_id = (select sid from v$mystat where rownum=1) 5 / SID OWNER NAME TYPE HELD REQU ---- --------- ------------------------------ -------------------- --------- ---- 8 SYS DBMS_OUTPUT Body Null None 8 SYS DBMS_OUTPUT Table/Procedure/Type Null None 8 SYS DBMS_UTILITY Table/Procedure/Type Null None 8 SYS DBMS_APPLICATION_INFO Body Null None 8 SYS PLITBLM Table/Procedure/Type Null None 8 SYS DBMS_APPLICATION_INFO Table/Procedure/Type Null None 8 SYS DBMS_UTILITY Body Null None 8 OPS$TKYTE OPS$TKYTE 18 Null None 8 OPS$TKYTE 73 Share None 8 SYS DATABASE 18 Null None 10 rows selected. These are all the objects that my session is locking. I have breakable parse locks on a couple of the DBMS_* packages. These are a side effect of using SQL*Plus; it might call DBMS_APPLICATION_INFO, for example, when you initially log in (to enable/disable DBMS_OUTPUT via the set serveroutput command). I may see more than one copy of various objects here; this is normal, and it just means I have more than one thing I’m using in the shared pool that references these objects. Note that in the view, the OWNER CHAPTER 6 ■ LOCKING AND LATCHING 229 column is not the owner of the lock; rather, it is the owner of the object being locked. This is why you see many SYS rows. SYS owns these packages, but they all belong to my session. To see a breakable parse lock in action, let’s first create and run a stored procedure, P: ops$tkyte%ORA11GR2> create or replace procedure p 2 as 3 begin 4 null; 5 end; 6 / Procedure created. ops$tkyte%ORA11GR2> exec p PL/SQL procedure successfully completed. The procedure, P, will now show up in the DBA_DDL_LOCKS view. We have a parse lock on it: ops$tkyte%ORA11GR2> select session_id sid, owner, name, type, 2 mode_held held, mode_requested request 3 from dba_ddl_locks 4 where session_id = (select sid from v$mystat where rownum=1) 5 / SID OWNER NAME TYPE HELD REQU ---- --------- ------------------------------ -------------------- --------- ---- 8 SYS DBMS_OUTPUT Body Null None … 8 OPS$TKYTE P Table/Procedure/Type Null None 8 SYS DATABASE 18 Null None 12 rows selected. We then recompile our procedure and query the view again: ops$tkyte%ORA11GR2> alter procedure p compile; Procedure altered. ops$tkyte%ORA11GR2> select session_id sid, owner, name, type, 2 mode_held held, mode_requested request 3 from dba_ddl_locks 4 where session_id = (select sid from v$mystat where rownum=1) 5 / SID OWNER NAME TYPE HELD REQU ---- --------- ------------------------------ -------------------- --------- ---- 8 SYS DBMS_OUTPUT Body Null None 8 SYS DBMS_OUTPUT Table/Procedure/Type Null None 8 SYS DBMS_UTILITY Table/Procedure/Type Null None 8 SYS DBMS_APPLICATION_INFO Body Null None 8 SYS DBMS_STANDARD Table/Procedure/Type Null None 8 SYS PLITBLM Table/Procedure/Type Null None 8 SYS DBMS_APPLICATION_INFO Table/Procedure/Type Null None CHAPTER 6 ■ LOCKING AND LATCHING 230 8 SYS DBMS_UTILITY Body Null None 8 OPS$TKYTE OPS$TKYTE 18 Null None 8 OPS$TKYTE 73 Share None 8 SYS DATABASE 18 Null None 11 rows selected. We find that P is now missing from the view. Our parse lock has been broken. This view is useful to you, as a developer, when it is found that some piece of code won’t compile in the test or development system—it hangs and eventually times out. This indicates that someone else is using it (actually running it), and you can use this view to see who that might be. The same will happen with GRANTS and other types of DDL against the object. You cannot grant EXECUTE on a procedure that is running, for example. You can use the same method to discover the potential blockers and waiters. ■ Note Oracle Database 11g Release 2 and above introduces the feature Edition-based redefinition (EBR). With EBR, you can, in fact, grant EXECUTE and/or recompile code in the database without interfering with users currently executing the code. EBR allows you to have multiple versions of the same stored procedure in a schema at once. This allows you to work on a copy of the procedure in a new edition (version) without contending with the current version of the procedure being used by other users. We will not be covering EBR in this book, however, just mentioning it when it changes the rules. Latches Latches are lightweight serialization devices used to coordinate multiuser access to shared data structures, objects, and files. Latches are locks designed to be held for extremely short periods of time—for example, the time it takes to modify an in-memory data structure. They are used to protect certain memory structures, such as the database block buffer cache or the library cache in the shared pool. Latches are typically requested internally in a willing to wait mode. This means that if the latch is not available, the requesting session will sleep for a short period of time and retry the operation later. Other latches may be requested in an immediate mode, which is similar in concept to a SELECT FOR UPDATE NOWAIT, meaning that the process will go do something else, such as try to grab an equivalent sibling latch that may be free, rather than sit and wait for this latch to become available. Since many requestors may be waiting for a latch at the same time, you may see some processes waiting longer than others. Latches are assigned rather randomly, based on the luck of the draw, if you will. Whichever session asks for a latch right after it was released will get it. There is no line of latch waiters—just a mob of waiters constantly retrying. Oracle uses atomic instructions like “test and set” and “compare and swap” for operating on latches. Since the instructions to set and free latches are atomic, the operating system itself guarantees that only one process gets to test and set the latch even though many processes may be going for it simultaneously. Since the instruction is only one instruction, it can be quite fast (but the overall latching algorithm itself is many CPU instructions!). Latches are held for short periods of time and provide a mechanism for cleanup in case a latch holder dies abnormally while holding it. This cleanup process would be performed by PMON. Enqueues, which we discussed earlier, are another, more sophisticated serialization device used when updating rows in a database table, for example. They differ from latches in that they allow the CHAPTER 6 ■ LOCKING AND LATCHING 231 requestor to queue up and wait for the resource. With a latch request, the requestor session is told right away whether or not it got the latch. With an enqueue lock, the requestor session will be blocked until it can actually attain it. ■ Note Using SELECT FOR UPDATE NOWAIT or WAIT [n], you can optionally decide not to wait for an enqueue lock if your session would be blocked, but if you do block and wait, you will wait in a queue. As such, an enqueue is not as fast as a latch can be, but it does provide functionality over and above what a latch can offer. Enqueues may be obtained at various levels, so you can have many share locks and locks with various degrees of shareability. Latch “Spinning” One thing I’d like to drive home with regard to latches is this: latches are a type of lock, locks are serialization devices, and serialization devices inhibit scalability. If your goal is to construct an application that scales well in an Oracle environment, you must look for approaches and solutions that minimize the amount of latching you need to perform. Even seemingly simple activities, such as parsing a SQL statement, acquire and release hundreds or thousands of latches on the library cache and related structures in the shared pool. If we have a latch, then someone else might be waiting for it. When we go to get a latch, we may well have to wait for it ourselves. Waiting for a latch can be an expensive operation. If the latch is not available immediately and we are willing to wait for it, as we likely are most of the time, then on a multi-CPU machine our session will spin, trying over and over, in a loop, to get the latch. The reasoning behind this is that context switching (i.e., getting kicked off the CPU and having to get back on the CPU) is expensive. So, if the process cannot get a latch immediately, we’ll stay on the CPU and try again immediately rather than just going to sleep, giving up the CPU, and trying later when we’ll have to get scheduled back on the CPU. The hope is that the holder of the latch is busy processing on the other CPU (and since latches are designed to be held for very short periods of time, this is likely) and will give it up soon. If after spinning and constantly trying to get the latch, we still fail to obtain it, only then will our process sleep, or take itself off of the CPU, and let some other work take place. This sleep action is usually the result of many sessions concurrently requesting the same latch; it is not that a single session is holding it for a long time, but rather that so many sessions want it at the same time and each hold it for a short duration. If you do something short (fast) often enough, it adds up! The pseudo-code for a latch get might look like this: Loop for i in 1 .. 2000 loop try to get latch if got latch, return if i = 1 then misses=misses+1 end loop INCREMENT WAIT COUNT sleep Add WAIT TIME End loop; CHAPTER 6 ■ LOCKING AND LATCHING 232 The logic is to try to get the latch and, failing that, to increment the miss count, a statistic we can see in a statspack report or by querying the V$LATCH view directly. Once the process misses, it will loop some number of times (an undocumented parameter controls the number of times and is typically set to 2,000), attempting to get the latch over and over. If one of these get attempts succeeds, then it returns and we continue processing. If they all fail, the process will go to sleep for a short duration of time, after incrementing the sleep count for that latch. Upon waking up, the process begins all over again. This implies that the cost of getting a latch is not just the “test and set”-type operation that takes place, but also a considerable amount of CPU while we try to get the latch. Our system will appear to be very busy (with much CPU being consumed), but not much work is getting done. Measuring the Cost of Latching a Shared Resource As an example, we’ll study the cost of latching the shared pool. We’ll compare a well-written program (one that uses bind variables) and a program that is not so well written (it uses literal SQL, or unique SQL for each statement). To do this, we’ll use a very small Java program that simply logs into Oracle, turns off auto-commit (as all Java programs should do immediately after connecting to a database), and executes 25,000 unique INSERT statements in a loop. We’ll perform two sets of tests: our program will not use bind variables in the first set, and in the second set it will. To evaluate these programs and their behavior in a multiuser environment, I opted to use statspack to gather the metrics, as follows: 1. Execute a statspack snapshot to gather the current state of the system. 2. Run N copies of the program, having each program INSERT into its own database table so as to avoid the contention associated with having all programs trying to insert into a single table. 3. Take another snapshot immediately after the last copy of the program finishes. Then it is a simple matter of printing out the statspack report and finding out how long it took N copies of the program to complete, how much CPU was used, what major wait events occurred, and so on. ■ Note Why not use AWR (Automatic Workload Repository) to perform this analysis? The answer to that is because everyone has access to statspack, everyone. It might have to be installed by your DBA, but every Oracle customer has access to it. I want to present results that are reproducible by everyone. These tests were performed on a dual-CPU machine with hyperthreading enabled (making it appear as if there were four CPUs). Given that there were two physical CPUs, you might expect very linear scaling here—that is, if one user uses 1 unit of CPU to process her inserts, then you might expect that two users would require 2 units of CPU. You’ll discover that this premise, while sounding plausible, may well be inaccurate (just how inaccurate depends on your programming technique, as you’ll see). It would be correct if the processing we were performing needed no shared resource, but our process will use a shared resource, namely the shared pool. We need to latch the shared pool to parse SQL statements, and we need to latch the shared pool because it is a shared data structure, and we cannot modify it while others are reading it and we cannot read it while it is being modified. CHAPTER 6 ■ LOCKING AND LATCHING 233 ■ Note I’ve performed these tests using Java, PL/SQL, Pro*C, and other languages. The end results are very much the same every time. This demonstration and discussion applies to all languages and all interfaces to the database. I chose Java for this example as I find Java and Visual Basic applications are most likely to not use bind variables when working with the Oracle database. Setting Up for the Test In order to test, we’ll need a schema (set of tables) to work with. We’ll be testing with multiple users and want to measure the contention due to latching most of all, meaning that we’re not interested in measuring the contention you might observe due to multiple sessions inserting into the same database table. So, we’ll want a table per user to be created and we’ll name these tables T1... T10. For example: scott%ORA11GR2> connect scott/tiger Connected. scott%ORA11GR2> begin 2 for i in 1 .. 10 3 loop 4 for x in (select * from user_tables where table_name = 'T'||i ) 5 loop 6 execute immediate 'drop table ' || x.table_name; 7 end loop; 8 execute immediate 'create table t' || i || ' ( x int )'; 9 end loop; 10 end; 11 / PL/SQL procedure successfully completed. We’ll run this script before each iteration of the test to follow in order to reset our schema and to force hard parsing to take place if we run a test more than once. During our testing, we’ll follow these steps: 1. Run statspack.snap. 2. Immediate start N of our java routines, where N will vary from 1 to 10, representing 1 to 10 concurrent users. 3. Wait for all N to complete. 4. Run statspack.snap. 5. Generate the statspack report for the last two statspack IDs. The numbers presented for the following test runs were collected using this technique. CHAPTER 6 ■ LOCKING AND LATCHING 234 Without Bind Variables In the first instance, our program will not use bind variables, but rather will use string concatenation to insert data (you will obviously have to use your own connect string for your system!): import java.sql.*; public class instest { static public void main(String args[]) throws Exception { DriverManager.registerDriver(new oracle.jdbc.driver.OracleDriver()); Connection conn = DriverManager.getConnection ("jdbc:oracle:thin:@localhost:1521:ora11gr2", "scott","tiger"); conn.setAutoCommit( false ); Statement stmt = conn.createStatement(); for( int i = 0; i < 25000; i++ ) { stmt.execute ("insert into "+ args[0] + " (x) values(" + i + ")" ); } conn.commit(); conn.close(); } } I ran the test in single user mode (that is, by itself with no other active database sessions), and the statspack report came back with this information: Elapsed: 0.65 (mins) Av Act Sess: 0.9 DB time: 0.56 (mins) DB CPU: 0.56 (mins) Cache Sizes Begin End ~~~~~~~~~~~ ---------- ---------- Buffer Cache: 100M Std Block Size: 8K Shared Pool: 144M Log Buffer: 1,664K Load Profile Per Second Per Transaction Per Exec Per Call ~~~~~~~~~~~~ ------------------ ----------------- ----------- ----------- … Parses: 690.2 5,383.8 Hard parses: 652.4 5,089.0 … Instance Efficiency Indicators ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Buffer Nowait %: 100.00 Redo NoWait %: 100.00 Buffer Hit %: 99.99 Optimal W/A Exec %: 100.00 Library Hit %: 63.59 Soft Parse %: 5.48 Execute to Parse %: 15.29 Latch Hit %: 99.96 Parse CPU to Parse Elapsd %: 99.32 % Non-Parse CPU: 23.25 CHAPTER 6 ■ LOCKING AND LATCHING 235 Top 5 Timed Events Avg %Total ~~~~~~~~~~~~~~~~~~ wait Call Event Waits Time (s) (ms) Time ----------------------------------------- ------------ ----------- ------ ------ CPU time 32 97.4 log file parallel write 72 0 5 1.1 control file parallel write 17 0 11 .6 db file async I/O submit 11 0 13 .4 os thread startup 2 0 50 .3 I included the SGA configuration for reference, but the relevant statistics are as follows: • Elapsed (DB time) time of approximately 39 seconds (0.65 of a minute) • 652 hard parses per second • 32 CPU seconds used Now, if we were to run two of these programs simultaneously, we might expect the hard parsing to jump to about 1,200/1,300 per second (we have two CPUs available, after all) and the CPU time to double to perhaps 64 CPU seconds. Let’s take a look: Elapsed: 1.08 (mins) Av Act Sess: 1.8 DB time: 1.98 (mins) DB CPU: 1.96 (mins) Load Profile Per Second Per Transaction Per Exec Per Call ~~~~~~~~~~~~ ------------------ ----------------- ----------- ----------- ... Parses: 826.6 2,238.6 Hard parses: 780.1 2,112.7 ... Instance Efficiency Indicators ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Buffer Nowait %: 100.00 Redo NoWait %: 100.00 Buffer Hit %: 99.99 Optimal W/A Exec %: 100.00 Library Hit %: 63.55 Soft Parse %: 5.62 Execute to Parse %: 13.81 Latch Hit %: 96.80 Parse CPU to Parse Elapsd %: 96.44 % Non-Parse CPU: 25.51 Top 5 Timed Events Avg %Total ~~~~~~~~~~~~~~~~~~ wait Call Event Waits Time (s) (ms) Time ----------------------------------------- ------------ ----------- ------ ------ CPU time 103 96.1 latch: shared pool 15,814 2 0 1.9 log file parallel write 112 1 8 .8 db file async I/O submit 11 0 35 .4 control file parallel write 34 0 11 .4 What we discover is that the hard parsing goes up a little bit, but the CPU time triples rather than doubles! How could that be? The answer lies in Oracle’s implementation of latching. On this multi-CPU machine, when we could not immediately get a latch, we spun. The act of spinning itself consumes CPU. Process 1 attempted many times to get a latch onto the shared pool only to discover that process 2 held CHAPTER 6 ■ LOCKING AND LATCHING 236 that latch, so process 1 had to spin and wait for it (consuming CPU). The converse would be true for process 2; many times it would find that process 1 was holding the latch to the resource it needed. So, much of our processing time was spent not doing real work, but waiting for a resource to become available. If we page down through the statspack report to the “Latch Sleep Breakdown” report, we discover the following: Get Spin Latch Name Requests Misses Sleeps Gets -------------------------- --------------- ------------ ----------- ----------- shared pool 2,311,383 133,507 16,143 117,695 row cache objects 985,847 28,722 4 28,719 Note how the number 16,143 appears in the SLEEPS column here? That number corresponds very closely to the number of waits reported in the preceding “Top 5 Timed Events” report. ■ Note The number of sleeps corresponds closely to the number of waits; this might raise an eyebrow. Why not exactly? The reason is that the act of taking a snapshot is not atomic; a series of queries are executed gathering statistics into tables during a statspack snapshot, and each query is as of a slightly different point in time. So, the wait event metrics were gathered at a time slightly before the latching details were. Our “Latch Sleep Breakdown” report shows us the number of times we tried to get a latch and failed in the spin loop. That means the Top 5 report is showing us only the tip of the iceberg with regard to latching issues—the 133,507 misses (which means we spun trying to get the latch) are not revealed in the Top 5 report for us. After examination of the Top 5 report, we might not be inclined to think we have a hard parse problem here, even though we have a very serious one. To perform 2 units of work, we needed to use 3 units of CPU. This was due entirely to the fact that we need that shared resource, the shared pool. Such is the nature of latching. You can see that it can be very hard to diagnose a latching-related issue, unless you understand the mechanics of how they are implemented. A quick glance at a statspack report, using the Top 5 section, might cause us to miss the fact that we have a fairly bad scaling issue on our hands. Only by deeper investigation in the latching section of the statspack report will we see the problem at hand. Additionally, it is not normally possible to determine how much of the CPU time used by the system is due to this spinning—all we know in looking at the two-user test is that we used 102 seconds of CPU time and that we missed getting a latch on the shared pool 133,507 times. We don’t know how many times we spun trying to get the latch each time we missed, so we have no real way of gauging how much of the CPU time was spent spinning and how much was spent processing. We need multiple data points to derive that information. In our tests, because we have the single-user example for comparison, we can conclude that about 39 CPU seconds or so was spent spinning on the latch, waiting for that resource. We can come to this conclusion because we know that a single user needs only 32 seconds of CPU time so two single users would need 64 seconds, and 103 (total CPU seconds)minus 64 is 39. With Bind Variables Now I’d like to look at the same situation as presented in the previous section, but this time using a program that uses significantly less latches during its processing. We’ll take that Java program and code it using bind variables. To accomplish this, we’ll change the Statement into a PreparedStatement, parse a single INSERT statement, and then bind and execute that PreparedStatement repeatedly in the loop: CHAPTER 6 ■ LOCKING AND LATCHING 237 import java.sql.*; public class instest { static public void main(String args[]) throws Exception { System.out.println( "start" ); DriverManager.registerDriver(new oracle.jdbc.driver.OracleDriver()); Connection conn = DriverManager.getConnection ("jdbc:oracle:thin:@localhost:1521:ora11gr2", "scott","tiger"); conn.setAutoCommit( false ); PreparedStatement pstmt = conn.prepareStatement ("insert into "+ args[0] + " (x) values(?)" ); for( int i = 0; i < 25000; i++ ) { pstmt.setInt( 1, i ); pstmt.executeUpdate(); } conn.commit(); conn.close(); System.out.println( "done" ); } } Let’s look at the single and dual user statspack reports, as we did for the no bind variable example. We’ll see dramatic differences here. Here is the single-user report: Elapsed: 0.17 (mins) Av Act Sess: 0.6 DB time: 0.10 (mins) DB CPU: 0.10 (mins) Load Profile Per Second Per Transaction Per Exec Per Call ~~~~~~~~~~~~ ------------------ ----------------- ----------- ----------- ... Parses: 109.5 547.5 Hard parses: 23.4 117.0 ... Instance Efficiency Indicators ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Buffer Nowait %: 100.00 Redo NoWait %: 99.99 Buffer Hit %: 99.99 Optimal W/A Exec %: 100.00 Library Hit %: 95.24 Soft Parse %: 78.63 Execute to Parse %: 96.18 Latch Hit %: 100.00 Parse CPU to Parse Elapsd %: 90.63 % Non-Parse CPU: 86.88 Top 5 Timed Events Avg %Total ~~~~~~~~~~~~~~~~~~ wait Call Event Waits Time (s) (ms) Time ----------------------------------------- ------------ ----------- ------ ------ CPU time 4 86.1 log file parallel write 66 0 6 7.8 CHAPTER 6 ■ LOCKING AND LATCHING 238 control file parallel write 14 0 12 3.1 log file switch (private strand flush inc 1 0 95 1.9 log file sync 4 0 6 .5 That is quite dramatic: from 32 CPU seconds in the no bind variables example to 4 CPU seconds here. From 652 hard parses per second to 23 per second (and based on my knowledge of how statspack works, most of those were from running statspack!). Even the elapsed time was dramatically reduced from about 39 seconds down to 10 seconds. When not using bind variables, we spent seven-eighths of our CPU time parsing SQL (4 seconds versus 32). This was not entirely latch related, as much of the CPU time incurred without bind variables was spent parsing and optimizing the SQL. Parsing SQL is very CPU intensive, but to expend seven-eighths of our CPU doing something (parsing) that doesn’t really do useful work for us—work we didn’t need to perform—is pretty expensive. When we get to the two-user test, the results continue to look better: Elapsed: 0.33 (mins) Av Act Sess: 1.1 DB time: 0.36 (mins) DB CPU: 0.35 (mins) Load Profile Per Second Per Transaction Per Exec Per Call ~~~~~~~~~~~~ ------------------ ----------------- ----------- ----------- ... Parses: 56.4 376.0 Hard parses: 12.2 81.0 ... Instance Efficiency Indicators ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Buffer Nowait %: 100.00 Redo NoWait %: 99.99 Buffer Hit %: 99.99 Optimal W/A Exec %: 100.00 Library Hit %: 97.43 Soft Parse %: 78.46 Execute to Parse %: 97.90 Latch Hit %: 99.44 Parse CPU to Parse Elapsd %: 80.60 % Non-Parse CPU: 96.19 Top 5 Timed Events Avg %Total ~~~~~~~~~~~~~~~~~~ wait Call Event Waits Time (s) (ms) Time ----------------------------------------- ------------ ----------- ------ ------ CPU time 13 91.7 log file parallel write 64 1 11 4.9 LGWR wait for redo copy 1 0 174 1.3 control file parallel write 7 0 18 .9 log file sync 6 0 6 .3 ------------------------------------------------------------- The amount of CPU time is about 2 to 3 times the amount reported by the single-user test case. ■ Note Due to rounding, the 4 CPU seconds is really anywhere from 3 to 5, and the 13 is really anywhere from 12 to 14 seconds. CHAPTER 6 ■ LOCKING AND LATCHING 239 Further, the amount of CPU used by two users with bind variables is far less than half the amount of CPU a single user not using bind variables required! When I looked at the latch report in this statspack report, I found there was so little contention for the shared pool and library cache that it was not even worth reporting. In fact, digging deeper turned up the fact that the shared pool latch was requested 67,462 times versus well over 2.3 million times in the two-user test without binds shown above: Latch Name Requests Misses Sleeps Gets -------------------------- --------------- ------------ ----------- ----------- shared pool 67,462 1,950 4 1,946 process allocation 8 1 1 0 Performance/Scalability Comparison Table 6-1 summarizes the CPU usage by each implementation, as well as the latching results as we increase the number of users beyond two. As you can see, the solution using fewer latches will scale much better as the user load goes up. Table 6-1. CPU Usage Comparison with and Without Bind Variables Users CPU (sec)/ Elapsed Time (min) Shared Pool Latch Requests Latch Wait Count (/Latch Wait Time (sec) No Binds Binds No Binds Binds No Binds* Binds 1 32/0.65 4/0.17 >1.1 million 0 0/0 0/0 2 103/1.08 13/0.33 >2.3 million >67 thousand 15.8k/2 4/0 3 198/1.50 30/0.53 >3.4 million >111 thousand 27.7k/5 96/0 4 334/1.98 44/0.68 >4.5 million >126 thousand 51.4k/34 51/0 5 447/2.68 58/0.90 >5.6 million >167 thousand 67.0k/142 175/0 6 550/3.28 64/1.03 >6.8 million >175 thousand 81.8k/329 56/0 7 672/3.92 79/1.27 >8.0 million >220 thousand 97.5k/548 117/0 8 763/4.45 89/1.45 >9.1 million >234 thousand 113.3k/759 136/0 9 868/5.02 103/1.60 >10.2 million >268 thousand 129.6k/989 184/0 10 965/5.60 110/1.73 >11.3 million >281 thousand 147.2k/1,275 66/0 * Note: latch wait count is in thousands for “No Binds” and not so for “Binds” The interesting observation is that 10 users using bind variables (and very few latch requests as a result) use the same amount of hardware resources (CPU) as 2 to 2.5 users that do not use bind variables (i.e., that overuse a latch or process more than they need to). When you examine the results for 10 users, CHAPTER 6 ■ LOCKING AND LATCHING 240 you see that nonuse of bind variables results in the use of almost 9 times the CPU and takes 3.3 times the execution time when compared to the bind variable solution. The more users are added over time, the longer each user spends waiting for these latches. We went from an average of 28 seconds/session (142 seconds of wait/5 sessions) of wait time for latches with 5 users to an average of 127 seconds/session of wait time with 10 users. However, the implementation that avoided overuse of the latch suffered no ill effects as it scaled up. Mutexes A mutex is a serialization device much like a latch is, in fact, the name mutex stands for mutual exclusion. It is another serialization tool used by the database; it was introduced in Oracle 10g Release 1 and is used in place of traditional latches in many places in the server. A mutex differs from a latch in that it is even more lightweight in its implementation. It requires less code to implement, approximately one-fifth of the instructions (which results in less CPU to request in general) and it requires less memory, approximately one-seventh of the size, to implement. A mutex, in addition to being lighter weight, is a little less functional in some respects. Just like an enqueue lock is much heavier than a latch, a latch is heavier than a mutex. But, like the enqueue to latch comparison, the latch can do more than a mutex in some cases (like an enqueue can do more than a latch in some cases). This means that not every latch will be, or should be, replaced by a mutex, just as every enqueue lock will not be, or should not be, replaced by a latch. When reading about mutexes in various reports, just remember that they are lighter-weight serialization devices. They enable possibly more scalability than a latch (just as latches are more scalable than enqueues), but they are still a serialization device. If you can avoid doing something that requires a mutex, in general, you should, for the same reason you would avoid requesting a latch if possible. Manual Locking and User-Defined Locks So far, we have looked mostly at locks that Oracle places for us transparently. When we update a table, Oracle places a TM lock on it to prevent other sessions from dropping that table (or performing most DDL, in fact). We have TX locks that are left on the various blocks we modify so others can tell what data we own. The database employs DDL locks to protect objects from change while we ourselves are changing them. It uses latches and locks internally to protect its own structure. Next, let’s take a look at how we can get involved in some of this locking action. Our options are as follows: • Manually lock data via a SQL statement. • Create our own locks via the DBMS_LOCK package. The following sections briefly discuss why you might want to do each of these. Manual Locking We have, in fact, already seen a couple of cases where we might want to use manual locking. The SELECT...FOR UPDATE statement is the predominant method of manually locking data. We used it in previous examples to avoid the lost update issue whereby one session would overwrite another session’s changes. We’ve seen it used as a method to serialize access to detail records to enforce business rules (e.g., the resource scheduler example from Chapter 1 “Developing Successful Oracle Applications”). We can also manually lock data using the LOCK TABLE statement. This statement is used rarely, because of the coarseness of the lock. It simply locks the table, not the rows in the table. If you start modifying the rows, they will be locked as normal. So, this is not a method to save on resources (as it might be in other RDBMSs). You might use the LOCK TABLE IN EXCLUSIVE MODE statement if you were CHAPTER 6 ■ LOCKING AND LATCHING 241 writing a large batch update that would affect most of the rows in a given table and you wanted to be sure that no one would block you. By locking the table in this manner, you can be assured that your update will be able to do all of its work without getting blocked by other transactions. It would be the rare application, however, that has a LOCK TABLE statement in it. Creating Your Own Locks Oracle actually exposes to developers the enqueue lock mechanism that it uses internally, via the DBMS_LOCK package. You might be wondering why you would want to create your own locks. The answer is typically application specific. For example, you might use this package to serialize access to some resource external to Oracle. Say you are using the UTL_FILE routine that allows you to write to a file on the server’s file system. You might have developed a common message routine that every application calls to record messages. Since the file is external, Oracle won’t coordinate the many users trying to modify it simultaneously. In comes the DBMS_LOCK package. Now, before you open, write, and close the file, you will request a lock named after the file in exclusive mode, and after you close the file, you will manually release the lock. In this fashion, only one person at a time will be able to write a message to this file. Everyone else will queue up. The DBMS_LOCK package allows you to manually release a lock when you are done with it, or to give it up automatically when you commit, or even to keep it as long as you are logged in. Summary This chapter covered a lot of material that, at times, may have made you scratch your head. While locking is rather straightforward, some of its side effects are not. However, it is vital that you understand these issues. For example, if you were not aware of the table lock Oracle uses to enforce a foreign key relationship when the foreign key is not indexed, then your application would suffer from poor performance. If you did not understand how to review the data dictionary to see who was locking whom, you might never figure that one out. You would just assume that the database hangs sometimes. I sometimes wish I had a dollar for every time I was able to solve the insolvable hanging issue by simply running the query to detect unindexed foreign keys and suggesting that we index the one causing the problem. I would be very rich. C H A P T E R 7 ■ ■ ■ 243 Concurrency and Multi-versioning As stated in the last chapter, one of the key challenges in developing multiuser, database-driven applications is to maximize concurrent access but, at the same time, ensure that each user is able to read and modify the data in a consistent fashion. In this chapter, we’re going to take a detailed look at how Oracle achieves multi-version read consistency and what that means to you, the developer. I will also introduce a new term, write consistency, and use it to describe how Oracle works not only in a read environment with read consistency, but also in a mixed read and write environment. What Are Concurrency Controls? Concurrency controls are the collection of functions that the database provides to allow many people to access and modify data simultaneously. As noted in the previous chapter, the lock is one of the core mechanisms by which Oracle regulates concurrent access to shared database resources and prevents interference between concurrent database transactions. To briefly summarize, Oracle uses a variety of locks, including the following: • TX (Transaction) locks: These locks are acquired for the duration of a data- modifying transaction. • TM (DML Enqueue) and DDL locks: These locks ensure that the structure of an object is not altered while you are modifying its contents (TM lock) or the object itself (DDL lock). • Latches and Mutexes: These are internal locks that Oracle employs to mediate access to its shared data structures. We’ll refer to both as Latches in this chapter, although they might be implemented by a Mutex on your operating system, depending on the Oracle Version. In each case, there is minimal overhead associated with lock acquisition. TX transaction locks are extremely scalable both in terms of performance and cardinality. TM and DDL locks are applied in the least restrictive mode whenever possible. Latches and enqueues are both very lightweight and fast (enqueues are slightly the heavier of the two, though more feature-rich). Problems only arise from poorly designed applications that hold locks for longer than necessary and cause blocking in the database. If you design your code well, Oracle’s locking mechanisms will allow for scalable, highly concurrent applications. CHAPTER 7 ■ CONCURRENCY AND MULTI-VERSIONING 244 ■ Note I used the phrase “longer than necessary.” That does not mean you should attempt to commit (end your transaction) as soon as possible. Transactions should be exactly as long as they need to be—and no longer than that. That is, your transaction is your unit of work; it is all or nothing. You should commit when your unit of work is complete and not before—and not any later either! But Oracle’s support for concurrency goes beyond efficient locking. It implements a multi- versioning architecture (introduced in Chapter 1 “Developing Successful Oracle Applications”) that provides controlled yet highly concurrent access to data. Multi-versioning describes Oracle’s ability to simultaneously materialize multiple versions of the data and is the mechanism by which Oracle provides read-consistent views of data (i.e., consistent results with respect to a point in time). A rather pleasant side effect of multi-versioning is that a reader of data will never be blocked by a writer of data. In other words, writes do not block reads. This is one of the fundamental differences between Oracle and other databases. A query that only reads information in Oracle will never be blocked; it will never deadlock with another session, and it will never get an answer that didn’t exist in the database. ■ Note There is a short period of time during the processing of a distributed Two Phase Commit where Oracle will prevent read access to information. As this processing is somewhat rare and exceptional (the problem applies only to queries that start between the prepare and the commit phases and try to read the data before the commit arrives), I will not cover it in detail. Oracle’s multi-versioning model for read consistency is applied by default at the statement level (for each and every query) and can also be applied at the transaction level. This means that each and every SQL statement submitted to the database sees a read-consistent view of the database, at least—and if you would like this read-consistent view of the database to be at the level of a transaction (a set of SQL statements), you may do that as well, as we’ll see in the “Serializable” section in this chapter. The basic purpose of a transaction in the database is to take the database from one consistent state to the next. The ISO SQL standard specifies various transaction isolation levels, which define how sensitive one transaction is to changes made by another. The greater the level of sensitivity, the greater the degree of isolation the database must provide between transactions executed by your application. In the following section, we’ll look at how, via its multi-versioning architecture and with absolutely minimal locking, Oracle can support each of the defined isolation levels. Transaction Isolation Levels The ANSI/ISO SQL standard defines four levels of transaction isolation, with different possible outcomes for the same transaction scenario. That is, the same work performed in the same fashion with the same inputs may result in different answers, depending on your isolation level. These isolation levels are defined in terms of three “phenomena” that are either permitted or not at a given isolation level: CHAPTER 7 ■ CONCURRENCY AND MULTI-VERSIONING 245 • Dirty read: The meaning of this term is as bad as it sounds. You are permitted to read uncommitted, or dirty, data. You would achieve this effect by just opening an OS file that someone else is writing and reading whatever data happens to be there. Data integrity is compromised, foreign keys are violated, and unique constraints are ignored. • Non-repeatable read: This simply means that if you read a row at time T1 and attempt to reread that row at time T2, the row may have changed, it may have disappeared, it may have been updated, and so on. • Phantom read: This means that if you execute a query at time T1 and re-execute it at time T2, additional rows may have been added to the database, which will affect your results. This differs from the non-repeatable read in that with a phantom read, data you already read has not been changed, but rather that more data satisfies your query criteria than before. ■ Note The ANSI/ISO SQL standard defines transaction-level characteristics, not just individual statement-by- statement–level characteristics. In the following pages, we’ll examine transaction-level isolation, not just statement-level isolation. The SQL isolation levels are defined based on whether or not they allow each of the preceding phenomena. I find it interesting to note that the SQL standard does not impose a specific locking scheme or mandate particular behaviors, but rather describes these isolation levels in terms of these phenomena, allowing for many different locking/concurrency mechanisms to exist (see Table 7-1). Table 7-1. ANSI Isolation Levels Isolation Level Dirty Read Non-Repeatable Read Phantom Read READ UNCOMMITTED Permitted Permitted Permitted READ COMMITTED -- Permitted Permitted REPEATABLE READ -- -- Permitted SERIALIZABLE -- -- -- Oracle explicitly supports the READ COMMITTED and SERIALIZABLE isolation levels as they are defined in the standard. However, this doesn’t tell the whole story. The SQL standard was attempting to set up isolation levels that would permit various degrees of consistency for queries performed in each level. REPEATABLE READ is the isolation level that the SQL standard claims will guarantee a read-consistent result from a query. In their definition, READ COMMITTED does not give you consistent results, and READ UNCOMMITTED is the level to use to get non-blocking reads. However, in Oracle, READ COMMITTED has all of the attributes required to achieve read-consistent queries. In many other databases, READ COMMITTED queries can and will return answers that never existed in the database at any point in time. Moreover, Oracle also supports the spirit of READ UNCOMMITTED. The goal of providing a dirty read is to supply a non-blocking read, whereby queries are not blocked by, and do not block, updates of the same data. However, Oracle does not need dirty reads to achieve this goal, nor does it support them. Dirty reads are an implementation other databases must use in order to provide non-blocking reads. CHAPTER 7 ■ CONCURRENCY AND MULTI-VERSIONING 246 In addition to the four defined SQL isolation levels, Oracle provides another level, namely READ ONLY. A READ ONLY transaction is equivalent to a REPEATABLE READ or SERIALIZABLE transaction that can’t perform any modifications in SQL. A transaction using a READ ONLY isolation level only sees those changes that were committed at the time the transaction began, but inserts, updates, and deletes are not permitted in this mode (other sessions may update data, but not the READ ONLY transaction). Using this mode, you can achieve REPEATABLE READ and SERIALIZABLE levels of isolation. Let’s now move on to discuss exactly how multi-versioning and read consistency fit into the isolation scheme and how databases that do not support multi-versioning achieve the same results. This information is instructive for anyone who has used another database and believes she understands how the isolation levels must work. It is also interesting to see how a standard that was supposed to remove the differences between the databases, ANSI/ISO SQL, actually allows for them. The standard, while very detailed, can be implemented in very different ways. READ UNCOMMITTED The READ UNCOMMITTED isolation level allows dirty reads. Oracle does not make use of dirty reads, nor does it even allow for them. The basic goal of a READ UNCOMMITTED isolation level is to provide a standards- based definition that caters for non-blocking reads. As we have seen, Oracle provides for non-blocking reads by default. You would be hard-pressed to make a SELECT query block in the database (as noted earlier, there is the special case of a distributed transaction). Every single query, be it a SELECT, INSERT, UPDATE, MERGE, or DELETE, executes in a read-consistent fashion. It might seem funny to refer to an UPDATE statement as a query, but it is. UPDATE statements have two components: a read component as defined by the WHERE clause and a write component as defined by the SET clause. UPDATE statements read and write to the database; all DML statements have this ability. The case of a single row INSERT using the VALUES clause is the only exception, as such statements have no read component, just the write component. In Chapter 1 “Developing Successful Oracle Applications”, Oracle’s method of obtaining read consistency was demonstrated by way of a simple single table query that retrieved rows that were deleted after the cursor was opened. We’re now going to explore a real-world example to see what happens in Oracle using multi-versioning, as well as what happens in any number of other databases. Let’s start with the same basic table and query: create table accounts ( account_number number primary key, account_balance number not null ); select sum(account_balance) from accounts; Before the query begins, assume we have the data shown in Table 7-2. Table 7-2. ACCOUNTS Table Before Modifications Row Account Number Account Balance 1 123 $500.00 2 456 $240.25 ... ... ... 342,023 987 $100.00 CHAPTER 7 ■ CONCURRENCY AND MULTI-VERSIONING 247 Now, our select statement starts executing and reads row 1, row 2, and so on. ■ Note I do not mean to imply that rows have any sort of physical ordering on disk in this example. There really is not a first row, second row, or last row in a table. There is just a set of tables. We are assuming here that row 1 really means “the first row we happened to read” and row 2 is the second row we happened to read and so on. At some point while we are in the middle of the query, a transaction moves $400.00 from account 123 to account 987. This transaction does the two updates but does not commit. The table now looks as shown in Table 7-3. Table 7-3. ACCOUNTS Table During Modifications Row Account Number Account Balance Locked? 1 123 ($500.00) changed to $100.00 X 2 456 $240.25 -- ... ... ... -- 342,023 987 ($100.00) changed to $500.00 X So, two of those rows are locked. If anyone tried to update them, that user would be blocked. So far, the behavior we are seeing is more or less consistent across all databases. The difference will be in what happens when the query gets to the locked data. When the query we are executing gets to the block containing the locked row (row 342,023) at the bottom of the table, it will notice that the data in it has changed since the time at which it started execution. To provide a consistent (correct) answer, Oracle will at this point create a copy of the block containing this row as it existed when the query began. That is, it will read a value of $100.00, the value that existed at the time the query began. Effectively, Oracle takes a detour around the modified data; it reads around it, reconstructing it from the undo (also known as a rollback) segment (discussed in detail in Chapter 9 “Redo and Undo”). A consistent and correct answer comes back without waiting for the transaction to commit. Now, a database that allowed a dirty read would simply return the value it saw in account 987 at the time it read it, in this case $500.00. The query would count the transferred $400 twice. Therefore, not only does it return the wrong answer, but also it returns a total that never existed in the table at any committed point in time. In a multiuser database, a dirty read can be a dangerous feature and, personally, I have never seen the usefulness of it. Say that, rather than transferring, the transaction was actually just depositing $400.00 in account 987. The dirty read would count the $400.00 and get the “right” answer, wouldn’t it? Well, suppose the uncommitted transaction was rolled back. We have just counted $400.00 that was never actually in the database. The point here is that dirty read is not a feature; rather, it is a liability. In Oracle, it is just not needed. You get all of the advantages of a dirty read (no blocking) without any of the incorrect results. CHAPTER 7 ■ CONCURRENCY AND MULTI-VERSIONING 248 READ COMMITTED The READ COMMITTED isolation level states that a transaction may only read data that has been committed in the database. There are no dirty reads. There may be non-repeatable reads (i.e., rereads of the same row may return a different answer in the same transaction) and phantom reads (i.e., newly inserted and committed rows become visible to a query that were not visible earlier in the transaction). READ COMMITTED is perhaps the most commonly used isolation level in database applications everywhere, and it is the default mode for Oracle databases. It is rare to see a different isolation level used. However, achieving READ COMMITTED isolation is not as cut-and-dried as it sounds. If you look at Table 7-1, it looks straightforward. Obviously, given the earlier rules, a query executed in any database using the READ COMMITTED isolation will behave in the same way, will it not? It will not. If you query multiple rows in a single statement, in almost every other database, READ COMMITTED isolation can be as bad as a dirty read, depending on the implementation. In Oracle, using multi-versioning and read-consistent queries, the answer we get from the ACCOUNTS query is the same in READ COMMITTED as it was in the READ UNCOMMITTED example. Oracle will reconstruct the modified data as it appeared when the query began, returning the answer that was in the database when the query started. Let’s now take a look at how our previous example might work in READ COMMITTED mode in other databases—you might find the answer surprising. We’ll pick up our example at the point described in the previous table: • We are in the middle of the table. We have read and summed the first N rows. • The other transaction has moved $400.00 from account 123 to account 987. • The transaction has not yet committed, so rows containing the information for accounts 123 and 987 are locked. We know what happens in Oracle when it gets to account 987—it will read around the modified data, find out it should be $100.00, and complete. Table 7-4 shows how another database, running in some default READ COMMITTED mode, might arrive at the answer. Table 7-4. Timeline in a Non-Oracle Database Using READ COMMITTED Isolation Time Query Account Transfer Transaction T1 Reads row 1, account 123, value=$500. Sum=$500.00 so far. -- T2 Reads row 2, account 456, value=$240.25. Sum=$740.25 so far. -- T3 -- Updates row 1 (account 123) and puts an exclusive lock on row 1, preventing other updates and reads. Row 1 had $500.00, now it has $100.00. T4 Reads row N. Sum = . . . -- T5 -- Updates row 342,023 (account 987) and puts an exclusive lock on this row. This row had $100, now it has $500.00. CHAPTER 7 ■ CONCURRENCY AND MULTI-VERSIONING 249 Time Query Account Transfer Transaction T6 Tries to read row 342,023, account 987. Discovers that it is locked. This session will block and wait for this row's block to become available. All processing on this query stops. -- T7 -- Commits transaction. T8 Reads row 342,023, account 987, sees $500.00, and presents a final answer that includes the $400.00 double-counted. -- The first thing to notice is that this other database, upon getting to account 987, will block our query. This session must wait on that row until the transaction holding the exclusive lock commits. This is one reason why many people have a bad habit of committing every statement, instead of processing well-formed transactions consisting of all of the statements needed to take the database from one consistent state to the next. Updates interfere with reads in most other databases. The really bad news in this scenario is that we are making the end user wait for the wrong answer. We still receive an answer that never existed in the committed database state at any point in time, as with the dirty read, but this time we made the user wait for the wrong answer. In the next section, we’ll look at what these other databases need to do to achieve read-consistent, correct results. The important lesson here is that various databases executing in the same, apparently safe isolation level can and will return very different answers under the exact same circumstances. It is important to understand that, in Oracle, non-blocking reads are not had at the expense of correct answers. You can have your cake and eat it too, sometimes. REPEATABLE READ The goal of REPEATABLE READ is to provide an isolation level that gives consistent, correct answers and prevents lost updates. We’ll take a look at examples of both, see what we have to do in Oracle to achieve these goals, and examine what happens in other systems. Getting a Consistent Answer If we have a REPEATABLE READ isolation, the results from a given query must be consistent with respect to some point in time. Most databases (not Oracle) achieve repeatable reads via the use of row-level shared read locks. A shared read lock prevents other sessions from modifying data that we have read. This, of course, decreases concurrency. Oracle opted for the more concurrent, multi-versioning model to provide read-consistent answers. In Oracle, using multi-versioning, we get an answer that is consistent with respect to the point in time the query began execution. In other databases, using shared read locks, we get an answer that is consistent with respect to the point in time the query completes—that is, when we can get the answer at all (more on this in a moment). In a system that employs a shared read lock to provide repeatable reads, we would observe rows in a table getting locked as the query processed them. So, using the earlier example, as our query reads the ACCOUNTS table, it would leave shared read locks on each row, as shown in Table 7-5. CHAPTER 7 ■ CONCURRENCY AND MULTI-VERSIONING 250 Table 7-5. Timeline 1 in Non-Oracle Database Using READ REPEATABLE Isolation Time Query Account Transfer Transaction T1 Reads row 1. Sum=$500.00 so far. Block 1 has a shared read lock on it. -- T2 Reads row 2. Sum=$740.25 so far. Block 2 has a shared read lock on it. -- T3 -- Attempts to update row 1 but is blocked. Transaction is suspended until it can obtain an exclusive lock. T4 Reads row N. Sum = . . . -- T5 Reads row 342,023, sees $100.00, and presents final answer. -- T6 Commits transaction. -- T7 -- Updates row 1 and puts an exclusive lock on this block. Row now has $100.00. T8 -- Updates row 342,023 and puts an exclusive lock on this block. Row now has $500.00. Commits transaction. Table 7-5 shows that we now get the correct answer, but at the cost of physically blocking one transaction and executing the two transactions sequentially. This is one of the side effects of shared read locks for consistent answers: readers of data will block writers of data. This is in addition to the fact that, in these systems, writers of data will block readers of data. Imagine if automatic teller machines (ATMs) worked this way in real life. So, you can see how shared read locks would inhibit concurrency, but they can also cause spurious errors to occur. In Table 7-6, we start with our original table, but this time with the goal of transferring $50.00 from account 987 to account 123. Table 7-6. Timeline 2 in Non-Oracle Database Using READ REPEATABLE Isolation Time Query Account Transfer Transaction T1 Reads row 1. Sum=$500.00 so far. Block 1 has a shared read lock on it. -- T2 Reads row 2. Sum=$740.25 so far. Block 2 has a shared read lock on it. -- T3 -- Updates row 342,023 and puts an exclusive lock on block 342,023, preventing other updates and shared read locks. This row now has $50.00. CHAPTER 7 ■ CONCURRENCY AND MULTI-VERSIONING 251 Time Query Account Transfer Transaction T4 Reads row N. Sum = . . . -- T5 -- Attempts to update row 1 but is blocked. Transaction is suspended until it can obtain an exclusive lock. T6 Attempts to read row 342,023 but can’t as an exclusive lock is already in place. -- We have just reached the classic deadlock condition. Our query holds resources the update needs and vice versa. Our query has just deadlocked with our update transaction. One of them will be chosen as the victim and will be killed. We just spent a long time and a lot of resources only to fail and get rolled back at the end. This is the second side effect of shared read locks: readers and writers of data can and frequently will deadlock each other. In Oracle, we have statement-level read consistency without reads blocking writes or deadlocks. Oracle never uses shared read locks—ever. Oracle has chosen the harder-to-implement but infinitely more concurrent multi-versioning scheme. Lost Updates: Another Portability Issue A common use of REPEATABLE READ in databases that employ the shared read locks could be for lost update prevention. ■ Note Lost update detection and solutions to the lost update problem are discussed in Chapter 6 “Locking and Latching”. If we have REPEATABLE READ enabled in a database that employs shared read locks (and not multi- versioning), lost update errors can’t happen. The reason lost updates will not happen in those databases is because the simple act of selecting the data leaves a lock on it, and once read by our transaction, that data cannot be modified by any other transaction. Now, if your application assumes that REPEATABLE READ implies “lost updates can’t happen,” you are in for a painful surprise when you move your application to a database that does not use shared read locks as an underlying concurrency control mechanism. ■ Note In a stateless environment, such as a web-based application, lost updates would likely be a cause for concern—even in REPEATABLE READ isolation. This is because a single database session is used by many clients via a connection pool and locks are not held across calls. REPEATABLE READ isolation only prevents lost updates in a stateful environment, such as that observed with a client-server application. CHAPTER 7 ■ CONCURRENCY AND MULTI-VERSIONING 252 While this sounds good, you must remember that leaving the shared read locks behind on all data as it is read will, of course, severely limit concurrent reads and modifications. So, while this isolation level in those databases provides for lost update prevention, it does so by removing the ability to perform concurrent operations! You can’t always have your cake and eat it too. SERIALIZABLE This is generally considered the most restrictive level of transaction isolation, but it provides the highest degree of isolation. A SERIALIZABLE transaction operates in an environment that makes it appear as if there are no other users modifying data in the database. Any row we read is assured to be the same upon a reread, and any query we execute is guaranteed to return the same results for the life of a transaction. For example, if we execute Select * from T; Begin dbms_lock.sleep( 60*60*24 ); end; Select * from T; the answers returned from T would be the same, even though we just slept for 24 hours (or we might get an ORA-01555, snapshot too old error, which is discussed in Chapter 8). The isolation level SERIALIZABLE assures us these two queries will always return the same results. Side effects (changes) made by other transactions are not visible to the query regardless of how long it has been running. In Oracle, a SERIALIZABLE transaction is implemented so that the read consistency we normally get at the statement level is extended to the transaction. ■ Note As noted earlier, there is also an isolation level in Oracle denoted READ ONLY. It has all of the qualities of the SERIALIZABLE isolation level, but it prohibits modifications. It should be noted that the SYS user (or users connected as SYSDBA) can’t have a READ ONLY or SERIALIZABLE transaction. SYS is special in this regard. Instead of results being consistent with respect to the start of a statement, they are preordained at the time you begin the transaction. In other words, Oracle uses the undo segments to reconstruct the data as it existed when our transaction began, instead of just when our statement began. That’s a pretty deep thought there: the database already knows the answer to any question you might ask it, before you ask it. This degree of isolation comes with a price, and that price is the following possible error: ERROR at line 1: ORA-08177: can't serialize access for this transaction You will get this message whenever you attempt to update a row that has changed since your transaction began. CHAPTER 7 ■ CONCURRENCY AND MULTI-VERSIONING 253 ■ Note Oracle attempts to do this purely at the row level, but you may receive an ORA-08177 error even when the row you are interested in modifying has not been modified. The ORA-08177 error may happen due to some other row(s) being modified on the block that contains your row. Oracle takes an optimistic approach to serialization—it gambles on the fact that the data your transaction wants to update won’t be updated by any other transaction. This is typically the way it happens, and usually the gamble pays off, especially in quick-transaction, OLTP-type systems. If no one else updates your data during your transaction, this isolation level, which will generally decrease concurrency in other systems, will provide the same degree of concurrency as it would without SERIALIZABLE transactions. The downside to this is that you may get the ORA-08177 error if the gamble doesn’t pay off. If you think about it, however, it’s worth the risk. If you’re using SERIALIZABLE transactions, you shouldn’t expect to update the same information as other transactions. If you do, you should use the SELECT ... FOR UPDATE as described in Chapter 1 “Developing Successful Oracle Applications”, and this will serialize the access. So, using an isolation level of SERIALIZABLE will be achievable and effective if you: • Have a high probability of no one else modifying the same data. • Need transaction-level read consistency. • Will be doing short transactions (to help make the first bullet point a reality). Oracle finds this method scalable enough to run all of their TPC-Cs (an industry standard OLTP benchmark; see http://www.tpc.org for details). In many other implementations, you will find this being achieved with shared read locks and their corresponding deadlocks, and blocking. In Oracle, we do not get any blocking, but we will get the ORA-08177 error if other sessions change the data we want to change as well. However, we will not get the error as frequently as we will get deadlocks and blocks in the other systems. But—there is always a “but”—you must take care to understand these different isolation levels and their implications. Remember, with isolation set to SERIALIZABLE, you will not see any changes made in the database after the start of your transaction, until you commit. Applications that attempt to enforce their own data integrity constraints, such as the resource scheduler described in Chapter 1 “Developing Successful Oracle Applications”, must take extra care in this regard. If you recall, the problem in Chapter 1 was that we could not enforce our integrity constraint in a multiuser system since we could not see changes made by other uncommitted sessions. Using SERIALIZABLE, we would still not see the uncommitted changes, but we would also not see the committed changes made after our transaction began! As a final point, be aware that SERIALIZABLE does not mean that all transactions executed by users will behave as if they were executed one right after another in a serial fashion. It does not imply that there is some serial ordering of the transactions that will result in the same outcome. The phenomena previously described by the SQL standard do not make this happen. This last point is a frequently misunderstood concept, and a small demonstration will clear it up. The following table represents two sessions performing work over time. The database tables A and B start out empty and are created as follows: ops$tkyte@ORA11GR2> create table a ( x int ); Table created. ops$tkyte@ORA11GR2> create table b ( x int ); Table created. CHAPTER 7 ■ CONCURRENCY AND MULTI-VERSIONING 254 Now we have the series of events shown in Table 7-7. Table 7-7. SERIALIZABLE Transaction Example Time Session 1 Executes Session 2 Executes T1 Alter session set isolation_level=serializable; -- T2 -- Alter session set isolation_level=serializable; T3 Insert into a select count(*) from b; -- T4 -- Insert into b select count(*) from a; T5 Commit; -- T6 -- Commit; Now, when this is all said and done, tables A and B will each have a row with the value 0 in it. If there were some serial ordering of the transactions, we could not possibly have both tables containing the value 0 in them. If session 1 executed in its entirety before session 2, then table B would have a row with the value 1 in it. If session 2 executed is its entirety before session 1, then table A would have a row with the value 1 in it. As executed here, however, both tables will have rows with a value of 0. They just executed as if they were the only transaction in the database at that point in time. No matter how many times session 1 queries table B and no matter the committed state of session 2, the count will be the count that was committed in the database at time T1. Likewise, no matter how many times session 2 queries table A, the count will be the same as it was at time T2. READ ONLY READ ONLY transactions are very similar to SERIALIZABLE transactions, the only difference being that they do not allow modifications, so they are not susceptible to the ORA-08177 error. READ ONLY transactions are intended to support reporting needs where the contents of the report need to be consistent with respect to a single point in time. In other systems, you would use REPEATABLE READ and suffer the associated affects of the shared read lock. In Oracle, you will use the READ ONLY transaction. In this mode, the output you produce in a report that uses 50 SELECT statements to gather the data will be consistent with respect to a single point in time—the time the transaction began. You will be able to do this without locking a single piece of data anywhere. This aim is achieved by using the same multi-versioning as used for individual statements. The data is reconstructed as needed from the undo segments and presented to you as it existed when the report began. READ ONLY transactions are not trouble-free, however. Whereas you might see an ORA-08177 error in a SERIALIZABLE transaction, you expect to see an ORA-01555 snapshot too old error with READ ONLY transactions. This will happen on a system where other people are actively modifying the information you are reading. The changes (undo) made to this information are recorded in the undo segments. But undo segments are used in a circular fashion in much the same manner as redo logs. The longer the report takes to run, the better the chance that some undo you need to reconstruct your data won’t be there anymore. The undo segment will have wrapped around, and the portion of it you need would be reused by some other transaction. At this point, you will receive the ORA-01555 error and have to start over again. CHAPTER 7 ■ CONCURRENCY AND MULTI-VERSIONING 255 The only solution to this sticky issue is to have undo segments that are sized correctly for your system. Time and time again, I see people trying to save a few megabytes of disk space by having the smallest possible undo segments (“Why ‘waste’ space on something I don’t really need?” is the thought). The problem is that the undo segments are a key component of the way the database works, and unless they are sized correctly, you will hit this error. In many years of using Oracle 6, 7, 8, 9, 10, and 11, I can say I have never hit an ORA-01555 error outside of a testing or development system. In such a case, you know you have not sized the undo segments correctly and you fix it. We will revisit this issue in Chapter 9 “Redo and Undo”. Implications of Multi-version Read Consistency So far, we’ve seen how multi-versioning provides us with non-blocking reads, and I have stressed that this is a good thing: consistent (correct) answers with a high degree of concurrency. What could be wrong with that? Well, unless you understand that it exists and what it implies, then you are probably doing some of your transactions incorrectly. Recall from Chapter 1 the scheduling resources example whereby we had to employ some manual locking techniques (via SELECT FOR UPDATE to serialize modifications to the SCHEDULES table by resource). But can it affect us in other ways? The answer to that is definitely yes. We’ll go into the specifics in the sections that follow. A Common Data Warehousing Technique That Fails A common data warehousing technique I’ve seen people employ goes like this: 1. They use a trigger to maintain a LAST_UPDATED column in the source table, much like the method described in the last chapter in the “Optimistic Locking” section. 2. To initially populate a data warehouse table, they remember what time it is right now by selecting out SYSDATE on the source system. For example, suppose it is exactly 9:00 a.m. right now. 3. They then pull all of the rows from the transactional system—a full SELECT * FROM TABLE—to get the data warehouse initially populated. 4. To refresh the data warehouse, they remember what time it is right now again. For example, suppose an hour has gone by—it is now 10:00 a.m. on the source system. They will remember that fact. They then pull all changed records since 9:00 a.m. (the moment before they started the first pull) and merge them in. ■ Note This technique may pull the same record twice in two consecutive refreshes. This is unavoidable due to the granularity of the clock. A MERGE operation will not be affected by this (i.e., update existing record in the data warehouse or insert a new record). They believe that they now have all of the records in the data warehouse that were modified since they did the initial pull. They may actually have all of the records, but just as likely they may not. This technique does work on some other databases—ones that employ a locking system whereby reads are blocked by writes and vice versa. But in a system where you have non-blocking reads, the logic is flawed. CHAPTER 7 ■ CONCURRENCY AND MULTI-VERSIONING 256 To see the flaw in this example, all we need to do is assume that at 9:00 a.m. there was at least one open, uncommitted transaction. At 8:59:30 a.m., it had updated a row in the table we were to copy. At 9:00 a.m., when we started pulling the data and thus reading the data in this table, we would not see the modifications to that row; we would see the last committed version of it. If it was locked when we got to it in our query, we would read around the lock. If it was committed by the time we got to it, we would still read around it since read consistency permits us to read only data that was committed in the database when our statement began. We would not read that new version of the row during the 9:00 a.m. initial pull, nor would we read the modified row during the 10:00 a.m. refresh. The reason? The 10:00 a.m. refresh would only pull records modified since 9:00 a.m. that morning, but this record was modified at 8:59:30 a.m. We would never pull this changed record. In many other databases where reads are blocked by writes and a committed but inconsistent read is implemented, this refresh process would work perfectly. If at 9:00 a.m. when we did the initial pull of data, we hit that row and it was locked, we would have blocked and waited for it, and read the committed version. If it were not locked, we would just read whatever was there, committed. So, does this mean the preceding logic just cannot be used? No, it means that we need to get the “right now” time a little differently. We need to query V$TRANSACTION and find out which is the earliest of the current time and the time recorded in START_TIME column of this view. We will need to pull all records changed since the start time of the oldest transaction (or the current SYSDATE value if there are no active transactions): select nvl( min(to_date(start_time,'mm/dd/rr hh24:mi:ss')),sysdate) from v$transaction; ■ Note The above query works regardless of the presence of any data in V$TRANSACTION. That is, even if V$TRANSACTION is empty (because there are no transactions currently), the above query returns a record. A query that has an aggregate with no where clause always returns at least one row and at most one row. In this example, that would be 8:59:30 a.m. when the transaction that modified the row started. When we go to refresh the data at 10:00 a.m., we pull all of the changes that had occurred since that time; when we merge these into the data warehouse, we’ll have everything we need. An Explanation for Higher Than Expected I/O on Hot Tables Another situation where it is vital that you understand read consistency and multi-versioning is when you are faced with a query that in production, under a heavy load, uses many more I/Os than you observe in your test or development systems, and you have no way to account for it. You review the I/O performed by the query and note that it is much higher than you have ever seen—much higher than seems possible. You restore the production instance on test and discover that the I/O is way down. But in production, it is still very high (but seems to vary: sometimes it is high, sometimes it is low, and sometimes it is in the middle). The reason, as we’ll see, is that in your test system, in isolation, you do not have to undo other transactions’ changes. In production, however, when you read a given block, you might have to undo (roll back) the changes of many transactions, and each rollback could involve I/O to retrieve the undo and apply it. This is probably a query against a table that has many concurrent modifications taking place; you are seeing the reads to the undo segment taking place, the work that Oracle is performing to restore the block back the way it was when your query began. You can see the effects of this easily in a single session, just to understand what is happening. We’ll start with a very small table: CHAPTER 7 ■ CONCURRENCY AND MULTI-VERSIONING 257 ops$tkyte%ORA11GR2> create table t ( x int ); Table created. ops$tkyte%ORA11GR2> insert into t values ( 1 ); 1 row created. ops$tkyte%ORA11GR2> exec dbms_stats.gather_table_stats( user, 'T' ); PL/SQL procedure successfully completed. ops$tkyte%ORA11GR2> select * from t; X ---------- 1 Now we’ll set our session to use the SERIALIZABLE isolation level, so that no matter how many times we run a query in our session, the results will be “as of” that transaction’s start time: ops$tkyte@ORA11GR2> alter session set isolation_level=serializable; Session altered. Now, we’ll query that small table and observe the amount of I/O performed: ops$tkyte%ORA11GR2> set autotrace on statistics ops$tkyte%ORA11GR2> select * from t; X ---------- 1 Statistics ---------------------------------------------------------- 0 recursive calls 0 db block gets 7 consistent gets... So, that query took seven I/Os (consistent gets) in order to complete. In another session, we’ll modify this table repeatedly: ops$tkyte%ORA11GR2> begin 2 for i in 1 .. 10000 3 loop 4 update t set x = x+1; 5 commit; 6 end loop; 7 end; 8 / PL/SQL procedure successfully completed. CHAPTER 7 ■ CONCURRENCY AND MULTI-VERSIONING 258 And returning to our SERIALIZABLE session, we’ll rerun the same query: ops$tkyte%ORA11GR2> select * from t; X ---------- 1 Statistics ---------------------------------------------------------- 0 recursive calls 0 db block gets 10012 consistent gets ... It did 10,012 I/Os that time—a marked difference. So, where did all of the I/O come from? That was Oracle rolling back the changes made to that database block. When we ran the second query, Oracle knew that all of the blocks retrieved and processed by that query had to be “as of” the start time of the transaction. When we got to the buffer cache, we discovered that the block in the cache was simply “too new”—the other session had modified it some 10,000 times. Our query could not see those changes, so it started walking the undo information and undid the last change. It discovered this rolled back block was still too new and did another rollback of the block. It did this repeatedly until finally it found the version of the block that was committed in the database when our transaction began. That was the block we may use—and did use. ■ Note Interestingly, if you were to rerun the SELECT * FROM T, you would likely see the I/O go back down to 7 or so again; it would not be 10,012. The reason? Oracle has the ability to store multiple versions of the same block in the buffer cache. When you undid the changes to this block for the query that did 10,012 IOs, you left that version in the cache, and subsequent executions of your query are able to access it. So, do we only encounter this problem when using the SERIALIZABLE isolation level? No, not at all. Consider a query that runs for five minutes. During the five minutes the query is running, it is retrieving blocks from the buffer cache. Every time it retrieves a block from the buffer cache, it will perform this check: “Is the block too new? If so, roll it back.” And remember, the longer the query runs, the higher the chance that a block it needs has been modified over time. Now, the database is expecting this check to happen (i.e., to see if a block is “too new” and the subsequent rolling back of the changes), and for just such a reason, the buffer cache may actually contain multiple versions of the same block in memory. In that fashion, chances are that a version you require will be there, ready and waiting to go, instead of having to be materialized using the undo information. A query such as select file#, block#, count(*) from v$bh group by file#, block# having count(*) > 3 order by 3 / CHAPTER 7 ■ CONCURRENCY AND MULTI-VERSIONING 259 may be used to view these blocks. In general, you will find no more than about six versions of a block in the cache at any point in time, but these versions can be used by any query that needs them. It is generally these small hot tables that run into the issue of inflated I/Os due to read consistency. Other queries most often affected by this issue are long-running queries against volatile tables. The longer they run, the longer they run, because over time they may have to perform more work to retrieve a block from the buffer cache. Write Consistency So far, we’ve looked at read consistency: Oracle’s ability to use undo information to provide non- blocking query and consistent (correct) reads. We understand that as Oracle reads blocks for queries out of the buffer cache, it will ensure that the version of the block is “old” enough to be seen by that query. But that begs the following questions: What about writes/modifications? What happens when you run an UPDATE statement Update t set x = 2 where y = 5; and while that statement is running, someone updates a row it has yet to read from Y=5 to Y=6 and commits? That is, when your UPDATE began, some row had the value Y=5. As your UPDATE reads the table using consistent reads, it sees that the row was Y=5 when the UPDATE began. But, the current value for Y is now 6 (it’s not 5 anymore) and before updating the value of X, Oracle will check to see that Y is still 5. Now what happens? How are the updates affected by this? Obviously, we can’t modify an old version of a block; when we go to modify a row, we must modify the current version of that block. Additionally, Oracle can’t just simply skip this row, as that would be an inconsistent read and unpredictable. What we’ll discover is that in such cases, Oracle will restart the write modification from scratch. Consistent Reads and Current Reads Oracle does do two types of block gets when processing a modification statement. It performs • Consistent reads: When “finding” the rows to modify • Current reads: When getting the block to actually update the row of interest We can see this easily using TKPROF. Consider this small one row example, which reads and updates the single row in table T from earlier: ops$tkyte%ORA11GR2> exec dbms_monitor.session_trace_enable PL/SQL procedure successfully completed. ops$tkyte%ORA11GR2> select * from t; X ---------- 10001 ops$tkyte%ORA11GR2> update t t1 set x = x+1; 1 row updated. ops$tkyte%ORA11GR2> update t t2 set x = x+1; 1 row updated. CHAPTER 7 ■ CONCURRENCY AND MULTI-VERSIONING 260 When we run TKPROF and view the results, we’ll see something like this (note that I removed the ELAPSED, CPU, and DISK columns from this report): select * from t call count query current rows ------- ------ ------ ---------- ---------- Parse 1 0 0 0 Execute 1 0 0 0 Fetch 2 7 0 1 ------- ------ ------ ---------- ---------- total 4 7 0 1 update t t1 set x = x+1 call count query current rows ------- ------ ------ ---------- ---------- Parse 1 0 0 0 Execute 1 7 3 1 Fetch 0 0 0 0 ------- ------ ------ ---------- ---------- total 2 7 3 1 update t t2 set x = x+1 call count query current rows ------- ------ ------ ---------- ---------- Parse 1 0 0 0 Execute 1 7 1 1 Fetch 0 0 0 0 ------- ------ ------ ---------- ---------- total 2 7 1 1 So, during just a normal query, we incur seven query (consistent) mode gets. During the first UPDATE, we incur the same seven I/Os (the search component of the update involves finding all of the rows that are in the table when the update began, in this case) and three current mode gets as well. The current mode gets are performed in order to retrieve the table block as it exists right now, the one with the row on it, to get an undo segment block to begin our transaction, and an undo block. The second update has exactly one current mode get; since we did not have to do the undo work again, we had only the one current get on the block with the row we want to update. The very presence of the current mode gets tells us that a modification of some sort took place. Before Oracle will modify a block with new information, it must get the most current copy of it. So, how does read consistency affect a modification? Well, imagine you were executing the following UPDATE statement against some database table: Update t set x = x+1 where y = 5; We understand that the WHERE Y=5 component, the read-consistent phase of the query, will be processed using a consistent read (query mode gets in the TKPROF report). The set of WHERE Y=5 records that was committed in the table at the beginning of the statement’s execution are the records it will see (assuming READ COMMITTED isolation; if the isolation is SERIALIZABLE, it would be the set of WHERE Y=5 records that existed when the transaction began). This means if that UPDATE statement were to take five minutes to process from start to finish, and someone added and committed a new record to the table CHAPTER 7 ■ CONCURRENCY AND MULTI-VERSIONING 261 with a value of 5 in the Y column, then that UPDATE would not see it because the consistent read would not see it. This is expected and normal. But, the question is, what happens if two sessions execute the following statements in order: Update t set y = 10 where y = 5; Update t Set x = x+1 Where y = 5; Table 7-8 demonstrates the timeline. Table 7-8. Sequence of Updates Time Session 1 Session 2 Comment T1 Update t set y=10 where y=5; This updates the one row that matches the criteria. T2 Update t Set x=x+1 Where y=5; Using consistent reads, this will find the record session 1 modified, but it won’t be able to update it since session 1 has it locked. Session 2 will block and wait for this row. T3 Commit; This releases session 2; session 2 becomes unblocked. It can finally do the current read on the block containing this row, where Y was equal to 5 when session 1 began its update. The current read will show that Y is now equal to 10, not 5 anymore. So the record that was Y=5 when you began the UPDATE is no longer Y=5. The consistent read component of the UPDATE says, “You want to update this record because Y was 5 when we began,” but the current version of the block makes you think, “Oh, no, I can’t update this row because Y isn’t 5 anymore. It would be wrong”. If we just skipped this record at this point and ignored it, then we would have a nondeterministic update. It would be throwing data consistency and integrity out the window. The outcome of the update (how many and which rows were modified) would depend on the order in which rows got hit in the table and what other activity just happened to be going on. You could take the same exact set of rows and in two different databases, each one running the transactions in exactly the same mix, you could observe different results, just because the rows were in different places on the disk. In this case, Oracle will choose to restart the update. When the row that was Y=5 when you started is found to contain the value Y=10, Oracle will silently roll back your update (just the update, not any other part of the transaction) and restart it, assuming you are using READ COMMITTED isolation. If you are using SERIALIZABLE isolation, then at this point you would receive an ORA-08177: can't serialize access for this transaction error. In READ COMMITTED mode, after the transaction rolls back your update, the database will restart the update (i.e., change the point in time at which the update is “as of”), and instead of updating the data again, it will go into SELECT FOR UPDATE mode and attempt to lock all of the rows WHERE Y=5 for your session. Once it does this, it will run the UPDATE against that locked set of data, thus ensuring this time that it can complete without restarting. But to continue on with the “but what happens if. . .” train of thought, what happens if, after restarting the update and going into SELECT FOR UPDATE mode (which has the same read-consistent and read current block gets going on as an update does), a row that was Y=5 when you started the SELECT FOR UPDATE is found to be Y=11 when you go to get the current version of it? That SELECT FOR UDPDATE will restart and the cycle begins again. CHAPTER 7 ■ CONCURRENCY AND MULTI-VERSIONING 262 This raises several interesting questions. Can we observe this? Can we see this actually happen? And if so, so what? What does this mean to us as developers? We’ll address these questions in turn now. Seeing a Restart It is easier to see a restart than you might, at first, think. We’ll be able to observe one, in fact, using a simple one-row table. This is the table we’ll use to test with: ops$tkyte%ORA11GR2> create table t ( x int, y int ); Table created. ops$tkyte%ORA11GR2> insert into t values ( 1, 1 ); 1 row created. ops$tkyte%ORA11GR2> commit; Commit complete. To observe the restart, all we need is a trigger to print out some information. We’ll use a BEFORE UPDATE FOR EACH ROW trigger to print out the before and after image of the row as the result of an update: ops$tkyte%ORA11GR2> create or replace trigger t_bufer 2 before update on t for each row 3 begin 4 dbms_output.put_line 5 ( 'old.x = ' || :old.x || 6 ', old.y = ' || :old.y ); 7 dbms_output.put_line 8 ( 'new.x = ' || :new.x || 9 ', new.y = ' || :new.y ); 10 end; 11 / Trigger created. Now we’ll update that row: ops$tkyte%ORA11GR2> set serveroutput on ops$tkyte%ORA11GR2> update t set x = x+1; old.x = 1, old.y = 1 new.x = 2, new.y = 1 1 row updated. So far, everything is as we expect: the trigger fired once, and we see the old and new values. Note that we have not yet committed, however—the row is still locked. In another session, we’ll execute this update: ops$tkyte%ORA11GR2> set serveroutput on ops$tkyte%ORA11GR2> update t set x = x+1 where x > 0; This will immediately block, of course, since the first session has that row locked. If we now go back to the first session and commit, we’ll see this output (the update is repeated for clarity) in the second session: CHAPTER 7 ■ CONCURRENCY AND MULTI-VERSIONING 263 ops$tkyte%ORA11GR2> update t set x = x+1 where x > 0; old.x = 1, old.y = 1 new.x = 2, new.y = 1 old.x = 2, old.y = 1 new.x = 3, new.y = 1 1 row updated... As you can see, that row trigger saw two versions of that row here. The row trigger was fired two times: once with the original version of the row and what we tried to modify that original version to, and again with the final row that was actually updated. Since this was a BEFORE FOR EACH ROW trigger, Oracle saw the read-consistent version of the record and the modifications we would like to have made to it. However, Oracle retrieved the block in current mode to actually perform the update after the BEFORE FOR EACH ROW trigger fired. It waits until after this trigger fires to get the block in current mode, because the trigger can modify the :NEW values. So Oracle can’t modify the block until after this trigger executes, and the trigger could take a very long time to execute. Since only one session at a time can hold a block in current mode, Oracle needs to limit the time we have it in that mode. After this trigger fired, Oracle retrieved the block in current mode and noticed that the column used to find this row, X, had been modified. Since X was used to locate this record and X was modified, the database decided to restart our query. Notice that the update of X from 1 to 2 did not put this row out of scope; we’ll still be updating it with this UPDATE statement. Rather, it is the fact that X was used to locate the row, and the consistent read value of X (1 in this case) differs from the current mode read of X (2). Now, upon restart, the trigger sees the value of X=2 (following modification by the other session) as the :OLD value and X=3 as the :NEW value. So, this shows that these restarts happen. It takes a trigger to see them in action; otherwise, they are generally undetectable. That does not mean you can’t see other symptoms—such as a large UPDATE statement rolling back work after updating many rows and then discovering a row that causes it to restart—just that it is hard to definitively say, “This symptom is caused by a restart.” An interesting observation is that triggers themselves may cause restarts to occur even when the statement itself doesn’t warrant them. Normally, the columns referenced in the WHERE clause of the UPDATE or DELETE statement are used to determine whether or not the modification needs to restart. Oracle will perform a consistent read using these columns and, upon retrieving the block in current mode, it will restart the statement if it detects that any of them have changed. Normally, the other columns in the row are not inspected. For example, let’s simply rerun the previous example and use WHERE Y>0 to find the rows in both sessions, the output we’ll see in the first session (the one that gets blocked) would be: ops$tkyte%ORA11GR2> update t set x = x+1 where y > 0; old.x = 1, old.y = 1 new.x = 2, new.y = 1 old.x = 2, old.y = 1 new.x = 3, new.y = 1 1 row updated. So why did Oracle fire the trigger twice when it was looking at the Y value? Does it examine the whole row? As you can see from the output, the update was, in fact, restarted and the trigger again fired twice, even though we were searching on Y>0 and did not modify Y at all. But, if we recreate the trigger to simply print out the fact that it fired, rather than reference the :OLD and :NEW values ops$tkyte%ORA11GR2> create or replace trigger t_bufer 2 before update on t for each row 3 begin 4 dbms_output.put_line( 'fired' ); 5 end; CHAPTER 7 ■ CONCURRENCY AND MULTI-VERSIONING 264 6 / Trigger created. ops$tkyte%ORA11GR2> update t set x = x+1; fired 1 row updated. and go into that second session again and run the update, we observe it gets blocked (of course). After committing the blocking session, we’ll see the following: ops$tkyte%ORA11GR2> update t set x = x+1 where y > 0; fired 1 row updated. The trigger fired just once this time, not twice. Thus, the :NEW and :OLD column values, when referenced in the trigger, are also used by Oracle to do the restart checking. When we referenced :NEW.X and :OLD.X in the trigger, X’s consistent read and current read values were compared and found to be different. A restart ensued. When we removed the reference to that column from the trigger, there was no restart. So the rule is that the set of columns used in the WHERE clause to find the rows plus the columns referenced in the row triggers will be compared. The consistent read version of the row will be compared to the current read version of the row; if any of them are different, the modification will restart. ■ Note You can use this bit of information to further understand why using an AFTER FOR EACH ROW trigger is more efficient than using a BEFORE FOR EACH ROW. The AFTER trigger won’t have the same effect—we’ve already retrieved the block in current mode by then. Which leads us to the “Why do we care?” question. Why Is a Restart Important to Us? The first thing that pops out should be “Our trigger fired twice!” We had a one-row table with a BEFORE FOR EACH ROW trigger on it. We updated one row, yet the trigger fired two times. Think of the potential implications of this. If you have a trigger that does anything nontransactional, this could be a fairly serious issue. For example, consider a trigger that sends an update where the body of the e-mail is “This is what the data used to look like. It has been modified to look like this now.” If you sent the e-mail directly from the trigger, using UTL_SMTP in Oracle9i or UTL_MAIL in Oracle 10g and above, then the user would receive two e-mails, with one of them reporting an update that never actually happened. Anything you do in a trigger that is nontransactional will be impacted by a restart. Consider the following implications: • Consider a trigger that maintains some PL/SQL global variables, such as for the number of rows processed. When a statement that restarts rolls back, the modifications to PL/SQL variables won’t roll back. CHAPTER 7 ■ CONCURRENCY AND MULTI-VERSIONING 265 • Virtually any function that starts with UTL_ (UTL_FILE, UTL_HTTP, UTL_SMTP, and so on) should be considered susceptible to a statement restart. When the statement restarts, UTL_FILE won’t un-write to the file it was writing to. • Any trigger that is part of an autonomous transaction must be suspect. When the statement restarts and rolls back, the autonomous transaction can’t be rolled back. All of these consequences must be handled with care in the belief that they may be fired more than once per row or be fired for a row that won’t be updated by the statement after all. The second reason you should care about potential restarts is performance related. We have been using a single-row example, but what happens if you start a large batch update and it is restarted after processing the first 100,000 records? It will roll back the 100,000 row changes, restart in SELECT FOR UPDATE mode, and do the 100,000 row changes again after that. You might notice, after putting in that simple audit trail trigger (the one that reads the :NEW and :OLD values), that performance is much worse than you can explain, even though nothing else has changed except the new triggers. It could be that you are restarting queries you never used in the past. Or the addition of a tiny program that updates just a single row here and there makes a batch process that used to run in an hour suddenly run in many hours due to restarts that never used to take place. This is not a new feature of Oracle—it has been in the database since version 4.0, when read consistency was introduced. I myself was not totally aware of how it worked until the summer of 2003 and, after I discovered what it implied, I was able to answer a lot of “How could that have happened?” questions from my own past. It has made me swear off using autonomous transactions in triggers almost entirely, and it has made me rethink the way some of my applications have been implemented. For example, I’ll never send e-mail from a trigger directly; rather, I’ll always use DBMS_JOB or something similar to send the e-mail after my transaction commits. This makes the sending of the e-mail transactional; that is, if the statement that caused the trigger to fire and send the e-mail is restarted, the rollback it performs will roll back the DBMS_JOB request. Most everything nontransactional that I did in triggers was modified to be done in a job after the fact, making it all transactionally consistent. Summary In this chapter, we covered a lot of material that, at times, might not have been obvious. However, it is vital that you understand these issues. For example, if you were not aware of the statement-level restart, you might not be able to figure out how a certain set of circumstances could have taken place. That is, you would not be able to explain some of the daily empirical observations you make. In fact, if you were not aware of the restarts, you might wrongly suspect the actual fault to be due to the circumstances or end user error. It would be one of those unreproducible issues, as it takes many things happening in a specific order to observe. We took a look at the meaning of the isolation levels set out in the SQL standard and at how Oracle implements them; at times, we contrasted Oracle’s implementation with that of other databases. We saw that in other implementations (i.e., ones that employ read locks to provide consistent data), there is a huge trade-off between concurrency and consistency. To get highly concurrent access to data, you would have to decrease your need for consistent answers. To get consistent, correct answers, you would need to live with decreased concurrency. In Oracle that is not the case, due to its multi- versioning feature. Table 7-9 sums up what you might expect in a database that employs read locking versus Oracle’s multi-versioning approach. CHAPTER 7 ■ CONCURRENCY AND MULTI-VERSIONING 266 Table 7-9. A Comparison of Transaction Isolation Levels and Locking Behaviour in Oracle Versus Databases That Employ Read Locking Isolation Level Implementation Writes Block Reads Reads Block Writes Deadlock- Sensitive Reads Incorrect Query Results Lost Updates Lock Escalation or Limits READ UNCOMMITTED Not Oracle No No No Yes Yes Yes READ COMMITTED Not Oracle Yes No No Yes Yes Yes READ COMMITTED Oracle No No No No No* No REPEATABLE READ Not Oracle Yes Yes Yes No No Yes SERIALIZABLE Not Oracle Yes Yes Yes No No Yes SERIALIZABLE Oracle No No No No No No * With SELECT FOR UPDATE NOWAIT. Concurrency controls and how the database implements them are definitely things you want to understand. I’ve been singing the praises of multi-versioning and read consistency, but like everything else in the world, they are double-edged swords. If you don’t understand that multi-versioning is there and how it works, you will make errors in application design. Consider the resource scheduler example from Chapter 1. In a database without multi-versioning and its associated non-blocking reads, the original logic employed by the program may very well have worked. However, this logic would fall apart when implemented in Oracle. It would allow data integrity to be compromised. Unless you know how multi-versioning works, you will write programs that corrupt data. It is that simple. C H A P T E R 8 ■ ■ ■ 267 Transactions Transactions are one of the features that set databases apart from file systems. In a file system, if you are in the middle of writing a file and the operating system crashes, that file will probably be corrupted, though there are “journaled” file systems and the like that may be able to recover your file to some point in time. However, if you need to keep two files synchronized, such a system won’t help—if you update one file and the system fails before you finish updating the second, your files won’t be synchronized. This is the main purpose of transactions—they take the database from one consistent state to the next. That is their function. When you commit work in the database, you are assured that either all of your changes, or none of them, have been saved. Furthermore, you are assured that the various rules and checks that protect data integrity were implemented. In the previous chapter, “Concurrency and Multi-versioning,” we discussed transactions in terms of concurrency control and how, as a result of Oracle’s multi-versioning, read-consistent model, Oracle transactions can provide consistent data every time, under highly concurrent data access conditions. Transactions in Oracle exhibit all of the required ACID characteristics: • Atomicity: Either all of a transaction happens or none of it happens. • Consistency: A transaction takes the database from one consistent state to the next. • Isolation: The effects of a transaction may not be visible to other transactions until the transaction has committed. • Durability: Once the transaction is committed, it is permanent. In particular, we discussed how Oracle obtains consistency and isolation in the previous chapter. Here we’ll focus most of our attention on the concept of atomicity and how that is applied in Oracle. In this chapter, we’ll discuss the implications of atomicity and how it affects statements in Oracle. We’ll cover transaction control statements such as COMMIT, SAVEPOINT, and ROLLBACK, and we’ll discuss how integrity constraints are enforced in a transaction. We’ll also look at why you may have some bad transaction habits if you’ve been developing in other databases. We’ll look at distributed transactions and the two-phase commit (2PC). Lastly, we’ll examine autonomous transactions, what they are, and the role they play. Transaction Control Statements You don’t need a “begin transaction” statement in Oracle. A transaction implicitly begins with the first statement that modifies data (the first statement that gets a TX lock). You can explicitly begin a transaction using SET TRANSACTION or the DBMS_TRANSACTION package, but it is not a necessary step, unlike in some other databases. Issuing either a COMMIT or ROLLBACK statement explicitly ends a transaction. CHAPTER 8 ■ TRANSACTIONS 268 ■ Note Not all ROLLBACK statements are created equal. It should be noted that a ROLLBACK TO SAVEPOINT command will not end a transaction! Only a full, proper ROLLBACK will. You should always explicitly terminate your transactions with a COMMIT or ROLLBACK; otherwise, the tool or environment you’re using will pick one or the other for you. If you exit your SQL*Plus session normally, without committing or rolling back, SQL*Plus assumes you wish to commit your work and it does so. If you just exit from a Pro*C program, on the other hand, an implicit rollback takes place. Never rely on implicit behavior, as it could change in the future. Always explicitly COMMIT or ROLLBACK your transactions. ■ Note As an example of something changing in the future, SQL*Plus in Oracle Database 11g Release 2 sports a new setting, “exitcommit.” This setting controls whether SQL*Plus issues a COMMIT or ROLLBACK upon exit. So when you use 11g Release 2, the default behavior that has been in place since SQL*Plus was invented may well be different! Transactions are atomic in Oracle, meaning that either every statement that comprises the transaction is committed (made permanent) or all of the statements are rolled back. This protection is extended to individual statements as well. Either a statement entirely succeeds or the statement is entirely rolled back. Note that I said the “statement” is rolled back. The failure of one statement does not cause previously executed statements to be automatically rolled back. Their work is preserved and must either be committed or rolled back by you. Before we get into the details of exactly what it means for a statement and transaction to be atomic, let’s take a look at the various transaction control statements available to us: • COMMIT: To use this statement’s simplest form, you just issue COMMIT. You could be more verbose and say COMMIT WORK, but the two are equivalent. A COMMIT ends your transaction and makes any changes permanent (durable). There are extensions to the COMMIT statement used in distributed transactions that allow you to label a COMMIT (label a transaction) with some meaningful comment and force the commit of an in-doubt distributed transaction. There are also extensions that allow you to perform an asynchronous commit—a commit that actually breaks the durability concept. We’ll take a look at this in a bit and see when it might be appropriate to use. • ROLLBACK: To use this statement’s simplest form, you just issue ROLLBACK. Again, you could be more verbose and say ROLLBACK WORK, but the two are equivalent. A rollback ends your transaction and undoes any uncommitted changes. It does this by reading information stored in the rollback/undo segments (going forward I’ll refer to these exclusively as undo segments, the favored terminology for Oracle 10g and later) and restoring the database blocks to the state they were before your transaction began. • SAVEPOINT: A SAVEPOINT allows you to create a marked point within a transaction. You may have multiple SAVEPOINTs within a single transaction. CHAPTER 8 ■ TRANSACTIONS 269 • ROLLBACK TO : This statement is used with the SAVEPOINT command. You can roll back your transaction to that marked point without rolling back any of the work that preceded it. So, you could issue two UPDATE statements, followed by a SAVEPOINT and then two DELETE statements. If an error or some sort of exceptional condition occurs during execution of the DELETE statements, and you catch that exception and issue the ROLLBACK TO SAVEPOINT command, the transaction will roll back to the named SAVEPOINT, undoing any work performed by the DELETEs but leaving the work performed by the UPDATE statements intact. • SET TRANSACTION: This statement allows you to set various transaction attributes, such as the transaction’s isolation level and whether it is read-only or read-write. You can also use this statement to instruct the transaction to use a specific undo segment when using manual undo management, but this is not recommended. We’ll discuss manual and automatic undo management in more detail in Chapter 9 “Redo and Undo.” That’s it—there are no other transaction control statements. The most frequently used control statements are COMMIT and ROLLBACK. The SAVEPOINT statement has a somewhat special purpose. Internally, Oracle uses it frequently; in fact Oracle uses it every time you execute any SQL or PL/SQL statement, and you may find some use for it in your applications as well. Atomicity Now we’re ready to see what’s meant by statement, procedure, and transaction atomicity. Statement-Level Atomicity Consider the following statement: Insert into t values ( 1 ); It seems fairly clear that if the statement were to fail due to a constraint violation, the row would not be inserted. However, consider the following example, where an INSERT or DELETE on table T fires a trigger that adjusts the CNT column in table T2 appropriately: ops$tkyte%ORA11GR2> create table t2 ( cnt int ); Table created. ops$tkyte%ORA11GR2> insert into t2 values ( 0 ); 1 row created. ops$tkyte%ORA11GR2> commit; Commit complete. ops$tkyte%ORA11GR2> create table t ( x int check ( x>0 ) ); Table created. ops$tkyte%ORA11GR2> create trigger t_trigger 2 before insert or delete on t for each row 3 begin 4 if ( inserting ) then CHAPTER 8 ■ TRANSACTIONS 270 5 update t2 set cnt = cnt +1; 6 else 7 update t2 set cnt = cnt -1; 8 end if; 9 dbms_output.put_line( 'I fired and updated ' || 10 sql%rowcount || ' rows' ); 11 end; 12 / Trigger created. In this situation, it is less clear what should happen. If the error occurs after the trigger has fired, should the effects of the trigger persist, or not? That is, if the trigger fired and updated T2, but the row was not inserted into T, what should the outcome be? Clearly the answer is that we don’t want the CNT column in T2 to be incremented if a row is not actually inserted into T. Fortunately in Oracle, the original statement from the client—INSERT INTO T, in this case—either entirely succeeds or entirely fails. This statement is atomic. We can confirm this, as follows: ops$tkyte%ORA11GR2> set serveroutput on ops$tkyte%ORA11GR2> insert into t values (1); I fired and updated 1 rows 1 row created. ops$tkyte%ORA11GR2> insert into t values(-1); I fired and updated 1 rows insert into t values(-1) * ERROR at line 1: ORA-02290: check constraint (OPS$TKYTE.SYS_C0018095) violated ops$tkyte%ORA11GR2> select * from t2; CNT ---------- 1 ■ Note When using SQL*Plus from Oracle9i Release 2 and before, in order to see that the trigger fired, you need to add a line of code, EXEC NULL, after the second INSERT. This is because SQL*Plus does not retrieve and display the DBMS_OUTPUT information after a failed DML statement in those releases. In Oracle 10g and above it does. So, one row was successfully inserted into T and we duly received the message I fired and updated 1 rows. The next INSERT statement violates the integrity constraint we have on T. The DBMS_OUTPUT message appeared—the trigger on T in fact did fire and we have evidence of that. The trigger performed its updates of T2 successfully. We might expect T2 to have a value of 2 now, but we see it has a value of 1. Oracle made the original INSERT atomic—the original INSERT INTO T is the statement, and any side effects of that original INSERT INTO T are considered part of that statement. Oracle achieves this statement-level atomicity by silently wrapping a SAVEPOINT around each of our calls to the database. The preceding two INSERTs were really treated like this: CHAPTER 8 ■ TRANSACTIONS 271 Savepoint statement1; Insert into t values ( 1 ); If error then rollback to statement1; Savepoint statement2; Insert into t values ( -1 ); If error then rollback to statement2; For programmers used to Sybase or SQL Server, this may be confusing at first. In those databases exactly the opposite is true. The triggers in those systems execute independently of the firing statement. If they encounter an error, the triggers must explicitly roll back their own work and then raise another error to roll back the triggering statement. Otherwise, the work done by a trigger could persist even if the triggering statement, or some other part of the statement, ultimately fails. In Oracle, this statement-level atomicity extends as deep as it needs to. In the preceding example, if the INSERT INTO T fires a trigger that updates another table, and that table has a trigger that deletes from another table (and so on, and so on), either all of the work succeeds or none of it does. You don’t need to code anything special to ensure this; it’s just the way it works. Procedure-Level Atomicity It is interesting to note that Oracle considers PL/SQL anonymous blocks to be statements as well. Consider the previous stored procedure and reset example tables: ops$tkyte%ORA11GR2> create or replace procedure p 2 as 3 begin 4 insert into t values ( 1 ); 5 insert into t values (-1 ); 6 end; 7 / Procedure created. ops$tkyte%ORA11GR2> delete from t; 0 rows deleted. ops$tkyte%ORA11GR2> update t2 set cnt = 0; 1 row updated. ops$tkyte%ORA11GR2> commit; Commit complete. ops$tkyte%ORA11GR2> select * from t; no rows selected ops$tkyte%ORA11GR2> select * from t2; CNT ---------- 0 So, we have a procedure we know will fail, and the second INSERT will always fail in this case. Let’s see what happens if we run that stored procedure: CHAPTER 8 ■ TRANSACTIONS 272 ops$tkyte%ORA11GR2> begin 2 p; 3 end; 4 / I fired and updated 1 rows I fired and updated 1 rows begin * ERROR at line 1: ORA-02290: check constraint (OPS$TKYTE.SYS_C0018095) violated ORA-06512: at "OPS$TKYTE.P", line 5 ORA-06512: at line 2 ops$tkyte%ORA11GR2> select * from t; no rows selected ops$tkyte%ORA11GR2> select * from t2; CNT ---------- 0 As you can see, Oracle treated the stored procedure call as an atomic statement. The client submitted a block of code—BEGIN P; END;—and Oracle wrapped a SAVEPOINT around it. Since P failed, Oracle restored the database back to the point right before it was called. Note The preceding behavior—statement-level atomicity—relies on the PL/SQL routine not performing any commits or rollbacks itself. It is my opinion that COMMIT and ROLLBACK should not be used in general in PL/SQL; the invoker of the PL/SQL stored procedure is the only one that knows when a transaction is complete. It is a bad programming practice to issue a COMMIT or ROLLBACK in your developed PL/SQL routines. Now, if we submit a slightly different block, we will get entirely different results: ops$tkyte%ORA11GR2> begin 2 p; 3 exception 4 when others then 5 dbms_output.put_line( 'Error!!!! ' || sqlerrm ); 6 end; 7 / I fired and updated 1 rows I fired and updated 1 rows Error!!!! ORA-02290: check constraint (OPS$TKYTE.SYS_C0018095) violated PL/SQL procedure successfully completed. ops$tkyte%ORA11GR2> select * from t; CHAPTER 8 ■ TRANSACTIONS 273 X ---------- 1 ops$tkyte%ORA11GR2> select * from t2; CNT ---------- 1 ops$tkyte%ORA11GR2> rollback; Rollback complete. Here, we ran a block of code that ignored any and all errors, and the difference in outcome is huge. Whereas the first call to P effected no changes, this time the first INSERT succeeds and the CNT column in T2 is incremented accordingly. Oracle considered the “statement” to be the block that the client submitted. This statement succeeded by catching and ignoring the error itself, so the If error then rollback... didn’t come into effect and Oracle didn’t roll back to the SAVEPOINT after execution. Hence, the partial work performed by P was preserved. The reason this partial work is preserved in the first place is that we have statement- level atomicity within P: each statement in P is atomic. P becomes the client of Oracle when it submits its two INSERT statements. Each INSERT either succeeds or fails entirely. This is evidenced by the fact that we can see that the trigger on T fired twice and updated T2 twice, yet the count in T2 reflects only one UPDATE. The second INSERT executed in P had an implicit SAVEPOINT wrapped around it. THE “WHEN OTHERS” CLAUSE I consider virtually all code that contains a WHEN OTHERS exception handler that does not also include a RAISE or RAISE_APPLICATION_ERROR to re-raise the exception to be a bug. It silently ignores the error and it changes the transaction semantics. Catching WHEN OTHERS and translating the exception into an old- fashioned return code changes the way the database is supposed to behave. In fact, when Oracle 11g Release 1 was still on the drawing board, I was permitted to submit three requests for new features in PL/SQL. I jumped at the chance, and my first suggestion was simply “remove the WHEN OTHERS clause from the language.” My reasoning was simple, the most common cause of developer-introduced bugs I see—the most common cause—is a WHEN OTHERS not followed by a RAISE or RAISE_APPLICATION_ERROR. I felt the world would be a safer place without this language feature. The PL/SQL implementation team could not do this, of course, but they did the next best thing. They made it so that PL/SQL will generate a compiler warning if you have a WHEN OTHERS that is not followed by a RAISE or RAISE_APPLICATION_ERROR call. For example: ops$tkyte%ORA11GR2> alter session set 2 PLSQL_Warnings = 'enable:all' 3 / Session altered. ops$tkyte%ORA11GR2> create or replace procedure some_proc( p_str in varchar2 ) 2 as 3 begin 4 dbms_output.put_line( p_str ); 5 exception CHAPTER 8 ■ TRANSACTIONS 274 6 when others 7 then 8 -- call some log_error() routine 9 null; 10 end; 11 / SP2-0804: Procedure created with compilation warnings ops$tkyte%ORA11GR2> show errors procedure some_proc Errors for PROCEDURE P: LINE/COL ERROR -------- ----------------------------------------------------------------- 1/1 PLW-05018: unit SOME_PROC omitted optional AUTHID clause; default value DEFINER used 6/8 PLW-06009: procedure "SOME_PROC" OTHERS handler does not end in RAISE or RAISE_APPLICATION_ERROR So, if you include WHEN OTHERS in your code and it is not followed by a RAISE or RAISE_APPLICATION_ERROR, be aware that you are almost certainly looking at a bug in your developed code, a bug placed there by you. The difference between the two blocks of code, one with a WHEN OTHERS exception block and one without, is subtle, and something you must consider in your applications. Adding an exception handler to a block of PL/SQL code can radically change its behavior. A different way to code this—one that restores the statement-level atomicity to the entire PL/SQL block—is as follows: ops$tkyte%ORA11GR2> begin 2 savepoint sp; 3 p; 4 exception 5 when others then 6 rollback to sp; 7 dbms_output.put_line( 'Error!!!! ' || sqlerrm ); 8 end; 9 / I fired and updated 1 rows I fired and updated 1 rows Error!!!! ORA-02290: check constraint (OPS$TKYTE.SYS_C0018095) violated PL/SQL procedure successfully completed. ops$tkyte%ORA11GR2> select * from t; no rows selected ops$tkyte%ORA11GR2> select * from t2; CNT ---------- 0 CHAPTER 8 ■ TRANSACTIONS 275 ■ Caution The preceding code represents an exceedingly bad practice. In general, you should neither catch a WHEN OTHERS nor explicitly code what Oracle already provides as far as transaction semantics is concerned. Here, by mimicking the work Oracle normally does for us with the SAVEPOINT, we are able to restore the original behavior while still catching and “ignoring” the error. I provide this example for illustration only; this is an exceedingly bad coding practice. Transaction-Level Atomicity The entire goal of a transaction, a set of SQL statements executed together as a unit of work, is to take the database from one consistent state to another consistent state. To accomplish this goal, transactions are atomic as well—the entire set of successful work performed by a transaction is either entirely committed and made permanent or rolled back and undone. Just like a statement, the transaction is an atomic unit of work. Upon receipt of “success” from the database after committing a transaction, you know that all of the work performed by the transaction has been made persistent. DDL and Atomicity It is worth noting that there is a certain class of statements in Oracle that are atomic—but only at the statement level. Data Definition Language (DDL) statements are implemented in a manner such that: 1. They begin by committing any outstanding work, ending any transaction you might already have in place. 2. They perform the DDL operation, such as a CREATE TABLE. 3. They commit the DDL operation if it was successful, or roll back the DDL operation otherwise. This means that any time you issue a DDL statement such as CREATE, ALTER and so on, you must expect your existing transaction to be immediately committed and the subsequent DDL command to be performed and either committed and made durable or rolled back in the event of any error. DDL does not break the ACID concepts in any way, but the fact that it commits is something you definitely need to be aware of. Durability Normally, when a transaction is committed, its changes are permanent—you can rely on those changes being in the database even if the database crashed the instant after the commit completed. This is not true, however, in two specific cases: • You use the new (as of Oracle 10g Release 2 and above) WRITE extensions available in the COMMIT statement. • You issue COMMITs in a non-distributed (accesses only a single database, no database links) PL/SQL block of code. We’ll look at each in turn. CHAPTER 8 ■ TRANSACTIONS 276 WRITE Extensions to COMMIT Starting with Oracle Database 10g Release 2 and above, you may add a WRITE clause to your COMMIT statements. The WRITE clause allows the commit to either WAIT for the redo you generated to be written to disk (the default) or NOWAIT—to not wait—for the redo to be written. The NOWAIT option is the new capability—a capability that must be used carefully, with forethought, and with understanding of exactly what it means. Normally, a COMMIT is a synchronous process. Your application invokes COMMIT and then your application waits for the entire COMMIT processing to be complete (what that entails exactly will be covered in detail in Chapter 9, “Redo and Undo”). This is the behavior of COMMIT in all the database releases before Oracle 10g Release 2 and is the default behavior in Oracle 10g Release 2 and above. In current releases of the database, instead of waiting for the commit to complete, which may take measurable time since a commit involves a physical write—a physical IO—to the redo log files stored on disk, you may have the commit performed in the background, without waiting for it. That comes with the side-effect that your commit is no longer assured to be durable. That is, your application may get a response back from the database that the asynchronous commit you submitted was received, other sessions may be able to see your changes, but later find that the transaction you thought was committed was not. This situation will occur only in very rare cases and will always involve a serious failure of the hardware or software. It requires the database to be shutdown abnormally in order for an asynchronous commit to not be durable, meaning the database instance or computer the database instance is running on would have to suffer a complete failure. So, if transactions are meant to be durable, what is the potential use of a feature that might make them possibly not durable? Raw performance. When you issue a COMMIT in your application, you are asking the LGWR process to take the redo you’ve generated and ensure that it is written to the online redo log files. Performing physical IO, which this process involves, is measurably slow; it takes a long time, relatively speaking, to write data to disk. So, a COMMIT may well take longer than the DML statements in the transaction itself! If you make the COMMIT asynchronous, you remove the need to wait for that physical I/O in the client application, perhaps making the client application appear faster—especially if it does lots of COMMITs. This might suggest that you’d want to use this COMMIT WRITE NOWAIT all of the time—after all isn’t performance the most important thing in the world? No, it is not. Most of the time, you need the durability achieved by default with COMMIT. When you COMMIT and report back to an end user “we have committed,” you need to be sure that the change is permanent. It will be recorded in the database even if the database/hardware failed right after the COMMIT. If you report to an end user that “Order 12352 has been placed,” you need to make sure that Order 12352 was truly placed and persistent. So, for most every application, the default COMMIT WRITE WAIT is the only correct option (note that you only need say COMMIT—the default setting is WRITE WAIT). When would you want to use this new capability to commit without waiting then? Three scenarios come to mind: • A custom data load program. It must be custom, since it will have additional logic to deal with the fact that a commit might not persist a system failure. • An application that processes a live data feed of some sort, say a stock quote feed from the stock markets that inserts massive amounts of time-sensitive information into the database. If the database goes offline, the data stream keeps on going and the data generated during the system failure will never be processed (Nasdaq does not shut down because your database crashed, after all!). That this data is not processed is OK, because the stock data is so time-sensitive, after a few seconds it would be overwritten by new data anyway. • An application that implements its own “queuing” mechanism, for example one that has data in a table with a PROCESSED_FLAG column. As new data arrives, it is inserted with a value of PROCESSED_FLAG='N' (unprocessed). Another routine is CHAPTER 8 ■ TRANSACTIONS 277 tasked with reading the PROCESSED_FLAG='N' records, performing some small, fast transaction and updating the PROCESSED_FLAG='N' to 'Y'. If it commits but that commit is later undone (by a system failure), it is OK because the application that processes these records will just process the record again—it is “restartable.” If you look at these application categories, you’ll notice that all three of them are background, non- interactive applications. They do not interact with a human being directly. Any application that does interact with a person, that reports to the person “commit complete,” should use the synchronous commit. Asynchronous commits are not a tuning device for your online customer-facing applications. Asynchronous commits are applicable only to batch-oriented applications, those that are automatically restartable upon failure. Interactive applications are not restartable automatically upon failure—a human being must redo the transaction. Therefore, you have another flag that tells you whether this capability can be considered—do you have a batch application or an interactive one? Unless it is batch- oriented, synchronous commit is the way to go. So, outside of those three categories of batch applications, this new capability—COMMIT WRITE NOWAIT—should probably not be used. If you do use it, you need to ask yourself what would happen if your application is told commit processed, but later, the commit is undone. You need to be able to answer that question and come to the conclusion that it will be OK if that happens. If you can’t answer that question, or if a committed change being lost would have serious repercussions, you should not use the asynchronous commit capability. COMMITS in a Non-Distributed PL/SQL Block Since PL/SQL was first introduced in version 6 of Oracle, it has been transparently using an asynchronous commit. That approach has worked because all PL/SQL is like a batch program in a way— the end user does not know the outcome of the procedure until it is completely finished. That’s also why this asynchronous commit is used only in non-distributed PL/SQL blocks of code; if we involve more than one database, then there are two things—two databases—relying on the commit being durable. When two databases are relying on the commit being durable, we have to utilize synchronous protocols or a change might be committed in one database but not the other. ■ Note Of course, pipelined PL/SQL functions deviate from “normal” PL/SQL functions. In normal PL/SQL functions, the outcome is not known until the end of the stored procedure call. Pipelined functions in general are able to return data to a client long before they complete (they return “chunks” of data to the client, a bit at a time). But since pipelined functions are called from SELECT statements and would not be committing anyway, they do not come into play in this discussion. Therefore, PL/SQL was developed to utilize an asynchronous commit, allowing the COMMIT statement in PL/SQL to not have to wait for the physical I/O to complete (avoiding the “log file sync” wait). That does not mean that you can’t rely on a PL/SQL routine that commits and returns control to your application to not be durable with respect to its changes—PL/SQL will wait for the redo it generated to be written to disk before returning to the client application—but it will only wait once, right before it returns. CHAPTER 8 ■ TRANSACTIONS 278 ■ Note The following example demonstrates a bad practice—one that I call “slow-by-slow processing” or “row- by-row processing,” as row-by-row is synonymous with slow-by-slow in a relational database. It is meant just to illustrate how PL/SQL processes a commit statement. Consider this PL/SQL procedure: ops$tkyte%ORA11GR2> create table t 2 as 3 select * 4 from all_objects 5 where 1=0 6 / Table created. ops$tkyte%ORA11GR2> create or replace procedure p 2 as 3 begin 4 for x in ( select * from all_objects ) 5 loop 6 insert into t values X; 7 commit; 8 end loop; 9 end; 10 / Procedure created. That PL/SQL code reads a record at a time from ALL_OBJECTS, inserts the record into table T and commits each record as it is inserted. Logically, that code is the same as: ops$tkyte%ORA11GR2> create or replace procedure p 2 as 3 begin 4 for x in ( select * from all_objects ) 5 loop 6 insert into t values X; 7 commit write NOWAIT; 8 end loop; 9 10 -- make internal call here to ensure 11 -- redo was written by LGWR 12 end; 13 / Procedure created. So, the commits performed in the routine are done with WRITE NOWAIT and before the PL/SQL block of code returns to the client application, PL/SQL makes sure that the last bit of redo it generated was safely recorded to disk—making the PL/SQL block of code and its changes durable. CHAPTER 8 ■ TRANSACTIONS 279 In Chapter 11, “Indexes,” we’ll see the salient effects of this feature of PL/SQL when measuring the performance of reverse key indexes. If you’d like to see how PL/SQL performs in the manner described above, skip there for a moment to review the reverse key index benchmark. Integrity Constraints and Transactions It is interesting to note exactly when integrity constraints are checked. By default, integrity constraints are checked after the entire SQL statement has been processed. There are also deferrable constraints that permit the validation of integrity constraints to be postponed until either the application requests they be validated by issuing a SET CONSTRAINTS ALL IMMEDIATE command or upon issuing a COMMIT. IMMEDIATE Constraints For the first part of this discussion, we’ll assume that constraints are in IMMEDIATE mode, which is the norm. In this case, the integrity constraints are checked immediately after the entire SQL statement has been processed. Note that I used the term “SQL statement,” not just “statement.” If I have many SQL statements in a PL/SQL stored procedure, each SQL statement will have its integrity constraints validated immediately after its individual execution, not after the stored procedure completes. So, why are constraints validated after the SQL statement executes? Why not during? This is because it is very natural for a single statement to make individual rows in a table momentarily inconsistent. Taking a look at the partial work by a statement would result in Oracle rejecting the results, even if the end result would be OK. For example, suppose we have a table like this: ops$tkyte%ORA11GR2> create table t ( x int unique ); Table created. ops$tkyte%ORA11GR2> insert into t values ( 1 ); 1 row created. ops$tkyte%ORA11GR2> insert into t values ( 2 ); 1 row created. ops$tkyte%ORA11GR2> commit; Commit complete. And we want to execute a multiple-row UPDATE: ops$tkyte%ORA11GR2> update t set x=x-1; 2 rows updated. If Oracle checked the constraint after each row was updated, on any given day we would stand a 50- 50 chance of having the UPDATE fail. The rows in T are accessed in some order, and if Oracle updated the X=1 row first, we would momentarily have a duplicate value for X and it would reject the UPDATE. Since Oracle waits patiently until the end of the statement, the statement succeeds because by the time it is done, there are no duplicates. CHAPTER 8 ■ TRANSACTIONS 280 DEFERRABLE Constraints and Cascading Updates Starting with Oracle 8.0, we also have the ability to defer constraint checking, which can be quite advantageous for various operations. The one that immediately jumps to mind is the requirement to cascade an UPDATE of a primary key to the child keys. Many people claim you should never need to do this—that primary keys are immutable (I am one of those people), but many others persist in their desire to have a cascading UPDATE. Deferrable constraints make this possible. ■ Note It is considered an extremely bad practice to perform update cascades to modify a primary key. It violates the intent of the primary key. If you have to do it once to correct bad information, that’s one thing, but if you find you are constantly doing it as part of your application, you will want to go back and rethink that process—you have chosen the wrong attributes to be the key! In prior releases, it was actually possible to do a CASCADE UPDATE, but doing so involved a tremendous amount of work and had certain limitations. With deferrable constraints, it becomes almost trivial. The code could look like this: ops$tkyte%ORA11GR2> create table parent 2 ( pk int primary key ) 3 / Table created. ops$tkyte%ORA11GR2> create table child 2 ( fk constraint child_fk_parent 3 references parent(pk) 4 deferrable 5 initially immediate 6 ) 7 / Table created. ops$tkyte%ORA11GR2> insert into parent values ( 1 ); 1 row created. ops$tkyte%ORA11GR2> insert into child values ( 1 ); 1 row created. We have a parent table, PARENT, and a child table, CHILD. Table CHILD references table PARENT, and the constraint used to enforce that rule is called CHILD_FK_PARENT (child foreign key to parent). This constraint was created as DEFERRABLE, but it is set to INITIALLY IMMEDIATE. This means we can defer that constraint until COMMIT or to some other time. By default, however, it will be validated at the statement level. This is the most common use of the deferrable constraints. Most existing applications won’t check for constraint violations on a COMMIT statement, and it is best not to surprise them with that. As defined, table CHILD behaves in the fashion tables always have, but it gives us the ability to explicitly change its behavior. Now let’s try some DML on the tables and see what happens: CHAPTER 8 ■ TRANSACTIONS 281 ops$tkyte%ORA11GR2> update parent set pk = 2; update parent set pk = 2 * ERROR at line 1: ORA-02292: integrity constraint (OPS$TKYTE.CHILD_FK_PARENT) violated - child record found Since the constraint is in IMMEDIATE mode, this UPDATE fails. We’ll change the mode and try again: ops$tkyte%ORA11GR2> set constraint child_fk_parent deferred; Constraint set. ops$tkyte%ORA11GR2> update parent set pk = 2; 1 row updated. Now it succeeds. For illustration purposes, I’ll show how to check a deferred constraint explicitly before committing, to see if the modifications we made are in agreement with the business rules (in other words, to check that the constraint isn’t currently being violated). It’s a good idea to do this before committing or releasing control to some other part of the program (which may not be expecting the deferred constraints): ops$tkyte%ORA11GR2> set constraint child_fk_parent immediate; set constraint child_fk_parent immediate * ERROR at line 1: ORA-02291: integrity constraint (OPS$TKYTE.CHILD_FK_PARENT) violated - parent key not found It fails and returns an error immediately as expected, since we knew that the constraint had been violated. The UPDATE to PARENT was not rolled back (that would violate the statement-level atomicity); it is still outstanding. Also note that our transaction is still working with the CHILD_FK_PARENT constraint deferred because the SET CONSTRAINT command failed. Let’s continue now by cascading the UPDATE to CHILD: ops$tkyte%ORA11GR2> update child set fk = 2; 1 row updated. ops$tkyte%ORA11GR2> set constraint child_fk_parent immediate; Constraint set. ops$tkyte%ORA11GR2> commit; Commit complete. And that’s the way it works. Note that to defer a constraint, you must create them that way—you have to drop and re-create the constraint to change it from nondeferrable to deferrable. That might lead you to believe that you should create all of your constraints as “deferrable initially immediate,” just in case you wanted to defer them at some point. In general, that is not true. You want to allow constraints to be deferred only if you have a real need to do so. By creating deferred constraints, you introduce differences in the physical implementation (in the structure of your data) that might not be obvious. For example, if you create a deferrable UNIQUE or PRIMARY KEY constraint, the index that Oracle creates to support the enforcement of that constraint will be a non-unique index. Normally, you expect a unique index to enforce a unique constraint, but since you have specified that the constraint could temporarily be ignored, it can’t use that unique index. Other subtle changes will be observed, for example, with CHAPTER 8 ■ TRANSACTIONS 282 NOT NULL constraints. In Chapter 11 “Indexes,” we’ll see how an index on a NOT NULL column can be used in many cases where a similar index on a NULL column can’t be. If you allow your NOT NULL constraints to be deferrable, the optimizer will start treating the column as if it supports NULLs—because it in fact does support NULLs during your transaction. For example, suppose you have a table with the following columns and data: ops$tkyte%ORA11GR2> create table t 2 ( x int constraint x_not_null not null deferrable, 3 y int constraint y_not_null not null, 4 z varchar2(30) 5 ); Table created. ops$tkyte%ORA11GR2> insert into t(x,y,z) 2 select rownum, rownum, rpad('x',30,'x') 3 from all_users; 45 rows created. ops$tkyte%ORA11GR2> exec dbms_stats.gather_table_stats( user, 'T' ); PL/SQL procedure successfully completed. In this example, column X is created such that when you COMMIT, X will not be null. However, during your transaction X is allowed to be null since the constraint is deferrable. Column Y, on the other hand, is always NOT NULL. If you were to index column Y: ops$tkyte%ORA11GR2> create index t_idx on t(y); Index created. And then run a query that could make use of this index on Y—but only if Y is NOT NULL as in following query: ops$tkyte%ORA11GR2> select count(*) from t; Execution Plan ---------------------------------------------------------- Plan hash value: 995313729 ------------------------------------------------------------------ | Id | Operation | Name | Rows | Cost (%CPU)| Time | ------------------------------------------------------------------ | 0 | SELECT STATEMENT | | 1 | 1 (0)| 00:00:01 | | 1 | SORT AGGREGATE | | 1 | | | | 2 | INDEX FULL SCAN| T_IDX | 45 | 1 (0)| 00:00:01 | ------------------------------------------------------------------ you would be happy to see the optimizer chose to use the small index on Y to count the rows rather than to full scan the entire table T. However, if you drop that index and index column X instead ops$tkyte%ORA11GR2> drop index t_idx; Index dropped. ops$tkyte%ORA11GR2> create index t_idx on t(x); Index created. CHAPTER 8 ■ TRANSACTIONS 283 and then run the query to count the rows once more, you would discover that the database does not, in fact cannot, use your index: ops$tkyte%ORA11GR2> select count(*) from t; Execution Plan ---------------------------------------------------------- Plan hash value: 2966233522 ------------------------------------------------------------------- | Id | Operation | Name | Rows | Cost (%CPU)| Time | ------------------------------------------------------------------- | 0 | SELECT STATEMENT | | 1 | 3 (0)| 00:00:01 | | 1 | SORT AGGREGATE | | 1 | | | | 2 | TABLE ACCESS FULL| T | 45 | 3 (0)| 00:00:01 | ------------------------------------------------------------------- It full-scanned the table. It had to full-scan the table in order to count the rows. This is due to the fact that in an Oracle B*Tree index, index key entries that are entirely null are not made. That is, the index will not contain an entry for any row in the table T such that all of the columns in the index are null. Since X is allowed to be null temporarily, the optimizer has to assume that X might be null and therefore would not be in the index on X. Hence a count returned from the index might be different (wrong) from a count against the table. We can see that if X had a non-deferrable constraint placed on it, this limitation is removed; that is, column X is in fact as good as column Y if the NOT NULL constraint is not deferrable: ops$tkyte%ORA11GR2> alter table t drop constraint x_not_null; Table altered. ops$tkyte%ORA11GR2> alter table t modify x constraint x_not_null not null; Table altered. ops$tkyte%ORA11GR2> set autotrace traceonly explain ops$tkyte%ORA11GR2> select count(*) from t; Execution Plan ---------------------------------------------------------- Plan hash value: 995313729 ------------------------------------------------------------------ | Id | Operation | Name | Rows | Cost (%CPU)| Time | ------------------------------------------------------------------ | 0 | SELECT STATEMENT | | 1 | 1 (0)| 00:00:01 | | 1 | SORT AGGREGATE | | 1 | | | | 2 | INDEX FULL SCAN| T_IDX | 45 | 1 (0)| 00:00:01 | ------------------------------------------------------------------ So, the bottom line is, only use deferrable constraints where you have an identified need to use them. They introduce subtle side effects that could cause differences in your physical implementation (non-unique vs. unique indexes) or in your query plans—as just demonstrated! CHAPTER 8 ■ TRANSACTIONS 284 Bad Transaction Habits Many developers have some bad habits when it comes to transactions. I see this frequently with developers who have worked with a database that “supports” but does not “promote” the use of transactions. For example, in Informix (by default), Sybase, and SQL Server, you must explicitly BEGIN a transaction; otherwise, each individual statement is a transaction all by itself. In a similar manner to the way in which Oracle wraps a SAVEPOINT around discrete statements, these databases wrap a BEGIN WORK/COMMIT or ROLLBACK around each statement. This is because, in these databases, locks are precious resources, and readers block writers and vice versa. In an attempt to increase concurrency, these databases want you to make the transaction as short as possible—sometimes at the expense of data integrity. Oracle takes the opposite approach. Transactions are always implicit, and there is no way to have an “autocommit” unless an application implements it (see the “Using Autocommit” section later in this chapter for more details). In Oracle, every transaction should be committed when it must and never before. Transactions should be as large as they need to be. Issues such as locks, blocking, and so on should not really be considered the driving forces behind transaction size—data integrity is the driving force behind the size of your transaction. Locks are not a scarce resource, and there are no contention issues between concurrent readers and writers of data. This allows you to have robust transactions in the database. These transactions do not have to be short in duration—they should be exactly as long as they need to be (but no longer). Transactions are not for the convenience of the computer and its software; they are to protect your data. Committing in a Loop Faced with the task of updating many rows, most programmers will try to figure out some procedural way to do it in a loop, so that they can commit every so many rows. I’ve heard two (false!) reasons for doing it this way: • It is faster and more efficient to frequently commit lots of small transactions than it is to process and commit one big transaction. • We don’t have enough undo space. Both of these reasons are misguided. Furthermore, committing too frequently leaves you prone to the danger of leaving your database in an “unknown” state should your update fail halfway through. It requires complex logic to write a process that is smoothly restartable in the event of failure. By far the best option is to commit only as frequently as your business processes dictate and to size your undo segments accordingly. Let’s take a look at these issues in more detail. Performance Implications It is generally not faster to commit frequently—it is almost always faster to do the work in a single SQL statement. By way of a small example, say we have a table, T, with lots of rows, and we want to update a column value for every row in that table. We’ll use this to set up such a table (run these four setup steps before each of the three cases below): ops$tkyte%ORA11GR2> drop table t; Table dropped. ops$tkyte%ORA11GR2> create table t as select * from all_objects; Table created. CHAPTER 8 ■ TRANSACTIONS 285 ops$tkyte%ORA11GR2> exec dbms_stats.gather_table_stats( user, 'T' ); PL/SQL procedure successfully completed. ops$tkyte%ORA11GR2> variable n number Well, when we go to update, we could simply do it in a single UPDATE statement, like this: ops$tkyte%ORA11GR2> exec :n := dbms_utility.get_cpu_time; PL/SQL procedure successfully completed. ops$tkyte%ORA11GR2> update t set object_name = lower(object_name); 71952 rows updated. ops$tkyte%ORA11GR2> exec dbms_output.put_line( (dbms_utility.get_cpu_time-:n) || ' cpu hsecs...' ); 126 cpu hsecs... Many people—for whatever reason—feel compelled to do it like this—slow-by-slow/row-by-row— in order to have a commit every N records: ops$tkyte%ORA11GR2> exec :n := dbms_utility.get_cpu_time; PL/SQL procedure successfully completed. ops$tkyte%ORA11GR2> begin 2 for x in ( select rowid rid, object_name, rownum r 3 from t ) 4 loop 5 update t 6 set object_name = lower(x.object_name) 7 where rowid = x.rid; 8 if ( mod(x.r,100) = 0 ) then 9 commit; 10 end if; 11 end loop; 12 commit; 13 end; 14 / PL/SQL procedure successfully completed. ops$tkyte%ORA11GR2> exec dbms_output.put_line( (dbms_utility.get_cpu_time-:n) || ' cpu hsecs...' ); 469 cpu hsecs... In this simple example, it is many times slower to loop in order to commit frequently. If you can do it in a single SQL statement, do it that way, as it is almost certainly faster. Even if we “optimize” the procedural code, using bulk processing for the updates ops$tkyte%ORA11GR2> exec :n := dbms_utility.get_cpu_time; PL/SQL procedure successfully completed. ops$tkyte%ORA11GR2> declare 2 type ridArray is table of rowid; CHAPTER 8 ■ TRANSACTIONS 286 3 type vcArray is table of t.object_name%type; 4 5 l_rids ridArray; 6 l_names vcArray; 7 8 cursor c is select rowid, object_name from t; 9 begin 10 open c; 11 loop 12 fetch c bulk collect into l_rids, l_names LIMIT 100; 13 forall i in 1 .. l_rids.count 14 update t 15 set object_name = lower(l_names(i)) 16 where rowid = l_rids(i); 17 commit; 18 exit when c%notfound; 19 end loop; 20 close c; 21 end; 22 / PL/SQL procedure successfully completed. ops$tkyte%ORA11GR2> exec dbms_output.put_line( (dbms_utility.get_cpu_time-:n) || ' cpu hsecs...' ); 170 cpu hsecs... PL/SQL procedure successfully completed. it is in fact much faster, but still much slower than it could be. Not only that, but you should notice that the code is getting more and more complex. From the sheer simplicity of a single UPDATE statement, to procedural code, to even more complex procedural code—we are going in the wrong direction! Furthermore (yes, there is more to complain about), the preceding procedural code is not done yet. It doesn’t deal with “what happens when we fail” (not if we but rather when we). What happens if this code gets halfway done and then the system fails? How do you restart the procedural code with a commit? You’d have to add yet more code so you knew where to pick up and continue processing. With the single UPDATE statement, we just reissue the UPDATE. We know that it will entirely succeed or entirely fail; there will not be partial work to worry about. We visit this point more in the section “Restartable Processes Require Complex Logic.” Now, just to supply a counterpoint to this discussion, recall in Chapter 7 “Concurrency and Multi- versioning” when we discussed the concept of write consistency and how an UPDATE statement, for example, could be made to restart. In the event that the preceding UPDATE statement was to be performed against a subset of the rows (it had a WHERE clause, and other users were modifying the columns this UPDATE was using in the WHERE clause), then there would be a case either for using a series of smaller transactions rather than one large transaction or for locking the table prior to performing the mass update. The goal here would be to reduce the opportunity for restarts to occur. If we were to UPDATE the vast majority of the rows in the table, that would lead us toward using the LOCK TABLE command. In my experience, however, these sorts of large mass updates or mass deletes (the only statement types really that would be subject to the restart) are done in isolation. That large, one- time bulk update or the purge of old data generally is not done during a period of high activity. Indeed, the purge of data should not be affected by this at all, since you would typically use some date field to locate the information to purge, and other applications would not modify this data. CHAPTER 8 ■ TRANSACTIONS 287 Snapshot Too Old Error Let’s now look at the second reason developers are tempted to commit updates in a procedural loop, which arises from their (misguided) attempts to use a “limited resource” (undo segments) sparingly. This is a configuration issue; you need to ensure that you have enough undo space to size your transactions correctly. Committing in a loop, apart from generally being slower, is also the most common cause of the dreaded ORA-01555 error. Let’s look at this in more detail. As you will appreciate after reading Chapters 1 “Developing Successful Oracle Applications” and 7 “Concurrency and Multi-versioning,” Oracle’s multi-versioning model uses undo segment data to reconstruct blocks as they appeared at the beginning of your statement or transaction (depending on the isolation mode). If the necessary undo information no longer exists, you will receive an ORA-01555: snapshot too old error message and your query will not complete. So, if you are modifying the table that you are reading (as in the previous example), you are generating undo information required for your query. Your UPDATE generates undo information that your query will probably be making use of to get the read-consistent view of the data it needs to update. If you commit, you are allowing the system to reuse the undo segment space you just filled up. If it does reuse the undo, wiping out old undo data that your query subsequently needs, you are in big trouble. Your SELECT will fail and your UPDATE will stop partway through. You have a partly finished logical transaction and probably no good way to restart it (more about this in a moment). Let’s see this concept in action with a small demonstration. In a small test database, I set up a table: ops$tkyte%ORA11GR2> create table t as select * from all_objects; Table created. ops$tkyte%ORA11GR2> create index t_idx on t(object_name); Index created. ops$tkyte%ORA11GR2> exec dbms_stats.gather_table_stats( user, 'T', cascade=>true ); PL/SQL procedure successfully completed. I then created a very small undo tablespace and altered the system to use it. Note that by setting AUTOEXTEND off, I have limited the size of all UNDO to be 10MB or less in this system: ops$tkyte%ORA11GR2> create undo tablespace undo_small 2 datafile '/home/ora11gr2/app/ora11gr2/oradata/orcl/undo_small.dbf' 3 size 10m reuse 4 autoextend off 5 / Tablespace created. ops$tkyte%ORA11GR2> alter system set undo_tablespace = undo_small; System altered. Now, with only the small undo tablespace in use, I ran this block of code to do the UPDATE: ops$tkyte%ORA11GR2> begin 2 for x in ( select /*+ INDEX(t t_idx) */ rowid rid, object_name, rownum r 3 from t 4 where object_name > ' ' ) 5 loop 6 update t 7 set object_name = lower(x.object_name) 8 where rowid = x.rid; CHAPTER 8 ■ TRANSACTIONS 288 9 if ( mod(x.r,100) = 0 ) then 10 commit; 11 end if; 12 end loop; 13 commit; 14 end; 15 / begin * ERROR at line 1: ORA-01555: snapshot too old: rollback segment number with name "" too small ORA-06512: at line 2 I get the error. I should point out that I added an index hint to the query and a WHERE clause to make sure I was reading the table randomly (together, they caused the cost-based optimizer to read the table “sorted” by the index key). When we process a table via an index, we tend to read a block for a single row, and then the next row we want will be on a different block. Ultimately, we will process all of the rows on block 1, just not all at the same time. Block 1 might hold, say, the data for all rows with OBJECT_NAMEs starting with the letters A, M, N, Q, and Z. So we would hit the block many times, since we are reading the data sorted by OBJECT_NAME and presumably many OBJECT_NAMEs start with letters between A and M. Since we are committing frequently and reusing undo space, we eventually revisit a block where we can simply no longer roll back to the point our query began, and at that point we get the error. This was a very artificial example just to show how it happens in a reliable manner. My UPDATE statement was generating undo. I had a very small undo tablespace to play with (10MB). I wrapped around in my undo segments many times, since they are used in a circular fashion. Every time I committed, I allowed Oracle to overwrite the undo data I generated. Eventually, I needed some piece of data I had generated, but it no longer existed and I received the ORA-01555 error. You would be right to point out that in this case, if I had not committed on line 10, I would have received the following error: begin * ERROR at line 1: ORA-30036: unable to extend segment by 8 in undo tablespace 'UNDO_SMALL' ORA-06512: at line 6 The major differences between the two errors are as follows: • The ORA-01555 example left my update in a totally unknown state. Some of the work had been done; some had not. • There is absolutely nothing I can do to avoid the ORA-01555 error, given that I committed in the cursor FOR loop. • The ORA-30036 error can be avoided by allocating appropriate resources in the system. This error is avoidable by correct sizing; the first error is not. Further, even if I don’t avoid this error, at least the update is rolled back and the database is left in a known, consistent state—not halfway through some large update. The bottom line here is that you can’t “save” on undo space by committing frequently—you need that undo. I was in a single-user system when I received the ORA-01555 error. It takes only one session to cause that error, and many times even in real life it is a single session causing its own ORA-01555 errors. Developers and DBAs need to work together to size these segments adequately for the jobs that need to be done. There can be no short-changing here. You must discover, through analysis of your system, what your biggest transactions are and size appropriately for them. The dynamic performance view CHAPTER 8 ■ TRANSACTIONS 289 V$UNDOSTAT can be very useful to monitor the amount of undo you are generating and the duration of your longest running queries. Many people consider things like temp, undo, and redo as overhead— things to allocate as little storage to as possible. This is reminiscent of a problem the computer industry had on January 1, 2000, which was all caused by trying to save 2 bytes in a date field. These components of the database are not overhead, but rather are key components of the system. They must be sized appropriately (not too big and not too small). Note Speaking of UNDO segments being too small, make sure to set your undo tablespace back to your regular one after running these examples, otherwise you’ll be hitting ORA-30036 errors for the rest of the book! Restartable Processes Require Complex Logic The most serious problem with the “commit before the logical transaction is over” approach is the fact that it frequently leaves your database in an unknown state if the UPDATE fails halfway through. Unless you planned for this ahead of time, it is very hard to restart the failed process, allowing it to pick up where it left off. For example, say we were not applying the LOWER() function to the column, as in the previous example, but rather some other function of the column, such as last_ddl_time = last_ddl_time + 1; If we halted the UPDATE loop partway through, how would we restart it? We could not just rerun it, as we would end up adding 2 to some dates, and 1 to others. If we fail again, we would add 3 to some, 2 to others, 1 to the rest, and so on. We need yet more complex logic—some way to “partition” the data. For example, we could process every OBJECT_NAME that starts with A, and then B, and so on: ops$tkyte%ORA11GR2> create table to_do 2 as 3 select distinct substr( object_name, 1,1 ) first_char 4 from T 5 / Table created. ops$tkyte%ORA11GR2> ops$tkyte%ORA11GR2> begin 2 for x in ( select * from to_do ) 3 loop 4 update t set last_ddl_time = last_ddl_time+1 5 where object_name like x.first_char || '%'; 6 7 dbms_output.put_line( sql%rowcount || ' rows updated' ); 8 delete from to_do where first_char = x.first_char; 9 10 commit; 11 end loop; 12 end; 13 / 1270 rows updated CHAPTER 8 ■ TRANSACTIONS 290 3122 rows updated 7 rows updated 5 rows updated 8 rows updated… 2627 rows updated 16 rows updated 3 rows updated 11 rows updated 3 rows updated PL/SQL procedure successfully completed. Now, we could restart this process if it fails, since we would not process any object name that had already been processed successfully. The problem with this approach, however, is that unless we have some attribute that evenly partitions the data, we will end up having a very wide distribution of rows. The second UPDATE did more work than all of the others combined. Additionally, if other sessions are accessing this table and modifying the data, they might update the object_name field as well. Suppose that some other session updates the object named Z to be A, after we already processed the As. We would miss that record. Furthermore, this is a very inefficient process compared to UPDATE T SET LAST_DDL_TIME = LAST_DDL_TIME+1. We are probably using an index to read every row in the table, or we are full-scanning it n times, both of which are undesirable. There are so many bad things to be said about this approach. ■ Note In Chapter 14, ”Parallel Execution,” we’ll visit a new feature in Oracle Database 11g Release 2—the DBMS_PARALLEL_EXECUTE package. There we’ll revisit this restartable approach and deal with the non-uniform update patterns as well. The best approach is the one I advocated at the beginning of Chapter 1 “Developing Successful Oracle Applications”: do it simply. If it can be done in SQL, do it in SQL. What can’t be done in SQL, do in PL/SQL. Do it using the least amount of code you can. Have sufficient resources allocated. Always think about what happens in the event of an error. So many times, I’ve seen people code update loops that worked great on the test data but then failed halfway through when applied to the real data. Then they are really stuck, as they have no idea where the loop stopped processing. It’s a lot easier to size undo correctly than to write a restartable program. If you have truly large tables that need to be updated, you should be using partitions (more on that in Chapter 10 “Database Tables”), which you can update each individually. You can even use parallel DML to perform the update, or in Oracle Database 11g Release 2 and above, the DBMS_PARALLEL_EXECUTE package. Using Autocommit My final words on bad transaction habits concern the one that arises from using the popular programming APIs ODBC and JDBC. These APIs “autocommit” by default. Consider the following statements, which transfer $1,000 from a checking account to a savings account: update accounts set balance = balance - 1000 where account_id = 123; update accounts set balance = balance + 1000 where account_id = 456; CHAPTER 8 ■ TRANSACTIONS 291 If your program is using ODBC or JDBC when you submit these statements, they (silently) inject a commit after each UPDATE. Consider the impact of this if the system fails after the first UPDATE and before the second. You’ve just lost $1,000! I can sort of understand why ODBC does this. The developers of SQL Server designed ODBC, and this database demands that you use very short transactions due to its concurrency model (writes block reads, reads block writes, and locks are a scarce resource). What I can’t understand is how this got carried over into JDBC, an API that is supposed to support “the enterprise.” It is my belief that the very next line of code after opening a connection in JDBC should always be Connection conn = DriverManager.getConnection ("jdbc:oracle:oci:@database","scott","tiger"); conn.setAutoCommit (false); This returns control over the transaction back to you, the developer, which is where it belongs. You can then safely code your account transfer transaction and commit it after both statements have succeeded. Lack of knowledge of your API can be deadly in this case. I’ve seen more than one developer unaware of this autocommit “feature” get into big trouble with his application when an error occurred. Distributed Transactions One of the really nice features of Oracle is its ability to transparently handle distributed transactions. I can update data in many different databases in the scope of a single transaction. When I commit, either I commit the updates in all of the instances or I commit none of them (they will all be rolled back). I need no extra code to achieve this; I simply “commit.” A key to distributed transactions in Oracle is the database link. A database link is a database object that describes how to log into another instance from your instance. However, the purpose of this section is not to cover the syntax of the database link command (it is fully documented), but rather to expose you to its very existence. Once you have a database link set up, accessing remote objects is as easy as this: select * from T@another_database; This would select from the table T in the database instance defined by the database link ANOTHER_DATABASE. Typically, you would “hide” the fact that T is a remote table by creating a view of it, or a synonym. For example, I can issue the following and then access T as if it were a local table: create synonym T for T@another_database; Now that I have this database link set up and can read some tables, I am also able to modify them (assuming I have the appropriate privileges, of course). Performing a distributed transaction is now no different from a local transaction. All I would do is this: update local_table set x = 5; update remote_table@another_database set y = 10; commit; That’s it. Oracle will commit either in both databases or in neither. It uses a two-phase commit protocol (2PC) to do this. 2PC is a distributed protocol that allows for a modification that affects many disparate databases to be committed atomically. It attempts to close the window for distributed failure as much as possible before committing. In a 2PC between many databases, one of the databases— CHAPTER 8 ■ TRANSACTIONS 292 typically the one the client is logged into initially—will be the coordinator for the distributed transaction. This one site will ask the other sites if they are ready to commit. In effect, this site will go to the other sites and ask them to be prepared to commit. Each of the other sites reports back its “prepared state” as YES or NO. If any one of the sites votes NO, the entire transaction is rolled back. If all sites vote YES, the site coordinator broadcasts a message to make the commit permanent on each of the sites. This limits the window in which a serious error could occur. Prior to the “voting” on the 2PC, any distributed error would result in all of the sites rolling back. There would be no doubt as to the outcome of the transaction. After the order to commit or rollback, there again is no doubt as to the outcome of the distributed transaction. It is only during the very short window when the coordinator is collecting the votes that the outcome might be in doubt, after a failure. Assume, for example, we have three sites participating in the transaction with Site 1 being the coordinator. Site 1 has asked Site 2 to prepare to commit, and Site 2 has done so. Site 1 then asks Site 3 to prepare to commit, and it does so. At this point, Site 1 is the only site that knows the outcome of the transaction, and it is now responsible for broadcasting the outcome to the other sites. If an error occurs right now—the network fails, Site 1 loses power, whatever—Sites 2 and 3 will be left hanging. They will have what is known as an in-doubt distributed transaction. The 2PC protocol attempts to close the window of error as much as possible, but it can’t close it entirely. Sites 2 and 3 must keep that transaction open, awaiting notification of the outcome from Site 1. If you recall from the architecture discussion in Chapter 5, “Oracle Processes,” it is the function of the RECO process to resolve this issue. This is also where COMMIT and ROLLBACK with the FORCE option come into play. If the cause of the problem was a network failure between Sites 1, 2, and 3, then the DBAs at Sites 2 and 3 could actually call the DBA at Site 1, ask him for the outcome, and apply the commit or rollback manually, as appropriate. There are some, but not many, limitations to what you can do in a distributed transaction, and they are reasonable (to me, anyway, they seem reasonable). The big ones are as follows: • You can’t issue a COMMIT over a database link. That is, you can’t issue a COMMIT@remote_site. You may commit only from the site that initiated the transaction. • You can’t do DDL over a database link. This is a direct result of the preceding issue. DDL commits. You can’t commit from any site other then the initiating site, hence you can’t do DDL over a database link. • You can’t issue a SAVEPOINT over a database link. In short, you can’t issue any transaction control statements over a database link. All transaction control is inherited from the session that opened the database link in the first place; you can’t have different transaction controls in place in the distributed instances in your transaction. The lack of transaction control over a database link is reasonable, since the initiating site is the only one that has a list of everyone involved in the transaction. If in our three-site configuration, Site 2 attempted to commit, it would have no way of knowing that Site 3 was involved. In Oracle, only Site 1 can issue the commit command. At that point, it is permissible for Site 1 to delegate responsibility for distributed transaction control to another site. We can influence which site will be the actual commit site by setting the COMMIT_POINT_STRENGTH (a parameter) of the site. A COMMIT_POINT_STRENGTH associates a relative level of importance to a server in a distributed transaction. The more important the server (the more available the data needs to be), the more probable that it will coordinate the distributed transaction. You might want to do this if you need to perform a distributed transaction between your production machine and a test machine. Since the transaction coordinator is never in doubt as to the outcome of a transaction, it’s best if the production machine coordinated the distributed transaction. You don’t care so much if your test machine has some open transactions and locked resources. You certainly do care if your production machine does. The inability to do DDL over a database link is actually not so bad at all. First, DDL is rare. You do it once at installation or during an upgrade. Production systems don’t do DDL (well, they shouldn’t do CHAPTER 8 ■ TRANSACTIONS 293 DDL). Second, there is a method to do DDL over a database link, in a fashion, using the job queue facility, DBMS_JOB or, in Oracle 10g, the scheduler package, DBMS_SCHEDULER. Instead of trying to do DDL over the link, you use the link to schedule a remote job to be executed as soon as you commit. In that fashion, the job runs on the remote machine, is not a distributed transaction, and can do the DDL. In fact, this is the method by which the Oracle Replication Services perform distributed DDL to do schema replication. Autonomous Transactions Autonomous transactions allow you to create a “transaction within a transaction” that will commit or roll back changes independently of its parent transaction. They allow you to suspend the currently executing transaction, start a new one, do some work, and commit or roll back—all without affecting the currently executing transaction state. Autonomous transactions provide a new method of controlling transactions in PL/SQL and may be used in • Top-level anonymous blocks • Local (a procedure in a procedure), stand-alone, or packaged functions and procedures • Methods of object types • Database triggers Before we take a look at how autonomous transactions work, I’d like to emphasize that this type of transaction is a powerful and therefore dangerous tool when used improperly. The true need for an autonomous transaction is very rare indeed. I would be very suspicious of any code that makes use of them—that code would get extra examination. It is far too easy to accidentally introduce logical data integrity issues into a system using them. In the sections that follow, we’ll discuss when they may safely be used after seeing how they work. How Autonomous Transactions Work The best way to demonstrate the actions and consequences of an autonomous transaction is by example. We’ll create a simple table to hold a message: ops$tkyte%ORA11GR2> create table t ( msg varchar2(25) ); Table created. Next, we’ll create two procedures, each of which simply INSERTs its name into the message table and commits. However, one of these procedures is a normal procedure and the other is coded as an autonomous transaction. We’ll use these objects to show what work persists (is committed) in the database under various circumstances. First, here’s the AUTONOMOUS_INSERT procedure: ops$tkyte%ORA11GR2> create or replace procedure Autonomous_Insert 2 as 3 pragma autonomous_transaction; 4 begin 5 insert into t values ( 'Autonomous Insert' ); 6 commit; 7 end; 8 / Procedure created. CHAPTER 8 ■ TRANSACTIONS 294 Note the use of the pragma AUTONOMOUS_TRANSACTION. This directive tells the database that this procedure, when executed, is to be executed as a new autonomous transaction, independent from its parent transaction. ■ Note A pragma is simply a compiler directive, a method to instruct the compiler to perform some compilation option. Other pragmas are available. Refer to the PL/SQL programming manual; you’ll find a list of them in its index. And here’s the “normal” NONAUTONOMOUS_INSERT procedure: ops$tkyte%ORA11GR2> create or replace procedure NonAutonomous_Insert 2 as 3 begin 4 insert into t values ( 'NonAutonomous Insert' ); 5 commit; 6 end; 7 / Procedure created. Now let’s observe the behavior of the nonautonomous transaction in an anonymous block of PL/SQL code: ops$tkyte%ORA11GR2> begin 2 insert into t values ( 'Anonymous Block' ); 3 NonAutonomous_Insert; 4 rollback; 5 end; 6 / PL/SQL procedure successfully completed. ops$tkyte%ORA11GR2> select * from t; MSG ------------------------- Anonymous Block NonAutonomous Insert As you can see, the work performed by the anonymous block, its INSERT, was committed by the NONAUTONOMOUS_INSERT procedure. Both rows of data were committed, so the ROLLBACK command had nothing to roll back. Compare this to the behavior of the autonomous transaction procedure: ops$tkyte%ORA11GR2> delete from t; 2 rows deleted. ops$tkyte%ORA11GR2> commit; Commit complete. ops$tkyte%ORA11GR2> begin CHAPTER 8 ■ TRANSACTIONS 295 2 insert into t values ( 'Anonymous Block' ); 3 Autonomous_Insert; 4 rollback; 5 end; 6 / PL/SQL procedure successfully completed. ops$tkyte%ORA11GR2> select * from t; MSG ------------------------- Autonomous Insert Here, only the work done by and committed in the autonomous transaction persists. The INSERT done in the anonymous block was rolled back by the ROLLBACK statement on line 4. The autonomous transaction procedure’s COMMIT has no effect on the parent transaction started in the anonymous block. In a nutshell, this captures the essence of autonomous transactions and what they do. To summarize, if you COMMIT inside a “normal” procedure, it will make durable not only its own work but also any outstanding work performed in that session. However, a COMMIT performed in a procedure with an autonomous transaction will make durable only that procedure’s work. When to Use Autonomous Transactions The Oracle database has supported autonomous transactions internally for quite a while. We see them all of the time in the form of recursive SQL. For example, a recursive transaction may be performed when selecting from a sequence, in order for you to increment the sequence immediately in the SYS.SEQ$ table. The update of the SYS.SEQ$ table in support of your sequence is immediately committed and visible to other transactions, but your transaction is not yet committed. Additionally, if you roll back your transaction, the increment to the sequence remains in place; it is not rolled back with your transaction, as it has already been committed. Space management, auditing, and other internal operations are performed in a similar recursive fashion. This feature has now been exposed for all to use. However, I have found that the legitimate real- world use of autonomous transactions is very limited. Time after time, I see them used as a workaround to such problems as a mutating table constraint in a trigger. This almost always leads to data integrity issues, however, since the cause of the mutating table is an attempt to read the table upon which the trigger is firing. Well, by using an autonomous transaction you can query the table, but you are querying the table now without being able to see your changes (which is what the mutating table constraint was trying to do in the first place; the table is in the middle of a modification, so query results would be inconsistent). Any decisions you make based on a query from that trigger would be questionable—you are reading “old” data at that point in time. A potentially valid use for an autonomous transaction is in custom auditing, but I stress the words “potentially valid.” There are more efficient ways to audit information in the database than via a custom- written trigger. For example, you can use the DBMS_FGA package or just the AUDIT command itself. A question that application developers often pose to me is, “How can I log errors in my PL/SQL routines in a manner that will persist, even when my PL/SQL routines' work is rolled back?” Earlier, we described how PL/SQL statements are atomic—they either completely succeed or completely fail. If we logged an error in our PL/SQL routines, by default our logged error information would roll back when Oracle rolled back our statement. Autonomous transactions allow us to change that behavior, to have our error logging information persist even while the rest of the partial work is rolled back. Let’s start by setting up a simple error logging table to use; we’ll record the timestamp of the error, the error message, and the PL/SQL error stack (for pinpointing where the error emanated from): CHAPTER 8 ■ TRANSACTIONS 296 ops$tkyte%ORA11GR2> create table error_log 2 ( ts timestamp, 3 err1 clob, 4 err2 clob ) 5 / Table created. Now we need the PL/SQL routine to log errors into this table. We can use this small example: ops$tkyte%ORA11GR2> create or replace 2 procedure log_error 3 ( p_err1 in varchar2, p_err2 in varchar2 ) 4 as 5 pragma autonomous_transaction; 6 begin 7 insert into error_log( ts, err1, err2 ) 8 values ( systimestamp, p_err1, p_err2 ); 9 commit; 10 end; 11 / Procedure created. The “magic” of this routine is on line 5 where we used the pragma autonomous_transaction directive to inform PL/SQL that we want this subroutine to start a new transaction, perform some work in it, and commit it—without affecting any other transaction currently in process. The COMMIT on line 9 can affect only the SQL performed by this LOG_ERROR procedure. Now let’s test it out. To make it interesting, we’ll create a couple of procedures that will call each other: ops$tkyte%ORA11GR2> create table t ( x int check (x>0) ); Table created. ops$tkyte%ORA11GR2> create or replace procedure p1( p_n in number ) 2 as 3 begin 4 -- some code here 5 insert into t (x) values ( p_n ); 6 end; 7 / Procedure created. ops$tkyte%ORA11GR2> create or replace procedure p2( p_n in number ) 2 as 3 begin 4 -- code 5 -- code 6 p1(p_n); 7 end; 8 / Procedure created. CHAPTER 8 ■ TRANSACTIONS 297 And then we’ll invoke those routines from an anonymous block: ops$tkyte%ORA11GR2> begin 2 p2( 1 ); 3 p2( 2 ); 4 p2( -1); 5 exception 6 when others 7 then 8 log_error( sqlerrm, dbms_utility.format_error_backtrace ); 9 RAISE; 10 end; 11 / begin * ERROR at line 1: ORA-02290: check constraint (OPS$TKYTE.SYS_C0018251) violated ORA-06512: at line 9 Now, we can see the code failed (you want that error returned, hence the RAISE on line 9). We can verify that Oracle undid our work (we know that the first two calls to procedure P2 succeeded; the values 1 and 2 are successfully inserted into our table T): ops$tkyte%ORA11GR2> select * from t; no rows selected But we can also verify that our error log information has persisted, and in fact is committed: ops$tkyte%ORA11GR2> rollback; Rollback complete. ops$tkyte%ORA11GR2> select * from error_log; TS --------------------------------------------------------------------------- ERR1 ------------------------------------------------------------------------------- ERR2 ------------------------------------------------------------------------------- 03-MAR-10 04.49.22.114052 PM ORA-02290: check constraint (OPS$TKYTE.SYS_C0018252) violated ORA-06512: at "OPS$TKYTE.P1", line 5 ORA-06512: at "OPS$TKYTE.P2", line 6 ORA-06512: at line 4 In my experience, that is the only truly valid use of an autonomous transaction—to log errors or informational messages in a manner that can be committed independently of the parent transaction. CHAPTER 8 ■ TRANSACTIONS 298 Summary In this chapter, we looked at many aspects of transaction management in Oracle. Transactions are among the major features that set a database apart from a file system. Understanding how they work and how to use them is necessary to implement applications correctly in any database. Understanding that in Oracle all statements are atomic (including their side effects) and that this atomicity is extended to stored procedures is crucial. We saw how the placement of a WHEN OTHERS exception handler in a PL/SQL block could radically affect what changes took place in the database. As database developers, having a good understanding of how transactions work is crucial. We took a look at the somewhat complex interaction between integrity constraints (unique keys, check constraints, and the like) and transactions in Oracle. We discussed how Oracle typically processes integrity constraints immediately after a statement executes, but that we can defer this constraint validation until the end of the transaction if we wish. This feature is key in implementing complex multitable updates when the tables being modified are all dependent on each other—the cascading update is an example of that. We moved on to consider some of the bad transaction habits that people tend to pick up from working with databases that “support” rather than “promote” the use of transactions. We looked at the cardinal rule of transactions: they should be as short as they can be but as long as they need to be. Data integrity drives the transaction size—that is a key concept to take away from this chapter. The only things that should drive the size of your transactions are the business rules that govern your system. Not undo space, not locks—business rules. We covered distributed transactions and how they differ from single database transactions. We explored the limitations imposed upon us in a distributed transaction and discussed why they exist. Before you build a distributed system, you need to understand these limitations. What works in a single instance might not work in a distributed database. The chapter closed with a look at autonomous transactions and covered what they are and, more important, when they should and should not be used. I would like to emphasize once again that the legitimate real-world use of autonomous transactions is exceedingly rare. If you find them to be a feature you are using constantly, you’ll want to take a long, hard look at why. C H A P T E R 9 ■ ■ ■ 299 Redo and Undo This chapter describes two of the most important pieces of data in an Oracle database: redo and undo. Redo is the information Oracle records in online (and archived) redo log files in order to “replay” your transaction in the event of a failure. Undo is the information Oracle records in the undo segments in order to reverse, or roll back, your transaction. In this chapter, we will discuss topics such as how redo and undo (rollback) are generated, and how they fit into transactions, recovery, and so on. We’ll start off with a high-level overview of what undo and redo are and how they work together. We’ll then drill down into each topic, covering each in more depth and discussing what you, the developer, need to know about them. The chapter is slanted toward the developer perspective in that we will not cover issues that a DBA should be exclusively in charge of figuring out and tuning. For example, we won’t cover how to find the optimum setting for RECOVERY_PARALLELISM or the FAST_START_MTTR_TARGET parameters. Nevertheless, redo and undo are topics that bridge the DBA and developer roles. Both need a good fundamental understanding of the purpose of redo and undo, how they work, and how to avoid potential issues with regard to their use. Knowledge of redo and undo also helps both DBAs and developers better understand how the database operates, in general. In this chapter, I will present the pseudo-code for these mechanisms in Oracle and a conceptual explanation of what actually takes place. I will not cover every internal detail of what files get updated with what bytes of data. What actually takes place is a little more involved, but having a good understanding of the flow of how it works is valuable and will help you to understand the ramifications of your actions. ■ Note Time and time again, I get questions regarding the exact bits and bytes of redo and undo. People seem to want to have a very detailed specification of exactly, precisely, what is in there. I never answer those questions. Instead, I focus on the intent of redo and undo, the concepts behind redo and undo. I focus on the use of redo and undo—not on the bits and bytes. I myself do not “dump” redo log files or undo segments. I do use the supplied tools, such as Log Miner to read redo and flashback transaction history to read undo, but that presents the information to me in a human-readable format. So, we won’t be doing internals in this chapter but rather building a strong foundation. CHAPTER 9 ■ REDO AND UNDO 300 What Is Redo? Redo log files are crucial to the Oracle database. These are the transaction logs for the database. Oracle maintains two types of redo log files: online and archived. They are used for recovery purposes; their purpose in life is to be used in the event of an instance or media failure. If the power goes off on your database machine, causing an instance failure, Oracle will use the online redo logs to restore the system to exactly the committed point it was at immediately prior to the power outage. If your disk drive fails (a media failure), Oracle will use both archived redo logs and online redo logs to recover a backup of the data that was on that drive to the correct point in time. Moreover, if you “accidentally” truncate a table or remove some critical information and commit the operation, you can restore a backup of the affected data and recover it to the point in time immediately prior to the “accident” using online and archived redo log files. Archived redo log files are simply copies of old, full online redo log files. As the system fills up log files, the ARCH process makes a copy of the online redo log file in another location, and optionally puts several other copies into local and remote locations as well. These archived redo log files are used to perform media recovery when a failure is caused by a disk drive going bad or some other physical fault. Oracle can take these archived redo log files and apply them to backups of the data files to catch them up to the rest of the database. They are the transaction history of the database. ■ Note With the advent of Oracle 10g, we now have flashback technology. This allows us to perform flashback queries (query the data as of some point in time in the past), un-drop a database table, put a table back the way it was some time ago, and so on. As a result, the number of occasions in which we need to perform a conventional recovery using backups and archived redo logs has decreased. However, the ability to perform a recovery is the DBA’s most important job. Database recovery is the one thing a DBA is not allowed to get wrong. Every Oracle database has at least two online redo log groups with at least a single member (redo log file) in each group. These online redo log groups are used in a circular fashion. Oracle will write to the log files in group 1, and when it gets to the end of the files in group 1, it will switch to log file group 2 and begin writing to that one. When it has filled log file group 2, it will switch back to log file group 1 (assuming you have only two redo log file groups; if you have three, Oracle would, of course, proceed to the third group). Redo logs, or transaction logs, are one of the major features that make a database a database. They are perhaps its most important recovery structure, although without the other pieces such as undo segments, distributed transaction recovery, and so on, nothing works. They are a major component of what sets a database apart from a conventional file system. The online redo logs allow us to effectively recover from a power outage—one that might happen while Oracle is in the middle of a write. The archived redo logs let us recover from media failures when, for instance, the hard disk goes bad or human error causes data loss. Without redo logs, the database would not offer any more protection than a file system. What Is Undo? Undo is conceptually the opposite of redo. Undo information is generated by the database as you make modifications to data so that the data can be put back the way it was before the modifications took place. This might be done in support of multi-versioning as we learned in Chapter 7 “Concurrency and Multi- CHAPTER 9 ■ REDO AND UNDO 301 versioning,” or in the event the transaction or statement you are executing fails for any reason, or if we request it with a rollback statement. Whereas redo is used to replay a transaction in the event of failure—to recover the transaction—undo is used to reverse the effects of a statement or set of statements. Undo, unlike redo, is stored internally in the database in a special set of segments known as undo segments. ■ Note “Rollback segment” and “undo segment” are considered synonymous terms. Using manual undo management, the DBA will create “rollback segments.” Using automatic undo management, the system will automatically create and destroy “undo segments” as necessary. These terms should be considered the same for all intents and purposes in this discussion. It is a common misconception that undo is used to restore the database physically to the way it was before the statement or transaction executed, but this is not so. The database is logically restored to the way it was—any changes are logically undone—but the data structures, the database blocks themselves, may well be different after a rollback. The reason for this lies in the fact that, in any multiuser system, there will be tens or hundreds or thousands of concurrent transactions. One of the primary functions of a database is to mediate concurrent access to its data. The blocks that our transaction modifies are, in general, being modified by many other transactions as well. Therefore, we can’t just put a block back exactly the way it was at the start of our transaction—that could undo someone else’s work! For example, suppose our transaction executed an INSERT statement that caused the allocation of a new extent (i.e., it caused the table to grow). Our INSERT would cause us to get a new block, format it for use, and put some data into it. At that point, some other transaction might come along and insert data into this block. If we roll back our transaction, obviously we can’t unformat and unallocate this block. Therefore, when Oracle rolls back, it is really doing the logical equivalent of the opposite of what we did in the first place. For every INSERT, Oracle will do a DELETE. For every DELETE, Oracle will do an INSERT. For every UPDATE, Oracle will do an “anti-UPDATE,” or an UPDATE that puts the row back the way it was prior to our modification. ■ Note This undo generation is not true for direct-path operations, which have the ability to bypass undo generation on the table. We’ll discuss these operations in more detail shortly. How can we see this in action? Perhaps the easiest way is to follow these steps: 1. Create an empty table. 2. Full-scan the table and observe the amount of I/O performed to read it. 3. Fill the table with many rows (no commit). 4. Roll back that work and undo it. 5. Full-scan the table a second time and observe the amount of I/O performed. CHAPTER 9 ■ REDO AND UNDO 302 So, let’s create an empty table: ops$tkyte%ORA11GR2> create table t 2 as 3 select * 4 from all_objects 5 where 1=0; Table created. And now we’ll query it, with AUTOTRACE enabled in SQL*Plus to measure the I/O. ■ Note In this example, we will full-scan the tables twice each time. The goal is to only measure the I/O performed the second time in each case. This avoids counting additional I/Os performed by the optimizer during any parsing and optimization that may occur. The query initially takes no I/Os to full-scan the table: ops$tkyte%ORA11GR2> select * from t; no rows selected ops$tkyte%ORA11GR2> set autotrace traceonly statistics ops$tkyte%ORA11GR2> select * from t; no rows selected Statistics ---------------------------------------------------------- 0 recursive calls 0 db block gets 0 consistent gets 0 physical readsreadsreadsreads... ORA11GR2ORA11GR21R2> set autotrace off Now, that might surprise you at first—especially if you are an Oracle user dating back to versions before Oracle Database 11g Release 2—that there are zero I/Os against the table. This is due to a new 11g Release 2 feature—deferred segment creation, if you run this example in older releases, you’ll likely see 3 or so I/O’s performed. We’ll discuss that in a moment, but for now let’s continue this example. Next, we’ll add lots of data to the table. We’ll make it “grow,” then roll it all back: ops$tkyte%ORA11GR2> insert into t select * from all_objects; 72067 rows created. ops$tkyte%ORA11GR2> rollback; Rollback complete. CHAPTER 9 ■ REDO AND UNDO 303 Now, if we query the table again, we’ll discover that it takes considerably more I/Os to read the table this time: ops$tkyte%ORA11GR2> select * from t; no rows selected ops$tkyte%ORA11GR2> set autotrace traceonly statistics ops$tkyte%ORA11GR2> select * from t; no rows selected Statistics ---------------------------------------------------------- 0 recursive calls 0 db block gets 1073 consistent gets 0 physical reads ...ORA11GR2> set autotrace off The blocks that our INSERT caused to be added under the table’s high-water mark (HWM) are still there—formatted, but empty. Our full scan had to read them to see if they contained any rows. Moreover, the first time we ran the query, we observed zero I/Os. That was due to the default mode of table creation in Oracle Database 11g Release 2—using deferred segment creation. When we issued that CREATE TABLE, no storage, not a single extent, was allocated. The segment creation was deferred until the INSERT took place, and when we rolled back, the segment persisted. You can see this easily with a smaller example, I’ll explicitly request deferred segment creation this time although it is enabled by default in 11g Release 2: ops$tkyte%ORA11GR2> create table t ( x int ) 2 segment creation deferred; Table created. ops$tkyte%ORA11GR2> select extent_id, bytes, blocks 2 from user_extents 3 where segment_name = 'T' 4 order by extent_id; no rows selected ops$tkyte%ORA11GR2> insert into t(x) values (1); 1 row created. ops$tkyte%ORA11GR2> rollback; Rollback complete. ops$tkyte%ORA11GR2> select extent_id, bytes, blocks 2 from user_extents 3 where segment_name = 'T' 4 order by extent_id; EXTENT_ID BYTES BLOCKS ---------- ---------- ---------- 0 65536 8 CHAPTER 9 ■ REDO AND UNDO 304 As you can see, after the table create there was no allocated storage—no extents were used by this table. Upon performing an INSERT, followed immediately by ROLLBACK, we can see the INSERT allocated storage—but the ROLLBACK does not “release” it. Those two things together—that the segment was actually created by the INSERT but not “uncreated” by the ROLLBACK, and that the new formatted blocks created by the INSERT were scanned the second time around—show that a rollback is a logical “put the database back the way it was” operation. The database will not be exactly the way it was, just logically the same. How Redo and Undo Work Together Now let’s take a look at how redo and undo work together in various scenarios. We will discuss, for example, what happens during the processing of an INSERT with regard to redo and undo generation, and how Oracle uses this information in the event of failures at various points in time. An interesting point to note is that undo information, stored in undo tablespaces or undo segments, is protected by redo as well. In other words, undo data is treated just like table data or index data— changes to undo generate some redo, which is logged. Why this is so will become clear in a moment when we discuss what happens when a system crashes. Undo data is added to the undo segment and is cached in the buffer cache, just like any other piece of data would be. Example INSERT-UPDATE-DELETE Scenario As an example, we will investigate what might happen with a set of statements like this: insert into t (x,y) values (1,1); update t set x = x+1 where x = 1; delete from t where x = 2; We will follow this transaction down different paths and discover the answers to the following questions: • What happens if the system fails at various points in the processing of these statements? • What happens if we ROLLBACK at any point? • What happens if we succeed and COMMIT? The INSERT The initial INSERT INTO T statement will generate both redo and undo. The undo generated will be enough information to make the INSERT “go away.” The redo generated by the INSERT INTO T will be enough information to make the INSERT “happen again.” After the INSERT has occurred, we have the scenario illustrated in Figure 9-1. CHAPTER 9 ■ REDO AND UNDO 305 Figure 9-1. State of the system after an INSERT There are some cached, modified undo blocks, index blocks, and table data blocks. Each of these blocks is protected by entries in the redo log buffer. Hypothetical Scenario: The System Crashes Right Now Everything is OK. The SGA is wiped out, but we don’t need anything that was in the SGA. It will be as if this transaction never happened when we restart. None of the blocks with changes got flushed to disk, and none of the redo got flushed to disk. We have no need of any of this undo or redo to recover from an instance failure. Hypothetical Scenario: The Buffer Cache Fills Up Right Now The situation is such that DBWR must make room and our modified blocks are to be flushed from the cache. In this case, DBWR will start by asking LGWR to flush the redo entries that protect these database blocks. Before DBWR can write any of the blocks that are changed to disk, LGWR must flush the redo information related to these blocks. This makes sense: if we were to flush the modified blocks for table T (but not the undo blocks associated with the modifications) without flushing the redo entries associated with the undo blocks, and the system failed, we would have a modified table T block with no undo information associated with it. We need to flush the redo log buffers before writing these blocks out so that we can redo all of the changes necessary to get the SGA back into the state it is in right now, so that a rollback can take place. This second scenario shows some of the foresight that has gone into all of this. The set of conditions described by “If we flushed table T blocks and did not flush the redo for the undo blocks and the system failed” is starting to get complex. It only gets more complex as we add users, and more objects, and concurrent processing, and so on. At this point, we have the situation depicted in Figure 9-1. We have generated some modified table and index blocks. These have associated undo segment blocks, and all three types of blocks have generated redo to protect them. If you recall from our discussion of the redo log buffer in Chapter 4 “Memory Structures,” it is flushed at least every three seconds, when it is one-third full or contains 1MB of buffered data, or whenever a commit takes place. It is very possible that at some point during our processing, the redo log buffer will be flushed. In that case, the picture will look like Figure 9-2. CHAPTER 9 ■ REDO AND UNDO 306 Figure 9-2. State of the system after a redo log buffer flush That is, we’ll have modified blocks representing uncommitted changes in the buffer cache and redo for those uncommitted changes on disk. This is a very normal scenario that happens frequently. The UPDATE The UPDATE will cause much of the same work as the INSERT to take place. This time, the amount of undo will be larger; we have some “before” images to save as a result of the UPDATE. Now we have the picture shown in Figure 9-3. Figure 9-3. State of the system after the UPDATE CHAPTER 9 ■ REDO AND UNDO 307 We have more new undo segment blocks in the block buffer cache. To undo the UPDATE, if necessary, we have modified database table and index blocks in the cache. We have also generated more redo log buffer entries. Let’s assume that some of our generated redo log from the insert is on disk and some is in cache. Hypothetical Scenario: The System Crashes Right Now Upon startup, Oracle would read the redo logs and find some redo log entries for our transaction. Given the state in which we left the system, with the redo entries for the INSERT in the redo log files and the redo for the UPDATE still in the buffer, Oracle would “roll forward” the INSERT. We would end up with a picture much like Figure 9-1, with some undo blocks (to undo the INSERT), modified table blocks (right after the INSERT), and modified index blocks (right after the INSERT). Oracle will discover that our transaction never committed and will roll it back since the system is doing crash recovery and, of course, our session is no longer connected. It will take the undo it just rolled forward in the buffer cache and apply it to the data and index blocks, making them look as they did before the INSERT took place. Now everything is back the way it was. The blocks that are on disk may or may not reflect the INSERT (it depends on whether or not our blocks got flushed before the crash). If they do, then the INSERT has been, in effect, undone, and when the blocks are flushed from the buffer cache, the data file will reflect that. If they do not reflect the INSERT, so be it—they will be overwritten later anyway. This scenario covers the rudimentary details of a crash recovery. The system performs this as a two- step process. First it rolls forward, bringing the system right to the point of failure, and then it proceeds to roll back everything that had not yet committed. This action will resynchronize the data files. It replays the work that was in progress and undoes anything that has not yet completed. Hypothetical Scenario: The Application Rolls Back the Transaction At this point, Oracle will find the undo information for this transaction either in the cached undo segment blocks (most likely) or on disk if they have been flushed (more likely for very large transactions). It will apply the undo information to the data and index blocks in the buffer cache, or if they are no longer in the cache request, they are read from disk into the cache to have the undo applied to them. These blocks will later be flushed to the data files with their original row values restored. This scenario is much more common than the system crash. It is useful to note that during the rollback process, the redo logs are never involved. The only time redo logs are read for recovery purposes is during recovery and archival. This is a key tuning concept: redo logs are written to. Oracle does not read them during normal processing. As long as you have sufficient devices so that when ARCH is reading a file, LGWR is writing to a different device, there is no contention for redo logs. Many other databases treat the log files as “transaction logs.” They do not have this separation of redo and undo. For those systems, the act of rolling back can be disastrous—the rollback process must read the logs their log writer is trying to write to. They introduce contention into the part of the system that can least stand it. Oracle’s goal is to make it so that logs are written sequentially, and no one ever reads them while they are being written. The DELETE Again, undo is generated as a result of the DELETE, blocks are modified, and redo is sent over to the redo log buffer. This is not very different from before. In fact, it is so similar to the UPDATE that we are going to move right on to the COMMIT. CHAPTER 9 ■ REDO AND UNDO 308 The COMMIT We’ve looked at various failure scenarios and different paths, and now we’ve finally made it to the COMMIT. Here, Oracle will flush the redo log buffer to disk, and the picture will look like Figure 9-4. Figure 9-4. State of the system after a COMMIT The modified blocks are in the buffer cache; maybe some of them have been flushed to disk. All of the redo necessary to replay this transaction is safely on disk and the changes are now permanent. If we were to read the data directly from the data files, we probably would see the blocks as they existed before the transaction took place, as DBWR most likely has not yet written them. That’s OK—the redo log files can be used to bring those blocks up to date in the event of a failure. The undo information will hang around until the undo segment wraps around and reuses those blocks. Oracle will use that undo to provide for consistent reads of the affected objects for any session that needs them. Commit and Rollback Processing It is important to understand how redo log files might impact us as developers. We will look at how the different ways we can write our code affect redo log utilization. We’ve already seen the mechanics of redo earlier in the chapter, and now we’ll look at some specific issues. You might detect many of these scenarios, but they would be fixed by the DBA as they affect the database instance as a whole. We’ll start with what happens during a COMMIT, and then get into commonly asked questions and issues surrounding the online redo logs. What Does a COMMIT Do? As a developer, you should have a good understanding of exactly what goes on during a COMMIT. In this section, we’ll investigate what happens during the processing of the COMMIT statement in Oracle. A COMMIT is generally a very fast operation, regardless of the transaction size. You might think that the bigger a transaction (in other words, the more data it affects), the longer a COMMIT would take. This is not true. The response time of a COMMIT is generally “flat,” regardless of the transaction size. This is because a COMMIT does not really have too much work to do, but what it does do is vital. CHAPTER 9 ■ REDO AND UNDO 309 One of the reasons this is an imp