Prevent database corruption on OOM #2832
Conversation
arkpar
added
A0-pleasereview 🤓
| @@ -417,11 +418,10 @@ impl Database { | |||
| }; | |||
| } | |||
|
|
|||
| /// Commit buffered changes to database. | |||
| pub fn flush(&self) -> Result<(), String> { | |||
| /// Commit buffered changes to database. Must be called under `flush_lock` | |||
There was a problem hiding this comment.
is there some way to ensure it is always called under flush_lock?
There was a problem hiding this comment.
it's a private function so we can uphold invariants at the module level
There was a problem hiding this comment.
It is an internal function. The code in the module only calls under the lock. I could add a try_lock runtime check but this seems an overkill considering we don't have such checks anywhere else in the codebase.
There was a problem hiding this comment.
Can you pass &mut MutexGuard<bool> as an unused parameter?
There was a problem hiding this comment.
yup - even for internal functions, it's pretty easy for someone else to come along and mistakenly call it. docs all too easily get out of date. functions that require particular external conditions to act properly (like a member lock being made) are inherently dangerous.
a minimum would be to append _with_lock to the function name, though i'd prefer something that didn't compile unless called properly.
gavofyork
added
A6-mustntgrumble 💦
arkpar
added
A0-pleasereview 🤓
rphmeier
added
A8-looksgood 🦄
gavofyork
added
A5-grumble 🔥
arkpar
added
A0-pleasereview 🤓
gavofyork
added
A6-mustntgrumble 💦
* Prevent database corruption on OOM * Renamed write_flushing
* Prevent database corruption on OOM (#2832) * Prevent database corruption on OOM * Renamed write_flushing * v1.3.10
No description provided.