The reason for my unclear crash recovery algorithm is, it was not fully
designed when we started chatting, only the basic principles of robust
micro-transaction commit. You forced me to go work out the details of
the high level transaction architecture.
The big points you got me focussed on were, what about mass commits a la
fsync, and how do you sort out the ties that arise between otherwise
independent high level operations, and how do you preserve the ordering
of low level operations to reflect the ordering constraints of the high
level operations? Which is what you were trying to say with your create
I am well down path to identifying a similar frontend/backend
separation in Tux3. The back end data consists of all the dirty
metadata and file data cache blocks (buffer cache and page cache(s)
respectively) and the "phase" boundaries, which separate the results of
successive large groups of high level operations so that there are no
disk-image dependencies between them.
I now have two nice tools for achieving such a clean separation between
transaction phases:
1) Logical log records
2) Dirty cache block cloning
The latter takes advantage of logical log records to limit the effect of
a high level operation to just the leaf blocks affected. Where two
operations that are supposed to be in two different transaction phases
affect the same leaf block(s) then the block(s) will be cloned to
achieve proper physical separation. So I can always force a clean
boundary between phases without generating a lot of dirty blocks to do
it, an important property when it comes to anti-deadlock memory
provisions.
The payoff for a clean frontend/backend separation is, as you say, a
clean design. The art in this is to accomplish the separation without
any throughput compromise, which I am willing to believe you have done
in Hammer, and which I now wish to achieve by a somewhat different
I need a means of remembering which blocks are members of which phases,
and an rbtree may b...
