Re: crash during file writing, how to recover ?

From: CBFalconer (cbfalconer_at_yahoo.com)
Date: 05/01/04


Date: Sat, 01 May 2004 17:31:01 GMT

Gerry Quinn wrote:
> Kasper Dupont <kasperd@daimi.au.dk> wrote:
>
>> I'm pretty sure the posix standard requires rename to
>> atomically remove and replace the target if it already
>> exists. But I don't have access to the standard, so
>> somebody else will have to check.
>>
>> And using rename to delete the file is the correct way
>> to do because of the atomic behavioure. Deleting the old
>> file before renaming would introduce a race condition.
>
> That sounds like a dangerous approach to me.
>
> Why not rename the old file *first*, before writing the new one.
> Then if the program starts and finds the most recently written
> file is corrupt due to a crash, the last good file remains as a
> backup. Renaming an existing file should be quick, and you can
> wait until it's done before starting to write.

That is not his point. If a rename can fail because the target
file pre-exists, the delete/rename sequence has a hole between
delete and rename in which some other process can create that file
name, and cause a failure. This is a race condition. It is
especially likely to occur with database systems which inherently
tend to service multiple processes from the same database, and
have to 'take steps' to ensure the self-consistency of that
database.

One cure is to provide atomic operations, often by the use of
critical sections or other synchronization primitives. Another is
the concept of 'transactions'.

-- 
A: Because it fouls the order in which people normally read text.
Q: Why is top-posting such a bad thing?
A: Top-posting.
Q: What is the most annoying thing on usenet and in e-mail?