2. b4947d67a4ebd48ca0105d44f92e47f044e51600 appears to have applied some
Coverity suggestions without investigating the underlying history that led
to the Coverity warnings.
When calling `merge_chain` from `interclexp`, this code apparently did not
anticipate that both the condition `ND_rank(agtail(e)) == ND_rank(aghead(e))`
and `ED_to_virt(prev) != NULL` could be true at once. In this case, the merge
can happen but the `.to_virt` member of `e` needs to be overwritten; it is not
`NULL` on entry to `merge_chain`.
This issue appears to have existed since the first revision of Graphviz.
These is a lot of uncertainty around what the expected behavior of this code is
and whether this fix is correct. So here is some of my background thoughts:¹
`merge_chain` has a leading `assert(ED_to_virt(e) == NULL)`, presumably trying
to express the assumption that it is not overwriting an existing back pointer.
But the code here in `interclexp` seems to be deliberately trying to overwrite
this pointer. There seemed to me two possible local fixes:
1. Remove the assertion
2. Write `NULL` to `ED_to_virt(e)` in advance
The first possibility seemed more risky. This would allow other functions to
accidentally call into merge_chain with a non-null `ED_to_virt(e)` and for
this to go undetected.
On the other hand, it's possible my change here is mistaken and what the
original author intended was for the true case of the branch on line 181 to
continue after updating `ED_to_virt(e) = prev`, making the call to
`merge_chain` not reached in this scenario. It certainly looks pretty weird
for the code after my changes to set `ED_to_virt(e)` on lines 181-184 and then
subsequently overwrite this value on line 187. But I was guessing the initial
write is relevant for the case where we continue.
As you can tell, all of this is (barely) educated guess work. I find the
intent of this code very hard to determine.
Gitlab: fixes #121
¹ Quoted from discussion on
https://gitlab.com/graphviz/graphviz/-/merge_requests/2724#note_1005393861.
Debian’s /etc/os-release does not include the field `ID_LIKE`, which is perhaps
reasonable as it is a base distribution not derived from another. A side effect
of this was that CPack picked the RPM back end when generating a Graphviz
package. This change teaches it that Debian should also get the DEB back end.
gvplugin_list: remove a second unnecessary duplication of 'typestr'
By managing an extent into the original string, we can avoid a dynamic
allocation in this code. This is similar in spirit to 5a13ab3f08b2066a795ea152f9594f6719d3aaa6.
gvplugin_list: remove unnecessary duplication of 'typestr'
By managing an extent into the original string, we can avoid a dynamic
allocation in this code. This is similar in spirit to 5a13ab3f08b2066a795ea152f9594f6719d3aaa6.
The code here actually looks wrong. It tries to pull out colon-separated
entries, but then uses the full string (`pnext->typestr`) in the call to
`agxbprint`. But this commit leaves this as-is for now.
gvplugin_list: remove unnecessary duplication of 'str'
By managing an extent into the original string, we can avoid a dynamic
allocation in this code. This is similar in spirit to 5a13ab3f08b2066a795ea152f9594f6719d3aaa6.
ortho: use 'UNUSED' to suppress warnings about debug functions
As an alternative to hiding these functions by guarding them with `DEBUG`, this
allows the compiler to see and parse these functions even when not building in
debug mode. This means we can catch syntax errors that slip into this code even
when it is not being emitted into the final binary.
This has little effect right now as debugging is forced on in this file, but
this may be a nice extra safe guard in future.
Magnus Jacobsson [Sun, 29 May 2022 09:04:49 +0000 (11:04 +0200)]
update "Starting development of the next version" in DEVELOPERS.md
The "returning to the development series" wording was a remnant from
when stable releases had even minor versions and development versions
had odd minor versions. There no longer are different stable and
development series so there's nothing to return to. We always go
forward. The development versions have the same version number as the
tentative next stable release version, with a ~dev suffix.
This reverts commit 05cbff4882df91d1b05a498b3b664061aefd3fce. Given this CMake
option does not work on all platforms (e.g. it adds compiler options that will
error out when using MSVC) and has inconsistent effects on supported platforms
(e.g. it enables leak detection on Linux, but not on macOS), it seems safer to
admit we cannot abstract over this feature and remove it from the build system.
Users who want to enable sanitizers can still do this selectively and with
greater control by exporting `CFLAGS` and `CXXFLAGS` or by using the
`CMAKE_C_FLAGS` and `CMAKE_CXX_FLAGS` to add toolchain-specific options.
When enabling ASan and UBSan, ASan defaults to aborting execution on a detected
error while UBSan defaults to a warning and then continuing. The effect of this
is that any UBSan issues go unnoticed in CI when no one is monitoring stderr.
This change makes UBSan issues also have abort behavior.
Continuing in the face of an overflow when calculating rectangle area was sort
of pointless. The test case for #1906 is an example of this, that runs for many
minutes _repeatedly_ detecting overflows in this code before finally erroring
out when trying to do follow on layout with values that make no sense. It is
simpler and cheaper to just error out immediately when this happens.
The test case for #1906 triggers an overflow in this function, viewable with
UBSan:
$ dot -Kirco -Tgv -o /dev/null tests/graphs/root.gv
/builds/graphviz/graphviz/lib/label/xlabels.c:35:15: runtime error: signed
integer overflow: -1884993080 - 1219985688 cannot be represented in type
'int'
CI: manage ASan, UBSan enabling through env instead of 'use_sanitizers'
This will allow us more precise control over compiler flags. Managing these
through CMake settings is challenging when enabling these is toolchain dependent
(e.g. the existing `use_sanitizers` option does not work with MSVC) and
operating system dependent (e.g. ASan leak detection is enabled by default on
Linux but not on macOS).
fix: anticipate non-normal edges during path construction
When constructing a path, the `beginpath` and `endpath` functions assumed they
could follow a chain of `.to_orig` back pointers to eventually reach a normal
edge. However this is not necessarily true, a situation exemplified by
tests/graphs/b15.gv that caused these traversal loops to eventually reach the
start of this linked list and then dereference a null pointer.
The fix in this commit is to simply treat the head of the list as the original
edge if we have not encountered a normal edge before then. Whether this is
correct or not seems unimportant, as a graph that causes this scenario is
incorrect. This change turns a crash during path construction into a graceful
exit later when the lack of normal edges is discovered.
This fix has similarities with 84e468e775e1d1b293624f1c8e70c226eb4a6e41. Perhaps
the code base should be audited for all such traversal loops, which seem to have
been written prior to a time when constructing a non-normal-edge-containing list
became possible.
Unfortunately the xfail in this commit cannot be marked `strict=True` because
the ASan CI job turns the deterministic crash of this test case into a
`exit(1)`.
fix: use '-module -avoid-version' when compiling TCL packages
Quoting from #1285:
They are runtime loadable (dlopen, or equivalent, from tcl program, via
'load') rather than shared libraries for dynamic linking by others. On OS X,
these two concepts have different extensions (.so vs .dylib). It's confusing
when a runtime-loadable module has a dynamic-linker extension. In commit 40123aedcd2761e98d8c9917be6040ea6187c97f, the -module flag was added to
LDFLAGS in tclpkg/gv/Makefile.am, which fixes libgv_tcl.
Could the same change be applied to the other tclpkg/*/Makefile.am LDFLAGS?
fix: include Windows links in deployment-produced JSON
This is a second attempt at 6117abe680037824d134149b0de42f589fb24466. It seems
the previous attempt did not account for the fact that the source path of an
artifact has not yet been safely escaped into a filename and contains directory
separators (`/`). This change was made by studying the last deploy.py execution
logs and making a best guess. There is no easy way to test this other than
running the release deployment process, so we should do one soon to validate
this.
avoid dynamic allocation of token buffer during style parsing
The style parsing code repeatedly calls `style_token` to tokenize input. It was
extracting the token into a dynamic buffer, `xb`. However, this is unnecessary.
Instead we can yield tokens as base and offset into the original input string,
avoiding heap allocation altogether.
It is possible this approach could be pushed “outwards,” applying the same
optimization to construction of the style itself that is returned by
`parse_style`. This would remove what the leading comment describes as “one of
the worst internal designs in graphviz.” However, this would be an API break,
and a pretty subtle one. The style buffer of `'\0'` separated strings is
available to plugins and applications in the GVC `.rawstyle` field. Altering
how this field represents the style could lead to uncaught and confusing
downstream problems. If this kind of change is done in future, I would recommend
renaming the field entirely to make any external uses break loudly at
compilation time.
Costa Shulyupin [Mon, 16 May 2022 07:05:55 +0000 (10:05 +0300)]
fix ortho: add epsilon to floating point comparison
Thanks to good bug description #1408, I've compared logs of
bad and good version. I found that sometimes there is
difference ~1E-15 between t->hi.y and t->lo.y because of
precision issues. It caused false positive conditional statement.
The workaround is to tolerate insignificant deviations.
CMake: link -lm globally on Unix instead of fine-grained
It is simpler to express this dependency globally than to try to manage a
dependency on such a fundamental part of the C standard library on a
case-by-case basis.
Commit 4915673bd8826641c4227bb6e32e1d759f3b1df5 introduced a bug where
`gvprintf` was cast and stored into an incompatible pointer type, one returning
an `int` instead of `void`. On platforms like x86-64, this coincidentally works
out with no ill effects. But on platforms like Web Assembly this prevents using
plugins containing this code.
common: squash spurious -Wconversion warnings in 'new_virtual_edge'
By doing these assignments all in a single line, the compiler was fooled into
believing there was some unintentional narrowing happening:
fastgr.c: In function 'new_virtual_edge':
../../lib/common/types.h:592:22: warning: conversion from 'int' to 'short int'
may change value [-Wconversion]
592 | #define ED_weight(e) (((Agedgeinfo_t*)AGDATA(e))->weight)
| ^
fastgr.c:192:55: note: in expansion of macro 'ED_weight'
192 | ED_minlen(e) = ED_count(e) = ED_xpenalty(e) = ED_weight(e) = 1
| ^~~~~~~~~
../../lib/common/types.h:569:21: warning: conversion to 'short unsigned int'
from 'short int' may change the sign of the result [-Wsign-conversion]
569 | #define ED_count(e) (((Agedgeinfo_t*)AGDATA(e))->count)
| ^
fastgr.c:192:24: note: in expansion of macro 'ED_count'
192 | ED_minlen(e) = ED_count(e) = ED_xpenalty(e) = ED_weight(e) = 1
| ^~~~~~~~
We can make it clearer and avoid these warnings by separating the assignments.
smyrna: propagate and remove 'fullscreen' parameter to 'cb_glutinit'
This function did not properly support non-fullscreen mode, as evidenced by the
`x` and `y` parameters (removed in the previous commit) that it was ignoring.