Make SfxItemSet ranges correct by construction

This is a follow-up to 45a7f5b62d0b1b21763c1c94255ef2309ea4280b "Keep WID ranges sorted, and join adjacent ones". While SfxItemSet::MergeRange relies on the m_pWhichRanges being sorted (and, under DBG_UTIL, asserts if they are not), the various SfxItemSet constructors curiously only check (via assert or DBG_ASSERT) that each individual range has an upper bound not smaller than its lower bound. Arguably, all SfxItemSet instances should fulfill the stronger guarantees required and checked by MergeRange. And in many cases the ranges are statically known, so that the checking can happen at compile time. Therefore, replace the two SfxItemSet ctors taking explicit ranges with two other ctors that actually do proper checking. The (templated) overload taking an svl::Items struct should be used in all cases where the range values are statically known at compile time, while the overload taking a std::initializer_list<Pair> is for the remaining cases (that can only do runtime checking via assert). Most of those latter cases are simple cases with a single range covering a single item, but a few are more complex. (At least some of the uses of the existing SfxItemSet overload taking a const sal_uInt16* pWhichPairTable can probably also be strengthened, but that is left for another day.) This commit is the first in a series of two. Apart from the manual changes to compilerplugins/clang/store/sfxitemsetrewrite.cxx, include/svl/itemset.hxx, and svl/source/items/itemset.cxx, it only consists of automatic rewriting of the relevant SfxItemSet ctor calls (plus a few required manual fixes, see next). But it does not yet check that the individual ranges are properly sorted (see the TODO in svl::detail::validGap). That check will be enabled, and the ensuing manual fixes will be made in a follow-up commit, to reduce the likelyhood of accidents. There were three cases of necessary manual intervention: * sw/source/core/unocore/unostyle.cxx uses eAtr of enum type RES_FRMATR in braced-init-list syntax now, so needs explicit narrowing conversion to sal_uInt16. * In sw/source/uibase/uiview/formatclipboard.cxx, the trailiing comma in the definition of macro FORMAT_PAINTBRUSH_FRAME_IDS needed to be removed manually. * In svx/source/svdraw/svdoashp.cxx, svx/source/svdraw/svdotext.cxx, sw/source/uibase/app/docstyle.cxx, sw/source/uibase/shells/frmsh.cxx, sw/source/uibase/shells/grfsh.cxx, and sw/source/uibase/shells/textsh1.cxx, some comments had to be put back (see "TODO: the replaced range can contain relevant comments" in compilerplugins/clang/store/sfxitemsetrewrite.cxx). A few uses of the variadic form erroneously used nullptr instead of 0 for termination. But this should have been harmless even if promoted std::nullptr_t is larger than promoted sal_uInt16, assuming that the part of the nullptr value that was interpreted as sal_uInt16/promoted int was all-zero bits. Similarly, some uses made the harmless error of using 0L instead of 0. Change-Id: I2afea97282803cb311b9321a99bb627520ef5e35 Reviewed-on: https://gerrit.libreoffice.org/38861 Reviewed-by: Stephan Bergmann <sbergman@redhat.com> Tested-by: Stephan Bergmann <sbergman@redhat.com>
author: Stephan Bergmann <sbergman@redhat.com> 2017-06-16 09:58:13 +0200
committer: Stephan Bergmann <sbergman@redhat.com> 2017-06-16 17:28:41 +0200
commit: 13bb5a4b09f5b2ad19dad1b55f45d0fe2b2fb908 (patch)
tree: d38ad18688a292ff6ccdfaa7c51080197ec95934 /include/svl/itemset.hxx
parent: f83d8ae84584c0967e2346566d21d65d6d7a432f (diff)
1 files changed, 61 insertions, 6 deletions
diff --git a/include/svl/itemset.hxx b/include/svl/itemset.hxx
index ee3ac3d06366..a1715cc896f5 100644
--- a/include/svl/itemset.hxx
+++ b/include/svl/itemset.hxx
@@ -19,9 +19,14 @@
 #ifndef INCLUDED_SVL_ITEMSET_HXX
 #define INCLUDED_SVL_ITEMSET_HXX
 
-#include <svl/svldllapi.h>
+#include <sal/config.h>
+
+#include <cassert>
+#include <cstddef>
+#include <initializer_list>
+#include <type_traits>
 
-#include <cstdarg>
+#include <svl/svldllapi.h>
 #include <svl/poolitem.hxx>
 
 class SfxItemPool;
@@ -30,6 +35,48 @@ class SvStream;
 
 typedef SfxPoolItem const** SfxItemArray;
 
+namespace svl {
+
+namespace detail {
+
+constexpr bool validRange(sal_uInt16 wid1, sal_uInt16 wid2)
+{ return wid1 != 0 && wid1 <= wid2; }
+
+constexpr bool validGap(sal_uInt16, sal_uInt16)
+{ return true; } //TODO: wid2 > wid1 && wid2 - wid1 > 1
+
+template<sal_uInt16 WID1, sal_uInt16 WID2> constexpr bool validRanges()
+{ return validRange(WID1, WID2); }
+
+template<sal_uInt16 WID1, sal_uInt16 WID2, sal_uInt16 WID3, sal_uInt16... WIDs>
+constexpr bool validRanges() {
+    return validRange(WID1, WID2) && validGap(WID2, WID3)
+        && validRanges<WID3, WIDs...>();
+}
+
+// The calculations in rangeSize and rangesSize cannot overflow, assuming
+// std::size_t is no smaller than sal_uInt16:
+
+constexpr std::size_t rangeSize(sal_uInt16 wid1, sal_uInt16 wid2) {
+#if HAVE_CXX14_CONSTEXPR
+    assert(validRange(wid1, wid2));
+#endif
+    return wid2 - wid1 + 1;
+}
+
+template<sal_uInt16 WID1, sal_uInt16 WID2> constexpr std::size_t rangesSize()
+{ return rangeSize(WID1, WID2); }
+
+template<sal_uInt16 WID1, sal_uInt16 WID2, sal_uInt16 WID3, sal_uInt16... WIDs>
+constexpr std::size_t rangesSize()
+{ return rangeSize(WID1, WID2) + rangesSize<WID3, WIDs...>(); }
+
+}
+
+template<sal_uInt16... WIDs> struct Items {};
+
+}
+
 class SAL_WARN_UNUSED SVL_DLLPUBLIC SfxItemSet
 {
     friend class SfxItemIter;
@@ -45,8 +92,10 @@ friend class SfxAllItemSet;
 
 private:
     SVL_DLLPRIVATE void                     InitRanges_Impl(const sal_uInt16 *nWhichPairTable);
-    SVL_DLLPRIVATE void                     InitRanges_Impl(va_list pWhich, sal_uInt16 n1, sal_uInt16 n2, sal_uInt16 n3);
-    SVL_DLLPRIVATE void                     InitRanges_Impl(sal_uInt16 nWh1, sal_uInt16 nWh2);
+
+    SfxItemSet(
+        SfxItemPool & pool, std::initializer_list<sal_uInt16> wids,
+        std::size_t items);
 
 public:
     SfxItemArray                GetItems_Impl() const { return m_pItems; }
@@ -61,11 +110,17 @@ protected:
     void                        PutDirect(const SfxPoolItem &rItem);
 
 public:
+    struct Pair { sal_uInt16 wid1, wid2; };
+
                                 SfxItemSet( const SfxItemSet& );
 
                                 SfxItemSet( SfxItemPool&);
-                                SfxItemSet( SfxItemPool&, sal_uInt16 nWhich1, sal_uInt16 nWhich2 );
-                                SfxItemSet( SfxItemPool&, int nWh1, int nWh2, int nNull, ... );
+    template<sal_uInt16... WIDs> SfxItemSet(
+        typename std::enable_if<
+            svl::detail::validRanges<WIDs...>(), SfxItemPool &>::type pool,
+        svl::Items<WIDs...>):
+        SfxItemSet(pool, {WIDs...}, svl::detail::rangesSize<WIDs...>()) {}
+                                SfxItemSet( SfxItemPool&, std::initializer_list<Pair> wids );
                                 SfxItemSet( SfxItemPool&, const sal_uInt16* nWhichPairTable );
     virtual                     ~SfxItemSet();
author	Stephan Bergmann <sbergman@redhat.com>	2017-06-16 09:58:13 +0200
committer	Stephan Bergmann <sbergman@redhat.com>	2017-06-16 17:28:41 +0200
commit	13bb5a4b09f5b2ad19dad1b55f45d0fe2b2fb908 (patch)
tree	d38ad18688a292ff6ccdfaa7c51080197ec95934 /include/svl/itemset.hxx
parent	f83d8ae84584c0967e2346566d21d65d6d7a432f (diff)