Initial checking after changing from hg to git.

[LaFS.git] / credits.doc

Credits allow us to be sure that we can write out all dirty blocks
without exhausting the log.

Before a block can be marked as 'Dirty' it must hold two credits, one
for itself and one to assist with writing index blocks (which may
require splitting).
Further, every ancestor must also have the same two credits.

If a data block is not Pinned to the current phase, then it and
every ancestor must also have a pair of credits for the next phase.
If these credits are hard to come by, we can still Dirty a data block
by pinning it.  This requires a checkpoint lock.

Each block has 5 credit flags.
 2 for this phase (Credit and ICredit)
 2 for next phase (NCredit and NICredit)
 1 to hold the ICredit between allocation and incorporation.

When we might want to dirty a data block (e.g. PinPending or just
before actually dirtying it), we allocate the needed credits.  If
credits aren't available (i.e. the filesystem is nearly full, or needs
cleaning) that might block (if the update is expected to free up space
and we are eating into the first reserve) or it might fail (e.g. if we
are allocating new space).

When we release a data block, we free all the credits.  Keeping proper
track of all credits is important.

When we write a block, the Credit is used to pay for that writeout.
The ICredit is moved to UnincCredit until incorporation.
If the block is dirtied again, before incorporation, two new credits
will be needed.  If another writeout happens while UnincCredit is
still set, the ICredit is simply returned.

When incorporation happens, if no splitting is needed, the UnincCredits
from all new blocks are simply returned.
If splitting is needed, the UnincCredits are used to fill the Credit
requirements of any new block.  However there might not be enough.

In the worst case, a split is required with just one UnincCredit.
This can provide the required Credit, but no ICredit.
In this case we need to steal Next-phase credits from lower levels in
the tree by pinning data blocks to the current phase....

If everything below is pinned to the current phase, we can take our
own next-phase credits.... unless we are on a phase-change.

Note: Old-phase index blocks are never incorporated if they have
old-phase children.

Hmmm.. ICredit only needed on index blocks which do not have room for
3 new allocations.
Thus if there are 3 or more children, we get enough credits from them.
If there is only 1 or 2, we won't split so don't need ICredit...

So:...

 Index block marked dirty when first child allocated.
 So it needs to have Credit when not dirty/realloc.

Cases:

  1/ All incorporations work.

     Inherited credits propagate up filling gaps.


  2/ Incorporation cause an h-split

      worst case:  We have an index block which is full of large extents.
       One block in the middle of one extent is relocated.  This one
       block caries an ICredit.

         The index block has an ICredit too, so there are two ICredits.
         One dirties the new block.  One is made available to parent.
         This pattern propagates up.

      So: when a set of children are incorporated, at least half of them
         must have ICredits.  These are used to split a block.
         If a double-split is needed, there must be plenty of credits.


  3/ Incorporation requires a v-split

      This is when the inode is full and we need to create an
       index block below it.
      This block is dirtied by the ICredit if the inode block.
      Which will be filled in again when incorporation happens below.

      Worst case is that inode is full of large extents.  A single block is
      added.  The vsplit happens.
      The ICredit from the single block becomes the ICredit for the inode.


Issue:
   If we incorporate a given index block multiple times in one checkpoint
    it will lose all it's credits, as we only refresh them when new blocks are
    dirtied, or on phase change..... no, that's not right.

   When we allocate any block, we pin all the parents.
   When we unpin a parent (or re-pin to next phase) we claim the N* credits.
   If we cannot refill the N* credits, we pin children to the current phase.
   This allows us to:
        1/ Steal their N* credits which may give us enough credit to continue, or
        2/ ensure that after this block is written, there will be no
           dirty children



Old text:


   Ok, maybe I have it now...  Let's be as detailed as possible.

   Every data block has 2 bits signifying pre-allocation.  Each bit
     reflects one credit (block of space).  When the block is dirtied
     or locked, one bit is cleared to reflect the space about to be
     used.  The other is moved to 'Uninccredit'.

     When Uninc is cleared by incorporation, Unincredit is available
     for index splitting etc.  Note that by this time the block could
     be pre-allocated or dirty again, which means more blocks
     allocated.

   Every index block has 4 bits signifying pre-allocation credits.
     There are two for each phase.  One is to write out the block.  One is to
     allow for splitting/incorporation.  The second is not required
     when the index block has room for 3 new allocations (30 bytes of
     internal, 36 leaf).

   The primary rule is that if a datablock is locked or dirty, then
     all index blocks up to the root must have at least preallocation
     in the current phase, and two if there may not be room for 3 more
     indexes. 

   This is achieved by:
     Before a datablocks can be locked or dirtied, it must have
     preallocation, and all indexblocks above it must have
     preallocation in both phases.  If not, either fail or block.

     Before an out-of-phase leaf index block can have incorporation,
     either it must have no dirty child, or it and all index blocks
     above it must be have all prealloc bits set.  i.e. if their
     is a failure setting some unset bit, then flush all children.
     We know new children cannot become dirty until the bits are set.

     Before any in-phase index block can have incorporation, it and
     all parents must have both bits set.  If there is a failure
     setting any bits, we wait for a phase-change (which probably
     just got triggered).

   When incorporation happens there is at least one block provided by
   every two being incorporated, and each index block being
   incorporated into has at least one block, or two if it doesn't have
   room for 4 more indicies.

   If all indicies fit, then the one that the block owns is used to
   write it, and the one from the at-least-one child is made available
   to the parent.  Any others are discarded (in the out-of-phase case).

   If a split is required the next-phase bits are shared.  If there
   aren't 2, then there are no children, and none are needed.  If
   there are, then they go one-each as both blocks will have some
   space (maybe).
   
   If a split is required and there are 4 or more children, then there
   is one block that the iblock owns, and 2 or more from the children.
   These are used to write out the two blocks and pass one up.  If
   there are more children incorporated, their bits are given to the
   next phase as they might then be needed, and possibly passed up as
   extras.

   If a split is required and there are 3 or fewer children, then
   there are two blocks of space that the iblock owns, and 1 or more
   from the children. These are enough to write out the two blocks and
   pass 1 set bits on allset bits on allup.

   When an inode 'splits' (vertically), we leave all bits with the
   lower block as the inode will be written using the space allocated
   to the data block.  However when there is excess credits after an
   incorporation, they should be given to the parent incase another
   depth increase is needed.

   So, what bits do we need:
      - 1 - does Uninc carry a credit - sometimes it won't. - B_UnincCredit
      - 2 - this-phase credits  B_Credit B_ICredit
      - 2 - next-phase credits  B_NCredit B_NICredit

    When we dirty or lock a block, the credits from the appropriate
    phase move into the dirty/lock bit and the uninc_credit bit.
    On writing, the dirty bit is cleared
    On incorporation, the uninc credit bit is used.

    The next-phase credit bits are never used for data blocks.

--------------------------------
Question:
  What causes us to flush everything at a phase change when short of
  credits?
Answer:
  When an index block changes phase, if we cannot allocate credits for
  the new NextPhase, we Pin all data blocks below, so at the next
  phase change everything gets written out.
--------------------------------
IMPORTANT.
  Credit and ICredit are set before block is dirty.
  They are moved to Dirty and UnincCredit when block is dirtied
  These are then cleared when block is written/incorporated.
  NCredit/NICredit are only needed for Index blocks.
  They are transferred to Credit and ICredit at phase change.
  They then need to be refreshed.  If that fails, we need to pin
  all descendents to the next phase.

  An InoIdx block doesn't get written out or incorporated.  Only the
  matching data block does.
  So on phase-flip of an InoIdx, we move Dirty/UnincCredit to the
  data block and Pin it to the old phase.
  Once Pinned, metadata updates stay in the inode and don't flush
  through to the data block. When unpinned, if I_Dirty is set, we
  flush the inode to the data block