[lisp] / safely.lisp

;;; -*-lisp-*-
;;;
;;; $Id$
;;;
;;; Safely modify collections of files
;;;
;;; (c) 2005 Straylight/Edgeware
;;;

;;;----- Licensing notice ---------------------------------------------------
;;;
;;; This program is free software; you can redistribute it and/or modify
;;; it under the terms of the GNU General Public License as published by
;;; the Free Software Foundation; either version 2 of the License, or
;;; (at your option) any later version.
;;;
;;; This program is distributed in the hope that it will be useful,
;;; but WITHOUT ANY WARRANTY; without even the implied warranty of
;;; MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
;;; GNU General Public License for more details.
;;;
;;; You should have received a copy of the GNU General Public License
;;; along with this program; if not, write to the Free Software Foundation,
;;; Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.

(defpackage #:safely
  (:use #:common-lisp #:mdw.base)
  (:export #:safely #:safely-close #:safely-delete-file
	   #:safely-open-output-stream #:safely-bail #:safely-commit
	   #:safely-writing))
(in-package #:safely)

#+(or cmu sbcl)
(eval-when (:compile-toplevel :execute)
  (import #+cmu '(ext:unix-namestring unix:unix-link)
	  #+sbcl '(sb-ext:native-namestring)))
#+cmu
(progn
  (declaim (inline unix-namestring))
  (defun native-namestring (pathname &key as-file)
    (declare (ignore as-file))
    (unix-namestring pathname nil)))

(defstruct (safely (:predicate safelyp))
  "Stores information about how to commit or undo safe writes."
  (streams nil)
  (trail nil))

(defun safely-close (safe stream)
  "Make sure that STREAM is closed when SAFE is finished."
  (push stream (safely-streams safe)))

(defun safely-delete-file (safe file)
  "Delete FILE when SAFE is committed."
  (push `(:delete ,file) (safely-trail safe)))

(defun generate-fresh-file-name (base tag &optional func)
  "Return a fresh file name constructed from BASE (a filespec) and TAG (some
   short descriptive string).  The generated name has the same directory and
   type as the BASE name, but a different name.

   If FUNC is non-nil, then it is a function to call on the generated file
   name: generate-fresh-file-name runs in a loop, calling FUNC with generated
   file names until FUNC returns non-nil, at which point generate-fresh-
   file-name returns two values: the generated name, and the result of FUNC.
   generate-fresh-file-name catches errors of type file-error from FUNC, and
   just tries again with a new name.

   If FUNC is nil, it's treated the same as a function which always returns
   t.

   This is inspired by a similar facility in scsh."
  (let ((base (pathname base)))
    (dotimes (i 256
	      (error "Gave up trying to find a temporary ~A file for ~S."
		     tag base))
      (let* ((new (merge-pathnames
		   (make-pathname
		    :name (format nil "~A-~A-~X"
				  (pathname-name base)
				  tag
				  (random most-positive-fixnum)))
		   base))
	     (ret (and (not (probe-file new))
		       (if func
			   (handler-case (funcall func new)
			     (file-error (cond)
			       (unless (pathname-match-p
					(file-error-pathname cond)
					new)
				 (error cond))
			       nil))
			   t))))
	(when ret
	  (return (values new ret)))))))

(defun safely-open-output-stream (safe file &rest open-args)
  "Create an output stream which will be named FILE when SAFE is committed.
   Other OPEN-ARGS are passed to open."
  (multiple-value-bind
      (name stream)
      (generate-fresh-file-name file "new"
				(lambda (name)
				  (apply #'open name
					 :direction :output
					 :if-exists nil
					 open-args)))
    (safely-close safe stream)
    (push `(:shunt ,name ,file)
	  (safely-trail safe))
    stream))

(declaim (inline rename))
(defun rename (old new)
  (let ((target (make-pathname :directory '(:relative)
			       :defaults new)))
    #-clisp (rename-file old target)
    #+clisp (rename-file old target :if-exists :overwrite)))

(defun delete-file-without-moaning (file)
  "Delete the FILE, ignoring errors."
  (handler-case (delete-file file)
    (file-error () nil)))

(defun rename-file-without-moaning (old new)
  "Rename OLD to NEW, ignoring errors, and without doing any stupid name
   mangling."
  (handler-case (rename old new)
    (file-error () nil)))

(defun safely-unwind (trail)
  "Roll back the TRAIL of operations."
  (dolist (job trail)
    (ecase (car job)
      (:shunt (destructuring-bind (new file) (cdr job)
		(declare (ignore file))
		(delete-file-without-moaning new)))
      (:delete)
      (:rmtmp (destructuring-bind (file) (cdr job)
		(delete-file-without-moaning file)))
      (:revert (destructuring-bind (old new) (cdr job)
		 (rename-file-without-moaning old new))))))

(defun safely-reset (safe)
  "Reset SAFE to its initial state."
  (setf (safely-streams safe) nil)
  (setf (safely-trail safe) nil))

(defun safely-bail (safe)
  "Abort the operations in SAFE, unwinding all the things that have been
   done.  Streams are closed, new files are removed."
  (dolist (stream (safely-streams safe))
    (close stream :abort t))
  (safely-unwind (safely-trail safe))
  (safely-reset safe))

#+sbcl
(defun unix-link (from to)
  (sb-unix::int-syscall ("link" sb-alien:c-string sb-alien:c-string)
			from to))

(defun safe-copy (file tag)
  "Make a copy of the FILE.  Return the new name."

  #+(or cmu sbcl)
  ;; Use link(2) where available.
  (generate-fresh-file-name file tag
			    (lambda (name)
			      (let ((from (native-namestring file
							     :as-file t))
				    (to (native-namestring name
							   :as-file t)))
				(and from to
				     (unix-link from to)))))

  #+clisp
  (generate-fresh-file-name file tag
			    (lambda (name)
			      (posix:copy-file (namestring file)
					       (namestring name)
					       :method :hardlink
					       :if-exists nil)))


  #-(or cmu sbcl)
  ;; Otherwise just copy the file contents and hope for the best.
  (with-open-file (input file :element-type :default)
    (multiple-value-bind
	(copy output)
	(generate-fresh-file-name file tag
				  (lambda (name)
				    (open name
					  :direction :output
					  :if-exists nil
					  :element-type :default)))
      (unwind-protect
	   (progn
	     (let ((buffer (make-array 8192
				       :element-type (stream-element-type
						      input))))
	       (loop
		 (let ((read (read-sequence buffer input)))
		   (when (plusp read)
		     (write-sequence buffer output :end read))
		   (when (< read (length buffer))
		     (return copy))))))
	(close output)))))

(defun safely-commit (safe)
  "Commit SAFE.  The files deleted by safely-delete-file are deleted; the
   files created by safely-open-output-stream are renamed over the old
   versions, if any.  If a problem occurs during this stage, everything is
   rewound and no changes are made."
  (let ((trail (safely-trail safe))
	(revert nil)
	(cleanup nil))
    (unwind-protect
	(progn
	  (dolist (stream (safely-streams safe))
	    (close stream))
	  (loop
	    (unless trail
	      (return))
	    (let ((job (pop trail)))
	      (ecase (car job)
		(:shunt (destructuring-bind (tag new file) job
			  (declare (ignore tag))
			  (push `(:rmtmp ,new) revert)
			  (if (probe-file file)
			      (let ((old (safe-copy file "old")))
				(push `(:rmtmp ,old) cleanup)
				(push `(:revert ,old ,file) revert))
			      (push `(:rmtmp ,file) revert))
			  (rename new file)))
		(:delete (destructuring-bind (tag file) job
			   (declare (ignore tag))
			   (let ((old (safe-copy file "delete")))
			     (push `(:revert ,old ,file) revert)
			     (push `(:rmtmp ,old) cleanup)
			     (delete-file file)))))))
	  (setf revert nil))
      (safely-unwind trail)
      (safely-unwind revert)
      (safely-unwind cleanup)
      (safely-reset safe))))

(defmacro safely ((safe &key) &body body)
  "Do stuff within the BODY safely.  If BODY completes without errors, the
   SAFE is committed; otherwise it's bailed."
  `(let ((,safe (make-safely)))
     (unwind-protect
	 (progn
	   ,@body
	   (safely-commit ,safe)
	   (setf ,safe nil))
       (when ,safe
	 (safely-bail ,safe)))))

(defmacro safely-writing ((stream file &rest open-args) &body body)
  "Simple macro for writing a single file safely.  STREAM is opened onto a
   temporary file, and if BODY completes, it is renamed to FILE."
  (with-gensyms safe
    `(safely (,safe)
       (let ((,stream (safely-open-output-stream ,safe ,file ,@open-args)))
	 ,@body))))

;;;----- That's all, folks --------------------------------------------------
Commit	Line	Data
861345b4	1	;;; --lisp--
	2	;;;
	3	;;; $Id$
	4	;;;
	5	;;; Safely modify collections of files
	6	;;;
	7	;;; (c) 2005 Straylight/Edgeware
	8	;;;
	9
	10	;;;----- Licensing notice ---------------------------------------------------
	11	;;;
	12	;;; This program is free software; you can redistribute it and/or modify
	13	;;; it under the terms of the GNU General Public License as published by
	14	;;; the Free Software Foundation; either version 2 of the License, or
	15	;;; (at your option) any later version.
b2c12b4e	16	;;;
861345b4	17	;;; This program is distributed in the hope that it will be useful,
	18	;;; but WITHOUT ANY WARRANTY; without even the implied warranty of
	19	;;; MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
	20	;;; GNU General Public License for more details.
b2c12b4e	21	;;;
861345b4	22	;;; You should have received a copy of the GNU General Public License
	23	;;; along with this program; if not, write to the Free Software Foundation,
	24	;;; Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
	25
0b3651e5	26	(defpackage #:safely
623291d2	27	(:use #:common-lisp #:mdw.base)
861345b4	28	(:export #:safely #:safely-close #:safely-delete-file
	29	#:safely-open-output-stream #:safely-bail #:safely-commit
	30	#:safely-writing))
0b3651e5	31	(in-package #:safely)
861345b4	32
d7d81997 MW	33	#+(or cmu sbcl)
	34	(eval-when (:compile-toplevel :execute)
	35	(import #+cmu '(ext:unix-namestring unix:unix-link)
2d9f4fc0 MW	36	#+sbcl '(sb-ext:native-namestring)))
	37	#+cmu
	38	(progn
	39	(declaim (inline unix-namestring))
	40	(defun native-namestring (pathname &key as-file)
	41	(declare (ignore as-file))
	42	(unix-namestring pathname nil)))
d7d81997	43
861345b4	44	(defstruct (safely (:predicate safelyp))
	45	"Stores information about how to commit or undo safe writes."
	46	(streams nil)
	47	(trail nil))
5e04ac39	48
861345b4	49	(defun safely-close (safe stream)
	50	"Make sure that STREAM is closed when SAFE is finished."
	51	(push stream (safely-streams safe)))
5e04ac39	52
861345b4	53	(defun safely-delete-file (safe file)
861345b4	54	"Delete FILE when SAFE is committed."
623291d2 MW	55	(push `(:delete ,file) (safely-trail safe)))
	56
	57	(defun generate-fresh-file-name (base tag &optional func)
	58	"Return a fresh file name constructed from BASE (a filespec) and TAG (some
	59	short descriptive string). The generated name has the same directory and
	60	type as the BASE name, but a different name.
	61
	62	If FUNC is non-nil, then it is a function to call on the generated file
	63	name: generate-fresh-file-name runs in a loop, calling FUNC with generated
	64	file names until FUNC returns non-nil, at which point generate-fresh-
	65	file-name returns two values: the generated name, and the result of FUNC.
	66	generate-fresh-file-name catches errors of type file-error from FUNC, and
	67	just tries again with a new name.
	68
	69	If FUNC is nil, it's treated the same as a function which always returns
	70	t.
	71
	72	This is inspired by a similar facility in scsh."
	73	(let ((base (pathname base)))
	74	(dotimes (i 256
	75	(error "Gave up trying to find a temporary ~A file for ~S."
	76	tag base))
	77	(let* ((new (merge-pathnames
	78	(make-pathname
	79	:name (format nil "~A-~A-~X"
	80	(pathname-name base)
	81	tag
	82	(random most-positive-fixnum)))
	83	base))
	84	(ret (and (not (probe-file new))
	85	(if func
	86	(handler-case (funcall func new)
	87	(file-error (cond)
	88	(unless (pathname-match-p
	89	(file-error-pathname cond)
	90	new)
	91	(error cond))
	92	nil))
	93	t))))
	94	(when ret
	95	(return (values new ret)))))))
5e04ac39	96
861345b4	97	(defun safely-open-output-stream (safe file &rest open-args)
861345b4	98	"Create an output stream which will be named FILE when SAFE is committed.
0ff9df03	99	Other OPEN-ARGS are passed to open."
623291d2 MW	100	(multiple-value-bind
	101	(name stream)
	102	(generate-fresh-file-name file "new"
	103	(lambda (name)
	104	(apply #'open name
	105	:direction :output
	106	:if-exists nil
	107	open-args)))
861345b4	108	(safely-close safe stream)
623291d2	109	(push `(:shunt ,name ,file)
861345b4	110	(safely-trail safe))
861345b4	111	stream))
5e04ac39	112
443fcfc4 MW	113	(declaim (inline rename))
443fcfc4 MW	114	(defun rename (old new)
562ed2dd MW	115	(let ((target (make-pathname :directory '(:relative)
	116	:defaults new)))
	117	#-clisp (rename-file old target)
	118	#+clisp (rename-file old target :if-exists :overwrite)))
443fcfc4	119
861345b4	120	(defun delete-file-without-moaning (file)
861345b4	121	"Delete the FILE, ignoring errors."
623291d2 MW	122	(handler-case (delete-file file)
623291d2 MW	123	(file-error () nil)))
5e04ac39	124
861345b4	125	(defun rename-file-without-moaning (old new)
861345b4	126	"Rename OLD to NEW, ignoring errors, and without doing any stupid name
0ff9df03	127	mangling."
443fcfc4	128	(handler-case (rename old new)
623291d2	129	(file-error () nil)))
5e04ac39	130
861345b4	131	(defun safely-unwind (trail)
	132	"Roll back the TRAIL of operations."
	133	(dolist (job trail)
	134	(ecase (car job)
623291d2 MW	135	(:shunt (destructuring-bind (new file) (cdr job)
623291d2 MW	136	(declare (ignore file))
861345b4	137	(delete-file-without-moaning new)))
861345b4	138	(:delete)
623291d2	139	(:rmtmp (destructuring-bind (file) (cdr job)
861345b4	140	(delete-file-without-moaning file)))
623291d2	141	(:revert (destructuring-bind (old new) (cdr job)
861345b4	142	(rename-file-without-moaning old new))))))
5e04ac39	143
861345b4	144	(defun safely-reset (safe)
	145	"Reset SAFE to its initial state."
	146	(setf (safely-streams safe) nil)
	147	(setf (safely-trail safe) nil))
5e04ac39	148
861345b4	149	(defun safely-bail (safe)
861345b4	150	"Abort the operations in SAFE, unwinding all the things that have been
0ff9df03	151	done. Streams are closed, new files are removed."
861345b4	152	(dolist (stream (safely-streams safe))
	153	(close stream :abort t))
	154	(safely-unwind (safely-trail safe))
	155	(safely-reset safe))
5e04ac39	156
d7d81997 MW	157	#+sbcl
	158	(defun unix-link (from to)
	159	(sb-unix::int-syscall ("link" sb-alien:c-string sb-alien:c-string)
	160	from to))
	161
623291d2 MW	162	(defun safe-copy (file tag)
	163	"Make a copy of the FILE. Return the new name."
	164
d7d81997	165	#+(or cmu sbcl)
623291d2 MW	166	;; Use link(2) where available.
	167	(generate-fresh-file-name file tag
	168	(lambda (name)
2d9f4fc0 MW	169	(let ((from (native-namestring file
	170	:as-file t))
	171	(to (native-namestring name
	172	:as-file t)))
623291d2	173	(and from to
d7d81997	174	(unix-link from to)))))
623291d2	175
443fcfc4 MW	176	#+clisp
	177	(generate-fresh-file-name file tag
	178	(lambda (name)
6a115035 MW	179	(posix:copy-file (namestring file)
	180	(namestring name)
	181	:method :hardlink
	182	:if-exists nil)))
	183
443fcfc4 MW	184
443fcfc4 MW	185
d7d81997	186	#-(or cmu sbcl)
623291d2 MW	187	;; Otherwise just copy the file contents and hope for the best.
	188	(with-open-file (input file :element-type :default)
	189	(multiple-value-bind
	190	(copy output)
	191	(generate-fresh-file-name file tag
	192	(lambda (name)
	193	(open name
	194	:direction :output
	195	:if-exists nil
	196	:element-type :default)))
	197	(unwind-protect
	198	(progn
	199	(let ((buffer (make-array 8192
	200	:element-type (stream-element-type
	201	input))))
	202	(loop
	203	(let ((read (read-sequence buffer input)))
	204	(when (plusp read)
	205	(write-sequence buffer output :end read))
	206	(when (< read (length buffer))
	207	(return copy))))))
	208	(close output)))))
b2c12b4e	209
861345b4	210	(defun safely-commit (safe)
861345b4	211	"Commit SAFE. The files deleted by safely-delete-file are deleted; the
0ff9df03 MW	212	files created by safely-open-output-stream are renamed over the old
	213	versions, if any. If a problem occurs during this stage, everything is
	214	rewound and no changes are made."
861345b4	215	(let ((trail (safely-trail safe))
	216	(revert nil)
	217	(cleanup nil))
	218	(unwind-protect
	219	(progn
	220	(dolist (stream (safely-streams safe))
	221	(close stream))
	222	(loop
	223	(unless trail
	224	(return))
6e1633e7 MW	225	(let ((job (pop trail)))
	226	(ecase (car job)
	227	(:shunt (destructuring-bind (tag new file) job
	228	(declare (ignore tag))
	229	(push `(:rmtmp ,new) revert)
	230	(if (probe-file file)
	231	(let ((old (safe-copy file "old")))
	232	(push `(:rmtmp ,old) cleanup)
	233	(push `(:revert ,old ,file) revert))
	234	(push `(:rmtmp ,file) revert))
	235	(rename new file)))
	236	(:delete (destructuring-bind (tag file) job
	237	(declare (ignore tag))
	238	(let ((old (safe-copy file "delete")))
	239	(push `(:revert ,old ,file) revert)
	240	(push `(:rmtmp ,old) cleanup)
	241	(delete-file file)))))))
861345b4	242	(setf revert nil))
	243	(safely-unwind trail)
	244	(safely-unwind revert)
	245	(safely-unwind cleanup)
	246	(safely-reset safe))))
5e04ac39	247
861345b4	248	(defmacro safely ((safe &key) &body body)
861345b4	249	"Do stuff within the BODY safely. If BODY completes without errors, the
0ff9df03	250	SAFE is committed; otherwise it's bailed."
861345b4	251	`(let ((,safe (make-safely)))
	252	(unwind-protect
	253	(progn
	254	,@body
	255	(safely-commit ,safe)
	256	(setf ,safe nil))
	257	(when ,safe
	258	(safely-bail ,safe)))))
5e04ac39	259
861345b4	260	(defmacro safely-writing ((stream file &rest open-args) &body body)
861345b4	261	"Simple macro for writing a single file safely. STREAM is opened onto a
0ff9df03	262	temporary file, and if BODY completes, it is renamed to FILE."
861345b4	263	(with-gensyms safe
861345b4	264	`(safely (,safe)
7413889a	265	(let ((,stream (safely-open-output-stream ,safe ,file ,@open-args)))
861345b4	266	,@body))))
	267
	268	;;;----- That's all, folks --------------------------------------------------