On Thu, Jul 19, 2018 at 07:31:35PM +0200, Duy Nguyen wrote:
> On Thu, Jul 19, 2018 at 01:23:58PM -0400, Jeff King wrote:
> > On Thu, Jul 19, 2018 at 09:42:00AM -0700, Elijah Newren wrote:
> >
> > > Thanks for the quick turnaround. Unfortunately, I have some bad news.
> > > With this patch, I get the following:
> > >
> > > $ /usr/bin/time -f 'MaxRSS:%M Time:%e' git gc --aggressive
> > > Enumerating objects: 4460703, done.
> > > Counting objects: 100% (4460703/4460703), done.
> > > Delta compression using up to 40 threads.
> > > Compressing objects: 100% (3807140/3807140), done.
> > > Writing objects: 100% (4460703/4460703), done.
> > > Total 4460703 (delta 2831383), reused 1587071 (delta 0)
> > > error: failed to unpack compressed delta at offset 183854150 from
> > > .git/objects/pack/pack-30d4f0b0e5a03dc91a658a0586f4e74cdf4a94d6.pack
> > > fatal: packed object 20ce811e53dabbb8ef9368c108cbbdfa65639c03 (stored
> > > in .git/objects/pack/pack-30d4f0b0e5a03dc91a658a0586f4e74cdf4a94d6.pack)
> > > is corrupt
> > > error: failed to run prune
> > > MaxRSS:40025196 Time:2531.52
> >
> > Looking at that output, my _guess_ is that we somehow end up with a
> > bogus delta_size value and write out a truncated entry. But I couldn't
> > reproduce the issue with smaller test cases.
>
> Could it be a race condition?
I'm convinced my code is racy (between two writes). I created a broken
pack once with 32 threads. Elijah please try again with this new
patch. It should fix this (I only tried repack a few times so far but
will continue)
The race is this
1. Thread one sees a large delta size and NULL delta_size[] array,
allocates the new array and in the middle of copying old delta
sizes over.
2. Thread two wants to write a new (large) delta size. It sees that
delta_size[] is already allocated, it writes the correct size there
(and truncated one in object_entry->delta_size_)
3. Back to thread one, it now copies the truncated value in
delta_size_ from step 2 to delta_size[] array, overwriting the good
value that thread two wrote.
There is also a potential read/write race where a read from
pack_size[] happens when the array is not ready. But I don't think it
can happen with current try_delta() code. I protect it anyway to be
safe.
-- 8< --
diff --git a/builtin/pack-objects.c b/builtin/pack-objects.c
index ebc8cefb53..d67997f11c 100644
--- a/builtin/pack-objects.c
+++ b/builtin/pack-objects.c
@@ -32,6 +32,12 @@
#include "object-store.h"
#include "dir.h"
+static unsigned long oe_delta_size(struct packing_data *pack,
+ const struct object_entry *e);
+static void oe_set_delta_size(struct packing_data *pack,
+ struct object_entry *e,
+ unsigned long size);
+
#define IN_PACK(obj) oe_in_pack(&to_pack, obj)
#define SIZE(obj) oe_size(&to_pack, obj)
#define SET_SIZE(obj,size) oe_set_size(&to_pack, obj, size)
@@ -1915,6 +1921,51 @@ unsigned long oe_get_size_slow(struct packing_data *pack,
return size;
}
+static unsigned long oe_delta_size(struct packing_data *pack,
+ const struct object_entry *e)
+{
+ unsigned long size;
+
+ read_lock(); /* to protect access to pack->delta_size[] */
+ if (pack->delta_size)
+ size = pack->delta_size[e - pack->objects];
+ else
+ size = e->delta_size_;
+ read_unlock();
+ return size;
+}
+
+static void oe_set_delta_size(struct packing_data *pack,
+ struct object_entry *e,
+ unsigned long size)
+{
+ read_lock(); /* to protect access to pack->delta_size[] */
+ if (!pack->delta_size && size < pack->oe_delta_size_limit) {
+ e->delta_size_ = size;
+ read_unlock();
+ return;
+ }
+ /*
+ * We have had at least one delta size exceeding OE_DELTA_SIZE_BITS
+ * limit. delta_size_ will not be used anymore. All delta sizes are now
+ * from the delta_size[] array.
+ */
+ if (!pack->delta_size) {
+ uint32_t i;
+
+ /*
+ * nr_alloc, not nr_objects to align with realloc() strategy in
+ * packlist_alloc()
+ */
+ ALLOC_ARRAY(pack->delta_size, pack->nr_alloc);
+
+ for (i = 0; i < pack->nr_objects; i++)
+ pack->delta_size[i] = pack->objects[i].delta_size_;
+ }
+ pack->delta_size[e - pack->objects] = size;
+ read_unlock();
+}
+
static int try_delta(struct unpacked *trg, struct unpacked *src,
unsigned max_depth, unsigned long *mem_usage)
{
@@ -2023,10 +2074,6 @@ static int try_delta(struct unpacked *trg, struct unpacked *src,
delta_buf = create_delta(src->index, trg->data, trg_size, &delta_size, max_size);
if (!delta_buf)
return 0;
- if (delta_size >= (1U << OE_DELTA_SIZE_BITS)) {
- free(delta_buf);
- return 0;
- }
if (DELTA(trg_entry)) {
/* Prefer only shallower same-sized deltas. */
diff --git a/ci/run-build-and-tests.sh b/ci/run-build-and-tests.sh
index 4b04c75b7f..2a5bff4a1c 100755
--- a/ci/run-build-and-tests.sh
+++ b/ci/run-build-and-tests.sh
@@ -14,6 +14,7 @@ then
export GIT_TEST_SPLIT_INDEX=yes
export GIT_TEST_FULL_IN_PACK_ARRAY=true
export GIT_TEST_OE_SIZE=10
+ export GIT_TEST_OE_DELTA_SIZE=5
make --quiet test
fi
diff --git a/pack-objects.c b/pack-objects.c
index 92708522e7..e3c32bbfc2 100644
--- a/pack-objects.c
+++ b/pack-objects.c
@@ -146,6 +146,8 @@ void prepare_packing_data(struct packing_data *pdata)
pdata->oe_size_limit = git_env_ulong("GIT_TEST_OE_SIZE",
1U << OE_SIZE_BITS);
+ pdata->oe_delta_size_limit = git_env_ulong("GIT_TEST_OE_DELTA_SIZE",
+ 1U << OE_DELTA_SIZE_BITS);
}
struct object_entry *packlist_alloc(struct packing_data *pdata,
@@ -160,6 +162,8 @@ struct object_entry *packlist_alloc(struct packing_data *pdata,
if (!pdata->in_pack_by_idx)
REALLOC_ARRAY(pdata->in_pack, pdata->nr_alloc);
+ if (pdata->delta_size)
+ REALLOC_ARRAY(pdata->delta_size, pdata->nr_alloc);
}
new_entry = pdata->objects + pdata->nr_objects++;
diff --git a/pack-objects.h b/pack-objects.h
index edf74dabdd..7477c7b919 100644
--- a/pack-objects.h
+++ b/pack-objects.h
@@ -14,7 +14,7 @@
* above this limit. Don't lower it too much.
*/
#define OE_SIZE_BITS 31
-#define OE_DELTA_SIZE_BITS 20
+#define OE_DELTA_SIZE_BITS 20
/*
* State flags for depth-first search used for analyzing delta cycles.
@@ -93,12 +93,12 @@ struct object_entry {
* uses the same base as me
*/
unsigned delta_size_:OE_DELTA_SIZE_BITS; /* delta data size (uncompressed) */
- unsigned delta_size_valid:1;
+ unsigned char in_pack_header_size;
unsigned in_pack_idx:OE_IN_PACK_BITS; /* already in pack */
unsigned z_delta_size:OE_Z_DELTA_BITS;
unsigned type_valid:1;
- unsigned type_:TYPE_BITS;
unsigned no_try_delta:1;
+ unsigned type_:TYPE_BITS;
unsigned in_pack_type:TYPE_BITS; /* could be delta */
unsigned preferred_base:1; /*
* we do not pack this, but is available
@@ -108,17 +108,16 @@ struct object_entry {
unsigned tagged:1; /* near the very tip of refs */
unsigned filled:1; /* assigned write-order */
unsigned dfs_state:OE_DFS_STATE_BITS;
- unsigned char in_pack_header_size;
unsigned depth:OE_DEPTH_BITS;
/*
* pahole results on 64-bit linux (gcc and clang)
*
- * size: 80, bit_padding: 20 bits, holes: 8 bits
+ * size: 80, bit_padding: 9 bits
*
* and on 32-bit (gcc)
*
- * size: 76, bit_padding: 20 bits, holes: 8 bits
+ * size: 76, bit_padding: 9 bits
*/
};
@@ -130,6 +129,7 @@ struct packing_data {
uint32_t index_size;
unsigned int *in_pack_pos;
+ uint32_t *delta_size;
/*
* Only one of these can be non-NULL and they have different
@@ -141,6 +141,7 @@ struct packing_data {
struct packed_git **in_pack;
uintmax_t oe_size_limit;
+ uintmax_t oe_delta_size_limit;
};
void prepare_packing_data(struct packing_data *pdata);
@@ -327,23 +328,4 @@ static inline void oe_set_size(struct packing_data *pack,
}
}
-static inline unsigned long oe_delta_size(struct packing_data *pack,
- const struct object_entry *e)
-{
- if (e->delta_size_valid)
- return e->delta_size_;
- return oe_size(pack, e);
-}
-
-static inline void oe_set_delta_size(struct packing_data *pack,
- struct object_entry *e,
- unsigned long size)
-{
- e->delta_size_ = size;
- e->delta_size_valid = e->delta_size_ == size;
- if (!e->delta_size_valid && size != oe_size(pack, e))
- BUG("this can only happen in check_object() "
- "where delta size is the same as entry size");
-}
-
#endif
diff --git a/t/README b/t/README
index 8373a27fea..9028b47d92 100644
--- a/t/README
+++ b/t/README
@@ -315,6 +315,10 @@ packs on demand. This normally only happens when the object size is
over 2GB. This variable forces the code path on any object larger than
<n> bytes.
+GIT_TEST_OE_DELTA_SIZE=<n> exercises the uncomon pack-objects code
+path where deltas larger than this limit require extra memory
+allocation for bookkeeping.
+
Naming Tests
------------
-- 8< --
--
Duy
