- package tempfile
-
- import (
- "fmt"
- "io"
- "os"
- "path/filepath"
- "strconv"
- "strings"
- "time"
-
- tmsync "github.com/tendermint/tendermint/libs/sync"
- )
-
- const (
- atomicWriteFilePrefix = "write-file-atomic-"
- // Maximum number of atomic write file conflicts before we start reseeding
- // (reduced from golang's default 10 due to using an increased randomness space)
- atomicWriteFileMaxNumConflicts = 5
- // Maximum number of attempts to make at writing the write file before giving up
- // (reduced from golang's default 10000 due to using an increased randomness space)
- atomicWriteFileMaxNumWriteAttempts = 1000
- // LCG constants from Donald Knuth MMIX
- // This LCG's has a period equal to 2**64
- lcgA = 6364136223846793005
- lcgC = 1442695040888963407
- // Create in case it doesn't exist and force kernel
- // flush, which still leaves the potential of lingering disk cache.
- // Never overwrites files
- atomicWriteFileFlag = os.O_WRONLY | os.O_CREATE | os.O_SYNC | os.O_TRUNC | os.O_EXCL
- )
-
- var (
- atomicWriteFileRand uint64
- atomicWriteFileRandMu tmsync.Mutex
- )
-
- func writeFileRandReseed() uint64 {
- // Scale the PID, to minimize the chance that two processes seeded at similar times
- // don't get the same seed. Note that PID typically ranges in [0, 2**15), but can be
- // up to 2**22 under certain configurations. We left bit-shift the PID by 20, so that
- // a PID difference of one corresponds to a time difference of 2048 seconds.
- // The important thing here is that now for a seed conflict, they would both have to be on
- // the correct nanosecond offset, and second-based offset, which is much less likely than
- // just a conflict with the correct nanosecond offset.
- return uint64(time.Now().UnixNano() + int64(os.Getpid()<<20))
- }
-
- // Use a fast thread safe LCG for atomic write file names.
- // Returns a string corresponding to a 64 bit int.
- // If it was a negative int, the leading number is a 0.
- func randWriteFileSuffix() string {
- atomicWriteFileRandMu.Lock()
- r := atomicWriteFileRand
- if r == 0 {
- r = writeFileRandReseed()
- }
-
- // Update randomness according to lcg
- r = r*lcgA + lcgC
-
- atomicWriteFileRand = r
- atomicWriteFileRandMu.Unlock()
- // Can have a negative name, replace this in the following
- suffix := strconv.Itoa(int(r))
- if string(suffix[0]) == "-" {
- // Replace first "-" with "0". This is purely for UI clarity,
- // as otherwhise there would be two `-` in a row.
- suffix = strings.Replace(suffix, "-", "0", 1)
- }
- return suffix
- }
-
- // WriteFileAtomic creates a temporary file with data and provided perm and
- // swaps it atomically with filename if successful.
- func WriteFileAtomic(filename string, data []byte, perm os.FileMode) (err error) {
- // This implementation is inspired by the golang stdlibs method of creating
- // tempfiles. Notable differences are that we use different flags, a 64 bit LCG
- // and handle negatives differently.
- // The core reason we can't use golang's TempFile is that we must write
- // to the file synchronously, as we need this to persist to disk.
- // We also open it in write-only mode, to avoid concerns that arise with read.
- var (
- dir = filepath.Dir(filename)
- f *os.File
- )
-
- nconflict := 0
- // Limit the number of attempts to create a file. Something is seriously
- // wrong if it didn't get created after 1000 attempts, and we don't want
- // an infinite loop
- i := 0
- for ; i < atomicWriteFileMaxNumWriteAttempts; i++ {
- name := filepath.Join(dir, atomicWriteFilePrefix+randWriteFileSuffix())
- f, err = os.OpenFile(name, atomicWriteFileFlag, perm)
- // If the file already exists, try a new file
- if os.IsExist(err) {
- // If the files exists too many times, start reseeding as we've
- // likely hit another instances seed.
- if nconflict++; nconflict > atomicWriteFileMaxNumConflicts {
- atomicWriteFileRandMu.Lock()
- atomicWriteFileRand = writeFileRandReseed()
- atomicWriteFileRandMu.Unlock()
- }
- continue
- } else if err != nil {
- return err
- }
- break
- }
- if i == atomicWriteFileMaxNumWriteAttempts {
- return fmt.Errorf("could not create atomic write file after %d attempts", i)
- }
-
- // Clean up in any case. Defer stacking order is last-in-first-out.
- defer os.Remove(f.Name())
- defer f.Close()
-
- if n, err := f.Write(data); err != nil {
- return err
- } else if n < len(data) {
- return io.ErrShortWrite
- }
- // Close the file before renaming it, otherwise it will cause "The process
- // cannot access the file because it is being used by another process." on windows.
- f.Close()
-
- return os.Rename(f.Name(), filename)
- }
|