Review: Orthogonal Persistence

Must fix

• Memory size inconsistency — "approximately 500 GB": The page says "approximately 500 GB" in the stable memory section and "Hundreds of GB" in the trade-offs table. Other docs pages (e.g., docs/concepts/canisters.md) use "up to 500 GiB". Align to "up to 500 GiB" in both locations. GiB vs GB is a meaningful distinction (500 GiB ≈ 537 GB).

• "Bricked" claim is overstated: The "dangerous pattern" section says when pre_upgrade traps, "the canister is bricked — the upgrade fails and the data cannot be recovered." The IC interface spec provides a skip_pre_upgrade flag specifically for this recovery scenario (though it risks data loss). Soften to something like: "the upgrade fails, and recovery requires the skip_pre_upgrade flag, which may result in data loss."

Suggestions

• #[init] and #[post_upgrade] "must be defined": Technically, stable structures auto-restore without these hooks — they're only needed to reinitialize transient state (timers, caches). The page already notes this in the parenthetical. Consider softening to "should be defined" since the icskill says "the canister may silently reset state." The current "must" is defensible as good practice but slightly stronger than the reality.

• Heap memory "wiped" framing for Rust: The page says heap is "Historically wiped on canister upgrade (Rust)." The word "historically" implies this changed — it didn't for Rust (raw heap data is still wiped on upgrade). Consider: "Wiped on canister upgrade (Rust) — use stable structures to persist data."

• Trade-offs table "Use case" row: The table says heap is for "Caches, temporary computation" and stable memory for "All persistent application data." In Motoko with persistent actor, the runtime persists heap data transparently — so the heap IS used for persistent data in Motoko. The table is Rust-centric. Consider adding a note or qualifier.

Verified

• All 3 internal links resolve to existing files (../guides/backends/data-persistence.md, ../languages/rust/stable-structures.md, ../guides/canister-management/lifecycle.md)
• Motoko code verified against .sources/motoko/ and .sources/motoko-core/: persistent actor, transient var, Map.empty, Map.add, Nat.compare all confirmed
• Rust stable structures pattern verified against icskill: MemoryManager, VirtualMemory, StableBTreeMap, DefaultMemoryImpl, MemoryId, thread_local! pattern all match
• Heap memory limits "4 GB for wasm32, 6 GB for wasm64" — correct
• No CLI commands or step-by-step procedures — properly stays in concept/explanation territory (Diataxis compliance)
• No dfx references, no .mdx/JSX, plain markdown only
• Frontmatter complete with icskills: [stable-memory]
• Content brief fully covered: heap persistence, stable memory, Motoko auto-persistence, Rust stable structures, trade-offs, traditional backend comparison
• Upstream attribution comment present
• Code examples are under 30 lines each

Feedback addressed:

• Fixed "approximately 500 GB" → "up to 500 GiB" in stable memory section, aligned trade-offs table
• Also fixed heap memory sizes to use GiB consistently (4 GiB / 6 GiB)
• Added note about subnet shared storage budget with link to subnet selection guide
• Softened "bricked" → mentions skip_pre_upgrade flag for recovery (with data loss risk)
• Changed #[init]/#[post_upgrade] from "must be defined" to "should be defined" with explanation of why
• Removed "historically" from Rust heap wipe — now reads "Wiped on canister upgrade (Rust) — use stable structures to persist data"
• Made trade-offs table language-aware: heap use case now says "All data in Motoko persistent actor; caches and temporary computation in Rust"
• Added "Shared storage budget" bullet to network-overview "What subnets mean for developers" section

Feedback addressed (restructure):

• Diataxis compliance: Removed all implementation code (Motoko and Rust examples). This page is now a pure concept/explanation page. Code examples and implementation details will live in the data-persistence how-to guide (stub brief updated).
• Orthogonal persistence is Motoko-exclusive: Clarified that only Motoko delivers true orthogonal persistence. Rust section now explicitly states "This is not orthogonal persistence" and contrasts the explicit approach.
• Further reading: Added three external resources — IC Internals blog post, Stellarator Part 2 deep dive, and YouTube short explainer.
• Learn Hub: No relevant Learn Hub articles exist in the inventory for this topic.
• All previous feedback items (GiB units, skip_pre_upgrade, should vs must, heap wipe wording, trade-offs table) remain applied.

Feedback addressed:

• Intro now distinguishes Motoko (fully transparent persistence) vs Rust (explicit stable structures) upfront, instead of implying all persistence is automatic
• Comparison table: "up to subnet limit" → "up to 500 GiB per canister, subject to subnet storage budget"
• Cross-site heap memory alignment: updated canisters.md and cycles-costs.md to "4 GiB (wasm32) / 6 GiB (wasm64)", matching this page and the icskills reference