Skip to content

Latest commit

 

History

History
314 lines (245 loc) · 14.9 KB

design_notes.md

File metadata and controls

314 lines (245 loc) · 14.9 KB

Design notes

(I wrote some high-level design observations in a blog post, whose contents maybe ought to migrate here.)

Build states

While building, we have a bunch of Build objects that represent individual build steps that go through a series of states. Here I give a picture about how those states work.

Imagine a hypothetical build, represented here by a series of boxes with arrows representing outputs. n2 models both builds and files in its graph because build steps may produce more than one output, so it's more complex than this, but it will do for this discussion. Builds start in the Unknown state, just a default state shown here in gray.

The user requests bringing some build up to date which we mark by the Want state, and traverse the dependencies backwards to mark all inputs also as Want.

Any build that doesn't depend on another build is marked Ready.

The main loop pops a Ready build and examines its inputs/output to judge whether it needs to be brought up to date. Here, we examined the upper left build and determined it was already up to date and marked it Done.

For each downstream output of that build, we check whether all the inputs to that output are Done and if so, we mark it Ready. This makes the build to the right Ready. Note that Ready means "ready to be checked for up-to-date-ness", and is purely a function of which builds we've checked off and not any on-disk file state.

In the next iteration of the loop we pop the lower left Ready and determine it is out of date. It then moves to state Queued and added to the relevant pool.

Concurrently with visiting Ready builds, if we have available execution parallelism, we examine all the pools that have spare depth for any Queued builds and start executing those tasks, moving the build to the Running state. For example, this build might be in the console pool, which has depth=1 meaning that pool can only run one build step at a time, which means it might remain Queued if we're already running a build in that pool.

And similarly, if any running builds complete, we move them to the Done state and repeat the same logic done above to mark downstream builds Ready.

There is more to this. For example there's a Failed state, which is used in builds with the -k flag, that lets us keep running even when some build steps fail. But the above is most of the picture.

Missing files

What happens if a file referenced in a build rule isn't present?

For the purpose of ordering: a build is "ready" when all dependent builds have been brought up to date, and that is independent of whether the files are present or not.

Ninja was pretty lax about missing files. If one step generated a file and a later step consumed it, nothing verified whether that file was actually produced; Ninja just ran the steps in order. So to follow Ninja, n2 also allows any file required by a build step to be absent as long as it is declared to be generated by another build step.

In particular, here are some use cases:

  • A missing output, after a build runs, is allowed. This is used in build files as a marker for build rules that want to always run.
  • Build steps that only have order-only dependencies on another step don't need any files on disk for n2 manage their relative order.
  • Discovered inputs may disappear without breaking builds. Imagine a C file that includes a header. After building, we note that changes to the header should prompt a rebuild. But if you remove the include and the header file at the same time, we should still allow you to build despite the historical dependency.

But if any of those files are missing we call the step dirty without bothering to compute a hash. In this manner we never compute a hash involving any missing files.

Further, CMake generates Ninja files that claim a build step generates a depfile when it doesn't. Ninja treats this as an empty depfile, not an error. (See #80.)

Parsing

Parsing .ninja files is part of the critical path for n2, because it must be complete before any other work can be done. Some properties of the n2 parser that break abstraction to this end:

  • There is no separate lexer. Ninja syntax is not really lexer friendly in the first place.
  • When possible, $variable expansions happen as they're encountered, so that we don't need to build up a parsed representation of strings and carry around variable environments.
  • Parsed entities that deal with paths are generic over a Path type, and path strings are converted to Paths as they are parsed. (In practice the Path type is graph::FileId, but the parsing code isn't aware of this type directly.) This (and the previous bullet) allows the parser to reuse a single String buffer when parsing paths, which is the bulk of what the parser does.

Unicode

Ninja was intentionally "encoding agnostic", which is to say it treated input build files as any byte stream that is ASCII compatible. In other words, any string of bytes found in a build.ninja is passed verbatim through printing to stdout and to the OS for path operations, which meant Ninja was compatible with both UTF-8 and other encodings where slashes were the ASCII slash byte. The intent is that those other encodings occur on Linuxes, especially in East Asia, and also it means Ninja doesn't need any specific handling of even UTF-8.

It looks like since my time, Ninja on Windows changed to require UTF-8 in its input files. As you can see from the comments on that bug, this was a breaking change in an area that is unfortunately pretty subtle.

Windows is particularly fiddly not only because its native path representation is UTF-16 -- which is incompatible with the original byte stream assumption made by Ninja and which requires conversions -- but further because Ninja needs to parse the /showIncludes output from the MSVC compiler, which includes localized strings. See the msvc_deps_prefix variable in the Ninja docs on deps handling. There have been lots of bug reports over the years from people with Chinese output that is failing to parse right due to Windows code page mess.

For these reasons it's not clear to me that it's a better design to require input files to always be UTF-8. Perhaps in a UTF-8 world if you needed something other than UTF-8 in your msvc_deps_prefix we could provide some mechanism to encode escaped byte strings in the file, but it feels pretty gross.

Path handling and Unicode safety

In any case, n2 doesn't support any of this for now, and instead just follows old Ninja in treating paths as bytes. This will work up until people start attempting to use n2 with Chinese versions of Visual Studio, I guess.

Concretely, we currently use Rust String for all paths and file contents, but internally interpret them as as bytes (not UTF-8) including using unsafe sometimes to convert. Based on my superficial understanding of how safety relates to UTF-8 in Rust strings, it's probably harmless given that we never treat strings as Unicode, but it's also possible some code outside of our control relies on this. But it does mean there's some extra unsafes in the code, and some of them are possibly actually doing something bad.

This has made some people upset, but in reality this is just some hobbyist code and non-ASCII build files are not at the top of my worries. Changing the type of strings to bags of bytes is a relatively straightforward but extremely tedious change, with impact on not only paths but also console output, error messages, debugging, etc. And it's ultimately not clear that using bags of bytes or even UTF-8 is the desired end state, so it's probably not worth doing until I figure that out.

Tracking build state

While building, we have a bunch of Build objects that represent individual build steps that go through a series of states. To represent these well I went through a few patterns and eventually came up with a design I'm pretty happy with.

First, for each Build we store its current state. This lets us quickly answer questions like "is the build id X ready or not?" (You could imagine storing this directly in the Build or in a side HashMap from id to state, but that's an implementation detail.) We use this for things like tracking whether we've already visited a given Build when doing a traveral of the graph while loading. This also has the benefit of ensuring a given Build is always in exactly one known state.

Second, we store data structures on the side for states where we care about having quicker views onto this state. The idea here is that depending on the particular needs of a given state we can model those needs specially. For example, we need to be able to grab the next Ready build to work on it, so there's a VecDeque holding those, while builds that go into the Queued state queue into separate run pools, and builds that are Running are just tracked with an integer counter on the run pool.

Spawning subprocesses

Ninja (and n2) use posix_spawn to spawn subprocesses (on non-Windows). I saw a blog post recently that called posix_spawn something like a bloated wrapper for simpler primitives, but another view on it is is that posix_spawn has the platform-local libc's author's best knowledge about how to safely run processes.

In particular, I was surprised to learn that Rust's built-in process spawning library leaks file descriptors. (See also the upstream Rust bug, which says Cargo also ran into this.)

Subprocess command lines

Ninja (and n2) model the commands they execute as strings, in that the build file language has you construct a command = ... string. However, on Unixes commands are fundamentally arrays of arguments. To convert a string to an array there must be some sort of parsing, and for this purpose we use /bin/sh to execute subcommands.

/bin/sh is well-specified by POSIX and has the semantics everyone expects for how commands work, from quoting to $FOO-style environment expansion to a && b job control, pipelines, and so on. And it's also used everywhere on Unixes so it is fast.

However it has some downsides, particularly in that it means the person generating the .ninja file has to know about these rules as well. For example, consider a build rule like this:

build foo$ bar baz: ...
  command = pummel $out

Per the Ninja syntax rules (which are not the shell rules), that build has two outputs, the files foo bar and baz. The Ninja variable $out then expands to the string foo bar baz, and once the shell parses the command line the pummel command receives three arguments in argv: foo, bar, and baz, which is not what you wanted.

For these kinds of problems there are further shell tricks around handling spaces like how the string "$@" is expanded. In Ninja's case, we have the escape hatch that the .ninja file author can just provide the extra text explicitly, like in this bug report and workaround. It's pretty unsatisfying though.

In principle, it might be a better design for the Ninja language to instead have an array type that would allow us to construct an argv array directly. This would avoid shell-related quoting issues and save us a /bin/sh invocation on each process spawn. However, this is a pretty large departure from how Ninja currently works.

Additionally, on Windows the platform behavior is reversed. On Windows command lines are fundamentally strings, and it's up to each executable to interpret those strings as they want. (Does this seem like a recipe for bugs? Yes it does. See this blog post's "Command lines" section for more on this.) So even if Ninja did work with arrays we'd then need some sort of stringification for Windows.

On the subject of Windows: Ninja (and n2) spawn processes directly without an intervening shell. This has the consequence that commands like my-compiler && echo hello do not what you'd expect; the opposite of the Ninja behavior on Unixes. The build.ninja author instead has to themselves write out cmd /c my-command if they want the shell involved. We did this only because (in my recollection) the overhead of spawning cmd on Windows was noticeable. And further, cmd randomly limits its argument to 8kb.

PS: in writing this section I noticed that cmd has terrifying quoting rules.

Variable scope

Ninja syntactic structures (build, rule) are at some level just lists of key-value bindings that ultimately combine to set properties such as the command = ... command line on individual build steps. Additionally, bindings can be referenced by other bindings via the $foo or ${foo} syntax.

Together this means variable lookup ("who sets the command attribute?") and evaluation ("given command = $foo, who defines foo?") traverse through a hierarchy of scopes.

The original intent was this was simple enough that the behavior is straightforward, which in retrospect's insight really just means "underspecified". I was working with some simple use cases like "override a C compiler flag in an otherwise simple build file". Forgive me! I hacked Ninja together in a few weekends and made the all too easy mistake of "this is so simple I don't really need to think it through".

Unfortunately, Hyrum's Law means that Ninja files in the wild depend on whatever the Ninja implementation allows, which ends up being complex. Since my time someone added a thing that even detects loops between variable references!

I don't think it's really worth fleshing out all the idiosyncracies of Ninja's implementation as long as existing builds work, so here I hope to only write down the details that matter.

Edge lookup

Given a build, what is its command? (Ninja calls build blocks "edges", which I will use here to reduce confusion with other "build" usages.)

Ninja evaluates edge variable lookup in the following order:

  1. magic $in/$out
  2. edge attributes, expanded with file as scope
  3. rule attributes, expanded with edge as scope (this very list!)

Cycles

Ninja has particular behaviors around variable references found within the same scope. Consider:

var = 1
var = ${var}2
rule ...
  command = echo $depfile
  depfile = abc

In Ninja, the value of var is 12: the assignments proceed from top down. But within a rule block, the variable lookup of $depfile instead refers forward to abc, which means there is a possibility of circular references(!).