lucene-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Thomas Mueller <thomas.tom.muel...@gmail.com>
Subject Socket and file locks
Date Tue, 24 Nov 2009 09:42:41 GMT
Hi,

> > > shouldn't active code like that live in the application layer?
> > Why?
> You can all but guarantee that polling will work at the app layer

The application layer may also run with low priority. In operating
systems, it's usually the lower layer that have more 'rights'
(priority), and not the higher levels (I'm not saying it should be
like that in Java). I just think the application layer should not have
to deal with write locks or removing write locks.

> by the time the original process realizes that it doesn't hold the lock anymore, the
damage could already have been done.

Yes, I'm not sure how to best avoid that (with any design). Asking the
application layer or the user whether the lock file can be removed is
probably more dangerous than trying the best in Lucene.

Standby / hibernate: the question is, if the machine process is
currently not running, does the process still hold the lock? I think
no, because the machine might as well turned off. How to detect
whether the machine is turned off versus in hibernate mode? I guess
that's a problem for all mechanisms (socket / file lock / background
thread).

When a hibernated process wakes up again, he thinks he owns the lock.
Even if the process checks before each write, it is unsafe:

if (isStillLocked()) {
  write();
}

The process could wake up after isStillLocked() but before write().
One protection is: The second process (the one that breaks the lock)
would need to work on a copy of the data instead of the original file
(it could delete / truncate the orginal file after creating a copy).
On Windows, renaming the file might work (not sure); on Linux you
probably need to copy the content to a new file. Like that, the awoken
process can only destroy inactive data.

The question is: do we need to solve this problem? How big is the
risk? Instead of solving this problem completely, you could detect it
after the fact without much overhead, and throw an exception saying:
"data may be corrupt now".

PID: With the PID, you could check if the process still runs. Or it
could be another process with the same PID (is that possible?), or the
same PID but a different machine (when using a network share). It's
probably more safe if you can communicate with the lock owner (using
TCP/IP or over the file system by deleting/creating a file).

Unique id: The easiest solution is to use a UUID (a cryptographically
secure random number). That problem _is_ solved (some systems have
trouble generating entropy, but there are workarounds). If you anyway
have a communication channel to the process, you could ask for this
UUID. One you have a communication channel, you can do a lot
(reference counting, safely transfer the lock,...).

> If the server and the client can't access each other

How to find out that the server is still running? My point is: I like
to have a secure, automatic way to break the lock if the machine or
process is stopped. And from my experience, native file locking is
problematic for this.

You could also combine solutions (such as: combine the 'open a server
socket' solution with 'background thread' solution). I'm not sure if
it's worth it to solve the 'hibernate' problem.

Regards,
Thomas

---------------------------------------------------------------------
To unsubscribe, e-mail: java-dev-unsubscribe@lucene.apache.org
For additional commands, e-mail: java-dev-help@lucene.apache.org


Mime
View raw message