Merge pull request #10593 from cabalism/typo/prexif-reseved

[cabal.git] / cabal-install / src / Distribution / Client / Store.hs

{-# LANGUAGE CPP #-}
{-# LANGUAGE NamedFieldPuns #-}
{-# LANGUAGE RecordWildCards #-}

-- | Management for the installed package store.
module Distribution.Client.Store
  ( -- * The store layout
    StoreDirLayout (..)
  , defaultStoreDirLayout

    -- * Reading store entries
  , getStoreEntries
  , doesStoreEntryExist

    -- * Creating store entries
  , newStoreEntry
  , NewStoreEntryOutcome (..)

    -- * Concurrency strategy
    -- $concurrency
  ) where

import Distribution.Client.Compat.Prelude
import Prelude ()

import Distribution.Client.DistDirLayout
import Distribution.Client.RebuildMonad

import Distribution.Package (UnitId, mkUnitId)
import Distribution.Simple.Compiler (Compiler (..))

import Distribution.Simple.Utils
  ( debug
  , info
  , withTempDirectory
  )
import Distribution.Verbosity
  ( silent
  )

import Control.Exception
import qualified Data.Set as Set
import System.Directory
import System.FilePath

#ifdef MIN_VERSION_lukko
import Lukko
#else
import System.IO (openFile, IOMode(ReadWriteMode), hClose)
import GHC.IO.Handle.Lock (hLock, hTryLock, LockMode(ExclusiveLock))
import GHC.IO.Handle.Lock (hUnlock)
#endif

-- $concurrency
--
-- We access and update the store concurrently. Our strategy to do that safely
-- is as follows.
--
-- The store entries once created are immutable. This alone simplifies matters
-- considerably.
--
-- Additionally, the way 'UnitId' hashes are constructed means that if a store
-- entry exists already then we can assume its content is ok to reuse, rather
-- than having to re-recreate. This is the nix-style input hashing concept.
--
-- A consequence of this is that with a little care it is /safe/ to race
-- updates against each other. Consider two independent concurrent builds that
-- both want to build a particular 'UnitId', where that entry does not yet
-- exist in the store. It is safe for both to build and try to install this
-- entry into the store provided that:
--
-- * only one succeeds
-- * the looser discovers that they lost, they abandon their own build and
--   re-use the store entry installed by the winner.
--
-- Note that because builds are not reproducible in general (nor even
-- necessarily ABI compatible) then it is essential that the loser abandon
-- their build and use the one installed by the winner, so that subsequent
-- packages are built against the exact package from the store rather than some
-- morally equivalent package that may not be ABI compatible.
--
-- Our overriding goal is that store reads be simple, cheap and not require
-- locking. We will derive our write-side protocol to make this possible.
--
-- The read-side protocol is simply:
--
-- * check for the existence of a directory entry named after the 'UnitId' in
--   question. That is, if the dir entry @$root/foo-1.0-fe56a...@ exists then
--   the store entry can be assumed to be complete and immutable.
--
-- Given our read-side protocol, the final step on the write side must be to
-- atomically rename a fully-formed store entry directory into its final
-- location. While this will indeed be the final step, the preparatory steps
-- are more complicated. The tricky aspect is that the store also contains a
-- number of shared package databases (one per compiler version). Our read
-- strategy means that by the time we install the store dir entry the package
-- db must already have been updated. We cannot do the package db update
-- as part of atomically renaming the store entry directory however. Furthermore
-- it is not safe to allow either package db update because the db entry
-- contains the ABI hash and this is not guaranteed to be deterministic. So we
-- must register the new package prior to the atomic dir rename. Since this
-- combination of steps are not atomic then we need locking.
--
-- The write-side protocol is:
--
-- * Create a unique temp dir and write all store entry files into it.
--
-- * Take a lock named after the 'UnitId' in question.
--
-- * Once holding the lock, check again for the existence of the final store
--   entry directory. If the entry exists then the process lost the race and it
--   must abandon, unlock and re-use the existing store entry. If the entry
--   does not exist then the process won the race and it can proceed.
--
-- * Register the package into the package db. Note that the files are not in
--   their final location at this stage so registration file checks may need
--   to be disabled.
--
-- * Atomically rename the temp dir to the final store entry location.
--
-- * Release the previously-acquired lock.
--
-- Obviously this means it is possible to fail after registering but before
-- installing the store entry, leaving a dangling package db entry. This is not
-- much of a problem because this entry does not determine package existence
-- for cabal. It does mean however that the package db update should be insert
-- or replace, i.e. not failing if the db entry already exists.

-- | Check if a particular 'UnitId' exists in the store.
doesStoreEntryExist :: StoreDirLayout -> Compiler -> UnitId -> IO Bool
doesStoreEntryExist StoreDirLayout{storePackageDirectory} compiler unitid =
  doesDirectoryExist (storePackageDirectory compiler unitid)

-- | Return the 'UnitId's of all packages\/components already installed in the
-- store.
getStoreEntries :: StoreDirLayout -> Compiler -> Rebuild (Set UnitId)
getStoreEntries StoreDirLayout{storeDirectory} compiler = do
  paths <- getDirectoryContentsMonitored (storeDirectory compiler)
  return $! mkEntries paths
  where
    mkEntries =
      Set.delete (mkUnitId "package.db")
        . Set.delete (mkUnitId "incoming")
        . Set.fromList
        . map mkUnitId
        . filter valid
    valid ('.' : _) = False
    valid _ = True

-- | The outcome of 'newStoreEntry': either the store entry was newly created
-- or it existed already. The latter case happens if there was a race between
-- two builds of the same store entry.
data NewStoreEntryOutcome
  = UseNewStoreEntry
  | UseExistingStoreEntry
  deriving (Eq, Show)

-- | Place a new entry into the store. See the concurrency strategy description
-- for full details.
--
-- In particular, it takes two actions: one to place files into a temporary
-- location, and a second to perform any necessary registration. The first
-- action is executed without any locks held (the temp dir is unique). The
-- second action holds a lock that guarantees that only one cabal process is
-- able to install this store entry. This means it is safe to register into
-- the compiler package DB or do other similar actions.
--
-- Note that if you need to use the registration information later then you
-- /must/ check the 'NewStoreEntryOutcome' and if it's'UseExistingStoreEntry'
-- then you must read the existing registration information (unless your
-- registration information is constructed fully deterministically).
newStoreEntry
  :: Verbosity
  -> StoreDirLayout
  -> Compiler
  -> UnitId
  -> (FilePath -> IO (FilePath, [FilePath]))
  -- ^ Action to place files.
  -> IO ()
  -- ^ Register action, if necessary.
  -> IO NewStoreEntryOutcome
newStoreEntry
  verbosity
  storeDirLayout@StoreDirLayout{..}
  compiler
  unitid
  copyFiles
  register =
    -- See $concurrency above for an explanation of the concurrency protocol

    withTempIncomingDir storeDirLayout compiler $ \incomingTmpDir -> do
      -- Write all store entry files within the temp dir and return the prefix.
      (incomingEntryDir, otherFiles) <- copyFiles incomingTmpDir

      -- Take a lock named after the 'UnitId' in question.
      withIncomingUnitIdLock verbosity storeDirLayout compiler unitid $ do
        -- Check for the existence of the final store entry directory.
        exists <- doesStoreEntryExist storeDirLayout compiler unitid

        if exists
          then -- If the entry exists then we lost the race and we must abandon,
          -- unlock and re-use the existing store entry.
          do
            info verbosity $
              "Concurrent build race: abandoning build in favour of existing "
                ++ "store entry "
                ++ prettyShow compid
                </> prettyShow unitid
            return UseExistingStoreEntry
          else -- If the entry does not exist then we won the race and can proceed.
          do
            -- Register the package into the package db (if appropriate).
            register

            -- Atomically rename the temp dir to the final store entry location.
            renameDirectory incomingEntryDir finalEntryDir
            for_ otherFiles $ \file -> do
              let finalStoreFile = storeDirectory compiler </> makeRelative (normalise $ incomingTmpDir </> (dropDrive (storeDirectory compiler))) file
              createDirectoryIfMissing True (takeDirectory finalStoreFile)
              renameFile file finalStoreFile

            debug verbosity $
              "Installed store entry " ++ prettyShow compid </> prettyShow unitid
            return UseNewStoreEntry
    where
      compid = compilerId compiler

      finalEntryDir = storePackageDirectory compiler unitid

withTempIncomingDir
  :: StoreDirLayout
  -> Compiler
  -> (FilePath -> IO a)
  -> IO a
withTempIncomingDir StoreDirLayout{storeIncomingDirectory} compiler action = do
  createDirectoryIfMissing True incomingDir
  withTempDirectory silent incomingDir "new" action
  where
    incomingDir = storeIncomingDirectory compiler

withIncomingUnitIdLock
  :: Verbosity
  -> StoreDirLayout
  -> Compiler
  -> UnitId
  -> IO a
  -> IO a
withIncomingUnitIdLock
  verbosity
  StoreDirLayout{storeIncomingLock}
  compiler
  unitid
  action =
    bracket takeLock releaseLock (\_hnd -> action)
    where
      compid = compilerId compiler
#ifdef MIN_VERSION_lukko
      takeLock
          | fileLockingSupported = do
              fd <- fdOpen (storeIncomingLock compiler unitid)
              gotLock <- fdTryLock fd ExclusiveLock
              unless gotLock  $ do
                  info verbosity $ "Waiting for file lock on store entry "
                                ++ prettyShow compid </> prettyShow unitid
                  fdLock fd ExclusiveLock
              return fd

          -- if there's no locking, do nothing. Be careful on AIX.
          | otherwise = return undefined -- :(

      releaseLock fd
          | fileLockingSupported = do
              fdUnlock fd
              fdClose fd
          | otherwise = return ()
#else
      takeLock = do
        h <- openFile (storeIncomingLock compiler unitid) ReadWriteMode
        -- First try non-blocking, but if we would have to wait then
        -- log an explanation and do it again in blocking mode.
        gotlock <- hTryLock h ExclusiveLock
        unless gotlock $ do
          info verbosity $ "Waiting for file lock on store entry "
                        ++ prettyShow compid </> prettyShow unitid
          hLock h ExclusiveLock
        return h

      releaseLock h = hUnlock h >> hClose h
#endif