From: shejialuo <shejialuo@gmail.com>
To: Patrick Steinhardt <ps@pks.im>
Cc: git@vger.kernel.org
Subject: Re: [PATCH 06/10] global: fix unsigned integer promotions in ternary statements
Date: Sat, 30 Nov 2024 18:44:43 +0800 [thread overview]
Message-ID: <Z0rsm8X0jkjtrjR8@ArchLinux> (raw)
In-Reply-To: <20241129-pks-sign-compare-v1-6-fc406b984bc9@pks.im>
On Fri, Nov 29, 2024 at 02:13:27PM +0100, Patrick Steinhardt wrote:
> We have several cases in our codebase where the ternary operator changes
> signedness from a signed integer type to an unsigned one. This causes
> warnings with `-Wsign-compare`. Generally, we seem to have three classes
> of this in our codebase:
>
> - Cases where we know that the result is well-formed, e.g. when
> indexing into strings to determine the length of substrings.
>
> - Cases where we want `-1` to mean "unlimited", counting on the
> wrap-around.
>
> - Cases where we may indeed run into problems when one of the
> statements returns a value that is too big.
>
> Out of these only the last class is a bit worrying, but we can address
> it by adding a call to `cast_size_t_to_int()`. Like this we're better
> protected in case we have unexpectedly huge input as we'd die instead of
> silently doing the wrong thing.
>
That's good, without using "case_size_t_to_int", we rely on the compiler
to do the conversion, which is bad. Now we will die the program.
[snip]
> diff --git a/builtin/patch-id.c b/builtin/patch-id.c
> index 56585757477911c96bbb9ef2cf3710691b8e744e..87fa586c4d552ba61cd2ac2cf079d68241eb3275 100644
> --- a/builtin/patch-id.c
> +++ b/builtin/patch-id.c
> @@ -163,7 +163,7 @@ static int get_one_patchid(struct object_id *next_oid, struct object_id *result,
> after--;
>
> /* Add line to hash algo (possibly removing whitespace) */
> - len = verbatim ? strlen(line) : remove_space(line);
> + len = verbatim ? cast_size_t_to_int(strlen(line)) : remove_space(line);
Here, we convert the unsigned "strelen(line)" because the `len` is a
signed value. In the first glance, I think we should change the return
type of "remove_space" to "size_t", because it will always return the
unsigned value.
However, in our codebase, we use "int" as the return value in the most
situations. So, this change make senses.
> patchlen += len;
> the_hash_algo->update_fn(&ctx, line, len);
> }
> diff --git a/gpg-interface.c b/gpg-interface.c
> index a67d80475bf9d8452de0c3ae9bb08ceeb4c11c4b..e1720361f17e8b3b3315f0a5d93a827e11b2b036 100644
> --- a/gpg-interface.c
> +++ b/gpg-interface.c
> @@ -700,7 +700,7 @@ size_t parse_signed_buffer(const char *buf, size_t size)
> match = len;
>
> eol = memchr(buf + len, '\n', size - len);
> - len += eol ? eol - (buf + len) + 1 : size - len;
> + len += eol ? (size_t) (eol - (buf + len) + 1) : size - len;
When reading the code, I wonder what if "eol - (buf + len) + 1" is less
than zero. If so, we would cause underflow. We have created a helper
function "cast_size_t_to_int". Do we need to create a function to safely
convert the potential signed integer to "size_t"?
> diff --git a/t/helper/test-csprng.c b/t/helper/test-csprng.c
> index ea9b9b656307d32bdc1f2e15a91793b1dda9c463..31dbe7db4ac61639541f15d262cea64368fec78f 100644
> --- a/t/helper/test-csprng.c
> +++ b/t/helper/test-csprng.c
> @@ -1,5 +1,3 @@
> -#define DISABLE_SIGN_COMPARE_WARNINGS
> -
> #include "test-tool.h"
> #include "git-compat-util.h"
>
> @@ -14,7 +12,7 @@ int cmd__csprng(int argc, const char **argv)
> return 2;
> }
>
> - count = (argc == 2) ? strtoul(argv[1], NULL, 0) : -1L;
> + count = (argc == 2) ? strtoul(argv[1], NULL, 0) : (unsigned long) -1L;
Here we use "-1" to represent the unlimited, and the type of `count` is
unsigned long. So we need to explicitly case the type of "-1L". But this
is strange, why not just use the "ULONG_MAX" directly?
>
> while (count) {
> unsigned long chunk = count < sizeof(buf) ? count : sizeof(buf);
> diff --git a/t/helper/test-genrandom.c b/t/helper/test-genrandom.c
> index 5b51e6648d8e698b09f400efcf67a0708c226e9d..efca20e7efff46bf66c2b8888ce88db02e545cd5 100644
> --- a/t/helper/test-genrandom.c
> +++ b/t/helper/test-genrandom.c
> @@ -4,8 +4,6 @@
> * Copyright (C) 2007 by Nicolas Pitre, licensed under the GPL version 2.
> */
>
> -#define DISABLE_SIGN_COMPARE_WARNINGS
> -
> #include "test-tool.h"
> #include "git-compat-util.h"
>
> @@ -24,7 +22,7 @@ int cmd__genrandom(int argc, const char **argv)
> next = next * 11 + *c;
> } while (*c++);
>
> - count = (argc == 3) ? strtoul(argv[2], NULL, 0) : -1L;
> + count = (argc == 3) ? strtoul(argv[2], NULL, 0) : (unsigned long) -1L;
>
Similar with the above comment.
> while (count--) {
> next = next * 1103515245 + 12345;
>
> --
> 2.47.0.366.g5daf58cba8.dirty
>
Thanks,
Jialuo
next prev parent reply other threads:[~2024-11-30 10:44 UTC|newest]
Thread overview: 87+ messages / expand[flat|nested] mbox.gz Atom feed top
2024-11-29 13:13 [PATCH 00/10] Start compiling with `-Wsign-compare` Patrick Steinhardt
2024-11-29 13:13 ` [PATCH 01/10] git-compat-util: introduce macros to disable "-Wsign-compare" warnings Patrick Steinhardt
2024-11-29 13:13 ` [PATCH 02/10] compat/regex: explicitly ignore " Patrick Steinhardt
2024-11-29 13:13 ` [PATCH 03/10] compat/win32: fix -Wsign-compare warning in "wWinMain()" Patrick Steinhardt
2024-11-29 13:13 ` [PATCH 04/10] global: mark code units that generate warnings with `-Wsign-compare` Patrick Steinhardt
2024-11-29 13:13 ` [PATCH 05/10] config.mak.dev: drop `-Wno-sign-compare` Patrick Steinhardt
2024-11-29 13:13 ` [PATCH 06/10] global: fix unsigned integer promotions in ternary statements Patrick Steinhardt
2024-11-30 10:44 ` shejialuo [this message]
2024-12-02 7:54 ` Patrick Steinhardt
2024-12-01 21:59 ` Jeff King
2024-12-02 7:54 ` Patrick Steinhardt
2024-11-29 13:13 ` [PATCH 07/10] diff.h: fix index used to loop through unsigned integer Patrick Steinhardt
2024-11-29 13:13 ` [PATCH 08/10] global: trivial conversions to fix `-Wsign-compare` warnings Patrick Steinhardt
2024-12-01 22:07 ` Jeff King
2024-12-02 7:54 ` Patrick Steinhardt
2024-11-29 13:13 ` [PATCH 09/10] daemon: fix loops that have mismatching integer types Patrick Steinhardt
2024-12-01 22:08 ` Jeff King
2024-12-02 7:54 ` Patrick Steinhardt
2024-12-05 19:14 ` Jeff King
2024-11-29 13:13 ` [PATCH 10/10] daemon: fix type of `max_connections` Patrick Steinhardt
2024-12-01 22:09 ` Jeff King
2024-11-30 10:55 ` [PATCH 00/10] Start compiling with `-Wsign-compare` shejialuo
2024-12-02 7:54 ` Patrick Steinhardt
2024-12-01 22:29 ` Jeff King
2024-12-02 7:53 ` Patrick Steinhardt
2024-12-02 12:04 ` [PATCH v2 00/14] " Patrick Steinhardt
2024-12-02 12:04 ` [PATCH v2 01/14] git-compat-util: introduce macros to disable "-Wsign-compare" warnings Patrick Steinhardt
2024-12-02 12:04 ` [PATCH v2 02/14] compat/regex: explicitly ignore " Patrick Steinhardt
2024-12-02 12:04 ` [PATCH v2 03/14] compat/win32: fix -Wsign-compare warning in "wWinMain()" Patrick Steinhardt
2024-12-02 12:04 ` [PATCH v2 04/14] global: mark code units that generate warnings with `-Wsign-compare` Patrick Steinhardt
2024-12-02 12:04 ` [PATCH v2 05/14] config.mak.dev: drop `-Wno-sign-compare` Patrick Steinhardt
2024-12-02 12:04 ` [PATCH v2 06/14] diff.h: fix index used to loop through unsigned integer Patrick Steinhardt
2024-12-02 12:04 ` [PATCH v2 07/14] global: trivial conversions to fix `-Wsign-compare` warnings Patrick Steinhardt
2024-12-04 5:31 ` Junio C Hamano
2024-12-02 12:04 ` [PATCH v2 08/14] daemon: fix loops that have mismatching integer types Patrick Steinhardt
2024-12-02 12:04 ` [PATCH v2 09/14] daemon: fix type of `max_connections` Patrick Steinhardt
2024-12-02 12:04 ` [PATCH v2 10/14] gpg-interface: address -Wsign-comparison warnings Patrick Steinhardt
2024-12-02 12:04 ` [PATCH v2 11/14] builtin/blame: fix type of `length` variable when emitting object ID Patrick Steinhardt
2024-12-02 12:04 ` [PATCH v2 12/14] builtin/patch-id: fix type of `get_one_patchid()` Patrick Steinhardt
2024-12-02 13:18 ` shejialuo
2024-12-02 13:24 ` Patrick Steinhardt
2024-12-02 12:04 ` [PATCH v2 13/14] scalar: address -Wsign-compare warnings Patrick Steinhardt
2024-12-02 12:04 ` [PATCH v2 14/14] t/helper: don't depend on implicit wraparound Patrick Steinhardt
2024-12-02 13:28 ` [PATCH v2 00/14] Start compiling with `-Wsign-compare` shejialuo
2024-12-04 5:47 ` [PATCH] sign-compare: 32-bit support Junio C Hamano
2024-12-05 9:32 ` Patrick Steinhardt
2024-12-05 9:36 ` [PATCH v3 00/15] Start compiling with `-Wsign-compare` Patrick Steinhardt
2024-12-05 9:36 ` [PATCH v3 01/15] git-compat-util: introduce macros to disable "-Wsign-compare" warnings Patrick Steinhardt
2024-12-05 9:36 ` [PATCH v3 02/15] compat/regex: explicitly ignore " Patrick Steinhardt
2024-12-05 9:36 ` [PATCH v3 03/15] compat/win32: fix -Wsign-compare warning in "wWinMain()" Patrick Steinhardt
2024-12-05 9:36 ` [PATCH v3 04/15] global: mark code units that generate warnings with `-Wsign-compare` Patrick Steinhardt
2024-12-05 9:36 ` [PATCH v3 05/15] config.mak.dev: drop `-Wno-sign-compare` Patrick Steinhardt
2024-12-05 9:36 ` [PATCH v3 06/15] diff.h: fix index used to loop through unsigned integer Patrick Steinhardt
2024-12-05 9:36 ` [PATCH v3 07/15] sign-compare: 32-bit support Patrick Steinhardt
2024-12-05 19:34 ` Jeff King
2024-12-06 8:44 ` Patrick Steinhardt
2024-12-05 9:36 ` [PATCH v3 08/15] global: trivial conversions to fix `-Wsign-compare` warnings Patrick Steinhardt
2024-12-05 9:36 ` [PATCH v3 09/15] daemon: fix loops that have mismatching integer types Patrick Steinhardt
2024-12-05 9:36 ` [PATCH v3 10/15] daemon: fix type of `max_connections` Patrick Steinhardt
2024-12-05 9:36 ` [PATCH v3 11/15] gpg-interface: address -Wsign-comparison warnings Patrick Steinhardt
2024-12-05 9:36 ` [PATCH v3 12/15] builtin/blame: fix type of `length` variable when emitting object ID Patrick Steinhardt
2024-12-05 9:36 ` [PATCH v3 13/15] builtin/patch-id: fix type of `get_one_patchid()` Patrick Steinhardt
2024-12-05 9:36 ` [PATCH v3 14/15] scalar: address -Wsign-compare warnings Patrick Steinhardt
2024-12-05 9:36 ` [PATCH v3 15/15] t/helper: don't depend on implicit wraparound Patrick Steinhardt
2024-12-06 10:27 ` [PATCH v4 00/16] Start compiling with `-Wsign-compare` Patrick Steinhardt
2024-12-06 10:27 ` [PATCH v4 01/16] git-compat-util: introduce macros to disable "-Wsign-compare" warnings Patrick Steinhardt
2024-12-06 12:32 ` karthik nayak
2024-12-06 10:27 ` [PATCH v4 02/16] compat/regex: explicitly ignore " Patrick Steinhardt
2024-12-06 10:27 ` [PATCH v4 03/16] compat/win32: fix -Wsign-compare warning in "wWinMain()" Patrick Steinhardt
2024-12-06 10:27 ` [PATCH v4 04/16] global: mark code units that generate warnings with `-Wsign-compare` Patrick Steinhardt
2024-12-06 10:27 ` [PATCH v4 05/16] config.mak.dev: drop `-Wno-sign-compare` Patrick Steinhardt
2024-12-06 10:27 ` [PATCH v4 06/16] diff.h: fix index used to loop through unsigned integer Patrick Steinhardt
2024-12-06 10:27 ` [PATCH v4 07/16] csum-file: fix -Wsign-compare warning on 32-bit platform Patrick Steinhardt
2024-12-06 10:27 ` [PATCH v4 08/16] pkt-line: fix -Wsign-compare warning on 32 bit platform Patrick Steinhardt
2024-12-08 19:57 ` Jeff King
2024-12-09 0:09 ` Junio C Hamano
2024-12-06 10:27 ` [PATCH v4 09/16] global: trivial conversions to fix `-Wsign-compare` warnings Patrick Steinhardt
2024-12-06 10:27 ` [PATCH v4 10/16] daemon: fix loops that have mismatching integer types Patrick Steinhardt
2024-12-06 10:27 ` [PATCH v4 11/16] daemon: fix type of `max_connections` Patrick Steinhardt
2024-12-06 10:27 ` [PATCH v4 12/16] gpg-interface: address -Wsign-comparison warnings Patrick Steinhardt
2024-12-06 10:27 ` [PATCH v4 13/16] builtin/blame: fix type of `length` variable when emitting object ID Patrick Steinhardt
2025-01-08 19:17 ` Johannes Schindelin
2025-01-09 6:20 ` Patrick Steinhardt
2024-12-06 10:27 ` [PATCH v4 14/16] builtin/patch-id: fix type of `get_one_patchid()` Patrick Steinhardt
2024-12-06 10:27 ` [PATCH v4 15/16] scalar: address -Wsign-compare warnings Patrick Steinhardt
2024-12-06 10:27 ` [PATCH v4 16/16] t/helper: don't depend on implicit wraparound Patrick Steinhardt
2024-12-06 13:11 ` [PATCH v4 00/16] Start compiling with `-Wsign-compare` karthik nayak
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=Z0rsm8X0jkjtrjR8@ArchLinux \
--to=shejialuo@gmail.com \
--cc=git@vger.kernel.org \
--cc=ps@pks.im \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).