Introduce chromium safe math #4144
Conversation
…appropriate with license. Register component governance information.
…e path to base directory to common pre props.
…s conflicts with the min/max definitions provided by minwinbase.h. We usually stomp these out, but some of our projects have more complicated/interesting precomp defines which are hell to detangle (or we would have done it already). To work around, put NOMINMAX at the top of all of these non-unified precomps and reintroduce it at the very bottom for the only two projects that actually make use of it.
miniksa
added
Issue-Task
miniksa
requested review from
DHowett-MSFT and
zadjii-msft
and removed request for
DHowett-MSFT
|
It's very interesting seeing Windows Terminal will have some of it's source code coming from Chromium. I'd also suggest configuring dependabot to update this dependency source from the github mirror as updates to the source occur. Quick (likely dumb) question: Does Windows Calculator have code we can use vice Chromium? Or is it just much easier re-using what Chromium already uses? |
|
Thanks for pointing at that. Yeah that won't be helpful in our case. I'm sure they could extend out the functionality if a use-case was provided. If it had been something a bit more "native", using code from the same authority (MS) would of been better from a support perspective. Thanks for addressing. |
|
FYI, Chromium usage is an easy sell because of its compatible licensing and our company's existing engagement with Chromium in the form of the new Edge product. So yes: we do live in interesting times. I've also moved the dependabot idea to #4165. It's a good idea, but I'm not going to bind it to this particular PR. |
There was a problem hiding this comment.
I believe this library will be very helpful, especially because the different classes and methods neatly integrate with each other.
IMHO it'd be helpful if you document somewhere (in any way) what kind of changes you did to integrate this library. This would help when someone wants to update the library from the upstream (i.e. chromium). This of course only applies if you did any changes at all.
You can also remove the 3 build files if you'd like (BUILD.gn, DEPS and cgmanifest.json).
| template <typename T> | ||
| static T HandleFailure() { | ||
| #if defined(_MSC_VER) | ||
| __debugbreak(); |
There was a problem hiding this comment.
This is the only line which you need to keep in mind when integrating this code IMO.
AFAICS SafeInt only throws an exception in case of a failure, whereas this library causes a hard crash.
You could modify the code to throw an exception instead - for instance a primitive subclass of std::range_error. 🙂
There was a problem hiding this comment.
I honestly didn't read every line of this before integrating it here. I presumed that one of the 4 classes of math here would throw on failure instead of crashing hard or that there was a template argument to override the behavior. Is that not true? If we need to modify this, we will. I was hoping to get this in, start using it, then modify it only if necessary when we discover problems.
There was a problem hiding this comment.
I presumed that one of the 4 classes of math here would throw on failure instead of crashing hard
I hadn't looked at it in detail either, but I think you're right. Based on what they say in the README, I think the "checked" APIs crash on error, and the "strict" ones throw. Actually I misread that. The "strict" ones do compile time checking - not run time. But there does seem to be a template parameter that can control the error behaviour, so if there isn't already a version that throws, we should be able to derive one.
There was a problem hiding this comment.
This will not really be an issue in the beginning @miniksa @j4james. 🙂
Only 2 parts of the numerics API will call HandleFailure() and "crash" the process:
CheckedNumeric'sValueOrDie- I suppose the naming of the function is very obvious 😄checked_cast<Dst, CheckHandler = CheckOnFailure, Src>()- we can just usegsl::narrow_castinstead, or simply create an alias for it in thetilnamespace with a replacement for theCheckHandler
Either way we should really only be careful about checked_cast at most IMO.
Also "crashing" during an erroneous checked cast is actually not even that bad of an idea in my opinion. 😶
I just wanted to mention this circumstance because I know that gsl::narrow_cast is being used, which throws an exception instead.
I did zero changes to it. That's why Do you think I should put all that in a |
|
We may actually want to namespace a bunch of this stuff into |
|
IMO briefly documenting how you vendored dependencies is worth the time, because the description can be quite short, but still be tremendously helpful.
...it will allow the next person to be like: "Yup, I just need to download it from here and don't need to be careful at all since nothing was changed previously either. ™️ That 9000 line diff is all due to upstream changes which don't need any review. ™️" 😄 But in all seriousness, as you can imagine, that can be quite a stress relief. |
It's done. |
Now in #4179 for someone enterprising (my bet is on @skyline75489) to pick up and do after this is merged. |
miniksa
added
the
AutoMerge
|
Hello @miniksa! Because this pull request has the p.s. you can customize the way I help with merging this pull request, such as holding this pull request until a specific person approves. Simply @mention me (
|
ghost
merged commit 
Summary of the Pull Request
PR Checklist
Detailed Description of the Pull Request / Additional comments
Files with old safe math:
Validation Steps Performed