Alban Gruin <alban.gruin@xxxxxxxxx> writes:
> This rewrites checkout_onto() from shell to C. The new version is called
> detach_onto(), given its role.
The name, given its role, may be good, but is the implementtaion
robust enough to fulfill the promise its name gives?
> git rebase--helper --check-todo-list || {
> ret=$?
> - checkout_onto
> + git rebase--helper --detach-onto "$onto_name" "$onto" \
> + "$orig_head" ${verbose:+--verbose}
Here, $onto_name is what the end-user gave us (e.g. it is
"master..." in "git rebase --onto=master... base"), while $onto is a
40-hex object name of the commit. $orig_head is also a 40-hex
object name.
And this call shows how the above shell scriptlet calls into the
detach_onto() thing ...
> + if (command == DETACH_ONTO && argc == 4)
> + return !!detach_onto(&opts, argv[1], argv[2], argv[3], verbose);
... which is defined like so:
> +int detach_onto(struct replay_opts *opts,
> + const char *onto_name, const char *onto,
> + const char *orig_head, unsigned verbose)
> +{
> + struct object_id oid;
> + const char *action = reflog_message(opts, "start", "checkout %s", onto_name);
> +
> + if (get_oid(orig_head, &oid))
> + return error(_("%s: not a valid OID"), orig_head);
Which means that this can be more strict to use get_oid_hex() to
catch possible mistakes in the caller.
> + if (run_git_checkout(opts, onto, verbose, action)) {
And this could be a bit problematic, as we can see below how the
"checkout" thing does not guarantee "detaching" at all ...
> + apply_autostash(opts);
> + sequencer_remove_state(opts);
> + return error(_("could not detach HEAD"));
> + }
> +
> + return update_ref(NULL, "ORIG_HEAD", &oid, NULL, 0, UPDATE_REFS_MSG_ON_ERR);
> +}
> +
... which can be seen here ...
> +static int run_git_checkout(struct replay_opts *opts, const char *commit,
> + int verbose, const char *action)
> +{
> + struct child_process cmd = CHILD_PROCESS_INIT;
> +
> + cmd.git_cmd = 1;
> +
> + argv_array_push(&cmd.args, "checkout");
> + argv_array_push(&cmd.args, commit);
> + argv_array_pushf(&cmd.env_array, GIT_REFLOG_ACTION "=%s", action);
> +
> + if (verbose)
> + return run_command(&cmd);
> + else
> + return run_command_silent_on_success(&cmd);
> +}
This drives the external command "git checkout" with _any_ string
the caller passes in "commit". If the variable happens to have
'master', for example, it would be "git checkout master" and if you
have a branch with that name, it will not detach but check out the
branch to build on it. It is a caller's responsibility to give a
suitable "commit" if it wants to use this helper to detach.
So perhaps the caller of this function in detach_onto() should pass
"%s^0" or even do something like
struct object_id onto_oid;
char onto_hex[GIT_MAX_HEXSZ + 1];
if (get_oid(onto, &onto_oid) || oid_to_hex_r(onto_hex, &onto_oid))
return error(...);
if (run_git_checkout(opts, onto_hex, verbose, action)) {
...
to ensure that it keeps the promise its name gives.
I can hear "Oh, but it is a bug in the caller to give anything that
won't result in detaching in 'onto'" but that is not a valid excuse,
given that this _public_ function is called "detach_onto". Making
sure detachment happens is its responsibility, not its callers'.
Or we could do a cop-out alternative of commenting the function in *.h
file to say "onto must be given as 40-hex", with a code to make sure
the caller really gave us a 40-hex and not a branch name. That is a
less ideal but probably acceptable alternative.
> static const char rescheduled_advice[] =
> N_("Could not execute the todo command\n"
> "\n"
> diff --git a/sequencer.h b/sequencer.h
> index 35730b13e..9f0ac5e75 100644
> --- a/sequencer.h
> +++ b/sequencer.h
> @@ -100,6 +100,10 @@ int update_head_with_reflog(const struct commit *old_head,
> void commit_post_rewrite(const struct commit *current_head,
> const struct object_id *new_head);
>
> +int detach_onto(struct replay_opts *opts,
> + const char *onto_name, const char *onto,
> + const char *orig_head, unsigned verbose);
> +
> #define SUMMARY_INITIAL_COMMIT (1 << 0)
> #define SUMMARY_SHOW_AUTHOR_DATE (1 << 1)
> void print_commit_summary(const char *prefix, const struct object_id *oid,
