1
# Copyright (C) 2006, 2007, 2008 Canonical Ltd
3
# This program is free software; you can redistribute it and/or modify
4
# it under the terms of the GNU General Public License as published by
5
# the Free Software Foundation; either version 2 of the License, or
6
# (at your option) any later version.
8
# This program is distributed in the hope that it will be useful,
9
# but WITHOUT ANY WARRANTY; without even the implied warranty of
10
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
11
# GNU General Public License for more details.
13
# You should have received a copy of the GNU General Public License
14
# along with this program; if not, write to the Free Software
15
# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
17
"""On-disk mutex protecting a resource
19
bzr on-disk objects are locked by the existence of a directory with a
20
particular name within the control directory. We use this rather than OS
21
internal locks (such as flock etc) because they can be seen across all
22
transports, including http.
24
Objects can be read if there is only physical read access; therefore
25
readers can never be required to create a lock, though they will
26
check whether a writer is using the lock. Writers can't detect
27
whether anyone else is reading from the resource as they write.
28
This works because of ordering constraints that make sure readers
29
see a consistent view of existing data.
31
Waiting for a lock must be done by polling; this can be aborted after
34
Locks must always be explicitly released, typically from a try/finally
35
block -- they are not released from a finalizer or when Python
38
Locks may fail to be released if the process is abruptly terminated
39
(machine stop, SIGKILL) or if a remote transport becomes permanently
40
disconnected. There is therefore a method to break an existing lock.
41
This should rarely be used, and generally only with user approval.
42
Locks contain some information on when the lock was taken and by who
43
which may guide in deciding whether it can safely be broken. (This is
44
similar to the messages displayed by emacs and vim.) Note that if the
45
lock holder is still alive they will get no notification that the lock
46
has been broken and will continue their work -- so it is important to be
47
sure they are actually dead.
49
A lock is represented on disk by a directory of a particular name,
50
containing an information file. Taking a lock is done by renaming a
51
temporary directory into place. We use temporary directories because
52
for all known transports and filesystems we believe that exactly one
53
attempt to claim the lock will succeed and the others will fail. (Files
54
won't do because some filesystems or transports only have
55
rename-and-overwrite, making it hard to tell who won.)
57
The desired characteristics are:
59
* Locks are not reentrant. (That is, a client that tries to take a
60
lock it already holds may deadlock or fail.)
61
* Stale locks can be guessed at by a heuristic
62
* Lost locks can be broken by any client
63
* Failed lock operations leave little or no mess
64
* Deadlocks are avoided by having a timeout always in use, clients
65
desiring indefinite waits can retry or set a silly big timeout.
67
Storage formats use the locks, and also need to consider concurrency
68
issues underneath the lock. A format may choose not to use a lock
69
at all for some operations.
71
LockDirs always operate over a Transport. The transport may be readonly, in
72
which case the lock can be queried but not acquired.
74
Locks are identified by a path name, relative to a base transport.
76
Calling code will typically want to make sure there is exactly one LockDir
77
object per actual lock on disk. This module does nothing to prevent aliasing
78
and deadlocks will likely occur if the locks are aliased.
80
In the future we may add a "freshen" method which can be called
81
by a lock holder to check that their lock has not been broken, and to
82
update the timestamp within it.
86
>>> from bzrlib.transport.memory import MemoryTransport
87
>>> # typically will be obtained from a BzrDir, Branch, etc
88
>>> t = MemoryTransport()
89
>>> l = LockDir(t, 'sample-lock')
91
>>> token = l.wait_lock()
92
>>> # do something here
98
# TODO: We sometimes have the problem that our attempt to rename '1234' to
99
# 'held' fails because the transport server moves into an existing directory,
100
# rather than failing the rename. If we made the info file name the same as
101
# the locked directory name we would avoid this problem because moving into
102
# the held directory would implicitly clash. However this would not mesh with
103
# the existing locking code and needs a new format of the containing object.
104
# -- robertc, mbp 20070628
115
from bzrlib.errors import (
128
from bzrlib.trace import mutter, note
129
from bzrlib.osutils import format_delta, rand_chars, get_host_name
132
from bzrlib.lazy_import import lazy_import
133
lazy_import(globals(), """
134
from bzrlib import rio
137
# XXX: At the moment there is no consideration of thread safety on LockDir
138
# objects. This should perhaps be updated - e.g. if two threads try to take a
139
# lock at the same time they should *both* get it. But then that's unlikely
142
# TODO: Perhaps store some kind of note like the bzr command line in the lock
145
# TODO: Some kind of callback run while polling a lock to show progress
148
# TODO: Make sure to pass the right file and directory mode bits to all
149
# files/dirs created.
152
_DEFAULT_TIMEOUT_SECONDS = 300
153
_DEFAULT_POLL_SECONDS = 1.0
156
class LockDir(lock.Lock):
157
"""Write-lock guarding access to data.
160
__INFO_NAME = '/info'
162
def __init__(self, transport, path, file_modebits=0644, dir_modebits=0755):
163
"""Create a new LockDir object.
165
The LockDir is initially unlocked - this just creates the object.
167
:param transport: Transport which will contain the lock
169
:param path: Path to the lock within the base directory of the
172
self.transport = transport
174
self._lock_held = False
175
self._locked_via_token = False
176
self._fake_read_lock = False
177
self._held_dir = path + '/held'
178
self._held_info_path = self._held_dir + self.__INFO_NAME
179
self._file_modebits = file_modebits
180
self._dir_modebits = dir_modebits
182
self._report_function = note
186
url = self.transport.external_url()
187
except errors.InProcessTransport:
188
url = self.transport.base
192
return '%s(%s%s)' % (self.__class__.__name__,
193
self._url(), self.path)
195
is_held = property(lambda self: self._lock_held)
197
def create(self, mode=None):
198
"""Create the on-disk lock.
200
This is typically only called when the object/directory containing the
201
directory is first created. The lock is not held when it's created.
203
self._trace("create lock directory")
205
self.transport.mkdir(self.path, mode=mode)
206
except (TransportError, PathError), e:
207
raise LockFailed(self, e)
210
def _attempt_lock(self):
211
"""Make the pending directory and attempt to rename into place.
213
If the rename succeeds, we read back the info file to check that we
216
If we fail to acquire the lock, this method is responsible for
217
cleaning up the pending directory if possible. (But it doesn't do
220
:returns: The nonce of the lock, if it was successfully acquired.
222
:raises LockContention: If the lock is held by someone else. The exception
223
contains the info of the current holder of the lock.
225
self._trace("lock_write...")
226
start_time = time.time()
228
tmpname = self._create_pending_dir()
229
except (errors.TransportError, PathError), e:
230
self._trace("... failed to create pending dir, %s", e)
231
raise LockFailed(self, e)
233
self.transport.rename(tmpname, self._held_dir)
234
except (errors.TransportError, PathError, DirectoryNotEmpty,
235
FileExists, ResourceBusy), e:
236
self._trace("... contention, %s", e)
237
self._remove_pending_dir(tmpname)
238
raise LockContention(self)
240
self._trace("... lock failed, %s", e)
241
self._remove_pending_dir(tmpname)
243
# We must check we really got the lock, because Launchpad's sftp
244
# server at one time had a bug were the rename would successfully
245
# move the new directory into the existing directory, which was
246
# incorrect. It's possible some other servers or filesystems will
247
# have a similar bug allowing someone to think they got the lock
248
# when it's already held.
250
self._trace("after locking, info=%r", info)
251
if info['nonce'] != self.nonce:
252
self._trace("rename succeeded, "
253
"but lock is still held by someone else")
254
raise LockContention(self)
255
self._lock_held = True
256
self._trace("... lock succeeded after %dms",
257
(time.time() - start_time) * 1000)
260
def _remove_pending_dir(self, tmpname):
261
"""Remove the pending directory
263
This is called if we failed to rename into place, so that the pending
264
dirs don't clutter up the lockdir.
266
self._trace("remove %s", tmpname)
268
self.transport.delete(tmpname + self.__INFO_NAME)
269
self.transport.rmdir(tmpname)
271
note("error removing pending lock: %s", e)
273
def _create_pending_dir(self):
274
tmpname = '%s/%s.tmp' % (self.path, rand_chars(10))
276
self.transport.mkdir(tmpname)
278
# This may raise a FileExists exception
279
# which is okay, it will be caught later and determined
280
# to be a LockContention.
281
self._trace("lock directory does not exist, creating it")
282
self.create(mode=self._dir_modebits)
283
# After creating the lock directory, try again
284
self.transport.mkdir(tmpname)
285
self.nonce = rand_chars(20)
286
info_bytes = self._prepare_info()
287
# We use put_file_non_atomic because we just created a new unique
288
# directory so we don't have to worry about files existing there.
289
# We'll rename the whole directory into place to get atomic
291
self.transport.put_bytes_non_atomic(tmpname + self.__INFO_NAME,
296
"""Release a held lock
298
if self._fake_read_lock:
299
self._fake_read_lock = False
301
if not self._lock_held:
302
raise LockNotHeld(self)
303
if self._locked_via_token:
304
self._locked_via_token = False
305
self._lock_held = False
307
old_nonce = self.nonce
308
# rename before deleting, because we can't atomically remove the
310
start_time = time.time()
311
self._trace("unlocking")
312
tmpname = '%s/releasing.%s.tmp' % (self.path, rand_chars(20))
313
# gotta own it to unlock
315
self.transport.rename(self._held_dir, tmpname)
316
self._lock_held = False
317
self.transport.delete(tmpname + self.__INFO_NAME)
319
self.transport.rmdir(tmpname)
320
except DirectoryNotEmpty, e:
321
# There might have been junk left over by a rename that moved
322
# another locker within the 'held' directory. do a slower
323
# deletion where we list the directory and remove everything
326
# Maybe this should be broader to allow for ftp servers with
327
# non-specific error messages?
328
self._trace("doing recursive deletion of non-empty directory "
330
self.transport.delete_tree(tmpname)
331
self._trace("... unlock succeeded after %dms",
332
(time.time() - start_time) * 1000)
333
result = lock.LockResult(self.transport.abspath(self.path),
335
for hook in self.hooks['lock_released']:
338
def break_lock(self):
339
"""Break a lock not held by this instance of LockDir.
341
This is a UI centric function: it uses the bzrlib.ui.ui_factory to
342
prompt for input if a lock is detected and there is any doubt about
343
it possibly being still active.
345
self._check_not_locked()
346
holder_info = self.peek()
347
if holder_info is not None:
348
lock_info = '\n'.join(self._format_lock_info(holder_info))
349
if bzrlib.ui.ui_factory.get_boolean("Break %s" % lock_info):
350
self.force_break(holder_info)
352
def force_break(self, dead_holder_info):
353
"""Release a lock held by another process.
355
WARNING: This should only be used when the other process is dead; if
356
it still thinks it has the lock there will be two concurrent writers.
357
In general the user's approval should be sought for lock breaks.
359
dead_holder_info must be the result of a previous LockDir.peek() call;
360
this is used to check that it's still held by the same process that
361
the user decided was dead. If this is not the current holder,
362
LockBreakMismatch is raised.
364
After the lock is broken it will not be held by any process.
365
It is possible that another process may sneak in and take the
366
lock before the breaking process acquires it.
368
if not isinstance(dead_holder_info, dict):
369
raise ValueError("dead_holder_info: %r" % dead_holder_info)
370
self._check_not_locked()
371
current_info = self.peek()
372
if current_info is None:
373
# must have been recently released
375
if current_info != dead_holder_info:
376
raise LockBreakMismatch(self, current_info, dead_holder_info)
377
tmpname = '%s/broken.%s.tmp' % (self.path, rand_chars(20))
378
self.transport.rename(self._held_dir, tmpname)
379
# check that we actually broke the right lock, not someone else;
380
# there's a small race window between checking it and doing the
382
broken_info_path = tmpname + self.__INFO_NAME
383
broken_info = self._read_info_file(broken_info_path)
384
if broken_info != dead_holder_info:
385
raise LockBreakMismatch(self, broken_info, dead_holder_info)
386
self.transport.delete(broken_info_path)
387
self.transport.rmdir(tmpname)
388
result = lock.LockResult(self.transport.abspath(self.path),
389
current_info.get('nonce'))
390
for hook in self.hooks['lock_broken']:
393
def _check_not_locked(self):
394
"""If the lock is held by this instance, raise an error."""
396
raise AssertionError("can't break own lock: %r" % self)
399
"""Make sure that the lock is still held by this locker.
401
This should only fail if the lock was broken by user intervention,
402
or if the lock has been affected by a bug.
404
If the lock is not thought to be held, raises LockNotHeld. If
405
the lock is thought to be held but has been broken, raises
408
if not self._lock_held:
409
raise LockNotHeld(self)
412
# no lock there anymore!
413
raise LockBroken(self)
414
if info.get('nonce') != self.nonce:
415
# there is a lock, but not ours
416
raise LockBroken(self)
418
def _read_info_file(self, path):
419
"""Read one given info file.
421
peek() reads the info file of the lock holder, if any.
423
return self._parse_info(self.transport.get(path))
426
"""Check if the lock is held by anyone.
428
If it is held, this returns the lock info structure as a rio Stanza,
429
which contains some information about the current lock holder.
430
Otherwise returns None.
433
info = self._read_info_file(self._held_info_path)
434
self._trace("peek -> held")
436
except NoSuchFile, e:
437
self._trace("peek -> not held")
439
def _prepare_info(self):
440
"""Write information about a pending lock to a temporary file.
442
# XXX: is creating this here inefficient?
443
config = bzrlib.config.GlobalConfig()
445
user = config.user_email()
446
except errors.NoEmailInUsername:
447
user = config.username()
448
s = rio.Stanza(hostname=get_host_name(),
449
pid=str(os.getpid()),
450
start_time=str(int(time.time())),
456
def _parse_info(self, info_file):
457
return rio.read_stanza(info_file.readlines()).as_dict()
459
def attempt_lock(self):
460
"""Take the lock; fail if it's already held.
462
If you wish to block until the lock can be obtained, call wait_lock()
465
:return: The lock token.
466
:raises LockContention: if the lock is held by someone else.
468
if self._fake_read_lock:
469
raise LockContention(self)
470
result = self._attempt_lock()
471
hook_result = lock.LockResult(self.transport.abspath(self.path),
473
for hook in self.hooks['lock_acquired']:
477
def wait_lock(self, timeout=None, poll=None, max_attempts=None):
478
"""Wait a certain period for a lock.
480
If the lock can be acquired within the bounded time, it
481
is taken and this returns. Otherwise, LockContention
482
is raised. Either way, this function should return within
483
approximately `timeout` seconds. (It may be a bit more if
484
a transport operation takes a long time to complete.)
486
:param timeout: Approximate maximum amount of time to wait for the
489
:param poll: Delay in seconds between retrying the lock.
491
:param max_attempts: Maximum number of times to try to lock.
493
:return: The lock token.
496
timeout = _DEFAULT_TIMEOUT_SECONDS
498
poll = _DEFAULT_POLL_SECONDS
499
# XXX: the transport interface doesn't let us guard against operations
500
# there taking a long time, so the total elapsed time or poll interval
501
# may be more than was requested.
502
deadline = time.time() + timeout
509
return self.attempt_lock()
510
except LockContention:
511
# possibly report the blockage, then try again
513
# TODO: In a few cases, we find out that there's contention by
514
# reading the held info and observing that it's not ours. In
515
# those cases it's a bit redundant to read it again. However,
516
# the normal case (??) is that the rename fails and so we
517
# don't know who holds the lock. For simplicity we peek
519
new_info = self.peek()
520
if new_info is not None and new_info != last_info:
521
if last_info is None:
522
start = 'Unable to obtain'
524
start = 'Lock owner changed for'
526
formatted_info = self._format_lock_info(new_info)
527
if deadline_str is None:
528
deadline_str = time.strftime('%H:%M:%S',
529
time.localtime(deadline))
530
lock_url = self._url()
531
self._report_function('%s %s\n'
533
'%s\n' # locked ... ago
534
'Will continue to try until %s, unless '
536
'If you\'re sure that it\'s not being '
537
'modified, use bzr break-lock %s',
545
if (max_attempts is not None) and (attempt_count >= max_attempts):
546
self._trace("exceeded %d attempts")
547
raise LockContention(self)
548
if time.time() + poll < deadline:
549
self._trace("waiting %ss", poll)
552
self._trace("timeout after waiting %ss", timeout)
553
raise LockContention(self)
555
def leave_in_place(self):
556
self._locked_via_token = True
558
def dont_leave_in_place(self):
559
self._locked_via_token = False
561
def lock_write(self, token=None):
562
"""Wait for and acquire the lock.
564
:param token: if this is already locked, then lock_write will fail
565
unless the token matches the existing lock.
566
:returns: a token if this instance supports tokens, otherwise None.
567
:raises TokenLockingNotSupported: when a token is given but this
568
instance doesn't support using token locks.
569
:raises MismatchedToken: if the specified token doesn't match the token
570
of the existing lock.
572
A token should be passed in if you know that you have locked the object
573
some other way, and need to synchronise this object's state with that
576
XXX: docstring duplicated from LockableFiles.lock_write.
578
if token is not None:
579
self.validate_token(token)
581
self._lock_held = True
582
self._locked_via_token = True
585
return self.wait_lock()
588
"""Compatibility-mode shared lock.
590
LockDir doesn't support shared read-only locks, so this
591
just pretends that the lock is taken but really does nothing.
593
# At the moment Branches are commonly locked for read, but
594
# we can't rely on that remotely. Once this is cleaned up,
595
# reenable this warning to prevent it coming back in
597
## warn("LockDir.lock_read falls back to write lock")
598
if self._lock_held or self._fake_read_lock:
599
raise LockContention(self)
600
self._fake_read_lock = True
602
def _format_lock_info(self, info):
603
"""Turn the contents of peek() into something for the user"""
604
lock_url = self.transport.abspath(self.path)
605
delta = time.time() - int(info['start_time'])
607
'lock %s' % (lock_url,),
608
'held by %(user)s on host %(hostname)s [process #%(pid)s]' % info,
609
'locked %s' % (format_delta(delta),),
612
def validate_token(self, token):
613
if token is not None:
619
lock_token = info.get('nonce')
620
if token != lock_token:
621
raise errors.TokenMismatch(token, lock_token)
623
self._trace("revalidated by token %r", token)
625
def _trace(self, format, *args):
626
if 'lock' not in debug.debug_flags:
628
mutter(str(self) + ": " + (format % args))
added
removed
bzrlib/lockdir.py
