vfs: redesign MemFS strict mode #3888
Merged
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
|
This change is |
jbowens
approved these changes
Aug 26, 2024
There was a problem hiding this comment.
Reviewed 16 of 16 files at r1, all commit messages.
Reviewable status: all files reviewed, 1 unresolved discussion (waiting on @RaduBerinde)
error_test.go line 436 at r1 (raw file):
inj := errorfs.InjectorFunc(func(op errorfs.Op) error { if op.Kind.ReadOrWrite() == errorfs.OpIsWrite && crashIndex.Add(-1) == -1 { // Allow an arbitrary subset of non-0synced state to survive beyond the
nit: "non-synced"
Currently we use `MemFS` in "strict" mode to test crash recovery in the following way: - at the desired crash point we call `SetIgnoreSyncs(true)` - after we close the database, we call `ResetToSyncedState()` and `SetIgnoreSyncs(false)` and proceed using the same filesystem. This model is a bit fragile in the sense that both the previous operation that we're simulating a crash of and the new operation use the same filesystem. For example, a background operation that is finishing up some cleanup could in principle interfere with the new process. We switch to a "crash clone" model, where we instead extract a crash-consistent copy of the filesystem; further testing can proceed on this independent copy. This allows for more usage patterns - e.g. we can take multiple crash clones at various points and check them all afterwards. We also add functionality to randomly retain part of the unsynced data (which is closer to what would happen in a real crash).
RaduBerinde
force-pushed
the
memfs-clone
branch
from
4977c3c to
5baaf71
Compare
|
TFTR! |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Currently we use
MemFSin "strict" mode to test crash recovery inthe following way:
SetIgnoreSyncs(true)ResetToSyncedState()andSetIgnoreSyncs(false)and proceed using the same filesystem.This model is a bit fragile in the sense that both the previous
operation that we're simulating a crash of and the new operation use
the same filesystem. For example, a background operation that is
finishing up some cleanup could in principle interfere with the new
process.
We switch to a "crash clone" model, where we instead extract a
crash-consistent copy of the filesystem; further testing can proceed
on this independent copy. This allows for more usage patterns - e.g.
we can take multiple crash clones at various points and check them all
afterwards.
We also add functionality to randomly retain part of the unsynced
data (which is closer to what would happen in a real crash).