From: shejialuo <shejialuo@gmail.com>
To: Patrick Steinhardt <ps@pks.im>
Cc: git@vger.kernel.org
Subject: Re: [PATCH 06/10] global: fix unsigned integer promotions in ternary statements
Date: Sat, 30 Nov 2024 18:44:43 +0800 [thread overview]
Message-ID: <Z0rsm8X0jkjtrjR8@ArchLinux> (raw)
In-Reply-To: <20241129-pks-sign-compare-v1-6-fc406b984bc9@pks.im>
On Fri, Nov 29, 2024 at 02:13:27PM +0100, Patrick Steinhardt wrote:
> We have several cases in our codebase where the ternary operator changes
> signedness from a signed integer type to an unsigned one. This causes
> warnings with `-Wsign-compare`. Generally, we seem to have three classes
> of this in our codebase:
>
> - Cases where we know that the result is well-formed, e.g. when
> indexing into strings to determine the length of substrings.
>
> - Cases where we want `-1` to mean "unlimited", counting on the
> wrap-around.
>
> - Cases where we may indeed run into problems when one of the
> statements returns a value that is too big.
>
> Out of these only the last class is a bit worrying, but we can address
> it by adding a call to `cast_size_t_to_int()`. Like this we're better
> protected in case we have unexpectedly huge input as we'd die instead of
> silently doing the wrong thing.
>
That's good, without using "case_size_t_to_int", we rely on the compiler
to do the conversion, which is bad. Now we will die the program.
[snip]
> diff --git a/builtin/patch-id.c b/builtin/patch-id.c
> index 56585757477911c96bbb9ef2cf3710691b8e744e..87fa586c4d552ba61cd2ac2cf079d68241eb3275 100644
> --- a/builtin/patch-id.c
> +++ b/builtin/patch-id.c
> @@ -163,7 +163,7 @@ static int get_one_patchid(struct object_id *next_oid, struct object_id *result,
> after--;
>
> /* Add line to hash algo (possibly removing whitespace) */
> - len = verbatim ? strlen(line) : remove_space(line);
> + len = verbatim ? cast_size_t_to_int(strlen(line)) : remove_space(line);
Here, we convert the unsigned "strelen(line)" because the `len` is a
signed value. In the first glance, I think we should change the return
type of "remove_space" to "size_t", because it will always return the
unsigned value.
However, in our codebase, we use "int" as the return value in the most
situations. So, this change make senses.
> patchlen += len;
> the_hash_algo->update_fn(&ctx, line, len);
> }
> diff --git a/gpg-interface.c b/gpg-interface.c
> index a67d80475bf9d8452de0c3ae9bb08ceeb4c11c4b..e1720361f17e8b3b3315f0a5d93a827e11b2b036 100644
> --- a/gpg-interface.c
> +++ b/gpg-interface.c
> @@ -700,7 +700,7 @@ size_t parse_signed_buffer(const char *buf, size_t size)
> match = len;
>
> eol = memchr(buf + len, '\n', size - len);
> - len += eol ? eol - (buf + len) + 1 : size - len;
> + len += eol ? (size_t) (eol - (buf + len) + 1) : size - len;
When reading the code, I wonder what if "eol - (buf + len) + 1" is less
than zero. If so, we would cause underflow. We have created a helper
function "cast_size_t_to_int". Do we need to create a function to safely
convert the potential signed integer to "size_t"?
> diff --git a/t/helper/test-csprng.c b/t/helper/test-csprng.c
> index ea9b9b656307d32bdc1f2e15a91793b1dda9c463..31dbe7db4ac61639541f15d262cea64368fec78f 100644
> --- a/t/helper/test-csprng.c
> +++ b/t/helper/test-csprng.c
> @@ -1,5 +1,3 @@
> -#define DISABLE_SIGN_COMPARE_WARNINGS
> -
> #include "test-tool.h"
> #include "git-compat-util.h"
>
> @@ -14,7 +12,7 @@ int cmd__csprng(int argc, const char **argv)
> return 2;
> }
>
> - count = (argc == 2) ? strtoul(argv[1], NULL, 0) : -1L;
> + count = (argc == 2) ? strtoul(argv[1], NULL, 0) : (unsigned long) -1L;
Here we use "-1" to represent the unlimited, and the type of `count` is
unsigned long. So we need to explicitly case the type of "-1L". But this
is strange, why not just use the "ULONG_MAX" directly?
>
> while (count) {
> unsigned long chunk = count < sizeof(buf) ? count : sizeof(buf);
> diff --git a/t/helper/test-genrandom.c b/t/helper/test-genrandom.c
> index 5b51e6648d8e698b09f400efcf67a0708c226e9d..efca20e7efff46bf66c2b8888ce88db02e545cd5 100644
> --- a/t/helper/test-genrandom.c
> +++ b/t/helper/test-genrandom.c
> @@ -4,8 +4,6 @@
> * Copyright (C) 2007 by Nicolas Pitre, licensed under the GPL version 2.
> */
>
> -#define DISABLE_SIGN_COMPARE_WARNINGS
> -
> #include "test-tool.h"
> #include "git-compat-util.h"
>
> @@ -24,7 +22,7 @@ int cmd__genrandom(int argc, const char **argv)
> next = next * 11 + *c;
> } while (*c++);
>
> - count = (argc == 3) ? strtoul(argv[2], NULL, 0) : -1L;
> + count = (argc == 3) ? strtoul(argv[2], NULL, 0) : (unsigned long) -1L;
>
Similar with the above comment.
> while (count--) {
> next = next * 1103515245 + 12345;
>
> --
> 2.47.0.366.g5daf58cba8.dirty
>
Thanks,
Jialuo
next prev parent reply other threads:[~2024-11-30 10:44 UTC|newest]
Thread overview: 87+ messages / expand[flat|nested] mbox.gz Atom feed top
2024-11-29 13:13 [PATCH 00/10] Start compiling with `-Wsign-compare` Patrick Steinhardt
2024-11-29 13:13 ` [PATCH 01/10] git-compat-util: introduce macros to disable "-Wsign-compare" warnings Patrick Steinhardt
2024-11-29 13:13 ` [PATCH 02/10] compat/regex: explicitly ignore " Patrick Steinhardt
2024-11-29 13:13 ` [PATCH 03/10] compat/win32: fix -Wsign-compare warning in "wWinMain()" Patrick Steinhardt
2024-11-29 13:13 ` [PATCH 04/10] global: mark code units that generate warnings with `-Wsign-compare` Patrick Steinhardt
2024-11-29 13:13 ` [PATCH 05/10] config.mak.dev: drop `-Wno-sign-compare` Patrick Steinhardt
2024-11-29 13:13 ` [PATCH 06/10] global: fix unsigned integer promotions in ternary statements Patrick Steinhardt
2024-11-30 10:44 ` shejialuo [this message]
2024-12-02 7:54 ` Patrick Steinhardt
2024-12-01 21:59 ` Jeff King
2024-12-02 7:54 ` Patrick Steinhardt
2024-11-29 13:13 ` [PATCH 07/10] diff.h: fix index used to loop through unsigned integer Patrick Steinhardt
2024-11-29 13:13 ` [PATCH 08/10] global: trivial conversions to fix `-Wsign-compare` warnings Patrick Steinhardt
2024-12-01 22:07 ` Jeff King
2024-12-02 7:54 ` Patrick Steinhardt
2024-11-29 13:13 ` [PATCH 09/10] daemon: fix loops that have mismatching integer types Patrick Steinhardt
2024-12-01 22:08 ` Jeff King
2024-12-02 7:54 ` Patrick Steinhardt
2024-12-05 19:14 ` Jeff King
2024-11-29 13:13 ` [PATCH 10/10] daemon: fix type of `max_connections` Patrick Steinhardt
2024-12-01 22:09 ` Jeff King
2024-11-30 10:55 ` [PATCH 00/10] Start compiling with `-Wsign-compare` shejialuo
2024-12-02 7:54 ` Patrick Steinhardt
2024-12-01 22:29 ` Jeff King
2024-12-02 7:53 ` Patrick Steinhardt
2024-12-02 12:04 ` [PATCH v2 00/14] " Patrick Steinhardt
2024-12-02 12:04 ` [PATCH v2 01/14] git-compat-util: introduce macros to disable "-Wsign-compare" warnings Patrick Steinhardt
2024-12-02 12:04 ` [PATCH v2 02/14] compat/regex: explicitly ignore " Patrick Steinhardt
2024-12-02 12:04 ` [PATCH v2 03/14] compat/win32: fix -Wsign-compare warning in "wWinMain()" Patrick Steinhardt
2024-12-02 12:04 ` [PATCH v2 04/14] global: mark code units that generate warnings with `-Wsign-compare` Patrick Steinhardt
2024-12-02 12:04 ` [PATCH v2 05/14] config.mak.dev: drop `-Wno-sign-compare` Patrick Steinhardt
2024-12-02 12:04 ` [PATCH v2 06/14] diff.h: fix index used to loop through unsigned integer Patrick Steinhardt
2024-12-02 12:04 ` [PATCH v2 07/14] global: trivial conversions to fix `-Wsign-compare` warnings Patrick Steinhardt
2024-12-04 5:31 ` Junio C Hamano
2024-12-02 12:04 ` [PATCH v2 08/14] daemon: fix loops that have mismatching integer types Patrick Steinhardt
2024-12-02 12:04 ` [PATCH v2 09/14] daemon: fix type of `max_connections` Patrick Steinhardt
2024-12-02 12:04 ` [PATCH v2 10/14] gpg-interface: address -Wsign-comparison warnings Patrick Steinhardt
2024-12-02 12:04 ` [PATCH v2 11/14] builtin/blame: fix type of `length` variable when emitting object ID Patrick Steinhardt
2024-12-02 12:04 ` [PATCH v2 12/14] builtin/patch-id: fix type of `get_one_patchid()` Patrick Steinhardt
2024-12-02 13:18 ` shejialuo
2024-12-02 13:24 ` Patrick Steinhardt
2024-12-02 12:04 ` [PATCH v2 13/14] scalar: address -Wsign-compare warnings Patrick Steinhardt
2024-12-02 12:04 ` [PATCH v2 14/14] t/helper: don't depend on implicit wraparound Patrick Steinhardt
2024-12-02 13:28 ` [PATCH v2 00/14] Start compiling with `-Wsign-compare` shejialuo
2024-12-04 5:47 ` [PATCH] sign-compare: 32-bit support Junio C Hamano
2024-12-05 9:32 ` Patrick Steinhardt
2024-12-05 9:36 ` [PATCH v3 00/15] Start compiling with `-Wsign-compare` Patrick Steinhardt
2024-12-05 9:36 ` [PATCH v3 01/15] git-compat-util: introduce macros to disable "-Wsign-compare" warnings Patrick Steinhardt
2024-12-05 9:36 ` [PATCH v3 02/15] compat/regex: explicitly ignore " Patrick Steinhardt
2024-12-05 9:36 ` [PATCH v3 03/15] compat/win32: fix -Wsign-compare warning in "wWinMain()" Patrick Steinhardt
2024-12-05 9:36 ` [PATCH v3 04/15] global: mark code units that generate warnings with `-Wsign-compare` Patrick Steinhardt
2024-12-05 9:36 ` [PATCH v3 05/15] config.mak.dev: drop `-Wno-sign-compare` Patrick Steinhardt
2024-12-05 9:36 ` [PATCH v3 06/15] diff.h: fix index used to loop through unsigned integer Patrick Steinhardt
2024-12-05 9:36 ` [PATCH v3 07/15] sign-compare: 32-bit support Patrick Steinhardt
2024-12-05 19:34 ` Jeff King
2024-12-06 8:44 ` Patrick Steinhardt
2024-12-05 9:36 ` [PATCH v3 08/15] global: trivial conversions to fix `-Wsign-compare` warnings Patrick Steinhardt
2024-12-05 9:36 ` [PATCH v3 09/15] daemon: fix loops that have mismatching integer types Patrick Steinhardt
2024-12-05 9:36 ` [PATCH v3 10/15] daemon: fix type of `max_connections` Patrick Steinhardt
2024-12-05 9:36 ` [PATCH v3 11/15] gpg-interface: address -Wsign-comparison warnings Patrick Steinhardt
2024-12-05 9:36 ` [PATCH v3 12/15] builtin/blame: fix type of `length` variable when emitting object ID Patrick Steinhardt
2024-12-05 9:36 ` [PATCH v3 13/15] builtin/patch-id: fix type of `get_one_patchid()` Patrick Steinhardt
2024-12-05 9:36 ` [PATCH v3 14/15] scalar: address -Wsign-compare warnings Patrick Steinhardt
2024-12-05 9:36 ` [PATCH v3 15/15] t/helper: don't depend on implicit wraparound Patrick Steinhardt
2024-12-06 10:27 ` [PATCH v4 00/16] Start compiling with `-Wsign-compare` Patrick Steinhardt
2024-12-06 10:27 ` [PATCH v4 01/16] git-compat-util: introduce macros to disable "-Wsign-compare" warnings Patrick Steinhardt
2024-12-06 12:32 ` karthik nayak
2024-12-06 10:27 ` [PATCH v4 02/16] compat/regex: explicitly ignore " Patrick Steinhardt
2024-12-06 10:27 ` [PATCH v4 03/16] compat/win32: fix -Wsign-compare warning in "wWinMain()" Patrick Steinhardt
2024-12-06 10:27 ` [PATCH v4 04/16] global: mark code units that generate warnings with `-Wsign-compare` Patrick Steinhardt
2024-12-06 10:27 ` [PATCH v4 05/16] config.mak.dev: drop `-Wno-sign-compare` Patrick Steinhardt
2024-12-06 10:27 ` [PATCH v4 06/16] diff.h: fix index used to loop through unsigned integer Patrick Steinhardt
2024-12-06 10:27 ` [PATCH v4 07/16] csum-file: fix -Wsign-compare warning on 32-bit platform Patrick Steinhardt
2024-12-06 10:27 ` [PATCH v4 08/16] pkt-line: fix -Wsign-compare warning on 32 bit platform Patrick Steinhardt
2024-12-08 19:57 ` Jeff King
2024-12-09 0:09 ` Junio C Hamano
2024-12-06 10:27 ` [PATCH v4 09/16] global: trivial conversions to fix `-Wsign-compare` warnings Patrick Steinhardt
2024-12-06 10:27 ` [PATCH v4 10/16] daemon: fix loops that have mismatching integer types Patrick Steinhardt
2024-12-06 10:27 ` [PATCH v4 11/16] daemon: fix type of `max_connections` Patrick Steinhardt
2024-12-06 10:27 ` [PATCH v4 12/16] gpg-interface: address -Wsign-comparison warnings Patrick Steinhardt
2024-12-06 10:27 ` [PATCH v4 13/16] builtin/blame: fix type of `length` variable when emitting object ID Patrick Steinhardt
2025-01-08 19:17 ` Johannes Schindelin
2025-01-09 6:20 ` Patrick Steinhardt
2024-12-06 10:27 ` [PATCH v4 14/16] builtin/patch-id: fix type of `get_one_patchid()` Patrick Steinhardt
2024-12-06 10:27 ` [PATCH v4 15/16] scalar: address -Wsign-compare warnings Patrick Steinhardt
2024-12-06 10:27 ` [PATCH v4 16/16] t/helper: don't depend on implicit wraparound Patrick Steinhardt
2024-12-06 13:11 ` [PATCH v4 00/16] Start compiling with `-Wsign-compare` karthik nayak
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=Z0rsm8X0jkjtrjR8@ArchLinux \
--to=shejialuo@gmail.com \
--cc=git@vger.kernel.org \
--cc=ps@pks.im \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.