CYRUS_SKIPLIST_UNSAFE

[Rob Mueller]

I was doing an strace of some cyrus processes, and noticed quite a few
fsync() and fdatasync() calls in there. We're using mostly skiplists for
mailbox and seen state, and I noticed this in the source code.

    if (getenv("CYRUS_SKIPLIST_UNSAFE")) {
        do_fsync = 0;
    }

And then:

        if (!r && do_fsync && (fsync(db->fd) < 0)) {
            syslog(LOG_ERR, "DBERROR: fsync(%s): %m", db->fname);
            r = CYRUSDB_IOERROR;
        }

So this lets you turn off the use of fsync() calls altogher, but is clearly
regarded as "unsafe". I was wondering however, how "unsafe" it would be to
remove the calls from the commit() code, which I'm guessing is called the
most, but leave them in the checkpoint() and recovery() code?

Doesn't really "unsafe" in this instance mean "Unsafe if the system
crashes", but it's not really unsafe if the program itself crashes, because
any changes made will still be written back eventually by the OS? What if
the OS crashes, will it still be able to recover back to the last checkpoint
if they use fsync() calls?

Just curious on what the general aspects of trading safety and performance
might be and if it's at all possible.

Rob