LWN.net Logo

Not logged in

Log in now

Create an account

Subscribe to LWN

Recent Features

LWN.net Weekly Edition for May 16, 2013

A look at the PyPy 2.0 release

PostgreSQL 9.3 beta: Federated databases and more

LWN.net Weekly Edition for May 9, 2013

(Nearly) full tickless operation in 3.10

Printable page
Weekly edition Kernel Security Distributions Contact Us Search
Archives Calendar Subscribe Write for LWN LWN.net FAQ Sponsors

How we learn APIs

How we learn APIs

Posted Mar 17, 2009 18:19 UTC (Tue) by droundy (subscriber, #4559)
In reply to: How we learn APIs by christian.convey
Parent article: Better than POSIX?

Unless we can get programmers to learn APIs differently, I don't see how we can avoid providing them with a more helpful API if we want them to write robust programs.

I've been wondering whether we might be able to quantitatively describe a "robust" implementation of the POSIX API in terms of the published API in a way that is relatively easy to convey to its users. For instance, I'd like to know that if my application is written so as to behave correctly (as understood by myself and my users) in any scenario in which any subset of processes are abruptly killed, and the connection to the disk is severed at any time--assuming that the disk is always in a "correct" state at the time it is severed, in the sense of reflecting all IO preceding that point, and that all IO after that point has no effect on the disk, and fsync fails after that point--then my application is also robust in the event of a system crash. This is a relatively simple criterion of *application* robustness, which then could define *file system* robustness.

As an application developer, that's what I'd like to have assurance of. In the extremely common case that we don't care if data has actually hit disk (i.e. our application will work fine on a RAM disk), the latter scenario of severed disks is irrelevant, and we just want to know that the guarantees that POSIX provides with regard to the running system are preserved in case of crash. And that's something I can reason about. And it's even something I can test my application for without installing special non-robust file systems and pulling the plug on the computer.

(Log in to post comments)

How we learn APIs

Posted Mar 19, 2009 17:35 UTC (Thu) by anton (guest, #25547) [Link]

What you describe sounds very simular to what in-order semantics provides.

How we learn APIs

Posted Mar 20, 2009 13:53 UTC (Fri) by droundy (subscriber, #4559) [Link]

Yes, that exactly describes the semantics I'd like--and the page even gives the same reasoning for it. It seems so obvious that this should be the goal of a file system!

(Although I can see an appeal to relaxing the in-order constraint for IO from different processes... one ought to be able in principle to do that while maintaining in-order semantics if one were to examine locks---and information flow in general---to ensure that you didn't reorder IO that could be causally related.)

How we learn APIs

Posted Mar 20, 2009 18:36 UTC (Fri) by anton (guest, #25547) [Link]

Although I can see an appeal to relaxing the in-order constraint for IO from different processes
Well, given that Unix applications often create lots of processes that interact in lots of interesting ways (think shell scripts), I think it's just too hard to find out when two operations are independent. I also don't think that this relaxation buys much if the in-order constraint is implemented efficiently (by combining a large batch of operations and commiting them together).

Copyright © 2013, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds