Skip to main content

Module worker

fmf_core::engine

Module worker 

Source
Expand description

The volume worker: the thread that drives one volume through restore-or-scan → Ready → USN tailing → (journal-gone) rescan, forever. volume.rs is the state’s home (VolumeSlot, checkpoint, save helper); this file is the flow’s home. Decisions are pure functions; effects (counters, logs, events, installs, saves) stay in the loop, keyed off the decisions — that split is what lets worker_tests.rs replay the failure paths deterministically without elevation (ADR-0018, S4b).

The full $MFT scan itself is deliberately not behind a seam (the 2-trait cap): its execution stays real-volume territory, covered by the FMF_ADMIN_TESTS layer.

Enums§

CompactionVerdict 🔒
Outcome of the compaction generation recheck (pure half of maybe_compact).
FullScanReason 🔒
Why a full scan was chosen — selects the effect at the call site (counter + warn / info / silence). Effects stay out of the decision.
SnapshotDecision 🔒
How the worker establishes a volume’s index at the top of its loop.
TailStep 🔒
What one blocking-read outcome means for the tail loop.

Constants§

INDEX_CHANGED_DEBOUNCE 🔒
Engine-side debounce for IndexChanged — the only throttle in the whole change path (docs/ARCHITECTURE.md latency budget).

Functions§

compact_recheck 🔒
Pure decision: the compacted copy was built under a read guard at content generation copied_at; installing it is only sound if nothing advanced the generation in between. Single-writer invariant: this volume thread is the index’s only writer, so Abort means that invariant broke somewhere and installing would silently lose the in-between mutations — the copy is discarded loudly instead.
journal_gone_action 🔒
Pure decision: classify one blocking-read outcome into the worker’s next step. Every JournalGone variant maps to a rescan — none is recoverable in place — and an FSCTL error is fatal for the volume.
snapshot_decision 🔒
Pure decision: snapshot-load outcome × live-journal view → restore or full scan. The load result carries only the persisted checkpoint; the index itself never enters the decision.