git-commit-vandalism/t/t1404-update-ref-df-conflicts.sh
Michael Haggerty e911104c84 refs: check for D/F conflicts among refs created in a transaction
If two references that D/F conflict (e.g., "refs/foo" and
"refs/foo/bar") are created in a single transaction, the old code
discovered the problem only after the "commit" phase of
ref_transaction_commit() had already begun. This could leave some
references updated and others not, which violates the promise of
atomicity.

Instead, check for such conflicts during the "locking" phase:

* Teach is_refname_available() to take an "extras" parameter that can
  contain extra reference names with which the specified refname must
  not conflict.

* Change lock_ref_sha1_basic() to take an "extras" parameter, which it
  passes through to is_refname_available().

* Change ref_transaction_commit() to pass "affected_refnames" to
  lock_ref_sha1_basic() as its "extras" argument.

This change fixes a test case in t1404.

This code is a bit stricter than it needs to be. We could conceivably
allow reference "refs/foo/bar" to be created in the same transaction
as "refs/foo" is deleted (or vice versa). But that would be
complicated to implement, because it is not possible to lock
"refs/foo/bar" while "refs/foo" exists as a loose reference, but on
the other hand we don't want to delete some references before adding
others (because that could leave a gap during which required objects
are unreachable). There is also a complication that reflog files'
paths can conflict.

Any less-strict implementation would probably require tricks like the
packing of all references before the start of the real transaction, or
the use of temporary intermediate reference names.

So for now let's accept too-strict checks. Some reference update
transactions will be rejected unnecessarily, but they will be rejected
in their entirety rather than leaving the repository in an
intermediate state, as would happen now.

Please note that there is still one kind of D/F conflict that is *not*
handled correctly. If two processes are running at the same time, and
one tries to create "refs/foo" at the same time that the other tries
to create "refs/foo/bar", then they can race with each other. Both
processes can obtain their respective locks ("refs/foo.lock" and
"refs/foo/bar.lock"), proceed to the "commit" phase of
ref_transaction_commit(), and then the slower process will discover
that it cannot rename its lockfile into place (after possibly having
committed changes to other references). There appears to be no way to
fix this race without changing the locking policy, which in turn would
require a change to *all* Git clients.

Signed-off-by: Michael Haggerty <mhagger@alum.mit.edu>
2015-05-11 11:50:19 -07:00

108 lines
2.5 KiB
Bash
Executable File

#!/bin/sh
test_description='Test git update-ref with D/F conflicts'
. ./test-lib.sh
test_update_rejected () {
prefix="$1" &&
before="$2" &&
pack="$3" &&
create="$4" &&
error="$5" &&
printf "create $prefix/%s $C\n" $before |
git update-ref --stdin &&
git for-each-ref $prefix >unchanged &&
if $pack
then
git pack-refs --all
fi &&
printf "create $prefix/%s $C\n" $create >input &&
test_must_fail git update-ref --stdin <input 2>output.err &&
grep -F "$error" output.err &&
git for-each-ref $prefix >actual &&
test_cmp unchanged actual
}
Q="'"
test_expect_success 'setup' '
git commit --allow-empty -m Initial &&
C=$(git rev-parse HEAD)
'
test_expect_success 'existing loose ref is a simple prefix of new' '
prefix=refs/1l &&
test_update_rejected $prefix "a c e" false "b c/x d" \
"unable to resolve reference $prefix/c/x: Not a directory"
'
test_expect_success 'existing packed ref is a simple prefix of new' '
prefix=refs/1p &&
test_update_rejected $prefix "a c e" true "b c/x d" \
"$Q$prefix/c$Q exists; cannot create $Q$prefix/c/x$Q"
'
test_expect_success 'existing loose ref is a deeper prefix of new' '
prefix=refs/2l &&
test_update_rejected $prefix "a c e" false "b c/x/y d" \
"unable to resolve reference $prefix/c/x/y: Not a directory"
'
test_expect_success 'existing packed ref is a deeper prefix of new' '
prefix=refs/2p &&
test_update_rejected $prefix "a c e" true "b c/x/y d" \
"$Q$prefix/c$Q exists; cannot create $Q$prefix/c/x/y$Q"
'
test_expect_success 'new ref is a simple prefix of existing loose' '
prefix=refs/3l &&
test_update_rejected $prefix "a c/x e" false "b c d" \
"there are still refs under $Q$prefix/c$Q"
'
test_expect_success 'new ref is a simple prefix of existing packed' '
prefix=refs/3p &&
test_update_rejected $prefix "a c/x e" true "b c d" \
"$Q$prefix/c/x$Q exists; cannot create $Q$prefix/c$Q"
'
test_expect_success 'new ref is a deeper prefix of existing loose' '
prefix=refs/4l &&
test_update_rejected $prefix "a c/x/y e" false "b c d" \
"there are still refs under $Q$prefix/c$Q"
'
test_expect_success 'new ref is a deeper prefix of existing packed' '
prefix=refs/4p &&
test_update_rejected $prefix "a c/x/y e" true "b c d" \
"$Q$prefix/c/x/y$Q exists; cannot create $Q$prefix/c$Q"
'
test_expect_success 'one new ref is a simple prefix of another' '
prefix=refs/5 &&
test_update_rejected $prefix "a e" false "b c c/x d" \
"cannot process $Q$prefix/c$Q and $Q$prefix/c/x$Q at the same time"
'
test_done