belliottsmith commented on code in PR #33: URL: https://github.com/apache/cassandra-accord/pull/33#discussion_r1103564195
########## accord-core/src/main/java/accord/local/ImmutableState.java: ########## @@ -0,0 +1,202 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +package accord.local; + +/** + * Since metadata instances are immutable, there can be several copies floating around in memory, all but one + * of which is stale. This can lead to difficult to diagnose bugs, especially when an implementation side cache + * is involved. + * The ImmutableState base class defines the various lifecycle stage and helps restrict what the user does with it, + * with the goal or throwing an exception as soon as an illegal usage occurs, instead of after. + * + * An up to date instances can have one of 2 statuses, DORMANT or ACTIVE. An instance is only ACTIVE in the time + * between when the safe store for it's current operation is created, and closed, and is otherwise marked DORMANT. + * While DORMANT, it cannot be read from or updated. This is to help detect leaked instances being read from or + * updated when they shouldn't be. + * + * Once an update has created a superseding instance, the original instance is marked SUPERSEDED. It can then be + * marked CLEANING_UP, during which time its fields can be read to assist in determining what has been updated. + * From CLEANING_UP, an instance can be marked INVALIDATED to indicate that any access is illegal. An instance + * marked SUPERSEDED can also go directly to INVALIDATED, in the case of intermediate updates. + */ +public abstract class ImmutableState Review Comment: Regarding `LiveCommand`, I agree `SafeCommand` is nicer for consistency yeah. Though I think it would be better for symmetry for `SafeCommand` to refer to the temporary reference we take for the duration of an operation. This would permit us to also define restrictions we think might help safety. For instance, most state transitions we can easily require that they update the command at most once. Maybe we can for all of them? I think the cases where we don't may have been the source of a number of the issues we encountered, and could potentially cause future issues as they have the potential to leave the state machine in a partially updated state. It would be nice to be able to assemble an entire new image at termination within our state machine update methods in fact, rather than leaving it to `pending` methods. I think it's possible that all of the updates fulfil this criteria now except for `NotifyWaitingOn`? I could have a look at updating `NotifyWaitingOn` if we agree it would be clearer to enforce this rule. At the very least it would be nice to declare with the type system where we _can't_ follow this rule so we know to be more careful there. -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected] --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
