Re: [PATCHv8 6/9] receive-pack.c: add execute_commands_atomic function
On Mon, Dec 29, 2014 at 9:36 PM, Stefan Beller sbel...@google.com wrote: Update receive-pack to use an atomic transaction iff the client negotiated that it wanted atomic push. This first line seems germane to this patch... This leaves the default behavior to be the old non-atomic one ref at a time update. This is to cause as little disruption as possible to existing clients. It is unknown if there are client scripts that depend on the old non-atomic behavior so we make it opt-in for now. If it turns out over time that there are no client scripts that depend on the old behavior we can change git to default to use atomic pushes and instead offer an opt-out argument for people that do not want atomic pushes. However, the remainder feels like it belongs with some other patch, such as a patch which introduces an --atomic option. Inspired-by: Ronnie Sahlberg sahlb...@google.com Helped-by: Eric Sunshine sunsh...@sunshineco.com Signed-off-by: Stefan Beller sbel...@google.com --- diff --git a/builtin/receive-pack.c b/builtin/receive-pack.c index 5f44466..35a2264 100644 --- a/builtin/receive-pack.c +++ b/builtin/receive-pack.c @@ -1076,8 +1076,8 @@ static void check_shallow_bugs(struct command *commands, the reported refs above); } -static void execute_commands_loop(struct command *commands, - struct shallow_info *si) +static void execute_commands_non_atomic(struct command *commands, + struct shallow_info *si) Style: Indent the wrapped line to align with the text following the '(' in the first line. { struct command *cmd; struct strbuf err = STRBUF_INIT; @@ -1104,7 +1104,50 @@ static void execute_commands_loop(struct command *commands, } ref_transaction_free(transaction); } + strbuf_release(err); +} + +static void execute_commands_atomic(struct command *commands, + struct shallow_info *si) Style: Indentation. +{ + struct command *cmd; + struct strbuf err = STRBUF_INIT; + const char *reported_error = atomic push failure; + + transaction = ref_transaction_begin(err); + if (!transaction) { + rp_error(%s, err.buf); + strbuf_reset(err); + reported_error = transaction failed to start; + goto failure; + } + + for (cmd = commands; cmd; cmd = cmd-next) { + if (!should_process_cmd(cmd)) + continue; + cmd-error_string = update(cmd, si); + + if (cmd-error_string) + goto failure; + } + + if (ref_transaction_commit(transaction, err)) { + rp_error(%s, err.buf); + reported_error = atomic transaction failed; + goto failure; + } + + ref_transaction_free(transaction); + strbuf_release(err); + return; Minor comment: This cleanup code is repeated in both the success and fail branches. It _might_ (or not) be a bit cleaner and more maintainable to replace the above three lines with: goto done; + +failure: + for (cmd = commands; cmd; cmd = cmd-next) + if (!cmd-error_string) + cmd-error_string = reported_error; And add a 'done' label here: done: + ref_transaction_free(transaction); strbuf_release(err); } @@ -1142,7 +1185,10 @@ static void execute_commands(struct command *commands, free(head_name_to_free); head_name = head_name_to_free = resolve_refdup(HEAD, 0, sha1, NULL); - execute_commands_loop(commands, si); + if (use_atomic) + execute_commands_atomic(commands, si); + else + execute_commands_non_atomic(commands, si); check_shallow_bugs(commands, si); } -- 2.2.1.62.g3f15098 -- To unsubscribe from this list: send the line unsubscribe git in the body of a message to majord...@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
[PATCHv8 6/9] receive-pack.c: add execute_commands_atomic function
Update receive-pack to use an atomic transaction iff the client negotiated that it wanted atomic push. This leaves the default behavior to be the old non-atomic one ref at a time update. This is to cause as little disruption as possible to existing clients. It is unknown if there are client scripts that depend on the old non-atomic behavior so we make it opt-in for now. If it turns out over time that there are no client scripts that depend on the old behavior we can change git to default to use atomic pushes and instead offer an opt-out argument for people that do not want atomic pushes. Inspired-by: Ronnie Sahlberg sahlb...@google.com Helped-by: Eric Sunshine sunsh...@sunshineco.com Signed-off-by: Stefan Beller sbel...@google.com --- Notes: Changes in v8: removed superflous } to make it compile again Changes in v7: Eric suggested to replace [PATCH 4/7] receive-pack.c: receive-pack.c: use a single ref_transaction for atomic pushes by smaller patches This is the last patch replacing said large commit. Changes in v6: This is a complete rewrite of the patch essentially. Eric suggested to split up the flow into functions, so it is easier to read. It's more lines of code, but indeed it's easier to follow. Thanks Eric! Note there is another patch following this one moving the helper functions above execute_commands. I just choose the order of the functions in this patch to have a better diff (just inserting the call to the function execute_commands_non_atomic and that function directly follows.) The next patch of the series will move that up. Because of the rewrite and the fixes of the previous five versions there is not much left of Ronnies original patch, so I'll claim authorship of this one. Changes v1 - v2: * update(...) assumes to be always in a transaction * Caring about when to begin/commit transactions is put into execute_commands v2-v3: * meditated about the error flow. Now we always construct a local strbuf err if required. Then the flow is easier to follow and destruction of it is performed nearby. * early return in execute_commands if transaction_begin fails. v3-v4: * revamp logic again. This should keep the non atomic behavior as is (in case of error say so, in non error case just free the transaction). In the atomic case we either do nothing (when no error), or abort with the goto. if (!cmd-error_string) { if (!use_atomic ref_transaction_commit(transaction, err)) { ref_transaction_free(transaction); rp_error(%s, err.buf); strbuf_release(err); cmd-error_string = failed to update ref; } } else if (use_atomic) { goto atomic_failure; } else { ref_transaction_free(transaction); } * Having the goto directly there when checking for cmd-error_string, we don't need to do it again, so the paragraph explaining the error checking is gone as well. (Previous patch had the following, this is put at the end of the function, where the goto jumps to and the comment has been dropped. + /* +* update(...) may abort early (i.e. because the hook refused to +* update that ref) which then doesn't even record a transaction +* regarding that ref. Make sure all commands are without error +* and then commit atomically. +*/ + for (cmd = commands; cmd; cmd = cmd-next) + if (cmd-error_string) + break; v4-v5: Eric wrote: Repeating from my earlier review[1]: If the 'pre-receive' hook declines, then this transaction is left dangling (and its resources leaked). You're right. The initialization of the transaction is now near the actual loop after the pre receive hook. The !use_atomic case (below), calls this error failed to start transaction, not merely transaction error. ok, now both are transaction failed to start. In all cases where these generic errors are reported, we do have a rp_error(...) with details. Furthermore, in the use_atomic case (also below), when a commit fails, you assign err.buf to cmd-error_string rather than a generic transaction error message. What differs between these cases which makes the generic message preferable here over the more specific err.buf message? They are the