cargo icon indicating copy to clipboard operation
cargo copied to clipboard
verified publisher icon rust-lang

Inconsistent `Cargo.lock` generation with overlapping version ranges

Open x-hgg-x opened this issue 1 year ago • 2 comments

Steps

  1. Create a package with the following Cargo.toml:
[package]
name = "a"
version = "0.1.0"
edition = "2021"

[dependencies]
ic-stable-structures = ">=0.1, <0.6"

[build-dependencies]
ic-stable-structures = ">=0.2, <0.5"

[dev-dependencies]
ic-stable-structures = "0.3"
  1. Run cargo fetch then cargo generate-lockfile

Generated Cargo.lock:

# This file is automatically @generated by Cargo.
# It is not intended for manual editing.
version = 3

[[package]]
name = "a"
version = "0.1.0"
dependencies = [
 "ic-stable-structures 0.3.0",
 "ic-stable-structures 0.4.1",
 "ic-stable-structures 0.5.6",
 "libc",
]

[[package]]
name = "ic-stable-structures"
version = "0.3.0"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "7cf57a7a43948acb3bc11572533f57e52f60cbbf33d7c699678ac9d1a9307537"

[[package]]
name = "ic-stable-structures"
version = "0.4.1"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "77002de282a2042e50e345d17ff8a4b8a396bc6b4033aeb0dee1b7d519a80630"

[[package]]
name = "ic-stable-structures"
version = "0.5.6"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "95dce29e3ceb0e6da3e78b305d95365530f2efd2146ca18590c0ef3aa6038568"
  1. Run cargo generate-lockfile --offline (or cargo tree)

Generated Cargo.lock:

# This file is automatically @generated by Cargo.
# It is not intended for manual editing.
version = 3

[[package]]
name = "a"
version = "0.1.0"
dependencies = [
 "ic-stable-structures",
 "libc",
]

[[package]]
name = "ic-stable-structures"
version = "0.3.0"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "7cf57a7a43948acb3bc11572533f57e52f60cbbf33d7c699678ac9d1a9307537"
  1. Run cargo generate-lockfile

Same as §2.

  1. Run cargo generate-lockfile --offline

Same as §3.

  1. Delete Cargo.lock and run cargo generate-lockfile --offline

Same as §3.

  1. Delete Cargo.lock and run cargo tree

Same as §2.

Version

cargo 1.83.0-nightly (80d82ca22 2024-09-27)
release: 1.83.0-nightly
commit-hash: 80d82ca22abbee5fb7b51fa1abeb1ae34e99e88a
commit-date: 2024-09-27
host: x86_64-unknown-linux-gnu
libgit2: 1.8.1 (sys:0.19.0 vendored)
libcurl: 8.9.0-DEV (sys:0.4.74+curl-8.9.0 vendored ssl:OpenSSL/1.1.1w)
ssl: OpenSSL 1.1.1w  11 Sep 2023
os: Linux Mint 22.0.0 (wilma) [64-bit]

x-hgg-x avatar Sep 29 '24 11:09 x-hgg-x

Thanks for the report! This is unrelated to cargo tree or the version resolver. The dependency resolver seems to only use one version, but only after the dependencies are locked.

ehuss avatar Sep 29 '24 14:09 ehuss

I had to run a fetch before I could get the problem to reproduce. Another symptom of this problem is that cargo generate-lockfile && cargo check --locked returns an error.

My instinct is that this feels like #5529 / #14115 / #14446 , but maybe not because #14582 (nor removing that heuristic) helped with the problem. This generally has the feeling of src/cargo/core/registry.rs is encoding the problem differently depending on whether there's a lock file, but that is just a feeling.

Getting trace logs from the runs with the different behavior seems like the next investigation step.

Eh2406 avatar Sep 30 '24 19:09 Eh2406