[PATCH] builtin/log.c: prepend "RFC" on --rfc

[PATCH] builtin/log.c: prepend "RFC" on --rfc

[Drew DeVault]

Rather than replacing the configured subject prefix (either through the
git config or command line) entirely with "RFC PATCH", this change
prepends RFC to whatever subject prefix was already in use.

This is useful, for example, when a user is working on a repository that
has a subject prefix considered to disambiguate patches:

	git config format.subjectPrefix 'PATCH my-project'

Prior to this change, formatting patches with --rfc would lose the
'my-project' information.

Signed-off-by: Drew DeVault <sir@cmpwn.com>
---
Implementation note: this introduces a small memory leak, but freeing it
requires a non-trivial amount of refactoring and some dubious choices
that I was not sure of for a small patch; and it seems like memory leaks
in this context are tolerated anyway from a perusal of the existing
code.

 Documentation/git-format-patch.txt |  6 +++---
 builtin/log.c                      | 15 ++++++++++++++-
 t/t4014-format-patch.sh            |  9 +++++++++
 3 files changed, 26 insertions(+), 4 deletions(-)

diff --git a/Documentation/git-format-patch.txt b/Documentation/git-format-patch.txt
index 373b46fc0d..fdc52cf826 100644
--- a/Documentation/git-format-patch.txt
+++ b/Documentation/git-format-patch.txt
@@ -229,9 +229,9 @@ populated with placeholder text.
 	variable, or 64 if unconfigured.
 
 --rfc::
-	Alias for `--subject-prefix="RFC PATCH"`. RFC means "Request For
-	Comments"; use this when sending an experimental patch for
-	discussion rather than application.
+	Prepends "RFC" to the subject prefix (producing "RFC PATCH" by
+	default). RFC means "Request For Comments"; use this when sending
+	an experimental patch for discussion rather than application.
 
 -v <n>::
 --reroll-count=<n>::
diff --git a/builtin/log.c b/builtin/log.c
index db3a88bfe9..d986faebed 100644
--- a/builtin/log.c
+++ b/builtin/log.c
@@ -1476,9 +1476,22 @@ static int subject_prefix_callback(const struct option *opt, const char *arg,
 
 static int rfc_callback(const struct option *opt, const char *arg, int unset)
 {
+	int n;
+	char *prefix;
+	const char *prev;
+
 	BUG_ON_OPT_NEG(unset);
 	BUG_ON_OPT_ARG(arg);
-	return subject_prefix_callback(opt, "RFC PATCH", unset);
+
+	prev = ((struct rev_info *)opt->value)->subject_prefix;
+	assert(prev != NULL);
+	n = snprintf(NULL, 0, "RFC %s", prev);
+	assert(n > 0);
+	prefix = xmalloc(n + 1);
+	n = snprintf(prefix, n + 1, "RFC %s", prev);
+	assert(n > 0);
+
+	return subject_prefix_callback(opt, prefix, unset);
 }
 
 static int numbered_cmdline_opt = 0;
diff --git a/t/t4014-format-patch.sh b/t/t4014-format-patch.sh
index 3cf2b7a7fb..a7fe839683 100755
--- a/t/t4014-format-patch.sh
+++ b/t/t4014-format-patch.sh
@@ -1377,6 +1377,15 @@ test_expect_success '--rfc' '
 	test_cmp expect actual
 '
 
+test_expect_success '--rfc does not overwrite prefix' '
+	cat >expect <<-\EOF &&
+	Subject: [RFC PATCH foobar 1/1] header with . in it
+	EOF
+	git format-patch -n -1 --stdout --subject-prefix "PATCH foobar" --rfc >patch &&
+	grep ^Subject: patch >actual &&
+	test_cmp expect actual
+'
+
 test_expect_success '--from=ident notices bogus ident' '
 	test_must_fail git format-patch -1 --stdout --from=foo >patch
 '
-- 
2.42.0

Re: [PATCH] builtin/log.c: prepend "RFC" on --rfc

[Jeff King]

On Mon, Aug 28, 2023 at 02:50:34PM +0200, Drew DeVault wrote:

> Rather than replacing the configured subject prefix (either through the
> git config or command line) entirely with "RFC PATCH", this change
> prepends RFC to whatever subject prefix was already in use.
> 
> This is useful, for example, when a user is working on a repository that
> has a subject prefix considered to disambiguate patches:
> 
> 	git config format.subjectPrefix 'PATCH my-project'
> 
> Prior to this change, formatting patches with --rfc would lose the
> 'my-project' information.

This sounds like a good change to me. It would be backwards-incompatible
for anybody expecting:

  git format-patch --subject=foo --rfc

to override the --subject line, but that seems rather unlikely.

> Implementation note: this introduces a small memory leak, but freeing it
> requires a non-trivial amount of refactoring and some dubious choices
> that I was not sure of for a small patch; and it seems like memory leaks
> in this context are tolerated anyway from a perusal of the existing
> code.

We do have a lot of small leaks like this, but we've been trying to
clean them up slowly. There's some infrastructure in the test suite for
marking scripts as leak-free, but t4014 is not yet there, so this
won't cause CI to complain at this point.

It is tempting while we are here and thinking about it to put in an easy
hack, like storing the allocated string in a static variable.

>  static int rfc_callback(const struct option *opt, const char *arg, int unset)
>  {
> +	int n;
> +	char *prefix;
> +	const char *prev;
> +
>  	BUG_ON_OPT_NEG(unset);
>  	BUG_ON_OPT_ARG(arg);
> -	return subject_prefix_callback(opt, "RFC PATCH", unset);
> +
> +	prev = ((struct rev_info *)opt->value)->subject_prefix;
> +	assert(prev != NULL);
> +	n = snprintf(NULL, 0, "RFC %s", prev);
> +	assert(n > 0);
> +	prefix = xmalloc(n + 1);
> +	n = snprintf(prefix, n + 1, "RFC %s", prev);
> +	assert(n > 0);
> +
> +	return subject_prefix_callback(opt, prefix, unset);
>  }

We try to avoid manually computing string sizes like this, since it's
error-prone and can be subject to integer overflow attacks (not in this
case, but every instance makes auditing harder). You can use xstrfmt()
instead.

Coupled with the leak-hack from above, maybe just:

diff --git a/builtin/log.c b/builtin/log.c
index db3a88bfe9..579c3a2419 100644
--- a/builtin/log.c
+++ b/builtin/log.c
@@ -1476,9 +1476,19 @@ static int subject_prefix_callback(const struct option *opt, const char *arg,
 
 static int rfc_callback(const struct option *opt, const char *arg, int unset)
 {
+	/*
+	 * "avoid" leak by holding on to a reference to the memory, since we
+	 * need the string for the lifetime of the process anyway
+	 */
+	static char *prefix;
+
 	BUG_ON_OPT_NEG(unset);
 	BUG_ON_OPT_ARG(arg);
-	return subject_prefix_callback(opt, "RFC PATCH", unset);
+
+	free(prefix);
+	prefix = xstrfmt("RFC %s", ((struct rev_info *)opt->value)->subject_prefix);
+
+	return subject_prefix_callback(opt, prefix, unset);
 }
 
 static int numbered_cmdline_opt = 0;

The rest of the patch (docs and tests) looked good to me.

Re: [PATCH] builtin/log.c: prepend "RFC" on --rfc

[Drew DeVault]

On Mon Aug 28, 2023 at 4:42 PM CEST, Jeff King wrote:
>  static int rfc_callback(const struct option *opt, const char *arg, int unset)
>  {
> +	/*
> +	 * "avoid" leak by holding on to a reference to the memory, since we
> +	 * need the string for the lifetime of the process anyway
> +	 */
> +	static char *prefix;
> +
>  	BUG_ON_OPT_NEG(unset);
>  	BUG_ON_OPT_ARG(arg);
> -	return subject_prefix_callback(opt, "RFC PATCH", unset);
> +
> +	free(prefix);
> +	prefix = xstrfmt("RFC %s", ((struct rev_info *)opt->value)->subject_prefix);
> +
> +	return subject_prefix_callback(opt, prefix, unset);
>  }

I like this better, thanks!

Re: [PATCH] builtin/log.c: prepend "RFC" on --rfc

[Phillip Wood]

On 28/08/2023 15:42, Jeff King wrote:
> On Mon, Aug 28, 2023 at 02:50:34PM +0200, Drew DeVault wrote:
> 
>> Rather than replacing the configured subject prefix (either through the
>> git config or command line) entirely with "RFC PATCH", this change
>> prepends RFC to whatever subject prefix was already in use.
>>
>> This is useful, for example, when a user is working on a repository that
>> has a subject prefix considered to disambiguate patches:
>>
>> 	git config format.subjectPrefix 'PATCH my-project'
>>
>> Prior to this change, formatting patches with --rfc would lose the
>> 'my-project' information.
> 
> This sounds like a good change to me. 

I agree it sounds like a good change but if we're going to change it 
than I think we should ensure

     git format-patch --subject-prefix=foo --rfc

and

     git format-patch --rfc --subject-prefix=foo

give the same result. That would mean dropping rfc_callback() and using 
OPT_BOOL() instead of OPT_CALLBACK_F(). We could add the "RFC " prefix 
just before we add the re-roll suffix.

Best Wishes

Phillip

It would be backwards-incompatible
> for anybody expecting:
> 
>    git format-patch --subject=foo --rfc
> 
> to override the --subject line, but that seems rather unlikely.

>> Implementation note: this introduces a small memory leak, but freeing it
>> requires a non-trivial amount of refactoring and some dubious choices
>> that I was not sure of for a small patch; and it seems like memory leaks
>> in this context are tolerated anyway from a perusal of the existing
>> code.
> 
> We do have a lot of small leaks like this, but we've been trying to
> clean them up slowly. There's some infrastructure in the test suite for
> marking scripts as leak-free, but t4014 is not yet there, so this
> won't cause CI to complain at this point.
> 
> It is tempting while we are here and thinking about it to put in an easy
> hack, like storing the allocated string in a static variable.
> 
>>   static int rfc_callback(const struct option *opt, const char *arg, int unset)
>>   {
>> +	int n;
>> +	char *prefix;
>> +	const char *prev;
>> +
>>   	BUG_ON_OPT_NEG(unset);
>>   	BUG_ON_OPT_ARG(arg);
>> -	return subject_prefix_callback(opt, "RFC PATCH", unset);
>> +
>> +	prev = ((struct rev_info *)opt->value)->subject_prefix;
>> +	assert(prev != NULL);
>> +	n = snprintf(NULL, 0, "RFC %s", prev);
>> +	assert(n > 0);
>> +	prefix = xmalloc(n + 1);
>> +	n = snprintf(prefix, n + 1, "RFC %s", prev);
>> +	assert(n > 0);
>> +
>> +	return subject_prefix_callback(opt, prefix, unset);
>>   }
> 
> We try to avoid manually computing string sizes like this, since it's
> error-prone and can be subject to integer overflow attacks (not in this
> case, but every instance makes auditing harder). You can use xstrfmt()
> instead.
> 
> Coupled with the leak-hack from above, maybe just:
> 
> diff --git a/builtin/log.c b/builtin/log.c
> index db3a88bfe9..579c3a2419 100644
> --- a/builtin/log.c
> +++ b/builtin/log.c
> @@ -1476,9 +1476,19 @@ static int subject_prefix_callback(const struct option *opt, const char *arg,
>   
>   static int rfc_callback(const struct option *opt, const char *arg, int unset)
>   {
> +	/*
> +	 * "avoid" leak by holding on to a reference to the memory, since we
> +	 * need the string for the lifetime of the process anyway
> +	 */
> +	static char *prefix;
> +
>   	BUG_ON_OPT_NEG(unset);
>   	BUG_ON_OPT_ARG(arg);
> -	return subject_prefix_callback(opt, "RFC PATCH", unset);
> +
> +	free(prefix);
> +	prefix = xstrfmt("RFC %s", ((struct rev_info *)opt->value)->subject_prefix);
> +
> +	return subject_prefix_callback(opt, prefix, unset);
>   }
>   
>   static int numbered_cmdline_opt = 0;
> 
> The rest of the patch (docs and tests) looked good to me.

Re: [PATCH] builtin/log.c: prepend "RFC" on --rfc

[Jeff King]

On Mon, Aug 28, 2023 at 05:30:36PM +0100, Phillip Wood wrote:

> I agree it sounds like a good change but if we're going to change it than I
> think we should ensure
> 
>     git format-patch --subject-prefix=foo --rfc
> 
> and
> 
>     git format-patch --rfc --subject-prefix=foo
> 
> give the same result. That would mean dropping rfc_callback() and using
> OPT_BOOL() instead of OPT_CALLBACK_F(). We could add the "RFC " prefix just
> before we add the re-roll suffix.

Good catch. That should also make the leak issue easier to solve, too,
as we'd hold the string (and free it) in the main cmd_format_patch()
function. This is exactly how the "reroll_count" feature works
currently.

-Peff

Re: [PATCH] builtin/log.c: prepend "RFC" on --rfc

[Junio C Hamano]

Phillip Wood <phillip.wood123@gmail.com> writes:

> I agree it sounds like a good change but if we're going to change it
> than I think we should ensure
>
>     git format-patch --subject-prefix=foo --rfc
>
> and
>
>     git format-patch --rfc --subject-prefix=foo
>
> give the same result.

Good catch.  The implementation with this patch feel philosophically
dirty, in that the new "--rfc" is no longer "we use a different
subject-prefix" but "this new option is independent from the
subject-prefix; whatever string that other option receives goes
before the title, and our string goes even before that".  And to
reflect that independent nature better, it should just grab the
string into a separate local variable and combine the two into a
single prefix string after parse_options() returns.

Thanks.

Re: [PATCH] builtin/log.c: prepend "RFC" on --rfc

[Junio C Hamano]

Drew DeVault <sir@cmpwn.com> writes:

> Rather than replacing the configured subject prefix (either through the
> git config or command line) entirely with "RFC PATCH", this change
> prepends RFC to whatever subject prefix was already in use.
>
> This is useful, for example, when a user is working on a repository that
> has a subject prefix considered to disambiguate patches:
>
> 	git config format.subjectPrefix 'PATCH my-project'
>
> Prior to this change, formatting patches with --rfc would lose the
> 'my-project' information.

OK.  

My initial reaction was that we should just deprecate "--rfc" and
instead use "--subject-prefix" for whatever multi-token string; that
way, we do not need to worry about having to add "--wip" and other
"shorthand" options ;-).  But the combination of the configuration
variable that specifies the tag that is used for everyday operation
and a command line option that allows you to add (not replace) RFC
would be a justifiable behaviour.  It certainly is better than the
current (original) design of "--rfc".  This needs to be advertised
as a backward incompatible change in the release notes, but I doubt
that the fallout would be major.

The implementation below looks like it is quite out of our style,
but I'll read v2 instead.