Fail when reference counts are inconsistent. #857

1uc · 2023-11-21T16:22:38Z

In HighFive we have two types of invalid HIDs. The first category consists of:

H5I_INVALID_HID which HighFive uses to indicate that the object is "empty",
H5P_DEFAULT (aka 0) which is to "optimize" the default property.

The second category consists of anything else that H5Iis_valid reports as invalid, e.g. identifiers that have been closed, etc.

For the first category we must not increment or decrement the reference counters. However, for the second category, we'd like to get an error, because we're expecting either H5I_INVALID_HID, H5P_DEFAULT or a valid HID, but are given something else.

In HighFive we have two types of invalid HIDs. The first category consists of: * `H5I_INVALID_HID` which HighFive uses to indicate that the object is "empty", * `H5P_DEFAULT` (aka `0`) which is to "optimize" the default property. The second category consists of anything else that `H5Iis_valid` reports as invalid, e.g. identifiers that have been closed, etc. For the first category we must not increment or decrement the reference counters. However, for the second category, we'd like to get an error, because we're expecting either `H5I_INVALID_HID`, `H5P_DEFAULT` or a valid HID, but are given something else.

codecov · 2023-11-21T16:29:07Z

Codecov Report

All modified and coverable lines are covered by tests ✅

Comparison is base (61fa102) 84.74% compared to head (a738b47) 84.74%.

Additional details and impacted files

@@           Coverage Diff           @@
##           master     #857   +/-   ##
=======================================
  Coverage   84.74%   84.74%           
=======================================
  Files          69       69           
  Lines        5053     5053           
=======================================
  Hits         4282     4282           
  Misses        771      771

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

1uc · 2023-11-22T07:42:30Z

It can uncover bugs in user code that stem from something like:

HighFive::File* file = malloc(sizeof(HighFive::File));
// Let's make it explicit that the allocated space might not be
// zeroed out:
memset(file, 'f');

*file = File("foo.h5");

because the _hid in file (with quite high probability) is an invalid, positive HID the assignment used to not decrement the junk HID. However, the new version will error out. The bug is already present in such user code, because if they hit a valid HID by chance, then the reference counts will be off.

1uc · 2023-12-01T09:25:16Z

Reverting this back to draft to think more carefully about how to have a balance between not crashing, but still exposing existing bugs in user programs, see #857 (comment)

1uc · 2023-12-14T07:29:54Z

Since HDF5 will print an error message, that's essentially what we'd do as well. (We can't throw from the dtor for example.)

1uc marked this pull request as ready for review November 21, 2023 16:33

alkino approved these changes Nov 22, 2023

View reviewed changes

1uc added the v3 Anything that needs to be resolved before `v3`. label Nov 24, 2023

1uc marked this pull request as draft December 1, 2023 09:25

1uc closed this Dec 14, 2023

1uc deleted the 1uc/raii branch May 8, 2024 11:36

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Fail when reference counts are inconsistent. #857

Fail when reference counts are inconsistent. #857

1uc commented Nov 21, 2023

codecov bot commented Nov 21, 2023

1uc commented Nov 22, 2023

1uc commented Dec 1, 2023

1uc commented Dec 14, 2023

Fail when reference counts are inconsistent. #857

Fail when reference counts are inconsistent. #857

Conversation

1uc commented Nov 21, 2023

codecov bot commented Nov 21, 2023

Codecov Report

1uc commented Nov 22, 2023

1uc commented Dec 1, 2023

1uc commented Dec 14, 2023