Comment by networkimprov
5 years ago
You need a recovery step on startup to retry the rename if tempfile is complete, or delete it if it isn't.
That means you need a way to verify that tempfile is complete. I do that by removing filename after completing tempfile. And that requires a placeholder for filename if it didn't already exist (e.g. a symlink to nowhwere).
On crash, rename may leave both files in place.
This technique doesn't work if you have hardlinks to filename which should refer to the new file.
Regardless of whether the tempfile is complete, you can just ignore (or delete) it on startup. From the caller's perspective, the save operation doesn't succeed until the rename is done and written to disk.