On 5/21/07, Kevin Day <kevin@trumpetinc.com> wrote:
I guess this starts to come back to a best practices issue:  If there is an IOException during commit(), then do we need to assume that the state of the record manager is invalid, and we need to immediately close the recman and (possibly) try to open it again?  Or should the recman itself have some sort of trigger that causes all operations on it to fail once we hit an IOException during commit?

I think the RecordManager implementation should protect against this kind of error.  If its internal state is compromised, it should at least fail-fast and prevent further operations.  And if it can transparently recover from the failure, all the better.  In this case, we could detect the low disk-space condition and switch to a read-only mode.