[CDRIVER-5859] Enable sign-compare warnings globally, and fix them all #1856
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
The `mlib_assert_aborts` macro checks that the following statement terminates the process with SIGABRT. This relies on `fork()`, so it only works on Unix systems. On Win32 it is a no-op.
`mlib_foreach_irange` and `mlib_foreach_urange` provide concise looping over an integral range.
This change swaps any `for (...)` loops that trigger `-Wsign-compare` with `mlib/loop` macros. This also simplifies redundant code around looping over array elements.
This adds function for reading little-endian i32, u32, i64, and u64 from pointers to memory. This allows us to decode integers in a single line instead of doing a declare+memcpy+byteswap that clutters the code and prevents us from using `const` and correct signedness. Instead, we can declare and initialize integers of the exact size and sign that we want in a single line.
eramongodb
requested changes
Feb 10, 2025
There was a problem hiding this comment.
Very nice changes so far.
Some additional suggestions:
- Also replace or remove use of
BSON_MINandBSON_MAXfrom<bson/bson-macros.h>to address the following warning(s) due to the internal comparison expression:
src/libbson/src/bson/bson-macros.h:121:30: warning: comparison of integer expressions of different signedness: ‘unsigned int’ and ‘int’ [-Wsign-compare]
121 | #define BSON_MIN(a, b) (((a) < (b)) ? (a) : (b))
| ^
src/libbson/src/bson/bson-decimal128.c:303:38: note: in expansion of macro ‘BSON_MIN’
303 | const unsigned n_to_write = BSON_MIN (n_trailing_digits, available_bytes);
| ^~~~~~~~
src/libbson/src/bson/bson-macros.h:121:45: warning: operand of ‘?:’ changes signedness from ‘int’ to ‘unsigned int’ due to unsignedness of other operand [-Wsign-compare]
121 | #define BSON_MIN(a, b) (((a) < (b)) ? (a) : (b))
| ^~~
src/libbson/src/bson/bson-decimal128.c:303:38: note: in expansion of macro ‘BSON_MIN’
303 | const unsigned n_to_write = BSON_MIN (n_trailing_digits, available_bytes);
| ^~~~~~~~
- Also update
ASSERT_CMPINT_HELPERinTestSuite.hto usemlib_cmpfor its internal equality comparison. Note the non-integerASSERT_CMP*macros currently implemented in terms ofASSERT_CMPINT_HELPER(fordoubleandvoid*) will need to be special-cased to avoid using incorrect use with the new integer comparison utilities.
|
kevinAlbs
reviewed
Feb 18, 2025
eramongodb
reviewed
Feb 19, 2025
eramongodb
reviewed
Feb 19, 2025
kevinAlbs
approved these changes
Mar 4, 2025
kevinAlbs
reviewed
Mar 4, 2025
src/libbson/src/bson/bson.c
Outdated
| @@ -328,7 +324,7 @@ BSON_STATIC_ASSERT2 (max_alloc_grow_fits_min_sizet, (uint64_t) BSON_MAX_SIZE * 2 | |||
| if (BSON_UNLIKELY ((_length) > BSON_MAX_SIZE - (_list).n_bytes)) { \ | |||
| goto append_failure; \ | |||
| } else if ((_length) > 0) { \ | |||
| *(_list).current++ = (_bson_append_bytes_arg){ \ | |||
| *(_list).current++ = (_bson_append_bytes_arg) { \ | |||
There was a problem hiding this comment.
Suggested change
| *(_list).current++ = (_bson_append_bytes_arg) { \ | |
| *(_list).current++ = (_bson_append_bytes_arg){ \ |
To fix clang-format task. Can be run locally with:
./tools/poetry.sh run .evergreen/scripts/clang-format-all.sh
There was a problem hiding this comment.
Uggh. My local clang-format is updated past the version installed by Poetry, and it now adds a space after compound-initializers every time I save a file. I need to figure out what .clang-format setting does this, because it is a chore to remember not to commit them.
There was a problem hiding this comment.
It looks like clang-format 19 now treats compound initializers as C-style casts, so our SpaceAfterCStyleCast option now inserts a space. Earlier Clang versions don't seem to have a way to control the whitespace here, and always deleted it.
eramongodb
approved these changes
Mar 6, 2025
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Refer: CDRIVER-5859 This changeset adds sign-compare warnings at the top-level, and fixes every occurrence. Most occurrences just swap for the new
mlib_cmpmacro, but a few more changes have been made to clear up sign-handling.Summary
mlib_cmp, from PR CDRIVER-5859 Integer comparison macro #1845SIGABRT. This is a no-op on Windows. This usesforkwithoutexec, so it isn't super fast, usually incurring a few milliseconds for each use.mlib/intencode.h, which adds functions dedicated to decoding/encoding integer values into raw memory.