From: Jeff King <peff@peff.net>
To: Stefan Beller <stefanbeller@googlemail.com>
Cc: git@vger.kernel.org, gitster@pobox.com
Subject: Re: [PATCH] diff: remove ternary operator evaluating always to true
Date: Sat, 10 Aug 2013 03:21:14 -0400 [thread overview]
Message-ID: <20130810072114.GD30185@sigill.intra.peff.net> (raw)
In-Reply-To: <1375986704-11441-1-git-send-email-stefanbeller@googlemail.com>
On Thu, Aug 08, 2013 at 08:31:44PM +0200, Stefan Beller wrote:
> The next occurrences are at:
> /* Never use a non-valid filename anywhere if at all possible */
> name_a = DIFF_FILE_VALID(one) ? name_a : name_b;
> name_b = DIFF_FILE_VALID(two) ? name_b : name_a;
>
> a_one = quote_two(a_prefix, name_a + (*name_a == '/'));
> b_two = quote_two(b_prefix, name_b + (*name_b == '/'));
>
> In the last line of this block 'name_b' is dereferenced and compared
> to '/'. This would crash if name_b was NULL. Hence in the following code
> we can assume name_b being non-null.
I think your change is correct, but I find the reasoning above a little
suspect. It assumes that the second chunk of code (accessing name_a and
name_b) is correct, and pins the correctness of the code you are
changing to it. If the second chunk is buggy, then you are actually
making the code worse.
The interesting part is the top chunk, which aliases the names if one of
them is NULL. And there is an implicit assumption there that we will
never get _two_ NULL names in this function. And that is why the second
chunk does not ever crash (and why your change is the right thing to
do).
Sorry if this seems nit-picky. It is just that seemingly trivial
cleanups can sometimes end up revealing larger bugs, and I think it is
worth making sure we understand the root cause to be sure that our
cleanup really is trivial.
I wonder if the implicit expectation of the function to take at least
one non-NULL name would be more obvious if the first few lines were
written as:
if (DIFF_FILE_VALID(one)) {
if (!DIFF_FILE_VALID(two))
name_b = name_a;
} else if (DIFF_FILE_VALID(two))
name_a = name_b;
else
die("BUG: two invalid files to diff");
That covers all of the cases explicitly, though it is IMHO uglier to
read (and there is still an implicit assumption that the name is
non-NULL if DIFF_FILE_VALID() is true).
-Peff
next prev parent reply other threads:[~2013-08-10 7:21 UTC|newest]
Thread overview: 6+ messages / expand[flat|nested] mbox.gz Atom feed top
2013-08-08 18:31 [PATCH] diff: remove ternary operator evaluating always to true Stefan Beller
2013-08-10 7:21 ` Jeff King [this message]
2013-08-12 5:46 ` Junio C Hamano
2013-08-12 8:32 ` Stefan Beller
2013-08-12 8:38 ` Stefan Beller
2013-08-12 17:15 ` Junio C Hamano
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
List information: http://vger.kernel.org/majordomo-info.html
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20130810072114.GD30185@sigill.intra.peff.net \
--to=peff@peff.net \
--cc=git@vger.kernel.org \
--cc=gitster@pobox.com \
--cc=stefanbeller@googlemail.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
Code repositories for project(s) associated with this public inbox
https://80x24.org/mirrors/git.git
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).