rust-hdf5 0.2.15

Pure Rust HDF5 library with full read/write and SWMR support
Documentation 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283

//! OS-level advisory file locking for HDF5 files.
//!
//! Mirrors the locking semantics of the HDF5 C library:
//!
//! - A read-only opener takes a **shared** lock; multiple readers are allowed.
//! - A read/write opener takes an **exclusive** lock; conflicts with any
//!   other lock holder.
//! - SWMR writers initially take an exclusive lock and **release** it once
//!   SWMR mode starts so concurrent SWMR readers can attach. (We don't
//!   downgrade exclusive→shared on the same handle: Windows'
//!   `LockFileEx` is mandatory and a same-handle unlock+shared-relock
//!   leaves subsequent `WriteFile` calls failing with
//!   `ERROR_LOCK_VIOLATION`. The HDF5 C library similarly relies on the
//!   SWMR file-format sentinel rather than OS locks during streaming.)
//!
//! Locks are released automatically when the underlying [`std::fs::File`]
//! is dropped (i.e. when the [`crate::io::file_handle::FileHandle`] closes).
//!
//! Locking can be controlled via:
//! - The `HDF5_USE_FILE_LOCKING` environment variable (`TRUE` / `FALSE` /
//!   `BEST_EFFORT`).
//! - The [`FileLocking`] enum passed to a `*_with_locking` constructor or
//!   to [`crate::file::H5FileOptions`].

use std::fs::File;
use std::io;

/// Whether the file should be locked shared (multiple readers) or
/// exclusive (sole owner).
#[derive(Debug, Clone, Copy, PartialEq, Eq)]
pub enum LockMode {
    /// Shared lock — multiple holders allowed; conflicts with any
    /// exclusive lock.
    Shared,
    /// Exclusive lock — sole holder; conflicts with any shared or
    /// exclusive lock.
    Exclusive,
}

/// File-locking policy applied at file open time.
///
/// # Platform notes
///
/// On Unix (`flock(2)` / `fcntl(F_OFD_SETLK)`) the lock is **advisory**:
/// a handle without a lock can still read and write a file that another
/// handle has locked. Setting [`FileLocking::Disabled`] or
/// [`FileLocking::BestEffort`] therefore lets the opener bypass another
/// process's lock at the cost of safety.
///
/// On Windows (`LockFileEx`) the lock is **mandatory**: while one
/// handle holds an exclusive range lock, no other handle (regardless
/// of locking policy) can read or write that range — `WriteFile` and
/// `ReadFile` return `ERROR_LOCK_VIOLATION` (33). `Disabled` and
/// `BestEffort` only control whether *we* try to acquire a lock, not
/// whether the OS enforces locks held by other handles. The HDF5 C
/// library has the same limitation on Windows.
#[derive(Debug, Default, Clone, Copy, PartialEq, Eq)]
pub enum FileLocking {
    /// Acquire the lock; fail to open if it cannot be acquired
    /// (the HDF5 C-library default).
    #[default]
    Enabled,
    /// Skip locking entirely. On Windows, OS-level locks held by other
    /// handles still apply.
    Disabled,
    /// Try to acquire the lock; if the filesystem doesn't support
    /// locking (e.g. NFS), proceed without one. On Unix this also
    /// proceeds when the lock is contended; on Windows the resulting
    /// reads/writes still fail at the OS level if another handle holds
    /// a conflicting `LockFileEx` lock.
    BestEffort,
}

impl FileLocking {
    /// Returns the policy implied by the `HDF5_USE_FILE_LOCKING`
    /// environment variable, falling back to [`FileLocking::Enabled`].
    pub fn from_env() -> Self {
        Self::parse_env_value(std::env::var("HDF5_USE_FILE_LOCKING").ok().as_deref())
    }

    /// Returns the policy implied by the env var if set, otherwise `default`.
    pub fn from_env_or(default: FileLocking) -> Self {
        match std::env::var("HDF5_USE_FILE_LOCKING").ok().as_deref() {
            None => default,
            Some(v) => Self::parse_env_value(Some(v)),
        }
    }

    pub(crate) fn parse_env_value(value: Option<&str>) -> Self {
        match value {
            None => FileLocking::Enabled,
            Some(v) => {
                let trimmed = v.trim();
                if trimmed.eq_ignore_ascii_case("FALSE")
                    || trimmed == "0"
                    || trimmed.eq_ignore_ascii_case("OFF")
                    || trimmed.eq_ignore_ascii_case("NO")
                {
                    FileLocking::Disabled
                } else if trimmed.eq_ignore_ascii_case("BEST_EFFORT")
                    || trimmed.eq_ignore_ascii_case("BEST-EFFORT")
                    || trimmed.eq_ignore_ascii_case("BESTEFFORT")
                {
                    FileLocking::BestEffort
                } else {
                    // Any other value (TRUE/1/ON/YES or unrecognized) → enabled.
                    FileLocking::Enabled
                }
            }
        }
    }
}

/// Attempt to acquire the requested lock on `file`.
///
/// Returns `Ok(true)` if the lock was acquired, `Ok(false)` if locking
/// was skipped (policy = Disabled) or the attempt failed under
/// [`FileLocking::BestEffort`]. Returns `Err` only when policy is
/// [`FileLocking::Enabled`] and the lock could not be obtained.
///
/// On a `WouldBlock` response we retry briefly (about 100 ms total).
/// macOS in particular has been observed to surface a stale lock
/// state for a short window after the previous holder's `close(2)`,
/// so a quick retry distinguishes a transient release-pending race
/// from a real long-lived conflict without meaningfully slowing the
/// real-conflict path.
pub fn try_acquire(file: &File, mode: LockMode, policy: FileLocking) -> io::Result<bool> {
    if matches!(policy, FileLocking::Disabled) {
        return Ok(false);
    }

    const RETRY_ATTEMPTS: u32 = 10;
    const RETRY_SLEEP: std::time::Duration = std::time::Duration::from_millis(10);

    let mut attempt = match mode {
        LockMode::Shared => file.try_lock_shared(),
        LockMode::Exclusive => file.try_lock(),
    };
    for _ in 0..RETRY_ATTEMPTS {
        if !matches!(attempt, Err(std::fs::TryLockError::WouldBlock)) {
            break;
        }
        std::thread::sleep(RETRY_SLEEP);
        attempt = match mode {
            LockMode::Shared => file.try_lock_shared(),
            LockMode::Exclusive => file.try_lock(),
        };
    }

    match attempt {
        Ok(()) => Ok(true),
        Err(std::fs::TryLockError::WouldBlock) => match policy {
            FileLocking::Enabled => Err(io::Error::new(
                io::ErrorKind::WouldBlock,
                "unable to lock file: another process holds a conflicting lock",
            )),
            FileLocking::BestEffort => Ok(false),
            FileLocking::Disabled => unreachable!(),
        },
        Err(std::fs::TryLockError::Error(e)) => match policy {
            FileLocking::Enabled => Err(e),
            FileLocking::BestEffort => Ok(false),
            FileLocking::Disabled => unreachable!(),
        },
    }
}

/// Release any lock currently held on `file`. Safe to call when
/// no lock is held — the underlying syscall is idempotent in
/// practice on the platforms we target.
pub fn release(file: &File) -> io::Result<()> {
    file.unlock()
}

#[cfg(test)]
mod tests {
    use super::*;

    #[test]
    fn parse_env_value_defaults_to_enabled() {
        assert_eq!(FileLocking::parse_env_value(None), FileLocking::Enabled);
    }

    #[test]
    fn parse_env_value_recognizes_disabled() {
        for v in ["FALSE", "false", "0", "off", "no"] {
            assert_eq!(
                FileLocking::parse_env_value(Some(v)),
                FileLocking::Disabled,
                "value: {v}",
            );
        }
    }

    #[test]
    fn parse_env_value_recognizes_best_effort() {
        for v in ["BEST_EFFORT", "best_effort", "best-effort", "BestEffort"] {
            assert_eq!(
                FileLocking::parse_env_value(Some(v)),
                FileLocking::BestEffort,
                "value: {v}",
            );
        }
    }

    #[test]
    fn parse_env_value_recognizes_enabled() {
        for v in ["TRUE", "true", "1", "on", "yes", "garbage"] {
            assert_eq!(
                FileLocking::parse_env_value(Some(v)),
                FileLocking::Enabled,
                "value: {v}",
            );
        }
    }

    #[test]
    fn try_acquire_disabled_is_noop() {
        let dir =
            std::env::temp_dir().join(format!("rust_hdf5_lock_disabled_{}", std::process::id()));
        std::fs::create_dir_all(&dir).unwrap();
        let path = dir.join("noop.bin");
        let f = std::fs::File::create(&path).unwrap();
        let acquired = try_acquire(&f, LockMode::Exclusive, FileLocking::Disabled).unwrap();
        assert!(!acquired, "Disabled policy must not acquire a lock");
        let _ = std::fs::remove_dir_all(&dir);
    }

    #[test]
    fn try_acquire_exclusive_then_shared_fails() {
        let dir = std::env::temp_dir().join(format!("rust_hdf5_lock_excl_{}", std::process::id()));
        std::fs::create_dir_all(&dir).unwrap();
        let path = dir.join("conflict.bin");
        let f1 = std::fs::File::create(&path).unwrap();
        assert!(try_acquire(&f1, LockMode::Exclusive, FileLocking::Enabled).unwrap());
        let f2 = std::fs::OpenOptions::new().read(true).open(&path).unwrap();
        let res = try_acquire(&f2, LockMode::Shared, FileLocking::Enabled);
        assert!(res.is_err(), "expected lock conflict");
        // Best-effort should silently fall through.
        let res2 = try_acquire(&f2, LockMode::Shared, FileLocking::BestEffort).unwrap();
        assert!(!res2, "best-effort must report unsuccessful lock as false");
        release(&f1).unwrap();
        let _ = std::fs::remove_dir_all(&dir);
    }

    #[test]
    fn shared_locks_coexist() {
        let dir =
            std::env::temp_dir().join(format!("rust_hdf5_lock_shared_{}", std::process::id()));
        std::fs::create_dir_all(&dir).unwrap();
        let path = dir.join("shared.bin");
        std::fs::File::create(&path).unwrap();
        let f1 = std::fs::OpenOptions::new().read(true).open(&path).unwrap();
        let f2 = std::fs::OpenOptions::new().read(true).open(&path).unwrap();
        assert!(try_acquire(&f1, LockMode::Shared, FileLocking::Enabled).unwrap());
        assert!(try_acquire(&f2, LockMode::Shared, FileLocking::Enabled).unwrap());
        release(&f1).unwrap();
        release(&f2).unwrap();
        let _ = std::fs::remove_dir_all(&dir);
    }

    #[test]
    fn release_then_relock_works() {
        let dir =
            std::env::temp_dir().join(format!("rust_hdf5_lock_release_{}", std::process::id()));
        std::fs::create_dir_all(&dir).unwrap();
        let path = dir.join("release.bin");
        let f1 = std::fs::File::create(&path).unwrap();
        assert!(try_acquire(&f1, LockMode::Exclusive, FileLocking::Enabled).unwrap());
        // Release; another opener should now be able to take a fresh lock.
        release(&f1).unwrap();

        let f2 = std::fs::OpenOptions::new()
            .read(true)
            .write(true)
            .open(&path)
            .unwrap();
        assert!(try_acquire(&f2, LockMode::Exclusive, FileLocking::Enabled).unwrap());

        release(&f2).unwrap();
        let _ = std::fs::remove_dir_all(&dir);
    }
}