[darcs-users] Re: Atomicity

Juliusz Chroboczek Juliusz.Chroboczek at pps.jussieu.fr
Fri Nov 4 08:47:48 UTC 2005


> That is not meant as a stinging criticism (I don't know how much
> worse or better the other systems are or want to be) but I must say
> _prima facie_ that sounds like a lot of wobbliness to me...

David is a competent scientist, so he focalises on the flaws, but
Darcs is actually pretty safe.

  (1) all read-only commands are fully read-only;
  (2) all ordinary commands are atomic except for the pristine cache;
  (3) for extraordinary commands, the only guarantee is that a stray
      lock file will be left if the system crashes at the wrong time.

Point (1) should be self-explanatory.

What point (2) means is that a command such as |darcs record| or |pull|
does the following:

  (i) take a lock;
  (ii) write patches;
  (iii) append entries to the inventory;
  (iv) update the pristine cache;
  (v) release the lock.

If the system crashes between (ii) and (iii), there's no problem: the
patches will be written to the repository, but since the inventory
won't be updated, they will be stray patch files.  If the system
crashes between (iii) and (iv), on the other hand, the pristine cache
will not be up to date, which will be detected by darcs check and
fixed by darcs repair.

In either case, there will be a stray lock file left by Darcs, which
is a good hint that you should run |darcs check|.

There's an additional caveat here: writing a patch file, or appending
to the inventory is not necessarily atomic.  If the system crashes
while appending to the inventory (which is extremely unlikely), you'll
end up with a repository that |darcs repair| properly detects as
corrupt, but |darcs repair| won't be able to fix.  (It can easily be
fixed by hand if you know what you're doing.)

Point (3) means that commands such as |darcs repair| and |optimize|
have not been checked for atomicity.  There has been little demand for
that, as most people don't run darcs repair very often, but a point
could be made that they should be made atomic.

Oh, and all of the above remains true over correct (CTO-coherent)
implemenations of NFS.

                                        Juliusz




More information about the darcs-users mailing list