diff options
| author | Eric S. Raymond | 2008-05-16 08:53:51 +0000 |
|---|---|---|
| committer | Eric S. Raymond | 2008-05-16 08:53:51 +0000 |
| commit | 780162950d6e834a0269525334274cba9ddd5bd3 (patch) | |
| tree | 8cdad3574641092aff9faaf2adcaac1f0a72e7a1 | |
| parent | a2a413ad1a5a4bb36f20a163b83c16f7682ea47e (diff) | |
| download | emacs-780162950d6e834a0269525334274cba9ddd5bd3.tar.gz emacs-780162950d6e834a0269525334274cba9ddd5bd3.zip | |
Remove a very old comment.
| -rw-r--r-- | lisp/ChangeLog | 6 | ||||
| -rw-r--r-- | lisp/vc.el | 346 |
2 files changed, 6 insertions, 346 deletions
diff --git a/lisp/ChangeLog b/lisp/ChangeLog index 5d4de7adc65..99c790dc397 100644 --- a/lisp/ChangeLog +++ b/lisp/ChangeLog | |||
| @@ -1,3 +1,9 @@ | |||
| 1 | 2008-05-16 Eric S. Raymond <esr@snark.thyrsus.com> | ||
| 2 | |||
| 3 | * vc.el: Remove my analysis of SCCS/RCS concurrency issues from | ||
| 4 | the end of the file, it was good work at one time but has been | ||
| 5 | stale since 1995 and may now be actively misleading. | ||
| 6 | |||
| 1 | 2008-05-16 Juanma Barranquero <lekktu@gmail.com> | 7 | 2008-05-16 Juanma Barranquero <lekktu@gmail.com> |
| 2 | 8 | ||
| 3 | * vc-rcs.el (vc-rcs-create-tag): | 9 | * vc-rcs.el (vc-rcs-create-tag): |
diff --git a/lisp/vc.el b/lisp/vc.el index 57f8f092d0e..4ba89789b30 100644 --- a/lisp/vc.el +++ b/lisp/vc.el | |||
| @@ -3251,351 +3251,5 @@ Invoke FUNC f ARGS on each VC-managed file f underneath it." | |||
| 3251 | 3251 | ||
| 3252 | (provide 'vc) | 3252 | (provide 'vc) |
| 3253 | 3253 | ||
| 3254 | ;; DEVELOPER'S NOTES ON CONCURRENCY PROBLEMS IN THIS CODE | ||
| 3255 | ;; | ||
| 3256 | ;; These may be useful to anyone who has to debug or extend the package. | ||
| 3257 | ;; (Note that this information corresponds to versions 5.x. Some of it | ||
| 3258 | ;; might have been invalidated by the additions to support branching | ||
| 3259 | ;; and RCS keyword lookup. AS, 1995/03/24) | ||
| 3260 | ;; | ||
| 3261 | ;; A fundamental problem in VC is that there are time windows between | ||
| 3262 | ;; vc-next-action's computations of the file's version-control state and | ||
| 3263 | ;; the actions that change it. This is a window open to lossage in a | ||
| 3264 | ;; multi-user environment; someone else could nip in and change the state | ||
| 3265 | ;; of the master during it. | ||
| 3266 | ;; | ||
| 3267 | ;; The performance problem is that rlog/prs calls are very expensive; we want | ||
| 3268 | ;; to avoid them as much as possible. | ||
| 3269 | ;; | ||
| 3270 | ;; ANALYSIS: | ||
| 3271 | ;; | ||
| 3272 | ;; The performance problem, it turns out, simplifies in practice to the | ||
| 3273 | ;; problem of making vc-state fast. The two other functions that call | ||
| 3274 | ;; prs/rlog will not be so commonly used that the slowdown is a problem; one | ||
| 3275 | ;; makes tags, the other deletes the calling user's last change in the | ||
| 3276 | ;; master. | ||
| 3277 | ;; | ||
| 3278 | ;; The race condition implies that we have to either (a) lock the master | ||
| 3279 | ;; during the entire execution of vc-next-action, or (b) detect and | ||
| 3280 | ;; recover from errors resulting from dispatch on an out-of-date state. | ||
| 3281 | ;; | ||
| 3282 | ;; Alternative (a) appears to be infeasible. The problem is that we can't | ||
| 3283 | ;; guarantee that the lock will ever be removed. Suppose a user starts a | ||
| 3284 | ;; checkin, the change message buffer pops up, and the user, having wandered | ||
| 3285 | ;; off to do something else, simply forgets about it? | ||
| 3286 | ;; | ||
| 3287 | ;; Alternative (b), on the other hand, works well with a cheap way to speed up | ||
| 3288 | ;; vc-state. Usually, if a file is registered, we can read its locked/ | ||
| 3289 | ;; unlocked state and its current owner from its permissions. | ||
| 3290 | ;; | ||
| 3291 | ;; This shortcut will fail if someone has manually changed the workfile's | ||
| 3292 | ;; permissions; also if developers are munging the workfile in several | ||
| 3293 | ;; directories, with symlinks to a master (in this latter case, the | ||
| 3294 | ;; permissions shortcut will fail to detect a lock asserted from another | ||
| 3295 | ;; directory). | ||
| 3296 | ;; | ||
| 3297 | ;; Note that these cases correspond exactly to the errors which could happen | ||
| 3298 | ;; because of a competing checkin/checkout race in between two instances of | ||
| 3299 | ;; vc-next-action. | ||
| 3300 | ;; | ||
| 3301 | ;; For VC's purposes, a workfile/master pair may have the following states: | ||
| 3302 | ;; | ||
| 3303 | ;; A. Unregistered. There is a workfile, there is no master. | ||
| 3304 | ;; | ||
| 3305 | ;; B. Registered and not locked by anyone. | ||
| 3306 | ;; | ||
| 3307 | ;; C. Locked by calling user and unchanged. | ||
| 3308 | ;; | ||
| 3309 | ;; D. Locked by the calling user and changed. | ||
| 3310 | ;; | ||
| 3311 | ;; E. Locked by someone other than the calling user. | ||
| 3312 | ;; | ||
| 3313 | ;; This makes for 25 states and 20 error conditions. Here's the matrix: | ||
| 3314 | ;; | ||
| 3315 | ;; VC's idea of state | ||
| 3316 | ;; | | ||
| 3317 | ;; V Actual state RCS action SCCS action Effect | ||
| 3318 | ;; A B C D E | ||
| 3319 | ;; A . 1 2 3 4 ci -u -t- admin -fb -i<file> initial admin | ||
| 3320 | ;; B 5 . 6 7 8 co -l get -e checkout | ||
| 3321 | ;; C 9 10 . 11 12 co -u unget; get revert | ||
| 3322 | ;; D 13 14 15 . 16 ci -u -m<comment> delta -y<comment>; get checkin | ||
| 3323 | ;; E 17 18 19 20 . rcs -u -M -l unget -n ; get -g steal lock | ||
| 3324 | ;; | ||
| 3325 | ;; All commands take the master file name as a last argument (not shown). | ||
| 3326 | ;; | ||
| 3327 | ;; In the discussion below, a "self-race" is a pathological situation in | ||
| 3328 | ;; which VC operations are being attempted simultaneously by two or more | ||
| 3329 | ;; Emacsen running under the same username. | ||
| 3330 | ;; | ||
| 3331 | ;; The vc-next-action code has the following windows: | ||
| 3332 | ;; | ||
| 3333 | ;; Window P: | ||
| 3334 | ;; Between the check for existence of a master file and the call to | ||
| 3335 | ;; admin/checkin in vc-buffer-admin (apparent state A). This window may | ||
| 3336 | ;; never close if the initial-comment feature is on. | ||
| 3337 | ;; | ||
| 3338 | ;; Window Q: | ||
| 3339 | ;; Between the call to vc-workfile-unchanged-p in and the immediately | ||
| 3340 | ;; following revert (apparent state C). | ||
| 3341 | ;; | ||
| 3342 | ;; Window R: | ||
| 3343 | ;; Between the call to vc-workfile-unchanged-p in and the following | ||
| 3344 | ;; checkin (apparent state D). This window may never close. | ||
| 3345 | ;; | ||
| 3346 | ;; Window S: | ||
| 3347 | ;; Between the unlock and the immediately following checkout during a | ||
| 3348 | ;; revert operation (apparent state C). Included in window Q. | ||
| 3349 | ;; | ||
| 3350 | ;; Window T: | ||
| 3351 | ;; Between vc-state and the following checkout (apparent state B). | ||
| 3352 | ;; | ||
| 3353 | ;; Window U: | ||
| 3354 | ;; Between vc-state and the following revert (apparent state C). | ||
| 3355 | ;; Includes windows Q and S. | ||
| 3356 | ;; | ||
| 3357 | ;; Window V: | ||
| 3358 | ;; Between vc-state and the following checkin (apparent state | ||
| 3359 | ;; D). This window may never be closed if the user fails to complete the | ||
| 3360 | ;; checkin message. Includes window R. | ||
| 3361 | ;; | ||
| 3362 | ;; Window W: | ||
| 3363 | ;; Between vc-state and the following steal-lock (apparent | ||
| 3364 | ;; state E). This window may never close if the user fails to complete | ||
| 3365 | ;; the steal-lock message. Includes window X. | ||
| 3366 | ;; | ||
| 3367 | ;; Window X: | ||
| 3368 | ;; Between the unlock and the immediately following re-lock during a | ||
| 3369 | ;; steal-lock operation (apparent state E). This window may never close | ||
| 3370 | ;; if the user fails to complete the steal-lock message. | ||
| 3371 | ;; | ||
| 3372 | ;; Errors: | ||
| 3373 | ;; | ||
| 3374 | ;; Apparent state A --- | ||
| 3375 | ;; | ||
| 3376 | ;; 1. File looked unregistered but is actually registered and not locked. | ||
| 3377 | ;; | ||
| 3378 | ;; Potential cause: someone else's admin during window P, with | ||
| 3379 | ;; caller's admin happening before their checkout. | ||
| 3380 | ;; | ||
| 3381 | ;; RCS: Prior to version 5.6.4, ci fails with message | ||
| 3382 | ;; "no lock set by <user>". From 5.6.4 onwards, VC uses the new | ||
| 3383 | ;; ci -i option and the message is "<file>,v: already exists". | ||
| 3384 | ;; SCCS: admin will fail with error (ad19). | ||
| 3385 | ;; | ||
| 3386 | ;; We can let these errors be passed up to the user. | ||
| 3387 | ;; | ||
| 3388 | ;; 2. File looked unregistered but is actually locked by caller, unchanged. | ||
| 3389 | ;; | ||
| 3390 | ;; Potential cause: self-race during window P. | ||
| 3391 | ;; | ||
| 3392 | ;; RCS: Prior to version 5.6.4, reverts the file to the last saved | ||
| 3393 | ;; version and unlocks it. From 5.6.4 onwards, VC uses the new | ||
| 3394 | ;; ci -i option, failing with message "<file>,v: already exists". | ||
| 3395 | ;; SCCS: will fail with error (ad19). | ||
| 3396 | ;; | ||
| 3397 | ;; Either of these consequences is acceptable. | ||
| 3398 | ;; | ||
| 3399 | ;; 3. File looked unregistered but is actually locked by caller, changed. | ||
| 3400 | ;; | ||
| 3401 | ;; Potential cause: self-race during window P. | ||
| 3402 | ;; | ||
| 3403 | ;; RCS: Prior to version 5.6.4, VC registers the caller's workfile as | ||
| 3404 | ;; a delta with a null change comment (the -t- switch will be | ||
| 3405 | ;; ignored). From 5.6.4 onwards, VC uses the new ci -i option, | ||
| 3406 | ;; failing with message "<file>,v: already exists". | ||
| 3407 | ;; SCCS: will fail with error (ad19). | ||
| 3408 | ;; | ||
| 3409 | ;; 4. File looked unregistered but is locked by someone else. | ||
| 3410 | ;;; | ||
| 3411 | ;; Potential cause: someone else's admin during window P, with | ||
| 3412 | ;; caller's admin happening *after* their checkout. | ||
| 3413 | ;; | ||
| 3414 | ;; RCS: Prior to version 5.6.4, ci fails with a | ||
| 3415 | ;; "no lock set by <user>" message. From 5.6.4 onwards, | ||
| 3416 | ;; VC uses the new ci -i option, failing with message | ||
| 3417 | ;; "<file>,v: already exists". | ||
| 3418 | ;; SCCS: will fail with error (ad19). | ||
| 3419 | ;; | ||
| 3420 | ;; We can let these errors be passed up to the user. | ||
| 3421 | ;; | ||
| 3422 | ;; Apparent state B --- | ||
| 3423 | ;; | ||
| 3424 | ;; 5. File looked registered and not locked, but is actually unregistered. | ||
| 3425 | ;; | ||
| 3426 | ;; Potential cause: master file got nuked during window P. | ||
| 3427 | ;; | ||
| 3428 | ;; RCS: will fail with "RCS/<file>: No such file or directory" | ||
| 3429 | ;; SCCS: will fail with error ut4. | ||
| 3430 | ;; | ||
| 3431 | ;; We can let these errors be passed up to the user. | ||
| 3432 | ;; | ||
| 3433 | ;; 6. File looked registered and not locked, but is actually locked by the | ||
| 3434 | ;; calling user and unchanged. | ||
| 3435 | ;; | ||
| 3436 | ;; Potential cause: self-race during window T. | ||
| 3437 | ;; | ||
| 3438 | ;; RCS: in the same directory as the previous workfile, co -l will fail | ||
| 3439 | ;; with "co error: writable foo exists; checkout aborted". In any other | ||
| 3440 | ;; directory, checkout will succeed. | ||
| 3441 | ;; SCCS: will fail with ge17. | ||
| 3442 | ;; | ||
| 3443 | ;; Either of these consequences is acceptable. | ||
| 3444 | ;; | ||
| 3445 | ;; 7. File looked registered and not locked, but is actually locked by the | ||
| 3446 | ;; calling user and changed. | ||
| 3447 | ;; | ||
| 3448 | ;; As case 6. | ||
| 3449 | ;; | ||
| 3450 | ;; 8. File looked registered and not locked, but is actually locked by another | ||
| 3451 | ;; user. | ||
| 3452 | ;; | ||
| 3453 | ;; Potential cause: someone else checks it out during window T. | ||
| 3454 | ;; | ||
| 3455 | ;; RCS: co error: revision 1.3 already locked by <user> | ||
| 3456 | ;; SCCS: fails with ge4 (in directory) or ut7 (outside it). | ||
| 3457 | ;; | ||
| 3458 | ;; We can let these errors be passed up to the user. | ||
| 3459 | ;; | ||
| 3460 | ;; Apparent state C --- | ||
| 3461 | ;; | ||
| 3462 | ;; 9. File looks locked by calling user and unchanged, but is unregistered. | ||
| 3463 | ;; | ||
| 3464 | ;; As case 5. | ||
| 3465 | ;; | ||
| 3466 | ;; 10. File looks locked by calling user and unchanged, but is actually not | ||
| 3467 | ;; locked. | ||
| 3468 | ;; | ||
| 3469 | ;; Potential cause: a self-race in window U, or by the revert's | ||
| 3470 | ;; landing during window X of some other user's steal-lock or window S | ||
| 3471 | ;; of another user's revert. | ||
| 3472 | ;; | ||
| 3473 | ;; RCS: succeeds, refreshing the file from the identical version in | ||
| 3474 | ;; the master. | ||
| 3475 | ;; SCCS: fails with error ut4 (p file nonexistent). | ||
| 3476 | ;; | ||
| 3477 | ;; Either of these consequences is acceptable. | ||
| 3478 | ;; | ||
| 3479 | ;; 11. File is locked by calling user. It looks unchanged, but is actually | ||
| 3480 | ;; changed. | ||
| 3481 | ;; | ||
| 3482 | ;; Potential cause: the file would have to be touched by a self-race | ||
| 3483 | ;; during window Q. | ||
| 3484 | ;; | ||
| 3485 | ;; The revert will succeed, removing whatever changes came with | ||
| 3486 | ;; the touch. It is theoretically possible that work could be lost. | ||
| 3487 | ;; | ||
| 3488 | ;; 12. File looks like it's locked by the calling user and unchanged, but | ||
| 3489 | ;; it's actually locked by someone else. | ||
| 3490 | ;; | ||
| 3491 | ;; Potential cause: a steal-lock in window V. | ||
| 3492 | ;; | ||
| 3493 | ;; RCS: co error: revision <rev> locked by <user>; use co -r or rcs -u | ||
| 3494 | ;; SCCS: fails with error un2 | ||
| 3495 | ;; | ||
| 3496 | ;; We can pass these errors up to the user. | ||
| 3497 | ;; | ||
| 3498 | ;; Apparent state D --- | ||
| 3499 | ;; | ||
| 3500 | ;; 13. File looks like it's locked by the calling user and changed, but it's | ||
| 3501 | ;; actually unregistered. | ||
| 3502 | ;; | ||
| 3503 | ;; Potential cause: master file got nuked during window P. | ||
| 3504 | ;; | ||
| 3505 | ;; RCS: Prior to version 5.6.4, checks in the user's version as an | ||
| 3506 | ;; initial delta. From 5.6.4 onwards, VC uses the new ci -j | ||
| 3507 | ;; option, failing with message "no such file or directory". | ||
| 3508 | ;; SCCS: will fail with error ut4. | ||
| 3509 | ;; | ||
| 3510 | ;; This case is kind of nasty. Under RCS prior to version 5.6.4, | ||
| 3511 | ;; VC may fail to detect the loss of previous version information. | ||
| 3512 | ;; | ||
| 3513 | ;; 14. File looks like it's locked by the calling user and changed, but it's | ||
| 3514 | ;; actually unlocked. | ||
| 3515 | ;; | ||
| 3516 | ;; Potential cause: self-race in window V, or the checkin happening | ||
| 3517 | ;; during the window X of someone else's steal-lock or window S of | ||
| 3518 | ;; someone else's revert. | ||
| 3519 | ;; | ||
| 3520 | ;; RCS: ci will fail with "no lock set by <user>". | ||
| 3521 | ;; SCCS: delta will fail with error ut4. | ||
| 3522 | ;; | ||
| 3523 | ;; 15. File looks like it's locked by the calling user and changed, but it's | ||
| 3524 | ;; actually locked by the calling user and unchanged. | ||
| 3525 | ;; | ||
| 3526 | ;; Potential cause: another self-race --- a whole checkin/checkout | ||
| 3527 | ;; sequence by the calling user would have to land in window R. | ||
| 3528 | ;; | ||
| 3529 | ;; SCCS: checks in a redundant delta and leaves the file unlocked as usual. | ||
| 3530 | ;; RCS: reverts to the file state as of the second user's checkin, leaving | ||
| 3531 | ;; the file unlocked. | ||
| 3532 | ;; | ||
| 3533 | ;; It is theoretically possible that work could be lost under RCS. | ||
| 3534 | ;; | ||
| 3535 | ;; 16. File looks like it's locked by the calling user and changed, but it's | ||
| 3536 | ;; actually locked by a different user. | ||
| 3537 | ;; | ||
| 3538 | ;; RCS: ci error: no lock set by <user> | ||
| 3539 | ;; SCCS: unget will fail with error un2 | ||
| 3540 | ;; | ||
| 3541 | ;; We can pass these errors up to the user. | ||
| 3542 | ;; | ||
| 3543 | ;; Apparent state E --- | ||
| 3544 | ;; | ||
| 3545 | ;; 17. File looks like it's locked by some other user, but it's actually | ||
| 3546 | ;; unregistered. | ||
| 3547 | ;; | ||
| 3548 | ;; As case 13. | ||
| 3549 | ;; | ||
| 3550 | ;; 18. File looks like it's locked by some other user, but it's actually | ||
| 3551 | ;; unlocked. | ||
| 3552 | ;; | ||
| 3553 | ;; Potential cause: someone released a lock during window W. | ||
| 3554 | ;; | ||
| 3555 | ;; RCS: The calling user will get the lock on the file. | ||
| 3556 | ;; SCCS: unget -n will fail with cm4. | ||
| 3557 | ;; | ||
| 3558 | ;; Either of these consequences will be OK. | ||
| 3559 | ;; | ||
| 3560 | ;; 19. File looks like it's locked by some other user, but it's actually | ||
| 3561 | ;; locked by the calling user and unchanged. | ||
| 3562 | ;; | ||
| 3563 | ;; Potential cause: the other user relinquishing a lock followed by | ||
| 3564 | ;; a self-race, both in window W. | ||
| 3565 | ;; | ||
| 3566 | ;; Under both RCS and SCCS, both unlock and lock will succeed, making | ||
| 3567 | ;; the sequence a no-op. | ||
| 3568 | ;; | ||
| 3569 | ;; 20. File looks like it's locked by some other user, but it's actually | ||
| 3570 | ;; locked by the calling user and changed. | ||
| 3571 | ;; | ||
| 3572 | ;; As case 19. | ||
| 3573 | ;; | ||
| 3574 | ;; PROBLEM CASES: | ||
| 3575 | ;; | ||
| 3576 | ;; In order of decreasing severity: | ||
| 3577 | ;; | ||
| 3578 | ;; Cases 11 and 15 are the only ones that potentially lose work. | ||
| 3579 | ;; They would require a self-race for this to happen. | ||
| 3580 | ;; | ||
| 3581 | ;; Case 13 in RCS loses information about previous deltas, retaining | ||
| 3582 | ;; only the information in the current workfile. This can only happen | ||
| 3583 | ;; if the master file gets nuked in window P. | ||
| 3584 | ;; | ||
| 3585 | ;; Case 3 in RCS and case 15 under SCCS insert a redundant delta with | ||
| 3586 | ;; no change comment in the master. This would require a self-race in | ||
| 3587 | ;; window P or R respectively. | ||
| 3588 | ;; | ||
| 3589 | ;; Cases 2, 10, 19 and 20 do extra work, but make no changes. | ||
| 3590 | ;; | ||
| 3591 | ;; Unfortunately, it appears to me that no recovery is possible in these | ||
| 3592 | ;; cases. They don't yield error messages, so there's no way to tell that | ||
| 3593 | ;; a race condition has occurred. | ||
| 3594 | ;; | ||
| 3595 | ;; All other cases don't change either the workfile or the master, and | ||
| 3596 | ;; trigger command errors which the user will see. | ||
| 3597 | ;; | ||
| 3598 | ;; Thus, there is no explicit recovery code. | ||
| 3599 | |||
| 3600 | ;; arch-tag: ca82c1de-3091-4e26-af92-460abc6213a6 | 3254 | ;; arch-tag: ca82c1de-3091-4e26-af92-460abc6213a6 |
| 3601 | ;;; vc.el ends here | 3255 | ;;; vc.el ends here |