From: "René Scharfe" <l.s.r@web.de>
To: Jeff King <peff@peff.net>, git@vger.kernel.org
Cc: Junio C Hamano <gitster@pobox.com>,
Dragan Simic <dsimic@manjaro.org>,
Kristoffer Haugsbakk <code@khaugsbakk.name>,
Manlio Perillo <manlio.perillo@gmail.com>
Subject: Re: [PATCH 11/15] find multi-byte comment chars in unterminated buffers
Date: Thu, 7 Mar 2024 20:42:22 +0100 [thread overview]
Message-ID: <3f823e48-572c-4e19-ab76-e6d7cab9461f@web.de> (raw)
In-Reply-To: <20240307092638.GK2080210@coredump.intra.peff.net>
Am 07.03.24 um 10:26 schrieb Jeff King:
> As with the previous patch, we need to swap out single-byte matching for
> something like starts_with() to match all bytes of a multi-byte comment
> character. But for cases where the buffer is not NUL-terminated (and we
> instead have an explicit size or end pointer), it's not safe to use
> starts_with(), as it might walk off the end of the buffer.
>
> Let's introduce a new starts_with_mem() that does the same thing but
> also accepts the length of the "haystack" str and makes sure not to walk
> past it.
>
> Note that in most cases the existing code did not need a length check at
> all, since it was written in a way that knew we had at least one byte
> available (and that was all we checked). So I had to read each one to
> find the appropriate bounds. The one exception is sequencer.c's
> add_commented_lines(), where we can actually get rid of the length
> check. Just like starts_with(), our starts_with_mem() handles an empty
> haystack variable by not matching (assuming a non-empty prefix).
>
> A few notes on the implementation of starts_with_mem():
>
> - it would be equally correct to take an "end" pointer (and indeed,
> many of the callers have this and have to subtract to come up with
> the length). I think taking a ptr/size combo is a more usual
> interface for our codebase, though, and has the added benefit that
> the function signature makes it harder to mix up the three
> parameters.
>
> - we could obviously build starts_with() on top of this by passing
> strlen(str) as the length. But it's possible that starts_with() is a
> relatively hot code path, and it should not pay that penalty (it can
> generally return an answer proportional to the size of the prefix,
> not the whole string).
>
> - it naively feels like xstrncmpz() should be able to do the same
> thing, but that's not quite true. If you pass the length of the
> haystack buffer, then strncmp() finds that a shorter prefix string
> is "less than" than the haystack, even if the haystack starts with
> the prefix. If you pass the length of the prefix, then you risk
> reading past the end of the haystack if it is shorter than the
> prefix. So I think we really do need a new function.
Yes. xstrncmpz() compares a NUL-terminated string and a length-limited
string. If you want to check whether the former is a prefix of the
latter then you need to stop comparing when reaching its NUL, and also
after exhausting the latter. So you need to take both lengths into
account:
int starts_with_mem(const char *str, size_t len, const char *prefix)
{
size_t prefixlen = strlen(prefix);
return prefixlen <= len && !xstrncmpz(prefix, str, prefixlen);
}
Using memcmp() here is equivalent and simpler:
int starts_with_mem(const char *str, size_t len, const char *prefix)
{
size_t prefixlen = strlen(prefix);
return prefixlen <= len && !memcmp(str, prefix, prefixlen);
}
And your version below avoids function calls and avoids traversing the
strings beyond their common prefix, of course.
>
> Signed-off-by: Jeff King <peff@peff.net>
> ---
> Arguably starts_with() and this new function should both be inlined,
> like we do for skip_prefix(), but I think that's out of scope for this
> series.
Inlining would allow the compiler to unroll the loop for string
constants. I doubt it would do that for variables, as in the code
below.
Inlining the strlen()+memcmp() version above might allow the compiler
to push the strlen() call out of a loop.
Would any of that improve performance noticeably? For the call sites
below I doubt it. But it would probably increase the object text size.
> And it's possible I was simply too dumb to figure out xstrncmpz() here.
> I'm waiting for René to show up and tell me how to do it. ;)
Nah, it's not a good fit, as it requires the two strings to have the
same length.
>
> IMHO this is the trickiest commit of the whole series, as it would be
> easy to get the length computations subtly wrong.
>
> commit.c | 3 ++-
> sequencer.c | 4 ++--
> strbuf.c | 11 +++++++++++
> strbuf.h | 1 +
> trailer.c | 4 ++--
> 5 files changed, 18 insertions(+), 5 deletions(-)
>
> diff --git a/commit.c b/commit.c
> index ef679a0b93..531a666cba 100644
> --- a/commit.c
> +++ b/commit.c
> @@ -1796,7 +1796,8 @@ size_t ignored_log_message_bytes(const char *buf, size_t len)
> else
> next_line++;
>
> - if (buf[bol] == comment_line_char || buf[bol] == '\n') {
> + if (starts_with_mem(buf + bol, cutoff - bol, comment_line_str) ||
> + buf[bol] == '\n') {
> /* is this the first of the run of comments? */
> if (!boc)
> boc = bol;
> diff --git a/sequencer.c b/sequencer.c
> index 991a2dbe96..664986e3b2 100644
> --- a/sequencer.c
> +++ b/sequencer.c
> @@ -1840,7 +1840,7 @@ static int is_fixup_flag(enum todo_command command, unsigned flag)
> static void add_commented_lines(struct strbuf *buf, const void *str, size_t len)
> {
> const char *s = str;
> - while (len > 0 && s[0] == comment_line_char) {
> + while (starts_with_mem(s, len, comment_line_str)) {
> size_t count;
> const char *n = memchr(s, '\n', len);
> if (!n)
> @@ -2562,7 +2562,7 @@ static int parse_insn_line(struct repository *r, struct todo_item *item,
> /* left-trim */
> bol += strspn(bol, " \t");
>
> - if (bol == eol || *bol == '\r' || *bol == comment_line_char) {
> + if (bol == eol || *bol == '\r' || starts_with_mem(bol, eol - bol, comment_line_str)) {
If the strspn() call is safe (which it is, as the caller expects the
string to be NUL-terminated) then you could use starts_with() here and
avoid the length calculation. But that would also match
comment_line_str values that contain LF, which the _mem version does not
and that's better.
Not sure why lines that start with CR are considered comment lines,
though.
> item->command = TODO_COMMENT;
> item->commit = NULL;
> item->arg_offset = bol - buf;
> diff --git a/strbuf.c b/strbuf.c
> index 7c8f582127..291bdc2a65 100644
> --- a/strbuf.c
> +++ b/strbuf.c
> @@ -24,6 +24,17 @@ int istarts_with(const char *str, const char *prefix)
> return 0;
> }
>
> +int starts_with_mem(const char *str, size_t len, const char *prefix)
> +{
> + const char *end = str + len;
> + for (; ; str++, prefix++) {
> + if (!*prefix)
> + return 1;
> + else if (str == end || *str != *prefix)
> + return 0;
> + }
> +}
So this checks whether a length-limited string has a prefix given as a
NUL-terminated string. I'd have called it mem_starts_with() and have
expected starts_with_mem() to check a NUL-terminated string for a
length-limited prefix (think !strncmp(str, prefix, prefixlen)).
> +
> int skip_to_optional_arg_default(const char *str, const char *prefix,
> const char **arg, const char *def)
> {
> diff --git a/strbuf.h b/strbuf.h
> index 58dddf2777..3156d6ea8c 100644
> --- a/strbuf.h
> +++ b/strbuf.h
> @@ -673,6 +673,7 @@ char *xstrfmt(const char *fmt, ...);
>
> int starts_with(const char *str, const char *prefix);
> int istarts_with(const char *str, const char *prefix);
> +int starts_with_mem(const char *str, size_t len, const char *prefix);
>
> /*
> * If the string "str" is the same as the string in "prefix", then the "arg"
> diff --git a/trailer.c b/trailer.c
> index fe18faf6c5..f59c90b4b5 100644
> --- a/trailer.c
> +++ b/trailer.c
> @@ -882,7 +882,7 @@ static size_t find_trailer_block_start(const char *buf, size_t len)
>
> /* The first paragraph is the title and cannot be trailers */
> for (s = buf; s < buf + len; s = next_line(s)) {
> - if (s[0] == comment_line_char)
> + if (starts_with_mem(s, buf + len - s, comment_line_str))
> continue;
> if (is_blank_line(s))
Another case where starts_with() would be safe to use, as
is_blank_line() expects (and gets) a NUL-terminated string, but it would
allow matching comment_line_str values that contain LF.
> break;
> @@ -902,7 +902,7 @@ static size_t find_trailer_block_start(const char *buf, size_t len)
> const char **p;
> ssize_t separator_pos;
>
> - if (bol[0] == comment_line_char) {
> + if (starts_with_mem(bol, buf + end_of_title - bol, comment_line_str)) {
We're in the same buffer, so the above comment applies here as well.
> non_trailer_lines += possible_continuation_lines;
> possible_continuation_lines = 0;
> continue;
next prev parent reply other threads:[~2024-03-07 19:43 UTC|newest]
Thread overview: 82+ messages / expand[flat|nested] mbox.gz Atom feed top
2024-03-05 8:43 Clarify the meaning of "character" in the documentation Manlio Perillo
2024-03-05 9:00 ` Kristoffer Haugsbakk
2024-03-05 15:32 ` Junio C Hamano
2024-03-05 15:42 ` Dragan Simic
2024-03-05 16:38 ` Junio C Hamano
2024-03-05 17:28 ` Dragan Simic
2024-03-06 8:08 ` [messy PATCH] multi-byte core.commentChar Jeff King
2024-03-07 9:14 ` [PATCH 0/15] allow " Jeff King
2024-03-07 9:15 ` [PATCH 01/15] strbuf: simplify comment-handling in add_lines() helper Jeff King
2024-03-07 9:16 ` [PATCH 02/15] strbuf: avoid static variables in strbuf_add_commented_lines() Jeff King
2024-03-07 9:18 ` [PATCH 03/15] commit: refactor base-case of adjust_comment_line_char() Jeff King
2024-03-07 9:19 ` [PATCH 04/15] strbuf: avoid shadowing global comment_line_char name Jeff King
2024-03-07 9:20 ` [PATCH 05/15] environment: store comment_line_char as a string Jeff King
2024-03-07 9:21 ` [PATCH 06/15] strbuf: accept a comment string for strbuf_stripspace() Jeff King
2024-03-07 9:53 ` Jeff King
2024-03-07 9:22 ` [PATCH 07/15] strbuf: accept a comment string for strbuf_commented_addf() Jeff King
2024-03-07 9:23 ` [PATCH 08/15] strbuf: accept a comment string for strbuf_add_commented_lines() Jeff King
2024-03-07 9:23 ` [PATCH 09/15] prefer comment_line_str to comment_line_char for printing Jeff King
2024-03-07 9:24 ` [PATCH 10/15] find multi-byte comment chars in NUL-terminated strings Jeff King
2024-03-07 9:26 ` [PATCH 11/15] find multi-byte comment chars in unterminated buffers Jeff King
2024-03-07 11:08 ` Jeff King
2024-03-07 19:41 ` René Scharfe
2024-03-07 19:47 ` René Scharfe
2024-03-07 19:42 ` René Scharfe [this message]
2024-03-08 10:17 ` Phillip Wood
2024-03-08 15:58 ` Junio C Hamano
2024-03-08 16:20 ` Phillip Wood
2024-03-12 8:19 ` Jeff King
2024-03-12 14:36 ` phillip.wood123
2024-03-13 6:23 ` Jeff King
2024-03-12 8:05 ` Jeff King
2024-03-14 19:37 ` René Scharfe
2024-03-07 9:27 ` [PATCH 12/15] sequencer: handle multi-byte comment characters when writing todo list Jeff King
2024-03-08 10:20 ` Phillip Wood
2024-03-12 8:21 ` Jeff King
2024-03-07 9:28 ` [PATCH 13/15] wt-status: drop custom comment-char stringification Jeff King
2024-03-07 9:30 ` [PATCH 14/15] environment: drop comment_line_char compatibility macro Jeff King
2024-03-07 9:34 ` [PATCH 15/15] config: allow multi-byte core.commentChar Jeff King
2024-03-08 11:07 ` [PATCH 0/15] " Phillip Wood
2024-03-12 9:10 ` [PATCH v2 0/16] " Jeff King
2024-03-12 9:17 ` [PATCH v2 01/16] config: forbid newline as core.commentChar Jeff King
2024-03-12 9:17 ` [PATCH v2 02/16] strbuf: simplify comment-handling in add_lines() helper Jeff King
2024-03-12 9:17 ` [PATCH v2 03/16] strbuf: avoid static variables in strbuf_add_commented_lines() Jeff King
2024-03-12 9:17 ` [PATCH v2 04/16] commit: refactor base-case of adjust_comment_line_char() Jeff King
2024-03-12 9:17 ` [PATCH v2 05/16] strbuf: avoid shadowing global comment_line_char name Jeff King
2024-03-12 9:17 ` [PATCH v2 06/16] environment: store comment_line_char as a string Jeff King
2024-03-12 9:17 ` [PATCH v2 07/16] strbuf: accept a comment string for strbuf_stripspace() Jeff King
2024-03-12 9:17 ` [PATCH v2 08/16] strbuf: accept a comment string for strbuf_commented_addf() Jeff King
2024-03-12 9:17 ` [PATCH v2 09/16] strbuf: accept a comment string for strbuf_add_commented_lines() Jeff King
2024-03-12 9:17 ` [PATCH v2 10/16] prefer comment_line_str to comment_line_char for printing Jeff King
2024-03-12 9:17 ` [PATCH v2 11/16] find multi-byte comment chars in NUL-terminated strings Jeff King
2024-03-12 9:17 ` [PATCH v2 12/16] find multi-byte comment chars in unterminated buffers Jeff King
2024-03-12 9:17 ` [PATCH v2 13/16] sequencer: handle multi-byte comment characters when writing todo list Jeff King
2024-03-12 9:17 ` [PATCH v2 14/16] wt-status: drop custom comment-char stringification Jeff King
2024-03-12 9:17 ` [PATCH v2 15/16] environment: drop comment_line_char compatibility macro Jeff King
2024-03-12 9:17 ` [PATCH v2 16/16] config: allow multi-byte core.commentChar Jeff King
2024-03-13 18:23 ` Kristoffer Haugsbakk
2024-03-13 18:39 ` Junio C Hamano
2024-03-15 5:59 ` Jeff King
2024-03-15 7:16 ` Kristoffer Haugsbakk
2024-03-15 8:10 ` Jeff King
2024-03-15 13:30 ` Kristoffer Haugsbakk
2024-03-15 15:40 ` Junio C Hamano
2024-03-16 5:50 ` Jeff King
2024-03-26 22:10 ` Junio C Hamano
2024-03-26 22:12 ` Kristoffer Haugsbakk
2024-03-27 7:46 ` Jeff King
2024-03-27 8:19 ` [PATCH 17/16] config: add core.commentString Jeff King
2024-03-27 12:45 ` Chris Torek
2024-03-27 16:13 ` Junio C Hamano
2024-03-28 9:47 ` Jeff King
2024-03-27 14:53 ` [PATCH v2 16/16] config: allow multi-byte core.commentChar Junio C Hamano
2024-03-12 14:40 ` [PATCH v2 0/16] " phillip.wood123
2024-03-12 20:30 ` Junio C Hamano
2024-03-05 16:58 ` Clarify the meaning of "character" in the documentation Kristoffer Haugsbakk
2024-03-05 17:20 ` Dragan Simic
2024-03-05 17:37 ` Kristoffer Haugsbakk
2024-03-05 21:19 ` Dragan Simic
2024-03-05 16:51 ` Kristoffer Haugsbakk
2024-03-05 17:37 ` Junio C Hamano
2024-03-05 17:49 ` Kristoffer Haugsbakk
2024-03-05 22:48 ` brian m. carlson
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
List information: http://vger.kernel.org/majordomo-info.html
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=3f823e48-572c-4e19-ab76-e6d7cab9461f@web.de \
--to=l.s.r@web.de \
--cc=code@khaugsbakk.name \
--cc=dsimic@manjaro.org \
--cc=git@vger.kernel.org \
--cc=gitster@pobox.com \
--cc=manlio.perillo@gmail.com \
--cc=peff@peff.net \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
Code repositories for project(s) associated with this public inbox
https://80x24.org/mirrors/git.git
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).