fix db.grow is unusable when NoFreelistSync is on

[uvletter]

Originally Truncate and Sync in db.grow is to solve the problem fdatasync after write cannot garantee file size metadata is flushed(see boltdb/bolt#284). In e67705e over allocation is introduced to save the cost of ftruncate frequently, that's nearly the final form we can see now in db.grow.

Summarize it, db.grow basically has two effects:

1. Fix the file safety issue of fdatasync
2. Improve the performance by reducing the need to flush file metadata

The file safety issue is fixed in torvalds/linux@156bddd and torvalds/linux@b71fc07 long ago, it wouldn't likely to be a problem nowadays(Yes this PR does't fix any severe problem, even without db.grow, boltdb can still run normally).

For a logical consistncy, db.grow should be invoked every time the high watermark of the database size increases, but for now it only happens when commitFreelist is invoked, so I move db.grow out of commitFreelist.

Linked to #285

Signed-off-by: Tian skylypig@gmail.com

[ptabor]

In general I support this change. Thank you for it.

But before submitting It would be good to cover this with a test,
In particular the severity of this issue (so messaging in the bbolt release notes) depend what we will learn about potential failure scenario: is it rather a panic() or memory stomping bug.

[ptabor]

(please --sign-off the commit)

[ptabor]

Please run subtest here using t.Run for having independent failures for both scenarios

[ptabor]

Please consider using btesting.CreateDBWithOptions

[ptabor]

Please use testify's require.NoError(...) for such assertions.

[ptabor]

I'm not sure why this assertions proves that Grow works...

I think that real prove starts when we cross the AllocSize border and discover that small additional allocations puts us on 2*AllocSize. Here the file might have just grown as write at offset consequence.

[uvletter]

Yes the way you mentioned is more obvious, but I have no good idea to make up a database to cross the AllocSize exactly...

Here the file might have just grown as write at offset consequence.

The initial database fills 4 pages, and I put a value of 1 page size, so there would be around 6 pages. mmapSize normalize the datasz to 32kb or multiple of 32kb, and db.grow would truncate to datasz, so I judge by at least double initSize, i.e. 8 pages.

Of course if I can make up datasz to AllocSize, it's more obvious to distinguish.

[ptabor]

1. I think you can iteratively write data of size in order of AllocSize/100.
   And I would guess that around 80th write you would observe the file exceeded 2*AllocSize.
   If we do that write, you should never observe a file of Size x: AllocSize<x < 2 * AllocaSize

2. Seems your math works, assuming we are on 4KB pages (and there are OSes with 64KB pages).
   So minimal version would be to enforce the 4096 page and put in the comment the math that you made here...
   But if 1. is not extremely slow, I would recommend trying 1.

[uvletter]

I adopted the 1. for the readibility. The test time in my laptop is around 10 seconds, which I support is acceptable.

PS the 2. even for odd page size like 64KB, I think it still works. As mmapSize normalize the datasz to 32kb or multiple of 32KB, for 64KB page size and 6 page, the datasz would be 512KB=32KB2^4>64KB6，the initial datasz is 64KB4=256KB, so it still obey newSize >= initSize2. Forgive my rigidness : )

[ptabor]

Thank you. Please fix DCO (--signoff)

[uvletter]

Thank you. Please fix DCO (--signoff)

Thanks, done