Larry Osterman's WebLog : What's wrong with this code, part 9

Wednesday, February 09, 2005 9:33 AM LarryOsterman

What's wrong with this code, part 9 - File Copy

Yes, it's time for another "What's wrong with this code"...

Today's example of bad coding involves an attempt to speed up file copy operations by overlapping the read and write operations to the file. The theory is that the system can be reading from one part of the source file while its writing to another part of the destination.

To do this, the author of the code (ok, it was me, constructing a contrived example - this isn't The Daily WTF) tried (quite badly it turns out) to perform the file I/O by queueing the work to worker threads.

struct FileCopyBlock { LARGE_INTEGER fileDataOffset; DWORD readLength; HANDLE sourceHandle; HANDLE destinationHandle; PLARGE_INTEGER dataLengthWritten; }; const DWORD readChunkSize = 0x10000; DWORD WINAPI CopyFileDataChunk(LPVOID Context) { FileCopyBlock *dataBlock = (FileCopyBlock *)Context; BYTE *dataBuffer = new BYTE[dataBlock->readLength]; if (dataBuffer == NULL) { printf("Unable to allocate data block for copy\n"); exit(1); } if (!SetFilePointerEx(dataBlock->sourceHandle, dataBlock->fileDataOffset, NULL, FILE_BEGIN)) { printf("Unable to set current file position in source to %i64d: %d", dataBlock->fileDataOffset, GetLastError()); exit(1); } DWORD readLength; if (!ReadFile(dataBlock->sourceHandle, dataBuffer, dataBlock->readLength, &readLength, NULL)) { printf("Unable to read data from file: %d\n", GetLastError()); exit(1); } if (readLength != dataBlock->readLength) { printf("Unable to read all from file: %d\n", GetLastError()); exit(1); } if (!SetFilePointerEx(dataBlock->destinationHandle, dataBlock->fileDataOffset, NULL, FILE_BEGIN)) { printf("Unable to set current file position in destination to %i64d: %d\n", dataBlock->fileDataOffset, GetLastError()); exit(1); } DWORD writeLength; if (!WriteFile(dataBlock->destinationHandle, dataBuffer, dataBlock->readLength, &writeLength, NULL)) { printf("Unable to read data from file: %d\n", GetLastError()); exit(1); } if (writeLength != dataBlock->readLength) { printf("Unable to write all from file - out of disk space?\n"); exit(1); } // // Account for data read. // dataBlock->dataLengthWritten->QuadPart += dataBlock->readLength; // // Free our buffers // delete [] dataBuffer; delete dataBlock; return 0; } void MyCopyFile(LPCTSTR SourceFile, LPCTSTR DestinationFile) { HANDLE sourceHandle; HANDLE destinationHandle; sourceHandle = CreateFile(SourceFile, FILE_READ_DATA, 0, NULL, OPEN_EXISTING, FILE_ATTRIBUTE_NORMAL, NULL); if (sourceHandle == INVALID_HANDLE_VALUE) { printf("Error opening source: %d\n", GetLastError()); return; } destinationHandle = CreateFile(DestinationFile, FILE_WRITE_DATA, 0, NULL, CREATE_ALWAYS, FILE_ATTRIBUTE_NORMAL, sourceHandle); if (destinationHandle == INVALID_HANDLE_VALUE) { DWORD error = GetLastError(); CloseHandle(sourceHandle); printf("Error opening destination: %d\n", error); return; } LARGE_INTEGER fileSize; if (!GetFileSizeEx(sourceHandle, &fileSize)) { printf("Unable to get file size: %d\n", GetLastError()); CloseHandle(sourceHandle); CloseHandle(destinationHandle); return; } // // Break the read up to 64K chunks, queuing it to a worker thread to do the copy. // LARGE_INTEGER currentOffset; LARGE_INTEGER fileSizeRemaining; LARGE_INTEGER fileSizeCopied; fileSizeRemaining.QuadPart = fileSize.QuadPart; fileSizeCopied.QuadPart = 0; currentOffset.QuadPart = 0; while (fileSizeRemaining.QuadPart != 0) { FileCopyBlock *copyBlock = new FileCopyBlock; if (copyBlock == NULL) { printf("Unable to allocate copy block\n"); CloseHandle(sourceHandle); CloseHandle(destinationHandle); return; } if (fileSizeRemaining.QuadPart < readChunkSize) { copyBlock->readLength = fileSizeRemaining.LowPart; } else { copyBlock->readLength = readChunkSize; } copyBlock->fileDataOffset = currentOffset; copyBlock->sourceHandle = sourceHandle; copyBlock->destinationHandle = destinationHandle; copyBlock->dataLengthWritten = &fileSizeCopied; currentOffset.QuadPart += copyBlock->readLength; fileSizeRemaining.QuadPart -= copyBlock->readLength; QueueUserWorkItem(CopyFileDataChunk, copyBlock, WT_EXECUTEINIOTHREAD); } while (fileSizeCopied.QuadPart != fileSize.QuadPart) { Sleep(100); } CloseHandle(sourceHandle); CloseHandle(destinationHandle); }

Clearly this isn't a real world example. For starters, there is essentially no error recovery - this is by design and is not a bug - adding in real code to handle the errors would make this example even longer than it currently is. So errors are simply handled with exit(1).

In addition, the code to handle the end of read (sleeping 100) is indescribably cheesy - it's horribly inefficient and defeats the primary purpose of making the I/O overlapped - if you time this file copy routine, it will always take a multiple of 100ms because of the sleep - which wastes a lot of time on small files.

The code also doesn't handle ACLs and alternate data streams (although it should handle file attributes and EAs). This is also not a bug. And the file always creates the destination even if it exists, again, that's by design.

But even with all these caveats, there are still at least five major bugs in this code. Three of them are serious design flaws, one is a complicated implementation issue, and the other one of them is a simple implementation issue.

The fascinating thing about this is that even with these flaws, the code works just fine in many cases - I was unable to introduce the failure using my test harness, even though the errors are quite fundamental.

As always, tomorrow will be the answers and kudos for those who found the problem (and those who found problems I missed while testing this).

Filed under: Things you shouldn't do.

Comments

# re: What's wrong with this code, part 9 - File Copy

Wednesday, February 09, 2005 10:10 AM by B.Y.

Well I can see:
1. No error checking on QueueUserWorkItem() call.
2. Unsynchronized file access from multiple threads (set pointer, read, write).
3. Unsynchronized access to *dataLengthWritten / fileSizeCopied.
4. If the while loop returns, fileSizeCopied goes out of scope. If this happens just before one or more threads execute:

dataBlock->dataLengthWritten ->
QuadPart += dataBlock
->readLength;

stack is trashed.
5. Creating a thread to read and write 64K is really bad. It's better to have one read thread and one write thread.

# re: What's wrong with this code, part 9 - File Copy

Wednesday, February 09, 2005 10:11 AM by Skywing

The first thing that comes to mind is no synchronization with the number of bytes written.

# re: What's wrong with this code, part 9 - File Copy

Wednesday, February 09, 2005 10:13 AM by Larry Osterman

B.Y. #1 is one I missed :(
#2 is the complicated issue.
#3 is the simple coding issue
#4 can't happen - the loop doesn't execute until after all the threads have completed their reads and updated their value.

And #5 touches on one of of the design issues... But not clearly - there's an explicit reason why its bad.

# re: What's wrong with this code, part 9 - File Copy

Wednesday, February 09, 2005 10:32 AM by Stuart Ballard

Is it going to create horribly fragmented files if a block late in the file is written before the earlier blocks?

(I'm not personally familiar with the APIs you're using and most of my own coding is in C#, so I'm guessing as to the behavior of, particularly, the SetFilePointerEx() function)

# re: What's wrong with this code, part 9 - File Copy

Wednesday, February 09, 2005 10:42 AM by Larry Osterman

Stuart, yes, possibly - not likely, but possibly. The original concept for the code had a call to SetFIlePositionEx on the destination to match the size of the source file but I pulled it to conserve space.

That would have avoided the issue completely (because the SetFilePositionEx would have extended the file and ensured that the file had storage reserved on the destination).

# re: What's wrong with this code, part 9 - File Copy

Wednesday, February 09, 2005 10:47 AM by B.Y.

#4: the first while loop returns if "new FileCopyBlock" returns NULL.

# re: What's wrong with this code, part 9 - File Copy

Wednesday, February 09, 2005 10:49 AM by Larry Osterman

B.Y. - Ah, I missed that - you're right, it should be exit(1) in that failure case (which makes the corruption moot).

# re: What's wrong with this code, part 9 - File Copy

Wednesday, February 09, 2005 11:03 AM by Harald

Alternate data streams don't get copied (:Zone.Identifier:$DATA gets lost)

The slow part, when copying files are the disks. The code converts a sequentiell access pattern to a possibly random pattern.

The whole code does not have any benefit over using the api CopyFile/CopyFileEx that does not have the problems metioned above.

# re: What's wrong with this code, part 9 - File Copy

Wednesday, February 09, 2005 11:19 AM by Paul Winwood

I think FILE_READ_DATA should be GENERIC_READ because GetFileSizeEx requires GENERIC_READ.
I would not use FILE_READ_DATA with CreateFile as its only documented for ZwCreateFile().

# re: What's wrong with this code, part 9 - File Copy

Wednesday, February 09, 2005 11:37 AM by Larry Osterman

Harald, I did mention that alternate data streams got lost and that it wasn't one of the bugs.

On the other hand, your second point is 100% spot on, it hits on two of the major issues with this code.

Paul: Are you sure? If GetFileSize requires FILE_READ_ATTRIBUTES, then the GetFileSizeEx call should be replaced with SetFilePointerEx(handle, 0, SEEK_END), since it returns the same information.

# re: What's wrong with this code, part 9 - File Copy

Wednesday, February 09, 2005 11:55 AM by Paul Winwood

Ah! You are right GENERIC_READ is the miniumum for 9x/Me only.
Of course the advantage of GetFileSize(Ex) is that it does not move the current position.

# re: What's wrong with this code, part 9 - File Copy

Wednesday, February 09, 2005 12:12 PM by B.Y.

I guess you really just need two buffers and use overlapped read and write from your main thread, but I think this is an advantage only if the two files are on separate phyiscal drives.

# re: What's wrong with this code, part 9 - File Copy

Wednesday, February 09, 2005 12:19 PM by Larry Osterman

B.Y. Bingo - that's one of the huge issues with the code: overlapping I/O only really helps if you've got more than one spindle.

Otherwise you spend all your time moving the heads back and forth.

There are still a couple of design issues outstanding that haven't been touched upon but most of the big ones have been caught.

There's still at least one really big one though.

# re: What's wrong with this code, part 9 - File Copy

Wednesday, February 09, 2005 12:24 PM by Capt. Jean-Luc Pikachu

I thought new couldn't return NULL, it could only throw an exception? Or is that how FileCopyBlock's constructor works?

# re: What's wrong with this code, part 9 - File Copy

Wednesday, February 09, 2005 12:39 PM by Johnny Lee

How about:
1) CreateFile on Win9X fails on the dest because there's a template file supplied - so says MSDN.
2) is the code guaranteed srcFile != destFile?
3) You could probably tweak the CreateFile flags using FILE_FLAG_NO_BUFFERING and FILE_FLAG_SEQUENTIAL_SCAN, but your algorithm would have to be modified to ensure sequential scan and using appropriately aligned buffers.

# re: What's wrong with this code, part 9 - File Copy

Wednesday, February 09, 2005 12:54 PM by Larry Osterman

Jean-Luc: new can return NULL unless you use the throwing version of new. And if you've been reading for a while, you know how I feel about exceptions :) Hint: I don't like them and avoid them whenever possible.

Johnny: Win9x? What's that?
2: Good catch, not a bug: The code will fail in that case because the call to CreateFile on the destination will fail.
3) I'll talk about FILE_FLAG_NO_BUFFERING a bit in my "answers" post - that's a really good point.

# re: What's wrong with this code, part 9 - File Copy

Wednesday, February 09, 2005 1:07 PM by Mike Dimmick

Since you're using new and presumably haven't overloaded operator new, your threads will be contending for the process heap's critical section. That's a fairly minor issue.

The thread pool scheduler might make a bad decision about how many threads to start. Since you've got blocking I/Os in the thread I'd suggest using WT_EXECUTELONGFUNCTION. By default the pool will create up to 500 threads which will typically use 500MB of virtual address space. For a large file this limit might be hit due to the blocking I/Os - in fact, you only need a 32MB file before you've queued 500 work items.

The CreateFile call for the file to be read doesn't specify any sharing flags. I'd suggest setting FILE_SHARE_READ so that at least another process can read the file while you're copying it!

The documentation for WT_EXECUTEINIOTHREAD mentions APCs and the need to handle re-entrancy. I'm not sure what it's talking about here - presumably this would only apply if you were using alertable waits.

# re: What's wrong with this code, part 9 - File Copy

Wednesday, February 09, 2005 1:14 PM by Larry Osterman

Ahh, but you're missing one critical aspect of the thread pool Mike: How many threads DOES it spin up?

WT_EXECUTELONGFUNCTION forces a new thread to be created for each request, which burns a lot of time - it's not executed by the thread pool anymore.

# re: What's wrong with this code, part 9 - File Copy

Wednesday, February 09, 2005 1:45 PM by Mike Dimmick

"Work items are queued to I/O worker threads as asynchronous procedure calls (APC)." - http://msdn.microsoft.com/library/default.asp?url=/library/en-us/dllproc/base/thread_pooling.asp.

Nope, no clearer. However, this article might help: http://www.microsoft.com/msj/0499/pooling/pooling.aspx. So it looks like new threads will be created after a period of time or a number of requests are queued (see Figure 1 in the linked article). We queue a very large number of requests, which will block twice. OK, we won't create 500 threads for a 32MB file. The speed at which we obtain the data will presumably govern how many threads are created. The slower we get, the more threads will probably be created.

# re: What's wrong with this code, part 9 - File Copy

Wednesday, February 09, 2005 2:04 PM by Foolhardy

As someone else mentioned, it would be better to do unbuffered IO: it's a waste to fill up the cache with two copies of the same data, espescially with a large file which will page everything else out to make room. Explorer has a nasty tendency to do this while copying large files.

Why even bother with any seperate threads? The main thread is going to wait until the whole operation completes anyways, so why not have it create and wait on a completion port for itself? There'd be no more thread synchronization issues. I think a completion port would be a much better solution for this.

unbufcp1.c from the platform SDK examples has an example of this, although it corrupts files without modification. unbufcp2.c is the same thing, but it uses multiple threads. It's not faster. (at least not on my machine)

Also, according to the comments in unbufcp1.c, writes that cause file extention are always synchronous, so it extends the file before hand.

# re: What's wrong with this code, part 9 - File Copy

Wednesday, February 09, 2005 2:32 PM by Dean Harding

My understanding was that you only use WT_EXECUTEINIOTHREAD when you need your thread to wait in an alertable state, and not at other times (because non-IO threads are more "efficient"). Since the code doesn't need to wait in an alertable state, then WT_EXECUTEINIOTHREAD isn't needed.

Also, sequential access to a file is always going to be faster than random access. You're basically taking what is a sequential read and sequential write, and turning them into random reads and writes. And unless you're copying between separate physical disks, then the read/write operations will be serialized by the disk anyway so there's not point multi-threading it.

# re: What's wrong with this code, part 9 - File Copy

Wednesday, February 09, 2005 3:01 PM by Larry Osterman

Mike: Exactly - for normal sized files, we never generate enough load to increase the thread count to a value higher than 1. Which defeats the entire purpose of queuing these to a worker thread.

Dean: You're right. That's a bug, although not critical (I suspect that the owner of the thread pool APIs might disagree with me though :))

# re: What's wrong with this code, part 9 - File Copy

Wednesday, February 09, 2005 3:35 PM by B.Y.

Since the objective here is to speed up file copy, you should copy sparse files sparsely.

# re: What's wrong with this code, part 9 - File Copy

Wednesday, February 09, 2005 4:19 PM by Anon

Larry Osterman, the non-throwing forms of 'new' are the placement forms which accept a nothrow_t.

I understand that you might not be familiar with the engineering disciplines that exceptions require and might have reservations about the code generation with some compilers, and in fact, I'm impressed that you admit your inabilities and prejudices. Nevertheless, I consider it better to say "I've called set_new_handler" or "This is not standard C++" rather than "I don't like exceptions so I ignored them like a college student" (or whatever you came out with earlier).

# re: What's wrong with this code, part 9 - File Copy

Wednesday, February 09, 2005 9:11 PM by Phaeron

Hmm... I'd think that even if this code could successfully do overlapped I/O with multiple threads, there'd be a danger of hitting the I/O memory lock limit and getting spurious failures because there is no hard bound on the number of simultaneous threads (and thus pending requests).

# re: What's wrong with this code, part 9 - File Copy

Thursday, February 10, 2005 1:33 AM by Tom M

Practically the entire thread function would have to be wrapped in critical sections, which would seem to defeat the object of shooting off worker threads to do the job for you. My reading of this is that part of the problem is that WriteFile will advance the file pointer by the number of bytes writen, and the next write operation will then continue from there. Because of the gap between setting the write pointer (and read pointer for that matter), and the actual read/write operation, there is a chance that reading and writing will be to and from random sections of the file, thus corrupting the file.

# re: What's wrong with this code, part 9 - File Copy

Thursday, February 10, 2005 9:52 AM by Larry Osterman

Anon, actually that's not quite true. According to MSDN:
If the request is for zero bytes of storage, operator new returns a pointer to a distinct object (that is, repeated calls to operator new return different pointers). If there is insufficient memory for the allocation request, operator new returns NULL or throws an exception (see The new and delete Operators for more information).

Beginning in Visual C++ .NET 2002, the CRT's new function (in libc.lib, libcd.lib, libcmt.lib, libcmtd.lib, msvcrt.lib, and msvcrtd.lib) will continue to return NULL if memory allocation fails. However, the new function in the Standard C++ Library (in libcp.lib, libcpd.lib, libcpmt.lib, libcpmtd.lib, msvcprt.lib, and msvcprtd.lib) will support the behavior specified in the C++ standard, which is to throw a std::bad_alloc exception if the memory allocation fails.

So the operator new that's used by default doesn't throw unless you include #include <new> in your code.

And Anon, I DO understand about the engineering disciplines that exceptions require. And I've very carefully considered them.

And I feel quite strongly that is is significantly harder to generate correct code in the presence of exceptions than it is to generate correct code in the presence of deterministic failure modes. I'm not alone in this respect, there are many other senior Microsoft people (Raymond Chen, Michael Grier for example) who also feel this way.

Internally the "exceptions vs error codes" debate comes up about every two or three months, and at the end, boths sides agree to disagree - the exception people believe that the difficulty of writing correct code isn't as important as the benefits of having the ability to provide additional information about failures, and the error code people believe that it's more important to be able to write verifiably correct code.

I stand with the error code people.

# Concurrency, Part 2 - Avoiding the problem

Tuesday, February 15, 2005 3:48 PM by Larry Osterman's WebLog

# Concurrency, Part 2 - Avoiding the problem

Tuesday, February 15, 2005 4:50 PM by Larry Osterman's WebLog

# Help regarding Copy File Performance | keyongtech

Wednesday, January 21, 2009 9:56 PM by Help regarding Copy File Performance | keyongtech

PingBack from http://www.keyongtech.com/2548309-help-regarding-copy-file-performance

# Larry Osterman s WebLog What s wrong with this code part 9 File Copy | Insomnia Cure

Monday, June 08, 2009 6:48 PM by Larry Osterman s WebLog What s wrong with this code part 9 File Copy | Insomnia Cure

PingBack from http://insomniacuresite.info/story.php?id=2329

New Comments to this post are disabled

Larry Osterman's WebLog

Search

Tags

News

Archives

Links

What's wrong with this code, part 9 - File Copy

Comments

# re: What's wrong with this code, part 9 - File Copy

# re: What's wrong with this code, part 9 - File Copy

# re: What's wrong with this code, part 9 - File Copy

# re: What's wrong with this code, part 9 - File Copy

# re: What's wrong with this code, part 9 - File Copy

# re: What's wrong with this code, part 9 - File Copy

# re: What's wrong with this code, part 9 - File Copy

# re: What's wrong with this code, part 9 - File Copy

# re: What's wrong with this code, part 9 - File Copy

# re: What's wrong with this code, part 9 - File Copy

# re: What's wrong with this code, part 9 - File Copy

# re: What's wrong with this code, part 9 - File Copy

# re: What's wrong with this code, part 9 - File Copy

# re: What's wrong with this code, part 9 - File Copy

# re: What's wrong with this code, part 9 - File Copy

# re: What's wrong with this code, part 9 - File Copy

# re: What's wrong with this code, part 9 - File Copy

# re: What's wrong with this code, part 9 - File Copy

# re: What's wrong with this code, part 9 - File Copy

# re: What's wrong with this code, part 9 - File Copy

# re: What's wrong with this code, part 9 - File Copy

# re: What's wrong with this code, part 9 - File Copy

# re: What's wrong with this code, part 9 - File Copy

# re: What's wrong with this code, part 9 - File Copy

# re: What's wrong with this code, part 9 - File Copy

# re: What's wrong with this code, part 9 - File Copy

# re: What's wrong with this code, part 9 - File Copy

# Concurrency, Part 2 - Avoiding the problem

# Concurrency, Part 2 - Avoiding the problem

# Help regarding Copy File Performance | keyongtech

# Larry Osterman s WebLog What s wrong with this code part 9 File Copy | Insomnia Cure