From e79bdb426c7033cf431cd5cb628196fd19303da0 Mon Sep 17 00:00:00 2001 From: Elijah Newren Date: Wed, 19 Jun 2024 03:00:13 +0000 Subject: [PATCH 1/8] merge-ort: extract handling of priv member into reusable function In preparation for a subsequent commit which will ensure we do not forget to maintain our invariants for the priv member in error codepaths, extract the necessary functionality out into a separate function. This change is cosmetic at this point, and introduces no changes beyond an extra assertion sanity check. Signed-off-by: Elijah Newren Signed-off-by: Junio C Hamano --- merge-ort.c | 27 ++++++++++++++++++++++----- 1 file changed, 22 insertions(+), 5 deletions(-) diff --git a/merge-ort.c b/merge-ort.c index eaede6cead..700ddfccb9 100644 --- a/merge-ort.c +++ b/merge-ort.c @@ -5000,6 +5000,26 @@ static void merge_check_renames_reusable(struct merge_result *result, /*** Function Grouping: merge_incore_*() and their internal variants ***/ +static void move_opt_priv_to_result_priv(struct merge_options *opt, + struct merge_result *result) +{ + /* + * opt->priv and result->priv are a bit weird. opt->priv contains + * information that we can re-use in subsequent merge operations to + * enable our cached renames optimization. The best way to provide + * that to subsequent merges is putting it in result->priv. + * However, putting it directly there would mean retrofitting lots + * of functions in this file to also take a merge_result pointer, + * which is ugly and annoying. So, we just make sure at the end of + * the merge (the outer merge if there are internal recursive ones) + * to move it. + */ + assert(opt->priv && !result->priv); + result->priv = opt->priv; + result->_properly_initialized = RESULT_INITIALIZED; + opt->priv = NULL; +} + /* * Originally from merge_trees_internal(); heavily adapted, though. */ @@ -5060,11 +5080,8 @@ redo: /* existence of conflicted entries implies unclean */ result->clean &= strmap_empty(&opt->priv->conflicted); } - if (!opt->priv->call_depth) { - result->priv = opt->priv; - result->_properly_initialized = RESULT_INITIALIZED; - opt->priv = NULL; - } + if (!opt->priv->call_depth) + move_opt_priv_to_result_priv(opt, result); } /* From 0b4f726cde2743d59742deeb827783ae6ffed570 Mon Sep 17 00:00:00 2001 From: Elijah Newren Date: Wed, 19 Jun 2024 03:00:14 +0000 Subject: [PATCH 2/8] merge-ort: maintain expected invariant for priv member The calling convention for the merge machinery is One call to init_merge_options() One or more calls to merge_incore_[non]recursive() One call to merge_finalize() (possibly indirectly via merge_switch_to_result()) Both merge_switch_to_result() and merge_finalize() expect opt->priv == NULL && result->priv != NULL which is supposed to be set up by our move_opt_priv_to_result_priv() function. However, two codepaths dealing with error cases did not execute this necessary logic, which could result in assertion failures (or, if assertions were compiled out, could result in segfaults). Fix the oversight and add a test that would have caught one of these problems. While at it, also tighten an existing test for a non-recursive merge to verify that it fails with appropriate status. Most merge tests in the testsuite check either for success or conflicts; those testing for neither are rare and it is good to ensure they support the invariant assumed by builtin/merge.c in this comment: /* * The backend exits with 1 when conflicts are * left to be resolved, with 2 when it does not * handle the given merge at all. */ So, explicitly check for the exit status of 2 in these cases. Reported-by: Matt Cree Signed-off-by: Elijah Newren Signed-off-by: Junio C Hamano --- merge-ort.c | 3 ++- t/t6406-merge-attr.sh | 42 +++++++++++++++++++++++++++++++++++++++++- 2 files changed, 43 insertions(+), 2 deletions(-) diff --git a/merge-ort.c b/merge-ort.c index 700ddfccb9..dc62aaf6d1 100644 --- a/merge-ort.c +++ b/merge-ort.c @@ -5050,6 +5050,7 @@ redo: oid_to_hex(&side1->object.oid), oid_to_hex(&side2->object.oid)); result->clean = -1; + move_opt_priv_to_result_priv(opt, result); return; } trace2_region_leave("merge", "collect_merge_info", opt->repo); @@ -5080,7 +5081,7 @@ redo: /* existence of conflicted entries implies unclean */ result->clean &= strmap_empty(&opt->priv->conflicted); } - if (!opt->priv->call_depth) + if (!opt->priv->call_depth || result->clean < 0) move_opt_priv_to_result_priv(opt, result); } diff --git a/t/t6406-merge-attr.sh b/t/t6406-merge-attr.sh index 156a1efacf..b6db5c2cc3 100755 --- a/t/t6406-merge-attr.sh +++ b/t/t6406-merge-attr.sh @@ -185,7 +185,7 @@ test_expect_success !WINDOWS 'custom merge driver that is killed with a signal' >./please-abort && echo "* merge=custom" >.gitattributes && - test_must_fail git merge main 2>err && + test_expect_code 2 git merge main 2>err && grep "^error: failed to execute internal merge" err && git ls-files -u >output && git diff --name-only HEAD >>output && @@ -261,4 +261,44 @@ test_expect_success 'binary files with union attribute' ' grep -i "warning.*cannot merge.*HEAD vs. bin-main" output ' +test_expect_success !WINDOWS 'custom merge driver that is killed with a signal on recursive merge' ' + test_when_finished "rm -f output please-abort" && + test_when_finished "git checkout side" && + + git reset --hard anchor && + + git checkout -b base-a main^ && + echo base-a >text && + git commit -m base-a text && + + git checkout -b base-b main^ && + echo base-b >text && + git commit -m base-b text && + + git checkout -b recursive-a base-a && + test_must_fail git merge base-b && + echo recursive-a >text && + git add text && + git commit -m recursive-a && + + git checkout -b recursive-b base-b && + test_must_fail git merge base-a && + echo recursive-b >text && + git add text && + git commit -m recursive-b && + + git config --replace-all \ + merge.custom.driver "./custom-merge %O %A %B 0 %P %S %X %Y" && + git config --replace-all \ + merge.custom.name "custom merge driver for testing" && + + >./please-abort && + echo "* merge=custom" >.gitattributes && + test_expect_code 2 git merge recursive-a 2>err && + grep "^error: failed to execute internal merge" err && + git ls-files -u >output && + git diff --name-only HEAD >>output && + test_must_be_empty output +' + test_done From 9ed8e17d8a8c374529bb908c81f1a862f689b904 Mon Sep 17 00:00:00 2001 From: Elijah Newren Date: Wed, 19 Jun 2024 03:00:15 +0000 Subject: [PATCH 3/8] merge-ort: fix type of local 'clean' var in handle_content_merge () handle_content_merge() returns an int. Every caller of handle_content_merge() expects an int. However, we declare a local variable 'clean' that we use for the return value to be unsigned. To make matters worse, we also assign 'clean' the return value of merge_submodule() in one codepath, which is defined to return an int. It seems that the only reason to have 'clean' be unsigned was to allow a cutesy bit manipulation operation to be well-defined. Fix the type of the 'clean' local in handle_content_merge(). Signed-off-by: Elijah Newren Signed-off-by: Junio C Hamano --- merge-ort.c | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/merge-ort.c b/merge-ort.c index dc62aaf6d1..be0f5bc383 100644 --- a/merge-ort.c +++ b/merge-ort.c @@ -2109,7 +2109,7 @@ static int handle_content_merge(struct merge_options *opt, * merges, which happens for example with rename/rename(2to1) and * rename/add conflicts. */ - unsigned clean = 1; + int clean = 1; /* * handle_content_merge() needs both files to be of the same type, i.e. @@ -2184,7 +2184,8 @@ static int handle_content_merge(struct merge_options *opt, free(result_buf.ptr); if (ret) return -1; - clean &= (merge_status == 0); + if (merge_status > 0) + clean = 0; path_msg(opt, INFO_AUTO_MERGING, 1, path, NULL, NULL, NULL, _("Auto-merging %s"), path); } else if (S_ISGITLINK(a->mode)) { From 5fadf1f93371204b82a02a30315f655a293aa7f5 Mon Sep 17 00:00:00 2001 From: Elijah Newren Date: Wed, 19 Jun 2024 03:00:16 +0000 Subject: [PATCH 4/8] merge-ort: clearer propagation of failure-to-function from merge_submodule The 'clean' member variable is somewhat of a tri-state (1 = clean, 0 = conflicted, -1 = failure-to-determine), but we often like to think of it as binary (ignoring the possibility of a negative value) and use constructs like '!clean' to reflect this. However, these constructs can make codepaths more difficult to understand, unless we handle the negative case early and return pre-emptively; do that in handle_content_merge() to make the code a bit easier to read. Signed-off-by: Elijah Newren Signed-off-by: Junio C Hamano --- merge-ort.c | 2 ++ 1 file changed, 2 insertions(+) diff --git a/merge-ort.c b/merge-ort.c index be0f5bc383..d187c966c6 100644 --- a/merge-ort.c +++ b/merge-ort.c @@ -2193,6 +2193,8 @@ static int handle_content_merge(struct merge_options *opt, clean = merge_submodule(opt, pathnames[0], two_way ? null_oid() : &o->oid, &a->oid, &b->oid, &result->oid); + if (clean < 0) + return -1; if (opt->priv->call_depth && two_way && !clean) { result->mode = o->mode; oidcpy(&result->oid, &o->oid); From c55c3f20b1eec1bb4b23f51488cc5f3ac224bc64 Mon Sep 17 00:00:00 2001 From: Elijah Newren Date: Wed, 19 Jun 2024 03:00:17 +0000 Subject: [PATCH 5/8] merge-ort: loosen commented requirements The comment above type_short_descriptions claimed that the order had to match what was found in the conflict_info_and_types enum. Since type_short_descriptions uses designated initializers, the order should not actually matter; I am guessing that positional initializers may have been under consideration when that comment was added, but the comment was not updated when designated initializers were chosen. Signed-off-by: Elijah Newren Signed-off-by: Junio C Hamano --- merge-ort.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/merge-ort.c b/merge-ort.c index d187c966c6..d0b1346328 100644 --- a/merge-ort.c +++ b/merge-ort.c @@ -553,7 +553,7 @@ enum conflict_and_info_types { * Short description of conflict type, relied upon by external tools. * * We can add more entries, but DO NOT change any of these strings. Also, - * Order MUST match conflict_info_and_types. + * please ensure the order matches what is used in conflict_info_and_types. */ static const char *type_short_descriptions[] = { /*** "Simple" conflicts and informational messages ***/ From 14949d91b60176fa01850c2a3454cd72eb9bc5d6 Mon Sep 17 00:00:00 2001 From: Elijah Newren Date: Wed, 19 Jun 2024 03:00:18 +0000 Subject: [PATCH 6/8] merge-ort: upon merge abort, only show messages causing the abort When something goes wrong enough that we need to abort early and not even attempt merging the remaining files, it probably does not make sense to report conflicts messages for the subset of files we processed before hitting the fatal error. Instead, only show the messages associated with paths where we hit the fatal error. Also, print these messages to stderr rather than stdout. Signed-off-by: Elijah Newren Signed-off-by: Junio C Hamano --- merge-ort.c | 78 ++++++++++++++++++++++++++++++++++++----------------- 1 file changed, 53 insertions(+), 25 deletions(-) diff --git a/merge-ort.c b/merge-ort.c index d0b1346328..b337e4d74e 100644 --- a/merge-ort.c +++ b/merge-ort.c @@ -543,10 +543,24 @@ enum conflict_and_info_types { CONFLICT_SUBMODULE_HISTORY_NOT_AVAILABLE, CONFLICT_SUBMODULE_MAY_HAVE_REWINDS, CONFLICT_SUBMODULE_NULL_MERGE_BASE, - CONFLICT_SUBMODULE_CORRUPT, + + /* INSERT NEW ENTRIES HERE */ + + /* + * Keep this entry after all regular conflict and info types; only + * errors (failures causing immediate abort of the merge) should + * come after this. + */ + NB_REGULAR_CONFLICT_TYPES, + + /* + * Something is seriously wrong; cannot even perform merge; + * Keep this group _last_ other than NB_TOTAL_TYPES + */ + ERROR_SUBMODULE_CORRUPT, /* Keep this entry _last_ in the list */ - NB_CONFLICT_TYPES, + NB_TOTAL_TYPES, }; /* @@ -597,8 +611,10 @@ static const char *type_short_descriptions[] = { "CONFLICT (submodule may have rewinds)", [CONFLICT_SUBMODULE_NULL_MERGE_BASE] = "CONFLICT (submodule lacks merge base)", - [CONFLICT_SUBMODULE_CORRUPT] = - "CONFLICT (submodule corrupt)" + + /* Something is seriously wrong; cannot even perform merge */ + [ERROR_SUBMODULE_CORRUPT] = + "ERROR (submodule corrupt)", }; struct logical_conflict_info { @@ -762,7 +778,8 @@ static void path_msg(struct merge_options *opt, /* Sanity checks */ assert(omittable_hint == - !starts_with(type_short_descriptions[type], "CONFLICT") || + (!starts_with(type_short_descriptions[type], "CONFLICT") && + !starts_with(type_short_descriptions[type], "ERROR")) || type == CONFLICT_DIR_RENAME_SUGGESTED); if (opt->record_conflict_msgs_as_headers && omittable_hint) return; /* Do not record mere hints in headers */ @@ -1817,9 +1834,9 @@ static int merge_submodule(struct merge_options *opt, /* check whether both changes are forward */ ret2 = repo_in_merge_bases(&subrepo, commit_o, commit_a); if (ret2 < 0) { - path_msg(opt, CONFLICT_SUBMODULE_CORRUPT, 0, + path_msg(opt, ERROR_SUBMODULE_CORRUPT, 0, path, NULL, NULL, NULL, - _("Failed to merge submodule %s " + _("error: failed to merge submodule %s " "(repository corrupt)"), path); ret = -1; @@ -1828,9 +1845,9 @@ static int merge_submodule(struct merge_options *opt, if (ret2 > 0) ret2 = repo_in_merge_bases(&subrepo, commit_o, commit_b); if (ret2 < 0) { - path_msg(opt, CONFLICT_SUBMODULE_CORRUPT, 0, + path_msg(opt, ERROR_SUBMODULE_CORRUPT, 0, path, NULL, NULL, NULL, - _("Failed to merge submodule %s " + _("error: failed to merge submodule %s " "(repository corrupt)"), path); ret = -1; @@ -1848,9 +1865,9 @@ static int merge_submodule(struct merge_options *opt, /* Case #1: a is contained in b or vice versa */ ret2 = repo_in_merge_bases(&subrepo, commit_a, commit_b); if (ret2 < 0) { - path_msg(opt, CONFLICT_SUBMODULE_CORRUPT, 0, + path_msg(opt, ERROR_SUBMODULE_CORRUPT, 0, path, NULL, NULL, NULL, - _("Failed to merge submodule %s " + _("error: failed to merge submodule %s " "(repository corrupt)"), path); ret = -1; @@ -1867,9 +1884,9 @@ static int merge_submodule(struct merge_options *opt, } ret2 = repo_in_merge_bases(&subrepo, commit_b, commit_a); if (ret2 < 0) { - path_msg(opt, CONFLICT_SUBMODULE_CORRUPT, 0, + path_msg(opt, ERROR_SUBMODULE_CORRUPT, 0, path, NULL, NULL, NULL, - _("Failed to merge submodule %s " + _("error: failed to merge submodule %s " "(repository corrupt)"), path); ret = -1; @@ -1901,9 +1918,9 @@ static int merge_submodule(struct merge_options *opt, &merges); switch (parent_count) { case -1: - path_msg(opt, CONFLICT_SUBMODULE_CORRUPT, 0, + path_msg(opt, ERROR_SUBMODULE_CORRUPT, 0, path, NULL, NULL, NULL, - _("Failed to merge submodule %s " + _("error: failed to merge submodule %s " "(repository corrupt)"), path); ret = -1; @@ -4646,6 +4663,7 @@ void merge_display_update_messages(struct merge_options *opt, struct hashmap_iter iter; struct strmap_entry *e; struct string_list olist = STRING_LIST_INIT_NODUP; + FILE *o = stdout; if (opt->record_conflict_msgs_as_headers) BUG("Either display conflict messages or record them as headers, not both"); @@ -4662,6 +4680,10 @@ void merge_display_update_messages(struct merge_options *opt, } string_list_sort(&olist); + /* Print to stderr if we hit errors rather than just conflicts */ + if (result->clean < 0) + o = stderr; + /* Iterate over the items, printing them */ for (int path_nr = 0; path_nr < olist.nr; ++path_nr) { struct string_list *conflicts = olist.items[path_nr].util; @@ -4669,25 +4691,31 @@ void merge_display_update_messages(struct merge_options *opt, struct logical_conflict_info *info = conflicts->items[i].util; + /* On failure, ignore regular conflict types */ + if (result->clean < 0 && + info->type < NB_REGULAR_CONFLICT_TYPES) + continue; + if (detailed) { - printf("%lu", (unsigned long)info->paths.nr); - putchar('\0'); + fprintf(o, "%lu", (unsigned long)info->paths.nr); + fputc('\0', o); for (int n = 0; n < info->paths.nr; n++) { - fputs(info->paths.v[n], stdout); - putchar('\0'); + fputs(info->paths.v[n], o); + fputc('\0', o); } - fputs(type_short_descriptions[info->type], - stdout); - putchar('\0'); + fputs(type_short_descriptions[info->type], o); + fputc('\0', o); } - puts(conflicts->items[i].string); + fputs(conflicts->items[i].string, o); + fputc('\n', o); if (detailed) - putchar('\0'); + fputc('\0', o); } } string_list_clear(&olist, 0); - print_submodule_conflict_suggestion(&opti->conflicted_submodules); + if (result->clean >= 0) + print_submodule_conflict_suggestion(&opti->conflicted_submodules); /* Also include needed rename limit adjustment now */ diff_warn_rename_limit("merge.renamelimit", From f19b9165351a4058832bb43560178474c7501925 Mon Sep 17 00:00:00 2001 From: Elijah Newren Date: Wed, 19 Jun 2024 03:00:19 +0000 Subject: [PATCH 7/8] merge-ort: convert more error() cases to path_msg() merge_submodule() stores errors using path_msg(), whereas other call sites make use of the error() function. This is inconsistent, and moving towards path_msg() seems more friendly for libification efforts since it will allow the caller to determine whether the error messages need to be printed. Note that this deferred handling of error messages changes the error message in a recursive merge from error: failed to execute internal merge to From inner merge: error: failed to execute internal merge which provides a little more information about the error which may be useful. Since the recursive merge strategy still only shows the older error, we had to adjust the new testcase introduced a few commits ago to just search for the older message somewhere in the output. Signed-off-by: Elijah Newren Signed-off-by: Junio C Hamano --- merge-ort.c | 53 +++++++++++++++++++++++++++++++++---------- t/t6406-merge-attr.sh | 2 +- 2 files changed, 42 insertions(+), 13 deletions(-) diff --git a/merge-ort.c b/merge-ort.c index b337e4d74e..8dfe80f100 100644 --- a/merge-ort.c +++ b/merge-ort.c @@ -558,6 +558,10 @@ enum conflict_and_info_types { * Keep this group _last_ other than NB_TOTAL_TYPES */ ERROR_SUBMODULE_CORRUPT, + ERROR_THREEWAY_CONTENT_MERGE_FAILED, + ERROR_OBJECT_WRITE_FAILED, + ERROR_OBJECT_READ_FAILED, + ERROR_OBJECT_NOT_A_BLOB, /* Keep this entry _last_ in the list */ NB_TOTAL_TYPES, @@ -615,6 +619,14 @@ static const char *type_short_descriptions[] = { /* Something is seriously wrong; cannot even perform merge */ [ERROR_SUBMODULE_CORRUPT] = "ERROR (submodule corrupt)", + [ERROR_THREEWAY_CONTENT_MERGE_FAILED] = + "ERROR (three-way content merge failed)", + [ERROR_OBJECT_WRITE_FAILED] = + "ERROR (object write failed)", + [ERROR_OBJECT_READ_FAILED] = + "ERROR (object read failed)", + [ERROR_OBJECT_NOT_A_BLOB] = + "ERROR (object is not a blob)", }; struct logical_conflict_info { @@ -2190,15 +2202,24 @@ static int handle_content_merge(struct merge_options *opt, pathnames, extra_marker_size, &result_buf); - if ((merge_status < 0) || !result_buf.ptr) - ret = error(_("failed to execute internal merge")); + if ((merge_status < 0) || !result_buf.ptr) { + path_msg(opt, ERROR_THREEWAY_CONTENT_MERGE_FAILED, 0, + pathnames[0], pathnames[1], pathnames[2], NULL, + _("error: failed to execute internal merge for %s"), + path); + ret = -1; + } if (!ret && write_object_file(result_buf.ptr, result_buf.size, - OBJ_BLOB, &result->oid)) - ret = error(_("unable to add %s to database"), path); - + OBJ_BLOB, &result->oid)) { + path_msg(opt, ERROR_OBJECT_WRITE_FAILED, 0, + pathnames[0], pathnames[1], pathnames[2], NULL, + _("error: unable to add %s to database"), path); + ret = -1; + } free(result_buf.ptr); + if (ret) return -1; if (merge_status > 0) @@ -3577,18 +3598,26 @@ static int sort_dirs_next_to_their_children(const char *one, const char *two) return c1 - c2; } -static int read_oid_strbuf(const struct object_id *oid, - struct strbuf *dst) +static int read_oid_strbuf(struct merge_options *opt, + const struct object_id *oid, + struct strbuf *dst, + const char *path) { void *buf; enum object_type type; unsigned long size; buf = repo_read_object_file(the_repository, oid, &type, &size); - if (!buf) - return error(_("cannot read object %s"), oid_to_hex(oid)); + if (!buf) { + path_msg(opt, ERROR_OBJECT_READ_FAILED, 0, + path, NULL, NULL, NULL, + _("error: cannot read object %s"), oid_to_hex(oid)); + return -1; + } if (type != OBJ_BLOB) { free(buf); - return error(_("object %s is not a blob"), oid_to_hex(oid)); + path_msg(opt, ERROR_OBJECT_NOT_A_BLOB, 0, + path, NULL, NULL, NULL, + _("error: object %s is not a blob"), oid_to_hex(oid)); } strbuf_attach(dst, buf, size, size + 1); return 0; @@ -3612,8 +3641,8 @@ static int blob_unchanged(struct merge_options *opt, if (oideq(&base->oid, &side->oid)) return 1; - if (read_oid_strbuf(&base->oid, &basebuf) || - read_oid_strbuf(&side->oid, &sidebuf)) + if (read_oid_strbuf(opt, &base->oid, &basebuf, path) || + read_oid_strbuf(opt, &side->oid, &sidebuf, path)) goto error_return; /* * Note: binary | is used so that both renormalizations are diff --git a/t/t6406-merge-attr.sh b/t/t6406-merge-attr.sh index b6db5c2cc3..9bf9524934 100755 --- a/t/t6406-merge-attr.sh +++ b/t/t6406-merge-attr.sh @@ -295,7 +295,7 @@ test_expect_success !WINDOWS 'custom merge driver that is killed with a signal o >./please-abort && echo "* merge=custom" >.gitattributes && test_expect_code 2 git merge recursive-a 2>err && - grep "^error: failed to execute internal merge" err && + grep "error: failed to execute internal merge" err && git ls-files -u >output && git diff --name-only HEAD >>output && test_must_be_empty output From fcf59ac1363493c4aab6de8547a28a8dd148871e Mon Sep 17 00:00:00 2001 From: Elijah Newren Date: Thu, 4 Jul 2024 20:02:21 +0000 Subject: [PATCH 8/8] merge-ort: fix missing early return One of the conversions in f19b9165 (merge-ort: convert more error() cases to path_msg(), 2024-06-19) accidentally lost the early return. Restore it. Signed-off-by: Elijah Newren Signed-off-by: Junio C Hamano --- merge-ort.c | 1 + 1 file changed, 1 insertion(+) diff --git a/merge-ort.c b/merge-ort.c index 8dfe80f100..d9ba6e3e52 100644 --- a/merge-ort.c +++ b/merge-ort.c @@ -3618,6 +3618,7 @@ static int read_oid_strbuf(struct merge_options *opt, path_msg(opt, ERROR_OBJECT_NOT_A_BLOB, 0, path, NULL, NULL, NULL, _("error: object %s is not a blob"), oid_to_hex(oid)); + return -1; } strbuf_attach(dst, buf, size, size + 1); return 0;