[This is preliminary documentation and subject to change.]
The RSM database is designed to handle a variety of I/O error conditions from the file system. The most common error is a full disk. In this case, the RSM database restricts further write access to the database and uses either the main data file or the replica to support further read requests. The replica is used if the disk full error occurred during a data file update. Since write access is restricted, the replica data file is guaranteed to be consistent and is used to rebuild the database to a consistent state when RSM is restarted. Partial reconstruction of the index file might occur on-the-fly to repair any indexes that might have been in mid-update.
If the database experiences I/O errors other than disk full, the database shuts down. The intent is to prevent damaging the database files further.