fix duplicate packages with multiple conflicting extras declared #11513
+3,348
−33
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
BurntSushi
added
bug
BurntSushi
force-pushed
the
ag/fix-11479
branch
from
019683d to
67dbf9b
Compare
|
I'm sort of just confirming my understanding, but if we simplified the conflict marker for each set independently, and then checked if each simplification resulted in the same outcome, could we use that? Or, what if for each set Would that be sound? |
crates/uv/tests/it/lock.rs
Outdated
| { name = "torchvision", version = "0.20.1+cpu", source = { registry = "https://astral-sh.github.io/pytorch-mirror/whl/cpu" }, marker = "(platform_machine != 'aarch64' and sys_platform == 'linux') or (sys_platform != 'darwin' and sys_platform != 'linux')" }, | ||
| { name = "torch", version = "2.5.1", source = { registry = "https://astral-sh.github.io/pytorch-mirror/whl/cpu" }, marker = "(platform_machine == 'aarch64' and sys_platform == 'linux' and extra == 'extra-7-project-cpu') or (platform_machine != 'aarch64' and extra == 'extra-7-project-cpu' and extra == 'extra-7-project-cu124') or (sys_platform == 'darwin' and extra == 'extra-7-project-cpu') or (sys_platform != 'linux' and extra == 'extra-7-project-cpu' and extra == 'extra-7-project-cu124')" }, | ||
| { name = "torch", version = "2.5.1+cpu", source = { registry = "https://astral-sh.github.io/pytorch-mirror/whl/cpu" }, marker = "(platform_machine != 'aarch64' and sys_platform == 'linux' and extra == 'extra-7-project-cpu') or (sys_platform != 'darwin' and sys_platform != 'linux' and extra == 'extra-7-project-cpu') or (sys_platform == 'darwin' and extra == 'extra-7-project-cpu' and extra == 'extra-7-project-cu124') or (sys_platform == 'linux' and extra == 'extra-7-project-cpu' and extra == 'extra-7-project-cu124')" }, | ||
| { name = "torchvision", version = "0.20.1", source = { registry = "https://astral-sh.github.io/pytorch-mirror/whl/cpu" }, marker = "(platform_machine == 'aarch64' and sys_platform == 'linux' and extra == 'extra-7-project-cpu') or (platform_machine != 'aarch64' and extra == 'extra-7-project-cpu' and extra == 'extra-7-project-cu124') or (sys_platform == 'darwin' and extra == 'extra-7-project-cpu') or (sys_platform != 'linux' and extra == 'extra-7-project-cpu' and extra == 'extra-7-project-cu124')" }, |
There was a problem hiding this comment.
Is it not still possible for us to simplify out terms like platform_machine != 'aarch64' and extra == 'extra-7-project-cpu' and extra == 'extra-7-project-cu124'?
There was a problem hiding this comment.
Yes I think it's possible. Even before this change, conflict marker simplification does not produce the minimal possible markers in all cases. I think it's just a question of how much time you want me to allocate to the problem. :-)
If I'm understanding you correctly, I believe that's what the code was already doing (and is still doing for cases where there is no definitive ambiguity). Namely, simplification only happens when evaluating each set results in I think the problem is that the assumptions inferred from the dependency graph aren't rich enough. They aren't expressing the full set of possibilities. |
The place to look in this snapshot is the `name = "e3nn"` dependency. Its dependencies on `sympy` and `torch` consist of multiple versions with overlapping conflict markers. They are getting incorrectly simplified to `true`.
The particular example I honed in on here was the `e3nn -> sympy 1.13.1`
and `e3nn -> sympy 1.13.3` dependency edges. In particular, while the
former correctly has a conflict marker, the latter's conflict marker was
getting simplified to `true`. This makes the edges trivially
overlapping, and results in both of them getting installed
simultaneously. (A similar problem happens for the `e3nn -> torch`
dependency edges.)
Why does this happen? Well, conflict marker simplification works by
detecting which extras are known to be enabled (and disabled) for each
node in the graph. This ends up being expressed as a set of sets, where
each inner set contains items corresponding to "extras is included" or
"extra is excluded."
The logic then is if _all_ of these sets are satisfied by the conflict
marker on the dependency edge, then this conflict marker can be
simplified by assuming all of the inclusions/exclusions to be true.
In this particular case, we run into an issue where the set of
assumptions discovered for `e3nn` is:
{test[sevennet]}, {}, {~test[m3gnet], ~test[alignn], test[all]}
And the corresponding conflict marker for `e3nn -> sympy 1.13.1` is:
extra == 'extra-4-test-all'
or extra == 'extra-4-test-chgnet'
or (extra != 'extra-4-test-alignn' and extra != 'extra-4-test-m3gnet')
And the conflict marker for `e3nn -> sympy 1.13.3` is:
extra == 'extra-4-test-alignn' or extra == 'extra-4-test-m3gnet'
Evaluating each of the sets above for `sympy 1.13.1`'s conflict
marker results in them all being true. Simplifying in turn results in
the marker being true. For `sympy 1.13.3`, not all of the sets are
satisfied, so this marker is not simplified.
I think the fundamental problem here is that our inferences aren't quite
rich enough to make these logical leaps. In particular, the conflict
marker for `e3nn -> sympy 1.13.3` is not satisfied by _any_ of our sets.
One might therefore conclude that this dependency edge is impossible.
But! The `test[sevennet]` set doesn't actually rule out `test[m3gnet]`
from being included, for example, because there is no conflict. So it is
actually possible for this marker to evaluate to true.
And I think this reveals the problem: for the `e3nn -> sympy 1.13.1`
conflict marker, the inferences don't capture the fact that
`test[sevennet]` _might_ have `test[m3gnet]` enabled, and that would in
turn result in the conflict marker evaluating to `false`. This directly
implies that our simplification here is inappropriate.
It would be nice to revisit how we build our inferences here so that
they are richer and enable us to make correct logical leaps. For now, we
fix this particular bug with a bit of a cop-out: we skip conflict marker
simplification when there are ambiguous dependency edges.
Fixes #11479
…marker simplification This is fallout from skipping simplification when two or more edges with the same package name exist.
BurntSushi
force-pushed
the
ag/fix-11479
branch
from
67dbf9b to
421eccf
Compare
charliermarsh
approved these changes
Feb 18, 2025
Yeah hmmm. I think the upside is that this should only apply to cases where there are ambiguous dependency edges (i.e., two different edges with the same package name but different versions). So the lack of simplification I think should be somewhat limited? |
BurntSushi
added a commit
that referenced
this pull request
Feb 18, 2025
The bad merge was a result of merging #11293 and #11513. I think even if I had only merged the former, it still would have resulted in a bad merge, since the snapshots hadn't been updated for `provide-extras` additions. This fixes the build failures seen here: https://github.com/astral-sh/uv/actions/runs/13390849790/job/37398029632
BurntSushi
added a commit
that referenced
this pull request
Feb 18, 2025
The bad merge was a result of merging #11293 and #11513. I think even if I had only merged the former, it still would have resulted in a bad merge, since the snapshots hadn't been updated for `provide-extras` additions. This fixes the build failures seen here: https://github.com/astral-sh/uv/actions/runs/13390849790/job/37398029632
tmeijn
pushed a commit
to tmeijn/dotfiles
that referenced
this pull request
Feb 25, 2025
This MR contains the following updates: | Package | Update | Change | |---|---|---| | [astral-sh/uv](https://github.com/astral-sh/uv) | patch | `0.6.0` -> `0.6.3` | MR created with the help of [el-capitano/tools/renovate-bot](https://gitlab.com/el-capitano/tools/renovate-bot). **Proposed changes to behavior should be submitted there as MRs.** --- ### Release Notes <details> <summary>astral-sh/uv (astral-sh/uv)</summary> ### [`v0.6.3`](https://github.com/astral-sh/uv/blob/HEAD/CHANGELOG.md#063) [Compare Source](astral-sh/uv@0.6.2...0.6.3) ##### Enhancements - Allow quotes around command-line options in `requirement.txt files` ([#​11644](astral-sh/uv#11644)) - Initialize PEP 723 script in `uv lock --script` ([#​11717](astral-sh/uv#11717)) ##### Configuration - Accept multiple `.env` files in `UV_ENV_FILE` ([#​11665](astral-sh/uv#11665)) ##### Performance - Reduce overhead in converting resolutions ([#​11660](astral-sh/uv#11660)) - Use `SmallString` on `Hashes` ([#​11756](astral-sh/uv#11756)) - Use a `Box` for `Yanked` on `File` ([#​11755](astral-sh/uv#11755)) - Use a `SmallString` for the `Yanked` enum ([#​11715](astral-sh/uv#11715)) - Use boxed slices for hash vector ([#​11714](astral-sh/uv#11714)) - Use install concurrency for bytecode compilation too ([#​11615](astral-sh/uv#11615)) ##### Bug fixes - Avoid installing duplicate dependencies across conflicting groups ([#​11653](astral-sh/uv#11653)) - Check subdirectory existence after cache heal ([#​11719](astral-sh/uv#11719)) - Include uppercase platforms for Windows wheels ([#​11681](astral-sh/uv#11681)) - Respect existing PEP 723 script settings in `uv add` ([#​11716](astral-sh/uv#11716)) - Reuse refined interpreter to create tool environment ([#​11680](astral-sh/uv#11680)) - Skip removed directories during bytecode compilation ([#​11633](astral-sh/uv#11633)) - Support conflict markers in `uv export` ([#​11643](astral-sh/uv#11643)) - Treat lockfile as outdated if (empty) extras are added ([#​11702](astral-sh/uv#11702)) - Display path separators as backslashes on Windows ([#​11667](astral-sh/uv#11667)) - Display the built file name instead of the canonicalized name in `uv build` ([#​11593](astral-sh/uv#11593)) - Fix message when there are no buildable packages ([#​11722](astral-sh/uv#11722)) - Re-allow HTTP schemes for Git dependencies ([#​11687](astral-sh/uv#11687)) ##### Documentation - Add anchor links to arguments and options in the CLI reference ([#​11754](astral-sh/uv#11754)) - Add link to environment marker specification ([#​11748](astral-sh/uv#11748)) - Fix missing a closing bracket in the `cache-keys` setting ([#​11669](astral-sh/uv#11669)) - Remove the last edited date from documentation pages ([#​11753](astral-sh/uv#11753)) - Fix readme typo ([#​11742](astral-sh/uv#11742)) ### [`v0.6.2`](https://github.com/astral-sh/uv/blob/HEAD/CHANGELOG.md#062) [Compare Source](astral-sh/uv@0.6.1...0.6.2) ##### Enhancements - Add support for constraining build dependencies with `tool.uv.build-constraint-dependencies` ([#​11585](astral-sh/uv#11585)) - Sort dependency group keys when adding new group ([#​11591](astral-sh/uv#11591)) ##### Performance - Use an `Arc` for index URLs ([#​11586](astral-sh/uv#11586)) ##### Bug fixes - Allow use of x86-64 Python on ARM Windows ([#​11625](astral-sh/uv#11625)) - Fix an issue where conflict markers could instigate a very large lock file ([#​11293](astral-sh/uv#11293)) - Fix duplicate packages with multiple conflicting extras declared ([#​11513](astral-sh/uv#11513)) - Respect color settings for log messages ([#​11604](astral-sh/uv#11604)) - Eagerly reject unsupported Git schemes ([#​11514](astral-sh/uv#11514)) ##### Documentation - Add documentation for specifying Python versions in tool commands ([#​11598](astral-sh/uv#11598)) ### [`v0.6.1`](https://github.com/astral-sh/uv/blob/HEAD/CHANGELOG.md#061) [Compare Source](astral-sh/uv@0.6.0...0.6.1) ##### Enhancements - Allow users to mark platforms as "required" for wheel coverage ([#​10067](astral-sh/uv#10067)) - Warn for builds in non-build and workspace root pyproject.toml ([#​11394](astral-sh/uv#11394)) ##### Bug fixes - Add `--all` to `uvx --reinstall` message ([#​11535](astral-sh/uv#11535)) - Fallback to `GET` on HTTP 400 when attempting to use range requests for wheel download ([#​11539](astral-sh/uv#11539)) - Prefer local variants in preference selection ([#​11546](astral-sh/uv#11546)) - Respect verbatim executable name in `uvx` ([#​11524](astral-sh/uv#11524)) ##### Documentation - Add documentation for required environments ([#​11542](astral-sh/uv#11542)) - Note that `main.py` used to be `hello.py` ([#​11519](astral-sh/uv#11519)) </details> --- ### Configuration 📅 **Schedule**: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined). 🚦 **Automerge**: Disabled by config. Please merge this manually once you are satisfied. ♻ **Rebasing**: Whenever MR becomes conflicted, or you tick the rebase/retry checkbox. 🔕 **Ignore**: Close this MR and you won't be reminded about this update again. --- - [ ] <!-- rebase-check -->If you want to rebase/retry this MR, check this box --- This MR has been generated by [Renovate Bot](https://github.com/renovatebot/renovate). <!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiIzOS4xNzEuMiIsInVwZGF0ZWRJblZlciI6IjM5LjE3OS4wIiwidGFyZ2V0QnJhbmNoIjoibWFpbiIsImxhYmVscyI6WyJSZW5vdmF0ZSBCb3QiXX0=-->
loic-lescoat
pushed a commit
to loic-lescoat/uv
that referenced
this pull request
Mar 2, 2025
The bad merge was a result of merging astral-sh#11293 and astral-sh#11513. I think even if I had only merged the former, it still would have resulted in a bad merge, since the snapshots hadn't been updated for `provide-extras` additions. This fixes the build failures seen here: https://github.com/astral-sh/uv/actions/runs/13390849790/job/37398029632
adisbladis
added a commit
to pyproject-nix/uv2nix
that referenced
this pull request
Mar 5, 2025
As a workaround for pyproject-nix/pyproject.nix#265 so that these "special markers" introduced in astral-sh/uv#11513 won't crash evaluation. I'm considering these leaking internal extras markers to be a uv bug. There is no reasonable way to correctly handle this in uv2nix as the generated extras names depends on undocumented uv-specific behaviour.
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
This implements a somewhat of a cop-out fix for #11479, where the lock
file produced was missing some conflict markers. This in turn could lead
to multiple versions of the same package being installed into the same
environment.
(What follows is one of the commit messages that gets into the weeds
about the specific problem here.)
The particular example I honed in on here was the
e3nn -> sympy 1.13.1and
e3nn -> sympy 1.13.3dependency edges. In particular, while theformer correctly has a conflict marker, the latter's conflict marker was
getting simplified to
true. This makes the edges triviallyoverlapping, and results in both of them getting installed
simultaneously. (A similar problem happens for the
e3nn -> torchdependency edges.)
Why does this happen? Well, conflict marker simplification works by
detecting which extras are known to be enabled (and disabled) for each
node in the graph. This ends up being expressed as a set of sets, where
each inner set contains items corresponding to "extras is included" or
"extra is excluded."
The logic then is if all of these sets are satisfied by the conflict
marker on the dependency edge, then this conflict marker can be
simplified by assuming all of the inclusions/exclusions to be true.
In this particular case, we run into an issue where the set of
assumptions discovered for
e3nnis:And the corresponding conflict marker for
e3nn -> sympy 1.13.1is:And the conflict marker for
e3nn -> sympy 1.13.3is:Evaluating each of the sets above for
sympy 1.13.1's conflictmarker results in them all being true. Simplifying in turn results in
the marker being true. For
sympy 1.13.3, not all of the sets aresatisfied, so this marker is not simplified.
I think the fundamental problem here is that our inferences aren't quite
rich enough to make these logical leaps. In particular, the conflict
marker for
e3nn -> sympy 1.13.3is not satisfied by any of our sets.One might therefore conclude that this dependency edge is impossible.
But! The
test[sevennet]set doesn't actually rule outtest[m3gnet]from being included, for example, because there is no conflict. So it is
actually possible for this marker to evaluate to true.
And I think this reveals the problem: for the
e3nn -> sympy 1.13.1conflict marker, the inferences don't capture the fact that
test[sevennet]might havetest[m3gnet]enabled, and that would inturn result in the conflict marker evaluating to
false. This directlyimplies that our simplification here is inappropriate.
It would be nice to revisit how we build our inferences here so that
they are richer and enable us to make correct logical leaps. For now, we
fix this particular bug with a bit of a cop-out: we skip conflict marker
simplification when there are ambiguous dependency edges.
Fixes #11479