Chromium Code Reviews
|
|
Chromium Code Reviews
Issue
681123006:
Fix a 'type-limits' warning in StringSlicer::FindValidBoundaryAfter (Closed)
DescriptionFix a 'type-limits' warning in StringSlicer::FindValidBoundaryAfter
StringSlicer::FindValidBoundaryAfter passes a size_t value to the
'length' argument of U16_SET_CP_LIMIT, which expects the argument to be
an int32. When compiling with -Werror=type-limits, that results in the
following compilation error:
../../ui/gfx/text_elider.cc: In member function 'size_t
gfx::StringSlicer::FindValidBoundaryAfter(size_t) const':
../../ui/gfx/text_elider.cc:150:59: error: comparison of unsigned
expression < 0 is always false [-Werror=type-limits]
U16_SET_CP_LIMIT(text_.data(), 0, index, text_.length());
^
../../third_party/icu/source/common/unicode/utf16.h:618:41: note: in
definition of macro 'U16_SET_CP_LIMIT'
if((start)<(i) && ((i)<(length) || (length)<0) &&
U16_IS_LEAD((s)[(i)-1]) && U16_IS_TRAIL((s)[i])) { \
^
This CL fixes the 'type-limits' warning above.
BUG=424334, 427726
TEST=Build successfully with '-Werror=type-limits' using the GN flow.
Committed: https://crrev.com/492b0cf0da08a9d102bb5465b298b797ef312068
Cr-Commit-Position: refs/heads/master@{#301935}
Patch Set 1 #
Total comments: 1
Patch Set 2 : #
Total comments: 2
Patch Set 3 : #Patch Set 4 : #Patch Set 5 : #
Total comments: 1
Patch Set 6 : #
Total comments: 7
Messages
Total messages: 37 (9 generated)
benchan@chromium.org changed reviewers: + msw@chromium.org
Disabling type-limits check would be too aggressive, so I think we could either do static_cast<int>(text_.length()) or, like this patch, suppress the warning via pragma. Not sure if there is a better way to handle this, but I'm open for other solutions.
benchan@chromium.org changed reviewers: + danakj@chromium.org, oshima@chromium.org
adding a few more reviewers as I'm not sure who's the main reviewer for this class
msw@chromium.org changed reviewers: + pkasting@chromium.org
Peter is working on similar issues, so he may have some advice. I suspect the right fix involves accepting or passing a different type, not suppressing the warning like this.
https://codereview.chromium.org/681123006/diff/1/ui/gfx/text_elider.cc File ui/gfx/text_elider.cc (right): https://codereview.chromium.org/681123006/diff/1/ui/gfx/text_elider.cc#newcod... ui/gfx/text_elider.cc:151: #endif Definitely don't fix the warning this way -- the right answer is to change the code so it doesn't produce the warning. It's somewhat unfortunate that ICU defines all these methods as macros instead of as functions. I wonder if they'd ever be willing to change that. We have some ICU contributors on the team, you might ask them. In the meantime, there are a couple obvious possible fixes here: U16_SET_CP_LIMIT(text_.c_str(), 0, index, -1); or U16_SET_CP_LIMIT(text_.data(), 0, index, base::checked_cast<int32_t>(text_.length())); I'd probably do the former since it's simplest.
On 2014/10/29 17:08:00, Peter Kasting wrote: > https://codereview.chromium.org/681123006/diff/1/ui/gfx/text_elider.cc > File ui/gfx/text_elider.cc (right): > > https://codereview.chromium.org/681123006/diff/1/ui/gfx/text_elider.cc#newcod... > ui/gfx/text_elider.cc:151: #endif > Definitely don't fix the warning this way -- the right answer is to change the > code so it doesn't produce the warning. > > It's somewhat unfortunate that ICU defines all these methods as macros instead > of as functions. I wonder if they'd ever be willing to change that. We have > some ICU contributors on the team, you might ask them. > > In the meantime, there are a couple obvious possible fixes here: > > U16_SET_CP_LIMIT(text_.c_str(), 0, index, -1); > > or > > U16_SET_CP_LIMIT(text_.data(), 0, index, > base::checked_cast<int32_t>(text_.length())); > > I'd probably do the former since it's simplest. Thanks for the suggestion. PTAL
LGTM with comment https://codereview.chromium.org/681123006/diff/20001/ui/gfx/text_elider.cc File ui/gfx/text_elider.cc (right): https://codereview.chromium.org/681123006/diff/20001/ui/gfx/text_elider.cc#ne... ui/gfx/text_elider.cc:150: U16_SET_CP_LIMIT(text_.data(), 0, index, -1); For safety, this should use c_str() instead of data(), as the former is guaranteed to be null-terminated and the latter is not. Passing a negative length is supposedly only legal with a null-terminated string. (The macro here doesn't end up caring about such a thing, but it might in the future.)
https://codereview.chromium.org/681123006/diff/20001/ui/gfx/text_elider.cc File ui/gfx/text_elider.cc (right): https://codereview.chromium.org/681123006/diff/20001/ui/gfx/text_elider.cc#ne... ui/gfx/text_elider.cc:150: U16_SET_CP_LIMIT(text_.data(), 0, index, -1); On 2014/10/29 17:33:38, Peter Kasting wrote: > For safety, this should use c_str() instead of data(), as the former is > guaranteed to be null-terminated and the latter is not. Passing a negative > length is supposedly only legal with a null-terminated string. > > (The macro here doesn't end up caring about such a thing, but it might in the > future.) Done.
The CQ bit was checked by benchan@chromium.org
CQ is trying da patch. Follow status at https://chromium-cq-status.appspot.com/patch-status/681123006/40001
The CQ bit was unchecked by commit-bot@chromium.org
Try jobs failed on following builders: android_chromium_gn_compile_dbg on tryserver.chromium.linux (http://build.chromium.org/p/tryserver.chromium.linux/builders/android_chromiu...) android_dbg_tests_recipe on tryserver.chromium.linux (http://build.chromium.org/p/tryserver.chromium.linux/builders/android_dbg_tes...) linux_chromium_gn_rel on tryserver.chromium.linux (http://build.chromium.org/p/tryserver.chromium.linux/builders/linux_chromium_...)
On 2014/10/29 17:48:35, I haz the power (commit-bot) wrote: > Try jobs failed on following builders: > android_chromium_gn_compile_dbg on tryserver.chromium.linux > (http://build.chromium.org/p/tryserver.chromium.linux/builders/android_chromiu...) > android_dbg_tests_recipe on tryserver.chromium.linux > (http://build.chromium.org/p/tryserver.chromium.linux/builders/android_dbg_tes...) > linux_chromium_gn_rel on tryserver.chromium.linux > (http://build.chromium.org/p/tryserver.chromium.linux/builders/linux_chromium_...) seems like we need to cast |index| to int32 as well, or we will end up a sign-compare warning :(
On 2014/10/29 18:02:22, Ben Chan wrote: > On 2014/10/29 17:48:35, I haz the power (commit-bot) wrote: > > Try jobs failed on following builders: > > android_chromium_gn_compile_dbg on tryserver.chromium.linux > > > (http://build.chromium.org/p/tryserver.chromium.linux/builders/android_chromiu...) > > android_dbg_tests_recipe on tryserver.chromium.linux > > > (http://build.chromium.org/p/tryserver.chromium.linux/builders/android_dbg_tes...) > > linux_chromium_gn_rel on tryserver.chromium.linux > > > (http://build.chromium.org/p/tryserver.chromium.linux/builders/linux_chromium_...) > > seems like we need to cast |index| to int32 as well, or we will end up a > sign-compare warning :( Makes sense. I'd probably go ahead and checked_cast it rather than static_cast, just for safety.
Patchset #4 (id:60001) has been deleted
On 2014/10/29 18:03:31, Peter Kasting wrote: > On 2014/10/29 18:02:22, Ben Chan wrote: > > On 2014/10/29 17:48:35, I haz the power (commit-bot) wrote: > > > Try jobs failed on following builders: > > > android_chromium_gn_compile_dbg on tryserver.chromium.linux > > > > > > (http://build.chromium.org/p/tryserver.chromium.linux/builders/android_chromiu...) > > > android_dbg_tests_recipe on tryserver.chromium.linux > > > > > > (http://build.chromium.org/p/tryserver.chromium.linux/builders/android_dbg_tes...) > > > linux_chromium_gn_rel on tryserver.chromium.linux > > > > > > (http://build.chromium.org/p/tryserver.chromium.linux/builders/linux_chromium_...) > > > > seems like we need to cast |index| to int32 as well, or we will end up a > > sign-compare warning :( > > Makes sense. I'd probably go ahead and checked_cast it rather than static_cast, > just for safety. Done. I need to assign |index| to a int32 variable for ++(i) in the macro to work
Still LGTM
On 2014/10/29 18:30:04, Peter Kasting wrote: > Still LGTM sorry, should have realized the side-effect of ++index. fixed in patch set 5 :(
I hang my head for having signed off on the previous version. Sloppy. https://codereview.chromium.org/681123006/diff/100001/ui/gfx/text_elider.cc File ui/gfx/text_elider.cc (right): https://codereview.chromium.org/681123006/diff/100001/ui/gfx/text_elider.cc#n... ui/gfx/text_elider.cc:154: index = base::checked_cast<size_t>(text_index); How about this: if (index == text_.length()) return index; int32_t text_index = ... ... return static_cast<size_t>(text_index); It should be OK to use a static_cast in the return statement since text_.length() successfully checked_casted to an int32_t. And this restructuring of the code makes it harder for someone in the future to break the code by not returning the updated value.
On 2014/10/29 19:17:26, Peter Kasting wrote: > I hang my head for having signed off on the previous version. Sloppy. > > https://codereview.chromium.org/681123006/diff/100001/ui/gfx/text_elider.cc > File ui/gfx/text_elider.cc (right): > > https://codereview.chromium.org/681123006/diff/100001/ui/gfx/text_elider.cc#n... > ui/gfx/text_elider.cc:154: index = base::checked_cast<size_t>(text_index); > How about this: > > if (index == text_.length()) > return index; > int32_t text_index = ... > ... > return static_cast<size_t>(text_index); > > It should be OK to use a static_cast in the return statement since > text_.length() successfully checked_casted to an int32_t. And this > restructuring of the code makes it harder for someone in the future to break the > code by not returning the updated value. sgtm. thanks
On 2014/10/29 19:23:24, Ben Chan wrote: > On 2014/10/29 19:17:26, Peter Kasting wrote: > > I hang my head for having signed off on the previous version. Sloppy. > > > > https://codereview.chromium.org/681123006/diff/100001/ui/gfx/text_elider.cc > > File ui/gfx/text_elider.cc (right): > > > > > https://codereview.chromium.org/681123006/diff/100001/ui/gfx/text_elider.cc#n... > > ui/gfx/text_elider.cc:154: index = base::checked_cast<size_t>(text_index); > > How about this: > > > > if (index == text_.length()) > > return index; > > int32_t text_index = ... > > ... > > return static_cast<size_t>(text_index); > > > > It should be OK to use a static_cast in the return statement since > > text_.length() successfully checked_casted to an int32_t. And this > > restructuring of the code makes it harder for someone in the future to break > the > > code by not returning the updated value. > > sgtm. thanks verified locally and via tryjobs. ptal.
LGTM
The CQ bit was checked by benchan@chromium.org
CQ is trying da patch. Follow status at https://chromium-cq-status.appspot.com/patch-status/681123006/120001
The CQ bit was unchecked by commit-bot@chromium.org
Try jobs failed on following builders: chromium_presubmit on tryserver.chromium.linux (http://build.chromium.org/p/tryserver.chromium.linux/builders/chromium_presub...)
On 2014/10/29 20:12:19, I haz the power (commit-bot) wrote: > Try jobs failed on following builders: > chromium_presubmit on tryserver.chromium.linux > (http://build.chromium.org/p/tryserver.chromium.linux/builders/chromium_presub...) Can someone provide an OWNER lgtm? Thanks
https://codereview.chromium.org/681123006/diff/120001/ui/gfx/text_elider.cc File ui/gfx/text_elider.cc (right): https://codereview.chromium.org/681123006/diff/120001/ui/gfx/text_elider.cc#n... ui/gfx/text_elider.cc:155: U16_SET_CP_LIMIT(text_.data(), 0, text_index, text_length); Didn't Peter suggest using c_str() instead of data()? https://codereview.chromium.org/681123006/diff/120001/ui/gfx/text_elider.cc#n... ui/gfx/text_elider.cc:156: return static_cast<size_t>(text_index); Shouldn't this check that the 32-bit index won't overflow as a 16-bit size_t or do a saturated conversion or something?
https://codereview.chromium.org/681123006/diff/120001/ui/gfx/text_elider.cc File ui/gfx/text_elider.cc (right): https://codereview.chromium.org/681123006/diff/120001/ui/gfx/text_elider.cc#n... ui/gfx/text_elider.cc:155: U16_SET_CP_LIMIT(text_.data(), 0, text_index, text_length); On 2014/10/29 20:46:43, msw wrote: > Didn't Peter suggest using c_str() instead of data()? I believe .c_str() isn't necessary if the length is given. https://codereview.chromium.org/681123006/diff/120001/ui/gfx/text_elider.cc#n... ui/gfx/text_elider.cc:156: return static_cast<size_t>(text_index); On 2014/10/29 20:46:44, msw wrote: > Shouldn't this check that the 32-bit index won't overflow as a 16-bit size_t or > do a saturated conversion or something? do we support a platform with 16-bit size_t? if so, 32-bit index/length doesn't feel right either.
lgtm https://codereview.chromium.org/681123006/diff/120001/ui/gfx/text_elider.cc File ui/gfx/text_elider.cc (right): https://codereview.chromium.org/681123006/diff/120001/ui/gfx/text_elider.cc#n... ui/gfx/text_elider.cc:155: U16_SET_CP_LIMIT(text_.data(), 0, text_index, text_length); On 2014/10/29 21:08:30, Ben Chan wrote: > On 2014/10/29 20:46:43, msw wrote: > > Didn't Peter suggest using c_str() instead of data()? > > I believe .c_str() isn't necessary if the length is given. If c_str() offers additional safety without serious negative implications, let's use that; otherwise, I it's fine to continue using data() here. https://codereview.chromium.org/681123006/diff/120001/ui/gfx/text_elider.cc#n... ui/gfx/text_elider.cc:156: return static_cast<size_t>(text_index); On 2014/10/29 21:08:30, Ben Chan wrote: > On 2014/10/29 20:46:44, msw wrote: > > Shouldn't this check that the 32-bit index won't overflow as a 16-bit size_t > or > > do a saturated conversion or something? > > do we support a platform with 16-bit size_t? if so, 32-bit index/length doesn't > feel right either. Heh, perhaps not, I guess this ought to be fine otherwise.
https://codereview.chromium.org/681123006/diff/120001/ui/gfx/text_elider.cc File ui/gfx/text_elider.cc (right): https://codereview.chromium.org/681123006/diff/120001/ui/gfx/text_elider.cc#n... ui/gfx/text_elider.cc:155: U16_SET_CP_LIMIT(text_.data(), 0, text_index, text_length); On 2014/10/29 21:15:46, msw wrote: > On 2014/10/29 21:08:30, Ben Chan wrote: > > On 2014/10/29 20:46:43, msw wrote: > > > Didn't Peter suggest using c_str() instead of data()? > > > > I believe .c_str() isn't necessary if the length is given. > > If c_str() offers additional safety without serious negative implications, let's > use that; otherwise, I it's fine to continue using data() here. The only thing I can think of may be related to performance, depending on the implementation. It won't be an issue after we move to C++11, which requires both .data() and .c_str() to return null-terminated buffer.
The CQ bit was checked by benchan@chromium.org
CQ is trying da patch. Follow status at https://chromium-cq-status.appspot.com/patch-status/681123006/120001
Message was sent while issue was closed.
Committed patchset #6 (id:120001)
Message was sent while issue was closed.
Patchset 6 (id:??) landed as https://crrev.com/492b0cf0da08a9d102bb5465b298b797ef312068 Cr-Commit-Position: refs/heads/master@{#301935} |
