[PATCH] dirstate: avoid a race with multiple commits in the same process
Greg Ward
greg-hg at gerg.ca
Thu Mar 17 20:37:59 CDT 2011
# HG changeset patch
# User Greg Ward <greg at gerg.ca>
# Date 1300238900 14400
# Node ID 101865bbe19bf177f8ad509d82d1a1d740720143
# Parent ad02eba5545921aa4486f49b2a385a6a4cf6af6c
dirstate: avoid a race with multiple commits in the same process
(issue2264, issue2516)
The race happens when two commits in a row change the same file
without changing its size, *if* those two commits happen in the same
second in the same process while holding the same repo lock. For
example:
commit 1:
M a
M b
commit 2: # same process, same second, same repo lock
M b # modify b without changing its size
M c
This first manifested in transplant, which is the most common way to
do multiple commits in the same process. But it can manifest in any
script or extension that does multiple commits under the same repo
lock. (Thus, the test script tests both transplant and a custom script.)
The problem was that dirstate.status() failed to notice the change to
b when localrepo is about to do the second commit, meaning that change
gets left in the working directory. In the context of transplant, that
means either a crash ("RuntimeError: nothing committed after
transplant") or a silently inaccurate transplant, depending on whether
any other files were modified by the second transplanted changeset.
The fix is to make status() work a little harder when we have
previously marked files as clean (state 'normal') in the same process.
Specifically, dirstate.normal() adds files to self._lastnormal, and
other state-changing methods remove them. Then dirstate.status() puts
any files in self._lastnormal into state 'lookup', which will make
localrepository.status() read file contents to see if it has really
changed. So we pay a small performance penalty for the second (and
subsequent) commits in the same process, without affecting the common
case. Anything that does lots of status updates and checks in the
same process could suffer a performance hit.
Incidentally, there is a simpler fix: call dirstate.normallookup() on
every file updated by commit() at the end of the commit. The trouble
with that solution is that it imposes a performance penalty on the
common case: it means the next status-dependent hg command after every
"hg commit" will be a little bit slower. The patch here is more
complex, but it should only affects performance for the uncommon case.
diff --git a/mercurial/dirstate.py b/mercurial/dirstate.py
--- a/mercurial/dirstate.py
+++ b/mercurial/dirstate.py
@@ -49,6 +49,7 @@
self._rootdir = os.path.join(root, '')
self._dirty = False
self._dirtypl = False
+ self._lastnormal = set() # files believed to be normal
self._ui = ui
@propertycache
@@ -282,6 +283,7 @@
self._addpath(f)
s = os.lstat(self._join(f))
self._map[f] = ('n', s.st_mode, s.st_size, int(s.st_mtime))
+ self._lastnormal.add(f)
if f in self._copymap:
del self._copymap[f]
@@ -306,6 +308,7 @@
self._dirty = True
self._addpath(f)
self._map[f] = ('n', 0, -1, -1)
+ self._lastnormal.discard(f)
if f in self._copymap:
del self._copymap[f]
@@ -317,6 +320,7 @@
self._dirty = True
self._addpath(f)
self._map[f] = ('n', 0, -2, -1)
+ self._lastnormal.discard(f)
if f in self._copymap:
del self._copymap[f]
@@ -325,6 +329,7 @@
self._dirty = True
self._addpath(f, True)
self._map[f] = ('a', 0, -1, -1)
+ self._lastnormal.discard(f)
if f in self._copymap:
del self._copymap[f]
@@ -341,6 +346,7 @@
elif entry[0] == 'n' and entry[2] == -2: # other parent
size = -2
self._map[f] = ('r', 0, size, 0)
+ self._lastnormal.discard(f)
if size == 0 and f in self._copymap:
del self._copymap[f]
@@ -350,6 +356,7 @@
s = os.lstat(self._join(f))
self._addpath(f)
self._map[f] = ('m', s.st_mode, s.st_size, int(s.st_mtime))
+ self._lastnormal.discard(f)
if f in self._copymap:
del self._copymap[f]
@@ -361,6 +368,7 @@
del self._map[f]
except KeyError:
self._ui.warn(_("not in dirstate: %s\n") % f)
+ self._lastnormal.discard(f)
def _normalize(self, path, knownpath):
norm_path = os.path.normcase(path)
@@ -640,6 +648,7 @@
radd = removed.append
dadd = deleted.append
cadd = clean.append
+ lastnormal = self._lastnormal.__contains__
lnkkind = stat.S_IFLNK
@@ -653,6 +662,13 @@
uadd(fn)
continue
+ if lastnormal(fn):
+ # If previously in this process we decided that this
+ # file is clean (state 'normal'), think twice:
+ # intervening code may have modified the file in the
+ # same second without changing its size. So force caller
+ # to check file contents.
+ self.normallookup(fn)
state, mode, size, time = dmap[fn]
if not st and state in "nma":
diff --git a/tests/test-commit-multiple.t b/tests/test-commit-multiple.t
new file mode 100644
--- /dev/null
+++ b/tests/test-commit-multiple.t
@@ -0,0 +1,115 @@
+# reproduce issue2264, issue2516
+
+create test repo
+ $ cat <<EOF >> $HGRCPATH
+ > [extensions]
+ > transplant =
+ > graphlog =
+ > EOF
+ $ hg init repo
+ $ cd repo
+ $ template="{rev} {desc|firstline} [{branches}]\n"
+
+# we need to start out with two changesets on the default branch
+# in order to avoid the cute little optimization where transplant
+# pulls rather than transplants
+add initial changesets
+ $ echo feature1 > file1
+ $ hg ci -Am"feature 1"
+ adding file1
+ $ echo feature2 >> file2
+ $ hg ci -Am"feature 2"
+ adding file2
+
+# The changes to 'bugfix' are enough to show the bug: in fact, with only
+# those changes, it's a very noisy crash ("RuntimeError: nothing
+# committed after transplant"). But if we modify a second file in the
+# transplanted changesets, the bug is much more subtle: transplant
+# silently drops the second change to 'bugfix' on the floor, and we only
+# see it when we run 'hg status' after transplanting. Subtle data loss
+# bugs are worse than crashes, so reproduce the subtle case here.
+commit bug fixes on bug fix branch
+ $ hg branch fixes
+ marked working directory as branch fixes
+ $ echo fix1 > bugfix
+ $ echo fix1 >> file1
+ $ hg ci -Am"fix 1"
+ adding bugfix
+ $ echo fix2 > bugfix
+ $ echo fix2 >> file1
+ $ hg ci -Am"fix 2"
+ $ hg glog --template="$template"
+ @ 3 fix 2 [fixes]
+ |
+ o 2 fix 1 [fixes]
+ |
+ o 1 feature 2 []
+ |
+ o 0 feature 1 []
+
+transplant bug fixes onto release branch
+ $ hg update 0
+ 1 files updated, 0 files merged, 2 files removed, 0 files unresolved
+ $ hg branch release
+ marked working directory as branch release
+ $ hg transplant 2 3
+ applying [0-9a-f]{12} (re)
+ [0-9a-f]{12} transplanted to [0-9a-f]{12} (re)
+ applying [0-9a-f]{12} (re)
+ [0-9a-f]{12} transplanted to [0-9a-f]{12} (re)
+ $ hg glog --template="$template"
+ @ 5 fix 2 [release]
+ |
+ o 4 fix 1 [release]
+ |
+ | o 3 fix 2 [fixes]
+ | |
+ | o 2 fix 1 [fixes]
+ | |
+ | o 1 feature 2 []
+ |/
+ o 0 feature 1 []
+
+ $ hg status
+ $ hg status --rev 0:4
+ M file1
+ A bugfix
+ $ hg status --rev 4:5
+ M bugfix
+ M file1
+
+now test that we fixed the bug for all scripts/extensions
+ $ cat > $TESTTMP/committwice.py <<__EOF__
+ > from mercurial import ui, hg, match, node
+ >
+ > def replacebyte(fn, b):
+ > f = open("file1", "rb+")
+ > f.seek(0, 0)
+ > f.write(b)
+ > f.close()
+ >
+ > repo = hg.repository(ui.ui(), '.')
+ > assert len(repo) == 6, \
+ > "initial: len(repo) == %d, expected 6" % len(repo)
+ > try:
+ > wlock = repo.wlock()
+ > lock = repo.lock()
+ > m = match.exact(repo.root, '', ['file1'])
+ > replacebyte("file1", "x")
+ > n = repo.commit(text="x", user="test", date=(0, 0), match=m)
+ > print "commit 1: len(repo) == %d" % len(repo)
+ > replacebyte("file1", "y")
+ > n = repo.commit(text="y", user="test", date=(0, 0), match=m)
+ > print "commit 2: len(repo) == %d" % len(repo)
+ > finally:
+ > lock.release()
+ > wlock.release()
+ > __EOF__
+ $ $PYTHON $TESTTMP/committwice.py
+ commit 1: len(repo) == 7
+ commit 2: len(repo) == 8
+ $ hg status
+ $ hg log --template "{rev} {desc} {files}\n" -r5:
+ 5 fix 2 bugfix file1
+ 6 x file1
+ 7 y file1
More information about the Mercurial-devel
mailing list