From: Junio C Hamano <gitster@pobox.com>
To: Joshua Hudson <jhudson@cedaron.com>
Cc: git@vger.kernel.org, Elijah Newren <newren@gmail.com>
Subject: Re: Design issue in git merge driver interface
Date: Thu, 22 Jun 2023 12:12:50 -0700 [thread overview]
Message-ID: <xmqqttuze2fh.fsf@gitster.g> (raw)
In-Reply-To: <6e1b9ce4-e86d-fe30-e5de-27a3be57eefd@cedaron.com> (Joshua Hudson's message of "Thu, 22 Jun 2023 09:50:01 -0700")
Joshua Hudson <jhudson@cedaron.com> writes:
> Looking at the merge driver found that some things cannot be handled,
> such as OOM condition. The fault has to propagate upwards, unwinding
> as it goes.
Even though the end-user facing documentation says:
The merge driver is expected to leave the result of the merge in
the file named with `%A` by overwriting it, and exit with zero
status if it managed to merge them cleanly, or non-zero if there
were conflicts.
the ll-merge.c:ll_ext_merge() function that calls an external merge
driver does this:
static enum ll_merge_result ll_ext_merge(const struct ll_merge_driver *fn,
...
status = run_command(&child);
...
ret = (status > 0) ? LL_MERGE_CONFLICT : status;
return ret;
}
so a true "failure" from run_command() to run the external merge
driver will be noticed as a failure by the upper layer of the
callchain. merge-ort.c:merge_3way() relays the return value of
ll-merge.c:ll_merge() and merge-ort.c:handle_content_merge() reacts
to a negative return as an _("Failed to execute internal merge")
error, for example. merge-recursive uses the same logic.
Unfortunately, I see no provision for the merge driver to actively
signal such a condition. The return value of run_command() is a
return value from run-command.c:wait_or_whine() and exit status of
the process is cleansed with WEXITSTATUS() so we cannot make it
negative X-<.
In the worst case, we may retroactively have to reserve one exit
status so that the external merge driver can actively say "I give
up" to cause LL_MERGE_ERROR to be returned from the codepath, but I
wonder if it is safe to abuse "exit due to signal" (which shows up
as a return value greater than 128) as such a "merge driver went
away without leaving a useful result"? Elijah, what do you think?
Stepping back a bit and even disregarding such a merge driver that
OOMs, if a long-running merge driver is killed, by definition we
cannot trust what the driver left on the filesystem, so handling
"exit due to signal" case differently does sound like a sensible
thing to do, at least to me, offhand.
And once we have such an enhancement to the ll-ext-merge interface,
a merge driver that voluntarily "gives up" can send a signal to kill
itself (or call abort(3)).
With a tentative commit log message (which would need to be updated
to mention what the triggering topic was that led to this
enhancement) but without associated documentation update and test,
here is to summarize and illustrate the above idea.
----- >8 ---------- >8 ---------- >8 -----
ll-merge: external merge driver died with a signal causes an error
When an external merge driver dies with a signal, we should not
expect that the result left on the filesystem is in any useful
state. However, because the current code uses the return value from
run_command() and declares any positive value as a sign that the
driver successfully left conflicts in the result, and because the
return value from run_command() for a subprocess that died upon a
signal is positive, we end up treating whatever garbage left on the
filesystem as the result the merge driver wanted to leave us.
run_command() returns larger than 128 (WTERMSIG(status) + 128, to be
exact) when it notices that the subprocess died with a signal, so
detect such a case and return LL_MERGE_ERROR from ll_ext_merge().
Signed-off-by: Junio C Hamano <gitster@pobox.com>
---
ll-merge.c | 9 ++++++++-
1 file changed, 8 insertions(+), 1 deletion(-)
diff --git c/ll-merge.c w/ll-merge.c
index 07ec16e8e5..5599f55ffc 100644
--- c/ll-merge.c
+++ w/ll-merge.c
@@ -243,7 +243,14 @@ static enum ll_merge_result ll_ext_merge(const struct ll_merge_driver *fn,
unlink_or_warn(temp[i]);
strbuf_release(&cmd);
strbuf_release(&path_sq);
- ret = (status > 0) ? LL_MERGE_CONFLICT : status;
+
+ if (!status)
+ ret = LL_MERGE_OK;
+ else if (status <= 128)
+ ret = LL_MERGE_CONFLICT;
+ else
+ /* died due to a signal: WTERMSIG(status) + 128 */
+ ret = LL_MERGE_ERROR;
return ret;
}
next prev parent reply other threads:[~2023-06-22 19:12 UTC|newest]
Thread overview: 15+ messages / expand[flat|nested] mbox.gz Atom feed top
2023-06-22 16:50 Design issue in git merge driver interface Joshua Hudson
2023-06-22 19:12 ` Junio C Hamano [this message]
2023-06-23 0:33 ` [PATCH] ll-merge: killing the external merge driver aborts the merge Junio C Hamano
2023-06-23 6:25 ` Elijah Newren
2023-06-23 16:26 ` Junio C Hamano
2023-06-23 23:31 ` Junio C Hamano
2023-06-25 13:40 ` Joshua Hudson
2023-06-27 12:02 ` Johannes Schindelin
2023-06-27 13:43 ` Joshua Hudson
2023-06-27 19:08 ` Junio C Hamano
2023-06-27 19:10 ` Joshua Hudson
2023-06-27 20:04 ` Junio C Hamano
2023-06-27 21:14 ` Joshua Hudson
2023-06-27 21:26 ` Junio C Hamano
2023-06-27 21:32 ` Joshua Hudson
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=xmqqttuze2fh.fsf@gitster.g \
--to=gitster@pobox.com \
--cc=git@vger.kernel.org \
--cc=jhudson@cedaron.com \
--cc=newren@gmail.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).