Next: Crash recovery, Previous: Enabling crash tolerance, Up: Crash Tolerance [Contents][Index]
When your application knows that the state of the database is
consistent (i.e., all relevant application-level invariants hold),
you may call gdbm_sync. For example, if your application
manages bank accounts, transferring money from one account to another
should maintain the invariant that the sum of the two accounts is the
same before and after the transfer: It is correct to decrement account
‘A’ by $7, increment account ‘B’ by $7, and then call
gdbm_sync. However it is not correct to call
gdbm_sync between the decrement of ‘A’ and the
increment of ‘B’, because a crash immediately after that call
would destroy money. The general rule is simple, sensible, and
memorable: Call gdbm_sync only when the database is in a state
from which you are willing and able to recover following a crash. (If
you think about it you’ll realize that there’s never any other moment
when you’d really want to call gdbm_sync, regardless of whether
crash-tolerance is enabled. Why on earth would you push the state of
an inconsistent unrecoverable database down to durable media?).