• Nicolas Pitre's avatar
    compute a CRC32 for each object as stored in a pack · 78d1e84f
    Nicolas Pitre authored
    The most important optimization for performance when repacking is the
    ability to reuse data from a previous pack as is and bypass any delta
    or even SHA1 computation by simply copying the raw data from one pack
    to another directly.
    
    The problem with  this is that any data corruption within a copied object
    would go unnoticed and the new (repacked) pack would be self-consistent
    with its own checksum despite containing a corrupted object.  This is a
    real issue that already happened at least once in the past.
    
    In some attempt to prevent this, we validate the copied data by inflating
    it and making sure no error is signaled by zlib.  But this is still not
    perfect as a significant portion of a pack content is made of object
    headers and references to delta base objects which are not deflated and
    therefore not validated when repacking actually making the pack data reuse
    still not as safe as it could be.
    
    Of course a full SHA1 validation could be performed, but that implies
    full data inflating and delta replaying which is extremely costly, which
    cost the data reuse optimization was designed to avoid in the first place.
    
    So the best solution to this is simply to store a CRC32 of the raw pack
    data for each object in the pack index.  This way any object in a pack can
    be validated before being copied as is in another pack, including header
    and any other non deflated data.
    
    Why CRC32 instead of a faster checksum like Adler32?  Quoting Wikipedia:
    
       Jonathan Stone discovered in 2001 that Adler-32 has a weakness for very
       short messages. He wrote "Briefly, the problem is that, for very short
       packets, Adler32 is guaranteed to give poor coverage of the available
       bits. Don't take my word for it, ask Mark Adler. :-)" The problem is
       that sum A does not wrap for short messages. The maximum value of A for
       a 128-byte message is 32640, which is below the value 65521 used by the
       modulo operation. An extended explanation can be found in RFC 3309,
       which mandates the use of CRC32 instead of Adler-32 for SCTP, the
       Stream Control Transmission Protocol.
    
    In the context of a GIT pack, we have lots of small objects, especially
    deltas, which are likely to be quite small and in a size range for which
    Adler32 is dimed not to be sufficient.  Another advantage of CRC32 is the
    possibility for recovery from certain types of small corruptions like
    single bit errors which are the most probable type of corruptions.
    
    OK what this patch does is to compute the CRC32 of each object written to
    a pack within pack-objects.  It is not written to the index yet and it is
    obviously not validated when reusing pack data yet either.
    Signed-off-by: default avatarNicolas Pitre <[email protected]>
    Signed-off-by: default avatarJunio C Hamano <[email protected]>
    78d1e84f
csum-file.h 686 Bytes