Revision control locking: Is the jury still out?

When I’m online it seems that everyone has agreed that using the exclusive locking workflow in source control is a Bad Thing. All the new revision control systems I see appear to be built for edit and merge workflows, and many don’t even support exclusive locks at all.

However, everyone I work with is of the opinion that exclusive locks are a “must have” for any source control system, and working any other way would be a nightmare. Even recent hires from other companies seem to come in with this idea.

  • dealing with long personal branch names in git and gitolite
  • How do popular source control systems differentiate binary files from text files
  • git merge pull request to private repository
  • How can I force subversion to commit an unchanged file?
  • Fatal: ambiguous argument '<branch_name>': both revision and filename
  • Subversion equivalent of “git add .”?
  • My question isn’t who is right. I’m pretty sure what answer I’d get to that. My question is, is there really still any debate over this matter? Is there an honest “pro locking” camp out there that makes a serious case? Is any work being done to advance the art of revision control based around the locking model? Or are locking fans flogging a dead horse?

    The answers so far have done a good job of explaining why exclusive locks are a good feature to use occasionally. However, I’m talking about promoting a workflow where exclusive locks are used for everything.

  • Code review addin for Visual Studio
  • Can I commit only parts of my code using SVN or Mercurial?
  • Visual Studio Solution from multiple git repositories
  • How to version git&gitolite hooks?
  • how come running git branch 'branchname' the branch does not appear on the github website
  • Git list branches merged into a branch but not into another
  • 12 Solutions collect form web for “Revision control locking: Is the jury still out?”

    If you’re used to exclusive locking, then it’s hard to embrace the edit-merge workflow.

    Exclusive locking has its benefits, especially for binary files (images, videos, …) which can’t be merged automatically or not at all.

    But: the need for exclusive locking always indicates another problem: good communication between people working on the project. Exclusive locking provides a poor replacement: it tells users that someone else is already working on that particular file – something they should know without using a version control system.

    Since there are better ways to help with the communication among team members, most (all?) version control systems don’t implement exclusive locking anymore or just a reduced version (i.e., locking, but such that those locks are not enforced).

    It’s not the job of a version control system to help with the communication.

    I like having the option to exclusive-lock some file[s].

    Having an exclusive lock is necessary, e.g. for binary files.

    It’s also semi-necessary for some machine-generated non-binary files (e.g. for Visual Studio project files, which don’t ‘merge’ at all well if ever there are two parallel changes to be merged).

    If you believe that merges are hard (and while we’ve come a long way, they can be in some circumstances), and you don’t have programmers frequently wanting to edit the same file, exclusive locking isn’t necessarily that bad.

    I wouldn’t use them on an open source project, obviously, but in the corporate world where the rules are stricter and you can walk over to a guy and say “can I break your lock?”, it gives visibility into what people are working on and avoids conflicts so they don’t have to be resolved later.

    If two people really need to work on a file at the same time, often you can branch that file, and so long as the tool makes it clear that that branch needs to be merged back in, you can do that and resolve any conflicts then.

    That said, I don’t think I want to have to work in an exclusive locking world again.

    Exclusive locking is the best you can do in a worst-case scenario, so its presence always tells me that there are bigger problems.

    One of those bigger problems is bad organization of code. On one of my consulting gigs for a major telecomm, eight out of thirty team members were constantly working on the same source file (a VB.NET “god” form). We would wait for someone else to finish their work and release the exclusive lock (VSS), then the next person in the pecking order would immediately lock the file to apply their changes. This took forever because they had to reintegrate all their work into the new code that they could see only just then. Since I was the new guy, I was on the bottom of the pecking order and I NEVER was allowed to check in my code changes. I eventually went to the project manager/director and suggested that I be tasked with another part of the application functionality. This project eventually self-destructed, but most of us left as we realized that inevitability. Note that the use of VSS integration was a crucial part of this failure, too, since it forces early acquisitions of that precious file lock.

    So, a well-organized project should almost never result in two people working on the same part of the same source file at the same time. Therefore, no need for exclusive locking.

    Another of those bigger problems is putting binary files into source control. Source control tools are not designed to handle binaries, and that is a good thing. Binaries require different treatment, and source control tools cannot support that special treatment. Binaries must be managed as a whole, not as parts (lines). Binaries tend to be far more stable/unchanging. Binaries tend to need explicit versioning different from source control versioning, often with multiple versions available simultaneously. Binaries are often generated from source, so only the source needs to be controlled (and the generation scripts). See Maven repositories for a binary-friendly storage design (but please don’t use Maven itself, use Apache Ivy).

    In my experience, it’s often necessary for two people to work on the same file at the same time. (There are, presumably, shops where this doesn’t happen, but I have fairly varied experience to draw on.)

    In these cases, it is necessary for both people to get copies of the original, do their work, and merge their changes. In non-locking VCSs, this is done automatically and accurately for the most part.

    With a locking VCS, what happens is that one person gets the lock. If that person finishes first, great; if not, the other person gets to wait before being able to introduce changes. Sometimes it is necessary to make a quick bug fix while somebody is in the middle of a long change process, for example. Once the second person has the lock, the second person needs to merge the changes, typically manually, and check in the new version. On several occasions, I’ve seen the first person changes dropped entirely, as the second person didn’t bother with the manual merge. Frequently this merge is done hastily, either out of distaste for the job or simple time pressure.

    Therefore, if two people need to work on the same file at the same time, a non-locking VCS is almost always better.

    If this doesn’t come up, and two people never need to work on the same file at the same time, it doesn’t matter which you use.

    On an open-source project like a game, it makes sense to keep images under revision control, and those are nice to be able to lock (Subversion supports this). For source files, it’s better to get into the edit-merge work flow. It’s not hard and increases productivity in my experience.

    Here’s my $0.02.

    Locking is an old school of thought for textual Code. Once programmers use merging a couple of times they learn and usually like the power of it.

    Valid cases for locks still exist.

    • Graphics alterations. 99% of the time you cannot merge 2 peoples work on the same graphic.
    • Binary updates.
    • Sometimes code can be complex/simple enough to justify only 1 person working on it at a time. In this case it’s a project management choice to use a feature.

    The arguments for locking are really bad. They basically say: our tools are so bad they cannot merge, so we lock.

    Interesting question. To me, the issue is not so much whether to lock, but how long to lock. In this shop, I’m a minority of one, because I like to merge. I like to know what other people have done to to the code. So what I do is:

    • Always work in a local copy of the source tree.

    • Run Windiff often against the “official” code and if necessary merge changes down to my local copy. For merging, I use an old Emacs (Epsilon) and have the compare-buffers command bound to a hot-key. Another key says “make the rest of this line like the one in the other file”, because many changes are small.

    • When I’m ready to check in changes, Windiff tells me what files I need to lock, check in, and unlock. So I keep them locked as short a time as possible, like minutes.

    So when Fearless Leader says “Have you checked in your code?” the answer is “I don’t have any checked out.”

    But as I said, I’m a minority of one.

    In my opinion, the main reason people use exclusive locking is its simplicity and for them, lack of risk.

    If I have exclusive access to a file, I won’t have to try and understand someone elses changes to the same file. I don’t have to risk making my changes and then having to merge with someone elses when I check in.

    If I have an exclusive lock on the files I’m changing, then I know that when I checkin, I will be able to checkin a coherent changeset; it is simpler for me to do this.

    The other aspect of merging (esp. automatic merging) is the potential for regression problems. Without good automated tests, every time you do a automatic merge, you may get problems. At least if you have an exclusive lock on something you ensure that someone is looking at the code before it’s checked in. This, for some, reduces risk.

    What exclusive locking takes away is the potential parallelism of changes. You can’t have two people working on a file.

    The open source model (lots of people around the world collaborating on different stuff) has promoted the view that locking is bad, but it really does work for some teams. It does avoid real problems. I’m not saying that these problems can’t be overcome, but it requires a change in behaviour for people; if you want to change to a non-locking model, you have to persuade them to change to a way of working which can seem harder for them, and can actually (in their view) increase risk cause regressions.

    Personally, I prefer not to use locks, but I can see why some people don’t like it.

    Addressing your edit comments.

    Even RCS and SCCS (the grandfather VCS for most of what runs on Unix/Linux these days) permit concurrent editing access to files, and I’m not referring to separate branches. With SCCS, you could do ‘get -k SCCS/s.filename.c‘ and obtain an editable copy of the file — and you could use an option (‘-p‘ IIRC) to get it to standard output. You could have other people doing the same. Then, when it came time to check-in, you’d have to ensure that you started with the correct version or do a merge to deal with changes since your starting version was collected, etc. And none of this checking was automated, and conflicts were not handled or marked automatically, and so on. I didn’t claim it was easy; just that it could be done. (Under this scheme, the locks would only be held for a short time, while a checkin/merge was in progress. You do have locks still – SCCS requires them, and RCS can be compiled with strict locking required – but only for short-ish durations. But it is hard work – no-one did it because it is such hard work.)

    Modern VCS handle most of the issues automatically, or almost automatically. That is their great strength compared to the ancestral systems. And because merging is easy and almost automatic, it allows different styles of development.

    I still like locking. The main work system I use is (IBM Rational) Atria ClearCase; for my own development, I use RCS (having given up SCCS around Y2K). Both use locking. But ClearCase has good tools for doing merging, and we do a fair amount of that, not least because there are at least 4 codelines active on the product I work on (4 main versions, that is). And bug fixes in one version quite often apply to the other versions, almost verbatim.

    So, locking-only VCS typically do not have good enough merge facilities to encourage the use of concurrent editing of files. More modern VCS have better merging (and also branching) facilities, and therefore do not have as strong a need for locking for more than the shortest term (enough to make the operations on the file – or files in the more advanced systems – atomic).

    A bit late to this discussion but to anybody who has read and digested Steve Maguire’s Writing Solid Code a central point is to have your tools detect and identify as many problems as possible.

    A compiler doesn’t get tired after 12 or more straight hours and forget to issue a syntax error. But it is quite easy to forget a manual step of initiating a communication and paying for it later.

    If you need to version control a binary file then you need some form of locking to prevent – or at least warn of – an accidental overwrite. It must be a fundamental feature of any VCS even a distributed one. To use such a feature in a DVCS may require the creation of a central repository but is that so evil? If you use a DVCS in any sort of corporate environment, you will have a central repo to ensure business continuity.

    Git Baby is a git and github fan, let's start git clone.