On Thu, 12 Jul 2012 15:05:26 +0200, Christian Heimes wrote:
> You need to flush the data to disk as well as the metadata of the file
> and its directory in order to survive a system crash. The close()
> syscall already makes sure that all data is flushed into the IO layer of
> the operating system.
And some storage devices (e.g. hard drives, USB sticks) don't actually write data permanently even when you sync the device. They just write to a temporary cache, then report that they are done (liar liar pants on fire). Only when the cache is full, or at some random time at the device's choosing, do they actually write data to the physical media.
The result of this is that even when the device tells you that the data is synched, it may not be.
<rantingrickjohn...@gmail.com> wrote:
> On Jul 12, 2:39 pm, Christian Heimes <li...@cheimes.de> wrote:
>> Windows's file system layer is not POSIX compatible. For example
>> you can't remove or replace a file while it is opened by a process.
> Sounds like a reasonable fail-safe to me.
POSIX says that files and file names are independent. I can open a
file based on its name, delete the file based on its name, and still
have the open file there. When it's closed, it'll be wiped from the
disk.
On Fri, 13 Jul 2012 12:12:01 +1000, Chris Angelico wrote:
> On Fri, Jul 13, 2012 at 11:20 AM, Rick Johnson
> <rantingrickjohn...@gmail.com> wrote:
>> On Jul 12, 2:39 pm, Christian Heimes <li...@cheimes.de> wrote:
>>> Windows's file system layer is not POSIX compatible. For example you
>>> can't remove or replace a file while it is opened by a process.
>> Sounds like a reasonable fail-safe to me.
Rick has obviously never tried to open a file for reading when somebody else has it opened, also for reading, and discovered that despite Windows being allegedly a multi-user operating system, you can't actually have multiple users read the same files at the same time.
(At least not unless the application takes steps to allow it.)
Or tried to back-up files while some application has got them opened. Or open a file while an anti-virus scanner is oh-so-slooooowly scanning it.
Opening files for exclusive read *by default* is a pointless and silly limitation. It's also unsafe: if a process opens a file for exclusive read, and then dies, *no other process* can close that file.
At least on POSIX systems, not even root can override a mandatory exclusive lock (it would be pretty pointless if it could), so a rogue or buggy program could wreck havoc with mandatory exclusive file locks. That's why Linux, by default, treats exclusive file locks as advisory (cooperative), not mandatory.
In general, file locking is harder than it sounds, with many traps for the unwary, and of course the semantics are dependent on both the operating system and the file system.
> POSIX says that files and file names are independent. I can open a file
> based on its name, delete the file based on its name, and still have the
> open file there. When it's closed, it'll be wiped from the disk.
One neat trick is to open a file, then delete it from disk while it is still open. So long as your process is still running, you can write to this ghost file, as normal, but no other process can (easily) see it. And when your process ends, the file contents is automatically deleted.
This is remarkably similar to what Python does with namespaces and dicts:
# create a fake "file system"
ns = {'a': [], 'b': [], 'c': []}
# open a file
myfile = ns['a']
# write to it
myfile.append('some data')
# delete it from the "file system"
del ns['a']
# but I can still read and write to it
myfile.append('more data')
print(myfile[0])
# but anyone else will get an error if they try
another_file = ns['a']
On Thursday 12 July 2012 23:21:16 Steven D'Aprano did opine:
> On Fri, 13 Jul 2012 12:12:01 +1000, Chris Angelico wrote:
> > On Fri, Jul 13, 2012 at 11:20 AM, Rick Johnson
> > <rantingrickjohn...@gmail.com> wrote:
> >> On Jul 12, 2:39 pm, Christian Heimes <li...@cheimes.de> wrote:
> >>> Windows's file system layer is not POSIX compatible. For example you
> >>> can't remove or replace a file while it is opened by a process.
> >> Sounds like a reasonable fail-safe to me.
> Rick has obviously never tried to open a file for reading when somebody
> else has it opened, also for reading, and discovered that despite
> Windows being allegedly a multi-user operating system, you can't
> actually have multiple users read the same files at the same time.
Chuckle. That was one of the 'features' that os9 on the trs-80 color computer had back in the 80's, and it was clean and well done because of the locking model the random block file manager had in OS9 for 6809 cpu's, no relation to the Mac OS9 other than a similar name. That color computer has a separate, text only video card I could plug in and display on an 80 column amber screen monitor.
When I wanted to impress the visiting frogs, I often did something I have never been able to do on any other operating system since, start assembling a long assembly language file on one of the screens on the color monitor, hit the clear key to advance to the amber screen and start a listing on it of the assemblers output listing file.
Because the file locking was applied only to the sector (256 bytes on that machine) being written at the instant, the listing would fly by till it caught up with the assemblers output, running into the lock and then dutifully following along, one sector behind the assemblers output, until the assembly was finished. That was in 1986 folks, and in the year of our Lord 2012, 26 years later, I still cannot do that in linux. When I ask why not, the replies seem to think I'm from outer space. Its apparently a concept that is not even attempted to be understood by the linux code carvers.
Something is drastically wrong with that picture IMO.
> (At least not unless the application takes steps to allow it.)
> Or tried to back-up files while some application has got them opened.
That in fact, ran me out of the amiga business in 1999, a 30Gb drive failed on my full blown 040 + 64 megs of dram A2000. When the warranty drive arrived is when I found that due to file locks on the startup files, all of them involved with the booting of that machine, my high priced Diavolo Pro backup tapes didn't contain a single one of those files. The linux box with Red Hat 5.0 on it that I had built in late 1998 to see what linux was all about found space under that desk yet that evening and I never looked back.
> Or
> open a file while an anti-virus scanner is oh-so-slooooowly scanning it.
> Opening files for exclusive read *by default* is a pointless and silly
> limitation. It's also unsafe: if a process opens a file for exclusive
> read, and then dies, *no other process* can close that file.
> At least on POSIX systems, not even root can override a mandatory
> exclusive lock (it would be pretty pointless if it could), so a rogue or
> buggy program could wreck havoc with mandatory exclusive file locks.
> That's why Linux, by default, treats exclusive file locks as advisory
> (cooperative), not mandatory.
> In general, file locking is harder than it sounds, with many traps for
> the unwary, and of course the semantics are dependent on both the
> operating system and the file system.
> > POSIX says that files and file names are independent. I can open a
> > file based on its name, delete the file based on its name, and still
> > have the open file there. When it's closed, it'll be wiped from the
> > disk.
> One neat trick is to open a file, then delete it from disk while it is
> still open. So long as your process is still running, you can write to
> this ghost file, as normal, but no other process can (easily) see it.
> And when your process ends, the file contents is automatically deleted.
> This is remarkably similar to what Python does with namespaces and
> dicts:
> # create a fake "file system"
> ns = {'a': [], 'b': [], 'c': []}
> # open a file
> myfile = ns['a']
> # write to it
> myfile.append('some data')
> # delete it from the "file system"
> del ns['a']
> # but I can still read and write to it
> myfile.append('more data')
> print(myfile[0])
> # but anyone else will get an error if they try
> another_file = ns['a']
Cheers, Gene
-- "There are four boxes to be used in defense of liberty:
soap, ballot, jury, and ammo. Please use in that order."
-Ed Howdershelt (Author)
My web page: <http://coyoteden.dyndns-free.com:85/gene> is up!
You just wait, I'll sin till I blow up!
-- Dylan Thomas
On Thu, 12 Jul 2012 23:49:02 -0400, Gene Heskett wrote:
> When I wanted to impress the visiting frogs, I often did something I
> have never been able to do on any other operating system since, start
> assembling a long assembly language file on one of the screens on the
> color monitor, hit the clear key to advance to the amber screen and
> start a listing on it of the assemblers output listing file.
> Because the file locking was applied only to the sector (256 bytes on
> that machine) being written at the instant, the listing would fly by
> till it caught up with the assemblers output, running into the lock and
> then dutifully following along, one sector behind the assemblers output,
> until the assembly was finished. That was in 1986 folks, and in the
> year of our Lord 2012, 26 years later, I still cannot do that in linux.
Um, what you are describing sounds functionally equivalent to what tail -f does.
> When I ask why not, the replies seem to think I'm from outer space. Its
> apparently a concept that is not even attempted to be understood by the
> linux code carvers.
You could certainly create a pair of cooperative programs, one which keeps a lock on only the last block of the file, and a tail-like reader which honours that lock. But why bother? Just have the assembler append to the file, and let people use any reader they like, such as tail.
On Thursday, July 12, 2012 10:13:47 PM UTC-5, Steven D'Aprano wrote:
> Rick has obviously never tried to open a file for reading when somebody > else has it opened, also for reading, and discovered that despite Windows > being allegedly a multi-user operating system, you can't actually have > multiple users read the same files at the same time.
You misread my response. My comment was direct result of Christian stating:
(paraphrase) "On some systems you are not permitted to delete a file whilst the file is open "
...which seems to be consistent to me. Why would *anybody* want to delete a file whilst the file is open? Bringing back the car analogy again: Would you consider jumping from a moving vehicle a consistent interaction with the interface of a vehicle? Of course not. The interface for a vehicle is simple and consistent:
1. You enter the vehicle at location A
2. The vehicle transports you to location B
3. You exit the vehicle
At no time during the trip would anyone expect you to leap from the vehicle. But when you delete open files, you are essentially leaping from the moving vehicle! This behavior goes against all expectations of consistency in an API -- and against all sanity when riding in a vehicle!
> Opening files for exclusive read *by default* is a pointless and silly > limitation. It's also unsafe: if a process opens a file for exclusive > read, and then dies, *no other process* can close that file.
Oh come on. Are you actually going to use "errors" or "unintended consequences", or even "Acts of God" to defend your argument? Okay. Okay. I suppose "IF" the car spontaneously combusted "THEN" the passengers would be wise to jump out, leaving the vehicle to the whims of inertia.
> One neat trick is to open a file, then delete it from disk while it is > still open. So long as your process is still running, you can write to > this ghost file, as normal, but no other process can (easily) see it. And > when your process ends, the file contents is automatically deleted.
Well "neat tricks" aside, I am of the firm belief that deleting files should never be possible whilst they are open.
* Opening files requires that data exist on disk
* Reading and writing files requires an open file obj
* Closing files requires an open file object
* And deleting files requires that the file NOT be open
Would you also entertain the idea of reading or writing files that do not exist? (not including pseudo file objs like StringIO of course!).
Summary: Neat tricks and Easter eggs are real hoot, but consistency in APIs is the key.
On Fri, Jul 13, 2012 at 2:26 PM, <rantingrickjohn...@gmail.com> wrote:
> On Thursday, July 12, 2012 10:13:47 PM UTC-5, Steven D'Aprano wrote:
>> Rick has obviously never tried to open a file for reading when somebody
>> else has it opened, also for reading, and discovered that despite Windows
>> being allegedly a multi-user operating system, you can't actually have
>> multiple users read the same files at the same time.
> You misread my response. My comment was direct result of Christian stating:
> (paraphrase) "On some systems you are not permitted to delete a file whilst the file is open "
> ...which seems to be consistent to me. Why would *anybody* want to delete a file whilst the file is open?
POSIX doesn't let you delete files. It lets you dispose of filenames.
Python does the same with its 'del'. The object (file) exists until
the system decides otherwise.
Here's a simpler example: Hardlinks. Suppose you have two names
pointing to the same file; are you allowed to unlink one of them while
you have the "other" open?
On Thu, 12 Jul 2012 21:26:20 -0700, rantingrickjohnson wrote:
> On Thursday, July 12, 2012 10:13:47 PM UTC-5, Steven D'Aprano wrote:
>> Rick has obviously never tried to open a file for reading when somebody
>> else has it opened, also for reading, and discovered that despite
>> Windows being allegedly a multi-user operating system, you can't
>> actually have multiple users read the same files at the same time.
> You misread my response. My comment was direct result of Christian
> stating:
> (paraphrase) "On some systems you are not permitted to delete a file
> whilst the file is open "
> ...which seems to be consistent to me. Why would *anybody* want to
> delete a file whilst the file is open?
Because it is useful and a sensible thing to do.
Why should one misbehaved application, keeping a file open, be allowed to hold every other application, and the file system, hostage?
This is one of the many poor decisions which makes Windows so vulnerable to viruses and malware. If malware can arrange to keep itself open, you can't delete it. Thanks guys!
> Bringing back the car analogy
> again: Would you consider jumping from a moving vehicle a consistent
> interaction with the interface of a vehicle? Of course not. The
> interface for a vehicle is simple and consistent:
> 1. You enter the vehicle at location A > 2. The vehicle transports you to location B > 3. You exit the vehicle
Amusingly, you neglected to specify "the vehicle stops" -- and rightly so, because of course having to stop the vehicle is not a *necessary* condition for exiting it, as tens of thousands of stunt men and women can attest.
Not to mention people parachuting out of an airplane, pirates or commandos boarding a moving ship, pedestrians transferring from a slow moving walkway to a faster moving walkway, farmers jumping off a trailer while it is still being towed behind a tractor (and jumping back on again), and Bruce Willis in "Red" in very possibly the best slow-motion action sequence in the history of Hollywood.
> At no time during the trip would anyone expect you to leap from the
> vehicle.
Expected or not, you can do so.
> But when you delete open files, you are essentially leaping
> from the moving vehicle! This behavior goes against all expectations of
> consistency in an API -- and against all sanity when riding in a
> vehicle!
Fortunately, files on a file system are not cars, and deleting open files is a perfectly reasonable thing to do, no more frightening than in Python deleting a reference to an object using the del statement. Imagine how stupid it would be if this happened:
py> x = 42
py> y = x
py> del y
Traceback (most recent call last):
File "<stdin>", line 1, in <module>
DeleteError: cannot delete reference to object '42' until no other references to it exist
Fortunately, Python doesn't do that -- it tracks when the object is no longer being accessed, and only then physically reclaims the memory used. And so it is on POSIX file systems: the file system keeps track of when the file on disk is no longer being accessed, and only then physically reclaims the blocks being used. Until then, deleting the file merely unlinks the file name from the blocks on disk, in the same way that "del y" merely unlinks the name y from the object 42.
>> Opening files for exclusive read *by default* is a pointless and silly
>> limitation. It's also unsafe: if a process opens a file for
>> exclusive read, and then dies, *no other process* can close that file.
> Oh come on. Are you actually going to use "errors" or "unintended
> consequences", or even "Acts of God" to defend your argument?
Features have to be judged by their actual consequences, not some unrealistic sense of theoretical purity. The actual consequences of mandatory exclusive file locking is, *it sucks*.
Windows users are used to having to reboot their server every few days because something is broken, so they might not mind rebooting it because some file is locked in a mandatory open state and not even the operating system can unlock it. But for those with proper operating systems who expect months of uninterrupted service, mandatory locking is a problem to be avoided, not a feature.
> Okay.
> Okay. I suppose "IF" the car spontaneously combusted "THEN" the
> passengers would be wise to jump out, leaving the vehicle to the whims
> of inertia.
In this analogy, is the car the file name, the inode, or the directory? Are the passengers the file name(s), or the file contents, or the inode? Is the driver meant to be the file system? If I have a hard link to the file, does that mean the passengers are in two cars at once, or two lots of passengers in the same car?
>> One neat trick is to open a file, then delete it from disk while it is
>> still open. So long as your process is still running, you can write to
>> this ghost file, as normal, but no other process can (easily) see it.
>> And when your process ends, the file contents is automatically deleted.
> Well "neat tricks" aside, I am of the firm belief that deleting files
> should never be possible whilst they are open.
[condescension = ON]
Good for you Rick. Having strongly held opinions on things you have only a limited understanding about is your right as an American.
[condescension = OFF]
> * Opening files requires that data exist on disk > * Reading and writing files requires an open file obj
You have missed a step in jumping from files on disk to open file objects.
Open file objects do not necessarily correspond to files on disk. For example, in standard Pascal, file objects are purely in-memory constructs emulating files on a tape drive, with no relationship to on-disk files.
(Any half-decent Pascal compiler or interpreter will *also* give you ways to access real files on disk, but that isn't covered by the standard.)
Even when the file object does come from an actual disk file, we can conclude that before you can open a file for reading, it must exist; but having opened it, there is no *necessary* requirement that it *remains* on disk. If you try to read from an open file object whose underlying file has been deleted, there are three perfectly reasonable behaviours:
- you get an error;
- it is the same result as if the file has been truncated to zero bytes;
- deleting the file only deletes the *name*, not contents, until the last open file handle is shut, and then the contents are deleted.
> * Closing files requires an open file object
Naturally; but open file objects don't require that the on-disk file still exists.
> * And deleting files requires that the file NOT be open
Not at all.
> Would you also entertain the idea of reading or writing files that do
> not exist? (not including pseudo file objs like StringIO of course!).
Define "file" and "exist". Because you are conflating at least three different things:
a file name
an inode (blocks on a disk)
a file object
Of course it is useful to break the abstraction that file objects must be files on disk. StringIO is one such example. Standard Pascal file objects is another. Likewise, it is useful to be able to read from an inode that is no longer connected to a file name.
So, absolutely, yes, it is useful to be able to read and write from files that don't exist, under some circumstances.
> Summary: Neat tricks and Easter eggs are real hoot, but consistency > in APIs is the key.
A foolish consistency is the hobgoblin of little minds.
> Well "neat tricks" aside, I am of the firm belief that deleting files should
> never be possible whilst they are open.
This is one of the few instances I think Windows does something better than OS X. Windows will check before you attempt to delete (i.e. move
to Recycling Bin) while OS X will move a file to Trash quite happily
only tell me it cannot remove the file when I try to empty the Trash.
Ramit
Ramit Prasad | JPMorgan Chase Investment Bank | Currencies Technology
712 Main Street | Houston, TX 77002
work phone: 713 - 216 - 5423
--
This email is confidential and subject to important disclaimers and
conditions including on offers for the purchase or sale of
securities, accuracy and completeness of information, viruses,
confidentiality, legal privilege, and legal entity disclaimers,
available at http://www.jpmorgan.com/pages/disclosures/email.
>> Well "neat tricks" aside, I am of the firm belief that deleting files should
>> never be possible whilst they are open.
> This is one of the few instances I think Windows does something better
> than OS X. Windows will check before you attempt to delete (i.e. move
> to Recycling Bin) while OS X will move a file to Trash quite happily
> only tell me it cannot remove the file when I try to empty the Trash.
While I was trained in the Unix way, and believe it is entirely appropriate to delete an open file. Even if I my program is the opener. It's just too handy to have temp files that disappear on their own.
As opposed to periodically going to %TEMP% and deleting them manually. Gah.
> >> Well "neat tricks" aside, I am of the firm belief that deleting files
> should
> >> never be possible whilst they are open.
> > This is one of the few instances I think Windows does something better
> > than OS X. Windows will check before you attempt to delete (i.e. move
> > to Recycling Bin) while OS X will move a file to Trash quite happily
> > only tell me it cannot remove the file when I try to empty the Trash.
> While I was trained in the Unix way, and believe it is entirely
> appropriate to delete an open file. Even if I my program is the opener.
> It's just too handy to have temp files that disappear on their own.
> As opposed to periodically going to %TEMP% and deleting them manually. Gah.
In my experience things that are "too handy" are usually breaking
what I consider "right". That being said, I am not entirely sure
what I think is "right" in this circumstance. I suppose it depends
on if I am the person deleting or the person who is looking at
a file that is being deleted. Or the user who just wants the stupid
computer to just Work.
I lean slightly towards the POSIX handling with the addition that any additional write should throw an error. You are now saving to a file that will not exist the moment you close it and that is probably not expected.
Ramit
This email is confidential and subject to important disclaimers and
conditions including on offers for the purchase or sale of
securities, accuracy and completeness of information, viruses,
confidentiality, legal privilege, and legal entity disclaimers,
available at http://www.jpmorgan.com/pages/disclosures/email.
<ramit.pra...@jpmorgan.com> wrote:
> I lean slightly towards the POSIX handling with the addition that
> any additional write should throw an error. You are now saving to
> a file that will not exist the moment you close it and that is probably
> not expected.
There are several different possible "right behaviors" here, but they
depend more on the application than anything else. With a log file,
for instance, the act of deleting it is more a matter of truncating it
(dispose of the old history), so the right thing to do is to start a
fresh file. Solution: Close the file and re-open it periodically. But
I don't know of an efficient way to do that with Windows semantics.
Renaming/moving an open file in order to perform log rotation isn't
all that easy.
> I lean slightly towards the POSIX handling with the addition that > any additional write should throw an error. You are now saving to > a file that will not exist the moment you close it and that is
> probably not expected.
I'd say: it depends.
If the amount of data your script needs to process does not fit
in RAM, then you may want to write some of it to a temporary file.
On a Posix system, it's entirely normal to unlink() a temp file
first thing after you've created it. The expectation is that the
file will continue to exists, and be writeable, until you close it.
In fact, there's a function in the standard library named
tempfile.TemporaryFile that does exactly that: create a file
and unlink it immediately. This function would be useless
if you couldn't write to your temporary file.
>> I lean slightly towards the POSIX handling with the addition that
>> any additional write should throw an error. You are now saving to
>> a file that will not exist the moment you close it and that is
>> probably not expected.
Strictly speaking, the file does exist, it's just that there are no
names referring to it. When any handles to it are also closed, the file
_can_ truly be deleted.
As has been said before, in the *nix world, "unlink" _doesn't_ delete
a file, it deletes a name.
> I'd say: it depends.
> If the amount of data your script needs to process does not fit
> in RAM, then you may want to write some of it to a temporary file.
> On a Posix system, it's entirely normal to unlink() a temp file
> first thing after you've created it. The expectation is that the
> file will continue to exists, and be writeable, until you close it.
> In fact, there's a function in the standard library named
> tempfile.TemporaryFile that does exactly that: create a file
> and unlink it immediately. This function would be useless
> if you couldn't write to your temporary file.
It's possible to create a temporary file even in Windows.
> I lean slightly towards the POSIX handling with the addition that any > additional write should throw an error. You are now saving to a file > that will not exist the moment you close it and that is probably not > expected. Ramit
But if I created, then deleted it while holding an open file descriptor, it is entirely likely that I intend to write to it. I'll admit, these days there are those in the Unix/Linux community that consider using an anonymous file a bad idea; I'm just not one of them.
> It's possible to create a temporary file even in Windows.
Windows has a open() flag named O_TEMPORARY for temporary files. With
O_TEMPORARY the file is removed from disk as soon as the file handle is
closed. On POSIX OS it's common practice to unlink temporary files
immediately after the open() call.
On Fri, 13 Jul 2012 15:15:13 -0500, Chris Gonnerman wrote:
> On 07/13/2012 12:59 PM, Prasad, Ramit wrote:
>> I lean slightly towards the POSIX handling with the addition that any
>> additional write should throw an error. You are now saving to a file
>> that will not exist the moment you close it and that is probably not
>> expected. Ramit
> But if I created, then deleted it while holding an open file descriptor,
> it is entirely likely that I intend to write to it. I'll admit, these
> days there are those in the Unix/Linux community that consider using an
> anonymous file a bad idea; I'm just not one of them.
A badly-behaved application can write oodles and oodles of data to an unlinked file, which has the result of temporarily using up disk space that doesn't show up when you do an ls. For an inexperienced system administrator, this may appear mysterious.
The solution is to us lsof to identify the unlinked file, which gives you the process id of the application, which you can then kill. As soon as you do that, the space is freed up again.
Like all powerful tools, unlinked files can be abused. Underpowered tools can't be abused, but nor can they be used.
> And some storage devices (e.g. hard drives, USB sticks) don't actually > write data permanently even when you sync the device. They just write to > a temporary cache, then report that they are done (liar liar pants on > fire). Only when the cache is full, or at some random time at the > device's choosing, do they actually write data to the physical media.
> The result of this is that even when the device tells you that the data > is synched, it may not be.
Yes, that's another issue. Either you have to buy expensive enterprise
hardware with UPS batteries or you need to compensate for failures on
software level (e.g. Hadoop cluster).
We have big storage devices with double redundant controllers, on board
buffer batteries, triple redundant power supplies, special RAID disks,
multipath IO fiber channel links and external backup solution to keep
our data reasonable safe.
