This invention relates to the improvement in a file system which stores data, and more particularly to a file system which excels in reliability.
Most computers have internal storage and external storage. Internal storage requires a continuous electric power supply from the outside in order to store data. The main memory RAM is typical of such an internal storage. External storage is usually a magnetic disk or an optical magnetic disk. Concerning external storage, the recording medium may be removed. A multitudinous block including many pieces of data is called the unit of access and is usually formed on the medium.
For example, a floppy disk has 2 surfaces, each surface respectively having 80 tracks which are arranged in a concentric circle arrangement, each track being divided into 16 sectors and a block corresponding to one or more continuous sectors. In a fixed (hard) disk drive, a recording medium is the firm disks which are laminated like a cylinder with many surfaces. Moreover, in a fixed disk drive, a term "track" is not used and a term "cylinder" is used.
In most cases, the single operation to write data on a disk renews a plural number of blocks on a medium. A first reason is because the size of a block (for example 256 bytes) is usually far smaller than a data quantity of a single operation. For example, to store a document consisting of the several pages which are edited on a computer, a lot of blocks or sectors are necessary. The second reason is because management of data on a medium is usually executed in the unit of a file and, moreover, the file data is stored on different areas of the medium like the contents of a book and includes FAT (File Allocation Table) and directory information to locate the data.
A file system, which is the generic name for external storage or a control procedure of this external storage, also requires management information like FAT (File Allocation Table) and directory information. For this reason, when a file is renewed, even just to lengthen a file only 1 sector, the FAT and directory information also must be renewed, in addition to the data which becomes part of a file.
In a file system, a buffer is usually used with a fixed area formed in memory to temporarily accumulate the data which is to be written to a medium. A buffer may use the main memory and may be allocated on a sub-computer to control the drive. For example, in the system composed of a disk and a buffer, when the data which is recorded in a block on a disk needs to be changed, contents of changed data are not written in a disk directly but are stored on the buffer temporarily. Before a system shuts down, data block(s) in the buffer (hereinafter called buffer block) must be written in a disk for renewal. After such a buffer block accumulates data to a certain extent, practical disk access is executed, so that frequency of disk access is decreased and processing can be made efficient.
When the buffer has been filled up with data which is not yet written on a disk and new data cannot be written in the buffer, a disk is renewed by buffer blocks. Then, the process is repeated and new data is stored in the area of the buffer which was renewed.
These days a file system with said buffer is used generally whereas, conventionally, only a single drive (not duplicated) was used to store a file. The computer which does not save data to a number of storage media frequently suffers a loss of data arising from failure of a drive. Typical troubles of a drive include a loss of power, damage to a control circuit, a head crash and so on. The most unfortunate result arising from the failure is that a medium is left with the "writing unfinished".
In a "writing unfinished", state only a portion of the block is renewed and the remaining block is unrenewed. The portion of the partially-renewed data that has been renewed, are written to the disk, may contradict the portion of the file that has not been renewed also the information in the FAT concerning the file and its directory may not correspond to the actual area used on the disk. But, when a drive fails, the renewed data in the file not written to the disk may be lost or may become difficult to restore.
Moreover, other examples of "writing unfinished" states are as follows. That is, when only FAT is renewed and directory information is not renewed, the management data loses consistency. One other example is that, when continuous blocks constitute a part of a single file, data of the specific block is renewed, and data of a next block is unrenewed.
Consistency is naturally lost between old data and new data. Restoration of a file with unrenewed data mixed with renewed data is far more difficult than restoration of the file with wholly unrenewed data. One cause of this difficulty is that it is difficult to specify the old part and the new part. Moreover, another cause of inconsistent data (especially, in magnetic disks) is that when a head falls into the disk, the data on a medium is destroyed. This is because a magnetic field for writing which eminates from a head becomes a false "usual" status and damages information on a magnetic surface.
When the management data to access the file contents is lost, the entire file is lost. Especially, when a system file of a computer is lost, a computer system cannot be started and a diagnosis of the defect and a restoration become impossible.
Leniency for such loss of data differs by field. For example, in a field of arrangement of veil vote calculation, experimental data, document making and etc., it is possible to start over again from old data. Anti-accident reliability is not required so much in such fields. On the other hand, disappearance of data is not permitted in a field such as control of a large plant and control of a traffic system or a bank account management, and starting over again is not possible in such fields. In banking, since loss of data instantly causes danger and confusion of rights and duties, anti-accident reliability is required to a high degree.
In recent years, accompanied with downsizing of computer systems, systems used in the field which do not require anti-accident reliability have come to be used in the field which does require high anti-accident reliability. For example, a UNIX file system, which is utilized abundantly on a small-sized computer and does not consider anti-accident reliability, has come to be utilized in the field which requires anti-accident reliability. Therefore, improvement of anti-accident-reliability is an important subject.
Mirroring and a distributed file system is one way to prevent loss of a file and improve anti-accident reliability. Mirroring is a technique which connects plural drives with a single computer and completely writes the same data to each drive. Moreover, a distributed file system is a system which connects plural drives to a computer, which usually stores files of identical contents on plural drives.
According to such a multiple file system, since the same data is multiply stored in some drives, even though a partial drive fails, restoration of files and execution of work is possible by using the file which was left in the remaining drive.
However, a multiple file system has an unresolved problem in that a "writing unfinished" state can occur by plural drives at the same time. This is because an entry to the plural drives could occur at the same time in an existing file system. In addition, this problem may also occur because a unit of the buffer block, which renews blocks of a drive, was saved to the wrong file.
For example, when 2 buffer blocks were respectively operated on 2 drives by a single operation, the condition, which only 1 block is renewed and another block is not renewed by a mutual drive, frequently occurred. An especially unfortunate condition occurs when a "writing unfinished" state happens on all drives having the same file. In this case, all plural files of identical contents are lost. In the prior art, the danger of losing all files has made a file system less reliable.