Changes since v1 (thanks to Jonathan Tan for the careful reviews!) * Clear o->pl when freeing pl, to avoid risking use-after-free. * Initialize o->result in update_sparsity() since it is actually used (by check_ok_to_remove()). Some time ago, I noticed that struct dir_struct and struct unpack_trees_options both have numerous fields meant for internal use only, most of which are not marked as such. This has resulted in callers accidentally trying to initialize some of these fields, and in at least one case required a fair amount of review to verify other changes were okay -- review that would have been simplified with the apriori knowledge that a combination of multiple fields were internal-only[1]. Looking closer, I found that only 6 out of 18 fields in dir_struct were actually meant to be public[2], and noted that unpack_trees_options also had 11 internal-only fields (out of 36). This patch is primarily about moving internal-only fields within these two structs into an embedded internal struct. Patch breakdown: * Patches 1-3: Restructuring dir_struct * Patch 1: Splitting off internal-use-only fields * Patch 2: Add important usage note to avoid accidentally using deprecated API * Patch 3: Mark output-only fields as such * Patches 4-11: Restructuring unpack_trees_options * Patches 4-6: Preparatory cleanup * Patches 7-10: Splitting off internal-use-only fields * Patch 11: Mark output-only field as such To make the benefit more clear, here are compressed versions of dir_struct both before and after the changes. First, before: struct dir_struct { int nr; int alloc; int ignored_nr; int ignored_alloc; enum [...] flags; struct dir_entry **entries; struct dir_entry **ignored; const char *exclude_per_dir; #define EXC_CMDL 0 #define EXC_DIRS 1 #define EXC_FILE 2 struct exclude_list_group exclude_list_group[3]; struct exclude_stack *exclude_stack; struct path_pattern *pattern; struct strbuf basebuf; struct untracked_cache *untracked; struct oid_stat ss_info_exclude; struct oid_stat ss_excludes_file; unsigned unmanaged_exclude_files; unsigned visited_paths; unsigned visited_directories; }; And after the changes: struct dir_struct { enum [...] flags; int nr; /* output only */ int ignored_nr; /* output only */ struct dir_entry **entries; /* output only */ struct dir_entry **ignored; /* output only */ struct untracked_cache *untracked; const char *exclude_per_dir; /* deprecated */ struct dir_struct_internal { int alloc; int ignored_alloc; #define EXC_CMDL 0 #define EXC_DIRS 1 #define EXC_FILE 2 struct exclude_list_group exclude_list_group[3]; struct exclude_stack *exclude_stack; struct path_pattern *pattern; struct strbuf basebuf; struct oid_stat ss_info_exclude; struct oid_stat ss_excludes_file; unsigned unmanaged_exclude_files; unsigned visited_paths; unsigned visited_directories; } internal; }; The former version has 18 fields (and 3 magic constants) which API users will have to figure out. The latter makes it clear there are only at most 2 fields you should be setting upon input, and at most 4 which you read at output, and the rest (including all the magic constants) you can ignore. [0] Search for "Extremely yes" in https://lore.kernel.org/git/CAJoAoZm+TkCL0Jpg_qFgKottxbtiG2QOiY0qGrz3-uQy+=waPg@xxxxxxxxxxxxxx/ [1] https://lore.kernel.org/git/CABPp-BFSFN3WM6q7KzkD5mhrwsz--St_-ej5LbaY8Yr2sZzj=w@xxxxxxxxxxxxxx/ [2] https://lore.kernel.org/git/CABPp-BHgot=CPNyK_xNfog_SqsNPNoCGfiSb-gZoS2sn_741dQ@xxxxxxxxxxxxxx/ Elijah Newren (11): dir: separate public from internal portion of dir_struct dir: add a usage note to exclude_per_dir dir: mark output only fields of dir_struct as such unpack-trees: clean up some flow control sparse-checkout: avoid using internal API of unpack-trees sparse-checkout: avoid using internal API of unpack-trees, take 2 unpack_trees: start splitting internal fields from public API unpack-trees: mark fields only used internally as internal unpack-trees: rewrap a few overlong lines from previous patch unpack-trees: special case read-tree debugging as internal usage unpack-trees: add usage notices around df_conflict_entry builtin/read-tree.c | 10 +- builtin/sparse-checkout.c | 4 +- dir.c | 114 +++++++++--------- dir.h | 110 +++++++++-------- unpack-trees.c | 247 ++++++++++++++++++++------------------ unpack-trees.h | 42 ++++--- 6 files changed, 277 insertions(+), 250 deletions(-) base-commit: 06dd2baa8da4a73421b959ec026a43711b9d77f9 Published-As: https://github.com/gitgitgadget/git/releases/tag/pr-1149%2Fnewren%2Fclarify-api-v2 Fetch-It-Via: git fetch https://github.com/gitgitgadget/git pr-1149/newren/clarify-api-v2 Pull-Request: https://github.com/gitgitgadget/git/pull/1149 Range-diff vs v1: 1: 7f59ad548d0 = 1: 7f59ad548d0 dir: separate public from internal portion of dir_struct 2: 239b10e1181 = 2: 239b10e1181 dir: add a usage note to exclude_per_dir 3: b8aa14350d3 = 3: b8aa14350d3 dir: mark output only fields of dir_struct as such 4: f5a58123034 = 4: f5a58123034 unpack-trees: clean up some flow control 5: 508837fc182 ! 5: 975dec0f0eb sparse-checkout: avoid using internal API of unpack-trees @@ unpack-trees.c: enum update_sparsity_result update_sparsity(struct unpack_trees_ + if (free_pattern_list) { + clear_pattern_list(pl); + free(pl); ++ o->pl = NULL; + } trace_performance_leave("update_sparsity"); return ret; 6: 8955b45e354 ! 6: 429f195dcfe sparse-checkout: avoid using internal API of unpack-trees, take 2 @@ Commit message Commit 2f6b1eb794 ("cache API: add a "INDEX_STATE_INIT" macro/function, add release_index()", 2023-01-12) mistakenly added some initialization of a member of unpack_trees_options that was intended to be - internal-only. Further, it served no purpose as it simply duplicated - the initialization that unpack-trees.c code was already doing. + internal-only. This initialization should be done within + update_sparsity() instead. + + Note that while o->result is mostly meant for unpack_trees() and + update_sparsity() mostly operates without o->result, + check_ok_to_remove() does consult it so we need to ensure it is properly + initialized. Signed-off-by: Elijah Newren <newren@xxxxxxxxx> @@ builtin/sparse-checkout.c: static int update_working_directory(struct pattern_li o.skip_sparse_checkout = 0; setup_work_tree(); + + ## unpack-trees.c ## +@@ unpack-trees.c: enum update_sparsity_result update_sparsity(struct unpack_trees_options *o, + + old_show_all_errors = o->show_all_errors; + o->show_all_errors = 1; ++ index_state_init(&o->result, o->src_index->repo); + + /* Sanity checks */ + if (!o->update || o->index_only || o->skip_sparse_checkout) 7: 63ee57478ed ! 7: 993da584dbb unpack_trees: start splitting internal fields from public API @@ unpack-trees.c: enum update_sparsity_result update_sparsity(struct unpack_trees_ CE_NEW_SKIP_WORKTREE, o->verbose_update); /* Then loop over entries and update/remove as needed */ +@@ unpack-trees.c: enum update_sparsity_result update_sparsity(struct unpack_trees_options *o, + if (free_pattern_list) { + clear_pattern_list(pl); + free(pl); +- o->pl = NULL; ++ o->internal.pl = NULL; + } + trace_performance_leave("update_sparsity"); + return ret; @@ unpack-trees.c: static int verify_clean_subdirectory(const struct cache_entry *ce, pathbuf = xstrfmt("%.*s/", namelen, ce->name); 8: 081578b3210 ! 8: 8ecb24a45f0 unpack-trees: mark fields only used internally as internal @@ unpack-trees.c: enum update_sparsity_result update_sparsity(struct unpack_trees_ - old_show_all_errors = o->show_all_errors; - o->show_all_errors = 1; +- index_state_init(&o->result, o->src_index->repo); + old_show_all_errors = o->internal.show_all_errors; + o->internal.show_all_errors = 1; ++ index_state_init(&o->internal.result, o->src_index->repo); /* Sanity checks */ if (!o->update || o->index_only || o->skip_sparse_checkout) 9: f492ab27b19 = 9: 36ca49c3624 unpack-trees: rewrap a few overlong lines from previous patch 10: a5048ea00b2 = 10: 5af04d7fe23 unpack-trees: special case read-tree debugging as internal usage 11: efec74c8b49 = 11: c4f31237634 unpack-trees: add usage notices around df_conflict_entry -- gitgitgadget