summaryrefslogtreecommitdiff
path: root/src/pugixml.cpp
AgeCommit message (Collapse)Author
2018-03-29Add a comment to clarify subtle branch in node_copy_treeArseny Kapoulkine
2018-03-16ubsan: Fix undefined behavior for signed left shift in compact modeArseny Kapoulkine
We were using << compact_alignment_log2 instead of * compact_alignment for symmetry with the encoding where >> is crucial to keep code fast and round to negative infinity. For decoding, the results are the same and any reasonable compiler should convert *4 into <<2 so just use a multiplication - that doesn't trigger UB on negative numbers.
2018-03-15ubsan: Fix type mismatch for xml_extra_buffer in compact modeArseny Kapoulkine
We were using allocate_memory to allocate struct xml_extra_buffer that contains pointers; with compact mode, this allocation can be misaligned by 4b with 8b pointers; fix this by manually realigning the pointer.
2018-03-15ubsan: Fix type mismatch in compact mode for document dataArseny Kapoulkine
We were misaligning document data on 64-bit platforms by placing 8b pointers at 4b offsets; fix this by reserving a full pointer worth of bytes for page marker.
2018-03-03Adds noexcept specifiers to the move special members of xml_document,… (#185)Matthäus Brandl
* Adds noexcept specifiers to the move special members of xml_document, but only #ifndef PUGIXML_COMPACT
2018-03-01Add noexcept specifiers to move special members where possible (#183)Matthäus Brandl
* Adds a macro definition to be able to use noexcept with supporting compilers * Adds noexcept specifier to move special members of xpath_node_set, xpath_variable_set and xpath_query, but not of xml_document as it has a throwing implementation
2018-02-27Fix Texas Instruments compiler warningArseny Kapoulkine
Texas Instruments compiler produces this warning for unused template member functions: "pugixml.cpp", line 253: warning #179-D: function "pugi::impl::<unnamed>::auto_deleter<T>::release [with T=pugi::impl::<unnamed>::xml_stream_chunk<char>]" was declared but never referenced As far as I can tell, this is a compiler issue - these functions should not be instantiated in the first place; while it's possible to rework the code to work around this, the changes would be fragile. It seems best to just disable this warning - we've seen something similar on SNC (which appears to use the same frontend!..). Fixes #182.
2018-02-22Work around gcc issues with limits.h not defining LLONG_MINArseny Kapoulkine
It looks like there are several cases where this might happen: - In some MinGW distributions, the LLONG_MIN/etc defines are guarded with: #if !defined(__STRICT_ANSI__) && defined(__GNUC__) Which means that you don't get them in strict ANSI mode. The previous workaround was specifically targeted towards this. - In some GCC distributions (notably GCC 6.3.0 in some configurations), LLONG_MIN/etc. defines are guarded with: #if (defined (__STDC_VERSION__) && __STDC_VERSION__ >= 199901L) But __STDC_VERSION__ isn't defined as C99 even if you use -std=c++14 - which is probably technically valid, but not useful. To work around this, redefine the symbols whenever we are building with GCC and we need them and they aren't defined - doing this is better than not building. Instead of hard-coding the constants, use GCC-specific __LONG_LONG_MAX__ to compute them. Fixes #181.
2018-01-07Update all copyright notices to specify year 2018Arseny Kapoulkine
2017-11-13Use raw pointers in xml_node::traverse implementationArseny Kapoulkine
This makes it a bit faster and matches other internal code better.
2017-11-13XPath: Always allocate xpath_strings on temporary stack for concatArseny Kapoulkine
The static_buffer optimization seems to come from the time where the on-heap buffer was allocated using global memory operations. At this point the temporary buffer and temporary string storage all come from the evaluation stack (that can be partially allocated on heap...), so the extra logic isn't relevant for performance.
2017-11-13Fix -Wshadow warningArseny Kapoulkine
2017-11-13Implement correct move error handling for compact modeArseny Kapoulkine
In compact mode, we currently can not support zero-allocation moves since some pointer assignments required during the move need to allocate hash table slots. This is mostly applicable to xml_document_struct::first_child, since the pointer to this element is used as a hash table key, but there are some contrived cases where parents of root's children need a hash slot and didn't have it before. These cases can be fixed by changing the compact encoding to be a bit more move friendly, but for now it's easier to handle the error and throw/return during move. When this happens, the source document doesn't change.
2017-11-13Add count argument to compact_hash_table::rehash/reserveArseny Kapoulkine
This allows us to do a single reserve for a known amount of assignments that is larger than the default minimum per reserve (16).
2017-10-20Clarify a note about compact hash behavior during moveArseny Kapoulkine
After move some nodes in the hash table can have keys that point to other; this makes the table somewhat larger but this does not impact correctness. The reason is that for us to access a key in the hash table, there should be a compact_pointer/string object with the state indicating that it is stored in a hash table, and with the address matching the key. For this to happen, we had to have put this object into this state which would mean that we'd overwrite the hash entry with the new, correct value. When nodes/pages are being removed, we do not clean up keys from the hash table - it's safe for the same reason, and thus move doesn't introduce additional contracts here.
2017-09-25Fix -Wshadow warningArseny Kapoulkine
2017-09-25Implement move support for xml_documentArseny Kapoulkine
This change implements the initial version of move construction and assignment support for documents. When moving a document to another document, we always make sure move target is in "clean" state (empty document), and proceed by relocating all structures in the most efficient way possible. Complications arise from the fact that the root (document) node is embedded into xml_document object, so all pointers to it have to change; this includes parent pointers of all first-level children as well as allocator pointers in all memory pages and previous pointer in the first on-heap memory page. Additionally, compact mode makes everything even more complicated because some of the pointers we need to update are stored in the hash table (in fact, document first_child pointer is very likely to be there; some parent pointers in first-level children will be using compact_shared_parent but some won't be) which requires allocating a new hash table which can fail. Some details of this process are not fully fleshed out, especially for compact mode; and this definitely requires many tests.
2017-07-17Fix Clang/C2 compatibilityArseny Kapoulkine
Clang/C2 does not implement __builtin_expect; additionally we need to work around deprecation warnings for fopen by disabling them.
2017-06-22Use PUGI__MSVC_CRT_VERSION instead of _MSC_VERArseny Kapoulkine
It's not clear whether we still need PUGI__MSVC_CRT_VERSION, but it's more consistent for now to use it for _snprintf_s since this is relying on a CRT extension, not on a compiler feature.
2017-06-19Change PUGI__SNPRINTF to use _countof for MSVCArseny Kapoulkine
The macro only works correctly when the input argument is an array with a statically known size - pointers or arrays decayed to pointers won't work silently. While this is unlikely to surface issues that aren't caught in tests/code review, use _countof for MSVC to prevent such code from compiling.
2017-06-16Fix BorlandC compilationArseny Kapoulkine
Rename partition to partition3 to resolve conflicts with std::partition.
2017-06-15Refactor snprintf supportArseny Kapoulkine
Instead of branching code at each invocation site, use variadic macros to create a wrapping macro that use snprintf for the buffer of a statically known size. Variadic macros are supported by all C++11 compilers, as is snprintf; on MSVC 2005+ we don't necessarily have snprintf, but we can use _snprintf_s with _TRUNCATE to get the same behavior. In all other cases we fall back to sprintf, that (theoretically) can lead to a stack buffer overflow. In practice all snprintfs used in pugixml use buffers that should be large enough to never be overflown but snprintf is safe even if this is not the case.
2017-06-15Use buffer with a static size in convert_number_to_mantissa_exponentArseny Kapoulkine
We use references to arrays elsewhere in the codebase and there's just one caller for this function so it's easier to fix the size. This will simplify snprintf refactoring.
2017-06-15Merge pull request #145 from noresources/snprintfArseny Kapoulkine
use snprintf instead of sprintf
2017-06-15Mark all assert(false) statements as unreachableArseny Kapoulkine
Now we can exclude these from code coverage since it's logically impossible to hit them in tests.
2017-06-11use snprintf if available, _snprintf or sprintf otherwiseRenaud Guillard
2017-06-05use _snprintf if MSVCRenaud Guillard
2017-06-04use snprintf instead of sprintfRenaud Guillard
2017-04-03Work around -fsanitize=integer issuesArseny Kapoulkine
Integer sanitizer is flagging unsigned integer overflow in several functions in pugixml; unsigned integer overflow is well defined but it may not necessarily be intended. Apart from hash functions, both string_to_integer and integer_to_string use unsigned overflow - string_to_integer uses it to perform two-complement negation so that the bulk of the operation can run using unsigned integers. This makes it possible to simplify overflow checking. Similarly integer_to_string negates the number before generating a decimal representation, but negating is impossible without unsigned overflow or special-casing certain integer limits. For now just silence the integer overflow using a special attribute; also move unsigned overflow into string_to_integer from get_value_* so that we have fewer functions marked with the attribute. Fixes #133.
2017-03-21Add missing PUGI__FN to string_to_integerArseny Kapoulkine
2017-03-21Revert "Fix gcc-4.8 compilation warning when using -Wstrict-overflow"Arseny Kapoulkine
This reverts commit 79109a8546f963d17522d75112cffcfd8cbe35fc. This warning does not happen on gcc-4.8.4; the workaround introduces an unsigned integer overflow which results in a runtime error when compiled with integer sanitizer.
2017-03-05Silence g++ 7.0.1 -Wimplicit-fallthrough warningsStephan Beyer
This is accomplished by putting a // fallthrough comment at the right place. This seems to be more portable than an attribute-based solution like [[fallthrough]] or __attribute__((fallthrough)).
2017-03-03Simplify compact_hash_table implementationArseny Kapoulkine
Instead of a separate implementation for find/insert, use just one that can do both. This reduces the code size and simplifies code coverage; the resulting code is close to what we had in terms of performance and since hash table is a fall back should not affect any real workloads.
2017-02-07Add invalid type assertion for offset_debugArseny Kapoulkine
This will make sure we don't forget to implement offset_debug for new node types if they ever happen (really it's mostly for consistency).
2017-02-07XPath: Simplify sorting implementationArseny Kapoulkine
Instead of a complicated partitioning scheme that tries to maintain the equal area in the middle, use a scheme where we keep the equal area in the left part of the array and then move it to the middle. Since generally sorted arrays don't contain many duplicates this extra copy is not too expensive, and it significantly simplifies the logic and maintains good complexity for sorting arrays with many equal elements nonetheless (unlike Hoare partitioning). Instead of a median of 9 just use a median of 3 - it performs pretty much identically on some internal performance tests, despite having a bit more comparisons in some cases. Finally, change the insertion sort threshold to 16 elements since that appears to have slightly better performance.
2017-02-06XPath: Optimize insertion_sortArseny Kapoulkine
The previous implementation opted for doing two comparisons per element in the sorted case in order to remove one iterator bounds check per moved element when we actually need to copy. In our case however the comparator is pretty expensive (except for remove_duplicates which is fast as it is) so an extra object comparison hurts much more than an iterator comparison saves. This makes sorting by document order up to 3% faster for random sequences.
2017-02-05XPath: Remove redundant calls from xml_node::select_nodes et alArseny Kapoulkine
Instead of delegating to a method that just forwards the call to xpath_query call the relevant method directly.
2017-02-05XPath: Remove evaluate_string_implArseny Kapoulkine
It adds one stack frame to string query evaluation and does not really simplify the code.
2017-02-03XPath: Simplify evaluation error flowArseny Kapoulkine
Instead of having two checks for out-of-memory when exceptions are enabled, do just one and decide what to do based on whether we can throw.
2017-02-02XPath: Clean up out-of-memory parse error handlingArseny Kapoulkine
Instead of relying on a specific string in the parse result, use allocator error state to report the error and then convert it to a string if necessary. We currently have to manually trigger the OOM error in two places because we use global allocator in rare cases; we don't really need to do this so this will be cleaned up later.
2017-02-01Remove redundant branch from xml_node::path()Arseny Kapoulkine
The code works fine regardless of the *j->name check, and omitting this makes the code more symmetric between the "count" and "write" stage; additionally this improves coverage - due to how strcpy_insitu works it's not really possible to get an empty non-NULL name in the node.
2017-01-30Remove null pointer test from first_element_by_pathArseny Kapoulkine
All other functions treat null pointer inputs as invalid; now this function does as well.
2017-01-30XPath: Remove (re)allocate_throw and setjmpArseny Kapoulkine
Now error handling in XPath implementation relies on explicit error propagation and is converted to an appropriate result at the end.
2017-01-30XPath: Replace all (re)allocate_throw with (re)allocate_nothrowArseny Kapoulkine
This generates some out-of-memory code paths that are not covered by existing tests, which will need to be resolved later.
2017-01-30XPath: Fix reallocate_nothrow to preserve existing stateArseny Kapoulkine
Instead of rolling back the allocation and trying to allocate again, explicitly handle inplace reallocate if possible, and allocate a new block otherwise. This is going to be important once we use reallocate_nothrow from a non-throwing context.
2017-01-30XPath: Use nonthrowing allocations in duplicate_stringArseny Kapoulkine
This requires explicit error handling for xpath_string::data calls.
2017-01-30XPath: Throw std::bad_alloc if we got an out-of-memory errorArseny Kapoulkine
This allows us to gradually convert exception handling of out-of-memory during evaluation to a non-throwing approach without changing the observable behavior.
2017-01-30XPath: Reword brace mismatch errors for clarityArseny Kapoulkine
2017-01-30XPath: Improve error message for expressions like .[1]Arseny Kapoulkine
W3C specification does not allow predicates after abbreviated steps. Currently this results in parsing terminating at the step, which leads to confusing error messages like "Invalid query" or "Unmatched braces".
2017-01-30XPath: Track allocation errors more explicitlyArseny Kapoulkine
Any time an allocation fails xpath_allocator can set an externally provided bool. The plan is to keep this bool up until evaluation ends, so that we can use it to discard the potentially malformed result.