On Thu, Nov 03, 2005 at 12:15:27AM +0100, Olivier Lefevre wrote: > What kind of atomicity guarantees does darcs make, esp. in the presence > of errors? Which commands are guaranteed to be atomic and to leave the > repository unchanged if for any reason they fail?
The patch-reordering commands have no guarantee--this includes optimize --reorder, unpull, unrecord and amend-record. (Once we support a hashed inventory, I believe these can be made atomic.) These also can mess up a simultaneous pull or get, causing the pulled (or gotten) repository to be corrupt. I may have left something out here, but generally these are the commands that you shouldn't be running on a publicly accessible repository anyways even if they were safe in terms of atomicity. The safe patch-modifying commands (record, pull, push, apply, rollback) should be fully atomic in the following sense. They can always be run with simultaneous pulls and gets (which read the repository you're modifying) without trouble. In case of error, they may leave a messed-up working directory. They may also leave a messed-up pristine cache. If that happens a lock file *should* also be left in place--but I'm not confident in the level of auditing that part of the code has, so if you suspect an error, you should run check to verify the pristine cache's state. The pristine cache is never read remotely, so a corrupt pristine cache doesn't affect remote accesses. I corrupt pristine cache *will*, however, cause future records to be incorrect, and may cause future pulls or applies to fail when they shouldn't. If an append to the _darcs/inventory file were to fail spectacularly, then it may be possible for the "safe" commands to corrupt the repository Commands that affect the working directory only (revert, unrevert) can't corrupt the repository, for obvious reasons. -- David Roundy http://www.darcs.net _______________________________________________ darcs-users mailing list [email protected] http://www.abridgegame.org/mailman/listinfo/darcs-users
