Apologies for the delay on this. Ludovic Courtès writes: > Hi, > > Caleb Ristvedt skribis: > >> with-temporary-store-file has a fundamental flaw: it assumes that if a >> temporary store file exists, is then added as a temporary root, and still >> exists, then it uniquely belongs to the current process. This is not always >> the case, because the only criteria used for choosing temporary file names is >> that they not be currently used and fit a certain template. This means it's >> entirely possible for another process to choose the same temporary file name >> if it doesn't exist at the time it chooses. > > Then what about simply adding the PID to the file name template? AFAIK that would work currently, though for the daemon we'd have to also include a fiber identifier. What concerns me is that I can't find any restrictions about the characters that mkstemp is allowed to use, so we'd have to enforce a consistent tempfile naming scheme. Admittedly, I spent 10 minutes trying to think of realistic ways in which collisions could still occur and couldn't come up with anything - the fact that the randomized portion is always the same length and at the end makes it quite difficult. It's worth noting that adding the PID (and fiber ID) to the template will only make it thread-safe, not reentrant. So with-temporary-store-file uses couldn't be nested - indeed, no temporary store files that use the same template could be safely created within the extent of with-temporary-store-file. We could add a parameter to track all the "reserved" filenames for the current dynamic state, but it seems like a lot of hassle, and there's still the risk that other temp-file-creating code could simply ignore it. I'd still prefer restore-to-temp-store-file for the stronger guarantees it gives. - reepca