On 29.03.2017 08:18, Niall Douglas via Boost wrote:
Whatever is lost is lost, the *key* feature is that damaged data doesn't cause further data loss.
I'm struggling to see how you can guarantee that without _any_ guarantees from the OS or hardware.
If so, why throw it all away? Maybe the user has an OS, a filesystem and some hardware which can guarantee this?
Because a proper implementation of durability should be able to use no fsync and no O_SYNC at all. In that case, you get "late durability" where minutes of recent writes get lost after power loss. For users where that is unacceptable, O_SYNC should be turned on and you now have "early durability" where only seconds may be lost. You pay for that early durability with much reduced performance.
Without O_SYNC and fsync, replace "minutes" with "hours" or "days". This may be entirely unacceptable. With O_SYNC you get horrible performance as you note, which may be entirely unacceptable. Also, I'm assuming the hardware may ignore the O_SYNC as much as it can ignore the fsync, in which case you're SOL anyway. Regards - Asbjørn