Round-trip parity proves the engines agree under happy conditions. This plan proves they agree under failure: process kills mid-commit, network partitions, concurrent writers, clock skew. The data must remain correct or roll back cleanly.
The Delta Lake and Iceberg specs describe atomic commits, optimistic concurrency, and checkpointing. This plan tests whether the implementation holds when things go wrong.
A commit is fully visible or fully invisible. No half-states survive process kill, network drop, or disk-full.
Concurrent writers either both succeed in serial order, or the loser retries cleanly against the updated state.
A successful commit survives any failure of any other component after the commit completes.
Each category is a family of failure scenarios. All are planned; results will appear once runs begin.
SIGKILL at each phase: after data files written but before log entry; after log temp file, before atomic rename; after rename, before checkpoint.
Two or more writers race for the same commit version. Exactly one must win; the loser retries cleanly without corrupting the table.
Object storage returns 5xx, drops the connection mid-PUT, or hangs indefinitely. Disk fills mid-write. No half-committed state left on disk.
A long-running read is in flight while VACUUM, OPTIMIZE, or RESTORE runs concurrently. Snapshot isolation must hold.
Wall clock goes backward, jumps forward, or differs across writers. ICT-tagged commits and TIMESTAMP AS OF queries must resolve sensibly.
Truncated checkpoint, missing log entry, partially-written multipart checkpoint. Reader must reconstruct correctly or fail loudly, never silently produce wrong rows.
Every planned chaos test uses the same independent-engine principle as the round-trip checks: both DeltaForge and Spark read the result and must agree.
This page will show each category, scenario, and release result once runs begin.