Feature: File Atomic Write #6133

chris-huxtable · 2018-05-26T22:05:33Z

This PR adds File.atomic_write() to which prevents file corruption during a write.

Sija · 2018-05-26T22:10:28Z

src/file.cr

+
+    begin
+      open(atomic_path, "w", perm, encoding, invalid) do |fd|
+        fd.flock_exclusive() do


Redundant ().

Sija · 2018-05-26T22:10:48Z

src/file.cr

+        end
+      end
+    ensure
+      if (success_flag)


Redundant ()

Sija · 2018-05-26T22:10:58Z

src/file.cr

+      end
+    end
+
+    return success_flag


Redundant return

Sija · 2018-05-26T22:11:06Z

src/file.cr

+
+  # :nodoc:
+  protected def self.atomic_install(atomic_path : String, dest_path : String) : Nil
+    if (info = info?(dest_path))


Redundant ()

I didn't realize brackets were redundant on assignment. Interesting.

Sija · 2018-05-26T22:11:14Z

src/file.cr

+  protected def self.new_atomic_path(path : String, length : Int::Unsigned = 16_u8, limit : Int::Unsigned = 8_u8) : String
+    atomic_path = "#{path}.atomic_#{Random::Secure.urlsafe_base64(length)}"
+
+    while (exists?(atomic_path))


Redundant ()

Sija · 2018-05-26T22:11:35Z

src/file.cr

+      limit -= 1
+    end
+
+    return atomic_path


Redundant return

Sija · 2018-05-26T22:13:40Z

src/file.cr

+    atomic_path = "#{path}.atomic_#{Random::Secure.urlsafe_base64(length)}"
+
+    while (exists?(atomic_path))
+      raise "Failed to generate temporary path." if (limit <= 0)


Exception message IMO should mention the actual reason of the failure - without following dot ..
Redundant () too.

raise "string" won't do, needs to be an exception class

oprypin · 2018-05-26T22:13:43Z

src/file.cr

+    atomic_write(path, perm, encoding, invalid) do |fd|
+      case content
+      when Bytes then fd.write(content)
+      when IO    then IO.copy(content, fd)


Consider making different method overloads

I just copied File.write() which uses this method. I suspect its for verbosity reasons. @asterite, @RX14, @straight-shoota, any opinions?

This is shorter so I don't really care.

RX14 · 2018-05-26T22:26:04Z

src/file.cr

+        end
+      end
+    ensure
+      if success_flag


open(...) do |fd| # ... atomic_install(atomic_path, path) rescue ex delete(atomic_path) raise ex end

should work?

RX14 · 2018-05-26T22:27:01Z

src/file.cr

+      end
+    end
+
+    success_flag


This shouldn't return a bool: it always returns true or raises an exception.

RX14 · 2018-05-26T22:29:43Z

src/file.cr

+  protected def self.new_atomic_path(path : String, length : Int::Unsigned = 16_u8, limit : Int::Unsigned = 8_u8) : String
+    atomic_path = "#{path}.atomic_#{Random::Secure.urlsafe_base64(length)}"
+
+    while exists?(atomic_path)


Just hardcode length = 16, then you're using 128bits of random and can assume there's no clashes. Then you can just remove this method.

RX14 · 2018-05-26T23:01:59Z

src/file.cr

+      chmod(atomic_path, info.permissions)
+      chown(atomic_path, info.owner, info.group)
+    end
+    rename(atomic_path, path)


Shouldn't this chmod/chown/rename be inside the rescue block? (not the open block)

I don't think so, chmod/chown/rename should be done only if the write was successful (no exception)

Oops, I worded that terribly.

I meant inside a begin/end block which has a rescue block, instead of inside the rescue block.

You mean, in case chmod/chown fails?

asterite · 2018-05-27T13:30:39Z

This should be in a shard.

Sija · 2018-05-27T19:06:13Z

@asterite Why do you think so?

asterite · 2018-05-27T21:25:54Z

@Sija Because I expected that to be a syscall that writes the file atomically. This is one way to do it: create a temp file (no control over the name), rename it, change permissions. All of that doesn't happen atomically. There's no such thing in Ruby, Go, etc. They are provided as packages/gems. It can be provided as a shard too.

RX14 · 2018-05-27T21:41:38Z

I largely agree. This isn't an OS primitive, so I think it's a bit too opinionated and special-case to be in the stdlib.

oprypin · 2018-05-27T21:43:23Z

So, @chris-huxtable, don't take this as a dismissal. Please do actually make a shard, it would be very useful :)

asterite · 2018-05-27T22:04:09Z

Indeed! For example there's this for Go. There's this (and I think others) for Ruby, etc.

chris-huxtable · 2018-05-28T17:34:47Z

I have written a shard, atomic_write, and updated it to what is in this PR. If any one else is interested.

oprypin · 2018-05-28T17:36:10Z

Of course, it would be better to not reopen a standard library module there

chris-huxtable · 2018-05-28T17:45:14Z

@oprypin - One of the reasons I think it should be in the stdlib (not to mention I think atomic writes should probably be the default). This is similar to atomic_write, referenced above. I also don't prescribe to the philosophy which promotes the prohibition of class extension. I come from Objective-C which treats this as a positive feature of a language. That being said, I realize it can be improperly maintained. This also isn't really a good place to have this argument though.

RX14 · 2018-05-29T12:33:14Z

Should we close then?

chris-huxtable added 2 commits May 26, 2018 17:30

Adds atomic_write

025c071

Formatting

6e4f02d