[Zope-Checkins] CVS: ZODB3/BTrees - BTreeItemsTemplate.c:1.17.12.1 BTreeTemplate.c:1.71.12.2 BucketTemplate.c:1.47.12.2

Tim Peters tim.one@comcast.net
Fri, 18 Apr 2003 14:08:38 -0400


Update of /cvs-repository/ZODB3/BTrees
In directory cvs.zope.org:/tmp/cvs-serv4208/BTrees

Modified Files:
      Tag: ZODB3-3_1-branch
	BTreeItemsTemplate.c BTreeTemplate.c BucketTemplate.c 
Log Message:
Backporting various BTree and Bucket fixes from the Zope2 and Zope3
heads:

_bucket_set():  This could leave a mapping bucket in a variety of insane
states when the value passed in was of the wrong type (for example,
doing
    b[obj] = 3.7
when b is an OIBTree).  This manifested as a refcount leak in the test
suite, but could have been much worse (most likely in real life is that
a seemingly arbitrary existing key would "go missing").

_BTree_set():  We leaked a reference to the first key of the second
bucket when deleting the first child of a BTree node with more than one
child.  This caused >600 int objects to leak in the OI and OO flavors
of testRemoveSucceeds.

BTree_deleteNextBucket():  This failed to decref the temp result from
BTree_lastBucket().  In unusual cases, this could cause a chain of
buckets to leak (the DegenerateBTree tests appeared to be the only
ones that provoked this, and there it leaked 285 IISet buckets).  Other
uses of BTree_lastBucket() appear to be refcount-correct.

nextBTreeItems():  This was copying the value (from the next (key,
value) pair) from the bucket into the set-iteration struct twice.  I
don't believe this had any visible effect, it was simply pointless and
wasted a little time (discovered by eyeball).


=== ZODB3/BTrees/BTreeItemsTemplate.c 1.17 => 1.17.12.1 ===
--- ZODB3/BTrees/BTreeItemsTemplate.c:1.17	Sat Jun 22 13:22:54 2002
+++ ZODB3/BTrees/BTreeItemsTemplate.c	Fri Apr 18 14:08:36 2003
@@ -480,9 +480,6 @@
 
           COPY_VALUE(i->value,
                      currentbucket->values[ITEMS(i->set)->currentoffset]);
-          COPY_VALUE(i->value,
-                   BUCKET(ITEMS(i->set)->currentbucket)
-                   ->values[ITEMS(i->set)->currentoffset]);
           INCREF_VALUE(i->value);
 
           i->position ++;


=== ZODB3/BTrees/BTreeTemplate.c 1.71.12.1 => 1.71.12.2 ===
--- ZODB3/BTrees/BTreeTemplate.c:1.71.12.1	Fri Oct  4 13:35:31 2002
+++ ZODB3/BTrees/BTreeTemplate.c	Fri Apr 18 14:08:36 2003
@@ -493,12 +493,14 @@
   UNLESS (b=BTree_lastBucket(self)) goto err;
   if (Bucket_deleteNextBucket(b) < 0) goto err;
 
+  Py_DECREF(b);
   PER_ALLOW_DEACTIVATION(self);
   PER_ACCESSED(self);
 
   return 0;
 
  err:
+  Py_XDECREF(b);
   PER_ALLOW_DEACTIVATION(self);
   return -1;
 }
@@ -755,9 +757,22 @@
 
     /* Remove the child from self->data. */
     Py_DECREF(d->child);
+#ifdef KEY_TYPE_IS_PYOBJECT
     if (min) {
         DECREF_KEY(d->key);
     }
+    else if (self->len > 1) {
+	/* We're deleting the first child of a BTree with more than one
+	 * child.  The key at d+1 is about to be shifted into slot 0,
+	 * and hence never to be referenced again (the key in slot 0 is
+	 * trash).
+	 */
+	DECREF_KEY((d+1)->key);
+    }
+    /* Else min==0 and len==1:  we're emptying the BTree entirely, and
+     * there is no key in need of decrefing.
+     */
+#endif
     --self->len;
     if (min < self->len)
         memmove(d, d+1, (self->len - min) * sizeof(BTreeItem));


=== ZODB3/BTrees/BucketTemplate.c 1.47.12.1 => 1.47.12.2 ===
--- ZODB3/BTrees/BucketTemplate.c:1.47.12.1	Fri Oct  4 13:35:31 2002
+++ ZODB3/BTrees/BucketTemplate.c	Fri Apr 18 14:08:36 2003
@@ -292,17 +292,36 @@
 {
     int i, cmp;
     KEY_TYPE key;
+
+    /* Subtle:  there may or may not be a value.  If there is, we need to
+     * check its type early, so that in case of error we can get out before
+     * mutating the bucket.  But because value isn't used on all paths, if
+     * we don't initialize value then gcc gives a nuisance complaint that
+     * value may be used initialized (it can't be, but gcc doesn't know
+     * that).  So we initialize it.  However, VALUE_TYPE can be various types,
+     * including int, PyObject*, and char[6], so it's a puzzle to spell
+     * initialization.  It so happens that {0} is a valid initializer for all
+     * these types.
+     */
+    VALUE_TYPE value = {0};	/* squash nuisance warning */
     int result = -1;    /* until proven innocent */
     int copied = 1;
 
     COPY_KEY_FROM_ARG(key, keyarg, copied);
     UNLESS(copied) return -1;
 
+    /* Copy the value early (if needed), so that in case of error a
+     * pile of bucket mutations don't need to be undone.
+     */
+    if (v && !noval) {
+    	COPY_VALUE_FROM_ARG(value, v, copied);
+    	UNLESS(copied) return -1;
+    }
+
     PER_USE_OR_RETURN(self, -1);
 
     BUCKET_SEARCH(i, cmp, self, key, goto Done);
     if (cmp == 0) {
-        VALUE_TYPE value;
         /* The key exists, at index i. */
 
         if (v) {
@@ -316,8 +335,6 @@
             }
 
             /* The key exists at index i, and we need to replace the value. */
-            COPY_VALUE_FROM_ARG(value, v, copied);
-            UNLESS(copied) goto Done;
 #ifdef VALUE_SAME
             /* short-circuit if no change */
             if (VALUE_SAME(self->values[i], value)) {
@@ -390,8 +407,7 @@
     INCREF_KEY(self->keys[i]);
 
     if (! noval) {
-        COPY_VALUE_FROM_ARG(self->values[i], v, copied);
-        UNLESS(copied) return -1;
+        COPY_VALUE(self->values[i], value);
         INCREF_VALUE(self->values[i]);
     }