From: Michael Haggerty <mhagger@alum.mit.edu>
To: Jeff King <peff@peff.net>
Cc: git@vger.kernel.org, "Stefan Beller" <sbeller@google.com>,
"Junio C Hamano" <gitster@pobox.com>,
"Jakub Narębski" <jnareb@gmail.com>,
"Jacob Keller" <jacob.keller@gmail.com>
Subject: Re: [PATCH 5/8] xdl_change_compact(): fix compaction heuristic to adjust io
Date: Wed, 10 Aug 2016 18:58:06 +0200 [thread overview]
Message-ID: <7dea0a1e-a1b4-efe4-c86d-152f6c96604a@alum.mit.edu> (raw)
In-Reply-To: <20160804072705.a53mospcccksiz4e@sigill.intra.peff.net>
On 08/04/2016 09:27 AM, Jeff King wrote:
> On Thu, Aug 04, 2016 at 12:00:33AM +0200, Michael Haggerty wrote:
>
>> The code branch used for the compaction heuristic incorrectly forgot to
>> keep io in sync while the group was shifted. I think that could have
>> led to reading past the end of the rchgo array.
>>
>> Signed-off-by: Michael Haggerty <mhagger@alum.mit.edu>
>> ---
>> I didn't actually try to verify the presence of a bug, because it
>> seems like more work than worthwhile. But here is my reasoning:
>>
>> If io is not decremented correctly during one iteration of the outer
>> `while` loop, then it will loose sync with the `end` counter. In
>> particular it will be too large.
>>
>> Suppose that the next iterations of the outer `while` loop (i.e.,
>> processing the next block of add/delete lines) don't have any sliders.
>> Then the `io` counter would be incremented by the number of
>> non-changed lines in xdf, which is the same as the number of
>> non-changed lines in xdfo that *should have* followed the group that
>> experienced the malfunction. But since `io` was too large at the end
>> of that iteration, it will be incremented past the end of the
>> xdfo->rchg array, and will try to read that memory illegally.
>
> Hmm. In the loop:
>
> while (rchgo[io])
> io++;
>
> that implies that rchgo has a zero-marker that we can rely on hitting.
I agree.
> And it looks like rchgo[io] always ends the loop on a 0. So it seems
> like we would just hit that condition again.
Correct...in this loop. But there is another place where `io` is
incremented unconditionally. In the version before my changes, it is via
the preincrement operator in this while statement conditional:
https://github.com/mhagger/git/blob/a28705da929ad746abcb34270947f738549d3246/xdiff/xdiffi.c#L502
After my changes, the unconditional increment is more obvious because I
took it out of the while condition:
https://github.com/mhagger/git/blob/39a135da93834fd72ee923d95d0cebfe525dfe7a/xdiff/xdiffi.c#L541
(BTW, I think this is a good example of how patch 2/8 makes the code
easier to reason about.)
I didn't do the hard work to determine whether `io` could *really* walk
off the end of the array, but I don't see an obvious reason why it
*couldn't*.
> Anyway, I'd suggest putting your cover letter bits into the commit
> message. Even though they are all suppositions, they are the kind of
> thing that could really help somebody debugging this in 2 years, and are
> better than nothing.
Good idea. Will do.
Michael
next prev parent reply other threads:[~2016-08-10 21:32 UTC|newest]
Thread overview: 57+ messages / expand[flat|nested] mbox.gz Atom feed top
2016-08-03 22:00 [PATCH 0/8] Better heuristics make prettier diffs Michael Haggerty
2016-08-03 22:00 ` [PATCH 1/8] xdl_change_compact(): rename some local variables for clarity Michael Haggerty
2016-08-04 7:06 ` Jeff King
2016-08-04 18:24 ` Junio C Hamano
2016-08-13 19:38 ` Michael Haggerty
2016-08-14 12:26 ` Jeff King
2016-08-03 22:00 ` [PATCH 2/8] xdl_change_compact(): clarify code Michael Haggerty
2016-08-03 22:11 ` Stefan Beller
2016-08-03 23:14 ` Michael Haggerty
2016-08-03 23:50 ` Stefan Beller
2016-08-04 7:13 ` Jeff King
2016-08-10 16:39 ` Michael Haggerty
2016-08-10 16:58 ` Stefan Beller
2016-08-03 22:00 ` [PATCH 3/8] xdl_change_compact(): rename i to end Michael Haggerty
2016-08-04 7:16 ` Jeff King
2016-08-03 22:00 ` [PATCH 4/8] xdl_change_compact(): do one final shift or the other, not both Michael Haggerty
2016-08-03 22:00 ` [PATCH 5/8] xdl_change_compact(): fix compaction heuristic to adjust io Michael Haggerty
2016-08-04 7:27 ` Jeff King
2016-08-10 16:58 ` Michael Haggerty [this message]
2016-08-10 17:09 ` Michael Haggerty
2016-08-11 4:16 ` Jeff King
2016-08-04 18:43 ` Junio C Hamano
2016-08-10 17:13 ` Michael Haggerty
2016-08-03 22:00 ` [PATCH 6/8] xdl_change_compact(): keep track of the earliest end Michael Haggerty
2016-08-04 18:46 ` Junio C Hamano
2016-08-10 17:16 ` Michael Haggerty
2016-08-03 22:00 ` [PATCH 7/8] is_blank_line: take a single xrecord_t as argument Michael Haggerty
2016-08-04 18:48 ` Junio C Hamano
2016-08-03 22:00 ` [PATCH 8/8] diff: improve positioning of add/delete blocks in diffs Michael Haggerty
2016-08-03 22:29 ` Jacob Keller
2016-08-03 22:36 ` Michael Haggerty
2016-08-04 4:47 ` Jacob Keller
2016-08-04 19:39 ` Junio C Hamano
2016-08-10 19:01 ` Michael Haggerty
2016-08-10 21:28 ` Junio C Hamano
2016-08-03 22:30 ` Stefan Beller
2016-08-03 22:41 ` Michael Haggerty
2016-08-03 22:51 ` Stefan Beller
2016-08-03 23:30 ` Michael Haggerty
2016-08-04 0:04 ` Stefan Beller
2016-08-10 19:12 ` Michael Haggerty
2016-08-04 7:56 ` Jeff King
2016-08-04 16:55 ` Stefan Beller
2016-08-04 19:47 ` Junio C Hamano
2016-08-13 0:09 ` Michael Haggerty
2016-08-12 23:25 ` Michael Haggerty
2016-08-13 8:59 ` Jeff King
2016-08-13 15:59 ` Junio C Hamano
2016-08-14 7:21 ` Jacob Keller
2016-08-15 6:33 ` Stefan Beller
2016-08-15 20:24 ` Junio C Hamano
2016-08-04 19:52 ` Junio C Hamano
2016-08-13 0:11 ` Michael Haggerty
2016-08-03 22:08 ` [PATCH 0/8] Better heuristics make prettier diffs Michael Haggerty
2016-08-04 7:38 ` Jeff King
2016-08-04 19:54 ` Junio C Hamano
2016-08-04 20:01 ` Jeff King
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
List information: http://vger.kernel.org/majordomo-info.html
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=7dea0a1e-a1b4-efe4-c86d-152f6c96604a@alum.mit.edu \
--to=mhagger@alum.mit.edu \
--cc=git@vger.kernel.org \
--cc=gitster@pobox.com \
--cc=jacob.keller@gmail.com \
--cc=jnareb@gmail.com \
--cc=peff@peff.net \
--cc=sbeller@google.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
Code repositories for project(s) associated with this public inbox
https://80x24.org/mirrors/git.git
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).