Skip to content

[v2.24.0-rc0 BUG] fetch.writeCommitGraph fails on first fetch #415

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Closed
wants to merge 2 commits into from
Closed

[v2.24.0-rc0 BUG] fetch.writeCommitGraph fails on first fetch #415

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
2 commits
Select commit Hold shift + click to select a range
8150108
t5510-fetch.sh: demonstrate fetch.writeCommitGraph bug
derrickstolee Oct 23, 2019
6d01e90
commit-graph: fix writing first commit-graph during fetch
derrickstolee Oct 22, 2019
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
11 changes: 7 additions & 4 deletions commit-graph.c
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -41,6 +41,9 @@
#define GRAPH_MIN_SIZE (GRAPH_HEADER_SIZE + 4 * GRAPH_CHUNKLOOKUP_WIDTH \
Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

On the Git mailing list, Jeff King wrote (reply to this):

On Tue, Oct 22, 2019 at 05:28:55PM +0000, Derrick Stolee via GitGitGadget wrote:

> However, the UNINTERESTING flag is used in lots of places in the
> codebase. This flag usually means some barrier to stop a commit walk,
> such as in revision-walking to compare histories. It is not often
> cleared after the walk completes because the starting points of those
> walks do not have the UNINTERESTING flag, and clear_commit_marks() would
> stop immediately.

Oof. Nicely explained, and your fix makes sense.

The global-ness of revision flags always makes me nervous about doing
more things in-process (this isn't the first such bug we've had).

I have a dream of converting most uses of flags into using a
commit-slab. That provides cheap access to an auxiliary structure, so
each traversal, etc, could keep its own flag structure. I'm not sure if
it would have a performance impact, though. Even though it's O(1), it is
an indirect lookup, which could have some memory-access impact (though
my guess is it would be lost in the noise).

One of the sticking points is that all object types, not just commits,
use flags. But we only assign slab ids to commits. I noticed recently
that "struct object" has quite a few spare bits in it these days,
because the switch to a 32-byte oid means 64-bit machines now have an
extra 4 bytes of padding. I wonder if we could use that to store an
index field.

Anyway, that's getting far off the topic; clearly we need a fix in the
meantime, and what you have here looks good to me.

> I tested running clear_commit_marks_many() to clear the UNINTERESTING
> flag inside close_reachable(), but the tips did not have the flag, so
> that did nothing.

Another option would be clear_object_flags(), which just walks all of
the in-memory structs. Your REACHABLE solution is cheaper, though.

> Instead, I finally arrived on the conclusion that I should use a flag
> that is not used in any other part of the code. In commit-reach.c, a
> number of flags were defined for commit walk algorithms. The REACHABLE
> flag seemed like it made the most sense, and it seems it was not
> actually used in the file.

Yeah, being able to remove it from commit-reach.c surprised me for a
moment. To further add to the confusion, builtin/fsck.c has its own
REACHABLE flag (with a different bit and a totally different purpose). I
don't think there's any practical problem there, though.

> I have failed to produce a test using the file:// protocol that
> demonstrates this bug.

Hmm, from the description, it sounds like it should be easy. I might
poke at it a bit.

-Peff

Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

On the Git mailing list, Jeff King wrote (reply to this):

On Tue, Oct 22, 2019 at 04:33:16PM -0400, Jeff King wrote:

> > I have failed to produce a test using the file:// protocol that
> > demonstrates this bug.
> 
> Hmm, from the description, it sounds like it should be easy. I might
> poke at it a bit.

Hmph. I can reproduce it here, but it seems to depend on the repository.
If I do this:

diff --git a/t/t5510-fetch.sh b/t/t5510-fetch.sh
index ecabbe1616..8d473a456f 100755
--- a/t/t5510-fetch.sh
+++ b/t/t5510-fetch.sh
@@ -583,6 +583,14 @@ test_expect_success 'fetch.writeCommitGraph' '
 	)
 '
 
+test_expect_success 'fetch.writeCommitGraph with a bigger repo' '
+	git clone "$TEST_DIRECTORY/.." repo &&
+	(
+		cd repo &&
+		git -c fetch.writeCommitGraph fetch origin
+	)
+'
+
 # configured prune tests
 
 set_config_tristate () {

it reliably triggers the bug. But if I make a synthetic repo, even it
has a lot of commits (thousands or more), it doesn't trigger. I thought
maybe it had to do with having commits that were not at tips (since the
tip ones presumably _are_ fed into the graph generation process). But
that doesn't seem to help.

Puzzling...

-Peff

Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

On the Git mailing list, SZEDER Gábor wrote (reply to this):

On Tue, Oct 22, 2019 at 05:45:54PM -0400, Jeff King wrote:
> On Tue, Oct 22, 2019 at 04:33:16PM -0400, Jeff King wrote:
> 
> > > I have failed to produce a test using the file:// protocol that
> > > demonstrates this bug.
> > 
> > Hmm, from the description, it sounds like it should be easy. I might
> > poke at it a bit.
> 
> Hmph. I can reproduce it here, but it seems to depend on the repository.
> If I do this:
> 
> diff --git a/t/t5510-fetch.sh b/t/t5510-fetch.sh
> index ecabbe1616..8d473a456f 100755
> --- a/t/t5510-fetch.sh
> +++ b/t/t5510-fetch.sh
> @@ -583,6 +583,14 @@ test_expect_success 'fetch.writeCommitGraph' '
>  	)
>  '
>  
> +test_expect_success 'fetch.writeCommitGraph with a bigger repo' '
> +	git clone "$TEST_DIRECTORY/.." repo &&
> +	(
> +		cd repo &&
> +		git -c fetch.writeCommitGraph fetch origin
> +	)
> +'
> +
>  # configured prune tests
>  
>  set_config_tristate () {
> 
> it reliably triggers the bug. But if I make a synthetic repo, even it
> has a lot of commits (thousands or more), it doesn't trigger. I thought
> maybe it had to do with having commits that were not at tips (since the
> tip ones presumably _are_ fed into the graph generation process). But
> that doesn't seem to help.
> 
> Puzzling...

Submodules?

  $ cd ~/src/git/
  $ git quotelog 86cfd61e6b
  86cfd61e6b (sha1dc: optionally use sha1collisiondetection as a submodule, 2017-07-01)
  $ git init --bare good.git
  Initialized empty Git repository in /home/szeder/src/git/good.git/
  $ git push -q good.git 86cfd61e6b^:refs/heads/master
  $ git clone good.git good-clone
  Cloning into 'good-clone'...
  done.
  $ git -c fetch.writeCommitGraph -C good-clone fetch origin
  Computing commit graph generation numbers: 100% (46958/46958), done.
  $ git init --bare bad.git
  Initialized empty Git repository in /home/szeder/src/git/bad.git/
  $ git push -q bad.git 86cfd61e6b:refs/heads/master
  $ git clone bad.git bad-clone
  Cloning into 'bad-clone'...
  done.
  $ git -c fetch.writeCommitGraph -C bad-clone fetch origin
  Computing commit graph generation numbers: 100% (1/1), done.
  BUG: commit-graph.c:886: missing parent 9936c1b52a39fa14fca04f937df3e75f7498ac66 for commit 86cfd61e6bc12745751c43b4f69886b290cd85cb
  Aborted

In the cover letter Derrick mentioned that he used
https://github.com/derrickstolee/numbers for testing, and that repo
has a submodule as well.

Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

On the Git mailing list, Derrick Stolee wrote (reply to this):



On 10/22/2019 7:35 PM, SZEDER Gábor wrote:
> On Tue, Oct 22, 2019 at 05:45:54PM -0400, Jeff King wrote:
>> Puzzling...
> 
> Submodules?
> 
>   $ cd ~/src/git/
>   $ git quotelog 86cfd61e6b
>   86cfd61e6b (sha1dc: optionally use sha1collisiondetection as a submodule, 2017-07-01)
>   $ git init --bare good.git
>   Initialized empty Git repository in /home/szeder/src/git/good.git/
>   $ git push -q good.git 86cfd61e6b^:refs/heads/master
>   $ git clone good.git good-clone
>   Cloning into 'good-clone'...
>   done.
>   $ git -c fetch.writeCommitGraph -C good-clone fetch origin
>   Computing commit graph generation numbers: 100% (46958/46958), done.
>   $ git init --bare bad.git
>   Initialized empty Git repository in /home/szeder/src/git/bad.git/
>   $ git push -q bad.git 86cfd61e6b:refs/heads/master
>   $ git clone bad.git bad-clone
>   Cloning into 'bad-clone'...
>   done.
>   $ git -c fetch.writeCommitGraph -C bad-clone fetch origin
>   Computing commit graph generation numbers: 100% (1/1), done.
>   BUG: commit-graph.c:886: missing parent 9936c1b52a39fa14fca04f937df3e75f7498ac66 for commit 86cfd61e6bc12745751c43b4f69886b290cd85cb
>   Aborted
> 
> In the cover letter Derrick mentioned that he used
> https://github.com/derrickstolee/numbers for testing, and that repo
> has a submodule as well.

I completely forgot that I put a submodule in that repo. It makes sense
that the Git repo also has one. Thanks for the test! I'll get it into
the test suite tomorrow.

-Stolee

Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

On the Git mailing list, Jeff King wrote (reply to this):

On Tue, Oct 22, 2019 at 08:35:57PM -0400, Derrick Stolee wrote:

> > In the cover letter Derrick mentioned that he used
> > https://github.com/derrickstolee/numbers for testing, and that repo
> > has a submodule as well.
> 
> I completely forgot that I put a submodule in that repo. It makes sense
> that the Git repo also has one. Thanks for the test! I'll get it into
> the test suite tomorrow.

Ah, right. Good catch Gábor. The test below fails for me without your
patch, and succeeds with it (the extra empty commit is necessary so that
we have a parent).

I admit I am puzzled, though, _why_ the presence of the submodule
matters. That is, from your explanation, I thought the issue was simply
that `fetch` walked (and marked) some commits, and the flags overlapped
with what the commit-graph code expected.

I could guess that the presence of the submodule triggers some analysis
for --recurse-submodules. But then we don't actually recurse (maybe
because they're not activated? In which case maybe we shouldn't be doing
that extra walk to look for submodules if there aren't any activated
ones in our local repo).

I'd also wonder if it would be possible to trigger in another way (say,
due to want/have negotiation, though I guess most of the walking there
is done on the server side). But it may not be worth digging too far
into it.

-Peff

---
diff --git a/t/t5510-fetch.sh b/t/t5510-fetch.sh
index ecabbe1616..1b092fec0b 100755
--- a/t/t5510-fetch.sh
+++ b/t/t5510-fetch.sh
@@ -583,6 +583,21 @@ test_expect_success 'fetch.writeCommitGraph' '
 	)
 '
 
+test_expect_success 'fetch.writeCommitGraph with a submodule' '
+	git init has-submodule &&
+	(
+		cd has-submodule &&
+		git commit --allow-empty -m parent &&
+		git submodule add ../three &&
+		git commit -m "add submodule"
+	) &&
+	git clone has-submodule submod-clone &&
+	(
+		cd submod-clone &&
+		git -c fetch.writeCommitGraph fetch origin
+	)
+'
+
 # configured prune tests
 
 set_config_tristate () {

Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

On the Git mailing list, Jeff King wrote (reply to this):

On Tue, Oct 22, 2019 at 08:48:20PM -0400, Jeff King wrote:

> I admit I am puzzled, though, _why_ the presence of the submodule
> matters. That is, from your explanation, I thought the issue was simply
> that `fetch` walked (and marked) some commits, and the flags overlapped
> with what the commit-graph code expected.
> 
> I could guess that the presence of the submodule triggers some analysis
> for --recurse-submodules. But then we don't actually recurse (maybe
> because they're not activated? In which case maybe we shouldn't be doing
> that extra walk to look for submodules if there aren't any activated
> ones in our local repo).

Indeed, that seems to be it. If I do this:

  git init repo
  cd repo
  cat >.gitmodules <<\EOF
  [submodule "foo"]
  path = foo
  url = https://example.com
  EOF
  time git fetch /path/to/git.git

then we end up traversing the whole git.git history a second time, even
though we should know off the bat that there are no active submodules
that we would recurse to.

Doing this makes the problem go away:

diff --git a/submodule.c b/submodule.c
index 0f199c5137..0db2f18b93 100644
--- a/submodule.c
+++ b/submodule.c
@@ -1193,7 +1193,7 @@ static void calculate_changed_submodule_paths(struct repository *r,
 	struct string_list_item *name;
 
 	/* No need to check if there are no submodules configured */
-	if (!submodule_from_path(r, NULL, NULL))
+	if (!is_submodule_active(r, NULL))
 		return;
 
 	argv_array_push(&argv, "--"); /* argv[0] program name */

but causes some tests to fail (I think that in some cases we're supposed
to auto-initialize, and we'd probably need to cover that case, too).

All of this is outside of your fix, of course, but:

  1. I'm satisfied now that I understand why the test triggers the
     problem.

  2. You may want have a real activated submodule in your test. Right
     now we'll trigger the submodule-recursion check even without that,
     but in the future we might do something like the hunk above. In
     which case your test wouldn't be checking anything interesting
     anymore.

-Peff

Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

On the Git mailing list, SZEDER Gábor wrote (reply to this):

On Wed, Oct 23, 2019 at 01:01:35PM +0000, Derrick Stolee via GitGitGadget wrote:
> From: Derrick Stolee <[email protected]>
> 
> The previous commit includes a failing test for an issue around
> fetch.writeCommitGraph and fetching in a repo with a submodule. Here, we
> fix that bug and set the test to "test_expect_success".
> 
> The prolem arises with this set of commands when the remote repo at

s/prolem/problem/

> <url> has a submodule. Note that --recurse-submodules is not needed to
> demonstrate the bug.
> 
> 	$ git clone <url> test
> 	$ cd test
> 	$ git -c fetch.writeCommitGraph=true fetch origin
> 	Computing commit graph generation numbers: 100% (12/12), done.
> 	BUG: commit-graph.c:886: missing parent <hash1> for commit <hash2>
> 	Aborted (core dumped)
> 
> As an initial fix, I converted the code in builtin/fetch.c that calls
> write_commit_graph_reachable() to instead launch a "git commit-graph
> write --reachable --split" process. That code worked, but is not how we
> want the feature to work long-term.
> 
> That test did demonstrate that the issue must be something to do with
> internal state of the 'git fetch' process.
> 
> The write_commit_graph() method in commit-graph.c ensures the commits we
> plan to write are "closed under reachability" using close_reachable().
> This method walks from the input commits, and uses the UNINTERESTING
> flag to mark which commits have already been visited. This allows the
> walk to take O(N) time, where N is the number of commits, instead of
> O(P) time, where P is the number of paths. (The number of paths can be
> exponential in the number of commits.)
> 
> However, the UNINTERESTING flag is used in lots of places in the
> codebase. This flag usually means some barrier to stop a commit walk,
> such as in revision-walking to compare histories. It is not often
> cleared after the walk completes because the starting points of those
> walks do not have the UNINTERESTING flag, and clear_commit_marks() would
> stop immediately.
> 
> This is happening during a 'git fetch' call with a remote. The fetch
> negotiation is comparing the remote refs with the local refs and marking
> some commits as UNINTERESTING.
> 
> You may ask: did this feature ever work at all? Yes, it did, as long as
> you had a commit-graph covering all of your local refs. My testing was
> unfortunately limited to this scenario. The UNINTERESTING commits are
> always part of the "old" commit-graph, and when we add new commits to a
> top layer of the commit-graph chain those are not needed. If we happen
> to merge layers of the chain, then the commits are added as a list, not
> using a commit walk. Further, the test added for this config option in
> t5510-fetch.sh uses local filesystem clones, which somehow avoids this
> logic.

Does this last sentence still holds, given that a submodule plays a
crucial role in triggering this bug?  I think it either doesn't, or
I still don't completely understand the situation.

> I tested running clear_commit_marks_many() to clear the UNINTERESTING
> flag inside close_reachable(), but the tips did not have the flag, so
> that did nothing.
> 
> It turns out that the calculate_changed_submodule_paths() method is at
> fault. Thanks, Peff, for pointing out this detail! More specifically,
> for each submodule, the collect_changed_submodules() runs a revision
> walk to essentially do file-history on the list of submodules. That
> revision walk marks commits UNININTERESTING if they are simiplified away

s/simiplified/simplified/

> by not changing the submodule.
> 
> Instead, I finally arrived on the conclusion that I should use a flag
> that is not used in any other part of the code. In commit-reach.c, a
> number of flags were defined for commit walk algorithms. The REACHABLE
> flag seemed like it made the most sense, and it seems it was not
> actually used in the file. The REACHABLE flag was used in early versions
> of commit-reach.c, but was removed by 4fbcca4 (commit-reach: make
> can_all_from_reach... linear, 2018-07-20).
> 
> Add the REACHABLE flag to commit-graph.c and use it instead of
> UNINTERESTING in close_reachable(). This fixes the bug in manual
> testing.

I'm inclined to agree that using a flag that is not used anywhere else
is the safest thing to do, and at -rcX time safest is good.  I'm not
sure whether it's the right thing to do in the long term, though.

Furthermore, calling this flag REACHABLE is misleading, because the
code actually means SEEN.
Consider the following sequence of commands:

  # Create a pack with two commits
  $ git commit --allow-empty -m one &&
  $ git commit --allow-empty -m two &&
  $ git repack -ad &&
  # Make one of those commits unreachable
  $ git reset --hard HEAD^ &&
  # Not even from reflogs!
  $ git reflog expire --expire-unreachable=now --all
  # Now write a commit-graph from that pack file
  $ git commit-graph write
  Computing commit graph generation numbers: 100% (2/2), done.

It added two commits to the commit-graph, although one of them is
clearly not reachable anymore, so marking it as REACHABLE while
enumerating all commits feels wrong.

> Reported-by: Johannes Schindelin <[email protected]>
> Helped-by: Jeff King <[email protected]>
> Helped-by: Szeder Gábor <[email protected]>
> Signed-off-by: Derrick Stolee <[email protected]>
> ---
>  commit-graph.c   | 11 +++++++----
>  commit-reach.c   |  1 -
>  object.h         |  3 ++-
>  t/t5510-fetch.sh |  2 +-
>  4 files changed, 10 insertions(+), 7 deletions(-)
> 
> diff --git a/commit-graph.c b/commit-graph.c
> index fc4a43b8d6..0aea7b2ae5 100644
> --- a/commit-graph.c
> +++ b/commit-graph.c
> @@ -41,6 +41,9 @@
>  #define GRAPH_MIN_SIZE (GRAPH_HEADER_SIZE + 4 * GRAPH_CHUNKLOOKUP_WIDTH \
>  			+ GRAPH_FANOUT_SIZE + the_hash_algo->rawsz)
>  
> +/* Remember to update object flag allocation in object.h */
> +#define REACHABLE       (1u<<15)
> +
>  char *get_commit_graph_filename(const char *obj_dir)
>  {
>  	char *filename = xstrfmt("%s/info/commit-graph", obj_dir);
> @@ -1030,11 +1033,11 @@ static void add_missing_parents(struct write_commit_graph_context *ctx, struct c
>  {
>  	struct commit_list *parent;
>  	for (parent = commit->parents; parent; parent = parent->next) {
> -		if (!(parent->item->object.flags & UNINTERESTING)) {
> +		if (!(parent->item->object.flags & REACHABLE)) {
>  			ALLOC_GROW(ctx->oids.list, ctx->oids.nr + 1, ctx->oids.alloc);
>  			oidcpy(&ctx->oids.list[ctx->oids.nr], &(parent->item->object.oid));
>  			ctx->oids.nr++;
> -			parent->item->object.flags |= UNINTERESTING;
> +			parent->item->object.flags |= REACHABLE;
>  		}
>  	}
>  }
> @@ -1052,7 +1055,7 @@ static void close_reachable(struct write_commit_graph_context *ctx)
>  		display_progress(ctx->progress, i + 1);
>  		commit = lookup_commit(ctx->r, &ctx->oids.list[i]);
>  		if (commit)
> -			commit->object.flags |= UNINTERESTING;
> +			commit->object.flags |= REACHABLE;
>  	}
>  	stop_progress(&ctx->progress);
>  
> @@ -1089,7 +1092,7 @@ static void close_reachable(struct write_commit_graph_context *ctx)
>  		commit = lookup_commit(ctx->r, &ctx->oids.list[i]);
>  
>  		if (commit)
> -			commit->object.flags &= ~UNINTERESTING;
> +			commit->object.flags &= ~REACHABLE;
>  	}
>  	stop_progress(&ctx->progress);
>  }
> diff --git a/commit-reach.c b/commit-reach.c
> index 3ea174788a..4ca7e706a1 100644
> --- a/commit-reach.c
> +++ b/commit-reach.c
> @@ -10,7 +10,6 @@
>  #include "commit-reach.h"
>  
>  /* Remember to update object flag allocation in object.h */
> -#define REACHABLE       (1u<<15)
>  #define PARENT1		(1u<<16)
>  #define PARENT2		(1u<<17)
>  #define STALE		(1u<<18)
> diff --git a/object.h b/object.h
> index 0120892bbd..25f5ab3d54 100644
> --- a/object.h
> +++ b/object.h
> @@ -68,7 +68,8 @@ struct object_array {
>   * bisect.c:                                        16
>   * bundle.c:                                        16
>   * http-push.c:                                     16-----19
> - * commit-reach.c:                                15-------19
> + * commit-graph.c:                                15
> + * commit-reach.c:                                  16-----19
>   * sha1-name.c:                                              20
>   * list-objects-filter.c:                                      21
>   * builtin/fsck.c:           0--3
> diff --git a/t/t5510-fetch.sh b/t/t5510-fetch.sh
> index e8ae3af0b6..7bfbcc2036 100755
> --- a/t/t5510-fetch.sh
> +++ b/t/t5510-fetch.sh
> @@ -583,7 +583,7 @@ test_expect_success 'fetch.writeCommitGraph' '
>  	)
>  '
>  
> -test_expect_failure 'fetch.writeCommitGraph with submodules' '
> +test_expect_success 'fetch.writeCommitGraph with submodules' '
>  	pwd="$(pwd)" &&
>  	git clone dups super &&
>  	(
> -- 
> gitgitgadget

Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

On the Git mailing list, Derrick Stolee wrote (reply to this):

On 10/23/2019 11:04 AM, SZEDER Gábor wrote:
> On Wed, Oct 23, 2019 at 01:01:35PM +0000, Derrick Stolee via GitGitGadget wrote:
>>
>> You may ask: did this feature ever work at all? Yes, it did, as long as
>> you had a commit-graph covering all of your local refs. My testing was
>> unfortunately limited to this scenario. The UNINTERESTING commits are
>> always part of the "old" commit-graph, and when we add new commits to a
>> top layer of the commit-graph chain those are not needed. If we happen
>> to merge layers of the chain, then the commits are added as a list, not
>> using a commit walk. Further, the test added for this config option in
>> t5510-fetch.sh uses local filesystem clones, which somehow avoids this
>> logic.
> 
> Does this last sentence still holds, given that a submodule plays a
> crucial role in triggering this bug?  I think it either doesn't, or
> I still don't completely understand the situation.

This does not apply anymore. I forgot to delete it.
 
>> I tested running clear_commit_marks_many() to clear the UNINTERESTING
>> flag inside close_reachable(), but the tips did not have the flag, so
>> that did nothing.
>>
>> It turns out that the calculate_changed_submodule_paths() method is at
>> fault. Thanks, Peff, for pointing out this detail! More specifically,
>> for each submodule, the collect_changed_submodules() runs a revision
>> walk to essentially do file-history on the list of submodules. That
>> revision walk marks commits UNININTERESTING if they are simiplified away
> 
> s/simiplified/simplified/
> 
>> by not changing the submodule.
>>
>> Instead, I finally arrived on the conclusion that I should use a flag
>> that is not used in any other part of the code. In commit-reach.c, a
>> number of flags were defined for commit walk algorithms. The REACHABLE
>> flag seemed like it made the most sense, and it seems it was not
>> actually used in the file. The REACHABLE flag was used in early versions
>> of commit-reach.c, but was removed by 4fbcca4 (commit-reach: make
>> can_all_from_reach... linear, 2018-07-20).
>>
>> Add the REACHABLE flag to commit-graph.c and use it instead of
>> UNINTERESTING in close_reachable(). This fixes the bug in manual
>> testing.
> 
> I'm inclined to agree that using a flag that is not used anywhere else
> is the safest thing to do, and at -rcX time safest is good.  I'm not
> sure whether it's the right thing to do in the long term, though.
> 
> Furthermore, calling this flag REACHABLE is misleading, because the
> code actually means SEEN.
> Consider the following sequence of commands:
> 
>   # Create a pack with two commits
>   $ git commit --allow-empty -m one &&
>   $ git commit --allow-empty -m two &&
>   $ git repack -ad &&
>   # Make one of those commits unreachable
>   $ git reset --hard HEAD^ &&
>   # Not even from reflogs!
>   $ git reflog expire --expire-unreachable=now --all
>   # Now write a commit-graph from that pack file
>   $ git commit-graph write
>   Computing commit graph generation numbers: 100% (2/2), done.
> 
> It added two commits to the commit-graph, although one of them is
> clearly not reachable anymore, so marking it as REACHABLE while
> enumerating all commits feels wrong.

Since you are using "git commit-graph write", the command is scanning
all pack-files for commits to include. Even in this case, the
close_reachable() method needs to walk to see if any commits are missing.
(It could be that the root commit is loose for some strange reason.)

In this case, we are marking REACHABLE the commits that can be reached
from our "starting" commits. In your example we start with every commit.

If you had used `git commit-graph write --stdin-packs` and provided a
small pack name over stdin, the concept would be similar and even more
pronounced: the pack (perhaps downloaded via 'fetch') is not likely to
contain every commit, so we need to walk all reachable commits from
those included.

I'll have a v3 today with the requested fixes.

Thanks,
-Stolee

Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

On the Git mailing list, SZEDER Gábor wrote (reply to this):

On Thu, Oct 24, 2019 at 06:39:51AM -0400, Derrick Stolee wrote:
> >> Instead, I finally arrived on the conclusion that I should use a flag
> >> that is not used in any other part of the code. In commit-reach.c, a
> >> number of flags were defined for commit walk algorithms. The REACHABLE
> >> flag seemed like it made the most sense, and it seems it was not
> >> actually used in the file. The REACHABLE flag was used in early versions
> >> of commit-reach.c, but was removed by 4fbcca4 (commit-reach: make
> >> can_all_from_reach... linear, 2018-07-20).
> >>
> >> Add the REACHABLE flag to commit-graph.c and use it instead of
> >> UNINTERESTING in close_reachable(). This fixes the bug in manual
> >> testing.
> > 
> > I'm inclined to agree that using a flag that is not used anywhere else
> > is the safest thing to do, and at -rcX time safest is good.  I'm not
> > sure whether it's the right thing to do in the long term, though.
> > 
> > Furthermore, calling this flag REACHABLE is misleading, because the
> > code actually means SEEN.
> > Consider the following sequence of commands:
> > 
> >   # Create a pack with two commits
> >   $ git commit --allow-empty -m one &&
> >   $ git commit --allow-empty -m two &&
> >   $ git repack -ad &&
> >   # Make one of those commits unreachable
> >   $ git reset --hard HEAD^ &&
> >   # Not even from reflogs!
> >   $ git reflog expire --expire-unreachable=now --all
> >   # Now write a commit-graph from that pack file
> >   $ git commit-graph write
> >   Computing commit graph generation numbers: 100% (2/2), done.
> > 
> > It added two commits to the commit-graph, although one of them is
> > clearly not reachable anymore, so marking it as REACHABLE while
> > enumerating all commits feels wrong.
> 
> Since you are using "git commit-graph write", the command is scanning
> all pack-files for commits to include. Even in this case, the
> close_reachable() method needs to walk to see if any commits are missing.
> (It could be that the root commit is loose for some strange reason.)
> 
> In this case, we are marking REACHABLE the commits that can be reached
> from our "starting" commits. In your example we start with every commit.

That's exactly my point.  fsck already uses the REACHABLE flag to mark
objects that are reachable not only from all refs (including the HEADs
of all worktrees), but their reflogs and the index as well.

However, in close_unreachable() we start with a bunch of commits and
then go into a loop adding their parents to an array, while marking
each parent to prevent them from being added multiple times in a mergy
history.  We have a good couple of similar traversals in our code
base, and in revision.c, builtin/describe.c, walker.c,
negotiator/default.c (and at this point I stopped looking) we mark
those parents as SEEN.

On a somewhat related note: 'git commit-graph write --reachable'
doesn't include HEAD; should it?

> If you had used `git commit-graph write --stdin-packs` and provided a
> small pack name over stdin, the concept would be similar and even more
> pronounced: the pack (perhaps downloaded via 'fetch') is not likely to
> contain every commit, so we need to walk all reachable commits from
> those included.
> 
> I'll have a v3 today with the requested fixes.
> 
> Thanks,
> -Stolee

+ GRAPH_FANOUT_SIZE + the_hash_algo->rawsz)

/* Remember to update object flag allocation in object.h */
#define REACHABLE (1u<<15)
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Is there a magic constant in cache.h that you can use here, to avoid clashes with other commit flags in the future?

Copy link
Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

In object.h, the bitflags are laid out by which file uses which flags. This updates so that commit-graph.c is the only one to use 1 << 15 (outside of builtin/show-branch.c which uses all of them for a different reason).


char *get_commit_graph_filename(const char *obj_dir)
{
char *filename = xstrfmt("%s/info/commit-graph", obj_dir);
Expand Down Expand Up @@ -1030,11 +1033,11 @@ static void add_missing_parents(struct write_commit_graph_context *ctx, struct c
{
struct commit_list *parent;
for (parent = commit->parents; parent; parent = parent->next) {
if (!(parent->item->object.flags & UNINTERESTING)) {
if (!(parent->item->object.flags & REACHABLE)) {
ALLOC_GROW(ctx->oids.list, ctx->oids.nr + 1, ctx->oids.alloc);
oidcpy(&ctx->oids.list[ctx->oids.nr], &(parent->item->object.oid));
ctx->oids.nr++;
parent->item->object.flags |= UNINTERESTING;
parent->item->object.flags |= REACHABLE;
}
}
}
Expand All @@ -1052,7 +1055,7 @@ static void close_reachable(struct write_commit_graph_context *ctx)
display_progress(ctx->progress, i + 1);
commit = lookup_commit(ctx->r, &ctx->oids.list[i]);
if (commit)
commit->object.flags |= UNINTERESTING;
commit->object.flags |= REACHABLE;
}
stop_progress(&ctx->progress);

Expand Down Expand Up @@ -1089,7 +1092,7 @@ static void close_reachable(struct write_commit_graph_context *ctx)
commit = lookup_commit(ctx->r, &ctx->oids.list[i]);

if (commit)
commit->object.flags &= ~UNINTERESTING;
commit->object.flags &= ~REACHABLE;
}
stop_progress(&ctx->progress);
}
Expand Down
1 change: 0 additions & 1 deletion commit-reach.c
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -10,7 +10,6 @@
#include "commit-reach.h"

/* Remember to update object flag allocation in object.h */
#define REACHABLE (1u<<15)
#define PARENT1 (1u<<16)
#define PARENT2 (1u<<17)
#define STALE (1u<<18)
Expand Down
3 changes: 2 additions & 1 deletion object.h
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -68,7 +68,8 @@ struct object_array {
* bisect.c: 16
* bundle.c: 16
* http-push.c: 16-----19
* commit-reach.c: 15-------19
* commit-graph.c: 15
* commit-reach.c: 16-----19
* sha1-name.c: 20
* list-objects-filter.c: 21
* builtin/fsck.c: 0--3
Expand Down
16 changes: 16 additions & 0 deletions t/t5510-fetch.sh
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -583,6 +583,22 @@ test_expect_success 'fetch.writeCommitGraph' '
)
Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

On the Git mailing list, SZEDER Gábor wrote (reply to this):

On Wed, Oct 23, 2019 at 01:01:34PM +0000, Derrick Stolee via GitGitGadget wrote:
> From: Derrick Stolee <[email protected]>
> 
> While dogfooding, Johannes found a bug in the fetch.writeCommitGraph
> config behavior. His example initially happened during a clone with
> --recurse-submodules, we found that this happens with the first fetch
> after cloning a repository that contains a submodule:
> 
> 	$ git clone <url> test
> 	$ cd test
> 	$ git -c fetch.writeCommitGraph=true fetch origin
> 	Computing commit graph generation numbers: 100% (12/12), done.
> 	BUG: commit-graph.c:886: missing parent <hash1> for commit <hash2>
> 	Aborted (core dumped)
> 
> In the repo I had cloned, there were really 60 commits to scan, but
> only 12 were in the list to write when calling
> compute_generation_numbers(). A commit in the list expects to see a
> parent, but that parent is not in the list.
> 
> A follow-up will fix the bug, but first we create a test that
> demonstrates the problem.
> 
> I used "test_expect_failure" for the entire test instead of
> "test_must_fail" only on the command that I expect to fail. This is
> because the BUG() returns an exit code so test_must_fail complains.

I don't think this paragraph is necessary; using 'test_expect_failure'
is the way to demonstrate a known breakage.

'test_must_fail' should only be used when the failure is the desired
behavior of a git command.  (I used the word "desired" here, because
you just used the word "expect" above in the sense that "I expect it
to fail, because I know it's buggy, and I want to demonstrate that
bug")

> Helped-by: Jeff King <[email protected]>
> Helped-by: Johannes Schindelin <[email protected]>
> Helped-by: Szeder Gábor <[email protected]>
> Signed-off-by: Derrick Stolee <[email protected]>
> ---
>  t/t5510-fetch.sh | 17 +++++++++++++++++
>  1 file changed, 17 insertions(+)
> 
> diff --git a/t/t5510-fetch.sh b/t/t5510-fetch.sh
> index ecabbe1616..e8ae3af0b6 100755
> --- a/t/t5510-fetch.sh
> +++ b/t/t5510-fetch.sh
> @@ -583,6 +583,23 @@ test_expect_success 'fetch.writeCommitGraph' '
>  	)
>  '
>  
> +test_expect_failure 'fetch.writeCommitGraph with submodules' '
> +	pwd="$(pwd)" &&
> +	git clone dups super &&
> +	(
> +		cd super &&
> +		git submodule add "file://$pwd/three" &&

Nits: couldn't the URL simply be file://$TRASH_DIRECTORY/three ?

> +		git commit -m "add submodule"
> +	) &&
> +	git clone "super" writeError &&

There is a write error now, because we have a bug, but after the next
patch the bug will be fixed and we won't have a write error anymore.

> +	(
> +		cd writeError &&
> +		test_path_is_missing .git/objects/info/commit-graphs/commit-graph-chain &&
> +		git -c fetch.writeCommitGraph=true fetch origin &&
> +		test_path_is_file .git/objects/info/commit-graphs/commit-graph-chain
> +	)
> +'
> +
>  # configured prune tests
>  
>  set_config_tristate () {
> -- 
> gitgitgadget
>

Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

On the Git mailing list, Derrick Stolee wrote (reply to this):

On 10/23/2019 10:18 AM, SZEDER Gábor wrote:
> On Wed, Oct 23, 2019 at 01:01:34PM +0000, Derrick Stolee via GitGitGadget wrote:
>> From: Derrick Stolee <[email protected]>
>>
>> While dogfooding, Johannes found a bug in the fetch.writeCommitGraph
>> config behavior. His example initially happened during a clone with
>> --recurse-submodules, we found that this happens with the first fetch
>> after cloning a repository that contains a submodule:
>>
>> 	$ git clone <url> test
>> 	$ cd test
>> 	$ git -c fetch.writeCommitGraph=true fetch origin
>> 	Computing commit graph generation numbers: 100% (12/12), done.
>> 	BUG: commit-graph.c:886: missing parent <hash1> for commit <hash2>
>> 	Aborted (core dumped)
>>
>> In the repo I had cloned, there were really 60 commits to scan, but
>> only 12 were in the list to write when calling
>> compute_generation_numbers(). A commit in the list expects to see a
>> parent, but that parent is not in the list.
>>
>> A follow-up will fix the bug, but first we create a test that
>> demonstrates the problem.
>>
>> I used "test_expect_failure" for the entire test instead of
>> "test_must_fail" only on the command that I expect to fail. This is
>> because the BUG() returns an exit code so test_must_fail complains.
> 
> I don't think this paragraph is necessary; using 'test_expect_failure'
> is the way to demonstrate a known breakage.
> 
> 'test_must_fail' should only be used when the failure is the desired
> behavior of a git command.  (I used the word "desired" here, because
> you just used the word "expect" above in the sense that "I expect it
> to fail, because I know it's buggy, and I want to demonstrate that
> bug")

I guess that I prefer pointing out which line of the test fails, and
making that part of the test (that must otherwise pass). However, you
are right that test_expect_failure does a good job of communicating that
the test script shows an existing bug. Those are not always cleaned up
immediately, but at least we can find them easily.

>> Helped-by: Jeff King <[email protected]>
>> Helped-by: Johannes Schindelin <[email protected]>
>> Helped-by: Szeder Gábor <[email protected]>
>> Signed-off-by: Derrick Stolee <[email protected]>
>> ---
>>  t/t5510-fetch.sh | 17 +++++++++++++++++
>>  1 file changed, 17 insertions(+)
>>
>> diff --git a/t/t5510-fetch.sh b/t/t5510-fetch.sh
>> index ecabbe1616..e8ae3af0b6 100755
>> --- a/t/t5510-fetch.sh
>> +++ b/t/t5510-fetch.sh
>> @@ -583,6 +583,23 @@ test_expect_success 'fetch.writeCommitGraph' '
>>  	)
>>  '
>>  
>> +test_expect_failure 'fetch.writeCommitGraph with submodules' '
>> +	pwd="$(pwd)" &&
>> +	git clone dups super &&
>> +	(
>> +		cd super &&
>> +		git submodule add "file://$pwd/three" &&
> 
> Nits: couldn't the URL simply be file://$TRASH_DIRECTORY/three ?

True, that would be better. Thanks!

 
>> +		git commit -m "add submodule"
>> +	) &&
>> +	git clone "super" writeError &&
> 
> There is a write error now, because we have a bug, but after the next
> patch the bug will be fixed and we won't have a write error anymore.

Good point.

Thanks!
-Stolee

'

test_expect_success 'fetch.writeCommitGraph with submodules' '
git clone dups super &&
(
cd super &&
git submodule add "file://$TRASH_DIRECTORY/three" &&
git commit -m "add submodule"
) &&
git clone "super" super-clone &&
(
cd super-clone &&
rm -rf .git/objects/info &&
git -c fetch.writeCommitGraph=true fetch origin &&
test_path_is_file .git/objects/info/commit-graphs/commit-graph-chain
)
'

# configured prune tests

set_config_tristate () {
Expand Down