From: John Snow <jsnow@redhat.com>
To: Vladimir Sementsov-Ogievskiy <vsementsov@virtuozzo.com>,
qemu-devel@nongnu.org, qemu-block@nongnu.org
Cc: kwolf@redhat.com, famz@redhat.com, armbru@redhat.com,
mreitz@redhat.com, den@openvz.org, Eric Blake <eblake@redhat.com>,
Stefan Hajnoczi <stefanha@redhat.com>
Subject: Re: [Qemu-devel] [PATCH 2/2] qapi: add transaction support for x-block-dirty-bitmap-merge
Date: Fri, 6 Jul 2018 11:38:34 -0400 [thread overview]
Message-ID: <43e22b35-39c3-f596-5a0a-f899376911ad@redhat.com> (raw)
In-Reply-To: <63c582e8-4646-ad59-3d89-ce07f78e390c@virtuozzo.com>
On 07/06/2018 06:12 AM, Vladimir Sementsov-Ogievskiy wrote:
>
> Ok, let's go this way for now, I'll rewrite it.
>
> Last requirement looks a bit strange for me in transaction context. We
> should not assume that action is done before commit.
> What is main idea of transaction action, do everything which will not
> fail in commit, or do everything which may be undone in prepare? Is
> there more formal way to manage dependencies between actions in one
> transaction?
Honestly, that's what I was wondering -- is there some formal model
people would be familiar with to help explain inter-dependencies between
transactional actions?
I don't know of one, presently, so I'm making it up as I go along.
I think this statement is intuitively true, though:
"For actions that are affected by other actions, the order of those two
actions matter, with the first action having an effect on the second."
We process actions in a linear order, first .prepare and then .commit --
so actions that come first in the list do have their callbacks executed
first. There's no way to express priority otherwise unless we give
certain actions a priority score, which we don't have right now.
Next, backup actions take ownership of the bitmap in .prepare()... so in
order for bitmap manipulation commands to affect these actions, they
also need to modify the bitmap in .prepare().
This may feel counter-intuitive to how transactions appear to be
designed to work, but on this subject Stefan said (May 2015):
> The ambiguity is whether "commit the changes" for .commit() means
> "changes take effect" or "discard stashed state, making undo
> impossible".
>
> I think the "discard stashed state, making undo impossible"
> interpretation is good because .commit() is not allowed to fail. That
> function should only do things that never fail.
I think this is probably the correct way to proceed, and we ought to
formalize this model. I think it's actually nearly impossible to do it
the other way around, too.
Let's say we've got two actions that both do error-checking in .prepare,
but perform their actual stateful changes in .commit, but are
interdependent.
{ a, b }
- a.prepare() checks state and confirms we will be able to proceed, but
changes no state.
- b.prepare() checks state and confirms it will be able to proceed, but
can't see what a is planning to do.
- a.commit() succeeds as expected.
- b.commit() does not fail as it is not allowed to, but the effects are
undetermined because we have not checked the state change from a.commit()
In general we can get around this, but the more actions we add, the
harder it is to do proper error checking while considering the
hypothetical state after some actions have committed.
I think the model where we take effect in .prepare() and undo it if
necessary in .abort() is actually easier to model in your head, because
error checking is simpler. That's probably the right model, then.
At the very least, I think that's correct for 3.0 and the immediate
future. If you disagree, please speak up because I've long been
particularly uncertain about this aspect.
--John
next prev parent reply other threads:[~2018-07-06 15:38 UTC|newest]
Thread overview: 13+ messages / expand[flat|nested] mbox.gz Atom feed top
2018-07-03 10:53 [Qemu-devel] [PATCH 0/2] transaction support for bitmap merge Vladimir Sementsov-Ogievskiy
2018-07-03 10:53 ` [Qemu-devel] [PATCH 1/2] drity-bitmap: refactor merge: separte can_merge Vladimir Sementsov-Ogievskiy
2018-07-03 16:20 ` Eric Blake
2018-07-05 18:51 ` John Snow
2018-07-05 18:55 ` Eric Blake
2018-07-05 18:56 ` John Snow
2018-07-03 10:53 ` [Qemu-devel] [PATCH 2/2] qapi: add transaction support for x-block-dirty-bitmap-merge Vladimir Sementsov-Ogievskiy
2018-07-03 16:22 ` Eric Blake
2018-07-05 20:40 ` John Snow
2018-07-06 10:12 ` Vladimir Sementsov-Ogievskiy
2018-07-06 15:38 ` John Snow [this message]
2018-07-06 16:27 ` Vladimir Sementsov-Ogievskiy
2018-07-06 20:30 ` Eric Blake
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=43e22b35-39c3-f596-5a0a-f899376911ad@redhat.com \
--to=jsnow@redhat.com \
--cc=armbru@redhat.com \
--cc=den@openvz.org \
--cc=eblake@redhat.com \
--cc=famz@redhat.com \
--cc=kwolf@redhat.com \
--cc=mreitz@redhat.com \
--cc=qemu-block@nongnu.org \
--cc=qemu-devel@nongnu.org \
--cc=stefanha@redhat.com \
--cc=vsementsov@virtuozzo.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).