Copilot commented on code in PR #49813:
URL: https://github.com/apache/arrow/pull/49813#discussion_r3285819333
##########
cpp/src/gandiva/precompiled/string_ops_test.cc:
##########
@@ -2298,11 +2318,42 @@ TEST(TestStringOps, TestConcatWs) {
EXPECT_EQ(std::string(out, out_len), "hey");
EXPECT_EQ(out_result, true);
+ // Max word1 len
+ out = concat_ws_utf8_utf8(ctx_ptr, separator, sep_len, true, word1,
+ std::numeric_limits<int32_t>::max(), true, word2,
word2_len,
+ true, &out_result, &out_len);
+ EXPECT_STREQ(out, "");
+ EXPECT_EQ(out_len, 0);
+ EXPECT_EQ(out_result, false);
+
+ // Max word2 len
+ out = concat_ws_utf8_utf8(ctx_ptr, separator, sep_len, true, word1,
word1_len, true,
+ word2, std::numeric_limits<int32_t>::max(), true,
&out_result,
+ &out_len);
+ EXPECT_STREQ(out, "");
+ EXPECT_EQ(out_len, 0);
+ EXPECT_EQ(out_result, false);
+
+ // Max separator len
+ out = concat_ws_utf8_utf8(ctx_ptr, separator,
std::numeric_limits<int32_t>::max(), true,
+ word1, word1_len, true, word2, word2_len, true,
&out_result,
+ &out_len);
+ EXPECT_STREQ(out, "");
+ EXPECT_EQ(out_len, 0);
+ EXPECT_EQ(out_result, false);
+
separator = "#";
sep_len = static_cast<int32_t>(strlen(separator));
const char* word3 = "wow";
int32_t word3_len = static_cast<int32_t>(strlen(word3));
+ out = concat_ws_utf8_utf8_utf8(ctx_ptr, separator,
std::numeric_limits<int32_t>::max(),
+ true, word1, word1_len, true, word2,
word2_len, true,
+ word3, word3_len, true, &out_result,
&out_len);
+ EXPECT_STREQ(out, "");
+ EXPECT_EQ(out_len, 0);
+ EXPECT_EQ(out_result, false);
+
Review Comment:
The new overflow/invalid-length cases in `TestConcatWs` only assert `out ==
""` / `out_len == 0` / `out_result == false`, but don’t verify that an error
was set on the execution context (and the test doesn’t reset the context
between these failing calls). This can make the test pass even if the overflow
path stops reporting errors, and can also make later assertions depend on a
previously-set error state. Please add `ctx.has_error()` / error-message
assertions for these failure cases and reset the context between them.
##########
cpp/src/gandiva/precompiled/string_ops.cc:
##########
@@ -2444,182 +2462,178 @@ void concat_word(char* out_buf, int* out_idx, const
char* in_buf, int in_len,
*out_idx += in_len;
}
-FORCE_INLINE
-const char* concat_ws_utf8_utf8(int64_t context, const char* separator,
- int32_t separator_len, bool separator_validity,
- const char* word1, int32_t word1_len, bool
word1_validity,
- const char* word2, int32_t word2_len, bool
word2_validity,
- bool* out_valid, int32_t* out_len) {
- *out_len = 0;
- int numValidInput = 0;
- // If separator is null, always return null
- if (!separator_validity) {
- *out_len = 0;
- *out_valid = false;
- return "";
- }
+// Helper structure to maintain state during safe length accumulation
+struct SafeLengthState {
+ int32_t total_len = 0;
+ int32_t num_valid = 0;
+ bool overflow = false;
+};
+
+// Helper to safely add a word length
+static inline bool safe_accumulate_word(int64_t context, SafeLengthState&
state,
+ int32_t word_len, bool word_validity) {
+ if (!word_validity) return true;
- if (word1_validity) {
- *out_len += word1_len;
- numValidInput++;
+ if (word_len < 0) {
+ gdv_fn_context_set_error_msg(context, "Invalid word length.");
+ return false;
}
- if (word2_validity) {
- *out_len += word2_len;
- numValidInput++;
+
+ int32_t temp = 0;
+ if (ARROW_PREDICT_FALSE(
+ arrow::internal::AddWithOverflow(state.total_len, word_len, &temp)))
{
+ gdv_fn_context_set_error_msg(context, "Overflow in addition detected.");
+ state.overflow = true;
+ return false;
}
+ state.total_len = temp;
+ state.num_valid++;
+ return true;
+}
- *out_len += separator_len * (numValidInput > 1 ? numValidInput - 1 : 0);
- if (*out_len == 0) {
- *out_valid = true;
- return "";
+// Helper to safely add separators based on number of valid words
+static inline bool safe_add_separators(int64_t context, SafeLengthState* state,
+ int32_t separator_len) {
+ if (state->num_valid <= 1) return true;
+
+ int32_t sep_total = 0;
+ int32_t temp = 0;
+
+ if (ARROW_PREDICT_FALSE(arrow::internal::MultiplyWithOverflow(
+ separator_len, state->num_valid - 1, &sep_total))) {
+ gdv_fn_context_set_error_msg(context, "Overflow in multiplication
detected.");
+ state->overflow = true;
+ return false;
}
- char* out = reinterpret_cast<char*>(gdv_fn_context_arena_malloc(context,
*out_len));
- if (out == nullptr) {
- gdv_fn_context_set_error_msg(context, "Could not allocate memory for
output string");
- *out_len = 0;
- *out_valid = false;
- return "";
+ if (ARROW_PREDICT_FALSE(
+ arrow::internal::AddWithOverflow(state->total_len, sep_total,
&temp))) {
+ gdv_fn_context_set_error_msg(context, "Overflow in addition detected.");
+ state->overflow = true;
+ return false;
}
- char* tmp = out;
- int out_idx = 0;
- bool seenAnyValidInput = false;
+ state->total_len = temp;
+ return true;
+}
- concat_word(tmp, &out_idx, word1, word1_len, word1_validity, separator,
separator_len,
- &seenAnyValidInput);
- concat_word(tmp, &out_idx, word2, word2_len, word2_validity, separator,
separator_len,
- &seenAnyValidInput);
+// Helper to handle overflow failure (sets output parameters and returns empty
string)
+static inline const char* handle_overflow_failure(bool* out_valid, int32_t*
out_len) {
+ *out_len = 0;
+ *out_valid = false;
+ return "";
+}
+// Helper to handle empty result (all words invalid)
+static inline const char* handle_empty_result(bool* out_valid, int32_t*
out_len) {
+ *out_len = 0;
*out_valid = true;
- *out_len = out_idx;
- return out;
+ return "";
}
-FORCE_INLINE
-const char* concat_ws_utf8_utf8_utf8(
- int64_t context, const char* separator, int32_t separator_len,
- bool separator_validity, const char* word1, int32_t word1_len, bool
word1_validity,
- const char* word2, int32_t word2_len, bool word2_validity, const char*
word3,
- int32_t word3_len, bool word3_validity, bool* out_valid, int32_t* out_len)
{
+struct WordArg {
+ const char* data;
+ int32_t len;
+ bool valid;
+};
+
+static inline const char* concat_ws_impl(int64_t context, const char*
separator,
+ int32_t separator_len, bool
separator_validity,
+ bool* out_valid, int32_t* out_len,
+ std::initializer_list<WordArg> words)
{
*out_len = 0;
- int numValidInput = 0;
- // If separator is null, always return null
+
+ // Separator validity check
if (!separator_validity) {
- *out_len = 0;
*out_valid = false;
return "";
}
-
- if (word1_validity) {
- *out_len += word1_len;
- numValidInput++;
- }
- if (word2_validity) {
- *out_len += word2_len;
- numValidInput++;
+ if (separator_len < 0) {
+ *out_valid = false;
+ return "";
}
Review Comment:
`concat_ws_impl` treats `separator_len < 0` as invalid by returning
`out_valid = false`, but it doesn’t set a context error message. Since negative
word lengths now set explicit errors, this makes diagnosing invalid separator
length inputs inconsistent and harder. Consider calling
`gdv_fn_context_set_error_msg` for this case (and reusing the common failure
helper) so callers can distinguish invalid input from normal null/empty results.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: [email protected]
For queries about this service, please contact Infrastructure at:
[email protected]
