On Thu, Dec 3, 2020 at 1:24 PM Ævar Arnfjörð Bjarmason <avarab@xxxxxxxxx> wrote:
> >> Indeed. So the design needs to be fixed, if it fails.
> >>
> >> > There are several options:
> >> >
> >> > 1) P2 should fail the compaction. This is bad because it will lead to
> >> > degraded performance over time, and it's not obvious if you can
> >> > anticipate that the deletion doesn't work.
> >> > 2) P2 should retry deleting until it succeeds. This is bad, because a
> >> > reader can starve writers.
> >> > 3) on exit, P1 should check if its *.ref files are still in use, and
> >> > delete them. This smells bad, because P1 is a read-only process, yet
> >> > it executes writes. Also, do we have good on-exit hooks in Git?
> >> > 4) On exit, P1 does nothing. Stale *.ref files are left behind. Some
> >> > sort of GC process cleans things up asynchronously.
> >> > 5) The ref DB should not keep files open, and should rather open and
> >> > close files as needed; this means P1 doesn't keep files open for long,
> >> > and P2 can retry safely.
> >> >
> >> > I think 3) seems the cleanest to me (even though deleting in read
> >> > process feels weird), but perhaps we could fallback to 5) on windows
> >> > as well.
> >>
> >> Traditionally, Git would fail gracefully (i.e. with a warning) to delete
> >> the stale files, and try again at a later stage (during `git gc --auto`,
> >> for example, or after the next compaction step).
> >
> > So, how does this sound:
> >
> > * add a void
> >
> > set_warn_handler(void(*handler)(char const*))
> >
> > The handler is called for non-fatal errors (eg. deleting an in-use
> > .ref file during compaction), and can provide the warning.
> >
> > * all .ref files will be prefixed with an 8-byte random string, to
> > avoid that new *.ref files collide with unreferenced, stale *.ref
> > files.
>
> Just trying to follow along here. Do you mean prefix the file name or
> the content of those *.ref files? In any case isn't this synonymous with
> proposing moving beyond reftable v1 (to the WIP v2, or a v1.1 with just
> this change?). The current spec seems to preclude prefixing either the
> file content or filename, but maybe I'm misreading it:
This is about prefixing the filename with an uniquifying prefix. This
is because the range of timestamps encompassed by the table doesn't
uniquely identify the table.
Consider the following case:
State: 1 table "00001.ref"
Transaction 1: add ref xyz at timestamp 2
add ref abc at timestamp 2
=> 00002.ref
Transaction 2: add delete ref xyz at timestamp 3
=> 00003.ref
On compacting 00002 and 00003 together, you'll end up with a table for
only "ref abc at timestamp 2". If you call that result 00002.ref
again, there are two versions 00002.ref.
In the current spec with unix semantics, that's not a problem, because
out of date tables are removed, and disappear once the last reader closes
the file, but if we have to cater for a system
where removal that doesn't always work, we'd have to fix up things
afterwards. That means we have to be able to tell apart these two
versions of 00002.ref, and this is where a random prefix would help.
The exact naming of the tables is not central to the spec, as the
table names to read are listed in tables.list, and systems can write
filenames as they please. Maybe recommendations around filenames
should be phrased as a "SHOULD" clause, with a "MUST" that each table
has a globally unique name.
> https://googlers.googlesource.com/sop/jgit/+/reftable/Documentation/technical/reftable.md#update-transactions
> https://googlers.googlesource.com/sop/jgit/+/reftable/Documentation/technical/reftable.md#header
>
> When the reftable format was initially being discussed I suggested
> somewhat flippantly (why not SQLite?). Partially because in trying to
> invent what's essentially a portable and concurrently updated database
> format we'd be likely to reinvent much of the same wheel.
>
> So not to drag that whole thing up again as a proposal for a format
> replacement, but I wonder what SQLite would do in this scenario & others
> where desired DB semantics / transactions and FS/portability semantics
> clash. AFAIK the reftable has only been battle-tested in production
> under JGit so far (presumably Linux-only). Whereas SQLite has been
> ported to and widely used on Windows, HP/UX and probably other systems
> where Linux-specific assumptions don't apply.
I think it would be an interesting exercise to build a ref database on
SQLite, and I wish it had been done before, because large part of the
work of getting reftable to work with git proper, is disentangling
the code with assumptions about the underlying ref storage system.
I agree that some of this is reinventing the wheel, and I wish that
reftable had been based on another format (say, LevelDB) to get away
from bit mangling, but I think SQlite is a tricky proposition, because
SQLite is a system with considerable complexity of its own. You'd
force all the other Git implementations (libgit2, Microsoft's C#,
go-git, JGit, Dulwhich etc.) to find a way to implement SQLite
support. That will be a difficult proposition for the implementations that
try to avoid FFI.
You could also look at this from the positive side, which is that the
transaction semantics of reftable are much easier to understand and
verify than those of the files backend.
--
Han-Wen Nienhuys - Google Munich
I work 80%. Don't expect answers from me on Fridays.
--
Google Germany GmbH, Erika-Mann-Strasse 33, 80636 Munich
Registergericht und -nummer: Hamburg, HRB 86891
Sitz der Gesellschaft: Hamburg
Geschäftsführer: Paul Manicle, Halimah DeLaine Prado
--
Google Germany GmbH, Erika-Mann-Strasse 33, 80636 Munich
Registergericht und -nummer: Hamburg, HRB 86891
Sitz der Gesellschaft: Hamburg
Geschäftsführer: Paul Manicle, Halimah DeLaine Prado
