proposal: syscall: define Windows O_ALLOW_DELETE for use in os.OpenFile

[rsc]

The discussion on #32088 has so far been unable to reach consensus on setting FILE_SHARE_DELETE unconditionally in os.OpenFile. Right now it looks likely to be declined, possibly revisited in a few years.

In the interim, it is more difficult on Windows than on Unix to pass an extra flag to open a file with package syscall. syscall.Open takes fake O_* flags, not actual Windows permission bits. It wraps syscall.CreateFile, but it does a lot of argument preparation before making that call:

// package syscall

func Open(path string, mode int, perm uint32) (fd Handle, err error) {
	if len(path) == 0 {
		return InvalidHandle, ERROR_FILE_NOT_FOUND
	}
	pathp, err := UTF16PtrFromString(path)
	if err != nil {
		return InvalidHandle, err
	}
	var access uint32
	switch mode & (O_RDONLY | O_WRONLY | O_RDWR) {
	case O_RDONLY:
		access = GENERIC_READ
	case O_WRONLY:
		access = GENERIC_WRITE
	case O_RDWR:
		access = GENERIC_READ | GENERIC_WRITE
	}
	if mode&O_CREAT != 0 {
		access |= GENERIC_WRITE
	}
	if mode&O_APPEND != 0 {
		access &^= GENERIC_WRITE
		access |= FILE_APPEND_DATA
	}
	sharemode := uint32(FILE_SHARE_READ | FILE_SHARE_WRITE)
	var sa *SecurityAttributes
	if mode&O_CLOEXEC == 0 {
		sa = makeInheritSa()
	}
	var createmode uint32
	switch {
	case mode&(O_CREAT|O_EXCL) == (O_CREAT | O_EXCL):
		createmode = CREATE_NEW
	case mode&(O_CREAT|O_TRUNC) == (O_CREAT | O_TRUNC):
		createmode = CREATE_ALWAYS
	case mode&O_CREAT == O_CREAT:
		createmode = OPEN_ALWAYS
	case mode&O_TRUNC == O_TRUNC:
		createmode = TRUNCATE_EXISTING
	default:
		createmode = OPEN_EXISTING
	}
	h, e := CreateFile(pathp, access, sharemode, sa, createmode, FILE_ATTRIBUTE_NORMAL, 0)
	return h, e
}

A direct call to syscall.CreateFile would have to duplicate all that code.

A direct call to syscall.Open would still lose out on the adjustments made inside os.Open, most importantly the call to fixLongPath:

// package os

func openFile(name string, flag int, perm FileMode) (file *File, err error) {
	r, e := syscall.Open(fixLongPath(name), flag|syscall.O_CLOEXEC, syscallMode(perm))
	if e != nil {
		return nil, e
	}
	return newFile(r, name, "file"), nil
}

If package syscall on Windows defined a bit O_ALLOW_DELETE (maybe 0x100000), then syscall.Open could convert that bit into FILE_SHARE_DELETE. Then it would be easy for calls to either syscall.Open or os.OpenFile to cause the underlying call to use FILE_SHARE_DELETE if they really needed it.

This proposal assumes #32088 is declined. It should be considered withdrawn if #32088 is accepted.

[networkimprov]

I would call this O_ALLOW_RENAME since that's the most common use of the flag. I'd also define it in package "os" so users don't need to write an open wrapper (with multiple implementations) and remember to always invoke that instead of os.OpenFile().

One may also wish to switch off FILE_SHARE_READ & _WRITE to prevent another caller from inadvertently blocking rename/delete by opening the file.

[ianlancetaylor]

Whatever the name, it's worth asking whether the new name should be defined on non-Windows systems, presumably with the value 0. The advantage of doing that would be that people who want to run on all systems could use the flag without relying on build tags. The disadvantage would be a flag that is odd and ineffective on non-Windows systems; on the other hand, that is already true of O_SYNC, or O_APPEND|O_WRONLY, on Windows systems.

[thaJeztah]

Agreed with @ianlancetaylor, that would make maintenance easier without having to breaking up code to platform-specific implementations

[mattn]

I agree with iant. We should consider to portability of the code but the meenless flag should not be added to UNIX. If we don't add the new flag on UNIX, the code for Windows must be compiled with build constraints. i.e. it is same thing that providing windows.Open() from golang.org/x/sys/windows.

[thaJeztah]

@mattn slightly confused, you say you agree with @ianlancetaylor, but then continue that you don't want to add the new flag on UNIX(/non-Windows)?

[networkimprov]

@alexbrainman thoughts?

[mattn]

@thaJeztah I am simply considering for a reasonable and nondestructive way to make changes to the standard library. This proposal has a positive effect on Windows users, but it shows meaningless flag(s) to UNIX users.

[alexbrainman]

I think putting this functionality in a separate package works just fine (see #32088 (comment) for details). Why does it have to be in main Go repo?

If some insist, we could move that package somewhere under golang.ord/x/sys or x/exp.

Alex

[DmitriyMV]

@alexbrainman
Because code duplicates the one which is in standard library. I don't think that another hack floating around (with forks and duplicates) is a really good idea. If that code is changed in the future - all forks would have to update, which is never going to happen.

The simple answer is - code maintenance. This is relatively cheap change, which doesn't require a lot of support in the future. I think we should be decreasing surface for bugs - we were bitten by it (not changing things) in the past (leap second and time package).

@mattn

This proposal has a positive effect on Windows users, but it shows meaningless flag(s) to UNIX users.

Don't we already have some of those (meaningless flags) for Windows users, which are meaningful on UNIX? I don't think people would mind adding new flag to the os package. But if they do, I'm open for adding this to syscall.

[networkimprov]

@alexbrainman could you restate here, since the other issue is so long, why it is that you don't support this proposal?

[alexbrainman]

Because code duplicates the one which is in standard library.

Sure it does. Whole github.com/alexbrainman/goissue34681 package is 375 lines long including docs and tests. It took me around 1 hour to write - I copied os.Open and os.OpenFile, and then copied whatever was missing. It took me longer to write test. It just Go code, there is very little magic there.

I don't think that another hack floating around (with forks and duplicates) is a really good idea.

I am not proposing forks or duplicates. I propose you use github.com/alexbrainman/goissue34681 package. I am happy to move the package, if people have better suggestions.

If that code is changed in the future - all forks would have to update, which is never going to happen.

If correspondent os package code change in the future, and that change affects github.com/alexbrainman/goissue34681 , then sure someone will have to report bug and fix the code. We should have some tests in github.com/alexbrainman/goissue34681 and run them regularly. Just like another package. But, going by my experience, I don't think there will be many changes like that.

The simple answer is - code maintenance.

What is proposed in here is not maintenance free either.

This change is at the heart of os package. How would new flag interact with all other code? How will new flag work with directories? With symlinks? What about file symlinks vs directory symlinks? What about directory junctions? What about network shares? And this flag needs to be explained to every single Go user. Including novices and non-Windows users. Should we recommend that they use the flag or not? When? How would their decision would affect their users? Are they in a position to make that decision?

So far I have seen this flag used to open files so they can be moved or deleted. Therefore I created github.com/alexbrainman/goissue34681 package with just Open and OpenFile functions. These are simple replacement of os.Open and os.OpenFile. All your remaining code should not change. And the package should also work for non-Windows use - it just call os.Open and os.OpenFile for them. I think github.com/alexbrainman/goissue34681 package is easier to use then new os pack age flag.

I think users who need that functionality should try github.com/alexbrainman/goissue34681 package before we even discuss adding new flag to os package.

could you restate here, since the other issue is so long, why it is that you don't support this proposal?

See above paragraph.

Alex