Pierre-Yves David <pierre-yves.david@octobus.net> [Tue, 21 Feb 2023 17:43:43 +0100] rev 50121
dirstate: add small asserts for double security
We don't need this, but it does not hurt.
Pierre-Yves David <pierre-yves.david@octobus.net> [Mon, 20 Feb 2023 15:58:17 +0100] rev 50120
dirstate: simplify the invalidation management on context exit
Since the `invalidate` call will directly reset the `_invalidated_context` attribut, we can simplify the code.
In the same go, we move most of the logic out of the `finally` clause. It seems
cleaner and safer. If we are handling an exception, we don't need the `write`
code anyway.
Pierre-Yves David <pierre-yves.david@octobus.net> [Mon, 20 Feb 2023 15:52:55 +0100] rev 50119
dirstate: use the new `check_invalidated` decorator for `_changing`
WeeeEEeee, less code.
Pierre-Yves David <pierre-yves.david@octobus.net> [Tue, 21 Feb 2023 22:25:20 +0100] rev 50118
dirstate: introduce a check_invalidated decorator
This is a common need, so let us consolidate it to simplify the code.
Pierre-Yves David <pierre-yves.david@octobus.net> [Sun, 19 Feb 2023 03:21:12 +0100] rev 50117
dirstate: warn if dirty when starting an edition
The dirstate should be clean before we start changing it. Otherwise we might
write unrelated changes. Having a dirty dirstate laying around is also
suspicious.
This is similar to what we do when opening a new transaction, but this time
this affect dirstate changes outside of a transaction.
Pierre-Yves David <pierre-yves.david@octobus.net> [Tue, 21 Feb 2023 03:22:51 +0100] rev 50116
large-files: make sure we write newly initialized standin file early
Any changing context will have to initialized it before anything else. Not
flushing the default (pre-change) content mean we would enter the changing
context with a dirty dirstate, which is odd.
Pierre-Yves David <pierre-yves.david@octobus.net> [Mon, 20 Feb 2023 14:06:15 +0100] rev 50115
dirstate: mark `clear` and `rebuild` as `require_changing_parents`
Yeah, more scoping!
Pierre-Yves David <pierre-yves.david@octobus.net> [Mon, 20 Feb 2023 11:37:02 +0100] rev 50114
dirstate: add a comment about the semantic of `dirstate.clear`
This method is weird, lets flag it as such.
Pierre-Yves David <pierre-yves.david@octobus.net> [Mon, 20 Feb 2023 14:05:19 +0100] rev 50113
debugrebuildstate: wrap the operation in a `changing_parents` context
This ismaybe a "changing_files" case? However this would be the only
usage of `rebuild` outside a `changing_parents` context and this is a debug
command, so lets not make the code base more complex because of that one command.
Pierre-Yves David <pierre-yves.david@octobus.net> [Sun, 19 Feb 2023 02:50:46 +0100] rev 50112
strip: use a `changing_parents` context for --keep update
These are now properly scoped.
note: it would be neat to reuse this in `hg rollback`.
Pierre-Yves David <pierre-yves.david@octobus.net> [Sun, 19 Feb 2023 02:47:28 +0100] rev 50111
mq: wrap the dirstate's rebuild in a `changing_parents` context
This code is dealing with `qreshesh` failure. In that case the working copy
will be left on the parent of the refreshed patch, so the parents are changing
and `changing_parents` make sens.
Pierre-Yves David <pierre-yves.david@octobus.net> [Mon, 20 Feb 2023 11:37:05 +0100] rev 50110
lfconvert: use a `changing_parents` context to clear the dirstate
Not sure if this is the right context, but it works and it is consistent with
the other usages of `dirstate.clear`.
Pierre-Yves David <pierre-yves.david@octobus.net> [Mon, 20 Feb 2023 11:57:46 +0100] rev 50109
dirstate: mark the `copy` method as requiring a `changing_any` context
This is used both when changing parents (e.g. merging with rename) and changing
files (e.g. running `hg rename`).
Pierre-Yves David <pierre-yves.david@octobus.net> [Mon, 20 Feb 2023 11:54:10 +0100] rev 50108
dirstate: add a `require_changing_any` decorator
We will need it for a couple of usecase (e.g `dirstate.copy`).
Pierre-Yves David <pierre-yves.david@octobus.net> [Mon, 20 Feb 2023 12:06:03 +0100] rev 50107
rebase: scope parent change into a changing_parents context
If we are actually altering the working copy (i.e. we are not in memory), we
should properly scope the working copy update.
Pierre-Yves David <pierre-yves.david@octobus.net> [Sat, 18 Feb 2023 04:10:08 +0100] rev 50106
dirstate: requires being in a `changing_parents` `context to set_parents`
Enforcing proper operation scoping on all methods that mutate the dirstate will
tighten correctness and reduce the risk of bugs.
The context to use for this method is obvious, and all code was already
compliant ☺
Pierre-Yves David <pierre-yves.david@octobus.net> [Tue, 21 Feb 2023 00:10:20 +0100] rev 50105
dirstate: invalidate on all exceptions
Previously, we would miss SystemExit, KeyboardInterrupt etc.
This "fix" on the bug tested in "test-largefiles-update.t" by preventing the
precisely tested situation to happens at all. However this reveal a similar bug
with a different timing.
I have not been able to deal with that pre-existing bug so far. So I updated the
test to point that out.
Pierre-Yves David <pierre-yves.david@octobus.net> [Tue, 21 Feb 2023 01:09:11 +0100] rev 50104
large-files: prepare a test for more changes
The behavior around this test is about to change. We update the test to make it
more robust and the changes clearer.
Pierre-Yves David <pierre-yves.david@octobus.net> [Tue, 21 Feb 2023 00:32:40 +0100] rev 50103
large-files: larger "changing_parents" context in mergeupdate override
This since we are updating the lfdirstate early, it seems reasonable to include
the full function in that scope.
Pierre-Yves David <pierre-yves.david@octobus.net> [Sun, 19 Feb 2023 03:14:44 +0100] rev 50102
large-files: use `hacky_extension_update_file` one more time
This override is about merging and can be used in a `changing_parents` context.
So lets use the method dedicated to hacky stuff when doing hacky stuff.
Matt Harbison <matt_harbison@yahoo.com> [Sun, 19 Feb 2023 00:04:53 -0500] rev 50101
typing: disable `signature-mismatch` warnings on a few bytestr functions
Recent versions of pytype complain about this, but it seems like expected
behavior.
Raphaël Gomès <rgomes@octobus.net> [Thu, 16 Feb 2023 11:42:34 +0100] rev 50100
rust: upgrade minimum `rayon` dependency
The 1.6.0 and 1.6.1 releases fixes a soundness issue and a performance issue
that are both important to us, since both correctness and performance are
paramount in the Rust extensions.
Pierre-Yves David <pierre-yves.david@octobus.net> [Sat, 18 Feb 2023 02:39:32 +0100] rev 50099
branching: merge with stable
Pierre-Yves David <pierre-yves.david@octobus.net> [Sat, 18 Feb 2023 01:21:51 +0100] rev 50098
test-chg: use a different log to avoid flakyness
The test was deleting the log file to start anew. However a trailing working
process might still be alive at this time, and recreate the very same log on
exit.
We see the trace of such worker in the expected content of server.log (see the
trace modified by this patch). This is flaky because we don't know *when* the
worker will write to the file and there is a race with the `hg init cached`
command.
A much simpler and reliable way to start anew without having such race is… to
write to a different log file. No reuse → no conflict, no conflict → no race, no
race → no flakiness.
Arseniy Alekseyev <aalekseyev@janestreet.com> [Fri, 18 Nov 2022 13:51:40 +0000] rev 50097
dirstate-v2: complain early on docket name collision
The alternative is that the dirstate gets deleted so the
corruption persists and is hard to investigate.
This happened to me in tests, where the dirstate names
are taken from file, since the file got reverted.
I expect this can also happen in prod with non-trivial
probability (1/4 billion).
Arseniy Alekseyev <aalekseyev@janestreet.com> [Thu, 16 Feb 2023 14:56:59 +0000] rev 50096
rhg: fix a bug in path_encode
This makes rhg able to access long paths at the root of the tree just fine.
Arseniy Alekseyev <aalekseyev@janestreet.com> [Thu, 16 Feb 2023 14:54:34 +0000] rev 50095
rhg: demonstrate a bug in path_encode
The bug means that long filenames at the root of the tree are encoded
incorrectly by rhg, so rhg crashes when trying to access them.
Arseniy Alekseyev <aalekseyev@janestreet.com> [Thu, 16 Feb 2023 14:43:46 +0000] rev 50094
rhg: nicer error message
Pierre-Yves David <pierre-yves.david@octobus.net> [Fri, 17 Feb 2023 16:45:36 +0100] rev 50093
setup: further improve the error path for version retrieval
This is a new take at the problem that 8d390a13474d tried to tackle. There was
two issues after that previous improvement:
- the 0.0+ version could survive a bit too long and reaching the installer
version and staying there.
- multiple use case where still failing.
So the new code is better at:
- always succeeding when running `make local` so that we can
bootstrap a local version
- no using that fallback outside of `make local` to avoid distribution of
version with the buggy version number.
The setup.py is a gigantic pile of spaghetti code, to the point where
pastafarian pilgrim started knocking at its core.
However I refrained from cleaning that up since the more to a `setup.cfg` means
this code should be deleted soon™.
Matt Harbison <matt_harbison@yahoo.com> [Tue, 14 Feb 2023 12:40:59 -0500] rev 50092
typing: add type hints to argument checking functions in cmdutil
These might be surprising, since they can take strings instead of bytes. The
way `AnyStr` works is that it must be all bytes or all str for any given
invocation.
The wildcard here will be the `opts` that get passed in- if the type is unknown
and defaults to `Any`, there's no enforcement that the dict key type matches the
additional args. But a lot of uses should be using `**opts` from the command
method, which has a str key. The uses of these methods in this module are now
typed because their internals force a specific type, and it can't just be
inferred from the caller.
Matt Harbison <matt_harbison@yahoo.com> [Tue, 14 Feb 2023 15:45:26 -0500] rev 50091
tag: move the prohibition of tagging the `null` rev up to the `wdir()` check
It makes sense to do these together, and avoid another revision lookup.
Pierre-Yves David <pierre-yves.david@octobus.net> [Fri, 17 Feb 2023 17:04:41 +0100] rev 50090
branching: merge with default
the first part of the fix is there
Pierre-Yves David <pierre-yves.david@octobus.net> [Fri, 17 Feb 2023 14:00:39 +0100] rev 50089
dirstate: handle missing backup file on restoration
This is the stable counter part to e358f6e0e50e.
Since 6.4 will stop writing undo.dirstate in some case (actually… at all), a
transaction created with 6.4 and recover/rolledback with 6.3 need to work to a
certain degreee. This changeset add the necessary bits so that we don't get a
traceback from 6..3 in this cases.
Dan Villiom Podlaski Christiansen <dan.villiom.podlaski.christiansen@sallinggroup.com> [Fri, 27 Jan 2023 17:30:51 +0100] rev 50088
tests: remove unnecessary --traceback argument
Matt Harbison <matt_harbison@yahoo.com> [Tue, 14 Feb 2023 11:56:02 -0500] rev 50087
tag: disallow tagging the working directory
It's kinda silly, but a clear error message is better than a stacktrace about
subscripting `None` when trying to generate the default commit message. I'm
surprised that `.revsingle(..).node()` returns None instead of `nodemod.wdirid`,
but now there's a test to catch if this changes.
Pierre-Yves David <pierre-yves.david@octobus.net> [Thu, 16 Feb 2023 04:49:35 +0100] rev 50086
dirstate: remove the dedicated backup logic
When alone, the dirstate can now take care of its commit/rollback pattern
itself.
When in a transaction, the transaction deal with commit/rollback pattern quite
fine.
Why did you have a dedicated backup logic?
Pierre-Yves David <pierre-yves.david@octobus.net> [Thu, 16 Feb 2023 04:02:36 +0100] rev 50085
localrepo: stop doing special dirstate backup at transaction open
Since the dirstate writes are already managed by the transaction, we already do
a backup of the dirstate when necessary (and even trigger one to keep `hg
rollback` happy).
We needs some special code to deal with the initial empty checkout, but it is
not too complicated.
Managing variable filename (as dirstate-v2 uses) at the "journalfile" level, is
complex and fragile (which is consistent with the fact these files are not
journal…). If we no longer do it, our life is significantly simpler.
In some sense, we apply the xkcd-1134¹ solution to our savebackup/restorebackup
problem.
[1] https://xkcd.com/1134/
(the change to test-hardlink are expect as decreasing the number of duplicated
backup drive the hardlink count down)
Pierre-Yves David <pierre-yves.david@octobus.net> [Thu, 16 Feb 2023 11:42:43 +0100] rev 50084
localrepo: "blindly" do a dirstate backup at the end of the transaction
Having the file backup mechanism dealing with file backup as benefit. So lets
move closer to that.
The fact `hg rollback` even needs this is sad. I hope to have the time to
implement one of the alternative soon.
Pierre-Yves David <pierre-yves.david@octobus.net> [Thu, 16 Feb 2023 17:12:21 +0100] rev 50083
test-hardlink: stop explicitly listing `undo.dirstate`
The files is on its way out.
Pierre-Yves David <pierre-yves.david@octobus.net> [Thu, 16 Feb 2023 04:04:40 +0100] rev 50082
localrepo: enforce a clean dirstate when the transaction open
This is important to simplify the backup process. This also seems like a quite
reasonable expectation. See inline documentation for details.
Pierre-Yves David <pierre-yves.david@octobus.net> [Thu, 16 Feb 2023 10:43:22 +0100] rev 50081
dirstate: explicitly backup the datafile
Since the transaction does not know about this file, we need to explicitly mark
it for backup before touching it.
Pierre-Yves David <pierre-yves.david@octobus.net> [Thu, 16 Feb 2023 04:41:38 +0100] rev 50080
mq: write the dirstate before stripping
I am not certain why it is dirty (probably the `repo.setparent` call a right
before. However I know we need it flushed before the repository starts to be
stripped.
Pierre-Yves David <pierre-yves.david@octobus.net> [Thu, 16 Feb 2023 03:08:00 +0100] rev 50079
dirstate: simplify the shelve hack to not go through the disk
We already have the data in memory, so why not simply keep the data in memory?
This avoid abusing the `savebackup/restorebackup` logic and will make our life
easier.
Pierre-Yves David <pierre-yves.david@octobus.net> [Thu, 16 Feb 2023 02:44:07 +0100] rev 50078
dirstate: detect potential fishy transaction patterns while changing
If we rely on the transaction more, we should be more careful about the
transaction. Adding extra security seems reasonable.
Pierre-Yves David <pierre-yves.david@octobus.net> [Thu, 16 Feb 2023 02:34:54 +0100] rev 50077
dirstate: generalize the dirstate's invalidation on transaction abort
The previous code was too specific, we should add the invalidation at next to
the `addfilegenerator` in the `write` call.
Pierre-Yves David <pierre-yves.david@octobus.net> [Thu, 16 Feb 2023 02:22:13 +0100] rev 50076
dirstate: simplify some methods' decorator
Since `changing_parents` and `changing_files` are mutually exclusive, having
both `@requires_changing_files` and `@requires_not_changing_parents` on a method
is redundant.
Pierre-Yves David <pierre-yves.david@octobus.net> [Thu, 16 Feb 2023 02:19:56 +0100] rev 50075
dirstate: document the functions that need consolidation
They are more functions that make the dirstate dirty but does not currently
enforce a clean change scoping, we add comments in front of each of them so
clarify this. There is no urgency to it, but the world will be a better place
when all of them have proper scoping in place.
Pierre-Yves David <pierre-yves.david@octobus.net> [Thu, 16 Feb 2023 05:03:28 +0100] rev 50074
dirstate: make `restorebackup` more robust when it is a noop
If there are no data_file, we might not be able to determine its filename.
Which can be safely ignored.
(all this code is on the way out anyway)
Pierre-Yves David <pierre-yves.david@octobus.net> [Thu, 16 Feb 2023 20:33:14 +0100] rev 50073
test: fix the flakyness in test-remotefilelog-local.t
I now get about 80% of my `test-chg` CI run that fails on flakyness in this
tests.
It turns out this is only ambiguous status that end up doing file download. So…
calling status early will do that potential download separately and the calls we
scrutinize during that test will be just fine.
Pierre-Yves David <pierre-yves.david@octobus.net> [Thu, 16 Feb 2023 00:33:15 +0100] rev 50072
dirstate-guard: remove the feature
The dirstate guard duplicated some of the logic already implemented in the
transaction (and now the changing_* context).
However the feature was incomplete, for example, living only in memory meant we
could not recover from the hardest crash. In addition this duplicated with the
transaction logic meant things could go out of sync or step on each other.
Removing the feature now that we no longer needs it seems the safest.
Pierre-Yves David <pierre-yves.david@octobus.net> [Thu, 16 Feb 2023 00:14:21 +0100] rev 50071
rollback: remove the dirstateguard usage
Thanks to the previous changeset, we no longer needs it.
begone !
Pierre-Yves David <pierre-yves.david@octobus.net> [Thu, 16 Feb 2023 10:00:59 +0100] rev 50070
rollback: explicitly skip dirstate rollback when applicable
instead of letting the transaction logic overwrite the dirstate and then
overwrite that overwrite with a backup. We simply do not restore the dirstate
related file during the _playback call.
This open the way to removing the last dirstate guard usage.
Pierre-Yves David <pierre-yves.david@octobus.net> [Thu, 16 Feb 2023 00:26:24 +0100] rev 50069
rollback: detect "parentgone" case earlier
Detecting this earlier will help us to affect the rollback process sooner, which
will help the next changesets.
To keep things simple, we degrade the behavior a bit when the `undo.desc` is
missing. However since `hg rollback` is not supposed to be used and the
`undo.desc` file have been introduced in mercurial 1.6 (2010). I think this is
an acceptable evil.
Pierre-Yves David <pierre-yves.david@octobus.net> [Wed, 15 Feb 2023 23:39:10 +0100] rev 50068
rollback: avoid a `hg commit --addremove` at a critical point
The rollback behavior around `hg commit --addremove` has changed slightly. It
does not really matters here but keeping that variant out of the way cannot
hurt.
Pierre-Yves David <pierre-yves.david@octobus.net> [Wed, 15 Feb 2023 20:48:51 +0100] rev 50067
rollback: display some graphlog before/after a test piece
This make the situation clearer.
Pierre-Yves David <pierre-yves.david@octobus.net> [Wed, 15 Feb 2023 20:47:08 +0100] rev 50066
rollback: show that the safety works in a associated test
That test section is checking that --force is overcoming the safety check,
however we did not check that the safety properly detect the situation.
We now do for clarity.
Pierre-Yves David <pierre-yves.david@octobus.net> [Tue, 14 Feb 2023 00:40:27 +0100] rev 50065
dirstate-guard: remove its usage in `backout`
We can simply replace it with a transaction.
Pierre-Yves David <pierre-yves.david@octobus.net> [Tue, 14 Feb 2023 00:42:00 +0100] rev 50064
dirstate-guard: remove the usage in `import`
It is now redundant with the transaction spawning the same scope.
Pierre-Yves David <pierre-yves.david@octobus.net> [Tue, 14 Feb 2023 00:39:49 +0100] rev 50063
dirstate-guard: replace a usage in `rebase` with a transaction
Opening the transaction sooner will provide us with the same benefit.
Pierre-Yves David <pierre-yves.david@octobus.net> [Tue, 14 Feb 2023 00:31:41 +0100] rev 50062
dirstate-guard: remove usage in `rebase`
Now that the dirstate change and write are clearer, it does not seems we need to
use a dirstate-guard here anymore. The transaction already wrap the full
operation.