Mercurial > hgbook
view en/concepts.tex @ 269:abfe426f7e08
Kill off the hideous pink text from HTML.
author | Bryan O'Sullivan <bos@serpentine.com> |
---|---|
date | Fri, 31 Aug 2007 12:56:49 -0700 |
parents | 8c15549666fa |
children | 97e929385442 |
line wrap: on
line source
\chapter{Behind the scenes} \label{chap:concepts} Unlike many revision control systems, the concepts upon which Mercurial is built are simple enough that it's easy to understand how the software really works. Knowing this certainly isn't necessary, but I find it useful to have a ``mental model'' of what's going on. This understanding gives me confidence that Mercurial has been carefully designed to be both \emph{safe} and \emph{efficient}. And just as importantly, if it's easy for me to retain a good idea of what the software is doing when I perform a revision control task, I'm less likely to be surprised by its behaviour. In this chapter, we'll initially cover the core concepts behind Mercurial's design, then continue to discuss some of the interesting details of its implementation. \section{Mercurial's historical record} \subsection{Tracking the history of a single file} When Mercurial tracks modifications to a file, it stores the history of that file in a metadata object called a \emph{filelog}. Each entry in the filelog contains enough information to reconstruct one revision of the file that is being tracked. Filelogs are stored as files in the \sdirname{.hg/store/data} directory. A filelog contains two kinds of information: revision data, and an index to help Mercurial to find a revision efficiently. A file that is large, or has a lot of history, has its filelog stored in separate data (``\texttt{.d}'' suffix) and index (``\texttt{.i}'' suffix) files. For small files without much history, the revision data and index are combined in a single ``\texttt{.i}'' file. The correspondence between a file in the working directory and the filelog that tracks its history in the repository is illustrated in figure~\ref{fig:concepts:filelog}. \begin{figure}[ht] \centering \grafix{filelog} \caption{Relationships between files in working directory and filelogs in repository} \label{fig:concepts:filelog} \end{figure} \subsection{Managing tracked files} Mercurial uses a structure called a \emph{manifest} to collect together information about the files that it tracks. Each entry in the manifest contains information about the files present in a single changeset. An entry records which files are present in the changeset, the revision of each file, and a few other pieces of file metadata. \subsection{Recording changeset information} The \emph{changelog} contains information about each changeset. Each revision records who committed a change, the changeset comment, other pieces of changeset-related information, and the revision of the manifest to use. \subsection{Relationships between revisions} Within a changelog, a manifest, or a filelog, each revision stores a pointer to its immediate parent (or to its two parents, if it's a merge revision). As I mentioned above, there are also relationships between revisions \emph{across} these structures, and they are hierarchical in nature. For every changeset in a repository, there is exactly one revision stored in the changelog. Each revision of the changelog contains a pointer to a single revision of the manifest. A revision of the manifest stores a pointer to a single revision of each filelog tracked when that changeset was created. These relationships are illustrated in figure~\ref{fig:concepts:metadata}. \begin{figure}[ht] \centering \grafix{metadata} \caption{Metadata relationships} \label{fig:concepts:metadata} \end{figure} As the illustration shows, there is \emph{not} a ``one to one'' relationship between revisions in the changelog, manifest, or filelog. If the manifest hasn't changed between two changesets, the changelog entries for those changesets will point to the same revision of the manifest. If a file that Mercurial tracks hasn't changed between two changesets, the entry for that file in the two revisions of the manifest will point to the same revision of its filelog. \section{Safe, efficient storage} The underpinnings of changelogs, manifests, and filelogs are provided by a single structure called the \emph{revlog}. \subsection{Efficient storage} The revlog provides efficient storage of revisions using a \emph{delta} mechanism. Instead of storing a complete copy of a file for each revision, it stores the changes needed to transform an older revision into the new revision. For many kinds of file data, these deltas are typically a fraction of a percent of the size of a full copy of a file. Some obsolete revision control systems can only work with deltas of text files. They must either store binary files as complete snapshots or encoded into a text representation, both of which are wasteful approaches. Mercurial can efficiently handle deltas of files with arbitrary binary contents; it doesn't need to treat text as special. \subsection{Safe operation} \label{sec:concepts:txn} Mercurial only ever \emph{appends} data to the end of a revlog file. It never modifies a section of a file after it has written it. This is both more robust and efficient than schemes that need to modify or rewrite data. In addition, Mercurial treats every write as part of a \emph{transaction} that can span a number of files. A transaction is \emph{atomic}: either the entire transaction succeeds and its effects are all visible to readers in one go, or the whole thing is undone. This guarantee of atomicity means that if you're running two copies of Mercurial, where one is reading data and one is writing it, the reader will never see a partially written result that might confuse it. The fact that Mercurial only appends to files makes it easier to provide this transactional guarantee. The easier it is to do stuff like this, the more confident you should be that it's done correctly. \subsection{Fast retrieval} Mercurial cleverly avoids a pitfall common to all earlier revision control systems: the problem of \emph{inefficient retrieval}. Most revision control systems store the contents of a revision as an incremental series of modifications against a ``snapshot''. To reconstruct a specific revision, you must first read the snapshot, and then every one of the revisions between the snapshot and your target revision. The more history that a file accumulates, the more revisions you must read, hence the longer it takes to reconstruct a particular revision. \begin{figure}[ht] \centering \grafix{snapshot} \caption{Snapshot of a revlog, with incremental deltas} \label{fig:concepts:snapshot} \end{figure} The innovation that Mercurial applies to this problem is simple but effective. Once the cumulative amount of delta information stored since the last snapshot exceeds a fixed threshold, it stores a new snapshot (compressed, of course), instead of another delta. This makes it possible to reconstruct \emph{any} revision of a file quickly. This approach works so well that it has since been copied by several other revision control systems. Figure~\ref{fig:concepts:snapshot} illustrates the idea. In an entry in a revlog's index file, Mercurial stores the range of entries from the data file that it must read to reconstruct a particular revision. \subsubsection{Aside: the influence of video compression} If you're familiar with video compression or have ever watched a TV feed through a digital cable or satellite service, you may know that most video compression schemes store each frame of video as a delta against its predecessor frame. In addition, these schemes use ``lossy'' compression techniques to increase the compression ratio, so visual errors accumulate over the course of a number of inter-frame deltas. Because it's possible for a video stream to ``drop out'' occasionally due to signal glitches, and to limit the accumulation of artefacts introduced by the lossy compression process, video encoders periodically insert a complete frame (called a ``key frame'') into the video stream; the next delta is generated against that frame. This means that if the video signal gets interrupted, it will resume once the next key frame is received. Also, the accumulation of encoding errors restarts anew with each key frame. \subsection{Identification and strong integrity} Along with delta or snapshot information, a revlog entry contains a cryptographic hash of the data that it represents. This makes it difficult to forge the contents of a revision, and easy to detect accidental corruption. Hashes provide more than a mere check against corruption; they are used as the identifiers for revisions. The changeset identification hashes that you see as an end user are from revisions of the changelog. Although filelogs and the manifest also use hashes, Mercurial only uses these behind the scenes. Mercurial verifies that hashes are correct when it retrieves file revisions and when it pulls changes from another repository. If it encounters an integrity problem, it will complain and stop whatever it's doing. In addition to the effect it has on retrieval efficiency, Mercurial's use of periodic snapshots makes it more robust against partial data corruption. If a revlog becomes partly corrupted due to a hardware error or system bug, it's often possible to reconstruct some or most revisions from the uncorrupted sections of the revlog, both before and after the corrupted section. This would not be possible with a delta-only storage model. \section{Revision history, branching, and merging} Every entry in a Mercurial revlog knows the identity of its immediate ancestor revision, usually referred to as its \emph{parent}. In fact, a revision contains room for not one parent, but two. Mercurial uses a special hash, called the ``null ID'', to represent the idea ``there is no parent here''. This hash is simply a string of zeroes. In figure~\ref{fig:concepts:revlog}, you can see an example of the conceptual structure of a revlog. Filelogs, manifests, and changelogs all have this same structure; they differ only in the kind of data stored in each delta or snapshot. The first revision in a revlog (at the bottom of the image) has the null ID in both of its parent slots. For a ``normal'' revision, its first parent slot contains the ID of its parent revision, and its second contains the null ID, indicating that the revision has only one real parent. Any two revisions that have the same parent ID are branches. A revision that represents a merge between branches has two normal revision IDs in its parent slots. \begin{figure}[ht] \centering \grafix{revlog} \caption{} \label{fig:concepts:revlog} \end{figure} \section{The working directory} In the working directory, Mercurial stores a snapshot of the files from the repository as of a particular changeset. The working directory ``knows'' which changeset it contains. When you update the working directory to contain a particular changeset, Mercurial looks up the appropriate revision of the manifest to find out which files it was tracking at the time that changeset was committed, and which revision of each file was then current. It then recreates a copy of each of those files, with the same contents it had when the changeset was committed. The \emph{dirstate} contains Mercurial's knowledge of the working directory. This details which changeset the working directory is updated to, and all of the files that Mercurial is tracking in the working directory. Just as a revision of a revlog has room for two parents, so that it can represent either a normal revision (with one parent) or a merge of two earlier revisions, the dirstate has slots for two parents. When you use the \hgcmd{update} command, the changeset that you update to is stored in the ``first parent'' slot, and the null ID in the second. When you \hgcmd{merge} with another changeset, the first parent remains unchanged, and the second parent is filled in with the changeset you're merging with. The \hgcmd{parents} command tells you what the parents of the dirstate are. \subsection{What happens when you commit} The dirstate stores parent information for more than just book-keeping purposes. Mercurial uses the parents of the dirstate as \emph{the parents of a new changeset} when you perform a commit. \begin{figure}[ht] \centering \grafix{wdir} \caption{The working directory can have two parents} \label{fig:concepts:wdir} \end{figure} Figure~\ref{fig:concepts:wdir} shows the normal state of the working directory, where it has a single changeset as parent. That changeset is the \emph{tip}, the newest changeset in the repository that has no children. \begin{figure}[ht] \centering \grafix{wdir-after-commit} \caption{The working directory gains new parents after a commit} \label{fig:concepts:wdir-after-commit} \end{figure} It's useful to think of the working directory as ``the changeset I'm about to commit''. Any files that you tell Mercurial that you've added, removed, renamed, or copied will be reflected in that changeset, as will modifications to any files that Mercurial is already tracking; the new changeset will have the parents of the working directory as its parents. After a commit, Mercurial will update the parents of the working directory, so that the first parent is the ID of the new changeset, and the second is the null ID. This is shown in figure~\ref{fig:concepts:wdir-after-commit}. Mercurial doesn't touch any of the files in the working directory when you commit; it just modifies the dirstate to note its new parents. \subsection{Creating a new head} It's perfectly normal to update the working directory to a changeset other than the current tip. For example, you might want to know what your project looked like last Tuesday, or you could be looking through changesets to see which one introduced a bug. In cases like this, the natural thing to do is update the working directory to the changeset you're interested in, and then examine the files in the working directory directly to see their contents as they werea when you committed that changeset. The effect of this is shown in figure~\ref{fig:concepts:wdir-pre-branch}. \begin{figure}[ht] \centering \grafix{wdir-pre-branch} \caption{The working directory, updated to an older changeset} \label{fig:concepts:wdir-pre-branch} \end{figure} Having updated the working directory to an older changeset, what happens if you make some changes, and then commit? Mercurial behaves in the same way as I outlined above. The parents of the working directory become the parents of the new changeset. This new changeset has no children, so it becomes the new tip. And the repository now contains two changesets that have no children; we call these \emph{heads}. You can see the structure that this creates in figure~\ref{fig:concepts:wdir-branch}. \begin{figure}[ht] \centering \grafix{wdir-branch} \caption{After a commit made while synced to an older changeset} \label{fig:concepts:wdir-branch} \end{figure} \begin{note} If you're new to Mercurial, you should keep in mind a common ``error'', which is to use the \hgcmd{pull} command without any options. By default, the \hgcmd{pull} command \emph{does not} update the working directory, so you'll bring new changesets into your repository, but the working directory will stay synced at the same changeset as before the pull. If you make some changes and commit afterwards, you'll thus create a new head, because your working directory isn't synced to whatever the current tip is. I put the word ``error'' in quotes because all that you need to do to rectify this situation is \hgcmd{merge}, then \hgcmd{commit}. In other words, this almost never has negative consequences; it just surprises people. I'll discuss other ways to avoid this behaviour, and why Mercurial behaves in this initially surprising way, later on. \end{note} \subsection{Merging heads} When you run the \hgcmd{merge} command, Mercurial leaves the first parent of the working directory unchanged, and sets the second parent to the changeset you're merging with, as shown in figure~\ref{fig:concepts:wdir-merge}. \begin{figure}[ht] \centering \grafix{wdir-merge} \caption{Merging two heads} \label{fig:concepts:wdir-merge} \end{figure} Mercurial also has to modify the working directory, to merge the files managed in the two changesets. Simplified a little, the merging process goes like this, for every file in the manifests of both changesets. \begin{itemize} \item If neither changeset has modified a file, do nothing with that file. \item If one changeset has modified a file, and the other hasn't, create the modified copy of the file in the working directory. \item If one changeset has removed a file, and the other hasn't (or has also deleted it), delete the file from the working directory. \item If one changeset has removed a file, but the other has modified the file, ask the user what to do: keep the modified file, or remove it? \item If both changesets have modified a file, invoke an external merge program to choose the new contents for the merged file. This may require input from the user. \item If one changeset has modified a file, and the other has renamed or copied the file, make sure that the changes follow the new name of the file. \end{itemize} There are more details---merging has plenty of corner cases---but these are the most common choices that are involved in a merge. As you can see, most cases are completely automatic, and indeed most merges finish automatically, without requiring your input to resolve any conflicts. When you're thinking about what happens when you commit after a merge, once again the working directory is ``the changeset I'm about to commit''. After the \hgcmd{merge} command completes, the working directory has two parents; these will become the parents of the new changeset. Mercurial lets you perform multiple merges, but you must commit the results of each individual merge as you go. This is necessary because Mercurial only tracks two parents for both revisions and the working directory. While it would be technically possible to merge multiple changesets at once, the prospect of user confusion and making a terrible mess of a merge immediately becomes overwhelming. \section{Other interesting design features} In the sections above, I've tried to highlight some of the most important aspects of Mercurial's design, to illustrate that it pays careful attention to reliability and performance. However, the attention to detail doesn't stop there. There are a number of other aspects of Mercurial's construction that I personally find interesting. I'll detail a few of them here, separate from the ``big ticket'' items above, so that if you're interested, you can gain a better idea of the amount of thinking that goes into a well-designed system. \subsection{Clever compression} When appropriate, Mercurial will store both snapshots and deltas in compressed form. It does this by always \emph{trying to} compress a snapshot or delta, but only storing the compressed version if it's smaller than the uncompressed version. This means that Mercurial does ``the right thing'' when storing a file whose native form is compressed, such as a \texttt{zip} archive or a JPEG image. When these types of files are compressed a second time, the resulting file is usually bigger than the once-compressed form, and so Mercurial will store the plain \texttt{zip} or JPEG. Deltas between revisions of a compressed file are usually larger than snapshots of the file, and Mercurial again does ``the right thing'' in these cases. It finds that such a delta exceeds the threshold at which it should store a complete snapshot of the file, so it stores the snapshot, again saving space compared to a naive delta-only approach. \subsubsection{Network recompression} When storing revisions on disk, Mercurial uses the ``deflate'' compression algorithm (the same one used by the popular \texttt{zip} archive format), which balances good speed with a respectable compression ratio. However, when transmitting revision data over a network connection, Mercurial uncompresses the compressed revision data. If the connection is over HTTP, Mercurial recompresses the entire stream of data using a compression algorithm that gives a better compression ratio (the Burrows-Wheeler algorithm from the widely used \texttt{bzip2} compression package). This combination of algorithm and compression of the entire stream (instead of a revision at a time) substantially reduces the number of bytes to be transferred, yielding better network performance over almost all kinds of network. (If the connection is over \command{ssh}, Mercurial \emph{doesn't} recompress the stream, because \command{ssh} can already do this itself.) \subsection{Read/write ordering and atomicity} Appending to files isn't the whole story when it comes to guaranteeing that a reader won't see a partial write. If you recall figure~\ref{fig:concepts:metadata}, revisions in the changelog point to revisions in the manifest, and revisions in the manifest point to revisions in filelogs. This hierarchy is deliberate. A writer starts a transaction by writing filelog and manifest data, and doesn't write any changelog data until those are finished. A reader starts by reading changelog data, then manifest data, followed by filelog data. Since the writer has always finished writing filelog and manifest data before it writes to the changelog, a reader will never read a pointer to a partially written manifest revision from the changelog, and it will never read a pointer to a partially written filelog revision from the manifest. \subsection{Concurrent access} The read/write ordering and atomicity guarantees mean that Mercurial never needs to \emph{lock} a repository when it's reading data, even if the repository is being written to while the read is occurring. This has a big effect on scalability; you can have an arbitrary number of Mercurial processes safely reading data from a repository safely all at once, no matter whether it's being written to or not. The lockless nature of reading means that if you're sharing a repository on a multi-user system, you don't need to grant other local users permission to \emph{write} to your repository in order for them to be able to clone it or pull changes from it; they only need \emph{read} permission. (This is \emph{not} a common feature among revision control systems, so don't take it for granted! Most require readers to be able to lock a repository to access it safely, and this requires write permission on at least one directory, which of course makes for all kinds of nasty and annoying security and administrative problems.) Mercurial uses locks to ensure that only one process can write to a repository at a time (the locking mechanism is safe even over filesystems that are notoriously hostile to locking, such as NFS). If a repository is locked, a writer will wait for a while to retry if the repository becomes unlocked, but if the repository remains locked for too long, the process attempting to write will time out after a while. This means that your daily automated scripts won't get stuck forever and pile up if a system crashes unnoticed, for example. (Yes, the timeout is configurable, from zero to infinity.) \subsubsection{Safe dirstate access} As with revision data, Mercurial doesn't take a lock to read the dirstate file; it does acquire a lock to write it. To avoid the possibility of reading a partially written copy of the dirstate file, Mercurial writes to a file with a unique name in the same directory as the dirstate file, then renames the temporary file atomically to \filename{dirstate}. The file named \filename{dirstate} is thus guaranteed to be complete, not partially written. \subsection{Avoiding seeks} Critical to Mercurial's performance is the avoidance of seeks of the disk head, since any seek is far more expensive than even a comparatively large read operation. This is why, for example, the dirstate is stored in a single file. If there were a dirstate file per directory that Mercurial tracked, the disk would seek once per directory. Instead, Mercurial reads the entire single dirstate file in one step. Mercurial also uses a ``copy on write'' scheme when cloning a repository on local storage. Instead of copying every revlog file from the old repository into the new repository, it makes a ``hard link'', which is a shorthand way to say ``these two names point to the same file''. When Mercurial is about to write to one of a revlog's files, it checks to see if the number of names pointing at the file is greater than one. If it is, more than one repository is using the file, so Mercurial makes a new copy of the file that is private to this repository. A few revision control developers have pointed out that this idea of making a complete private copy of a file is not very efficient in its use of storage. While this is true, storage is cheap, and this method gives the highest performance while deferring most book-keeping to the operating system. An alternative scheme would most likely reduce performance and increase the complexity of the software, each of which is much more important to the ``feel'' of day-to-day use. \subsection{Other contents of the dirstate} Because Mercurial doesn't force you to tell it when you're modifying a file, it uses the dirstate to store some extra information so it can determine efficiently whether you have modified a file. For each file in the working directory, it stores the time that it last modified the file itself, and the size of the file at that time. When you explicitly \hgcmd{add}, \hgcmd{remove}, \hgcmd{rename} or \hgcmd{copy} files, Mercurial updates the dirstate so that it knows what to do with those files when you commit. When Mercurial is checking the states of files in the working directory, it first checks a file's modification time. If that has not changed, the file must not have been modified. If the file's size has changed, the file must have been modified. If the modification time has changed, but the size has not, only then does Mercurial need to read the actual contents of the file to see if they've changed. Storing these few extra pieces of information dramatically reduces the amount of data that Mercurial needs to read, which yields large performance improvements compared to other revision control systems. %%% Local Variables: %%% mode: latex %%% TeX-master: "00book" %%% End: