Is rename required by standard to be atomic?

Question

An interesting question arose while I was trying to answer this:

Is mv atomic on my fs?

Is the rename() function required to be atomic by standard?

The 'rationale' section of the POSIX standard for rename states:

This rename() function is equivalent for regular files to that defined by the ISO C standard. Its inclusion here expands that definition to include actions on directories and specifies behavior when the new parameter names a file that already exists. That specification requires that the action of the function be atomic.

But, the latest publicly-available ISO C Standard section on rename, in its entirety, states:

7.21.4.2 The rename function

Synopsis

#include <stdio.h>
int rename(const char *old, const char *new);

Description

The rename function causes the file whose name is the string pointed to by old to be henceforth known by the name given by the string pointed to by new. The file named old is no longer accessible by that name. If a file named by the string pointed to by new exists prior to the call to the rename function, the behavior is implementation-defined.

Returns

The rename function returns zero if the operation succeeds, nonzero if it fails, in which case if the file existed previously it is still known by its original name.

There's no explicit requirement of any kind for any type of atomicity in the rename() section of the ISO C Standard.

Having written many programs that relied upon the apparently implementation-specific atomicity of rename(), I had assumed that atomicity was a requirement and was surprised by the lack in the C Standard.

But the POSIX standard says that the ISO C standard requires rename() to be atomic.

Explanation(s)?

Answer 1

Your quote from the POSIX standard for rename() comes from the (non-normative) 'Rationale' section. The main entry — the actual normative material — begins:

For rename(): ^[CX] The functionality described on this reference page is aligned with the ISO C standard. Any conflict between the requirements described here and the ISO C standard is unintentional. This volume of POSIX.1-2008 defers to the ISO C standard.

The rename() function shall change the name of a file. The old argument points to the pathname of the file to be renamed. The new argument points to the new pathname of the file. ^[CX] If the new argument does not resolve to an existing directory entry for a file of type directory and the new argument contains at least one non-<slash> character and ends with one or more trailing <slash> characters after all symbolic links have been processed, rename() shall fail.

…

All the rest of the entry is within the [CX] (C Extension) tag and discusses other special behaviours.

The rationale you quote says:

This rename() function is equivalent for regular files to that defined by the ISO C standard. Its inclusion here expands that definition to include actions on directories and specifies behavior when the new parameter names a file that already exists. That specification requires that the action of the function be atomic.

The 'That specification' referred to in the last sentence is the expanded definition that includes the specification of the actions on directories and 'when the new parameter names a file that already exists', not the specification in the C standard which, as you observe, does not say anything about atomicity (very reasonably; there are systems that can support C and rename() without being able to support POSIX's more stringent atomicity requirement).

And I see that this is exactly the argument made by T.C in their comment — I agree with T.C.