Might hanging bugs remain in rsync 3.0.0?

[Matt McCutchen]

Wayne,

I am concerned that, when you decide to release rsync 3.0.0, one or
more hanging bugs may remain in the incremental recursion code.

My rationale is as follows.  At least four such bugs have been found
so far, and I see no evidence that those are all there are.
Furthermore, from April 27 to July 10, about 2.5 months passed without
any hanging bugs being found; then, on July 11, Warren Oates reported
one.  This makes me worry that, even if an rsync 3.0.0 release
candidate survives a long period of testing, it may nevertheless have
a hanging bug that will be found after it is released and create a
serious problem for some users.  I would hate to see such a bug, or
simply the concern that one may exist, delay the adoption of rsync
3.0.0.

The code in io.c is extremely complex, especially with the addition of
incremental recursion.  Prevention of deadlock and infinite recursion
seems to have been approached in a largely ad-hoc manner using a
number of semaphore-like variables that are incremented, decremented,
and checked in various places.  This approach makes it difficult for
me to comprehend the code and nearly impossible for me to convince
myself that it is correct.

That said, your responsibility as maintainer is to ensure that rsync
is correct, not necessarily to ensure that I feel comfortable with its
correctness.  If you can convince yourself as you prepare to release
rsync 3.0.0 that it is free of hanging bugs, I am no one to complain.
Still, I encourage you to take some steps to increase everyone's
confidence that the code is correct, which could include rewriting it
so that its correctness is more evident or undertaking some kind of
formal verification of it.  What do you think?

Matt