mirror of
https://github.com/git/git.git
synced 2024-11-27 20:14:30 +08:00
19716b21a4
A common mistake when writing binary search is to allow possible integer overflow by using the simple average: mid = (min + max) / 2; Instead, use the overflow-safe version: mid = min + (max - min) / 2; This translation is safe since the operation occurs inside a loop conditioned on "min < max". The included changes were found using the following git grep: git grep '/ *2;' '*.c' Making this cleanup will prevent future review friction when a new binary search is contructed based on existing code. Signed-off-by: Derrick Stolee <dstolee@microsoft.com> Reviewed-by: Jeff King <peff@peff.net> Signed-off-by: Junio C Hamano <gitster@pobox.com>
102 lines
2.6 KiB
C
102 lines
2.6 KiB
C
#include "cache.h"
|
|
#include "sha1-lookup.h"
|
|
|
|
static uint32_t take2(const unsigned char *sha1)
|
|
{
|
|
return ((sha1[0] << 8) | sha1[1]);
|
|
}
|
|
|
|
/*
|
|
* Conventional binary search loop looks like this:
|
|
*
|
|
* do {
|
|
* int mi = lo + (hi - lo) / 2;
|
|
* int cmp = "entry pointed at by mi" minus "target";
|
|
* if (!cmp)
|
|
* return (mi is the wanted one)
|
|
* if (cmp > 0)
|
|
* hi = mi; "mi is larger than target"
|
|
* else
|
|
* lo = mi+1; "mi is smaller than target"
|
|
* } while (lo < hi);
|
|
*
|
|
* The invariants are:
|
|
*
|
|
* - When entering the loop, lo points at a slot that is never
|
|
* above the target (it could be at the target), hi points at a
|
|
* slot that is guaranteed to be above the target (it can never
|
|
* be at the target).
|
|
*
|
|
* - We find a point 'mi' between lo and hi (mi could be the same
|
|
* as lo, but never can be the same as hi), and check if it hits
|
|
* the target. There are three cases:
|
|
*
|
|
* - if it is a hit, we are happy.
|
|
*
|
|
* - if it is strictly higher than the target, we update hi with
|
|
* it.
|
|
*
|
|
* - if it is strictly lower than the target, we update lo to be
|
|
* one slot after it, because we allow lo to be at the target.
|
|
*
|
|
* When choosing 'mi', we do not have to take the "middle" but
|
|
* anywhere in between lo and hi, as long as lo <= mi < hi is
|
|
* satisfied. When we somehow know that the distance between the
|
|
* target and lo is much shorter than the target and hi, we could
|
|
* pick mi that is much closer to lo than the midway.
|
|
*/
|
|
/*
|
|
* The table should contain "nr" elements.
|
|
* The sha1 of element i (between 0 and nr - 1) should be returned
|
|
* by "fn(i, table)".
|
|
*/
|
|
int sha1_pos(const unsigned char *sha1, void *table, size_t nr,
|
|
sha1_access_fn fn)
|
|
{
|
|
size_t hi = nr;
|
|
size_t lo = 0;
|
|
size_t mi = 0;
|
|
|
|
if (!nr)
|
|
return -1;
|
|
|
|
if (nr != 1) {
|
|
size_t lov, hiv, miv, ofs;
|
|
|
|
for (ofs = 0; ofs < 18; ofs += 2) {
|
|
lov = take2(fn(0, table) + ofs);
|
|
hiv = take2(fn(nr - 1, table) + ofs);
|
|
miv = take2(sha1 + ofs);
|
|
if (miv < lov)
|
|
return -1;
|
|
if (hiv < miv)
|
|
return -1 - nr;
|
|
if (lov != hiv) {
|
|
/*
|
|
* At this point miv could be equal
|
|
* to hiv (but sha1 could still be higher);
|
|
* the invariant of (mi < hi) should be
|
|
* kept.
|
|
*/
|
|
mi = (nr - 1) * (miv - lov) / (hiv - lov);
|
|
if (lo <= mi && mi < hi)
|
|
break;
|
|
die("BUG: assertion failed in binary search");
|
|
}
|
|
}
|
|
}
|
|
|
|
do {
|
|
int cmp;
|
|
cmp = hashcmp(fn(mi, table), sha1);
|
|
if (!cmp)
|
|
return mi;
|
|
if (cmp > 0)
|
|
hi = mi;
|
|
else
|
|
lo = mi + 1;
|
|
mi = lo + (hi - lo) / 2;
|
|
} while (lo < hi);
|
|
return -lo-1;
|
|
}
|