Hi Junio,

On Sun, 30 Apr 2017, Junio C Hamano wrote:

> Johannes Schindelin <johannes.schinde...@gmx.de> writes:
> 
> > In that case, I would strongly advise to consider redesigning the API.
> 
> The API we currently have and is used by "log", "rev-list" and friends
> is to have setup_revisions() parse the av[], i.e. the textual API, and
> it is sufficient to hide from the caller the implementation detail of
> what bit rev_info structure has and which bits are flipped when reacting
> to say "--format=..."  option [*1*].

Yes, this (parsing options passed in as strings, with the very real
possibility of catching coding errors only at runtime) is the current way
the API is used.

Sometimes.

And sometimes not.

For example, in builtin/bisect.c's show_diff_tree() function, we *do* call
setup_revisions(), but with argc = 0. We set all the options beforehand to
avoid parsing, to avoid runtime-instead-of-compile-time errors.

The same holds true for builtin/merge.c's squash_message() function.

> As the implementaiton detail of which bits are flipped when reacting to
> each options is _not_ the API, we are essentially left with two choices:
> write this series to the current textual API, or invent an alternate API
> [*2*] and write this series to that new API.

You make it sound as if my goal was to imitate slavishly what that option
did that was passed to the Git command in the git-rebase--interactive.sh
script.

But that is not what my goal is.

My goal is to imitate the *intent* of the shell script. Faithfully, of
course. The fact that the shell script had no better way to access the
internal API than to call the Git command is just a red herring.

What I really want to do *is* to access the revision machinery, as bare
metal as possible, because sequencer *is bare metal, too*.

The current code fulfills that goal rather excellently.

Your suggested change to call the parser and pass plain options as plain
text really flies in the face of this goal.

Your suggested alternative is actually not necessary here, as the code
does exactly what it is supposed to do: it calls, from the internal
libgit.a, another part of libgit.a, and therefore it is totally legitimate
to use implementation details.

If my code were bleeding implementation details to the user interface, I
would agree with you that there is an issue.

But that code does not do that. To the contrary, it hides those
implementation details behind a rather simple user interface.

In the long run, I think you are correct in your fear that bits may be set
incorrectly.

The solution for that is, of course, not to rewrite the API. The solution
is to make the API less fragile.

To be explicit about the fragility in question: the API should not require
the pretty_given bit at all, but it should use an initialized
pretty_print_context within the rev_info struct as indicator that the
pretty print machinery should be used to print out commit messages.

There is something even more fragile about the current concept of parsing
--pretty: the fact that get_commit_format() sets a *file-local* variable
`user_format`, and that that variable is then used for formatting when
pretty_given = 1, is just asking for trouble.

This fragile aspect of the API simply dooms the revision API to suffer
side effects until fixed.

After writing this, I really, really, really fail even more to see why you
make such a big deal out of the pretty_given bit. It is insignificant. If
I were you, I would worry much, much, much, MUCH more about the fact that
`user_format` in pretty.c is changed implicitly by sequencer_make_script()
(not the fault of my patch, of course, but of the way get_commit_format()
operates).

Obviously this latter issue (the `user_format` side effect) is what is a
real problem later on, when we try to make rebase a true builtin, as
sequencer_make_script() will be called as part of a larger operation that
will subsequently run the rebase, and may very well use the revision
machinery to print other commit messages again, *possibly using that
`user_format` by mistake*.

Now, if your suggestion to undo the compile-time safety in favor of a
runtime error, say, in case of a speling eror (which I really would like
to avoid, as I find it a highly sloppy development style to turn compile
time errors into runtime errors for no good reason) would help avoid this
problem with the `user_format`, I would grudgingly bite my tongue,
implement what you suggested and move forward.

But it does not. All it does make the code less safe by pushing a possible
problem from the time of compilation to the time of running the code.
Meaning that problems would be found by users, when developers could have
caught them without this change.

I really wish we were on the same page that this is a really bad idea.

Ciao,
Dscho

Reply via email to