Message ID | 20190304174053.GA27497@sigill.intra.peff.net (mailing list archive) |
---|---|
State | New, archived |
Headers | show |
Series | rev-list: allow cached objects in existence check | expand |
> This patch makes the minimal fix, which is to swap out a direct call to > oid_object_info_extended(), minus the SKIP_CACHED flag, instead of > calling has_object_file(). This is all that has_object_file() is doing > under the hood. And there's little danger of unrelated fallout from > other unexpected "cached" objects, since there's only one call site that > ends such a cached object, and it's in git-blame. Thanks - this patch looks good to me. > I think we might also consider just having has_object_file() respect > cached objects. The SKIP_CACHED flag comes from Jonathan Tan's > e83e71c5e1 (sha1_file: refactor has_sha1_file_with_flags, 2017-06-21). > But it was just matching the old behavior; it's not clear to me that we > particularly care about that, and it wasn't simply that nobody bothered > to put the cached-object check into has_sha1_file(). Making has_object_file() respect cached objects sounds good to me too. > Some concerns/arguments against it: > > - we probably would want to make sure we do not short-cut > write_sha1_file(). I.e., we should still write it to disk when > somebody wants it. But I think that works, because that function > uses its own check-and-freshen infrastructure. write_object_file() (formerly write_sha1_file()) indeed uses its own check-and-freshen mechanism. > - some callers of has_sha1_file() might care about durability between > processes. Because it's baked in, the empty tree is safe for that > (whatever follow-on process runs, it will also be baked in there). > But that's not necessarily true for other "cached" objects. I'm not > really that worried about it because we use it sparingly (the only > call to pretend_sha1_file() is in git-blame, and if it ever did ask > "do we have this object", I actually think the right answer would be > "yes"). > > But if this is a concern, we could perhaps have two levels of flags: > SKIP_CACHED and SKIP_INTERNAL. Or teach git-blame to have its own pretend mechanism, and remove the pretend mechanism from sha1-file.c. The last time I deeply thought of this was during the partial clone implementation, so I am probably not completely up-to-date, but it seems to me that ideally, for reading, we would remove SKIP_CACHED completely (and always consult the cache), and also remove completely the ability to pretend (blame will have to do it by itself); and for writing, we would write the empty tree whenever we do now (for backwards compatibility with old versions of Git that read what we write). Both the approach in this patch and making has_object_file() respect cached objects are steps in that direction, so I'm OK with both.
On Mon, Mar 04, 2019 at 11:19:32AM -0800, Jonathan Tan wrote: > > - some callers of has_sha1_file() might care about durability between > > processes. Because it's baked in, the empty tree is safe for that > > (whatever follow-on process runs, it will also be baked in there). > > But that's not necessarily true for other "cached" objects. I'm not > > really that worried about it because we use it sparingly (the only > > call to pretend_sha1_file() is in git-blame, and if it ever did ask > > "do we have this object", I actually think the right answer would be > > "yes"). > > > > But if this is a concern, we could perhaps have two levels of flags: > > SKIP_CACHED and SKIP_INTERNAL. > > Or teach git-blame to have its own pretend mechanism, and remove the > pretend mechanism from sha1-file.c. I think that would be ideal, but I'm not sure if it's feasible due to the layering of the various modules. IOW, the blame code isn't just pretending a fake object file for _itself_, it needs to then call into the diff code, which must be able to then find that content in order to produce a diff. But maybe it is not so bad. Our diff_filespec struct does represent working-tree files (as it must, since we diff them!). So it may be possible to feed it to the diff code at the right spot. I haven't looked closely enough to say for sure whether it's feasible or not. But it does imply to me that we should go with this regression fix in the near-term and think about building bigger changes separately on master. > The last time I deeply thought of this was during the partial clone > implementation, so I am probably not completely up-to-date, but it seems > to me that ideally, for reading, we would remove SKIP_CACHED completely > (and always consult the cache), and also remove completely the ability > to pretend (blame will have to do it by itself); and for writing, we > would write the empty tree whenever we do now (for backwards > compatibility with old versions of Git that read what we write). Both > the approach in this patch and making has_object_file() respect cached > objects are steps in that direction, so I'm OK with both. Yeah, I think our world-views are in accord. :) -Peff
Jeff King <peff@peff.net> writes: > This fixes a regression in 7c0fe330d5 (rev-list: handle missing tree > objects properly, 2018-10-05) where rev-list will now complain about the > empty tree when it doesn't physically exist on disk. > > Before that commit, we relied on the traversal code in list-objects.c to > walk through the trees. Since it uses parse_tree(), we'd do a normal > object lookup that includes looking in the set of "cached" objects > (which is where our magic internal empty-tree kicks in). > > After that commit, we instead tell list-objects.c not to die on any > missing trees, and we check them ourselves using has_object_file(). But > that function uses OBJECT_INFO_SKIP_CACHED, which means we won't use our > internal empty tree. Yikes. Thanks for spotting. > This patch makes the minimal fix, which is to swap out a direct call to > oid_object_info_extended(), minus the SKIP_CACHED flag, instead of > calling has_object_file(). This is all that has_object_file() is doing > under the hood. And there's little danger of unrelated fallout from > other unexpected "cached" objects, since there's only one call site that > ends such a cached object, and it's in git-blame. OK. That last one is not even "cached" but "merely exists in-core" virtual commit, that represents the locally modified state, right? I do not think rev-list ever asks if these object exist, but if they were asked, we should say they also exist. > Signed-off-by: Jeff King <peff@peff.net> > --- > I prepared this directly on top of 7c0fe330d5, but it should merge > cleanly into the current tip of master. > > I think we might also consider just having has_object_file() respect > cached objects. The SKIP_CACHED flag comes from Jonathan Tan's > e83e71c5e1 (sha1_file: refactor has_sha1_file_with_flags, 2017-06-21). > But it was just matching the old behavior; it's not clear to me that we > particularly care about that, and it wasn't simply that nobody bothered > to put the cached-object check into has_sha1_file(). Yup, I am fine with such a clean-up after we fix this regression. > Some concerns/arguments against it: > > - we probably would want to make sure we do not short-cut > write_sha1_file(). I.e., we should still write it to disk when > somebody wants it. But I think that works, because that function > uses its own check-and-freshen infrastructure. > > - some callers of has_sha1_file() might care about durability between > processes. Because it's baked in, the empty tree is safe for that > (whatever follow-on process runs, it will also be baked in there). > But that's not necessarily true for other "cached" objects. I'm not > really that worried about it because we use it sparingly (the only > call to pretend_sha1_file() is in git-blame, and if it ever did ask > "do we have this object", I actually think the right answer would be > "yes"). ... and I realize that I should have read ahead before writing the four lines above myself ;-) We are on the same page. > But if this is a concern, we could perhaps have two levels of flags: > SKIP_CACHED and SKIP_INTERNAL. > > builtin/rev-list.c | 2 +- > t/t1060-object-corruption.sh | 10 ++++++++++ > 2 files changed, 11 insertions(+), 1 deletion(-) > > diff --git a/builtin/rev-list.c b/builtin/rev-list.c > index 49d6deed70..877b6561f4 100644 > --- a/builtin/rev-list.c > +++ b/builtin/rev-list.c > @@ -237,7 +237,7 @@ static inline void finish_object__ma(struct object *obj) > static int finish_object(struct object *obj, const char *name, void *cb_data) > { > struct rev_list_info *info = cb_data; > - if (!has_object_file(&obj->oid)) { > + if (oid_object_info_extended(the_repository, &obj->oid, NULL, 0) < 0) { > finish_object__ma(obj); > return 1; > } > diff --git a/t/t1060-object-corruption.sh b/t/t1060-object-corruption.sh > index ac1f189fd2..807b63b473 100755 > --- a/t/t1060-object-corruption.sh > +++ b/t/t1060-object-corruption.sh > @@ -125,4 +125,14 @@ test_expect_success 'fetch into corrupted repo with index-pack' ' > ) > ' > > +test_expect_success 'internal tree objects are not "missing"' ' > + git init missing-empty && > + ( > + cd missing-empty && > + empty_tree=$(git hash-object -t tree /dev/null) && > + commit=$(echo foo | git commit-tree $empty_tree) && > + git rev-list --objects $commit > + ) > +' > + > test_done
Jeff King <peff@peff.net> writes: >> Or teach git-blame to have its own pretend mechanism, and remove the >> pretend mechanism from sha1-file.c. > > I think that would be ideal, but I'm not sure if it's feasible due to > the layering of the various modules. Sorry, but I do not get why we want command-line specific pretend mechanism. When one part of the system wants to behave as if object X exists, doesn't that part want other parts of the system to share that same world view to be consistent? I am mostly reacting to "would be _ideal_"; if it were "if we have per-system ad-hoc pretend mechanism, things like this and that would become easier to implement, even though that is an ugly hack", I may agree when I see examples of things that get easier, though.
On Tue, Mar 05, 2019 at 10:33:13PM +0900, Junio C Hamano wrote: > Jeff King <peff@peff.net> writes: > > >> Or teach git-blame to have its own pretend mechanism, and remove the > >> pretend mechanism from sha1-file.c. > > > > I think that would be ideal, but I'm not sure if it's feasible due to > > the layering of the various modules. > > Sorry, but I do not get why we want command-line specific pretend > mechanism. When one part of the system wants to behave as if object > X exists, doesn't that part want other parts of the system to share > that same world view to be consistent? > > I am mostly reacting to "would be _ideal_"; if it were "if we have > per-system ad-hoc pretend mechanism, things like this and that would > become easier to implement, even though that is an ugly hack", I may > agree when I see examples of things that get easier, though. The problem is that it's not clear how each of those other parts of the system should react to these pretend objects. E.g., they probably should _not_ be used in any operation that might write, since we would not want to create a permanent object that points to an ephemeral one. By sticking this in sha1-file.c, it becomes hard to know who will access them, or with what expectations. Things work right now because we use the feature sparingly (and only from a process that's purely read-only). But we're at risk of somebody later misusing it, especially if we spread its use to more functions like has_object_file(). If this were local to git-blame, then that risk goes away. So that's what I meant by "ideal". I don't think it makes anything easier (in fact, after looking, I think it makes things in git-blame much harder, to the point that I am not planning to work on it anytime soon). -Peff
diff --git a/builtin/rev-list.c b/builtin/rev-list.c index 49d6deed70..877b6561f4 100644 --- a/builtin/rev-list.c +++ b/builtin/rev-list.c @@ -237,7 +237,7 @@ static inline void finish_object__ma(struct object *obj) static int finish_object(struct object *obj, const char *name, void *cb_data) { struct rev_list_info *info = cb_data; - if (!has_object_file(&obj->oid)) { + if (oid_object_info_extended(the_repository, &obj->oid, NULL, 0) < 0) { finish_object__ma(obj); return 1; } diff --git a/t/t1060-object-corruption.sh b/t/t1060-object-corruption.sh index ac1f189fd2..807b63b473 100755 --- a/t/t1060-object-corruption.sh +++ b/t/t1060-object-corruption.sh @@ -125,4 +125,14 @@ test_expect_success 'fetch into corrupted repo with index-pack' ' ) ' +test_expect_success 'internal tree objects are not "missing"' ' + git init missing-empty && + ( + cd missing-empty && + empty_tree=$(git hash-object -t tree /dev/null) && + commit=$(echo foo | git commit-tree $empty_tree) && + git rev-list --objects $commit + ) +' + test_done
This fixes a regression in 7c0fe330d5 (rev-list: handle missing tree objects properly, 2018-10-05) where rev-list will now complain about the empty tree when it doesn't physically exist on disk. Before that commit, we relied on the traversal code in list-objects.c to walk through the trees. Since it uses parse_tree(), we'd do a normal object lookup that includes looking in the set of "cached" objects (which is where our magic internal empty-tree kicks in). After that commit, we instead tell list-objects.c not to die on any missing trees, and we check them ourselves using has_object_file(). But that function uses OBJECT_INFO_SKIP_CACHED, which means we won't use our internal empty tree. This normally wouldn't come up. For most operations, Git will try to write out the empty tree object as it would any other object. And pack-objects in a push or fetch will send the empty tree (even if it's virtual on the sending side). However, there are cases where this can matter. One I found in the wild: 1. The root tree of a commit became empty by deleting all files, without using an index. In this case it was done using libgit2's tree builder API, but as the included test shows, it can easily be done with regular git using hash-object. The resulting repo works OK, as we'd avoid walking over our own reachable commits for a connectivity check. 2. Cloning with --reference pointing to the repository from (1) can trigger the problem, because we tell the other side we already have that commit (and hence the empty tree), but then walk over it during the connectivity check (where we complain about it missing). Arguably the workflow in step (1) should be more careful about writing the empty tree object if we're referencing it. But this workflow did work prior to 7c0fe330d5, so let's restore it. This patch makes the minimal fix, which is to swap out a direct call to oid_object_info_extended(), minus the SKIP_CACHED flag, instead of calling has_object_file(). This is all that has_object_file() is doing under the hood. And there's little danger of unrelated fallout from other unexpected "cached" objects, since there's only one call site that ends such a cached object, and it's in git-blame. Signed-off-by: Jeff King <peff@peff.net> --- I prepared this directly on top of 7c0fe330d5, but it should merge cleanly into the current tip of master. I think we might also consider just having has_object_file() respect cached objects. The SKIP_CACHED flag comes from Jonathan Tan's e83e71c5e1 (sha1_file: refactor has_sha1_file_with_flags, 2017-06-21). But it was just matching the old behavior; it's not clear to me that we particularly care about that, and it wasn't simply that nobody bothered to put the cached-object check into has_sha1_file(). Some concerns/arguments against it: - we probably would want to make sure we do not short-cut write_sha1_file(). I.e., we should still write it to disk when somebody wants it. But I think that works, because that function uses its own check-and-freshen infrastructure. - some callers of has_sha1_file() might care about durability between processes. Because it's baked in, the empty tree is safe for that (whatever follow-on process runs, it will also be baked in there). But that's not necessarily true for other "cached" objects. I'm not really that worried about it because we use it sparingly (the only call to pretend_sha1_file() is in git-blame, and if it ever did ask "do we have this object", I actually think the right answer would be "yes"). But if this is a concern, we could perhaps have two levels of flags: SKIP_CACHED and SKIP_INTERNAL. builtin/rev-list.c | 2 +- t/t1060-object-corruption.sh | 10 ++++++++++ 2 files changed, 11 insertions(+), 1 deletion(-)