If an interrupt were to be delivered during the processing of the following methods then the abort protocol could be incomplete. In this case, the journal/conn should reject writes until a property abort/rollback.
Martyn will develop some aggressive tests designed to provoke this failure mode.
The proposed pattern is to have a try/finally around the critical section. Before entering the try/finally, set a boolean variable Ok := false. Upon success, set Ok := true. In the finally, if !Ok then mark the Journal/conn as unavailable for writers. If Ok then mark it as available for writers.?
For the journal, this means that it should reject write() and commit() but not abort(). This is necessary in order to allow a subsequent abort() to correctly discard any buffered state.
Thus, a failed abort will render the journal unusable for writers but will leave it available for readers. A subsequent update transaction should be start and then fail when it attempts to write a mutation on the journal, flush the buffers, or commit. That failure will drive another abort() invocation. If the abort succeeds then the journal will once again be marked as available.
The purpose is to close out a potential problem where an abort() fails and is not redone by the caller.