Safe overwriting of files

fabiangans · August 2, 2024, 7:00am

I have a workflow where I repeatedly need to overwrite files with new content. I think the easiest way to overwrite a file is to use write(filename,newcontent).

My question is how safe this function is against data loss when the julia process calling it gets interrupted unexpectedly during the write operation (e.g. someone hitting CTRL-C, a cluster manager killing process because of timeout etc…). I basically want to make sure that the file always either contains the old content or the new one but it should ideally never end up in a state where both the old and the new content of the file are lost. Is it safer to do something like:

mv(filename, filename * ".old")
write(filename,newcontent)
rm(filename * ".old")

so I could recover the data manually or are there already existing protection mechanisms against data loss in the former short version?

GunnarFarneback · August 2, 2024, 8:48am

The short version is indeed not data loss safe (but very convenient when that is not a significant issue).

The usual approach to improve safety is to write the new content into a temporary file and once that has succeeded (and possibly been verified by reading it back or computing a hash), move it into its target location.

sgaure · August 2, 2024, 9:06am

The mv operation is atomic when used within a file system (e.g. within a directory), so you should use that. The typical pattern is as Gunnar says,

tfilename = filename * ".tmp"
write(tfilename, newcontent)
mv(tfilename, filename, force=true)

This will ensure that filename always contains valid content.

fabiangans · August 2, 2024, 9:13am

Thanks a lot to both of you, exactly the information I needed.

nhz2 · August 2, 2024, 12:08pm

The mv(...; force=true) function in Julia is not atomic. It calls rm before renaming, so there can be a time where the destination file is missing. julia/base/file.jl at c6732a79494f604e0f320ea451856a1c10511659 · JuliaLang/julia · GitHub

nhz2 · August 2, 2024, 1:20pm

There is a function in Python called os.replace that tries to be atomic but I don’t know how to do this in Julia (outside of using PythonCall)

sgaure · August 2, 2024, 1:49pm

Wow, what a mess. Then you can replace the mv with

@ccall rename(tfilename::Cstring, filename::Cstring)::Cint

or

run(`mv $tfilename $filename`)

eldee · August 3, 2024, 12:13pm

To make everything a bit more messy, both of the methods sgaure suggests above, will sadly not work on Windows, as rename does not overwrite and mv does not exist.

On Windows you can instead use
run(`cmd /C MOVE /Y $old_filename $new_filename`)

I’m not sure if this is in fact atomic though, as a quick search yields contradictory information.

stephancb · August 3, 2024, 1:16pm

Another possible strategy is to put your contents into a database, for example SQLite with file based storage (DuckDB also qualifies, I guess). Databases are often chosen for handling larger amounts of content with non-trivial structuring, and may feel to be an overkill in this respect for simpler data. But overlooked is frequently another advantage: SQLite provides save inserts and updates=ACID transactions, across all supported OSs, and is, owing to its enormous popularity, very thouroughly tested. Trying to overwrite files safely but “manually” is to some extend reinventing the wheel.

GunnarFarneback · August 3, 2024, 3:17pm

A possible low-tech workaround is to do a two-step mv dance where the original file is temporarily moved to a backup name and then removed after the new file is in place.

StevenSiew · August 4, 2024, 3:18am

If you are SUPER paranoid. Then try this

sgaure:

tfilename = filename * ".tmp"
write(tfilename, newcontent)
checksum = getchecksum(filename)
cp(filename,filename * ".old")
verifychecksum(checksum,filename * ".old")
checksum = getchecksum(tfilename)
mv(tfilename, filename)
verifychecksum(checksum,filename)

nhz2 · August 6, 2024, 12:48pm

I made a PR to make mv more atomic for this pattern to work.

github.com/JuliaLang/julia

Make `mv` more atomic by trying rename before deleting `dst`

JuliaLang:master ← nhz2:more-atomic-mv

opened 04:53PM - 05 Aug 24 UTC

nhz2

+74 -13

As noted in https://github.com/JuliaLang/julia/issues/41584 and https://discours…e.julialang.org/t/safe-overwriting-of-files/117758/3 `mv` is usually expected to be "best effort atomic". Currently calling `mv` with `force=true` calls `checkfor_mv_cp_cptree(src, dst, "moving"; force=true)` before renaming. `checkfor_mv_cp_cptree` will delete `dst` if exists and isn't the same as `src`. If `dst` is an existing file and julia stops after deleting `dst` but before doing the rename, `dst` will be removed but will not be replaced with `src`. This PR changes `mv` with `force=true` to first try rename, and only delete `dst` if that fails. Assuming file system support and the first rename works, julia stopping will not lead to `dst` being removed without being replaced. This also replaces a stopgap solution from https://github.com/JuliaLang/julia/pull/36638#discussion_r453820564

nhz2 · August 16, 2024, 12:39pm

I made a new PR to document Base.rename which is a more cross-platform version of @ccall rename(tfilename::Cstring, filename::Cstring)::Cint