Hello Andrei,

Please review MDEV-21469 changes.

Branch name: bb-10.5-MDEV_21469

Thank you.

Design of XA recovery:-
=====================
Let us assume "binary log" has following sequence of events.

PREPARE XA1
COMMIT XA1
PREPARE XA2 --> Crash during XA2 prepare.

Engine has the following view of above XA transactions.

XA1 - Complete in Engine
XA2 - Prepared in Engine

During server restart binlog recovery is initiated.
At present during recovery only the 'XID_t' list is sent.
Along with this list another list for 'XA' transactions
will also be sent.

struct xa_recovery_member

{

   XID xid;

   enum xa_binlog_state state;

   bool in_engine_prepare;

};

enum xa_binlog_state {XA_PREPARE=0, XA_COMPLETE};

'XA' recovery list is prepared as shown below.

Parse 1 of Binary log:
=====================

PREPARE XA1 name state in_engine_prepare

PREPARE XA2 name state in_engine_preare

COMMIT XA1 name state in_engine_prepare

The above list is passed on to engine during 'ha_recover(xid_list, XA_list)'.

By checking with engine update the 'in_engine_prepare' filed in list.

Since engine has only 'XA2' in prepared state it is marked with 'Y' flag.

name state in_engine_prepare

Now the above list is returned back to binlog recovery code.

Parse 2 of binary log to replay the events:
===========================================
Start reading events from the binary log.

PREPARE XA1 -

Compare XA1 state with 'state' in list.

if (PREPARE == C ) No.
in_engine_prepare= N.

This transaction is complete. Donot apply.

COMMIT XA1 -

if (COMMIT == C) yes.
in_engine_prepare=N.
This transaction is complete. Donot apply.

PREPARE XA2

if (PREPARE == P) yes
in_engine_prpare= N

Then replay the event from binary log.

Recovery of XA_COMMIT/XA_ROLLBACK:
==================================

PREPARE XA1
PREPARE XA2
COMMIT XA1
COMMIT XA2 --> Crash during XA2 commit.

Let us assume server has crashed at this stage.

Engine has the following view of above XA transactions.

XA1 - Complete in Engine
XA2 - Prepared in Engine

Parse 1 of Binary log:
=====================

PREPARE XA1 name state in_engine_prepare

PREPARE XA2 name state in_engine_preare

COMMIT XA1 name state in_engine_prepare

COMMIT XA2 name state in_engine_prepare

The above list is passed on to engine during 'ha_recover(xid_list, XA_list)'.

Updated list after checking with engine is given below.

name state in_engine_prepare

Now the above list is returned back to binlog recovery code.

Parse 2 of binary log to replay the events:
===========================================
Start reading events from the binary log.

PREPARE XA1 -

Compare XA1 state with 'state' in list.

if (PREPARE == C ) No.
in_engine_prepare= N.

This transaction is complete. Donot apply.

COMMIT XA1 -

if (COMMIT == C) yes.
in_engine_prepare=N.
This transaction is complete. Donot apply.

PREPARE XA2 -

Compare XA2 state with 'state' in list

if (PREPARE == P) yes
in_engine_prepare=Y
The transaction is complete. Donot apply.

COMMIT XA2 -

if (COMMIT == C)
in_engine_prepare=Y

Then 'COMMIT XA2' is present only in binlog. Not in engine.
Replay the 'XA COMMIT XA2' event.

Similar logic applies for ROLLBACK as well.

Sujatha, thanks for an awesome piece of work! We may polish the high-level description later though (for which I don't have time right now).

Howdy, Serg.

Could you please check two commits that top bb-10.5-MDEV_21469 branch
implementing the task agenda. It was partly reviewed by Svoj, who left few notes
on GITHUB, which are mostly addressed.

To MDEV-21469 Pre-commit: make sure binlog hton is listed in the head of the user XA participants list I already pointed (in the last weekly call) that changing trans_register_ha() is the least intrusion method, as well as with the least extra operations for non-user-xa executions (the cost is of that of one if).

https://github.com/MariaDB/server/commit/dc92235f21e
https://github.com/MariaDB/server/commit/f1db957c5da

MySQL 8.0.30 includes WL#11300 Crash-safe XA + binary log. However, MySQL Bug #76233 XA prepare is logged ahead of engine prepare has not been closed yet.

Changed the relationship from blocks to relates to. In reality, MDEV-21117 (already closed) provided the base for this patch, and likely, the dependency with MDEV-18959 is reversed, i.e. MDEV-21469 would depend on the framework laid out by this patch.

Changed the fix version to 10.6 because the patch for MDEV-21117 was committed into 10.6, and refactored a lot of the binlog recovery logic which is well suited to this work.

Note that we have to ensure that this MDEV and MDEV-31949 are both solved and tested together

Repeating my comment from MDEV-31949:

Let me just state once and for all:

The idea to binlog first and prepare in engine later for XA prepare will not be approved. Don't spend more effort in this direction.

• The engines, InnoDB in particular, have very mature and carefully designed and optimized write-ahead logging. This should be the primary source of recovery, not the binlog which is not very well designed or suitable as a high-performance and scalable write-ahead log. And the binlog is optional, the engine needs to implement recovery from its own log anyway. This should not be duplicated in the binlog.

• For normal transactions, we call innobase_xa_prepare() before binlogging. We should not do the opposite semantics for user XA PREPARE.

• Recovering the transaction from the binlog is not possible in all cases. Statement-based binlogging is a supported user configuration and does not admit this, even row-based binlogging doesn't support it in all cases.

For these reasons, the engine prepare must come before the binlog write for XA PREPARE. Again, patches that does the opposite will be rejected in review.