Re: Intervals crash - Eli Zaretskii

unofficial mirror of emacs-devel@gnu.org 
 help / color / mirror / code / Atom feed

From: Eli Zaretskii <eliz@gnu.org>
To: Chong Yidong <cyd@stupidchicken.com>
Cc: emacs-devel@gnu.org
Subject: Re: Intervals crash
Date: Fri, 24 Sep 2010 12:31:22 +0200	[thread overview]
Message-ID: <83d3s3toud.fsf@gnu.org> (raw)
In-Reply-To: <87aan82uar.fsf@stupidchicken.com>

> From: Chong Yidong <cyd@stupidchicken.com>
> Date: Thu, 23 Sep 2010 14:23:24 -0400
> Cc: emacs-devel@gnu.org
> 
> The LENGTH macro in intervals.h:114 has to be able to return a negative
> number.

Given this information, I find it difficult to reconcile the facts
with the code.  The implementation does this:

  struct interval
  {
    /* The first group of entries deal with the tree structure.  */

    EMACS_UINT total_length;      /* Length of myself and both children.  */
    EMACS_UINT position;	  /* Cache of interval's character position.  */
    ...

  /* The total size of all text represented by this interval and all its
     children in the tree.   This is zero if the interval is null. */
  #define TOTAL_LENGTH(i) ((i) == NULL_INTERVAL ? 0 : (i)->total_length)

  /* The size of text represented by this interval alone. */
  #define LENGTH(i) ((i) == NULL_INTERVAL ? 0 : (TOTAL_LENGTH ((i))          \
						 - TOTAL_LENGTH ((i)->right) \
						 - TOTAL_LENGTH ((i)->left)))

If total_length is an unsigned type, then computing negative values
from unsigned values is asking for trouble, no?  The above definitions
led me to believe that using EMACS_UINT for the result of LENGTH would
be safe, because, I reasoned, no one in their right minds would
otherwise use an unsigned type.

Also, the comment in the code that crashes:

  EMACS_INT amt = LENGTH (i);

  if (amt > 0)			/* Only used on zero-length intervals now.  */
    abort ();

lies through its teeth, doesn't it?  It implies that the result of
LENGTH is always non-negative, which again convinced me that my
understanding is correct.  But the crash says otherwise.

In addition, the commentary to delete_interval says:

  /* Delete interval I from its tree by calling `delete_node'
     and properly connecting the resultant subtree.

     I is presumed to be empty; that is, no adjustments are made
     for the length of I.  */

"I is presumed to be empty."  Is that also a lie?  Or is the code
buggy, and using an unsigned type simply exposed those bugs?

If the code is correct and the comments are wrong, I'd say we should
fix the comments, and make total_length a signed type (EMACS_INT).

Opinions and insights are most welcome.

     prev parent reply	other threads:[~2010-09-24 10:31 UTC|newest]

Thread overview: 29+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2010-09-23 18:23 Intervals crash Chong Yidong
2010-09-23 18:52 ` Chong Yidong
2010-09-23 19:01   ` Eli Zaretskii
2010-09-23 19:09     ` Chong Yidong
2010-09-23 19:32       ` Eli Zaretskii
2010-09-23 18:57 ` Eli Zaretskii
2010-09-24  6:12   ` Stephen J. Turnbull
2010-09-24  8:16     ` Eli Zaretskii
2010-09-24  8:52       ` Stephen J. Turnbull
2010-09-24 10:03         ` Eli Zaretskii
2010-09-25 14:34           ` Stephen J. Turnbull
2010-09-25 16:10             ` Eli Zaretskii
2010-09-25 18:54               ` Stephen J. Turnbull
2010-09-25 22:07                 ` Eli Zaretskii
2010-09-26 13:08                   ` Stephen J. Turnbull
2010-09-26 19:22                     ` Miles Bader
2010-09-26 19:33                       ` David Kastrup
2010-09-27  4:53                       ` Stephen J. Turnbull
2010-09-27  6:55                         ` David Kastrup
2010-09-27  7:42                           ` Jan Djärv
2010-09-27  8:34                             ` Eli Zaretskii
2010-09-27  9:02                               ` David Kastrup
2010-09-27 11:02                                 ` Eli Zaretskii
2010-09-27  8:36                           ` Eli Zaretskii
2010-09-27  8:50                           ` Stephen J. Turnbull
2010-09-27  9:39                             ` David Kastrup
2010-09-27  9:45                               ` Lars Magne Ingebrigtsen
2010-09-27 10:11                               ` Stephen J. Turnbull
2010-09-24 10:31 ` Eli Zaretskii [this message]

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

  List information: https://www.gnu.org/software/emacs/

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=83d3s3toud.fsf@gnu.org \
    --to=eliz@gnu.org \
    --cc=cyd@stupidchicken.com \
    --cc=emacs-devel@gnu.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

Code repositories for project(s) associated with this public inbox

	https://git.savannah.gnu.org/cgit/emacs.git

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).