sapling/eden/docs/InodeLocks.md

Inode-related Locks
-------------------

## InodeBase's `location_` lock:

No other locks should be acquired while holding this lock.
Two `location_` locks should never be held at the same time.

This field cannot be updated without holding both the EdenMount's rename lock
and the `location_` lock for the InodeBase in question.

Note that `InodeBase::getLogPath()` acquires `location_` locks.  This function
is used in log statements in many places, including in places where other locks
are held.  It is therefore important to ensure that the `location_` lock
remains at the very bottom of our lock-ordering stack.

## InodeMap `data_` lock:

No other locks should be acquired while holding this lock, apart from InodeBase
`location_` locks.  (InodeBase `location_` locks are only held with the
InodeMap lock already held for the purpose of calling `inode->getLogPath()` in
logging statements.)

In general it should only be held very briefly while doing lookups/inserts on
the map data structures.  Once we need to load an Inode the InodeMap lock is
released for the duration of the load operation itself.  It is re-acquired when
the load completes so we can insert the new Inode into the map.

## InodeMetadataTable `state_` lock:

No other locks should be acquired while holding this lock.

In general it should only be held very briefly while doing lookups/inserts on
InodeTable's index data structures.

## FileInode lock:

The InodeBase `location_` lock may be acquired while holding a FileInode's
lock.

## TreeInode `contents_` lock:

- The InodeMap lock may be acquired while holding a TreeInode's `contents_`
  lock.

- The InodeBase `location_` lock may be acquired while holding a TreeInode's
  `contents_` lock.

- A FileInode's lock may be acquired while holding its parent TreeInode's
  `contents_` lock.

In some situations the same thread acquires multiple `contents_` locks
together.

  - Some code paths hold a parent TreeInode's `contents_` lock while accessing
    its children, and then acquire a child TreeInode's `contents_` lock while
    still holding the parent TreeInode's lock.

  - The `rename()` code may hold up to 3 TreeInode locks.  It always holds the
    `contents_` lock on both the source TreeInode and the destination
    TreeInode.  Additionally, if the destination name refers to an existing
    TreeInode, the rename() holds its `contents_` lock as well, to ensure that
    it is empty, and to prevent new entries from being created inside this
    directory once the rename starts.

To prevent deadlocks, the lock ordering constraints for TreeInode `contents_`
are as follows:

- If you are not holding the mountpoint rename lock, you can only acquire
  a TreeInode `contents_` lock if the other `contents_` locks you are holding
  are for this TreeInode's immediate parents.  (e.g., if you are already
  holding another `contents_` lock it must be for this TreeInode's parent.  If
  you are holding two other `contents_` locks it must be for this TreeInode's
  parent and grandparent.)

  Note however that acquiring multiple TreeInode contents locks discouraged.
  When possible it is preferred to release the lock on the parent TreeInode
  before locking the child.  Acquiring locks on more than 2 levels of the tree
  hierarchy is technically safe from a lock ordering perspective, but is also
  strongly discouraged.

- If you are holding the mountpoint rename lock, it is safe to acquire multiple
  TreeInode locks at a time.  However, if there is an ancestor/child
  relationship between any of the TreeInode's, the ancestor lock must be
  acquired first.  This avoids lock ordering issues with other threads that are
  not holding the rename lock.  Among unrelated TreeInodes no particular
  ordering is required.

## EdenMount's rename lock:

This lock is a very high level lock in our lock ordering stack--it is
acquired before any other individual inode-specific locks.

This lock is held for the duration of a rename or unlink operation.  No
InodeBase `location_` fields may be updated without holding this lock.

## EdenMount's current snapshot lock:

This lock is also a very high level lock in our lock ordering stack.
It is acquired for the duration of any operation that updates the current
snapshot that is checked out.

Checkout operations acquire both the current snapshot lock and the rename lock.
The snapshot lock is always acquired before the rename lock.
add a document describing inode-related locks Summary: Add a document describing the various inode related locks and the order that they may be acquired. Reviewed By: bolinfest Differential Revision: D4356023 fbshipit-source-id: 44d4ade984f6cb49bb5f09deeeef0fd5439f129c 2016-12-23 05:13:09 +03:00			`Inode-related Locks`
			`-------------------`

			## InodeBase's `location_` lock:

			`No other locks should be acquired while holding this lock.`
			Two `location_` locks should never be held at the same time.

			`This field cannot be updated without holding both the EdenMount's rename lock`
			and the `location_` lock for the InodeBase in question.

			Note that `InodeBase::getLogPath()` acquires `location_` locks. This function
			`is used in log statements in many places, including in places where other locks`
			are held. It is therefore important to ensure that the `location_` lock
			`remains at the very bottom of our lock-ordering stack.`

			## InodeMap `data_` lock:

			`No other locks should be acquired while holding this lock, apart from InodeBase`
			`location_` locks. (InodeBase `location_` locks are only held with the
			InodeMap lock already held for the purpose of calling `inode->getLogPath()` in
update logging statements to use folly logging APIs Summary: Update eden to log via the new folly logging APIs rather than with glog. This adds a new --logging flag that takes a logging configuration string. By default we set the log level to INFO for all eden logs, and WARNING for everything else. (I suspect we may eventually want to run with some high-priority debug logs enabled for some or all of eden, but this seems like a reasonable default to start with.) Reviewed By: wez Differential Revision: D5290783 fbshipit-source-id: 14183489c48c96613e2aca0f513bfa82fd9798c7 2017-06-22 23:39:57 +03:00			`logging statements.)`
add a document describing inode-related locks Summary: Add a document describing the various inode related locks and the order that they may be acquired. Reviewed By: bolinfest Differential Revision: D4356023 fbshipit-source-id: 44d4ade984f6cb49bb5f09deeeef0fd5439f129c 2016-12-23 05:13:09 +03:00
			`In general it should only be held very briefly while doing lookups/inserts on`
			`the map data structures. Once we need to load an Inode the InodeMap lock is`
			`released for the duration of the load operation itself. It is re-acquired when`
			`the load completes so we can insert the new Inode into the map.`

store FileInode and TreeInode timestamps in the InodeTable Summary: Store tree and file timestamps in the InodeTable so they persist across runs. Reviewed By: simpkins Differential Revision: D6891479 fbshipit-source-id: 1c9e6266375aceeaf293a81e73cf7f5334dbc32d 2018-05-22 20:46:24 +03:00			## InodeMetadataTable `state_` lock:

			`No other locks should be acquired while holding this lock.`

			`In general it should only be held very briefly while doing lookups/inserts on`
			`InodeTable's index data structures.`

add a document describing inode-related locks Summary: Add a document describing the various inode related locks and the order that they may be acquired. Reviewed By: bolinfest Differential Revision: D4356023 fbshipit-source-id: 44d4ade984f6cb49bb5f09deeeef0fd5439f129c 2016-12-23 05:13:09 +03:00			`## FileInode lock:`

			The InodeBase `location_` lock may be acquired while holding a FileInode's
			`lock.`

			## TreeInode `contents_` lock:

			- The InodeMap lock may be acquired while holding a TreeInode's `contents_`
			`lock.`

			- The InodeBase `location_` lock may be acquired while holding a TreeInode's
			`contents_` lock.

			`- A FileInode's lock may be acquired while holding its parent TreeInode's`
			`contents_` lock.

always load affected inodes in rename(), and update lock ordering Summary: This updates the TreeInode::rename() code to handle concurrency better. In particular: - The code now ensures that both the source inode being renamed and destination inode (if it exists) are loaded. This simplifies issues when an inode is being loaded at the same time a rename is in progress. This ensures that any pending load is processed before the rename takes place. (All promises for the load might not be fulfilled before the rename completes, but the relevant TreeInode and InodeMap data structures are updated before the rename occurs.) This does mean that the rename code potentially might have to retry several times if the inode it began loading is no longer the affected source or destination or child once the load completes. However, this seems like a reasonable trade-off, compared to dealing with the complications that would arise with the load code having to handle renames occuring before load completion. - The code now implements proper lock ordering, to avoid acquiring locks in conflicting orders that might cause deadlock with other threads also trying to acquire the same locks. The InodeLocks.md document has been updated to clarify the TreeInode lock ordering requirements. Reviewed By: wez Differential Revision: D4493526 fbshipit-source-id: 627393fafad90eb551aea62be7762d59ed043abe 2017-02-04 05:34:27 +03:00			In some situations the same thread acquires multiple `contents_` locks
			`together.`

			- Some code paths hold a parent TreeInode's `contents_` lock while accessing
			its children, and then acquire a child TreeInode's `contents_` lock while
			`still holding the parent TreeInode's lock.`

			- The `rename()` code may hold up to 3 TreeInode locks. It always holds the
			`contents_` lock on both the source TreeInode and the destination
			`TreeInode. Additionally, if the destination name refers to an existing`
			TreeInode, the rename() holds its `contents_` lock as well, to ensure that
			`it is empty, and to prevent new entries from being created inside this`
			`directory once the rename starts.`

			To prevent deadlocks, the lock ordering constraints for TreeInode `contents_`
			`are as follows:`

			`- If you are not holding the mountpoint rename lock, you can only acquire`
			a TreeInode `contents_` lock if the other `contents_` locks you are holding
			`are for this TreeInode's immediate parents. (e.g., if you are already`
			holding another `contents_` lock it must be for this TreeInode's parent. If
			you are holding two other `contents_` locks it must be for this TreeInode's
			`parent and grandparent.)`

			`Note however that acquiring multiple TreeInode contents locks discouraged.`
			`When possible it is preferred to release the lock on the parent TreeInode`
			`before locking the child. Acquiring locks on more than 2 levels of the tree`
			`hierarchy is technically safe from a lock ordering perspective, but is also`
			`strongly discouraged.`

			`- If you are holding the mountpoint rename lock, it is safe to acquire multiple`
			`TreeInode locks at a time. However, if there is an ancestor/child`
			`relationship between any of the TreeInode's, the ancestor lock must be`
			`acquired first. This avoids lock ordering issues with other threads that are`
			`not holding the rename lock. Among unrelated TreeInodes no particular`
			`ordering is required.`
add a document describing inode-related locks Summary: Add a document describing the various inode related locks and the order that they may be acquired. Reviewed By: bolinfest Differential Revision: D4356023 fbshipit-source-id: 44d4ade984f6cb49bb5f09deeeef0fd5439f129c 2016-12-23 05:13:09 +03:00
			`## EdenMount's rename lock:`

implement EdenMount::checkout() Summary: This is the initial code for implementing checkout. This isn't quite 100% implemented yet, but I think it's worth checking in this code as-is, and getting the remaining functionality done in separate diffs. In particular, a few operations aren't implemented: - Removing a directory that was deleted in the new revision - Replacing a directory that was replaced with a file or symlink in the new revision - When doing a forced update, replacing a file or directory that did not exist in the old revision, but that was created locally in the working directory, and also exists in the new revision. Reviewed By: wez Differential Revision: D4538516 fbshipit-source-id: 5bb4889b02f23ab2048fcae2c8b7614340181aa6 2017-02-16 07:31:48 +03:00			`This lock is a very high level lock in our lock ordering stack--it is`
			`acquired before any other individual inode-specific locks.`
add a document describing inode-related locks Summary: Add a document describing the various inode related locks and the order that they may be acquired. Reviewed By: bolinfest Differential Revision: D4356023 fbshipit-source-id: 44d4ade984f6cb49bb5f09deeeef0fd5439f129c 2016-12-23 05:13:09 +03:00
			`This lock is held for the duration of a rename or unlink operation. No`
			InodeBase `location_` fields may be updated without holding this lock.
implement EdenMount::checkout() Summary: This is the initial code for implementing checkout. This isn't quite 100% implemented yet, but I think it's worth checking in this code as-is, and getting the remaining functionality done in separate diffs. In particular, a few operations aren't implemented: - Removing a directory that was deleted in the new revision - Replacing a directory that was replaced with a file or symlink in the new revision - When doing a forced update, replacing a file or directory that did not exist in the old revision, but that was created locally in the working directory, and also exists in the new revision. Reviewed By: wez Differential Revision: D4538516 fbshipit-source-id: 5bb4889b02f23ab2048fcae2c8b7614340181aa6 2017-02-16 07:31:48 +03:00
			`## EdenMount's current snapshot lock:`

			`This lock is also a very high level lock in our lock ordering stack.`
			`It is acquired for the duration of any operation that updates the current`
			`snapshot that is checked out.`

			`Checkout operations acquire both the current snapshot lock and the rename lock.`
			`The snapshot lock is always acquired before the rename lock.`