Age | Commit message (Collapse) | Author |
|
The macro only works correctly when the input argument is an array with
a statically known size - pointers or arrays decayed to pointers won't
work silently.
While this is unlikely to surface issues that aren't caught in
tests/code review, use _countof for MSVC to prevent such code from
compiling.
|
|
Rename partition to partition3 to resolve conflicts with std::partition.
|
|
Instead of branching code at each invocation site, use variadic macros
to create a wrapping macro that use snprintf for the buffer of a
statically known size.
Variadic macros are supported by all C++11 compilers, as is snprintf;
on MSVC 2005+ we don't necessarily have snprintf, but we can use
_snprintf_s with _TRUNCATE to get the same behavior. In all other cases
we fall back to sprintf, that (theoretically) can lead to a stack buffer
overflow.
In practice all snprintfs used in pugixml use buffers that should be
large enough to never be overflown but snprintf is safe even if this is
not the case.
|
|
We use references to arrays elsewhere in the codebase and there's just
one caller for this function so it's easier to fix the size.
This will simplify snprintf refactoring.
|
|
use snprintf instead of sprintf
|
|
Now we can exclude these from code coverage since it's logically
impossible to hit them in tests.
|
|
|
|
|
|
|
|
Integer sanitizer is flagging unsigned integer overflow in several
functions in pugixml; unsigned integer overflow is well defined but it
may not necessarily be intended.
Apart from hash functions, both string_to_integer and integer_to_string
use unsigned overflow - string_to_integer uses it to perform
two-complement negation so that the bulk of the operation can run using
unsigned integers. This makes it possible to simplify overflow checking.
Similarly integer_to_string negates the number before generating a
decimal representation, but negating is impossible without unsigned
overflow or special-casing certain integer limits.
For now just silence the integer overflow using a special attribute;
also move unsigned overflow into string_to_integer from get_value_* so
that we have fewer functions marked with the attribute.
Fixes #133.
|
|
|
|
This reverts commit 79109a8546f963d17522d75112cffcfd8cbe35fc.
This warning does not happen on gcc-4.8.4; the workaround introduces an
unsigned integer overflow which results in a runtime error when compiled
with integer sanitizer.
|
|
This is accomplished by putting a // fallthrough
comment at the right place.
This seems to be more portable than an attribute-based
solution like [[fallthrough]] or __attribute__((fallthrough)).
|
|
Instead of a separate implementation for find/insert, use just one that
can do both. This reduces the code size and simplifies code coverage;
the resulting code is close to what we had in terms of performance and
since hash table is a fall back should not affect any real workloads.
|
|
This will make sure we don't forget to implement offset_debug for new
node types if they ever happen (really it's mostly for consistency).
|
|
Instead of a complicated partitioning scheme that tries to maintain the
equal area in the middle, use a scheme where we keep the equal area in
the left part of the array and then move it to the middle.
Since generally sorted arrays don't contain many duplicates this extra
copy is not too expensive, and it significantly simplifies the logic and
maintains good complexity for sorting arrays with many equal elements
nonetheless (unlike Hoare partitioning).
Instead of a median of 9 just use a median of 3 - it performs pretty
much identically on some internal performance tests, despite having a
bit more comparisons in some cases.
Finally, change the insertion sort threshold to 16 elements since that
appears to have slightly better performance.
|
|
The previous implementation opted for doing two comparisons per element
in the sorted case in order to remove one iterator bounds check per
moved element when we actually need to copy. In our case however the
comparator is pretty expensive (except for remove_duplicates which is
fast as it is) so an extra object comparison hurts much more than an
iterator comparison saves.
This makes sorting by document order up to 3% faster for random
sequences.
|
|
Instead of delegating to a method that just forwards the call to
xpath_query call the relevant method directly.
|
|
It adds one stack frame to string query evaluation and does not really
simplify the code.
|
|
Instead of having two checks for out-of-memory when exceptions are
enabled, do just one and decide what to do based on whether we can
throw.
|
|
Instead of relying on a specific string in the parse result, use
allocator error state to report the error and then convert it to a
string if necessary.
We currently have to manually trigger the OOM error in two places
because we use global allocator in rare cases; we don't really need to
do this so this will be cleaned up later.
|
|
The code works fine regardless of the *j->name check, and omitting this
makes the code more symmetric between the "count" and "write" stage;
additionally this improves coverage - due to how strcpy_insitu works
it's not really possible to get an empty non-NULL name in the node.
|
|
All other functions treat null pointer inputs as invalid; now this
function does as well.
|
|
Now error handling in XPath implementation relies on explicit error
propagation and is converted to an appropriate result at the end.
|
|
This generates some out-of-memory code paths that are not covered by
existing tests, which will need to be resolved later.
|
|
Instead of rolling back the allocation and trying to allocate again,
explicitly handle inplace reallocate if possible, and allocate a new
block otherwise.
This is going to be important once we use reallocate_nothrow from a
non-throwing context.
|
|
This requires explicit error handling for xpath_string::data calls.
|
|
This allows us to gradually convert exception handling of out-of-memory
during evaluation to a non-throwing approach without changing the
observable behavior.
|
|
|
|
W3C specification does not allow predicates after abbreviated steps.
Currently this results in parsing terminating at the step, which leads
to confusing error messages like "Invalid query" or "Unmatched braces".
|
|
Any time an allocation fails xpath_allocator can set an externally
provided bool. The plan is to keep this bool up until evaluation ends,
so that we can use it to discard the potentially malformed result.
|
|
For both allocate and reallocate, provide both _nothrow and _throw
functions; this change renames allocate() to allocate_throw() (same for
reallocate) to make it easier to change the code to remove throwing
variants.
|
|
Handle node type error before creating expression node
|
|
We currently need to convert error based on the text to a different type
of C++ exceptions when C++ exceptions are enabled.
|
|
This allows us to handle OOM during node allocation without triggering
undefined behavior that occurs when placement new gets a NULL pointer.
|
|
Instead, return 0 and rely on parsing logic to propagate that all the
way down, and convert result to exception to maintain existing
interface.
|
|
Propagate the failure to the caller manually. This is a first step to
parser structure that does not depend on exceptions or longjmp for error
handling (and thus matches the XML parser). To preserve semantics we'll
have to convert error code to exception later.
|
|
Simplify function argument parsing by folding arg 0 parsing into the
main loop, reuse expression parsing logic for unary expression
|
|
It was only used in three places and didn't really make the code more
readable.
|
|
NULL return value will be reserved for the OOM error indicator.
|
|
|
|
It's still not clear as to what exactly makes it emit this error when compiling
string_to_integer:
CC-3059 crayc++: INTERNAL __C_FILE_SCOPE_DATA__, File = <pugixml>/src/pugixml.cpp, Line = 4524, Column = 4
Expected no overflow in routine.
But a viable workaround for now is to exploit the knowledge that it uses
two-complement arithmetics and invert the sign manually.
Fixes #125.
|
|
These warnings are emitted on some GCC versions when targeting ARM; the
alignment is guaranteed to be correct due to how page offsets are set up
but the compiler doesn't know.
|
|
It's too dangerous to overload here - easy to accidentally mix floating point
path with boolean one.
|
|
Unfortunately, some compilers don't suppress these kinds of warnings in
template instantiations; solve this by moving the responsibility for computing
negative bool to the caller.
Also since we're doing that we don't really need to convert to unsigned in the
implementation - might as well have the caller do it, which removes some type
dispatch logic and slightly reduces binary size.
|
|
Previously the error offset pointed to the first mismatching character, which
can be confusing especially if the start tag name is a prefix of the end tag
name. Instead, move the offset to the first character of the name - that way
it should be more obvious that the problem is that the entire name mismatches.
Fixes #112.
|
|
Setting this flag outputs start and end tag for every element, including empty
elements.
Fixes #118.
|
|
|
|
Split some lines into two and add braces in some places to make the code more
readable.
|
|
This keeps all code that creates document/allocator/page structures together.
|