What to do if JetRollback fails?

Jun 10, 2016 at 1:51 AM
JetRollback's documentation has this comment:

"On failure, the transactional state of the session will remain unchanged. No change to the database state will occur. A failure during rollback is considered to be a catastrophic database error." What does "a catastrophic database error mean"? Should the instance be terminated and re-initialized? Should the application exit? Does answering that depend on how it fails?

As "background", the application was unintentionally crashing itself when JetRollback failed (in some situations), and that's been addressed, but after reading JetRollback's documentation more closely, I've been wondering if fixing that by not crashing was actually the right way to address it, or if we should have done a failfast terminate if JetRollback ever fails.
Jun 28, 2016 at 11:03 PM
Yes, the instance should be terminated and re-initialized.

The safest option is to treat rollback failures as instance unavailable. In most cases it is the only available option, and the engine will return JET_errInstanceUnavailable on any subsequent operations.

You should call JetTerm() with JET_bitTermDirty to cleanup resources. Then recreate the instance and run recovery.
Aug 26, 2016 at 2:21 AM
I apologize for not responding earlier. Thanks for the reply / confirmation. Slightly amusingly, the way that the application is using its instance, a process exit and restart is probably the only meaningful way of dealing with it (after initialization, there's no clean way of dealing with the instance becoming offline temporarily). I'll have to make a note to handle this better in the future.