[PATCH 2 of 5] localrepo: invoke dirstate.unsureifambig in wwrite for safety
FUJIWARA Katsunori
foozy at lares.dti.ne.jp
Tue Jun 2 11:27:23 CDT 2015
At Mon, 01 Jun 2015 18:57:16 +0000,
Martin von Zweigbergk wrote:
>
> [1 <text/plain; UTF-8 (7bit)>]
> On Mon, Jun 1, 2015 at 11:07 AM FUJIWARA Katsunori <foozy at lares.dti.ne.jp>
> wrote:
>
> > At Mon, 01 Jun 2015 17:02:10 +0000,
> > Martin von Zweigbergk wrote:
> > >
> > > [1 <text/plain; UTF-8 (7bit)>]
> > > Thanks. I think I knew most of that, but the subrepo case for interrupted
> > > update was a good example I had not thought about. My question remains,
> > > however. In the sequence in this test case, you do this:
> > >
> > > $ hg update -q -C 3
> > > $ touch -t 200001010000 b
> > > $ hg status -A b
> > > $ hg --config extensions.abort=$TESTTMP/abort.py merge 5
> > > $ touch -t 200001010000 b
> > >
> > > What I'm wondering is what real-world scenarios could lead to file b's
> > > timestamp being the same in those two cases (where you artificially touch
> > > them here). Since we said that 'hg status' is run strictly after (at
> > > whatever granularity is recorded by the FS, perhaps second-level), how
> > can
> > > the 'hg merge' produce a timestamp for file b that's the same as what 'hg
> > > update' does?
> >
> > `hg merge` can be aborted by same reason at `hg update` before
> > updating dirstate:
> >
> > (0) cleanup working directory for examination of `hg merge`
> > (let's ignore this while focusing on examination of `hg merge`)
> > > $ hg update -q -C 3
> >
> > (1) ensure forcibly that `repo.dirstate['b']` has valid timestamp
> > > $ touch -t 200001010000 b
> > > $ hg status -A b
> >
>
> We said that this 'hg status' is run at 200001010000(00)+1sec (otherwise
> the timestamp in the dirstate would be unset). Correct?
Yes, it is correct.
> >
> > (2) execute `hg merge`, but it is aborted before "update dirstate"
> > for example:
> > - invalid updating in subrepositories
> > - keyboard interruption by user, file I/O error and so on
> > > $ hg --config extensions.abort=$TESTTMP/abort.py merge 5
> >
> > (3) (re-)set timestamp of 'b' on the filesystem for mis-leading
> > this emulates that `hg merge` update 'b' before 200001010000(00)+1sec
> > > $ touch -t 200001010000 b
> >
>
> Since 'hg status' above was run at 200001010000(00)+1sec (or later), how
> can this (interrupted) merge be run at 200001010000(00)?
Oh, your wondering is natural. My explanation was wrong :-<
In real world, steps below reproduce this issue:
== @200001010000(00)
(A) 'b' should be modified at this point, but
(B) it is assumed that dirstate timestamp of 'b' is -1 at this point
(C) invoke `hg merge`
(C-1) get wlock
(C-2) check uncommitted changes in `merge.update()` by `wc.files()`:
this indirectly sets dirstate timestamp of 'b' as 200001010000(00)
wc.files() => wc._status() => repo.status() => ... =>
wc._dirstatestatus() => wc._checklookup() => dirstate.normal()
(C-3) `merge.applyupates()` overwrites 'b' by the data in same size
FS timestamp of it is still 200001010000(00)
(C-3) fail before `merge.recordupdates()`
== @200001010000(00) + 1
(C-4) release wlock, and this causes written dirty dirstate out
this also writes out 200001010000(00) of 'b' successfully,
because FS timestamp of dirstate is 200001010000(00) + 1
(D) `hg status` treats 'b' as CLEAN, because FS timestamp/size of it
aren't changed
Then, steps below (= without 'hg status -A b') can reproduce this
issue almost always:
$ hg update -q -C 3
$ touch -t 200001010000 b
$ hg --config extensions.abort=$TESTTMP/abort.py merge 5
$ touch -t 200001010000 b
But timestamp of dirstate may be set accidentally at `hg update`, and
this breaks assumption (B) above.
This is timing critical problem and we can't fully control it :-<
On the other hand, tests in my patch execute steps below to make
similar (but a little different in detail) situation:
== @200001010000(00)
(A) `touch -t 200001010000 b` emulates that 'b' is modified at this point
(B') `hg status` can write 200001010000(00) of 'b' into dirstate successfully
because `hg status` isn't actually executed at 200001010000(00) :-)
(C) invoke `hg merge`
(C-1) get wlock
(C-2) check uncommitted changes in `merge.update()` by `wc.files()`
'b' is already known as CLEAN by 200001010000(00)
(C-3) `merge.applyupates()` overwrites 'b' by the data in same size
FS timestamp of it isn't 200001010000(00), because `hg
merge` isn't actually executed at 200001010000(00)
but `touch -t 200001010000 b` after `hg merge` emulates it.
(C-3) fail before `merge.recordupdates()`
== @200001010000(00) + 1
(C-4) release wlock, and this causes written dirty dirstate out
dirstate timestamp of 'b' is still 200001010000(00)
(D) `hg status` treats 'b' as CLEAN, because FS timestamp/size of it
aren't changed (only if this issue isn't fixed well)
> > In addition to it, '.hgsubstate' may have to be focused on.
> >
> > Regardless of `hg update`/`hg merge` result, size of it on the
> > filesystem is often kept, because '.hgsubstate' consists of "hashid
> > subrepopath": "hashid" of hg subrepo is always 40 letters :-)
> >
> >
> > (Do I understand your question correctly ?)
> >
> >
> > > On Sun, May 31, 2015 at 10:24 PM FUJIWARA Katsunori <
> > foozy at lares.dti.ne.jp>
> > > wrote:
> > >
> > > > At Fri, 29 May 2015 18:05:18 +0000,
> > > > Martin von Zweigbergk wrote:
> > > > >
> > > > > [1 <text/plain; UTF-8 (7bit)>]
> > > > > On Wed, May 27, 2015 at 10:06 AM FUJIWARA Katsunori <
> > > > foozy at lares.dti.ne.jp>
> > > > > wrote:
> > > > >
> > > > > > # HG changeset patch
> > > > > > # User FUJIWARA Katsunori <foozy at lares.dti.ne.jp>
> > > > > > # Date 1432745859 -32400
> > > > > > # Thu May 28 01:57:39 2015 +0900
> > > > > > # Node ID b82f32b8734b109b84f533dc62dd3f23195d1e0a
> > > > > > # Parent ab9f120295b59933d1acd72771f01b5fac8d221d
> > > > > > localrepo: invoke dirstate.unsureifambig in wwrite for safety
> > > > > >
> > > > > > Modified file may be mis-recognized as clean by dirstate, if mode,
> > > > > > size and timestamp of it on the filesystem aren't changed.
> > > > > >
> > > > > > To avoid such ambiguous situation, this patch invokes
> > > > > > `dirstate.unsureifambig()` at the end of
> > `localrepository.wwrite()`.
> > > > > >
> > > > > > When file is cleanly reverted or updated, subsequent
> > > > > > `dirstate.lookup()` makes `dirstate.unsureifambig()` a little
> > > > > > redundant. But it is enough cheap for keeping consistency.
> > > > > >
> > > > > > diff --git a/mercurial/localrepo.py b/mercurial/localrepo.py
> > > > > > --- a/mercurial/localrepo.py
> > > > > > +++ b/mercurial/localrepo.py
> > > > > > @@ -927,7 +927,9 @@
> > > > > > self.wvfs.write(filename, data)
> > > > > > if 'x' in flags:
> > > > > > self.wvfs.setflags(filename, False, True)
> > > > > > - return len(data)
> > > > > > + wsize = len(data)
> > > > > > + self.dirstate.unsureifambig(filename, wsize)
> > > > > > + return wsize
> > > > > >
> > > > > > def wwritedata(self, filename, data):
> > > > > > return self._filter(self._decodefilterpats, filename,
> > data)
> > > > > > diff --git a/tests/test-merge1.t b/tests/test-merge1.t
> > > > > > --- a/tests/test-merge1.t
> > > > > > +++ b/tests/test-merge1.t
> > > > > > @@ -206,4 +206,60 @@
> > > > > > $ hg revert -r -2 b
> > > > > > $ hg up -q -- -2
> > > > > >
> > > > > > +Test for ambiguity from same size, timestamp and mode
> > > > > > +
> > > > > > + $ cat > $TESTTMP/abort.py <<EOF
> > > > > > + > from mercurial import extensions, merge, util
> > > > > > + > def applyupdates(orig, *args, **kwargs):
> > > > > > + > orig(*args, **kwargs)
> > > > > > + > # emulate aborting before "recordupdates()"
> > > > > > + > # => files are changed without updating dirstate
> > > > > > + > raise util.Abort('intentional aborting')
> > > > > > + > def extsetup(ui):
> > > > > > + > extensions.wrapfunction(merge, "applyupdates",
> > applyupdates)
> > > > > > + > EOF
> > > > > > +
> > > > > > +(file gotten from other revision)
> > > > > > +
> > > > > > + $ hg update -q -C 2
> > > > > > + $ echo 'THIS IS FILE B5' > b
> > > > > > + $ hg commit -m 'commit #5'
> > > > > > +
> > > > > > + $ hg update -q -C 3
> > > > > > + $ touch -t 200001010000 b
> > > > > > + $ hg status -A b
> > > > > > + C b
> > > > > > + $ cat b
> > > > > > + This is file b1
> > > > > > +
> > > > > > + $ hg --config extensions.abort=$TESTTMP/abort.py merge 5
> > > > > > + abort: intentional aborting
> > > > > > + [255]
> > > > > > + $ touch -t 200001010000 b
> > > > > >
> > > > >
> > > > > I'm sorry I'm slow, but I'm still trying to understand this series.
> > This
> > > > is
> > > > > of course an artificial way of reproducing the problem you were
> > seeing,
> > > > but
> > > > > how does it sometimes happen in real life? Since the dirstate is
> > written
> > > > on
> > > > > the 'hg status' call above, and that command is run after (not
> > within the
> > > > > same second, as we discussed on path 1/5) the file was modified on
> > disk,
> > > > > how can the 'hg merge' command be run at the earlier time again
> > (which
> > > > you
> > > > > seem to be simulating here by setting the same timestamp)?
> > > >
> > > > Sorry for not enough explanation. I'll add more detailed explanation
> > > > in revised version.
> > > >
> > > > Core of `hg update` and `hg merge` consists of steps below:
> > > >
> > > > 1. calculate result of updating and examine some additional points
> > below
> > > >
> > > > - `_checkunknownfiles()` (implied by `calculateupdates()`)
> > > > - `_checkcollision()`
> > > >
> > > > 2. update files in the working directory in `merge.applyupdates()`
> > > >
> > > > this also implies updating files in subrepositories recursively
> > > > (= `preupdate`/`update` hooks in them are also executed)
> > > >
> > > > 3. update dirstate in `merge.recordupdates()`
> > > >
> > > > 4. write in-memory dirstate changes out at releasing wlock
> > > >
> > > >
> > > > Tests in this patch emulate that `hg update` and `hg merge` (at top of
> > > > subrepo tree) are aborted between (2) and (3) by:
> > > >
> > > > - invalid updating in subrepositories
> > > >
> > > > for example:
> > > > - uncommitted changes
> > > > - collision against unknown files in the working directory
> > > > - case-insensitive collision between files in new revision (and
> > > > current one at merging)
> > > > - failure of `preupdate` or `update` hooks
> > > >
> > > > - keyboard interruption by user, file I/O error and so on
> > > >
> > > > `test-subrepo.t` actually treats the former situation, and
> > > > 6becb9dbca25 tried to fix (part of) this issue. Tests in this patch
> > > > can be said as "generalized version of test in 6becb9dbca25".
> > > >
> > > >
> > > > Even though some existing tests are enough as a white box test
> > > > examining whether `repo.wwrite()` invokes `dirstate.unsureifambig()`
> > > > correctly, testing in multiple situations should be useful to avoid
> > > > unexpected regression in the future, IMHO.
> > > >
> > > >
> > > >
> > > > > > + $ cat b
> > > > > > + THIS IS FILE B5
> > > > > > + $ hg status -A b
> > > > > > + M b
> > > > > > +
> > > > > > +(file merged from other revision)
> > > > > > +
> > > > > > + $ hg update -q -C 3
> > > > > > + $ echo 'this is file b6' > b
> > > > > > + $ hg commit -m 'commit #6'
> > > > > > + created new head
> > > > > > + $ touch -t 200001010000 b
> > > > > > + $ hg status -A b
> > > > > > + C b
> > > > > > + $ cat b
> > > > > > + this is file b6
> > > > > > +
> > > > > > + $ hg --config extensions.abort=$TESTTMP/abort.py merge --tool
> > > > > > internal:other 5
> > > > > > + abort: intentional aborting
> > > > > > + [255]
> > > > > > + $ touch -t 200001010000 b
> > > > > > + $ cat b
> > > > > > + THIS IS FILE B5
> > > > > > + $ hg status -A b
> > > > > > + M b
> > > > > > +
> > > > > > $ cd ..
> > > > > > _______________________________________________
> > > > > > Mercurial-devel mailing list
> > > > > > Mercurial-devel at selenic.com
> > > > > > https://selenic.com/mailman/listinfo/mercurial-devel
> > > > > >
> > > > > [2 <text/html; UTF-8 (quoted-printable)>]
> > > > >
> > > >
> > > > ----------------------------------------------------------------------
> > > > [FUJIWARA Katsunori] foozy at lares.dti.ne.jp
> > > >
> > > [2 <text/html; UTF-8 (quoted-printable)>]
> > >
> >
> > ----------------------------------------------------------------------
> > [FUJIWARA Katsunori] foozy at lares.dti.ne.jp
> >
> [2 <text/html; UTF-8 (quoted-printable)>]
>
----------------------------------------------------------------------
[FUJIWARA Katsunori] foozy at lares.dti.ne.jp
More information about the Mercurial-devel
mailing list