dep: Introduce lock verification logic

This mostly supplants the hash comparison-based checking, though it's
still in rough form.

cmd/dep/ensure.go

@@ -256,13 +256,9 @@ func (cmd *ensureCommand) runDefault(ctx *dep.Ctx, args []string, p *dep.Project
 		return err
 	}
 
-	solver, err := gps.Prepare(params, sm)
-	if err != nil {
-		return errors.Wrap(err, "prepare solver")
-	}
-
-	if p.Lock != nil && bytes.Equal(p.Lock.InputsDigest(), solver.HashInputs()) {
-		// Memo matches, so there's probably nothing to do.
+	if lsat, err := p.LockSatisfiesInputs(sm); err != nil {
+		return err
+	} else if !lsat.Passes() {
 		if ctx.Verbose {
 			ctx.Out.Printf("%s was already in sync with imports and %s\n", dep.LockName, dep.ManifestName)
 		}
@@ -272,13 +268,7 @@ func (cmd *ensureCommand) runDefault(ctx *dep.Ctx, args []string, p *dep.Project
 			return nil
 		}
 
-		// TODO(sdboyer) The desired behavior at this point is to determine
-		// whether it's necessary to write out vendor, or if it's already
-		// consistent with the lock. However, we haven't yet determined what
-		// that "verification" is supposed to look like (#121); in the meantime,
-		// we unconditionally write out vendor/ so that `dep ensure`'s behavior
-		// is maximally compatible with what it will eventually become.
-		sw, err := dep.NewSafeWriter(nil, p.Lock, p.Lock, dep.VendorAlways, p.Manifest.PruneOptions)
+		sw, err := dep.NewSafeWriter(nil, p.Lock, p.Lock, dep.VendorOnChanged, p.Manifest.PruneOptions)
 		if err != nil {
 			return err
 		}
@@ -294,6 +284,11 @@ func (cmd *ensureCommand) runDefault(ctx *dep.Ctx, args []string, p *dep.Project
 		return errors.WithMessage(sw.Write(p.AbsRoot, sm, true, logger), "grouped write of manifest, lock and vendor")
 	}
 
+	solver, err := gps.Prepare(params, sm)
+	if err != nil {
+		return errors.Wrap(err, "prepare solver")
+	}
+
 	if cmd.noVendor && cmd.dryRun {
 		return errors.New("Gopkg.lock was not up to date")
 	}
@@ -361,15 +356,6 @@ func (cmd *ensureCommand) runUpdate(ctx *dep.Ctx, args []string, p *dep.Project,
 		return errors.Wrap(err, "fastpath solver prepare")
 	}
 
-	// Compare the hashes. If they're not equal, bail out and ask the user to
-	// run a straight `dep ensure` before updating. This is handholding the
-	// user a bit, but the extra effort required is minimal, and it ensures the
-	// user is isolating variables in the event of solve problems (was it the
-	// "pending" changes, or the -update that caused the problem?).
-	if !bytes.Equal(p.Lock.InputsDigest(), solver.HashInputs()) {
-		ctx.Out.Printf("Warning: %s is out of sync with %s or the project's imports.", dep.LockName, dep.ManifestName)
-	}
-
 	// When -update is specified without args, allow every dependency to change
 	// versions, regardless of the lock file.
 	if len(args) == 0 {

lock.go

@@ -29,6 +29,7 @@ type SolveMeta struct {
 	AnalyzerVersion int
 	SolverName      string
 	SolverVersion   int
+	InputImports    []string
 }
 
 type rawLock struct {
@@ -100,7 +101,7 @@ func fromRawLock(raw rawLock) (*Lock, error) {
 			ProjectRoot: gps.ProjectRoot(ld.Name),
 			Source:      ld.Source,
 		}
-		l.P[i] = gps.NewLockedProject(id, v, ld.Packages, ld.Imports)
+		l.P[i] = gps.NewLockedProject(id, v, ld.Packages)
 	}
 
 	return l, nil

project.go

@@ -219,6 +219,148 @@ func (p *Project) GetDirectDependencyNames(sm gps.SourceManager) (pkgtree.Packag
 	return ptree, directDeps, nil
 }
 
+type lockUnsatisfy uint8
+
+const (
+	missingFromLock lockUnsatisfy = iota
+	inAdditionToLock
+)
+
+type constraintMismatch struct {
+	c gps.Constraint
+	v gps.Version
+}
+
+type constraintMismatches map[gps.ProjectRoot]constraintMismatch
+
+type LockSatisfaction struct {
+	nolock                  bool
+	missingPkgs, excessPkgs []string
+	pkgs                    map[string]lockUnsatisfy
+	badovr, badconstraint   constraintMismatches
+}
+
+// Passed is a shortcut method to check if any problems with the evaluted lock
+// were identified.
+func (ls LockSatisfaction) Passed() bool {
+	if ls.nolock {
+		return false
+	}
+
+	if len(ls.pkgs) > 0 {
+		return false
+	}
+
+	if len(ls.badovr) > 0 {
+		return false
+	}
+
+	if len(ls.badconstraint) > 0 {
+		return false
+	}
+
+	return true
+}
+
+func (ls LockSatisfaction) MissingPackages() []string {
+	return ls.missingPkgs
+}
+
+func (ls LockSatisfaction) ExcessPackages() []string {
+	return ls.excessPkgs
+}
+
+func (ls LockSatisfaction) UnmatchedOverrides() map[gps.ProjectRoot]constraintMismatch {
+	return ls.badovr
+}
+
+func (ls LockSatisfaction) UnmatchedConstraints() map[gps.ProjectRoot]constraintMismatch {
+	return ls.badconstraint
+}
+
+// LockSatisfiesInputs determines whether the Project's lock satisfies all the
+// requirements indicated by the inputs (Manifest and RootPackageTree).
+func (p *Project) LockSatisfiesInputs(sm gps.SourceManager) (LockSatisfaction, error) {
+	if p.Lock == nil {
+		return LockSatisfaction{nolock: true}, nil
+	}
+
+	ptree, err := p.ParseRootPackageTree()
+	if err != nil {
+		return LockSatisfaction{}, err
+	}
+
+	var ig *pkgtree.IgnoredRuleset
+	var req map[string]bool
+	if p.Manifest != nil {
+		ig = p.Manifest.IgnoredPackages()
+		req = p.Manifest.RequiredPackages()
+	}
+
+	rm, _ := ptree.ToReachMap(true, true, false, ig)
+	reach := rm.FlattenFn(paths.IsStandardImportPath)
+
+	inlock := make(map[string]bool, len(p.Lock.SolveMeta.InputImports))
+	ininputs := make(map[string]bool, len(reach)+len(req))
+
+	for _, imp := range reach {
+		ininputs[imp] = true
+	}
+
+	for imp := range req {
+		ininputs[imp] = true
+	}
+
+	for _, imp := range p.Lock.SolveMeta.InputImports {
+		inlock[imp] = true
+	}
+
+	lsat := LockSatisfaction{
+		badovr:        make(constraintMismatches),
+		badconstraint: make(constraintMismatches),
+	}
+
+	for ip := range ininputs {
+		if !inlock[ip] {
+			lsat.pkgs[ip] = missingFromLock
+		} else {
+			// So we don't have to revisit it below
+			delete(inlock, ip)
+		}
+	}
+
+	for ip := range inlock {
+		if !ininputs[ip] {
+			lsat.pkgs[ip] = inAdditionToLock
+		}
+	}
+
+	ineff := make(map[string]bool)
+	for _, pr := range p.FindIneffectualConstraints(sm) {
+		ineff[string(pr)] = true
+	}
+
+	for _, lp := range p.Lock.Projects() {
+		pr := lp.Ident().ProjectRoot
+
+		if pp, has := p.Manifest.Ovr[pr]; has && !pp.Constraint.Matches(lp.Version()) {
+			lsat.badovr[pr] = constraintMismatch{
+				c: pp.Constraint,
+				v: lp.Version(),
+			}
+		}
+
+		if pp, has := p.Manifest.Constraints[pr]; has && !ineff[string(pr)] && !pp.Constraint.Matches(lp.Version()) {
+			lsat.badconstraint[pr] = constraintMismatch{
+				c: pp.Constraint,
+				v: lp.Version(),
+			}
+		}
+	}
+
+	return lsat, nil
+}
+
 // FindIneffectualConstraints looks for constraint rules expressed in the
 // manifest that will have no effect during solving, as they are specified for
 // projects that are not direct dependencies of the Project.