1
# Copyright (C) 2006, 2007 Canonical Ltd
3
# This program is free software; you can redistribute it and/or modify
4
# it under the terms of the GNU General Public License as published by
5
# the Free Software Foundation; either version 2 of the License, or
6
# (at your option) any later version.
8
# This program is distributed in the hope that it will be useful,
9
# but WITHOUT ANY WARRANTY; without even the implied warranty of
10
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
11
# GNU General Public License for more details.
13
# You should have received a copy of the GNU General Public License
14
# along with this program; if not, write to the Free Software
15
# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
17
"""On-disk mutex protecting a resource
19
bzr on-disk objects are locked by the existence of a directory with a
20
particular name within the control directory. We use this rather than OS
21
internal locks (such as flock etc) because they can be seen across all
22
transports, including http.
24
Objects can be read if there is only physical read access; therefore
25
readers can never be required to create a lock, though they will
26
check whether a writer is using the lock. Writers can't detect
27
whether anyone else is reading from the resource as they write.
28
This works because of ordering constraints that make sure readers
29
see a consistent view of existing data.
31
Waiting for a lock must be done by polling; this can be aborted after
34
Locks must always be explicitly released, typically from a try/finally
35
block -- they are not released from a finalizer or when Python
38
Locks may fail to be released if the process is abruptly terminated
39
(machine stop, SIGKILL) or if a remote transport becomes permanently
40
disconnected. There is therefore a method to break an existing lock.
41
This should rarely be used, and generally only with user approval.
42
Locks contain some information on when the lock was taken and by who
43
which may guide in deciding whether it can safely be broken. (This is
44
similar to the messages displayed by emacs and vim.) Note that if the
45
lock holder is still alive they will get no notification that the lock
46
has been broken and will continue their work -- so it is important to be
47
sure they are actually dead.
49
A lock is represented on disk by a directory of a particular name,
50
containing an information file. Taking a lock is done by renaming a
51
temporary directory into place. We use temporary directories because
52
for all known transports and filesystems we believe that exactly one
53
attempt to claim the lock will succeed and the others will fail. (Files
54
won't do because some filesystems or transports only have
55
rename-and-overwrite, making it hard to tell who won.)
57
The desired characteristics are:
59
* Locks are not reentrant. (That is, a client that tries to take a
60
lock it already holds may deadlock or fail.)
61
* Stale locks can be guessed at by a heuristic
62
* Lost locks can be broken by any client
63
* Failed lock operations leave little or no mess
64
* Deadlocks are avoided by having a timeout always in use, clients
65
desiring indefinite waits can retry or set a silly big timeout.
67
Storage formats use the locks, and also need to consider concurrency
68
issues underneath the lock. A format may choose not to use a lock
69
at all for some operations.
71
LockDirs always operate over a Transport. The transport may be readonly, in
72
which case the lock can be queried but not acquired.
74
Locks are identified by a path name, relative to a base transport.
76
Calling code will typically want to make sure there is exactly one LockDir
77
object per actual lock on disk. This module does nothing to prevent aliasing
78
and deadlocks will likely occur if the locks are aliased.
80
In the future we may add a "freshen" method which can be called
81
by a lock holder to check that their lock has not been broken, and to
82
update the timestamp within it.
86
>>> from bzrlib.transport.memory import MemoryTransport
87
>>> # typically will be obtained from a BzrDir, Branch, etc
88
>>> t = MemoryTransport()
89
>>> l = LockDir(t, 'sample-lock')
92
>>> # do something here
99
from cStringIO import StringIO
106
from bzrlib.errors import (
118
from bzrlib.trace import mutter, note
119
from bzrlib.transport import Transport
120
from bzrlib.osutils import rand_chars, format_delta
121
from bzrlib.rio import read_stanza, Stanza
125
# XXX: At the moment there is no consideration of thread safety on LockDir
126
# objects. This should perhaps be updated - e.g. if two threads try to take a
127
# lock at the same time they should *both* get it. But then that's unlikely
130
# TODO: Perhaps store some kind of note like the bzr command line in the lock
133
# TODO: Some kind of callback run while polling a lock to show progress
136
# TODO: Make sure to pass the right file and directory mode bits to all
137
# files/dirs created.
140
_DEFAULT_TIMEOUT_SECONDS = 300
141
_DEFAULT_POLL_SECONDS = 1.0
144
class LockDir(object):
145
"""Write-lock guarding access to data."""
147
__INFO_NAME = '/info'
149
def __init__(self, transport, path, file_modebits=0644, dir_modebits=0755):
150
"""Create a new LockDir object.
152
The LockDir is initially unlocked - this just creates the object.
154
:param transport: Transport which will contain the lock
156
:param path: Path to the lock within the base directory of the
159
assert isinstance(transport, Transport), \
160
("not a transport: %r" % transport)
161
self.transport = transport
163
self._lock_held = False
164
self._locked_via_token = False
165
self._fake_read_lock = False
166
self._held_dir = path + '/held'
167
self._held_info_path = self._held_dir + self.__INFO_NAME
168
self._file_modebits = file_modebits
169
self._dir_modebits = dir_modebits
171
self._report_function = note
174
return '%s(%s%s)' % (self.__class__.__name__,
178
is_held = property(lambda self: self._lock_held)
180
def create(self, mode=None):
181
"""Create the on-disk lock.
183
This is typically only called when the object/directory containing the
184
directory is first created. The lock is not held when it's created.
186
if self.transport.is_readonly():
187
raise UnlockableTransport(self.transport)
188
self.transport.mkdir(self.path, mode=mode)
190
def attempt_lock(self):
191
"""Take the lock; fail if it's already held.
193
If you wish to block until the lock can be obtained, call wait_lock()
196
if self._fake_read_lock:
197
raise LockContention(self)
198
if self.transport.is_readonly():
199
raise UnlockableTransport(self.transport)
201
self._trace("lock_write...")
202
start_time = time.time()
203
tmpname = '%s/pending.%s.tmp' % (self.path, rand_chars(20))
205
self.transport.mkdir(tmpname)
207
# This may raise a FileExists exception
208
# which is okay, it will be caught later and determined
209
# to be a LockContention.
210
self.create(mode=self._dir_modebits)
212
# After creating the lock directory, try again
213
self.transport.mkdir(tmpname)
215
self.nonce = rand_chars(20)
216
info_bytes = self._prepare_info()
217
# We use put_file_non_atomic because we just created a new unique
218
# directory so we don't have to worry about files existing there.
219
# We'll rename the whole directory into place to get atomic
221
self.transport.put_bytes_non_atomic(tmpname + self.__INFO_NAME,
224
self.transport.rename(tmpname, self._held_dir)
225
self._lock_held = True
227
# FIXME: we should remove the pending lock if we fail,
228
# https://bugs.launchpad.net/bzr/+bug/109169
229
except errors.PermissionDenied:
230
self._trace("... lock failed, permission denied")
232
except (PathError, DirectoryNotEmpty, FileExists, ResourceBusy), e:
233
self._trace("... contention, %s", e)
234
raise LockContention(self)
235
self._trace("... lock succeeded after %dms",
236
(time.time() - start_time) * 1000)
239
"""Release a held lock
241
if self._fake_read_lock:
242
self._fake_read_lock = False
244
if not self._lock_held:
245
raise LockNotHeld(self)
246
if self._locked_via_token:
247
self._locked_via_token = False
248
self._lock_held = False
250
# rename before deleting, because we can't atomically remove the
252
start_time = time.time()
253
self._trace("unlocking")
254
tmpname = '%s/releasing.%s.tmp' % (self.path, rand_chars(20))
255
# gotta own it to unlock
257
self.transport.rename(self._held_dir, tmpname)
258
self._lock_held = False
259
self.transport.delete(tmpname + self.__INFO_NAME)
260
self.transport.rmdir(tmpname)
261
self._trace("... unlock succeeded after %dms",
262
(time.time() - start_time) * 1000)
264
def break_lock(self):
265
"""Break a lock not held by this instance of LockDir.
267
This is a UI centric function: it uses the bzrlib.ui.ui_factory to
268
prompt for input if a lock is detected and there is any doubt about
269
it possibly being still active.
271
self._check_not_locked()
272
holder_info = self.peek()
273
if holder_info is not None:
274
lock_info = '\n'.join(self._format_lock_info(holder_info))
275
if bzrlib.ui.ui_factory.get_boolean("Break %s" % lock_info):
276
self.force_break(holder_info)
278
def force_break(self, dead_holder_info):
279
"""Release a lock held by another process.
281
WARNING: This should only be used when the other process is dead; if
282
it still thinks it has the lock there will be two concurrent writers.
283
In general the user's approval should be sought for lock breaks.
285
dead_holder_info must be the result of a previous LockDir.peek() call;
286
this is used to check that it's still held by the same process that
287
the user decided was dead. If this is not the current holder,
288
LockBreakMismatch is raised.
290
After the lock is broken it will not be held by any process.
291
It is possible that another process may sneak in and take the
292
lock before the breaking process acquires it.
294
if not isinstance(dead_holder_info, dict):
295
raise ValueError("dead_holder_info: %r" % dead_holder_info)
296
self._check_not_locked()
297
current_info = self.peek()
298
if current_info is None:
299
# must have been recently released
301
if current_info != dead_holder_info:
302
raise LockBreakMismatch(self, current_info, dead_holder_info)
303
tmpname = '%s/broken.%s.tmp' % (self.path, rand_chars(20))
304
self.transport.rename(self._held_dir, tmpname)
305
# check that we actually broke the right lock, not someone else;
306
# there's a small race window between checking it and doing the
308
broken_info_path = tmpname + self.__INFO_NAME
309
broken_info = self._read_info_file(broken_info_path)
310
if broken_info != dead_holder_info:
311
raise LockBreakMismatch(self, broken_info, dead_holder_info)
312
self.transport.delete(broken_info_path)
313
self.transport.rmdir(tmpname)
315
def _check_not_locked(self):
316
"""If the lock is held by this instance, raise an error."""
318
raise AssertionError("can't break own lock: %r" % self)
321
"""Make sure that the lock is still held by this locker.
323
This should only fail if the lock was broken by user intervention,
324
or if the lock has been affected by a bug.
326
If the lock is not thought to be held, raises LockNotHeld. If
327
the lock is thought to be held but has been broken, raises
330
if not self._lock_held:
331
raise LockNotHeld(self)
334
# no lock there anymore!
335
raise LockBroken(self)
336
if info.get('nonce') != self.nonce:
337
# there is a lock, but not ours
338
raise LockBroken(self)
340
def _read_info_file(self, path):
341
"""Read one given info file.
343
peek() reads the info file of the lock holder, if any.
345
return self._parse_info(self.transport.get(path))
348
"""Check if the lock is held by anyone.
350
If it is held, this returns the lock info structure as a rio Stanza,
351
which contains some information about the current lock holder.
352
Otherwise returns None.
355
info = self._read_info_file(self._held_info_path)
356
self._trace("peek -> held")
357
assert isinstance(info, dict), \
358
"bad parse result %r" % info
360
except NoSuchFile, e:
361
self._trace("peek -> not held")
363
def _prepare_info(self):
364
"""Write information about a pending lock to a temporary file.
367
# XXX: is creating this here inefficient?
368
config = bzrlib.config.GlobalConfig()
370
user = config.user_email()
371
except errors.NoEmailInUsername:
372
user = config.username()
373
s = Stanza(hostname=socket.gethostname(),
374
pid=str(os.getpid()),
375
start_time=str(int(time.time())),
381
def _parse_info(self, info_file):
382
return read_stanza(info_file.readlines()).as_dict()
384
def wait_lock(self, timeout=None, poll=None):
385
"""Wait a certain period for a lock.
387
If the lock can be acquired within the bounded time, it
388
is taken and this returns. Otherwise, LockContention
389
is raised. Either way, this function should return within
390
approximately `timeout` seconds. (It may be a bit more if
391
a transport operation takes a long time to complete.)
394
timeout = _DEFAULT_TIMEOUT_SECONDS
396
poll = _DEFAULT_POLL_SECONDS
398
# XXX: the transport interface doesn't let us guard
399
# against operations there taking a long time.
400
deadline = time.time() + timeout
407
except LockContention:
409
new_info = self.peek()
410
self._trace('last_info: %s, new info: %s', last_info, new_info)
411
if new_info is not None and new_info != last_info:
412
if last_info is None:
413
start = 'Unable to obtain'
415
start = 'Lock owner changed for'
417
formatted_info = self._format_lock_info(new_info)
418
if deadline_str is None:
419
deadline_str = time.strftime('%H:%M:%S',
420
time.localtime(deadline))
421
self._report_function('%s %s\n'
423
'%s\n' # locked ... ago
424
'Will continue to try until %s\n',
431
if time.time() + poll < deadline:
434
raise LockContention(self)
436
def leave_in_place(self):
437
self._locked_via_token = True
439
def dont_leave_in_place(self):
440
self._locked_via_token = False
442
def lock_write(self, token=None):
443
"""Wait for and acquire the lock.
445
:param token: if this is already locked, then lock_write will fail
446
unless the token matches the existing lock.
447
:returns: a token if this instance supports tokens, otherwise None.
448
:raises TokenLockingNotSupported: when a token is given but this
449
instance doesn't support using token locks.
450
:raises MismatchedToken: if the specified token doesn't match the token
451
of the existing lock.
453
A token should be passed in if you know that you have locked the object
454
some other way, and need to synchronise this object's state with that
457
XXX: docstring duplicated from LockableFiles.lock_write.
459
if token is not None:
460
self.validate_token(token)
462
self._lock_held = True
463
self._locked_via_token = True
467
return self.peek().get('nonce')
470
"""Compatibility-mode shared lock.
472
LockDir doesn't support shared read-only locks, so this
473
just pretends that the lock is taken but really does nothing.
475
# At the moment Branches are commonly locked for read, but
476
# we can't rely on that remotely. Once this is cleaned up,
477
# reenable this warning to prevent it coming back in
479
## warn("LockDir.lock_read falls back to write lock")
480
if self._lock_held or self._fake_read_lock:
481
raise LockContention(self)
482
self._fake_read_lock = True
484
def wait(self, timeout=20, poll=0.5):
485
"""Wait a certain period for a lock to be released."""
486
# XXX: the transport interface doesn't let us guard
487
# against operations there taking a long time.
488
deadline = time.time() + timeout
492
if time.time() + poll < deadline:
493
self._trace("Waiting %ss", poll)
496
self._trace("Timeout after waiting %ss", timeout)
497
raise LockContention(self)
499
def _format_lock_info(self, info):
500
"""Turn the contents of peek() into something for the user"""
501
lock_url = self.transport.abspath(self.path)
502
delta = time.time() - int(info['start_time'])
504
'lock %s' % (lock_url,),
505
'held by %(user)s on host %(hostname)s [process #%(pid)s]' % info,
506
'locked %s' % (format_delta(delta),),
509
def validate_token(self, token):
510
if token is not None:
516
lock_token = info.get('nonce')
517
if token != lock_token:
518
raise errors.TokenMismatch(token, lock_token)
520
self._trace("Revalidated by token %r", token)
522
def _trace(self, format, *args):
523
if 'lock' not in debug.debug_flags:
525
mutter(str(self) + ": " + (format % args))
added
removed
bzrlib/lockdir.py
