Storage system crashes
While data loss may be unavoidable in some cases, the structure of Condensation stores makes it fairly resilient to storage system crashes, even without explicit journaling.
Partially written objects
Partially added hashes
If the system crashes while an envelope hash is being added, the partially written hash will almost certainly be dangling, i.e. point to an object not available on the store. Such entries are invalid, and will be discarded.
Partially removed hashes
Similarly, if the system crashes while an envelope hash is being removed, the partially destroyed hash will almost certainly be dangling, and therefore be discarded.
A transaction is carried out by writing new objects, adding the new hash, and removing all merged hashes. These operations are carried out in this order, and only if all previous operations have succeeded.
If the system crashes during such a transaction, the following outcomes are possible:
- Some object have been written, or partially written, but the new hash has not been added. The transaction is aborted, leaving the data in its current state. Unlinked objects will eventually be garbage collected.
- All objects have been written, but the system crashes before the new hash is added. As above, the old state of the data remains on the store, and unused objects are garbage collected.
- All objects have been written, and the new hash has been added, but the system crashes before removing the merged hashes. In this case, the new state exists alongside the old state, but merging these two states results in the new state. The transaction succeeded.