cc @JDevlieghere

Was looking at an issue caused by over-eager RedirectingFileSystem path canonicalization and this patch fixes it. The repro we have is more complicated (involves 3 modules), so I don't think it is worth including with this change.

I'm sure I'm missing something, but after rereading the patch several times I still don't see the functional change. It just looks like it's renaming every instance of Path to CanonicalPath and Path_ to Path?

In D109128#2982780, @JDevlieghere wrote:

I'm sure I'm missing something, but after rereading the patch several times I still don't see the functional change. It just looks like it's renaming every instance of Path to CanonicalPath and Path_ to Path?

The functional change is not changing line 2016 and 2029 to use the newly named CanonicalPath when they did before. This was a bit more clear before I changed that variable name (but this is overall better IMO)

I think I might have to apply this same logic to the other functions changed in the original commit as well, this seems to solve this isolated case, but I think there are some more cases that aren't currently fixed by this

I'm realizing more now that these changes break the original intent of rG0be9ca7c0f9a733f846bb6bc4e8e36d46b518162 as well, given that it seems like the core canonicalization of the path before passing it down was the intent, but that's also the part that appears to be causing the issue. @JDevlieghere I would definitely appreciate some advice here, I'm still trying to see if I can satisfy the new test case without breaking the tests you changed, but I think they might fundamentally be at odds

Keith and I discussed this offline. My suggestion was to do the following:

1. Check the overlay for the canonicalized path
2. Check the fall-through for the canonicalized path
3. Check the fall-through for the original path

If I understand correctly, this patch does that, but swaps 2 and 3. What's the motivation for trying the non-canonical path first? If we treat the current working directory as a property directory (which is what the canonicalization is all about), then it seems like we should exhaust those options first.

In D109128#2997588, @JDevlieghere wrote:

If I understand correctly, this patch does that, but swaps 2 and 3. What's the motivation for trying the non-canonical path first? If we treat the current working directory as a property directory (which is what the canonicalization is all about), then it seems like we should exhaust those options first.

Using the canonical path first is the root of the problem, using that first the behavior to return the absolute path virtually always, for example in my new test these assertions

EXPECT_EQ("a", Name.get());
EXPECT_EQ("a", OpenedS->getName());

fail and would have to be converted to:

EXPECT_EQ("//root/foo/a", Name.get());
EXPECT_EQ("//root/foo/a", OpenedS->getName());

In D109128#2997588, @JDevlieghere wrote:

Keith and I discussed this offline. My suggestion was to do the following:

1. Check the overlay for the canonicalized path
2. Check the fall-through for the canonicalized path
3. Check the fall-through for the original path

I'm not sure it's correct to do (3) at all...

In D109128#2997787, @keith wrote:

In D109128#2997588, @JDevlieghere wrote:

If I understand correctly, this patch does that, but swaps 2 and 3. What's the motivation for trying the non-canonical path first? If we treat the current working directory as a property directory (which is what the canonicalization is all about), then it seems like we should exhaust those options first.

Using the canonical path first is the root of the problem, using that first the behavior to return the absolute path virtually always, for example in my new test these assertions

I think the problem is that we've been conflating two separate things:

• The path used internally to find the filesystem object.
• The path reported back to the user.

I assert that the path used internally to find the filesystem object should always/only be the canonical path.

1. Check the overlay for the canonicalized path.
2. Check the fall-through for the canonicalized path.

But the path reported back to the user should almost always be the original path used for lookup. ONLY when the path was found in the overlay with "use-external-names" should it be modified at all.

I think this could be implemented by with the help of adding the following APIs to vfs::File:

class File {
public:
  // Get the same file wrapped with a different reported path.
  static std::unique_ptr<File> getWithPath(std::unique_ptr<File> F,
                                           const Twine &P);

protected:
  // API for mutating the path. Override to avoid needing a wrapper
  // object for File::getWithPath.
  virtual bool setPath(const Twine &Path) { return false; }
};

then getWithPath can be:

namespace {
class WrapperFile : public File { /* Change the observed path */ };
}

std::unique_ptr<File> File::getWithPath(std::unique_ptr<File> F, const Twine &P) {
  if (F->setPath(P))
    return F;
  return std::make_unique<WrapperFile>(F, P);
}

Most the in-tree vfs::File derived classes can implement setPath so there shouldn't be many extra heap objects in practice.

@JDevlieghere / @keith, WDYT?

(BTW, does this problem affect OverlayFileSystem as well?)

Yes, Keith and I came to the same conclusion yesterday. I was worried about tracking both paths at all times, but I like your suggestion of only changing the path when requested.

In D109128#3000157, @JDevlieghere wrote:

Yes, Keith and I came to the same conclusion yesterday. I was worried about tracking both paths at all times, but I like your suggestion of only changing the path when requested.

Another idea that could be useful would be to add a type:

struct CanonicalizedPath {
  StringRef OriginalPath;
  StringRef CanonicalPath;
};

and add an overload for vfs::FileSystem::openFileForRead that takes this type.

• The default implementation in vfs::FileSystem could call openFileForRead(.Canonical) and then do a File::getWithPath(.Original) (as with my idea above, just when File::getPath matches .Canonical and .Canonical!=.Original).
• CanonicalizedPath-aware derived classes would invert the relationship. openFileForRead(FilesystemLookupPath) would use CanonicalPath for lookup, use OriginalPath for creating File, and pass through (a potentially updated!) CanonicalizedPath to base filesystems... and implement openFileForRead(Twine) by calling canonicalizePath.

Seems like a bit more code, but maybe not much, and the resulting logic might(?) be easier to reason about. (maybe a different name than openFileForRead would be better for clarity, rather than an overload?)

(Probably similar to your idea about tracking both paths at all times, but I'm not sure that needs to be mutually exclusive)

In D109128#2999846, @dexonsmith wrote:

In D109128#2997588, @JDevlieghere wrote:

Keith and I discussed this offline. My suggestion was to do the following:

1. Check the overlay for the canonicalized path
2. Check the fall-through for the canonicalized path
3. Check the fall-through for the original path

I'm not sure it's correct to do (3) at all...

I might have missed that but what use case are we addressing by avoiding the usage of the original path for the fall-through file system? Because we have not only a problem with names reported back but also canonicalization can break symlinks with relative paths. For example, for the layout

|- packages
|  |- a
|  |  `- include
|  `- b
|     `- include
`- include -> packages/a/include

-I ./include/../../b/include doesn't work if you have VFS, even an empty one.

In D109128#3000374, @vsapsai wrote:

In D109128#2999846, @dexonsmith wrote:

In D109128#2997588, @JDevlieghere wrote:

Keith and I discussed this offline. My suggestion was to do the following:

1. Check the overlay for the canonicalized path
2. Check the fall-through for the canonicalized path
3. Check the fall-through for the original path

I'm not sure it's correct to do (3) at all...

I might have missed that but what use case are we addressing by avoiding the usage of the original path for the fall-through file system?

See rG0be9ca7c0f9a733f846bb6bc4e8e36d46b518162.

• RedirectingFileSystem has a virtual working directory.
• Prior to that commit, the external FS's working directory and RedirectingFileSystem's could get out of sync.
• Starting with that commit, RedirectingFileSystem consistently applies the virtual working directory.

Because we have not only a problem with names reported back but also canonicalization can break symlinks with relative paths.

Maybe this should be using makeAbsolute instead of makeCanonical (the latter calls the former)? (Note BTW that the absolute path logic is all pretty iffy on Windows, since each drive should have its own shadow virtual current directory, but that's got to be outside the scope here...)

In terms of canonicalization and symlinks, I think you're right that remove_dot_dot=true isn't really safe to use.

Ok I've updated the diff here based on @dexonsmith's original suggestion, and some offline discussion with @JDevlieghere

The new logic remaps the files and statuses, in the fallback to the external FS case, to use the originally requested path. I opted not to use the second suggestion with passing the struct containing both paths through because of the churn that would have on the API to maintain the current public signatures while also supporting that. This approach is analogous to how we're currently remapping the statuses for use-external-names as well. Please let me know what you think!

Note there's some churn from me renaming Path -> CanonicalPath and Path_ -> OriginalPath, let me know if you'd prefer I extract this into a separate diff that we land first without any logic changes.

@dexonsmith turns out the test I was adding is broken on main today too. If it's alright with you I will punt that to another diff to not increase the scope of this one.

@dexonsmith can you take another look?

@JDevlieghere can you take another pass?