subject:"\[PATCH\] strbuf_read_file\(\)\: preserve errno across close\(\) call"

Re: [PATCH] strbuf_read_file(): preserve errno across close() call

2018-02-26 Thread Jeff King

On Fri, Feb 23, 2018 at 10:00:24PM +0100, René Scharfe wrote:

> How about adding a stealthy close_no_errno(), or do something like the
> following to get shorter and more readable code?  (We could also keep
> a single close() call, but would then set errno even on success.)
> [...]
> @@ -391,7 +393,7 @@ ssize_t strbuf_read(struct strbuf *sb, int fd, size_t 
> hint)
>  
>   if (got < 0) {
>   if (oldalloc == 0)
> - strbuf_release(sb);
> + IGNORE_ERROR(strbuf_release(sb));
>   else
>   strbuf_setlen(sb, oldlen);
>   return -1;

I dunno, that may be crossing the line of "too magical".

I had envisioned something like:

diff --git a/strbuf.c b/strbuf.c
index 5f138ed3c8..0790dd7bcb 100644
--- a/strbuf.c
+++ b/strbuf.c
@@ -365,6 +365,14 @@ void strbuf_addbuf_percentquote(struct strbuf *dst, const 
struct strbuf *src)
}
 }
 
+/* release, but preserve errno */
+static void strbuf_release_careful(struct strbuf *sb)
+{
+   int saved_errno = errno;
+   strbuf_release(sb);
+   errno = saved_errno;
+}
+
 size_t strbuf_fread(struct strbuf *sb, size_t size, FILE *f)
 {
size_t res;
@@ -375,7 +383,7 @@ size_t strbuf_fread(struct strbuf *sb, size_t size, FILE *f)
if (res > 0)
strbuf_setlen(sb, sb->len + res);
else if (oldalloc == 0)
-   strbuf_release(sb);
+   strbuf_release_careful(sb);
return res;
 }
 
@@ -391,7 +399,7 @@ ssize_t strbuf_read(struct strbuf *sb, int fd, size_t hint)
 
if (got < 0) {
if (oldalloc == 0)
-   strbuf_release(sb);
+   strbuf_release_careful(sb);
else
strbuf_setlen(sb, oldlen);
return -1;
@@ -416,7 +424,7 @@ ssize_t strbuf_read_once(struct strbuf *sb, int fd, size_t 
hint)
if (cnt > 0)
strbuf_setlen(sb, sb->len + cnt);
else if (oldalloc == 0)
-   strbuf_release(sb);
+   strbuf_release_careful(sb);
return cnt;
 }
 
@@ -482,7 +490,7 @@ int strbuf_getcwd(struct strbuf *sb)
break;
}
if (oldalloc == 0)
-   strbuf_release(sb);
+   strbuf_release_careful(sb);
else
strbuf_reset(sb);
return -1;


but that solution is definitely very specific to these cases. I also had
a feeling I should be able to shove the "oldalloc" logic into the
helper, too, but there are too many different behaviors in the "else"
block.

-Peff

Re: [PATCH] strbuf_read_file(): preserve errno across close() call

2018-02-23 Thread René Scharfe

Am 23.02.2018 um 23:17 schrieb Junio C Hamano:
> René Scharfe  writes:
> 
>> +#define IGNORE_ERROR(expr) do { int e_ = errno; expr; errno = e_; } while 
>> (0)
> 
> The macro certainly is a cute idea, but ...
> 
>> @@ -391,7 +393,7 @@ ssize_t strbuf_read(struct strbuf *sb, int fd, size_t 
>> hint)
>>   
>>  if (got < 0) {
>>  if (oldalloc == 0)
>> -strbuf_release(sb);
>> +IGNORE_ERROR(strbuf_release(sb));
>>  else
>>  strbuf_setlen(sb, oldlen);
>>  return -1;
> 
> ... ideally, I would imagine that we wish we could write this hunk
> to something that expands to:
> 
>   if (got < 0) {
>   do {
>  int e_ = errno;
>  if (oldalloc == 0)
>  strbuf_release(sb);
>  else
>  strbuf_setlen(sb, oldlen);
>  errno = e_;
>   } while (0);
>   return -1;
> 
> no?  That is (1) we do not want to rely too much on knowing that
> strbuf_setlen() is very thin and does not touch errno, and hence (2)
> we want to mark not just a single expr but a block as "we know we
> got an error and errno from that error is more precious than what we
> do in this block to clean thihngs up".

Relying on that internal knowledge should be OK in strbuf.c, but in
this specific example we could of course do:

if (oldalloc == 0)
IGNORE_ERROR(strbuf_release(sb));
else
IGNORE_ERROR(strbuf_setlen(sb, oldlen));

I guess ignoring errors of whole blocks is not that common, based on
a quick search (git grep -W int.*_errno).  And in such a case we could
factor that code out into a separate function, if really needed.  Or
continue saving errno explicitly.

Compilers should be smart enough to avoid saving and restoring errno
between multiple uses of that macro, e.g. code like this would only do
it once, from what I saw when experimenting with the Compiler Explorer
(https://godbolt.org/):

IGNORE_ERROR(close(fd1));
IGNORE_ERROR(close(fd2));

> Of course, a pair of macros
> 
>   #define IGNORE_ERROR_BEGIN do { int e_ = errno
>   #define IGNORE_ERROR_END errno = e_; } while (0)
> 
> is probably the only way to do so in C, and that is already too ugly
> to live, so we cannot achieve the ideal.
> 
> So I dunno..

*shudder*

> 
>> @@ -617,9 +619,11 @@ ssize_t strbuf_read_file(struct strbuf *sb, const char 
>> *path, size_t hint)
>>  if (fd < 0)
>>  return -1;
>>  len = strbuf_read(sb, fd, hint);
>> -close(fd);
>> -if (len < 0)
>> +if (len < 0) {
>> +IGNORE_ERROR(close(fd));
>>  return -1;
>> +}
>> +close(fd);
>>   
>>  return len;
>>   }

Re: [PATCH] strbuf_read_file(): preserve errno across close() call

2018-02-23 Thread Junio C Hamano

René Scharfe  writes:

> +#define IGNORE_ERROR(expr) do { int e_ = errno; expr; errno = e_; } while (0)

The macro certainly is a cute idea, but ...

> @@ -391,7 +393,7 @@ ssize_t strbuf_read(struct strbuf *sb, int fd, size_t 
> hint)
>  
>   if (got < 0) {
>   if (oldalloc == 0)
> - strbuf_release(sb);
> + IGNORE_ERROR(strbuf_release(sb));
>   else
>   strbuf_setlen(sb, oldlen);
>   return -1;

... ideally, I would imagine that we wish we could write this hunk
to something that expands to:

if (got < 0) {
do {
int e_ = errno;
if (oldalloc == 0)
strbuf_release(sb);
else
strbuf_setlen(sb, oldlen);
errno = e_;
} while (0);
return -1;

no?  That is (1) we do not want to rely too much on knowing that
strbuf_setlen() is very thin and does not touch errno, and hence (2)
we want to mark not just a single expr but a block as "we know we
got an error and errno from that error is more precious than what we
do in this block to clean thihngs up".

Of course, a pair of macros

#define IGNORE_ERROR_BEGIN do { int e_ = errno
#define IGNORE_ERROR_END errno = e_; } while (0)

is probably the only way to do so in C, and that is already too ugly
to live, so we cannot achieve the ideal.

So I dunno..

> @@ -617,9 +619,11 @@ ssize_t strbuf_read_file(struct strbuf *sb, const char 
> *path, size_t hint)
>   if (fd < 0)
>   return -1;
>   len = strbuf_read(sb, fd, hint);
> - close(fd);
> - if (len < 0)
> + if (len < 0) {
> + IGNORE_ERROR(close(fd));
>   return -1;
> + }
> + close(fd);
>  
>   return len;
>  }

Re: [PATCH] strbuf_read_file(): preserve errno across close() call

2018-02-23 Thread René Scharfe

Am 23.02.2018 um 08:00 schrieb Jeff King:
> On Fri, Feb 23, 2018 at 01:49:52AM -0500, Jeff King wrote:
> Subject: [PATCH] strbuf_read_file(): preserve errno across close() call
> 
> If we encounter a read error, the user may want to report it
> by looking at errno. However, our close() call may clobber
> errno, leading to confusing results. Let's save and restore
> it in the error case.

Good idea.

> Signed-off-by: Jeff King <p...@peff.net>
> ---
>   strbuf.c | 6 +-
>   1 file changed, 5 insertions(+), 1 deletion(-)
> 
> diff --git a/strbuf.c b/strbuf.c
> index 1df674e919..5f138ed3c8 100644
> --- a/strbuf.c
> +++ b/strbuf.c
> @@ -612,14 +612,18 @@ ssize_t strbuf_read_file(struct strbuf *sb, const char 
> *path, size_t hint)
>   {
>   int fd;
>   ssize_t len;
> + int saved_errno;
>   
>   fd = open(path, O_RDONLY);
>   if (fd < 0)
>   return -1;
>   len = strbuf_read(sb, fd, hint);
> + saved_errno = errno;
>   close(fd);
> - if (len < 0)
> + if (len < 0) {
> + errno = saved_errno;
>   return -1;
> + }
>   
>   return len;
>   }

How about adding a stealthy close_no_errno(), or do something like the
following to get shorter and more readable code?  (We could also keep
a single close() call, but would then set errno even on success.)

--- 
 strbuf.c | 10 +++---
 1 file changed, 7 insertions(+), 3 deletions(-)

diff --git a/strbuf.c b/strbuf.c
index 1df674e919..c0066b1db9 100644
--- a/strbuf.c
+++ b/strbuf.c
@@ -2,6 +2,8 @@
 #include "refs.h"
 #include "utf8.h"
 
+#define IGNORE_ERROR(expr) do { int e_ = errno; expr; errno = e_; } while (0)
+
 int starts_with(const char *str, const char *prefix)
 {
for (; ; str++, prefix++)
@@ -391,7 +393,7 @@ ssize_t strbuf_read(struct strbuf *sb, int fd, size_t hint)
 
if (got < 0) {
if (oldalloc == 0)
-   strbuf_release(sb);
+   IGNORE_ERROR(strbuf_release(sb));
else
strbuf_setlen(sb, oldlen);
return -1;
@@ -617,9 +619,11 @@ ssize_t strbuf_read_file(struct strbuf *sb, const char 
*path, size_t hint)
if (fd < 0)
return -1;
len = strbuf_read(sb, fd, hint);
-   close(fd);
-   if (len < 0)
+   if (len < 0) {
+   IGNORE_ERROR(close(fd));
return -1;
+   }
+   close(fd);
 
return len;
 }

[PATCH] strbuf_read_file(): preserve errno across close() call

2018-02-22 Thread Jeff King

On Fri, Feb 23, 2018 at 01:49:52AM -0500, Jeff King wrote:

> > +static ssize_t strbuf_read_file_or_whine(struct strbuf *sb, const char 
> > *path)
> > +{
> > +   int fd;
> > +   ssize_t len;
> > +
> > +   fd = open(path, O_RDONLY);
> > +   if (fd < 0)
> > +   return error_errno(_("could not open '%s'"), path);
> > +   len = strbuf_read(sb, fd, 0);
> > +   close(fd);
> > +   if (len < 0)
> > +   return error(_("could not read '%s'."), path);
> > +   return len;
> > +}
> 
> If we were to use error_errno() in the second conditional here, we
> should take care not to clobber errno during the close(). I think
> strbuf_read_file() actually has the same problem, which might be worth
> fixing.

Here's a patch, while I'm thinking about it.

I notice that quite a few strbuf error paths may call strbuf_release(),
too.  Technically free() may clobber errno, too. I don't know if it's
worth protecting against (IIRC POSIX is being amended to disallow this,
but I have no idea how common it is in existing platforms).

-- >8 --
Subject: [PATCH] strbuf_read_file(): preserve errno across close() call

If we encounter a read error, the user may want to report it
by looking at errno. However, our close() call may clobber
errno, leading to confusing results. Let's save and restore
it in the error case.

Signed-off-by: Jeff King <p...@peff.net>
---
 strbuf.c | 6 +-
 1 file changed, 5 insertions(+), 1 deletion(-)

diff --git a/strbuf.c b/strbuf.c
index 1df674e919..5f138ed3c8 100644
--- a/strbuf.c
+++ b/strbuf.c
@@ -612,14 +612,18 @@ ssize_t strbuf_read_file(struct strbuf *sb, const char 
*path, size_t hint)
 {
int fd;
ssize_t len;
+   int saved_errno;
 
fd = open(path, O_RDONLY);
if (fd < 0)
return -1;
len = strbuf_read(sb, fd, hint);
+   saved_errno = errno;
close(fd);
-   if (len < 0)
+   if (len < 0) {
+   errno = saved_errno;
return -1;
+   }
 
return len;
 }
-- 
2.16.2.580.g96c83ce8ea

Re: [PATCH] strbuf_read_file(): preserve errno across close() call

Re: [PATCH] strbuf_read_file(): preserve errno across close() call

Re: [PATCH] strbuf_read_file(): preserve errno across close() call

Re: [PATCH] strbuf_read_file(): preserve errno across close() call

[PATCH] strbuf_read_file(): preserve errno across close() call

5 matches

Site Navigation

Mail list logo

Footer information