-
Notifications
You must be signed in to change notification settings - Fork 22
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Operations on deleted FileHandles/DirectoryHandles #39
Comments
Also don't forget we could have handles in both MainThread and in workers to the same object, and delete it from either |
SyncAccessHandles grab an exclusive lock on a file, so
The proposed As for the other async operations, |
removeEntry() does not (in the spec currently) take a shared lock on the object being removed. Whether it takes a lock in Chrome at the moment isn't the question. We need to decide what sort of API we want here (linux-style, access is still possible even if removed, or windows-style, can't remove if open). What we appear to have now is neither - errors are returned after removal. Most of this issue was around "what happens if we have a FileSystemFileHandle or FileSystemDirectoryHandle, and some other operation removeEntry()'s them." A FileSystemFileHandle/FileSystemDirectoryHandle don't hold any sort of lock per spec, only FileSystemSyncAccessHandles and FileSystemWritableFileStreams |
I'm going to assume we should take an exclusive lock, and if that fails return InvalidModification |
removeEntry() currently takes a shared lock to allow for removal of a file with an open writable. Taking an exclusive lock makes the behavior consistent with move() and remove(), the other file-altering operations. Discussed in whatwg/fs#39 TODO: link blink-dev PSA Fixed: 1254078 Change-Id: I5d471405d65f4d1920e7f0dfe9c783a4038e63e3
Re TPAC discussion about deleting/moving files with handles: What are FileHandles/DirectoryHandles? If you argue they are abstract paths, then deleting the underlying file/directory would cause an error if we try to use the handle, and if we were to move the file/directory, we'd also get an error (unless we moved another file into the spot first). (I believe Chrome has implemented this.) If you argue they are references to objects resolved at creation time, then deleting the underlying file (from the owning directory) will cause an error if we try to use the file. On the other hand, if we move the file/directory, one would expect that the File/Directory handle would still be usable (and if you call resolve() on it you'd get the new path). (Right now Firefox does this; the internal DB id's are stable across rename.) So, which is it? I should note that the fact that createFileHandle() takes a create: true option (and fails without that if it doesn't exist) implies that it's not purely an abstract path. Note another option for remove(): if this was unix-posix-like semantics, removing a file with an active reference would not impact the ability to use existing handles to the removed item. Once we have a final decision on this, we need to adjust all the spec language to specify what happens in these cases. |
removeEntry() currently takes a shared lock to allow for removal of a file with an open writable. Taking an exclusive lock makes the behavior consistent with move() and remove(), the other file-altering operations. Discussed in whatwg/fs#39 TODO: link blink-dev PSA Fixed: 1254078 Change-Id: I5d471405d65f4d1920e7f0dfe9c783a4038e63e3
removeEntry() currently takes a shared lock to allow for removal of a file with an open writable. Taking an exclusive lock makes the behavior consistent with move() and remove(), the other file-altering operations. Discussed in whatwg/fs#39 TODO: link blink-dev PSA Fixed: 1254078 Change-Id: I5d471405d65f4d1920e7f0dfe9c783a4038e63e3
removeEntry() currently takes a shared lock to allow for removal of a file with an open writable. Taking an exclusive lock makes the behavior consistent with move() and remove(), the other file-altering operations. Discussed in whatwg/fs#39 Also updates the FSUnderlyingSink to reset its mojo connection when the stream reaches an errored state. WritableStreams are no longer usable after an error, so resetting the remote releases the corresponding file lock held in the browser. TODO: link blink-dev PSA Fixed: 1254078, 1380650 Change-Id: I5d471405d65f4d1920e7f0dfe9c783a4038e63e3
removeEntry() currently takes a shared lock to allow for removal of a file with an open writable. Taking an exclusive lock makes the behavior consistent with move() and remove(), the other file-altering operations. Discussed in whatwg/fs#39 Also updates the FSUnderlyingSink to reset its mojo connection when the stream reaches an errored state. WritableStreams are no longer usable after an error, so resetting the remote releases the corresponding file lock held in the browser. TODO: link blink-dev PSA Fixed: 1254078, 1380650 Change-Id: I5d471405d65f4d1920e7f0dfe9c783a4038e63e3
removeEntry() currently takes a shared lock to allow for removal of a file with an open writable. Taking an exclusive lock makes the behavior consistent with move() and remove(), the other file-altering operations. Discussed in whatwg/fs#39 Also updates the FSUnderlyingSink to reset its mojo connection when the stream reaches an errored state. WritableStreams are no longer usable after an error, so resetting the remote releases the corresponding file lock held in the browser. blink-dev PSA: https://groups.google.com/a/chromium.org/g/blink-dev/c/ddrh_bI1stY Fixed: 1254078, 1380650 Change-Id: I5d471405d65f4d1920e7f0dfe9c783a4038e63e3 Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/3817911 Commit-Queue: Austin Sullivan <[email protected]> Reviewed-by: Daseul Lee <[email protected]> Cr-Commit-Position: refs/heads/main@{#1074250}
removeEntry() currently takes a shared lock to allow for removal of a file with an open writable. Taking an exclusive lock makes the behavior consistent with move() and remove(), the other file-altering operations. Discussed in whatwg/fs#39 Also updates the FSUnderlyingSink to reset its mojo connection when the stream reaches an errored state. WritableStreams are no longer usable after an error, so resetting the remote releases the corresponding file lock held in the browser. blink-dev PSA: https://groups.google.com/a/chromium.org/g/blink-dev/c/ddrh_bI1stY Fixed: 1254078, 1380650 Change-Id: I5d471405d65f4d1920e7f0dfe9c783a4038e63e3 Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/3817911 Commit-Queue: Austin Sullivan <[email protected]> Reviewed-by: Daseul Lee <[email protected]> Cr-Commit-Position: refs/heads/main@{#1074250}
removeEntry() currently takes a shared lock to allow for removal of a file with an open writable. Taking an exclusive lock makes the behavior consistent with move() and remove(), the other file-altering operations. Discussed in whatwg/fs#39 Also updates the FSUnderlyingSink to reset its mojo connection when the stream reaches an errored state. WritableStreams are no longer usable after an error, so resetting the remote releases the corresponding file lock held in the browser. blink-dev PSA: https://groups.google.com/a/chromium.org/g/blink-dev/c/ddrh_bI1stY Fixed: 1254078, 1380650 Change-Id: I5d471405d65f4d1920e7f0dfe9c783a4038e63e3 Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/3817911 Commit-Queue: Austin Sullivan <[email protected]> Reviewed-by: Daseul Lee <[email protected]> Cr-Commit-Position: refs/heads/main@{#1074250}
…e lock, a=testonly Automatic update from web-platform-tests FSA: Make removeEntry() take an exclusive lock removeEntry() currently takes a shared lock to allow for removal of a file with an open writable. Taking an exclusive lock makes the behavior consistent with move() and remove(), the other file-altering operations. Discussed in whatwg/fs#39 Also updates the FSUnderlyingSink to reset its mojo connection when the stream reaches an errored state. WritableStreams are no longer usable after an error, so resetting the remote releases the corresponding file lock held in the browser. blink-dev PSA: https://groups.google.com/a/chromium.org/g/blink-dev/c/ddrh_bI1stY Fixed: 1254078, 1380650 Change-Id: I5d471405d65f4d1920e7f0dfe9c783a4038e63e3 Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/3817911 Commit-Queue: Austin Sullivan <[email protected]> Reviewed-by: Daseul Lee <[email protected]> Cr-Commit-Position: refs/heads/main@{#1074250} -- wpt-commits: 703f1c81703c7014b0515518bc8467870ef8ec0e wpt-pr: 35407
…e lock, a=testonly Automatic update from web-platform-tests FSA: Make removeEntry() take an exclusive lock removeEntry() currently takes a shared lock to allow for removal of a file with an open writable. Taking an exclusive lock makes the behavior consistent with move() and remove(), the other file-altering operations. Discussed in whatwg/fs#39 Also updates the FSUnderlyingSink to reset its mojo connection when the stream reaches an errored state. WritableStreams are no longer usable after an error, so resetting the remote releases the corresponding file lock held in the browser. blink-dev PSA: https://groups.google.com/a/chromium.org/g/blink-dev/c/ddrh_bI1stY Fixed: 1254078, 1380650 Change-Id: I5d471405d65f4d1920e7f0dfe9c783a4038e63e3 Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/3817911 Commit-Queue: Austin Sullivan <[email protected]> Reviewed-by: Daseul Lee <[email protected]> Cr-Commit-Position: refs/heads/main@{#1074250} -- wpt-commits: 703f1c81703c7014b0515518bc8467870ef8ec0e wpt-pr: 35407
I know that this issue has been inactive for a while now (and that's partly on me - it's quite dependent on #59 and I've been meaning to send an update on that issue for a while) but a WPT was recently updated to assert that One of the key motivating use cases for the
Now that My understanding of the counter-arguments are:
Perhaps we need a more explicit way to re-create a file from a handle other than |
cc @whatwg/fs |
To give some other updates on this issue...
As of web-platform-tests/wpt#35407,
Outside of the OPFS, a multiple sites may have handles corresponding to the same file. This means a site could be prevented from actually deleting a file is another site happens to have a handle, which is confusing and frustrating for developers. Even if we ignore this and only look at the OPFS, I expect developers to expect that We could consider adding a flag to |
Some more updates on this issue... This core question of this issue was addressed by #96, which clarified that a From my perspective, there are still a few open related questions, which I've filed separate issues to discuss:
Closing this issue for now, but please re-open if there is more to discuss! |
While the WPT tests appear to test a few things with deleted File/Directory handles (like that values() on a deleted directory returns NotFoundError), there's no spec text that I see to specify what happens to an existing File/DirectoryHandle when it's removeEntry()'d from it's parent. Ditto SyncAccessHandles.
Also: what happens if an async method is still in progress?
The text was updated successfully, but these errors were encountered: