Expand description
fsx — the one atomic, durable file write for db.md’s primary data.
Every store-state file that holds primary data — content records
(crate::parser::write_file), log.md and its archives (crate::log),
and in-place link rewrites — is written through write_atomic or
write_atomic_new:
- write the bytes to a uniquely-named sibling temp file in the same
directory (
create_new, so a predictable temp name can never be clobbered — closing the temp-clobber race); fsyncthe temp file;- either
renameit over the destination (write_atomic) or hard-link it into place with create-new semantics (write_atomic_new); fsyncthe parent directory so the committed directory entry survives a crash.
These are the only primitives for durable writes — never std::fs::write,
which is neither atomic nor crash-durable. Use write_atomic when replacing
an existing file is intended; use write_atomic_new when the destination
must not already exist.
Not for the index. index.md / index.jsonl are derived, rebuildable
artifacts on the O(changed) write-through path; they use their own
atomic-but-not-fsync’d writer (crate::index’s AtomicTemp) on purpose
— a crash-lost index write is recovered by dbmd index rebuild, so paying an
fsync per catalog update on the hot loop would be cost without benefit.
Functions§
- write_
atomic - Atomically and durably replace
pathwithbytes(see the module docs for the write/fsync/rename/fsync sequence). The parent directory is created if missing. On any early return between temp-file creation and a successful rename — awrite_all/sync_allfailure (ENOSPC, EIO, quota) as well as a rename failure — the temp file is cleaned up rather than leaked, via the [TempGuard]Dropimpl (mirroringindex.rs’sAtomicTemp). - write_
atomic_ new - Atomically and durably create
pathwithbytes, failing withstd::io::ErrorKind::AlreadyExistsif the destination already exists.