[core] Functions returning arrays inconsistently use unsigned int/int for sizes #3168
Comments
|
This change could also imply a list of additional changes for consistency and a bunch of type-missmatch warnings... Here some possible sensible functions that could also require reviewing (but there could be even more): int GetFileLength(const char *fileName);
int GetPixelDataSize(int width, int height, int format);
Image LoadImageFromMemory(const char *fileType, const unsigned char *fileData, int dataSize);
unsigned char *ExportImageToMemory(Image image, const char *fileType, int *fileSize);
Font LoadFontFromMemory(const char *fileType, const unsigned char *fileData, int dataSize, int fontSize...
GlyphInfo *LoadFontData(const unsigned char *fileData, int dataSize, int fontSize, int *fontChars...
void UpdateMeshBuffer(Mesh mesh, int index, const void *data, int dataSize, int offset);
Wave LoadWaveFromMemory(const char *fileType, const unsigned char *fileData, int dataSize);
Music LoadMusicStreamFromMemory(const char *fileType, const unsigned char *data, int dataSize);
void SetAudioStreamBufferSizeDefault(int size);Surprisingly, most compression/decompression libraries I checked used just plain What are the problems related to using just |
|
I also found, but forgot to list RLAPI int *LoadCodepoints(const char *text, int *count);
RLAPI const char **TextSplit(const char *text, char delimiter, int *count);
RLAPI Material *LoadMaterials(const char *fileName, int *materialCount);
// This actually does use unsigned ints
RLAPI ModelAnimation *LoadModelAnimations(const char *fileName, unsigned int *animCount);I think plain
zlib, the arguably most popular compression library, actually uses I don't think there are inherent problems with |
Perhaps it could be due to the possibility of overflow/underflow. Two good articles I have bookmarked here: "Pitfalls in C and C++: Unsigned types" and "C++ unsigned int problems". |
|
@ubkp thanks for the articles, very interesting reads. I think they can be used for some specific cases (raw file/memory data?) but not for everything, I also consider that aesthetically, I need to think about it, there are too many functions involved in that change and many warnings to review. |
|
These articles make some good points. Either way I think it's important to make a choice and enforce it consistently. |
|
@ubkp @Not-Nik I find the article to be ridiculous. The TLDI: I am not proposing any reform to the APIs. Maybe better documentation, something that is not so traumatic. OBSERVATIONS First, overflow and underflow problems are the same, whether an int is signed or unsigned, they just occur differently. They wrap either way, because the same hardware operation is performed regardless in 2s-complement arithmetic. There is a very big difference in comparisons though and that may or may not cause mysteries. For example, in unsigned int cases, comparisons are very clear. It is also the case that adding one to the largest uint produces the smallest uint (namely 0). Adding one to the largest non-negative int produces the smallest (very-negative) int. Subtracting one from the smallest int produces ... guess what. It is an useful exercise to work out these cases and also the magical case that the smallest int is its own negative. The use of I hazard that novices are not exposed to the above situations very much and I don't see much concern for checking int results from Standard Library functions either. Since these edge cases are wired into Standard C/C++ and modern processors, the question of how to protect novices and experts from unintended consequences is similar. CONCLUSION I don't think the problem at hand is the inescapable coyness of C/C++ integer representations. It is more about what a particular variable and type are intended to represent. That's why We need to make clear what an int-typed (signed or unsigned) value is for and what the range expectations are. Ideally, we want a type that is the simplest suited to precisely that purpose. PS: In the spirit of defensive programming, if an API uses an int parameter for where only non-negative values are acceptable, there is then an obligation to defend/detect/protect against an unwelcome value. This applies to ranges generally of course. |
|
No, the article "Pitfalls in C and C++: Unsigned types" is not rediculus.
It is not true. |
This is silly. I said they have the same problems, just in different ways.
Just try it. It is easy to demonstrate. Write a small program and satisfy yourself about this. |
|
Read the article carefully. |
OK, I read it through again. I still think it is bogus. Yes, subtracting off the bottom of an unsigned element or assigning `-1' to an unsigned (which will involve a cast and should be detected unless the warning has been suppressed) is unfortunate. The key thing is about having to know what are supported ranges and exercising care to avoid any undefended over-/under-flow cases. If our attention is on portability, that will matter the most. C Language gives us the problems, and also the tools to manage it once we get the hang of it. PS: My concern with recommendations like those in the article is the significant risk that folks will blindly follow the recommendation as if there is then nothing to worry about. I have similar concerns with the casual use of |
|
I could start to write a great big comment about importance of performance in games (like nobody knows) , the bigger one about importance of portability (I use "thumb" on ARM by the way). Instead, I will say that I'm glad that you got it, the importance of writing valid, C99 code that |
|
Finally I decided to review all the functions to be consistent to All parameters where also renamed to be consistent with |
ghost
mentioned this issue
* Prettified a comment * fixed broken indentation caused by another commit. the commit renamed a bool to int and broke indentation: 233cf39 * Changed 0.001 and 0.00001 to EPSILON This commit is untested. I don't know what consequences this has. Since the commits that added these numbers were before epsilon was added, I have assumed that epsilon could replace them. * Prettied up indentation in a few places * removed spacing around *, standardizing it. * I may have gotten overboard with indentation * removed a few useless parenthesis * Added fortran-raylib * Fix examples/others/rlgl_standalone.c compilation issue (#3242) * Update BINDINGS.md * Ignore unused return value of GetCodepointNext in GetCodepointCount (#3241) * Ignore unused return value of GetCodepointNext in GetCodepointCount Removes the last warning from non-external libraries when compiling with the default build configuration on x64 Linux. * Remove unnecessary void cast in GetCodepointCount * Fix #3246 * Revert "Fix #3246" This reverts commit e4dcbd5. * Fix text_unicode.c example crashing (#3250) * Fix text_unicode.c example crashing * Adjust the text_unicode.c example crashing fix * tweaks * add build.zig options for individual modules (#3254) * Add `IsKeyPressedRepeat` (desktop only) (#3245) Since the key pressed are handle by comparing current vs previous state (ie frame), a special way is needed to handle key repeats. * Reviewed `IsKeyPressedRepeat()` #3248 * Update rcore.c (#3255) * Match CMakeOptions.txt options default values (#3258) * Fix SetClipboardText for web (#3257) * [Image] Validate that ImageDrawRectangleRec is drawing entirely inside the image (#3264) * Add a function to clone a sound and share data with another sound. * rename items based on feedback * PR Feedback, use custom unload for sound alias, not variant of normal sound unloading * sound_multi example * Validate that image rect drawing is inside the image so we don't overflow a buffer * remove files that should not have been added. * remove changes that should not have been * revert * adsfasdfsdfsdf * Add Vector3 Projecting and Rejection to Raymath (#3263) * Update raymath.h * formatting * [Feature] IsKey... safety checks and more (#3256) * [Feature] Add GetKeyRepeat * Update rcore.c * Simpler design, only one repeat per frame * Update config.h * Update rcore.c * Add KEYBOARD_KEYS_MASK * Update config.h * reversions * Update rcore.c * Update rcore.c * change docs * Update rcore.c * Update rcore.c * Update rcore.c * Update rcore.c * Update rcore.c * Update raylib.h * Update rcore.c * Update rcore.c * Update rcore.c * Update rcore.c * Update rcore.c * Update rcore.c * Update rcore.c * Update rcore.c * Fix bug where default shaders was not linking. (#3261) * Formating review * Add missing cmake options (#3267) * Fix CMake extraneous -lglfw (#3266) Closes #3265. The problem: LIBS_PRIVATE is a list of library names (used by pkg-config), but the shared library of the same name doesn't always exist. * Fix example/models/models_loading_gltf.c controls (#3268) * Fix example/models/models_loading_m3d.c controls (#3269) * Remove e from secondes (#3270) * Fix example/audio/audio_module_player.c help instructions and small bug (#3272) * Fix example/audio/audio_module_player.c help instructions and small bug * Update example/audio/audio_module_player.png screenshot * Use type name instead of valid specifier long long --> long long int * REVIEWED: `GetFileLength()`, added comment #3262 * Update examples/models/models_loading_gltf.png;m3d.png screenshots (#3273) * Remove a duplicated screenshot and add missing one (#3275) * Add examples/shaders/shaders_lightmap.c to Makefiles (#3276) * Fix examples/others/easings_testbed.c help instructions and small tweak (#3277) * Fix examples/shaders/shaders_texture_outline.c help instructions (#3278) * Fix examples/shapes/shapes_collision_area.c help instructions (#3279) * RENAMED: LoadFont*() parameter names for consistency and coherence * Fix uninitialized thread-locals in stbi #3282 (#3283) * REVIEWED: Added `SetTextLineSpacing()` to multiline examples * REVIEWED: Data size type consistency between functions #3168 * Some tweaks * Use internal default allocators, instead of user-exposed ones * Added rudimentary SVG support. (#2738) * Added rudimentary SVG support. Added 2 functions ImageLoadSvg and ImageLoadSvgWithSize. * Added an example on how to use ImageLoadSvgWithSize and adjusted Makefiles accordingly. * Added actual correct example file. * Reviewed the code to keep the raylib coding conventions in mind. Moved the LoadImageSvg() code into LoadImage() guarded by SUPPORT_FILEFORMAT_SVG. Renamed LoadImageSvgWithSize() to LoadImageSvg(). Added a LoadImageSvgFromString() function to parse the loaded SVG into an actual image. This does the bulk of the work. * Fixed typo. --------- Co-authored-by: Ray <[email protected]> * REVIEWED: `LoadImageSvg()` * REVIEWED: `LoadImageSvg()` * Add SUPPORT_FILEFORMAT_SVG to cmake (#3284) * Fix examples/textures/textures_fog_of_war.c help instructions (#3285) * Fix examples/textures/textures_image_rotate.c help instructions (#3286) * Update rtextures.c * Fix #3247 * Update config.h * Fix #3293 * Disable UBSAN in zig builds. (#3292) Zig debug builds automatically enable ubsan. As the fix for #1891 had to be reverted, debug builds using zig will crash like so: ``` Illegal instruction at address 0x3237d2 raylib/src/rlgl.h:3690:91: 0x3237d2 in rlDrawVertexArrayElements (/home/rcorre/src/raylib-zig-template/raylib/src/rcore.c) glDrawElements(GL_TRIANGLES, count, GL_UNSIGNED_SHORT, (const unsigned short *)buffer + offset); ``` This disables UBSAN when using zig to build raylib. * Update README.md (#3290) specially -> especially * Update cmake SUPPORT_FILEFORMAT_SVG default value (#3291) * Mouse offset and scaling must be considered also on web! * Update rcore.c * Update Makefile : clean raygui.c & physac.c (#3296) * Remove PLATFORM_RPI (#3232) * Remove PLATFORM_RPI * remove build artifacts --------- Co-authored-by: MichaelFiber <[email protected]> Co-authored-by: Ray <[email protected]> * Review to avoid UBSAN complaining #1891 * added raylib-raku to bindings (#3299) * examples: core: adds 2D camera two player split screen (#3298) * Reviewed examples for consistency * Update rtext.c * Some code restructuring for input functions, consistency review * Remove unneeded #if (#3301) Co-authored-by: MichaelFiber <[email protected]> * Revert "Disable UBSAN in zig builds. (#3292)" (#3303) This reverts commit a316f9e. Issue #1891 was fixed again, so this is no longer needed. * rtextures: Fix ImageDraw() source clipping when drawing beyond top left (#3306) * REVIEWED: `TextToPascal()` issue when first char is uppercase * Implement FLAG_WINDOW_RESIZABLE for web (#3305) Fixes #3231 * Update BINDINGS.md (#3307) Fix Kaylib binding. Reroute to a new repository. Binding renamed. * Update webassembly.yml * Add claw-raylib to BINDINGS.md (#3310) * Add SetWindowMaxSize for desktop and web (#3309) * Add SetWindowMaxSize for desktop and web * Remove SizeInt and respective adjustments * Update rtextures.c * Reviewed parameters for consistency * Rename windowM* to screenM* (#3312) * Update BINDINGS.md (#3317) Update TurboRaylib bindings * Update rmodels.c * Update BINDINGS.md with vaiorabbit/raylib-bindings (#3318) * fixed spelling mistake * put back parenthesis * reverted major allignment changes * reverted parser output changes * reverted one more indentation change --------- Co-authored-by: Brian-E <[email protected]> Co-authored-by: Ray <[email protected]> Co-authored-by: ubkp <[email protected]> Co-authored-by: ashn <[email protected]> Co-authored-by: actondev (Christos) <[email protected]> Co-authored-by: vitopigno <[email protected]> Co-authored-by: Asdqwe <[email protected]> Co-authored-by: Jeffery Myers <[email protected]> Co-authored-by: Ethan Simpson <[email protected]> Co-authored-by: Nickolas McDonald <[email protected]> Co-authored-by: Branimir Ričko <[email protected]> Co-authored-by: iacore <[email protected]> Co-authored-by: Ethan Conneely <[email protected]> Co-authored-by: Johannes Barthelmes <[email protected]> Co-authored-by: bXi <[email protected]> Co-authored-by: Ryan Roden-Corrent <[email protected]> Co-authored-by: Ikko Eltociear Ashimine <[email protected]> Co-authored-by: SuperUserNameMan <[email protected]> Co-authored-by: MichaelFiber <[email protected]> Co-authored-by: MichaelFiber <[email protected]> Co-authored-by: Dan Vu <[email protected]> Co-authored-by: Gabriel dos Santos Sanches <[email protected]> Co-authored-by: Rob Loach <[email protected]> Co-authored-by: Peter0x44 <[email protected]> Co-authored-by: Kenta <[email protected]> Co-authored-by: bohonghuang <[email protected]> Co-authored-by: turborium <[email protected]> Co-authored-by: Wilson Silva <[email protected]>
ghost
mentioned this issue
Currently,
LoadFiledDatauses anunsigned intto store the size of what it returns:This is the sensible option in my opinion.
However,
CompressData,DecompressData,EncodeDataBase64,DecodeDataBase64andCodepointToUTF8all use a normal signedintfor their array sizes:Let's make this more consistent!
I can create a PR, but you'll need to tell me which of these you prefer. raylib uses signed integers for sizes all over the place so maybe it's time to make some bigger changes in that area; they wouldn't really break existing code and make the library more robust.
The text was updated successfully, but these errors were encountered: