bug#46397: 27.1; Cannot delete buffer pointing to a file in a path that includes a file

[Eli Zaretskii <eliz@gnu.org>]

> From: Matt Armstrong <matt@rfc20.org>
> Cc: 46397@debbugs.gnu.org, eggert@cs.ucla.edu, craven@gmx.net
> Date: Fri, 05 Mar 2021 14:19:53 -0800
> 
> > As for the tests you posted: too many of them rely on Posix file
> > modes, and thus will probably either fail or be unable to provide
> > meaningful testing on MS-Windows.  Can we please augment that by tests
> > that create unlocking problems by, e.g., running a shell command to
> > remove or rename or otherwise sabotage the lock file, so that the new
> > functionality could be meaningfully tested on Windows as well?
> 
> I have not been able to come up with a way to achieve what you ask for.

I'm not yet sure I understand why.  I ask several questions about this
below.

> Another issue is that the lock file is typicaly a symbolink link, and
> operating systems typically ignore file modes on symbolic links

On MS-Windows, lock files aren't symlinks, they are regular files.
You should be able to see that in filelock.c.

> so it
> is hard to put the lock file itself into an "invalid" state --
> i.e. where simply attempting to access or delete it generates a file
> system level error.  This is why I resorted to modifying file modes on
> the containing directory -- attemps to remove or access files in such a
> directory do reliably generate errors (on POSIX systems).

I'm asking what is the difference, from the file-locking POV, between
an inaccessible directory and a directory that doesn't exist?  in both
cases, the directory and a lock file inside it are "inaccessible",
right?  So would we be able to make the same or similar tests by
deleting or renaming the directory with the lock file, as we do by
making the directory inaccessible?

> What I've done is make the tests skip themselves when `set-file-mode' on
> the test's temporary directory appears to not work.  When I test this on
> an ext2 file system the tests complete.  When I test this on a FAT and
> NTFS file system (set up as a ramdisk on GNU/Linux), the tests skip
> themselves.

That's exactly the issue: I'd like the tests to not be skipped on
Windows, at least some of them, so that the underlying functionality
could be tested there as well.

> +(defvar filelock-tests-temporary-file-directory nil
> +  "The directory for writing temporary files in filelock tests.
> +This is used by the function
> +`filelock-tests--make-temp-directory' to override the value of
> +the variable `temporary-file-directory'.")

Is this meant to be used to debug the tests?  If so, I suggest to
mention that, and the reason for overriding temporary-file-directory,
in the doc string.

> +(defun filelock-tests--make-temp-directory ()
> +  "Create and return the name of a temporary directory.
> +The caller should delete the directory."
> +  (let ((temporary-file-directory (or filelock-tests-temporary-file-directory
> +                                      temporary-file-directory)))
> +    (make-temp-file "test" t)))

Please use a name that is more indicative of this test, so that the
directory could be more easily spotted.

> +            (set-file-modes temp-dir (logior #o700 (file-modes temp-dir)))
> +            (set-buffer-modified-p nil)))
> +      (delete-directory temp-dir t nil))))

Should these be inside ignore-errors?  Or do you _want_ them to signal
errors if something goes wrong with the underlying file I/O calls?

> +(ert-deftest filelock-tests-lock-unlock-no-errors ()
> +  "Check that locking and unlocking works without error."
> +  (filelock-tests--fixture
> +   (lambda (_)
> +     (should (not (file-locked-p (buffer-file-name))))

ert has 'should-not', why don't you use it (here and elsewhere)?

> +(ert-deftest filelock-tests-lock-buffer-permission-denied ()
> +  "Check that locking a buffer in a directory with no write
> +permissions does not work."
> +  (filelock-tests--fixture
> +   (lambda (temp-dir)
> +     (should (not (file-locked-p (buffer-file-name))))
> +
> +     (let ((original-modes (file-modes temp-dir)))
> +       (skip-unless (filelock-tests--make-file-inaccessible temp-dir))
> +       ;; FIXME: file system errors when locking a file are ignored;
> +       ;; should they be?
> +       (insert "this locks the current buffer's file")
> +       (set-file-modes temp-dir original-modes))
> +
> +     (should (not (file-locked-p (buffer-file-name)))))))

Would this test work if, instead of making the directory inaccessible,
you renamed it to another name (and then renamed back)?  If not, why
not?

> +(ert-deftest filelock-tests-file-locked-p-permission-denied ()
> +  "Check that `file-locked-p' fails if the directory is inaccesible."
> +  (filelock-tests--fixture
> +   (lambda (temp-dir)
> +     (skip-unless (filelock-tests--make-file-inaccessible temp-dir))
> +
> +     (let ((err (should-error (file-locked-p (buffer-file-name)))))
> +       (should (equal (cl-subseq err 0 2)
> +                      '(file-error "Testing file lock")))))))

cl-subseq needs to require cl-extra, AFAICT.

> +     ;; Kill the current buffer even if it is modified.  Use advice to
> +     ;; fake a "yes" answer for the "Buffer modified; kill anyway?"

You don't need to use advice-add, you can simply override the
definition of yes-or-no-p.

Thanks.