From: Jeff King <peff@peff.net>
To: "Martin Ågren" <martin.agren@gmail.com>
Cc: "Git Mailing List" <git@vger.kernel.org>,
"Ævar Arnfjörð Bjarmason" <avarab@gmail.com>
Subject: Re: [PATCH 7/9] ls-refs: ignore very long ref-prefix counts
Date: Tue, 14 Sep 2021 15:22:12 -0400 [thread overview]
Message-ID: <YUD2ZEqKSU/pMzws@coredump.intra.peff.net> (raw)
In-Reply-To: <CAN0heSp9RdFwSo+x5buHSCAOa0Kay7Wcs1tNKTDXWmkCM8Latw@mail.gmail.com>
On Tue, Sep 14, 2021 at 09:06:55PM +0200, Martin Ågren wrote:
> > But we can do better. Since supporting the ref-prefix capability is
> > optional anyway, the client has to further cull the response based on
> > their own patterns. So we can simply ignore the patterns once we cross a
> > certain threshold. Note that we have to ignore _all_ patterns, not just
> > the ones past our limit (since otherwise we'd send too little data).
>
> This all makes sense to me. At some point, we should be able to go "I
> don't know what you're trying to do, but let me just ignore all this
> craziness and instead try to give you a useful result sooner rather than
> later".
>
> I do wonder if we should document that the client can't trust us to
> actually do all this culling. In general, I find that it's a matter of
> hygiene for the client to do its own checks, but with this change they
> actually *need* to do them. (Unless they know our limit and that they're
> on the right side of it, but that kind of magic is even less hygienic.)
Perhaps we could say so more explicitly in the v2 protocol spec. I'll
take a look.
> > + else if (skip_prefix(arg, "ref-prefix ", &out)) {
> > + if (too_many_prefixes) {
> > + /* ignore any further ones */
> > + } else if (data.prefixes.nr >= MAX_ALLOWED_PREFIXES) {
> > + strvec_clear(&data.prefixes);
> > + too_many_prefixes = 1;
> > + } else {
> > + strvec_push(&data.prefixes, out);
> > + }
> > + }
>
> Is it easier to reason about with something like this
> (whitespace-damaged) on top?
You're the second person to complain about this if-else chain. I'll take
the hint. ;)
> diff --git a/ls-refs.c b/ls-refs.c
> index 839fb0caa9..b3101ff361 100644
> --- a/ls-refs.c
> +++ b/ls-refs.c
> @@ -147,7 +147,6 @@ static int ls_refs_config(const char *var, const
> char *value, void *data)
> int ls_refs(struct repository *r, struct packet_reader *request)
> {
> struct ls_refs_data data;
> - int too_many_prefixes = 0;
>
> memset(&data, 0, sizeof(data));
> strvec_init(&data.prefixes);
> @@ -164,14 +163,8 @@ int ls_refs(struct repository *r, struct
> packet_reader *request)
> else if (!strcmp("symrefs", arg))
> data.symrefs = 1;
> else if (skip_prefix(arg, "ref-prefix ", &out)) {
> - if (too_many_prefixes) {
> - /* ignore any further ones */
> - } else if (data.prefixes.nr >= MAX_ALLOWED_PREFIXES) {
> - strvec_clear(&data.prefixes);
> - too_many_prefixes = 1;
> - } else {
> + if (data.prefixes.nr <= MAX_ALLOWED_PREFIXES)
> strvec_push(&data.prefixes, out);
> - }
> }
Hmm. At first I liked this, because it reduces the number of cases (and
variables!). But there's something really subtle going on here. I
thought at first it should be "<", but you are intentionally
over-allocating by one entry to indicate the overflow. I.e., you've
essentially stuffed the too_many_prefixes boolean into the count.
> @@ -180,6 +173,9 @@ int ls_refs(struct repository *r, struct
> packet_reader *request)
> if (request->status != PACKET_READ_FLUSH)
> die(_("expected flush after ls-refs arguments"));
>
> + if (data.prefixes.nr > MAX_ALLOWED_PREFIXES)
> + strvec_clear(&data.prefixes);
> +
This is far from the parser, but I think that's OK. I'd probably couple
it with a comment explaining why we need to clear rather than using what
we got.
> Maybe even name the macro TOO_MANY_PREFIXES (and bump it by one)
> to make the logic instead be
>
> if (data.prefixes.nr < TOO_MANY_PREFIXES)
> strvec_push(&data.prefixes, out);
> ...
> if (data.prefixes.nr >= TOO_MANY_PREFIXES)
> strvec_clear(&data.prefixes);
At first I thought this was just being cute, but it's an attempt to
compensate for the off-by-one subtlety in the early check. I'll give it
some thought. I kind of like it, but the fact that it took me a minute
or three to be sure the code is correct makes me worried it's being too
clever.
-Peff
next prev parent reply other threads:[~2021-09-14 19:22 UTC|newest]
Thread overview: 77+ messages / expand[flat|nested] mbox.gz Atom feed top
2021-09-14 15:29 [PATCH 0/9] reducing memory allocations for v2 servers Jeff King
2021-09-14 15:30 ` [PATCH 1/9] serve: rename is_command() to parse_command() Jeff King
2021-09-14 15:30 ` [PATCH 2/9] serve: return capability "value" from get_capability() Jeff King
2021-09-14 15:31 ` [PATCH 3/9] serve: add "receive" method for v2 capabilities table Jeff King
2021-09-14 15:31 ` [PATCH 4/9] serve: provide "receive" function for object-format capability Jeff King
2021-09-14 18:59 ` Martin Ågren
2021-09-14 15:33 ` [PATCH 5/9] serve: provide "receive" function for session-id capability Jeff King
2021-09-14 16:55 ` Taylor Blau
2021-09-14 17:06 ` Jeff King
2021-09-14 17:12 ` Taylor Blau
2021-09-14 19:02 ` Martin Ågren
2021-09-14 19:14 ` Jeff King
2021-09-14 15:33 ` [PATCH 6/9] serve: drop "keys" strvec Jeff King
2021-09-14 16:59 ` Taylor Blau
2021-09-14 17:16 ` Jeff King
2021-09-14 15:37 ` [PATCH 7/9] ls-refs: ignore very long ref-prefix counts Jeff King
2021-09-14 17:18 ` Taylor Blau
2021-09-14 17:27 ` Jeff King
2021-09-14 17:23 ` Jeff King
2021-09-14 19:06 ` Martin Ågren
2021-09-14 19:22 ` Jeff King [this message]
2021-09-14 22:09 ` Jeff King
2021-09-14 22:11 ` Taylor Blau
2021-09-14 22:15 ` Jeff King
2021-09-14 15:37 ` [PATCH 8/9] serve: reject bogus v2 "command=ls-refs=foo" Jeff King
2021-09-14 17:21 ` Taylor Blau
2021-09-14 15:37 ` [PATCH 9/9] serve: reject commands used as capabilities Jeff King
2021-09-14 17:30 ` [PATCH 0/9] reducing memory allocations for v2 servers Taylor Blau
2021-09-14 18:00 ` Junio C Hamano
2021-09-14 18:38 ` Jeff King
2021-09-14 23:51 ` [PATCH v2 0/11] limit " Jeff King
2021-09-14 23:51 ` [PATCH v2 01/11] serve: rename is_command() to parse_command() Jeff King
2021-09-14 23:51 ` [PATCH v2 02/11] serve: return capability "value" from get_capability() Jeff King
2021-09-14 23:51 ` [PATCH v2 03/11] serve: add "receive" method for v2 capabilities table Jeff King
2021-09-15 0:31 ` Ævar Arnfjörð Bjarmason
2021-09-15 16:35 ` Jeff King
2021-09-15 16:41 ` Junio C Hamano
2021-09-15 16:57 ` Jeff King
2021-09-14 23:51 ` [PATCH v2 04/11] serve: provide "receive" function for object-format capability Jeff King
2021-09-15 16:54 ` Junio C Hamano
2021-09-14 23:51 ` [PATCH v2 05/11] serve: provide "receive" function for session-id capability Jeff King
2021-09-15 16:56 ` Junio C Hamano
2021-09-14 23:51 ` [PATCH v2 06/11] serve: drop "keys" strvec Jeff King
2021-09-15 17:01 ` Junio C Hamano
2021-09-14 23:51 ` [PATCH v2 07/11] ls-refs: ignore very long ref-prefix counts Jeff King
2021-09-15 4:16 ` Taylor Blau
2021-09-15 16:39 ` Jeff King
2021-09-15 5:00 ` Eric Sunshine
2021-09-15 16:40 ` Jeff King
2021-09-14 23:52 ` [PATCH v2 08/11] docs/protocol-v2: clarify some ls-refs ref-prefix details Jeff King
2021-09-14 23:52 ` [PATCH v2 09/11] serve: reject bogus v2 "command=ls-refs=foo" Jeff King
2021-09-15 0:27 ` Ævar Arnfjörð Bjarmason
2021-09-15 16:28 ` Jeff King
2021-09-15 5:09 ` Eric Sunshine
2021-09-15 16:32 ` Jeff King
2021-09-15 17:33 ` Junio C Hamano
2021-09-15 17:39 ` Jeff King
2021-09-14 23:52 ` [PATCH v2 10/11] serve: reject commands used as capabilities Jeff King
2021-09-14 23:54 ` [PATCH v2 11/11] ls-refs: reject unknown arguments Jeff King
2021-09-15 0:09 ` Ævar Arnfjörð Bjarmason
2021-09-15 16:25 ` Jeff King
2021-09-15 4:17 ` [PATCH v2 0/11] limit memory allocations for v2 servers Taylor Blau
2021-09-15 18:33 ` Jeff King
2021-09-15 18:34 ` [PATCH v3 " Jeff King
2021-09-15 18:35 ` [PATCH v3 01/11] serve: rename is_command() to parse_command() Jeff King
2021-09-15 18:35 ` [PATCH v3 02/11] serve: return capability "value" from get_capability() Jeff King
2021-09-15 18:35 ` [PATCH v3 03/11] serve: add "receive" method for v2 capabilities table Jeff King
2021-09-15 18:35 ` [PATCH v3 04/11] serve: provide "receive" function for object-format capability Jeff King
2021-09-15 18:35 ` [PATCH v3 05/11] serve: provide "receive" function for session-id capability Jeff King
2021-09-15 18:35 ` [PATCH v3 06/11] serve: drop "keys" strvec Jeff King
2021-09-15 18:35 ` [PATCH v3 07/11] ls-refs: ignore very long ref-prefix counts Jeff King
2021-09-15 18:35 ` [PATCH v3 08/11] docs/protocol-v2: clarify some ls-refs ref-prefix details Jeff King
2021-09-15 18:36 ` [PATCH v3 09/11] serve: reject bogus v2 "command=ls-refs=foo" Jeff King
2021-09-15 18:36 ` [PATCH v3 10/11] serve: reject commands used as capabilities Jeff King
2021-09-15 18:36 ` [PATCH v3 11/11] ls-refs: reject unknown arguments Jeff King
2021-09-15 0:25 ` [PATCH 0/9] reducing memory allocations for v2 servers Ævar Arnfjörð Bjarmason
2021-09-15 16:41 ` Jeff King
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=YUD2ZEqKSU/pMzws@coredump.intra.peff.net \
--to=peff@peff.net \
--cc=avarab@gmail.com \
--cc=git@vger.kernel.org \
--cc=martin.agren@gmail.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).