low power actions?

[Eben Eliason]

On Fri, Jul 11, 2008 at 1:33 PM, Gary C Martin <gary at garycmartin.com> wrote:
> One concern I have with auto saving state before powering off is the
> potential corruption of journal data. How robust is the Journal if
> power off happens half way through an ongoing auto state save – do you
> loose both the new journal entry and the original entry you had
> resumed from (partially overwritten)?

Disclaimer:  I'm not a technical expert on the DS, so others more
familiar should probably correct me if I make claims below that are
false.

This is yet another problem that can be bypassed with the "new DS".
In one of our past meetings, we laid out requirements for the process
by which activities save their state, and it included a means for
activities to check in temporary saves if they wished to, optionally
passing a flag to tell the Journal to actually create a new entry.
This system was in place such that, if the Journal detected that a
given activity crashed, it could automatically make a new Journal
entry based on the last temporary save, as a form of auto-recovery.
This approach could similarly be used after a power failure.

Additionally, in the worst case a corrupt entry might wind up in the
Journal, but that shouldn't be a problem because, at present, copies
are stored so there is no loss of data, and in the future we'll have
versions, and only one version of many would be corrupt.  It should
never be the case that the entry that was opened gets corrupted.
Ideally the Journal would be able to recognize when a save transaction
doesn't finish and either replace it with the most recent temporary
state or remove the entry compeletely.

- Eben