On 2/20/2018 4:42 PM, Junio C Hamano wrote:
Derrick Stolee <sto...@gmail.com> writes:
+2. Walking the entire graph to avoid topological order mistakes.
You have at least one more mention of "topological order mistakes"
below, but we commonly refer to this issue and blame it for "clock
skew". Using the word highlights that there is no "mistake" in topo
order algorithm and mistakes are in the commit timestamps.
I'll drop the word "mistakes" and instead here say:
2. Walking the entire graph to satisfy topological order constraints.
and later say
This heuristic is currently used whenever the computation is allowed to
violate topological relationships due to clock skew (such as "git log"
with default order), but is not used when the topological order is
required (such as merge base calculations, "git log --graph").
+In practice, we expect some commits to be created recently and not stored
+in the commit graph. We can treat these commits as having "infinite"
+generation number and walk until reaching commits with known generation
Hmm, "pretend infinity" is an interesting approach---I need to think
about it a bit more if it is sufficient.
Since we require the commit graph file to be closed under reachability,
the commits reachable from the file all have "finite" generation number.
+- .graph files are managed only by the 'commit-graph' builtin. These are not
+ updated automatically during clone, fetch, repack, or creating new commits.
OK. s/builtin/subcommand/; it does not make much difference if it
is a built-in or standalone command.
+- There is no 'verify' subcommand for the 'commit-graph' builtin to verify
+ the contents of the graph file agree with the contents in the ODB.
I am not entirely sure about the merit of going into this level of
detail. Being able to use only a single file looks like a more
fundamental design limitation, which deserves to be decribed in this
section, and we could ship the subsystem with that limitation.
But the lack of verify that can be called from fsck is merely the
matter of not the subsystem being mature enough (to be written,
reviewed and tested) and not a fundamental one, and we will not be
shipping the subsystem until that limitation is lifted.
So I'd guess that we prefer this bullet item to be in the commit log
message, not here, that describes the current status of the
development (as opposed to the state of the subsystem).
I was treating this design document as a living document that will be
updated as the feature matures. It is difficult to time when to discuss
these limitations, since in this commit the graph feature is not
implemented at all. But, it is important to have _some_ design document
before continuing to implement the feature.
I can remove this bullet, but I'm not sure which commit message would be
appropriate to contain that information.
I do intend to remove these limitations and future work bullets as they
are implemented in later patches.
+- Generation numbers are not computed in the current version. The file
+ format supports storing them, along with a mechanism to upgrade from
+ a file without generation numbers to one that uses them.
Exactly the same comment as above applies to this item.
+- The commit graph is currently incompatible with commit grafts. This can be
+ remedied by duplicating or refactoring the current graft logic.
Hmm. Can it be lifted without first allowing us to use more than
one commit graph file (i.e. one for "traverse while honoring the
grafts", the other for "traverse while ignoring the grafts")?
I consider this list unordered, but will move this bullet to the top and
replace its first sentence with:
The commit graph feature currently does not honor commit grafts.
+- After computing and storing generation numbers, we must make graph
+ walks aware of generation numbers to gain the performance benefits they
+ enable. This will mostly be accomplished by swapping a commit-date-ordered
+ priority queue with one ordered by generation number. The following
+ operations are important candidates:
+ - paint_down_to_common()
+ - 'log --topo-order'
+- The graph currently only adds commits to a previously existing graph.
+ When writing a new graph, we could check that the ODB still contains
+ the commits and choose to remove the commits that are deleted from the
+ ODB. For performance reasons, this check should remain optional.
The last sentence is somehow unconvincing. It probably is not
appropriate for the "Future Work" section to be making a hurried
design decision before having any working verification code to run
I'll remove this entire block, since it is not relevant starting at v4.
I dropped this "additive only" step in v4 and forgot to remove the bullet.
+- Currently, parse_commit_gently() requires filling in the root tree
+ object for a commit. This passes through lookup_tree() and consequently
+ lookup_object(). Also, it calls lookup_commit() when loading the parents.
+ These method calls check the ODB for object existence, even if the
+ consumer does not need the content. For example, we do not need the
+ tree contents when computing merge bases. Now that commit parsing is
+ removed from the computation time, these lookup operations are the
+ slowest operations keeping graph walks from being fast. Consider
+ loading these objects without verifying their existence in the ODB and
+ only loading them fully when consumers need them. Consider a method
+ such as "ensure_tree_loaded(commit)" that fully loads a tree before
+ using commit->tree.
Very good idea.
I will likely submit an orthogonal patch that does this, as it will save
time even without the commit graph. The time spent in 'lookup_tree()' is
less significant when the majority of the time is spent parsing commits,
but it is still 1-2% in some cases.
+- The current design uses the 'commit-graph' builtin to generate the graph.
+ When this feature stabilizes enough to recommend to most users, we should
+ add automatic graph writes to common operations that create many commits.
+ For example, one coulde compute a graph on 'clone', 'fetch', or 'repack'
Also do not forget "fsck" that calls "verify". That is more urgent
than intergration with any other subcommand.
+- A server could provide a commit graph file as part of the network protocol
+ to avoid extra calculations by clients.
We need to assess the riskiness and threat models regarding this, if
we really want to follow this "could" through. I would imagine that
the cost for verification is comparable to the cost for regenerating,
in which case it may not be worth doing this _unless_ the user opts
into it saying that the other side over the wire is trusted without
I agree. There is a certain level of trust that is required here.