Address most implicit 64-to-32-bit conversion warnings. #525
Conversation
| @@ -63,7 +63,7 @@ The INT64_OR_DOUBLE type is a 64-bit integer type when available, | |||
| otherwise double. */ | |||
|
|
|||
| BOOL | |||
| PRIV(ckd_smul)(PCRE2_SIZE *r, int a, int b) | |||
| PRIV(ckd_smul)(PCRE2_SIZE *r, ptrdiff_t a, ptrdiff_t b) | |||
There was a problem hiding this comment.
the whole point of this function is to make sure those 2 parameters are intso we can check for overflow
There was a problem hiding this comment.
Ah, yeah, the hand-coded branch would need reworking. (__builtin_mul_overflow should DTRT regardless.) However, without this change, pcre2test's process_data could in principle pass in a truncated replen, yielding incorrect results. Should it instead bail if replen > INT_MAX?
There was a problem hiding this comment.
pcre2test is a test application, AFAIK replen was made a size_t just to avoid having to do a cast, and it is expected never to have a value larger than int either, so a truncation there shouldn't be possible, but feel free to poke at it and prove me wrong.
the call for ckd_smul was indeed how we are making sure that the value of the multiplication is always correct.
FWIW you could NOT build this test application if all you want is the library an want it to be warning free, there is a configure and cmake option for that. You haven't answered my original question so I am still not sure what the end goal is.
src/pcre2_jit_compile.c
Outdated
| @@ -3302,7 +3302,7 @@ OP2(SLJIT_SUB | SLJIT_SET_Z, COUNT_MATCH, 0, COUNT_MATCH, 0, SLJIT_IMM, 1); | |||
| add_jump(compiler, &common->calllimit, JUMP(SLJIT_ZERO)); | |||
| } | |||
|
|
|||
| static SLJIT_INLINE void allocate_stack(compiler_common *common, int size) | |||
| static SLJIT_INLINE void allocate_stack(compiler_common *common, sljit_uw size) | |||
There was a problem hiding this comment.
probably should had been PCRE2_SIZE but were missed when PCRE2 was created from PCRE1 (which used int for all offsets)
| @@ -87,7 +87,7 @@ POSSIBILITY OF SUCH DAMAGE. | |||
| && ((__clang_major__ == 3 && __clang_minor__ >= 3) || (__clang_major__ > 3))) | |||
| __attribute__((no_sanitize_address)) | |||
| #endif | |||
| static sljit_u8* SLJIT_FUNC FF_FUN(sljit_u8 *str_end, sljit_u8 **str_ptr, sljit_uw offs1, sljit_uw offs2, sljit_uw chars) | |||
| static sljit_u8* SLJIT_FUNC FF_FUN(sljit_u8 *str_end, sljit_u8 **str_ptr, sljit_uw offs1, sljit_uw offs2, sljit_u32 chars) | |||
There was a problem hiding this comment.
this should break the 16bit library
There was a problem hiding this comment.
Not AFAICT, though I must admit I'd initially focused on the 8-bit one.
| @@ -2362,7 +2362,7 @@ SLJIT_ASSERT(stackpos == STACK(stacktop)); | |||
| typedef struct delayed_mem_copy_status { | |||
| struct sljit_compiler *compiler; | |||
| int store_bases[RECURSE_TMP_REG_COUNT]; | |||
| int store_offsets[RECURSE_TMP_REG_COUNT]; | |||
| sljit_sw store_offsets[RECURSE_TMP_REG_COUNT]; | |||
There was a problem hiding this comment.
These are intentionally small values.
There was a problem hiding this comment.
Without this change, delayed_mem_copy_move's assignment into store_offsets can wind up truncated. Attempting to narrow the type of its store_offset argument instead reveals that three call sites pass in 64-bit values.
src/pcre2_jit_compile.c
Outdated
| /* These values should never be negative, suggesting the use of sljit_u32. | ||
| However, they should also remain (far) below 1 << 31, and (would-be) | ||
| negative *differences* won't otherwise undergo correct sign extension. */ | ||
| sljit_s32 c, charoffset, max = 256, min = READ_CHAR_MAX; |
There was a problem hiding this comment.
c can be UINT32_MAX, so this is also a bad change.
There was a problem hiding this comment.
Good point. I've scrapped all changes to compile_xclass_matchingpath in favor of formally making read_char's min and max sljit_uw.
Visual Studio and Xcode both issue such warnings by default, and Clang also offers a -Wshorten-64-to-32 option to expose them elsewhere. To address them, harmonize types where practical and add casts as appropriate (first formally capping executables' read request sizes as necessary). NB: detect_repeat in pcre2_jit_compile.c still yields two such warnings that look plausibly legitimate but not so easy to fix. :-/ Signed-off-by: Aaron M. Ucko <[email protected]>
| @@ -667,7 +667,7 @@ PCRE2_EXP_DECL int PCRE2_CALL_CONVENTION \ | |||
| PCRE2_EXP_DECL int PCRE2_CALL_CONVENTION \ | |||
| pcre2_set_depth_limit(pcre2_match_context *, uint32_t); \ | |||
| PCRE2_EXP_DECL int PCRE2_CALL_CONVENTION \ | |||
| pcre2_set_heap_limit(pcre2_match_context *, uint32_t); \ | |||
| pcre2_set_heap_limit(pcre2_match_context *, PCRE2_SIZE); \ | |||
There was a problem hiding this comment.
API functions cannot be changed, even if they are not the best.
There was a problem hiding this comment.
Oops, yeah, I didn't mean to introduce an ABI break. :-/
There was a problem hiding this comment.
Ah, right, I'll need to revert the POSIX API changes too.
|
Thanks for the quick feedback! I've force-pushed a largely corrected (and rebased) version and will reply on individual points shortly. AFAICT, some of these changes really should help in corner cases; although the remainder are formalities, the (configuration-dependent) warnings they address could bury other warnings (none here at present, I'm happy to report). I acknowledge that this PR still needs more work. |
|
Thank you Aaron (@ucko) for pushing us to fix these warnings. I have addressed them in PR #655, hopefully. I took a slightly different direction to you on some of the fixes. We now pass with I have not addressed all the warnings generated by Let me know if you are satisfied with the level of warnings suppression on |
Visual Studio and Xcode both issue such warnings by default, and Clang also offers a
-Wshorten-64-to-32option to expose them elsewhere. To address them, harmonize types where practical and add casts as appropriate (first formally capping executables' read request sizes as necessary). NB:detect_repeatinpcre2_jit_compile.cstill yields two such warnings that look plausibly legitimate but not so easy to fix. :-/