Ben Carr

This commit introduces a **new configuration option**, `skip_dice_clear_on_mergebase_change`, to the **Buck2 file watcher subsystem**. When enabled, this option prevents the unconditional clearing of the entire **DICE computation graph** upon a source control mergebase change, instead allowing incremental processing of individual file changes. This **enhancement** is crucial for **performance testing and analysis**, enabling more accurate evaluation of warmup behavior by preserving the DICE cache across commits. It affects how `edenfs` and `watchman` integrations within `buck2_file_watcher` handle mergebase changes, providing greater control over cache invalidation.

This commit performs a significant **dependency update and cleanup** across the **Buck2 build system's core dependencies**. It addresses **security vulnerabilities** by bumping `slab` and `lru` to patched versions, and updates critical components like `hyper` and `tower` to their latest stable releases. Additionally, it removes several **unused dependencies** such as `rustls-pemfile` and `zip`, along with an unused dev-dependency from `dice_examples`, improving build efficiency and reducing the dependency footprint. This **maintenance work** ensures the project uses up-to-date and secure libraries, enhancing overall stability and security.

This commit performs a **widespread refactoring** across the `buck2` application, migrating all direct usages of `IndexMap` and `IndexSet` to their new type aliases, **`BuckIndexMap`** and **`BuckIndexSet`**, defined in the `buck2_hash` crate. This change affects numerous modules, including **action implementations**, **build API components**, **BXL logic**, **query evaluation**, and **test infrastructure**, standardizing the collection types used for various inputs, outputs, and internal data structures. This **maintenance** effort is a crucial preparatory step, enabling a future centralized change to the underlying hasher implementation (e.g., switching to FxHash) for potential **performance improvements** without requiring further widespread code modifications. The migration is largely mechanical, with specific exceptions noted for custom hasher requirements.

This commit **upgrades** the `hashbrown` crate dependency across the entire **`buck2` project** from version 0.14.5 to 0.16.1. This **maintenance** task involves updating `Cargo.toml` files in the workspace and several crates, including `allocative`, `starlark`, and `starlark_map`, along with their respective `BUCK` build configurations. The upgrade finalizes the transition to `hashbrown`'s stable `HashTable` API by removing the `raw` feature flag and deleting `hashbrown_test_raw_table.src`, a test file associated with the deprecated `raw` module. This ensures `buck2` leverages the latest stable and supported `hashbrown` interfaces.

This commit **corrects documentation** within the `buck2_node` attribute system by replacing an incorrect FIXME with a NOTE in `app/buck2_node/src/attrs/attr_type/dep.rs`. The original FIXME falsely claimed that storing `DepAttrType` was a memory waste, but this **maintenance change** clarifies that `ConfiguredAttr` (where `DepAttr` is used) is transient and not retained by `ConfiguredTargetNode`. This **improves developer understanding** by explaining that optimizations to `ConfiguredAttr` layout would only affect transient allocation throughput, not steady-state memory. It highlights that `CoercedAttr::Dep` already stores only `ProvidersLabel`, ensuring the retained data is lean.

This commit **introduces a new `buck2_sketches` library** to provide **type-safe wrappers** around generic `SetSketch` values, clarifying their semantic meaning and reducing caller errors. It defines a `TypedSketch` trait and concrete types like **`DependencyGraphSketch`** and **`MemoryUsageSketch`**, which expose domain-specific methods such as `estimated_target_count()` and `estimated_bytes()`. Concurrently, the **`shed/setsketch` library** is **enhanced** with `approx_proportion_not_included()`, a fast filtering method for `SetSketch` that uses a 48-register prefix and Wilson confidence intervals. This **new capability** significantly improves the clarity, usability, and performance of sketch operations by embedding semantic intent directly into the types.

This commit **refactors** the Buck2 codebase by **migrating all direct usages of `DashMap` and `DashSet` to their type-aliased counterparts, `BuckDashMap` and `BuckDashSet`**, which are defined in the `buck2_hash` module. This change impacts various core modules, including **`buck2_action_impl`**, **`buck2_build_api`**, **`buck2_common`**, **`buck2_execute_impl`**, **`buck2_query_impls`**, and **`buck2_test`**, affecting data structures used for caching, materialization tracking, and state management. The **refactoring** centralizes the definition of these concurrent hash map and set types. This **maintenance** effort is a preparatory step, enabling a future commit to **centrally change the hasher implementation** used throughout the project, improving consistency and maintainability.

This commit introduces a new **abstraction layer** for hashing by defining `BuckDefaultHasher` in the `buck2_hash` crate, initially aliasing `std::collections::hash_map::DefaultHasher` (SipHash-1-3). It then performs a **widespread refactoring** across core **Buck2 modules** such as `buck2_core`, `buck2_build_api`, `buck2_server_commands`, and `static_interner` to replace direct `DefaultHasher` usages with `BuckDefaultHasher`. This is a **pure refactor** with no immediate functional change to the hashing algorithm, but it significantly improves the maintainability of **Buck2's hashing infrastructure**. The primary impact is enabling future central modification or runtime selection of the default hasher, paving the way for potential performance improvements with alternative algorithms.

This commit introduces **new type aliases** and convenience constructors within the **`buck2_hash` crate**, providing an **abstraction layer** over standard and concurrent hash map/set implementations. It defines `BuckDashMap`, `BuckDashSet`, `StdBuckHashMap`, and `StdBuckHashSet` as wrappers for `dashmap` and `std::collections` types, along with helper functions and macros like `std_buck_hashmap!`. This **feature addition** and **refactoring preparation** centralizes the choice of hasher, enabling a **future global change to hasher implementations** (e.g., to `FxHasher`) without modifying individual call sites. The change also adds a new dependency on the `dashmap` crate.

This commit implements a **security fix** by performing a **dependency update** for the `tar` package within the **`explorer`** module. It specifically updates the `tar` override in `explorer/package.json` from version `7.5.10` to `7.5.11` and regenerates the corresponding lockfile. This crucial update addresses a **high-severity vulnerability (CVE-2026-31802)** identified in previous `tar` versions, thereby enhancing the security posture of the `explorer` application and protecting against potential exploits.

This commit introduces **new abstractions** for order-preserving hash collections within the **`buck2_hash` crate**. It adds `BuckIndexMap` and `BuckIndexSet` type aliases, which internally leverage `indexmap::IndexMap` and `indexmap::IndexSet`, along with convenience macros `buck_indexmap!` and `buck_indexset!`. This **enhancement** provides a centralized abstraction layer for hash map and hash set implementations, allowing the underlying hasher to be changed globally in future work without modifying call sites. The change also includes **dependency management** by adding `indexmap` to the build configuration.

This commit performs a significant **refactoring** by extracting the core hash abstraction into a new, dedicated **`buck2_hash` crate**. This new crate provides `BuckHasher`, `BuckHasherBuilder`, `BuckHashMap`, and `BuckHashSet` as a unified interface for hashing, decoupling this critical functionality from `starlark_map` and other modules. The change centralizes hash logic, explicitly handling `write_*` method forwarding for correctness, and prepares the entire system for future runtime switching of hash algorithms. Numerous **`buck2` application modules** and the **`dice` dependency injection system** are updated to utilize this new abstraction, establishing a more maintainable and flexible hashing infrastructure.

This commit performs a **cleanup** and **refactoring** of the **error reporting infrastructure** by **removing the deprecated `ErrorTier` enum** and the unused `tier` field from `ProcessedErrorReport` in `data.proto`. This action completes the migration to the `ErrorTag`-based error classification system, streamlining the proto definitions. The removed `tier` field was never populated or consumed, ensuring **no functional impact** on error processing, logging, or existing dashboards. Field number 1 in `ProcessedErrorReport` is now reserved to prevent accidental reuse, and comments in `install.proto` are updated to reflect the change, further improving code clarity.

This commit performs a **refactoring** within the **Buck2 daemon server** to make the `working_directory` field of the `DaemonState` struct non-optional. Previously, `working_directory` was wrapped in an `Option`, but since it is always set during daemon initialization, this wrapper was unnecessary. The change simplifies the **daemon state management** by directly assigning the `WorkingDirectory` in the `init` function and modifying the `DaemonState::new` constructor and `validate_cwd` function to expect a non-optional `WorkingDirectory`. This improves code clarity and removes redundant `Option` handling, ensuring the daemon's working directory is always present.

This commit **fixes** a **Buck2 BXL subsystem** issue where the `StarlarkEvalKind::BxlDynamic` identifier incorrectly used a hardcoded "foo" placeholder. The `eval_bxl_for_dynamic_output` function in `app/buck2_bxl/src/bxl/starlark_defs/context/dynamic.rs` was updated to use the actual BXL key instead. This **maintenance change** ensures that **profiling and debugging output** accurately reflects the real BXL function name, rather than the misleading `bxl_dynamic/foo` string. The correction provides more meaningful and actionable information for developers analyzing dynamic BXL evaluations.

This commit performs **maintenance** by enhancing clarity in both documentation and error messages. It **fixes a typo** in a comment within the `buck2_events` module, correcting `unresolved_traget_patterns` to `unresolved_target_patterns`. More significantly, it **replaces a placeholder error message** in the `buck2_build_api` module's **Starlark output artifact handling**. This change provides a descriptive error explaining why unfrozen output artifacts cannot be added to command lines, greatly improving the debugging experience for users of **Starlark rules**.

This commit **upgrades the `mdast-util-to-hast` dependency** to version `>=13.2.1` by adding a Yarn resolution, primarily as a **security fix** for **CVE-2025-66400**. This addresses a **moderate cross-site scripting vulnerability** that could arise from raw HTML nodes. The upgrade is critical for the **`docusaurus-plugin-internaldocs-fb`** module, which now requires `mdx-js/mdx@3` and `remark-rehype@11`, necessitating compatibility with the newer `mdast-util-to-hast` API. This ensures the project's security posture is maintained while aligning with updated internal documentation tooling.

This commit introduces **critical bug fixes** to enhance the **robustness** of the system by preventing potential panics. Specifically, it modifies the **client context system warnings** in `app/buck2_client_ctx/src/subscribers/system_warning.rs` to use `saturating_sub` for disk space calculations, thereby preventing underflow panics when `used_disk_space` might exceed `total_disk_space`. Concurrently, the **common file operations** in `app/buck2_common/src/file_ops/io.rs` are updated, replacing an `unwrap()` call in `IoFileOpsDelegate::resolve()` with proper error propagation, ensuring that missing cell lookups result in a handled error rather than a crash. These changes collectively improve the **stability** and error handling across key parts of the application.

This commit **refactors and simplifies test code** within the `app/buck2_server_ctx/src/concurrency.rs` module. It replaces the `with_structured_cancellation` mechanism with `critical_section` in the `execute` method of the **test module**. This change **simplifies cancellation handling** for the test DICE key, as the cancellation observer was unnecessary, resolving a standing TODO. The modification improves the clarity and maintainability of the test infrastructure without affecting any production logic.

This commit **enhances the test suite** for the **`buck2_interpreter`'s file loader** by adding specific error message verification. Previously, tests like `no_resolution` and `missing_in_loaded_modules` in `app/buck2_interpreter/src/file_loader.rs` only confirmed that an error occurred during file loading. Now, these tests include assertions to **verify the exact content of error messages**, ensuring they reference the expected path and failure reason. This **maintenance improvement** prevents future silent changes to the error reporting semantics, thereby increasing the robustness and reliability of the interpreter's error handling.