Commits
David Young committed b4813b0c54f
In H5FD_vfd_swmr_read(), do not verify checksums on shadow entries that are longer than the buffer that the caller supplied: the checksum usually will fail, but that's not actually a fatal condition, and usually we will have another opportunity to verify the checksum. In H5FD_vfd_swmr_read(), remove a bunch of disused code. In H5FD_vfd_swmr_read(), do not re-read a shadow image that has a bad checksum, because a bad checksum indicates a serious problem (writer outran reader, OS defect, hardware failure) from which H5FD_vfd_swmr_read() cannot recover. Rationale: the writer write(2)s new shadow images before the new index, and the new index before the new header. In H5FD_vfd_swmr_read(), the reader has read(2) both the index and the header in full. POSIX semantics indicate that in these circumstances, the last shadow image write(2) MUST be completely visible when we read(2). That is, the index write(2) & read(2) and the header write(2) & read(2) pair cannot divide a preceding shadow-image write(2). The reader may see a "torn" image at this juncture if, for example, the writer got max_lag ticks ahead of it and reused the storage for this shadow image. Even if the reader "recovers" by re-reading the image until its checksum is correct, it cannot be sure that the image thus read is the right one for the HDF5 address passed to H5FD_vfd_swmr_read(), and it cannot be sure that the image thus read is not stale, because it's operating with an out-of-date shadow index. Add log outlets swmr_read, swmr_read_exception, and swmr_read_err. Log to `swmr_read` on entry to H5FD_vfd_swmr_read(), log to `swmr_read_exception` when checksums are skipped for exceptional conditions (page buffer not configured, buffer shorter than shadow image), and log to `swmr_read_err` when the checksum fails.