[autorevert] born-red: order-independent detection (pending head + interleaved gaps)

[izaitsevfb]

Summary

Make the born-red test-signal detector (#8107) fire on real trunk signals,
cover the ghstack-landing case where the introducing commit never ran jobs, and
gate the "recovered" case where the test was removed/disabled again.

A test introduced already-broken (added / enabled / un-skipped / moved-into-existence)
has no green to bisect, so the green→red path bails with NO_SUCCESSES and the
advisor is never asked. The old detector required a strict contiguous
[FAIL…][EMPTY…] shape that never occurs in production — 0 dispatches over 11
real born-red episodes in a month of autorevert_state. Real signals carry
pending commits (jobs not finished yet) at the head and interleaved
between the failures and the older baseline, which the contiguous walk rejected.

What it checks

Notation, newest→oldest: F failing · C concluded baseline (job ran, test
absent) · P pending (job running) · U unrun (no job result — ghstack
stack-middle push never scheduled, test didn't run, or test crashed without
reporting).

Test-track only; the caller guarantees no successful run anywhere in the window.
The partition is scoped to the most-recent concluded baseline C (inclusive)
and everything newer — C is positive proof the test was absent, so a C
newer than the failures means the test was removed/disabled again (recovered)
and the stale older failures are out of scope. Within that scope, born-red fires
when:

1. ≥1 failing commit. Suspect = the oldest in-scope F (the introduction point).
2. ≥2 distinct failing commits before the advisor is dispatched (retries /
   shards on one commit count as one observation).

has_successes() is still checked over the full window (any success
anywhere disqualifies born-red). P commits are ignored for the suspect
decision — we act on the oldest observed F now instead of waiting. U commits
in the introduction gap (between the suspect and the baseline) are restarted —
bisection / linear coverage honoring BISECTION_LIMIT, reusing the green→red
gap-closure logic — to find the true introducer, with the advisor dispatched in
parallel.

Matches

signal	action
F F C	advisor on oldest F, baseline C
P P F F P C	advisor on oldest F (pending ignored; no restart)
F F U C	restart U and advisor on oldest F, in parallel
F U C	restart U only (1 failure < 2 → no advisor yet)
F F C F C	advisor on the oldest in-scope F; the older F is a prior, recovered episode (scoped out by the newer C)

Does not act

signal	why
any success in window	not born-red — the green→red path handles it
C F F C	recovered: a baseline newer than the failures (test removed/disabled) → out of scope
F F	no concluded baseline → can't prove the test was ever absent (chronic)
F U	only an unrun commit below → no proof of absence
C C	no failures
F C	partition forms but advisor held — needs ≥2 distinct failures

How

• SignalCommit.job_group_concluded (set in _build_test_signals): the test's
  (workflow, job_base) group reached a terminal conclusion (≥1 non-cancelled
  run, none pending) — distinguishes a real baseline from "no info yet".
• partition_born_red: the scoped set predicate above. failed[-1] = suspect,
  successful[0] = the most-recent baseline, unknown = introduction gap.
• _handle_no_successes: dispatches the advisor and/or returns RestartCommits
  (reusing cover_gap_unknown_commits + GapBisectionPlanner).

Test plan

Full lambda suite green (209, 1 skipped); lintrunner clean. TestBornRedTestSignal
covers each match / no-act row (incl. recovered-at-head and most-recent-baseline
scoping), gap population, restart + advisor parallelism, the ghstack
single-failure case, bisection_limit throttling, and block- / revert-verdict
with an uncovered gap.

Notes

Cross-model review (DP17, Codex gpt-5.5): SHIP / SHIP-WITH-NITS across the
predicate, gate removal, gap-restart, and recovered-at-head gate; nits
addressed. No advisor-prompt change.

[vercel]

The latest updates on your projects. Learn more about Vercel for GitHub.

1 Skipped Deployment

Project	Deployment	Actions	Updated (UTC)
torchci	Ignored	Preview	Jun 18, 2026 6:48pm

[jeanschmidt]

@claude

Can you verify the implementation is correct, point to any edge cases not being handled, find where the code could be improved.

[claude]

Claude finished @jeanschmidt's task in 11m 53s —— View job

---

Review: born-red order-independent detection

I read signal.py, signal_extraction.py, job_agg_index.py, and both test files. Overall this is a careful, well-documented change with strong test coverage — the predicate, scoping, gap-restart, recovered-at-head gate, and ghstack single-failure path are all exercised. The core partition_born_red logic is sound. I found one correctness edge case worth fixing and a few smaller notes.

✅ What's correct

• partition_born_red scoping. baseline_idx = first (newest) job_group_concluded and not events commit; window = commits[:baseline_idx+1]; suspect_idx = max(i for failing in window). Because baseline_idx is the newest concluded-empty commit and the suspect is the oldest failure newer than it, the gap window[suspect_idx+1:-1] provably contains only pending/unrun commits (no other failures, no other concluded baseline). The layout matches the docstring exactly.
• Recovered-at-head gate. A baseline newer than all failures makes window hold no failure → None. Consistent with detect_fixed() (which skips the events-less head and returns False on the first failure, so born-red still owns the decision). Good.
• job_group_concluded ⟺ no pending events holds: group_pending and the PENDING-event append are both driven by meta.is_pending, so a concluded commit never carries a pending event and the not c.events baseline test is exact.
• cover_gap_unknown_commits correctly treats pending gap commits (which carry a PENDING event) as covered separators and unrun ones (no events) as restart candidates.

⚠️ Edge case: skipped job groups create a false born-red baseline

signal_extraction.py:427 only treats cancelled attempts as missing when computing job_group_concluded:

if meta.is_cancelled:
    continue
group_runs += 1
if meta.is_pending:
    group_pending = True

A fully-skipped job group has is_cancelled=False, is_pending=False, is_skipped=True, and produces no event (JobMeta.status → None). It therefore increments group_runs without setting group_pending, so the commit ends up job_group_concluded=True with empty events — i.e. it is misread as a born-red baseline witness (positive proof the test was absent).

But a skipped job did not run the test, so it is not proof of absence — job_agg_index.py:43-48 and the test_skipped_attempt_yields_no_event regression both establish the intended semantics: skipped is treated the same as cancelled / "missing". That invariant is broken here for the new flag.

Concrete impact: a commit where the test's required job was skipped (an if: gate, or a required-check skip when an upstream dep failed/cancelled) becomes a baseline. That can (a) manufacture a born-red detection where the only "baseline" is a skipped commit, and (b) wrongly move the scope boundary, scoping out real older failures. Low frequency, but it dispatches the advisor / a revert on a false premise.

Suggested fix — mirror the existing cancelled handling:

if meta.is_cancelled or meta.is_skipped:
    # cancelled/skipped attempts are missing — neither counts as the group
    # "concluding" (a skipped job never ran the test, so it is not proof the
    # test was absent).
    continue

A targeted extraction test (skipped group must yield job_group_concluded=False) would lock this in. Fix this →

Minor notes (non-blocking)

1. Option-A trade-off (acting on the oldest observed failure even if an unrun gap commit below could be a truer introducer) is well-reasoned and documented at signal.py:714-722. The bound (advisor only returns revert when it sees the introduction in that diff + the confidence gate) is reasonable, and the per-(commit, signal) verdict keying means a later-concluding older commit just relocates the suspect. Calling out explicitly that the stale verdict on the too-new commit is never reused is good — no change needed.

2. Block-verdict fall-through (signal.py:751-757): when the suspect already has a not_related/garbage verdict but the gap still has uncovered commits, the method drops the block and returns RestartCommits(advisor=None) to keep bisecting. Intentional per the docstring, but it does mean a garbage 2h-suppression is silently discarded for that tick. Acceptable since no new advisor is dispatched; worth a one-line inline comment noting the suppression is deliberately not surfaced while the gap is open.

3. Readability: partition_born_red returns successful=[self.commits[baseline_idx]] while the green→red path uses a multi-commit successful list. The single-element list works with successful[0], but a short comment that born-red intentionally carries exactly one baseline (already implied) would help the next reader reconcile the two partition producers.

Test plan

I could not execute the suite here (python/pytest are outside the permitted command set in this environment), so I verified by reading. The PR states the full lambda suite is green (209, 1 skipped) and lintrunner is clean; the born-red and extraction tests I read line-by-line are consistent with the implementation. If you apply the skipped-group fix, please re-run test_signal_extraction.py and add the suggested skipped-baseline case.

---

Summary: logic is correct for the cancelled/pending/unrun cases it models; the one real gap is that skipped job groups aren't excluded from job_group_concluded, which can fabricate a baseline. Recommend the small signal_extraction.py:427 fix + a regression test before merge; the rest are optional polish.
· branch iz/autorevert-born-red-set-predicate

[jeanschmidt]

I am not sure if the case that claude discussed is a case we can actually experience on pytorch, but yeah, a test that runs on a conditional job might be an edge case we're not handling. Do you think this is something we should be handling?