1
# Copyright (C) 2006, 2007 Canonical Ltd
3
# This program is free software; you can redistribute it and/or modify
4
# it under the terms of the GNU General Public License as published by
5
# the Free Software Foundation; either version 2 of the License, or
6
# (at your option) any later version.
8
# This program is distributed in the hope that it will be useful,
9
# but WITHOUT ANY WARRANTY; without even the implied warranty of
10
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
11
# GNU General Public License for more details.
13
# You should have received a copy of the GNU General Public License
14
# along with this program; if not, write to the Free Software
15
# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
17
"""On-disk mutex protecting a resource
19
bzr on-disk objects are locked by the existence of a directory with a
20
particular name within the control directory. We use this rather than OS
21
internal locks (such as flock etc) because they can be seen across all
22
transports, including http.
24
Objects can be read if there is only physical read access; therefore
25
readers can never be required to create a lock, though they will
26
check whether a writer is using the lock. Writers can't detect
27
whether anyone else is reading from the resource as they write.
28
This works because of ordering constraints that make sure readers
29
see a consistent view of existing data.
31
Waiting for a lock must be done by polling; this can be aborted after
34
Locks must always be explicitly released, typically from a try/finally
35
block -- they are not released from a finalizer or when Python
38
Locks may fail to be released if the process is abruptly terminated
39
(machine stop, SIGKILL) or if a remote transport becomes permanently
40
disconnected. There is therefore a method to break an existing lock.
41
This should rarely be used, and generally only with user approval.
42
Locks contain some information on when the lock was taken and by who
43
which may guide in deciding whether it can safely be broken. (This is
44
similar to the messages displayed by emacs and vim.) Note that if the
45
lock holder is still alive they will get no notification that the lock
46
has been broken and will continue their work -- so it is important to be
47
sure they are actually dead.
49
A lock is represented on disk by a directory of a particular name,
50
containing an information file. Taking a lock is done by renaming a
51
temporary directory into place. We use temporary directories because
52
for all known transports and filesystems we believe that exactly one
53
attempt to claim the lock will succeed and the others will fail. (Files
54
won't do because some filesystems or transports only have
55
rename-and-overwrite, making it hard to tell who won.)
57
The desired characteristics are:
59
* Locks are not reentrant. (That is, a client that tries to take a
60
lock it already holds may deadlock or fail.)
61
* Stale locks can be guessed at by a heuristic
62
* Lost locks can be broken by any client
63
* Failed lock operations leave little or no mess
64
* Deadlocks are avoided by having a timeout always in use, clients
65
desiring indefinite waits can retry or set a silly big timeout.
67
Storage formats use the locks, and also need to consider concurrency
68
issues underneath the lock. A format may choose not to use a lock
69
at all for some operations.
71
LockDirs always operate over a Transport. The transport may be readonly, in
72
which case the lock can be queried but not acquired.
74
Locks are identified by a path name, relative to a base transport.
76
Calling code will typically want to make sure there is exactly one LockDir
77
object per actual lock on disk. This module does nothing to prevent aliasing
78
and deadlocks will likely occur if the locks are aliased.
80
In the future we may add a "freshen" method which can be called
81
by a lock holder to check that their lock has not been broken, and to
82
update the timestamp within it.
86
>>> from bzrlib.transport.memory import MemoryTransport
87
>>> # typically will be obtained from a BzrDir, Branch, etc
88
>>> t = MemoryTransport()
89
>>> l = LockDir(t, 'sample-lock')
92
>>> # do something here
99
from cStringIO import StringIO
106
from bzrlib.errors import (
118
from bzrlib.trace import mutter, note
119
from bzrlib.transport import Transport
120
from bzrlib.osutils import rand_chars, format_delta
121
from bzrlib.rio import read_stanza, Stanza
125
# XXX: At the moment there is no consideration of thread safety on LockDir
126
# objects. This should perhaps be updated - e.g. if two threads try to take a
127
# lock at the same time they should *both* get it. But then that's unlikely
130
# TODO: Perhaps store some kind of note like the bzr command line in the lock
133
# TODO: Some kind of callback run while polling a lock to show progress
136
# TODO: Make sure to pass the right file and directory mode bits to all
137
# files/dirs created.
140
_DEFAULT_TIMEOUT_SECONDS = 300
141
_DEFAULT_POLL_SECONDS = 1.0
144
class LockDir(object):
145
"""Write-lock guarding access to data."""
147
__INFO_NAME = '/info'
149
def __init__(self, transport, path, file_modebits=0644, dir_modebits=0755):
150
"""Create a new LockDir object.
152
The LockDir is initially unlocked - this just creates the object.
154
:param transport: Transport which will contain the lock
156
:param path: Path to the lock within the base directory of the
159
assert isinstance(transport, Transport), \
160
("not a transport: %r" % transport)
161
self.transport = transport
163
self._lock_held = False
164
self._locked_via_token = False
165
self._fake_read_lock = False
166
self._held_dir = path + '/held'
167
self._held_info_path = self._held_dir + self.__INFO_NAME
168
self._file_modebits = file_modebits
169
self._dir_modebits = dir_modebits
171
self._report_function = note
174
return '%s(%s%s)' % (self.__class__.__name__,
178
is_held = property(lambda self: self._lock_held)
180
def create(self, mode=None):
181
"""Create the on-disk lock.
183
This is typically only called when the object/directory containing the
184
directory is first created. The lock is not held when it's created.
186
if self.transport.is_readonly():
187
raise UnlockableTransport(self.transport)
188
self.transport.mkdir(self.path, mode=mode)
190
def attempt_lock(self):
191
"""Take the lock; fail if it's already held.
193
If you wish to block until the lock can be obtained, call wait_lock()
196
:return: The lock token.
198
if self._fake_read_lock:
199
raise LockContention(self)
200
if self.transport.is_readonly():
201
raise UnlockableTransport(self.transport)
203
self._trace("lock_write...")
204
start_time = time.time()
205
tmpname = '%s/pending.%s.tmp' % (self.path, rand_chars(20))
207
self.transport.mkdir(tmpname)
209
# This may raise a FileExists exception
210
# which is okay, it will be caught later and determined
211
# to be a LockContention.
212
self.create(mode=self._dir_modebits)
214
# After creating the lock directory, try again
215
self.transport.mkdir(tmpname)
217
self.nonce = rand_chars(20)
218
info_bytes = self._prepare_info()
219
# We use put_file_non_atomic because we just created a new unique
220
# directory so we don't have to worry about files existing there.
221
# We'll rename the whole directory into place to get atomic
223
self.transport.put_bytes_non_atomic(tmpname + self.__INFO_NAME,
226
self.transport.rename(tmpname, self._held_dir)
227
self._lock_held = True
228
# we used to do self.confirm() at this point, but it's really
229
# unnecessary, we have no substantial chance of having it broken
230
# just as it's acquired, and we believe that this lock design is
231
# safe on all platforms.
232
# FIXME: we should remove the pending lock if we fail,
233
# https://bugs.launchpad.net/bzr/+bug/109169
234
except errors.PermissionDenied:
235
self._trace("... lock failed, permission denied")
237
except (PathError, DirectoryNotEmpty, FileExists, ResourceBusy), e:
238
self._trace("... contention, %s", e)
239
raise LockContention(self)
240
self._trace("... lock succeeded after %dms",
241
(time.time() - start_time) * 1000)
245
"""Release a held lock
247
if self._fake_read_lock:
248
self._fake_read_lock = False
250
if not self._lock_held:
251
raise LockNotHeld(self)
252
if self._locked_via_token:
253
self._locked_via_token = False
254
self._lock_held = False
256
# rename before deleting, because we can't atomically remove the
258
start_time = time.time()
259
self._trace("unlocking")
260
tmpname = '%s/releasing.%s.tmp' % (self.path, rand_chars(20))
261
# gotta own it to unlock
263
self.transport.rename(self._held_dir, tmpname)
264
self._lock_held = False
265
self.transport.delete(tmpname + self.__INFO_NAME)
266
self.transport.rmdir(tmpname)
267
self._trace("... unlock succeeded after %dms",
268
(time.time() - start_time) * 1000)
270
def break_lock(self):
271
"""Break a lock not held by this instance of LockDir.
273
This is a UI centric function: it uses the bzrlib.ui.ui_factory to
274
prompt for input if a lock is detected and there is any doubt about
275
it possibly being still active.
277
self._check_not_locked()
278
holder_info = self.peek()
279
if holder_info is not None:
280
lock_info = '\n'.join(self._format_lock_info(holder_info))
281
if bzrlib.ui.ui_factory.get_boolean("Break %s" % lock_info):
282
self.force_break(holder_info)
284
def force_break(self, dead_holder_info):
285
"""Release a lock held by another process.
287
WARNING: This should only be used when the other process is dead; if
288
it still thinks it has the lock there will be two concurrent writers.
289
In general the user's approval should be sought for lock breaks.
291
dead_holder_info must be the result of a previous LockDir.peek() call;
292
this is used to check that it's still held by the same process that
293
the user decided was dead. If this is not the current holder,
294
LockBreakMismatch is raised.
296
After the lock is broken it will not be held by any process.
297
It is possible that another process may sneak in and take the
298
lock before the breaking process acquires it.
300
if not isinstance(dead_holder_info, dict):
301
raise ValueError("dead_holder_info: %r" % dead_holder_info)
302
self._check_not_locked()
303
current_info = self.peek()
304
if current_info is None:
305
# must have been recently released
307
if current_info != dead_holder_info:
308
raise LockBreakMismatch(self, current_info, dead_holder_info)
309
tmpname = '%s/broken.%s.tmp' % (self.path, rand_chars(20))
310
self.transport.rename(self._held_dir, tmpname)
311
# check that we actually broke the right lock, not someone else;
312
# there's a small race window between checking it and doing the
314
broken_info_path = tmpname + self.__INFO_NAME
315
broken_info = self._read_info_file(broken_info_path)
316
if broken_info != dead_holder_info:
317
raise LockBreakMismatch(self, broken_info, dead_holder_info)
318
self.transport.delete(broken_info_path)
319
self.transport.rmdir(tmpname)
321
def _check_not_locked(self):
322
"""If the lock is held by this instance, raise an error."""
324
raise AssertionError("can't break own lock: %r" % self)
327
"""Make sure that the lock is still held by this locker.
329
This should only fail if the lock was broken by user intervention,
330
or if the lock has been affected by a bug.
332
If the lock is not thought to be held, raises LockNotHeld. If
333
the lock is thought to be held but has been broken, raises
336
if not self._lock_held:
337
raise LockNotHeld(self)
340
# no lock there anymore!
341
raise LockBroken(self)
342
if info.get('nonce') != self.nonce:
343
# there is a lock, but not ours
344
raise LockBroken(self)
346
def _read_info_file(self, path):
347
"""Read one given info file.
349
peek() reads the info file of the lock holder, if any.
351
return self._parse_info(self.transport.get(path))
354
"""Check if the lock is held by anyone.
356
If it is held, this returns the lock info structure as a rio Stanza,
357
which contains some information about the current lock holder.
358
Otherwise returns None.
361
info = self._read_info_file(self._held_info_path)
362
self._trace("peek -> held")
363
assert isinstance(info, dict), \
364
"bad parse result %r" % info
366
except NoSuchFile, e:
367
self._trace("peek -> not held")
369
def _prepare_info(self):
370
"""Write information about a pending lock to a temporary file.
373
# XXX: is creating this here inefficient?
374
config = bzrlib.config.GlobalConfig()
376
user = config.user_email()
377
except errors.NoEmailInUsername:
378
user = config.username()
379
s = Stanza(hostname=socket.gethostname(),
380
pid=str(os.getpid()),
381
start_time=str(int(time.time())),
387
def _parse_info(self, info_file):
388
return read_stanza(info_file.readlines()).as_dict()
390
def wait_lock(self, timeout=None, poll=None):
391
"""Wait a certain period for a lock.
393
If the lock can be acquired within the bounded time, it
394
is taken and this returns. Otherwise, LockContention
395
is raised. Either way, this function should return within
396
approximately `timeout` seconds. (It may be a bit more if
397
a transport operation takes a long time to complete.)
399
:return: The lock token.
402
timeout = _DEFAULT_TIMEOUT_SECONDS
404
poll = _DEFAULT_POLL_SECONDS
406
# XXX: the transport interface doesn't let us guard
407
# against operations there taking a long time.
408
deadline = time.time() + timeout
413
return self.attempt_lock()
414
except LockContention:
416
new_info = self.peek()
417
self._trace('last_info: %s, new info: %s', last_info, new_info)
418
if new_info is not None and new_info != last_info:
419
if last_info is None:
420
start = 'Unable to obtain'
422
start = 'Lock owner changed for'
424
formatted_info = self._format_lock_info(new_info)
425
if deadline_str is None:
426
deadline_str = time.strftime('%H:%M:%S',
427
time.localtime(deadline))
428
self._report_function('%s %s\n'
430
'%s\n' # locked ... ago
431
'Will continue to try until %s\n',
438
if time.time() + poll < deadline:
439
self._trace("waiting %ss", poll)
442
self._trace("timeout after waiting %ss", timeout)
443
raise LockContention(self)
445
def leave_in_place(self):
446
self._locked_via_token = True
448
def dont_leave_in_place(self):
449
self._locked_via_token = False
451
def lock_write(self, token=None):
452
"""Wait for and acquire the lock.
454
:param token: if this is already locked, then lock_write will fail
455
unless the token matches the existing lock.
456
:returns: a token if this instance supports tokens, otherwise None.
457
:raises TokenLockingNotSupported: when a token is given but this
458
instance doesn't support using token locks.
459
:raises MismatchedToken: if the specified token doesn't match the token
460
of the existing lock.
462
A token should be passed in if you know that you have locked the object
463
some other way, and need to synchronise this object's state with that
466
XXX: docstring duplicated from LockableFiles.lock_write.
468
if token is not None:
469
self.validate_token(token)
471
self._lock_held = True
472
self._locked_via_token = True
475
return self.wait_lock()
478
"""Compatibility-mode shared lock.
480
LockDir doesn't support shared read-only locks, so this
481
just pretends that the lock is taken but really does nothing.
483
# At the moment Branches are commonly locked for read, but
484
# we can't rely on that remotely. Once this is cleaned up,
485
# reenable this warning to prevent it coming back in
487
## warn("LockDir.lock_read falls back to write lock")
488
if self._lock_held or self._fake_read_lock:
489
raise LockContention(self)
490
self._fake_read_lock = True
492
def wait(self, timeout=20, poll=0.5):
493
"""Wait a certain period for a lock to be released."""
494
# XXX: the transport interface doesn't let us guard
495
# against operations there taking a long time.
497
# XXX: Is this really needed? Do people want to wait for the lock but
498
# not acquire it? As of bzr 0.17, this seems to only be called from
500
deadline = time.time() + timeout
504
if time.time() + poll < deadline:
505
self._trace("waiting %ss", poll)
508
self._trace("temeout after waiting %ss", timeout)
509
raise LockContention(self)
511
def _format_lock_info(self, info):
512
"""Turn the contents of peek() into something for the user"""
513
lock_url = self.transport.abspath(self.path)
514
delta = time.time() - int(info['start_time'])
516
'lock %s' % (lock_url,),
517
'held by %(user)s on host %(hostname)s [process #%(pid)s]' % info,
518
'locked %s' % (format_delta(delta),),
521
def validate_token(self, token):
522
if token is not None:
528
lock_token = info.get('nonce')
529
if token != lock_token:
530
raise errors.TokenMismatch(token, lock_token)
532
self._trace("Revalidated by token %r", token)
534
def _trace(self, format, *args):
535
if 'lock' not in debug.debug_flags:
537
mutter(str(self) + ": " + (format % args))
added
removed
bzrlib/lockdir.py
