On Tue, Nov 28, 2000 at 04:24:34PM -0500, Tom Lane wrote:
> Nathan Myers <ncm@zembu.com> writes:
> > In the event of a power outage, the drive will stop writing in
> > mid-sector.
>
> Really? Any competent drive firmware designer would've made sure that
> can't happen. The drive has to detect power loss well before it
> actually loses control of its actuators, because it's got to move
> the heads to the safe landing zone. If it checks for power loss and
> starts that shutdown process between sector writes, never in the middle
> of one, voila: atomic writes.
I used to think that way too, because that's how I would design a drive.
(Anyway that would still only give you 512-byte-atomic writes, which
isn't enough.)
Talking to people who build them was a rude awakening. They have
apparatus to yank the head off the drive and lock it away when the
power starts to go down, and it will happily operate in mid-write.
(It's possible that some drives are made the way Tom describes, but
evidently not the commodity stuff.)
The level of software-development competence, and of reliability
engineering, that I've seen among disk drive firmware maintainers
distresses me whenever I think about it. A disk drive is best
considered as throwaway cache image of your real medium.
> Of course, there's still no guarantee if you get a hardware failure
> or sector write failure (recovery from the write failure might well
> take longer than the drive has got). But guarding against a plain
> power-failure scenario is actually simpler than doing it the wrong
> way.
If only the disk-drive vendors (and buyers!) thought that way...
Nathan Myers
ncm@zembu.com
