Describe more platform-specific behaviors of std::fs::rename

[barosl]

I did some tests myself regarding the situation when both from and to exist, and the results were:

On Linux:

from	to	Result
Directory	Directory	Ok
Directory	File	Error
File	Directory	Error
File	File	Ok

On Windows:

from	to	Result
Directory	Directory	Error
Directory	File	Ok
File	Directory	Error
File	File	Ok

This is a bit against the official MSDN documentation, which says "(MOVEFILE_REPLACE_EXISTING) cannot be used if lpNewFileName or lpExistingFileName names a directory." As evidenced above, lpExistingFileName can be a directory.

I also mentioned the atomicity of the operation.

Fixes #31301.

[rust-highfive]

r? @brson

(rust_highfive has picked a reviewer for you, use r? to override)

[retep998]

While MSDN doesn't explicitly say it is atomic, it is effectively atomic on Windows since we don't pass MOVEFILE_COPY_ALLOWED.

[barosl]

@retep998 I couldn't be sure if the operation of replacing the old, existing file can also be considered "effectively atomic". I mean, wouldn't there be a possibility that MOVEFILE_REPLACE_EXISTING is internally implemented as "if lpNewFileName already points to a file, remove it; then continue renaming"? Are you certain that the case is also OK? I've searched the web but some people believe it is atomic, but some others claim it isn't...

There's also an API named MoveFileTransacted, but strangely MS wants to make it obsolete...

[retep998]

It is atomic in the sense that at point A the file is not at the destination, at point B the file is at at the destination, and there is no point C in between those two points where you could possibly see something else, at least for NTFS anyway. Not sure about FAT.

[barosl]

@retep998 What I wondered is if there are two files named a.txt and b.txt, and one tries to rename a.txt into b.txt, is there a point when b.txt is deleted first but a.txt is not yet renamed? If the system hangs at this point, even though the renaming isn't completed, b.txt is gone for nothing. I think if that is the case, it may not be considered atomic. But I don't know if that is the case. Does NTFS also guarantee this?

[retep998]

It should also be atomic in that sense, at least when running normally. I'm not sure if it is atomic with respect to system crashes and power failures, ideally Windows would take advantage of the change journal to rollback those incidents on next boot, but I just don't know. We'd need someone from Microsoft to confirm that.

[steveklabnik]

/cc @rust-lang/libs, are you happy with these docs?

[alexcrichton]

Seems fine to me, yes

[barosl]

I removed the mention of atomicity ("Also, the operation is guaranteed to be atomic on Unix. There's currently no such guarantee on Windows."). I guess it would be better to make it unspecified, until more concrete information is found.

r? @alexcrichton

[alexcrichton]

@bors: r+ bcbc9e5

Thanks!

[bors]

⌛ Testing commit bcbc9e5 with merge a4f781e...

[bors]

☀️ Test successful - auto-linux-32-nopt-t, auto-linux-32-opt, auto-linux-64-cargotest, auto-linux-64-debug-opt, auto-linux-64-nopt-t, auto-linux-64-opt, auto-linux-64-opt-mir, auto-linux-64-opt-rustbuild, auto-linux-64-x-android-t, auto-linux-64-x-armhf, auto-linux-64-x-armsf, auto-linux-64-x-freebsd, auto-linux-64-x-netbsd, auto-linux-cross-opt, auto-linux-musl-64-opt, auto-mac-32-opt, auto-mac-64-nopt-t, auto-mac-64-opt, auto-mac-64-opt-rustbuild, auto-mac-ios-opt, auto-win-gnu-32-nopt-t, auto-win-gnu-32-opt, auto-win-gnu-32-opt-rustbuild, auto-win-gnu-64-nopt-t, auto-win-gnu-64-opt, auto-win-msvc-32-opt, auto-win-msvc-64-cargotest, auto-win-msvc-64-opt, auto-win-msvc-64-opt-mir, auto-win-msvc-64-opt-rustbuild