summaryrefslogtreecommitdiff
path: root/src
AgeCommit message (Collapse)Author
2017-06-15Refactor snprintf supportArseny Kapoulkine
Instead of branching code at each invocation site, use variadic macros to create a wrapping macro that use snprintf for the buffer of a statically known size. Variadic macros are supported by all C++11 compilers, as is snprintf; on MSVC 2005+ we don't necessarily have snprintf, but we can use _snprintf_s with _TRUNCATE to get the same behavior. In all other cases we fall back to sprintf, that (theoretically) can lead to a stack buffer overflow. In practice all snprintfs used in pugixml use buffers that should be large enough to never be overflown but snprintf is safe even if this is not the case.
2017-06-15Use buffer with a static size in convert_number_to_mantissa_exponentArseny Kapoulkine
We use references to arrays elsewhere in the codebase and there's just one caller for this function so it's easier to fix the size. This will simplify snprintf refactoring.
2017-06-15Merge pull request #145 from noresources/snprintfArseny Kapoulkine
use snprintf instead of sprintf
2017-06-15Mark all assert(false) statements as unreachableArseny Kapoulkine
Now we can exclude these from code coverage since it's logically impossible to hit them in tests.
2017-06-11use snprintf if available, _snprintf or sprintf otherwiseRenaud Guillard
2017-06-05use _snprintf if MSVCRenaud Guillard
2017-06-04use snprintf instead of sprintfRenaud Guillard
2017-04-03Work around -fsanitize=integer issuesArseny Kapoulkine
Integer sanitizer is flagging unsigned integer overflow in several functions in pugixml; unsigned integer overflow is well defined but it may not necessarily be intended. Apart from hash functions, both string_to_integer and integer_to_string use unsigned overflow - string_to_integer uses it to perform two-complement negation so that the bulk of the operation can run using unsigned integers. This makes it possible to simplify overflow checking. Similarly integer_to_string negates the number before generating a decimal representation, but negating is impossible without unsigned overflow or special-casing certain integer limits. For now just silence the integer overflow using a special attribute; also move unsigned overflow into string_to_integer from get_value_* so that we have fewer functions marked with the attribute. Fixes #133.
2017-03-21Add missing PUGI__FN to string_to_integerArseny Kapoulkine
2017-03-21Revert "Fix gcc-4.8 compilation warning when using -Wstrict-overflow"Arseny Kapoulkine
This reverts commit 79109a8546f963d17522d75112cffcfd8cbe35fc. This warning does not happen on gcc-4.8.4; the workaround introduces an unsigned integer overflow which results in a runtime error when compiled with integer sanitizer.
2017-03-05Silence g++ 7.0.1 -Wimplicit-fallthrough warningsStephan Beyer
This is accomplished by putting a // fallthrough comment at the right place. This seems to be more portable than an attribute-based solution like [[fallthrough]] or __attribute__((fallthrough)).
2017-03-03Simplify compact_hash_table implementationArseny Kapoulkine
Instead of a separate implementation for find/insert, use just one that can do both. This reduces the code size and simplifies code coverage; the resulting code is close to what we had in terms of performance and since hash table is a fall back should not affect any real workloads.
2017-02-07Add invalid type assertion for offset_debugArseny Kapoulkine
This will make sure we don't forget to implement offset_debug for new node types if they ever happen (really it's mostly for consistency).
2017-02-07XPath: Simplify sorting implementationArseny Kapoulkine
Instead of a complicated partitioning scheme that tries to maintain the equal area in the middle, use a scheme where we keep the equal area in the left part of the array and then move it to the middle. Since generally sorted arrays don't contain many duplicates this extra copy is not too expensive, and it significantly simplifies the logic and maintains good complexity for sorting arrays with many equal elements nonetheless (unlike Hoare partitioning). Instead of a median of 9 just use a median of 3 - it performs pretty much identically on some internal performance tests, despite having a bit more comparisons in some cases. Finally, change the insertion sort threshold to 16 elements since that appears to have slightly better performance.
2017-02-06XPath: Optimize insertion_sortArseny Kapoulkine
The previous implementation opted for doing two comparisons per element in the sorted case in order to remove one iterator bounds check per moved element when we actually need to copy. In our case however the comparator is pretty expensive (except for remove_duplicates which is fast as it is) so an extra object comparison hurts much more than an iterator comparison saves. This makes sorting by document order up to 3% faster for random sequences.
2017-02-05XPath: Remove redundant calls from xml_node::select_nodes et alArseny Kapoulkine
Instead of delegating to a method that just forwards the call to xpath_query call the relevant method directly.
2017-02-05XPath: Remove evaluate_string_implArseny Kapoulkine
It adds one stack frame to string query evaluation and does not really simplify the code.
2017-02-03XPath: Simplify evaluation error flowArseny Kapoulkine
Instead of having two checks for out-of-memory when exceptions are enabled, do just one and decide what to do based on whether we can throw.
2017-02-02XPath: Clean up out-of-memory parse error handlingArseny Kapoulkine
Instead of relying on a specific string in the parse result, use allocator error state to report the error and then convert it to a string if necessary. We currently have to manually trigger the OOM error in two places because we use global allocator in rare cases; we don't really need to do this so this will be cleaned up later.
2017-02-01Remove redundant branch from xml_node::path()Arseny Kapoulkine
The code works fine regardless of the *j->name check, and omitting this makes the code more symmetric between the "count" and "write" stage; additionally this improves coverage - due to how strcpy_insitu works it's not really possible to get an empty non-NULL name in the node.
2017-01-30Remove null pointer test from first_element_by_pathArseny Kapoulkine
All other functions treat null pointer inputs as invalid; now this function does as well.
2017-01-30XPath: Remove (re)allocate_throw and setjmpArseny Kapoulkine
Now error handling in XPath implementation relies on explicit error propagation and is converted to an appropriate result at the end.
2017-01-30XPath: Replace all (re)allocate_throw with (re)allocate_nothrowArseny Kapoulkine
This generates some out-of-memory code paths that are not covered by existing tests, which will need to be resolved later.
2017-01-30XPath: Fix reallocate_nothrow to preserve existing stateArseny Kapoulkine
Instead of rolling back the allocation and trying to allocate again, explicitly handle inplace reallocate if possible, and allocate a new block otherwise. This is going to be important once we use reallocate_nothrow from a non-throwing context.
2017-01-30XPath: Use nonthrowing allocations in duplicate_stringArseny Kapoulkine
This requires explicit error handling for xpath_string::data calls.
2017-01-30XPath: Throw std::bad_alloc if we got an out-of-memory errorArseny Kapoulkine
This allows us to gradually convert exception handling of out-of-memory during evaluation to a non-throwing approach without changing the observable behavior.
2017-01-30XPath: Reword brace mismatch errors for clarityArseny Kapoulkine
2017-01-30XPath: Improve error message for expressions like .[1]Arseny Kapoulkine
W3C specification does not allow predicates after abbreviated steps. Currently this results in parsing terminating at the step, which leads to confusing error messages like "Invalid query" or "Unmatched braces".
2017-01-30XPath: Track allocation errors more explicitlyArseny Kapoulkine
Any time an allocation fails xpath_allocator can set an externally provided bool. The plan is to keep this bool up until evaluation ends, so that we can use it to discard the potentially malformed result.
2017-01-29XPath: Provide non-throwing and throwing allocations in xpath_allocatorArseny Kapoulkine
For both allocate and reallocate, provide both _nothrow and _throw functions; this change renames allocate() to allocate_throw() (same for reallocate) to make it easier to change the code to remove throwing variants.
2017-01-29XPath: Minor error handling refactoringArseny Kapoulkine
Handle node type error before creating expression node
2017-01-29XPath: Route out-of-memory errors through the exceptionless pathArseny Kapoulkine
We currently need to convert error based on the text to a different type of C++ exceptions when C++ exceptions are enabled.
2017-01-29XPath: Forward all node constructors through alloc_nodeArseny Kapoulkine
This allows us to handle OOM during node allocation without triggering undefined behavior that occurs when placement new gets a NULL pointer.
2017-01-29XPath: Do not use exceptions to propagate parsing errorsArseny Kapoulkine
Instead, return 0 and rely on parsing logic to propagate that all the way down, and convert result to exception to maintain existing interface.
2017-01-29XPath: Assume that every function can fail and return 0Arseny Kapoulkine
Propagate the failure to the caller manually. This is a first step to parser structure that does not depend on exceptions or longjmp for error handling (and thus matches the XML parser). To preserve semantics we'll have to convert error code to exception later.
2017-01-29XPath: Minor parsing refactoringArseny Kapoulkine
Simplify function argument parsing by folding arg 0 parsing into the main loop, reuse expression parsing logic for unary expression
2017-01-29XPath: Remove parse_function_helperArseny Kapoulkine
It was only used in three places and didn't really make the code more readable.
2017-01-29XPath: alloc_string no longer returns NULLArseny Kapoulkine
NULL return value will be reserved for the OOM error indicator.
2017-01-26Update copyright year to 2017Arseny Kapoulkine
2016-12-01Work around cray++ compiler issueArseny Kapoulkine
It's still not clear as to what exactly makes it emit this error when compiling string_to_integer: CC-3059 crayc++: INTERNAL __C_FILE_SCOPE_DATA__, File = <pugixml>/src/pugixml.cpp, Line = 4524, Column = 4 Expected no overflow in routine. But a viable workaround for now is to exploit the knowledge that it uses two-complement arithmetics and invert the sign manually. Fixes #125.
2016-11-18Silence 'cast increases required alignment of target type' warningsArseny Kapoulkine
These warnings are emitted on some GCC versions when targeting ARM; the alignment is guaranteed to be correct due to how page offsets are set up but the compiler doesn't know.
2016-11-17Rename set_value_convert to set_value_boolArseny Kapoulkine
It's too dangerous to overload here - easy to accidentally mix floating point path with boolean one.
2016-11-17Fix 'comparison of unsigned expression < 0 is always false' warningsArseny Kapoulkine
Unfortunately, some compilers don't suppress these kinds of warnings in template instantiations; solve this by moving the responsibility for computing negative bool to the caller. Also since we're doing that we don't really need to convert to unsigned in the implementation - might as well have the caller do it, which removes some type dispatch logic and slightly reduces binary size.
2016-11-13Change status_end_element_mismatch to point to closing tag nameArseny Kapoulkine
Previously the error offset pointed to the first mismatching character, which can be confusing especially if the start tag name is a prefix of the end tag name. Instead, move the offset to the first character of the name - that way it should be more obvious that the problem is that the entire name mismatches. Fixes #112.
2016-11-09Add format_no_empty_element_tags flagArseny Kapoulkine
Setting this flag outputs start and end tag for every element, including empty elements. Fixes #118.
2016-11-09Update version to 1.8 everywhereArseny Kapoulkine
2016-11-08XPath: Fix source indentationArseny Kapoulkine
Split some lines into two and add braces in some places to make the code more readable.
2016-11-07Move compact hash table pointer setup to xml_documentArseny Kapoulkine
This keeps all code that creates document/allocator/page structures together.
2016-11-07Remove xml_allocator copying during parsingArseny Kapoulkine
The separate copy of allocator state in parser was meant to increase parsing performance by reducing aliasing/indirection, but benchmarks against the current source don't indicate that this is worthwhile. Removing this simplifies the code slightly and makes it possible to move compact hash table to the allocator.
2016-11-07Rename xml_document::create/destroy for consistencyArseny Kapoulkine