Ævar Arnfjörð Bjarmason <avarab@xxxxxxxxx> writes:
> Change code downstream of module_update() to short-circuit and return
> to the top-level on failure, rather than calling exit().
>
> To do so we need to diligently check whether we "must_die_on_failure",
> which is a pattern started in c51f8f94e5b (submodule--helper: run
> update procedures from C, 2021-08-24), but which hadn't been completed
> to the point where we could avoid calling exit() here.
>
> This introduces no functional changes, but makes it easier to both
> call these routines as a library in the future, and to avoid leaking
> memory.
>
> Signed-off-by: Ævar Arnfjörð Bjarmason <avarab@xxxxxxxxx>
> ---
> builtin/submodule--helper.c | 36 ++++++++++++++++++++++++++----------
> 1 file changed, 26 insertions(+), 10 deletions(-)
>
> diff --git a/builtin/submodule--helper.c b/builtin/submodule--helper.c
> index 790f0ccb82e..b65665105e7 100644
> --- a/builtin/submodule--helper.c
> +++ b/builtin/submodule--helper.c
> @@ -2283,7 +2283,8 @@ static int fetch_in_submodule(const char *module_path, int depth, int quiet, str
> return run_command(&cp);
> }
>
> -static int run_update_command(struct update_data *ud, int subforce)
> +static int run_update_command(struct update_data *ud, int subforce,
> + int *must_die_on_failurep)
It's not obvious in the context lines, but there is an auto variable
named "must_die_on_failure", so we need the "p".
> {
> struct child_process cp = CHILD_PROCESS_INIT;
> char *oid = oid_to_hex(&ud->oid);
> @@ -2345,8 +2346,10 @@ static int run_update_command(struct update_data *ud, int subforce)
> BUG("unexpected update strategy type: %s",
> submodule_strategy_to_string(&ud->update_strategy));
> }
> - if (must_die_on_failure)
> - exit(128);
> + if (must_die_on_failure) {
> + *must_die_on_failurep = 1;
> + return 128;
> + }
[...]
>
> /* the command failed, but update must continue */
> return 1;
> @@ -2380,7 +2383,8 @@ static int run_update_command(struct update_data *ud, int subforce)
> return 0;
> }
>
> -static int run_update_procedure(struct update_data *ud)
> +static int run_update_procedure(struct update_data *ud,
> + int *must_die_on_failure)
> {
> int subforce = is_null_oid(&ud->suboid) || ud->force;
>
> @@ -2407,7 +2411,7 @@ static int run_update_procedure(struct update_data *ud)
> ud->displaypath, oid_to_hex(&ud->oid));
> }
>
> - return run_update_command(ud, subforce);
> + return run_update_command(ud, subforce, must_die_on_failure);
> }
>
> static const char *remote_submodule_branch(const char *path)
> @@ -2543,7 +2547,8 @@ static void update_data_to_args(struct update_data *update_data, struct strvec *
> "--no-single-branch");
> }
>
> -static int update_submodule(struct update_data *update_data)
> +static int update_submodule(struct update_data *update_data,
> + int *must_die_on_failure)
> {
> int ret = 1;
>
> @@ -2584,8 +2589,13 @@ static int update_submodule(struct update_data *update_data)
> }
>
> if (!oideq(&update_data->oid, &update_data->suboid) || update_data->force) {
> - if (run_update_procedure(update_data))
> + ret = run_update_procedure(update_data, must_die_on_failure);
> + if (ret && *must_die_on_failure) {
> + goto cleanup;
> + } else if (ret) {
> + ret = 1;
> goto cleanup;
> + }
> }
>
> if (update_data->recursive) {
> @@ -2608,7 +2618,8 @@ static int update_submodule(struct update_data *update_data)
> die_message(_("Failed to recurse into submodule path '%s'"),
> update_data->displaypath);
> if (ret == 128) {
> - exit(ret);
> + *must_die_on_failure = 1;
> + goto cleanup;
One important property in the preimage is that there's an obvious
connection between the exit(128) and this section here, i.e. the child
"git submodule update" process failed in a way that the parent needs to
stop immediately.
With this patch, this property is no longer obvious because we return
128 from the lowest level (run_update_command()). By the time we reach
the top level (module_update()), it's no longer clear that the return
value was meant to be 128.
Two ways we can fix this:
1) Just return 128 at all levels to mean "must die on failure", which
will let us get rid of "must_die_on_failure".
or...
> } else if (ret) {
> ret = 1;
> goto cleanup;
> @@ -2646,13 +2657,18 @@ static int update_submodules(struct update_data *update_data)
>
> for (i = 0; i < suc.update_clone_nr; i++) {
> struct update_clone_data ucd = suc.update_clone[i];
> + int code;
> + int must_die_on_failure = 0;
>
> oidcpy(&update_data->oid, &ucd.oid);
> update_data->just_cloned = ucd.just_cloned;
> update_data->sm_path = ucd.sub->path;
>
> - if (update_submodule(update_data))
> - res = 1;
> + code = update_submodule(update_data, &must_die_on_failure);
> + if (code)
> + res = code;
> + if (must_die_on_failure)
> + goto cleanup;
> }
2) In update_submodules() (i.e. just before module_update()), we make
update_submodules() return 128 if must_die_on_failure != 0. Then we
can drop the return value of 128 from the rest of the call chain and
just use an opaque nonzero return value instead.
>
> cleanup:
> --
> 2.37.1.1095.g0bd6f54ba8a
