From: Michael Haggerty <mhagger@alum.mit.edu>
To: Johannes Sixt <j.sixt@viscovery.net>
Cc: "Junio C Hamano" <gitster@pobox.com>,
git@vger.kernel.org, "Jeff King" <peff@peff.net>,
"Torsten Bögershausen" <tboegi@web.de>,
"Eric Sunshine" <sunshine@sunshineco.com>
Subject: Re: [PATCH v2 18/25] lockfile: avoid transitory invalid states
Date: Mon, 07 Apr 2014 15:12:49 +0200 [thread overview]
Message-ID: <5342A451.5020905@alum.mit.edu> (raw)
In-Reply-To: <5342962A.8020608@viscovery.net>
On 04/07/2014 02:12 PM, Johannes Sixt wrote:
> Am 4/7/2014 13:13, schrieb Michael Haggerty:
>> On 04/07/2014 08:16 AM, Johannes Sixt wrote:
>>> Am 4/7/2014 1:34, schrieb Michael Haggerty:
>>>> So, instead of encoding part of the lock_file state in the filename
>>>> field, add a new bit "LOCK_FLAGS_LOCKFILE_ACTIVE" to flags, and use
>>>> this bit to distinguish between a lock_file object that is active
>>>> vs. one that is inactive. Be careful to set this bit only when
>>>> filename really contains the name of a file that should be deleted on
>>>> cleanup.
>>>
>>> Since this flag is primarily for communication between the main code and a
>>> signal handler, the only safe way is to define the flag as volatile
>>> sig_atomic_t, not to make it a bit of a larger type!
>>
>> Thanks for the feedback. You are obviously right, and I will fix it.
>>
>> But I have a feeling that this line of thought is going to lead to the
>> signal handler's not being able to do anything. How far can we afford
>> to pursue strict correctness? ...
>>
>> The signal handler currently reads
>>
>> lock_file_list
>> lock_file::next
>> lock_file::fd
>> lock_file::owner
>> lock_file::filename
>> *lock_file::filename
>>
>> and writes lock_file_list. Among other things it calls close(),
>> unlink(), vsnprintf(), and fprintf() (the last two via warning()).
>>
>> But most of these actions are undefined under the C99 standard:
>
> Good point. But not all is lost because some of the functions are
> well-defined under POSIX, particularly close() and unlink(). (*printf are
> not, though.)
>
>> I don't have time to rewrite *all* of Git right now, so how can we get
>> reasonable safety and portability within a feasible amount of work?
>
> It shouldn't be *that* bad. We can make all members volatile, except
> filename (because we wouldn't be able to strcpy(lk->filename, ...) without
> a type cast).
>
> How far *do* you want to go? I'm certainly not opposed to field-test your
> current changeset (plus and adjustment to use sig_atomic_t) -- overall it
> is an improvement. And then we will see how it works.
For now I think I'd just like to get the biggest problems fixed without
making anything worse. Given that there might be a GSoC student working
in this neighborhood, he/she might be able to take up the baton.
I changed the patch series to use a new "volatile sig_atomic_t active"
field rather than a bit in a "flags" field. I'll wait a short time to
see if there is more feedback before pushing it to the list; meanwhile
you can find it here if you have time to look at it and/or test it:
http://github.com/mhagger/git, branch "lock-correctness"
Michael
--
Michael Haggerty
mhagger@alum.mit.edu
http://softwareswirl.blogspot.com/
next prev parent reply other threads:[~2014-04-07 13:12 UTC|newest]
Thread overview: 37+ messages / expand[flat|nested] mbox.gz Atom feed top
2014-04-06 23:33 [PATCH v2 00/25] Lockfile correctness and refactoring Michael Haggerty
2014-04-06 23:33 ` [PATCH v2 01/25] api-lockfile: expand the documentation Michael Haggerty
2014-04-07 18:46 ` Jeff King
2014-04-06 23:33 ` [PATCH v2 02/25] unable_to_lock_die(): rename function from unable_to_lock_index_die() Michael Haggerty
2014-04-07 18:47 ` Jeff King
2014-04-08 14:04 ` Michael Haggerty
2014-04-06 23:33 ` [PATCH v2 03/25] rollback_lock_file(): do not clear filename redundantly Michael Haggerty
2014-04-06 23:33 ` [PATCH v2 04/25] rollback_lock_file(): set fd to -1 Michael Haggerty
2014-04-06 23:33 ` [PATCH v2 05/25] lockfile: unlock file if lockfile permissions cannot be adjusted Michael Haggerty
2014-04-06 23:33 ` [PATCH v2 06/25] hold_lock_file_for_append(): release lock on errors Michael Haggerty
2014-04-06 23:33 ` [PATCH v2 07/25] lock_file(): always add lock_file object to lock_file_list Michael Haggerty
2014-04-06 23:33 ` [PATCH v2 08/25] struct lock_file: replace on_list field with flags field Michael Haggerty
2014-04-06 23:33 ` [PATCH v2 09/25] lockfile.c: document the various states of lock_file objects Michael Haggerty
2014-04-06 23:33 ` [PATCH v2 10/25] lockfile: define a constant LOCK_SUFFIX_LEN Michael Haggerty
2014-04-06 23:33 ` [PATCH v2 11/25] delete_ref_loose(): don't muck around in the lock_file's filename Michael Haggerty
2014-04-06 23:33 ` [PATCH v2 12/25] prepare_index(): declare return value to be (const char *) Michael Haggerty
2014-04-06 23:33 ` [PATCH v2 13/25] write_packed_entry_fn(): convert cb_data into a (const int *) Michael Haggerty
2014-04-06 23:33 ` [PATCH v2 14/25] lock_file(): exit early if lockfile cannot be opened Michael Haggerty
2014-04-06 23:33 ` [PATCH v2 15/25] remove_lock_file(): call rollback_lock_file() Michael Haggerty
2014-04-06 23:33 ` [PATCH v2 16/25] commit_lock_file(): inline temporary variable Michael Haggerty
2014-04-06 23:33 ` [PATCH v2 17/25] commit_lock_file(): make committing an unlocked lockfile a NOP Michael Haggerty
2014-04-07 19:31 ` Jeff King
2014-04-14 8:21 ` Michael Haggerty
2014-04-06 23:34 ` [PATCH v2 18/25] lockfile: avoid transitory invalid states Michael Haggerty
2014-04-07 6:16 ` Johannes Sixt
2014-04-07 11:13 ` Michael Haggerty
2014-04-07 12:12 ` Johannes Sixt
2014-04-07 13:12 ` Michael Haggerty [this message]
2014-04-07 19:38 ` Jeff King
2014-04-06 23:34 ` [PATCH v2 19/25] try_merge_strategy(): remove redundant lock_file allocation Michael Haggerty
2014-04-06 23:34 ` [PATCH v2 20/25] try_merge_strategy(): use a statically-allocated lock_file object Michael Haggerty
2014-04-06 23:34 ` [PATCH v2 21/25] commit_lock_file(): use a strbuf to manage temporary space Michael Haggerty
2014-04-06 23:34 ` [PATCH v2 22/25] Change lock_file::filename into a strbuf Michael Haggerty
2014-04-06 23:34 ` [PATCH v2 23/25] resolve_symlink(): use a strbuf for internal scratch space Michael Haggerty
2014-04-06 23:34 ` [PATCH v2 24/25] resolve_symlink(): take a strbuf parameter Michael Haggerty
2014-04-06 23:34 ` [PATCH v2 25/25] trim_last_path_elm(): replace last_path_elm() Michael Haggerty
2014-04-07 19:40 ` [PATCH v2 00/25] Lockfile correctness and refactoring Jeff King
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=5342A451.5020905@alum.mit.edu \
--to=mhagger@alum.mit.edu \
--cc=git@vger.kernel.org \
--cc=gitster@pobox.com \
--cc=j.sixt@viscovery.net \
--cc=peff@peff.net \
--cc=sunshine@sunshineco.com \
--cc=tboegi@web.de \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).