#739: Ensuring ACID in Subversion (aka watcher procecesses are fun)

From: Bill Tutt <rassilon_at_lyra.org>
Date: 2002-09-19 18:04:13 CEST

I've added the following comment to issue #739. For some reason the
comment hasn't showed up on the issues email list yet:

In order to ensure our I of Isolation in Acid, we need to have a
guaranteed way of being able to detect processes that died without
cleaning up after themselves.

One way of doing this is to follow the guidelines in this URL:
http://www.sleepycat.com/docs/ref/env/faq.html and create a watcher
process.

Another would be to move all code that called libsvn_fs into a separate
process.

I think the watcher process is the simplest approach. It'd work
something like this:

When the watcher process starts up, it's assumed the machine is
starting, and you're garunteed that no other programs are accessing
the BDB store. Therefore, the watcher process recovers the store on
startup.

Before libsvn_fs opens the BDB store, it registers the current process
with the watcher process. if this fails, libsvn_fs returns a failure.
(This
code should be a thread safe ref count for the process from libsvn_fs's
end.)

After libsvn_fs closes the BDB store, it notifies the watcher process
that
it has released the BDB store cleanly. (Again, this should be a thread
safe ref count.)

If the watcher process detects an exiting registered process that hasn't

deregistered then the datastore is now suspect. The watcher process
must now cause all in process transactions to be aborted.

This should probably be accomplished by using some asyncrhonous
notification + timeout. If the timeout expires before the other
remaining processes exit out, then the watcher process may kill the
process explicitly.

Once all of the registered processes have either exited with a useful
failure message, or forcefully killed, then the watcher is allowed to
recover the datastore.

Any incoming registration requests must block until the database has
been successfully recovered.

It's almost a shame that the watcher process can't release just the
locks that were owned by the errant process because the process has
exited.

If we could, then life would be much simpler.

FYI,
Bill

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@subversion.tigris.org
For additional commands, e-mail: dev-help@subversion.tigris.org
Received on Thu Sep 19 18:04:59 2002

This message: [ Message body ]
Next message: Glenn A. Thompson: "Re: #739: Ensuring ACID in Subversion (aka watcher procecesses are fun)"
Previous message: Greg Stein: "[jerenkrantz@apache.org: cvs commit: apr-util/dbm apr_dbm_berkeleydb.c]"
In reply to: Bill Tutt: "Re: Cancelling Subversion operations"
Next in thread: Glenn A. Thompson: "Re: #739: Ensuring ACID in Subversion (aka watcher procecesses are fun)"
Reply: Glenn A. Thompson: "Re: #739: Ensuring ACID in Subversion (aka watcher procecesses are fun)"
Reply: Garrett Rooney: "Re: #739: Ensuring ACID in Subversion (aka watcher procecesses are fun)"

Contemporary messages sorted: [ By Date ] [ By Thread ] [ By Subject ] [ By Author ] [ By messages with attachments ]