git/sha1-lookup.c
Derrick Stolee 19716b21a4 cleanup: fix possible overflow errors in binary search
A common mistake when writing binary search is to allow possible
integer overflow by using the simple average:

	mid = (min + max) / 2;

Instead, use the overflow-safe version:

	mid = min + (max - min) / 2;

This translation is safe since the operation occurs inside a loop
conditioned on "min < max". The included changes were found using
the following git grep:

	git grep '/ *2;' '*.c'

Making this cleanup will prevent future review friction when a new
binary search is contructed based on existing code.

Signed-off-by: Derrick Stolee <dstolee@microsoft.com>
Reviewed-by: Jeff King <peff@peff.net>
Signed-off-by: Junio C Hamano <gitster@pobox.com>
2017-10-10 08:57:24 +09:00

102 lines
2.6 KiB
C

#include "cache.h"
#include "sha1-lookup.h"
static uint32_t take2(const unsigned char *sha1)
{
return ((sha1[0] << 8) | sha1[1]);
}
/*
* Conventional binary search loop looks like this:
*
* do {
* int mi = lo + (hi - lo) / 2;
* int cmp = "entry pointed at by mi" minus "target";
* if (!cmp)
* return (mi is the wanted one)
* if (cmp > 0)
* hi = mi; "mi is larger than target"
* else
* lo = mi+1; "mi is smaller than target"
* } while (lo < hi);
*
* The invariants are:
*
* - When entering the loop, lo points at a slot that is never
* above the target (it could be at the target), hi points at a
* slot that is guaranteed to be above the target (it can never
* be at the target).
*
* - We find a point 'mi' between lo and hi (mi could be the same
* as lo, but never can be the same as hi), and check if it hits
* the target. There are three cases:
*
* - if it is a hit, we are happy.
*
* - if it is strictly higher than the target, we update hi with
* it.
*
* - if it is strictly lower than the target, we update lo to be
* one slot after it, because we allow lo to be at the target.
*
* When choosing 'mi', we do not have to take the "middle" but
* anywhere in between lo and hi, as long as lo <= mi < hi is
* satisfied. When we somehow know that the distance between the
* target and lo is much shorter than the target and hi, we could
* pick mi that is much closer to lo than the midway.
*/
/*
* The table should contain "nr" elements.
* The sha1 of element i (between 0 and nr - 1) should be returned
* by "fn(i, table)".
*/
int sha1_pos(const unsigned char *sha1, void *table, size_t nr,
sha1_access_fn fn)
{
size_t hi = nr;
size_t lo = 0;
size_t mi = 0;
if (!nr)
return -1;
if (nr != 1) {
size_t lov, hiv, miv, ofs;
for (ofs = 0; ofs < 18; ofs += 2) {
lov = take2(fn(0, table) + ofs);
hiv = take2(fn(nr - 1, table) + ofs);
miv = take2(sha1 + ofs);
if (miv < lov)
return -1;
if (hiv < miv)
return -1 - nr;
if (lov != hiv) {
/*
* At this point miv could be equal
* to hiv (but sha1 could still be higher);
* the invariant of (mi < hi) should be
* kept.
*/
mi = (nr - 1) * (miv - lov) / (hiv - lov);
if (lo <= mi && mi < hi)
break;
die("BUG: assertion failed in binary search");
}
}
}
do {
int cmp;
cmp = hashcmp(fn(mi, table), sha1);
if (!cmp)
return mi;
if (cmp > 0)
hi = mi;
else
lo = mi + 1;
mi = lo + (hi - lo) / 2;
} while (lo < hi);
return -lo-1;
}