cmd/go: upgrading a module gives different results based on "how" you upgrade #34220
Comments
Sort of? It's not “incorrect”, but it is a semantically different operation: editing the The former resolves inconsistencies by taking the higher version, which potentially discards the edited versions, whereas the latter resolves inconsistencies by downgrading until the requested versions are actually what is selected. I'm not sure that we should recommend adding duplicate lines as a standard practice. I could imagine a change to the In my opinion, the most robust option is to always use |
bcmills
added
Documentation
I don't think that's mentioned anywhere in the wiki or docs, so should it be? As of recently, I thought the two operations would yield the same exact build list. In fact the two quotes from the docs/wiki above suggest the two operations are interchangeable.
👍 👍 👍 |
|
I think the documentation now fairly clearly reflects what go get does. I'm going to close this issue. Please reopen if you don't feel it's addressed. |
Summary
From the Go Wiki:
From
go help modulesTherefore, people can upgrade a module by:
go get <mod>@<newVersion>orMost Go developers I've talked to, including myself, have believed that both options are interchangeable. However, whether a user picks option 1 or option 2 above can actually lead to a different final build list.
While I'm not sure this is a bug, but the fact that how you upgrade a module can lead to different results seems odd or at least something worth documenting.
Reproduce:
I have replicated the same dependency tree in the MVS article here: https://research.swtch.com/vgo-mvs
You can find that dependency tree under https://github.com/gomvs
github.com/gomvs/a is the main module and its current commit resides at Algorithm 1:
If we want to trigger Algorithm 3 by upgrading one module (c v1.2.0 to c v1.3.0) we have 2 ways of doing it:
Option 1:
go get github.com/gomvs/c@v1.3.0This will properly implement Algorithm R by adding Module D v1.4.0 to the go.mod file because the Rough List still included c@v1.2.0
Therefore, the upgraded go.mod file will look like this:
If you run
go run .you'll see the following dependency tree being called:Option 2: Directly edit the go.mod file by going to line 7 in go.mod and simply changing
v1.2.0tov1.3.0If a user decided to upgrade from c v1.2.0 to c v1.3.0 by "editing the go.mod file directly" then Algorithm R has no way of remembering that we had c v1.2.0 when running "go build" and therefore we end up downgrading to Module D v1.3.0.
The resulting go.mod file remains the same:
And if you run
go run .you get the following results:Notice D v1.3.0 (and not D v1.4.0)
The MVS article mentions this behavior as "incorrect" and therefore should we consider directly upgrading the go.mod file incorrect? Also, should we document this behavior?
There is actually option 3, which I didn't know we could do:
Option 3: duplicate modules in go.mod file
You can actually have a go.mod file that looks like this:
Notice, that
cis mentioned twice at two different versions. Runninggo mod tidyends up picking the correct version, and also addingdat v1.4.0 correctly. Given Algorithm R, this makes sense and I wonder if we should also mention it?cc: @bcmills
The text was updated successfully, but these errors were encountered: