Bit of hardening (#11)

kolemannix · web-flow · commit 9631bfda114f · 2026-03-04T22:38:15.000-05:00
* Sanitizers

Some UB elimination

* Sanitize ci

* gotta static your inlines

* on second thought lets not sanitize in ci tis a silly place
diff --git a/Makefile b/Makefile
@@ -30,4 +30,3 @@ example: out/example
 
 out:
 	mkdir -p out
-
diff --git a/ffc.h b/ffc.h
@@ -1711,13 +1711,15 @@ void ffc_sv_normalize(ffc_sv* sv) {
 
 ffc_internal ffc_inline
 uint64_t ffc_uint64_hi64_1(uint64_t r0, bool* truncated) {
+  FFC_DEBUG_ASSERT(r0 != 0);
   *truncated = false;
   int shl = (int)ffc_count_leading_zeroes(r0);
   return r0 << shl;
 }
 
 ffc_internal ffc_inline
 uint64_t ffc_uint64_hi64_2(uint64_t r0, uint64_t r1, bool* truncated) {
+  FFC_DEBUG_ASSERT(r0 != 0);
   int shl = (int)ffc_count_leading_zeroes(r0);
   if (shl == 0) {
     *truncated = r1 != 0;
@@ -3121,28 +3123,28 @@ float ffc_parse_float_simple(size_t len, const char *s, ffc_outcome *outcome) {
 
 ffc_result ffc_parse_i64(size_t len, const char *input, int base, int64_t  *out) {
   char *pend = (char*)(input + len);
-  ffc_int_value value_out;
+  ffc_int_value value_out = {0};
   ffc_result result = ffc_parse_int_string(input, pend, &value_out, FFC_INT_KIND_S64, ffc_parse_options_default(), base);
   *out = value_out.s64;
   return result;
 }
 ffc_result ffc_parse_u64(size_t len, const char *input, int base, uint64_t *out) {
   char *pend = (char*)(input + len);
-  ffc_int_value value_out;
+  ffc_int_value value_out = {0};
   ffc_result result = ffc_parse_int_string(input, pend, &value_out, FFC_INT_KIND_U64, ffc_parse_options_default(), base);
   *out = value_out.u64;
   return result;
 }
 ffc_result ffc_parse_i32(size_t len, const char *input, int base, int32_t  *out) {
   char *pend = (char*)(input + len);
-  ffc_int_value value_out;
+  ffc_int_value value_out = {0};
   ffc_result result = ffc_parse_int_string(input, pend, &value_out, FFC_INT_KIND_S32, ffc_parse_options_default(), base);
   *out = value_out.s32;
   return result;
 }
 ffc_result ffc_parse_u32(size_t len, const char *input, int base, uint32_t *out) {
   char *pend = (char*)(input + len);
-  ffc_int_value value_out;
+  ffc_int_value value_out = {0};
   ffc_result result = ffc_parse_int_string(input, pend, &value_out, FFC_INT_KIND_U32, ffc_parse_options_default(), base);
   *out = value_out.u32;
   return result;
@@ -3188,4 +3190,3 @@ ffc_result ffc_parse_u32(size_t len, const char *input, int base, uint32_t *out)
 
 #endif /* FFC_H */
 
-
diff --git a/src/bigint.h b/src/bigint.h
@@ -158,13 +158,15 @@ void ffc_sv_normalize(ffc_sv* sv) {
 
 ffc_internal ffc_inline
 uint64_t ffc_uint64_hi64_1(uint64_t r0, bool* truncated) {
+  FFC_DEBUG_ASSERT(r0 != 0);
   *truncated = false;
   int shl = (int)ffc_count_leading_zeroes(r0);
   return r0 << shl;
 }
 
 ffc_internal ffc_inline
 uint64_t ffc_uint64_hi64_2(uint64_t r0, uint64_t r1, bool* truncated) {
+  FFC_DEBUG_ASSERT(r0 != 0);
   int shl = (int)ffc_count_leading_zeroes(r0);
   if (shl == 0) {
     *truncated = r1 != 0;
diff --git a/src/ffc.h b/src/ffc.h
@@ -419,28 +419,28 @@ float ffc_parse_float_simple(size_t len, const char *s, ffc_outcome *outcome) {
 
 ffc_result ffc_parse_i64(size_t len, const char *input, int base, int64_t  *out) {
   char *pend = (char*)(input + len);
-  ffc_int_value value_out;
+  ffc_int_value value_out = {0};
   ffc_result result = ffc_parse_int_string(input, pend, &value_out, FFC_INT_KIND_S64, ffc_parse_options_default(), base);
   *out = value_out.s64;
   return result;
 }
 ffc_result ffc_parse_u64(size_t len, const char *input, int base, uint64_t *out) {
   char *pend = (char*)(input + len);
-  ffc_int_value value_out;
+  ffc_int_value value_out = {0};
   ffc_result result = ffc_parse_int_string(input, pend, &value_out, FFC_INT_KIND_U64, ffc_parse_options_default(), base);
   *out = value_out.u64;
   return result;
 }
 ffc_result ffc_parse_i32(size_t len, const char *input, int base, int32_t  *out) {
   char *pend = (char*)(input + len);
-  ffc_int_value value_out;
+  ffc_int_value value_out = {0};
   ffc_result result = ffc_parse_int_string(input, pend, &value_out, FFC_INT_KIND_S32, ffc_parse_options_default(), base);
   *out = value_out.s32;
   return result;
 }
 ffc_result ffc_parse_u32(size_t len, const char *input, int base, uint32_t *out) {
   char *pend = (char*)(input + len);
-  ffc_int_value value_out;
+  ffc_int_value value_out = {0};
   ffc_result result = ffc_parse_int_string(input, pend, &value_out, FFC_INT_KIND_U32, ffc_parse_options_default(), base);
   *out = value_out.u32;
   return result;
@@ -485,4 +485,3 @@ ffc_result ffc_parse_u32(size_t len, const char *input, int base, uint32_t *out)
 #endif
 
 #endif /* FFC_H */
-
diff --git a/test_src/test.c b/test_src/test.c
@@ -33,7 +33,7 @@ char *double_to_string(double d, char *buffer) {
   return buffer + written;
 }
 
-inline ffc_outcome parse_outcome(uint64_t len, const char* outcome_text) {
+static inline ffc_outcome parse_outcome(uint64_t len, const char* outcome_text) {
     static const struct { const char *name; ffc_outcome val; } map[] = {
         {"ok",           FFC_OUTCOME_OK},
         {"out_of_range", FFC_OUTCOME_OUT_OF_RANGE},
@@ -115,7 +115,7 @@ bool float_eq(float exp, float act) {
   };
 }
 
-void assert_double(size_t len, char *input, double exp, double act) {
+void assert_double(size_t len, const char *input, double exp, double act) {
   if (!double_eq(exp, act)) {
     printf("\n\ninput: %.*s\n", (int)len, input);
     printf("\texp: %f\n\tact: %f\n\n", exp, act);
@@ -124,7 +124,7 @@ void assert_double(size_t len, char *input, double exp, double act) {
   }
 }
 
-void assert_float(size_t len, char *input, float exp, float act) {
+void assert_float(size_t len, const char *input, float exp, float act) {
   if (!float_eq(exp, act)) {
     printf("\n\ninput: %.*s\n", (int)len, input);
     printf("\texp: %f\n\tact: %f\n\n", exp, act);
@@ -133,10 +133,10 @@ void assert_float(size_t len, char *input, float exp, float act) {
   }
 }
 
-void verify_ext(size_t len, char input[len], ffc_value exp_value, ffc_value_kind vk, ffc_outcome exp_outcome, ffc_parse_options options) {
+void verify_ext(size_t len, const char *input, ffc_value exp_value, ffc_value_kind vk, ffc_outcome exp_outcome, ffc_parse_options options) {
   ffc_value value;
 
-  ffc_result result = ffc_from_chars(input, &input[len], options, &value, vk);
+  ffc_result result = ffc_from_chars((char*)input, (char*)&input[len], options, &value, vk);
 
   if (exp_outcome != result.outcome) {
     printf("\n\ninput: %.*s\n", (int)len, input);
@@ -158,19 +158,19 @@ void verify_ext(size_t len, char input[len], ffc_value exp_value, ffc_value_kind
   }
 }
 
-void verify_double_ext(size_t len, char input[len], double exp_value, ffc_outcome exp_outcome, ffc_parse_options options) {
+void verify_double_ext(size_t len, const char *input, double exp_value, ffc_outcome exp_outcome, ffc_parse_options options) {
   ffc_value expected;
   expected.d = exp_value;
   verify_ext(len, input, expected, FFC_VALUE_KIND_DOUBLE, exp_outcome, options);
 }
 
-void verify_float_ext(size_t len, char input[len], float exp_value, ffc_outcome exp_outcome, ffc_parse_options options) {
+void verify_float_ext(size_t len, const char *input, float exp_value, ffc_outcome exp_outcome, ffc_parse_options options) {
   ffc_value expected;
   expected.f = exp_value;
   verify_ext(len, input, expected, FFC_VALUE_KIND_FLOAT, exp_outcome, options);
 }
 
-void verify_float(char *input, float exp_value) {
+void verify_float(const char *input, float exp_value) {
   verify_float_ext(strlen(input), input, exp_value, FFC_OUTCOME_OK, ffc_parse_options_default());
 }
 
@@ -634,4 +634,3 @@ int main(void) {
 
   return 0;
 }
-

Original file line number	Diff line number	Diff line change
`@@ -30,4 +30,3 @@ example: out/example`
`30`	`30`
`31`	`31`	`out:`
`32`	`32`	`mkdir -p out`
`33`		`-`
Original file line number	Diff line number	Diff line change
`@@ -33,7 +33,7 @@ char double_to_string(double d, char buffer) {`
`33`	`33`	`return buffer + written;`
`34`	`34`	`}`
`35`	`35`
`36`		`-inline ffc_outcome parse_outcome(uint64_t len, const char* outcome_text) {`
	`36`	`+static inline ffc_outcome parse_outcome(uint64_t len, const char* outcome_text) {`
`37`	`37`	`static const struct { const char *name; ffc_outcome val; } map[] = {`
`38`	`38`	`{"ok", FFC_OUTCOME_OK},`
`39`	`39`	`{"out_of_range", FFC_OUTCOME_OUT_OF_RANGE},`
`@@ -115,7 +115,7 @@ bool float_eq(float exp, float act) {`
`115`	`115`	`};`
`116`	`116`	`}`
`117`	`117`
`118`		`-void assert_double(size_t len, char *input, double exp, double act) {`
	`118`	`+void assert_double(size_t len, const char *input, double exp, double act) {`
`119`	`119`	`if (!double_eq(exp, act)) {`
`120`	`120`	`printf("\n\ninput: %.*s\n", (int)len, input);`
`121`	`121`	`printf("\texp: %f\n\tact: %f\n\n", exp, act);`
`@@ -124,7 +124,7 @@ void assert_double(size_t len, char *input, double exp, double act) {`
`124`	`124`	`}`
`125`	`125`	`}`
`126`	`126`
`127`		`-void assert_float(size_t len, char *input, float exp, float act) {`
	`127`	`+void assert_float(size_t len, const char *input, float exp, float act) {`
`128`	`128`	`if (!float_eq(exp, act)) {`
`129`	`129`	`printf("\n\ninput: %.*s\n", (int)len, input);`
`130`	`130`	`printf("\texp: %f\n\tact: %f\n\n", exp, act);`
`@@ -133,10 +133,10 @@ void assert_float(size_t len, char *input, float exp, float act) {`
`133`	`133`	`}`
`134`	`134`	`}`
`135`	`135`
`136`		`-void verify_ext(size_t len, char input[len], ffc_value exp_value, ffc_value_kind vk, ffc_outcome exp_outcome, ffc_parse_options options) {`
	`136`	`+void verify_ext(size_t len, const char *input, ffc_value exp_value, ffc_value_kind vk, ffc_outcome exp_outcome, ffc_parse_options options) {`
`137`	`137`	`ffc_value value;`
`138`	`138`
`139`		`- ffc_result result = ffc_from_chars(input, &input[len], options, &value, vk);`
	`139`	`+ ffc_result result = ffc_from_chars((char)input, (char)&input[len], options, &value, vk);`
`140`	`140`
`141`	`141`	`if (exp_outcome != result.outcome) {`
`142`	`142`	`printf("\n\ninput: %.*s\n", (int)len, input);`
`@@ -158,19 +158,19 @@ void verify_ext(size_t len, char input[len], ffc_value exp_value, ffc_value_kind`
`158`	`158`	`}`
`159`	`159`	`}`
`160`	`160`
`161`		`-void verify_double_ext(size_t len, char input[len], double exp_value, ffc_outcome exp_outcome, ffc_parse_options options) {`
	`161`	`+void verify_double_ext(size_t len, const char *input, double exp_value, ffc_outcome exp_outcome, ffc_parse_options options) {`
`162`	`162`	`ffc_value expected;`
`163`	`163`	`expected.d = exp_value;`
`164`	`164`	`verify_ext(len, input, expected, FFC_VALUE_KIND_DOUBLE, exp_outcome, options);`
`165`	`165`	`}`
`166`	`166`
`167`		`-void verify_float_ext(size_t len, char input[len], float exp_value, ffc_outcome exp_outcome, ffc_parse_options options) {`
	`167`	`+void verify_float_ext(size_t len, const char *input, float exp_value, ffc_outcome exp_outcome, ffc_parse_options options) {`
`168`	`168`	`ffc_value expected;`
`169`	`169`	`expected.f = exp_value;`
`170`	`170`	`verify_ext(len, input, expected, FFC_VALUE_KIND_FLOAT, exp_outcome, options);`
`171`	`171`	`}`
`172`	`172`
`173`		`-void verify_float(char *input, float exp_value) {`
	`173`	`+void verify_float(const char *input, float exp_value) {`
`174`	`174`	`verify_float_ext(strlen(input), input, exp_value, FFC_OUTCOME_OK, ffc_parse_options_default());`
`175`	`175`	`}`
`176`	`176`
`@@ -634,4 +634,3 @@ int main(void) {`
`634`	`634`
`635`	`635`	`return 0;`
`636`	`636`	`}`
`637`		`-`