Closed Bug 1296164 Opened 8 years ago Closed 8 years ago

Use the [must_use] property in nsIFile.idl

Categories

(Core :: XPCOM, defect)

Product:
Core
Component:
XPCOM
Type:
defect
Priority:
Not set
Severity:
normal

Tracking

()

Status:
RESOLVED FIXED

People

(Reporter: n.nethercote, Assigned: n.nethercote)

References

Details

Attachments

(3 files)

(part 1) - Use [must_use] on nsIFile.{create,createUnique}
8.94 KB, patch
froydnj
: review+
mayhemer
: feedback-
Details | Diff | Splinter Review
(part 2) - Use [must_use] on nsIFile.open{NSPR,ANSI}FileDesc()
7.30 KB, patch
froydnj
: review+
Details | Diff | Splinter Review
(part 3) - Use [must_use] on more nsIFile things
6.67 KB, patch
froydnj
: review+
Details | Diff | Splinter Review 
We have plenty of missing checks for nsIFile operations. Using [must_use] will find them.
And fix numerous missing checks that this change identifies.
Attachment #8782258 - Flags: review?(nfroyd)
Assignee: nobody → n.nethercote
Status: NEW → ASSIGNED
The patch also changes RemoteOpenFileChild::OpenNSPRFileDesc() so that it
cannot succeed with a null fd, so that checking just the return value is
sufficient.
Attachment #8782283 - Flags: review?(nfroyd)
These ones don't require any extra checks to be added.
Attachment #8782301 - Flags: review?(nfroyd)
Attachment #8782258 - Flags: review?(nfroyd) → review+
Comment on attachment 8782283 [details] [diff] [review]
(part 2) - Use [must_use] on nsIFile.open{NSPR,ANSI}FileDesc()

Review of attachment 8782283 [details] [diff] [review]:
-----------------------------------------------------------------

We really should make these sorts of methods result a wrapped PRFileDesc* pointer ala Rust that you have to check prior to unwrapping, rather than futzing around with nsresult.
Attachment #8782283 - Flags: review?(nfroyd) → review+
Attachment #8782301 - Flags: review?(nfroyd) → review+
> We really should make these sorts of methods result a wrapped PRFileDesc*
> pointer ala Rust that you have to check prior to unwrapping, rather than
> futzing around with nsresult.

That would be nice... but isn't it prevented by the fact that modifying xptcall is almost impossible?
(In reply to Nicholas Nethercote [:njn] from comment #5)
> > We really should make these sorts of methods result a wrapped PRFileDesc*
> > pointer ala Rust that you have to check prior to unwrapping, rather than
> > futzing around with nsresult.
> 
> That would be nice... but isn't it prevented by the fact that modifying
> xptcall is almost impossible?

This is completely true!  Fortunately, these particular methods are [noscript], so we could at least try doing something intelligent with them.
Comment on attachment 8782258 [details] [diff] [review]
(part 1) - Use [must_use] on nsIFile.{create,createUnique}

Review of attachment 8782258 [details] [diff] [review]:
-----------------------------------------------------------------

jduell: the changes to nsDiskCacheDeviceSQL.cpp in this patch caused test failures, so I reverted the |rv| checks and just used |Unused| to explicitly ignore the results of the two Create() calls. Do you understand returning early when either of these calls fails would cause these failures?

In the failing test that I looked at, generation==-1 was false in the cases when the Create() calls failed, and the file->AppendNative(nsDependentCString(leaf)) call in the |else| branch succeeded.
Attachment #8782258 - Flags: feedback?(jduell.mcbugs)
(In reply to Nathan Froyd [:froydnj] from comment #6)
> (In reply to Nicholas Nethercote [:njn] from comment #5)
> > > We really should make these sorts of methods result a wrapped PRFileDesc*
> > > pointer ala Rust that you have to check prior to unwrapping, rather than
> > > futzing around with nsresult.
> > 
> > That would be nice... but isn't it prevented by the fact that modifying
> > xptcall is almost impossible?
> 
> This is completely true!  Fortunately, these particular methods are
> [noscript], so we could at least try doing something intelligent with them.

we have noscript methods that return already_AddRefed<> so Maybe<PRFileDesc> should work too.  iirc the trick is |native MaybeFileDesc(Maybe<PRFileDesc>);|
> jduell: the changes to nsDiskCacheDeviceSQL.cpp in this patch caused test
> failures, so I reverted the |rv| checks and just used |Unused| to explicitly
> ignore the results of the two Create() calls. Do you understand returning
> early when either of these calls fails would cause these failures?

Ah, the failing rv values were 80520008, which is NS_ERROR_FILE_ALREADY_EXISTS.
I'm marking this leave-open because there is more to be done.
Keywords: leave-open
Comment on attachment 8782258 [details] [diff] [review]
(part 1) - Use [must_use] on nsIFile.{create,createUnique}

Review of attachment 8782258 [details] [diff] [review]:
-----------------------------------------------------------------

Honza is our expert on the appcache, so he's the right person for the nsDiskCacheDeviceSQL.cpp question (Honza, see comment 7)
Attachment #8782258 - Flags: feedback?(jduell.mcbugs) → feedback?(honzab.moz)
(In reply to Nicholas Nethercote [:njn] from comment #7)
> Comment on attachment 8782258 [details] [diff] [review]
> (part 1) - Use [must_use] on nsIFile.{create,createUnique}
> 
> Review of attachment 8782258 [details] [diff] [review]:
> -----------------------------------------------------------------
> 
> jduell: the changes to nsDiskCacheDeviceSQL.cpp in this patch caused test
> failures, so I reverted the |rv| checks and just used |Unused| to explicitly
> ignore the results of the two Create() calls. Do you understand returning
> early when either of these calls fails would cause these failures?
> 
> In the failing test that I looked at, generation==-1 was false in the cases
> when the Create() calls failed, and the
> file->AppendNative(nsDependentCString(leaf)) call in the |else| branch
> succeeded.

This is an "ensure directory exists" code.  It probably already exists.  I think you can freely ignore the failures here, if there is anything wrong with the storage I believe we fail later when creating the leaf cache file gracefully.
Comment on attachment 8782258 [details] [diff] [review]
(part 1) - Use [must_use] on nsIFile.{create,createUnique}

Review of attachment 8782258 [details] [diff] [review]:
-----------------------------------------------------------------

::: netwerk/cache/nsDiskCacheDeviceSQL.cpp
@@ +384,5 @@
>                                const nsCString *fullKey,
>                                int generation)
>  {
> +  nsresult rv;
> +

I like this! ;)

@@ +407,5 @@
>  
>    file->AppendNative(nsPrintfCString("%X", dir1));
> +  rv = file->Create(nsIFile::DIRECTORY_TYPE, 00700);
> +  if (NS_FAILED(rv))
> +    return nullptr;

ideally we should do something like "if not exists -> Create()" but I don't think there is a need for additional IO.  this code is deprecated, hence, do minimal changes to it.
Attachment #8782258 - Flags: feedback?(honzab.moz) → feedback-
Depends on: 1297460
Why do you ignore the return value here?
https://hg.mozilla.org/mozilla-central/rev/ed27be6470e5#l1.29
Further down persistentDescriptor is passed into AddDownloadToDB().
Never fails under the given circumstances?

GetPersistentDescriptor() doesn't seem to fail in general, but there are call sites in M-C which check the return value.

Windows:
https://dxr.mozilla.org/comm-central/rev/24763f58772d45279a935790f732d80851924b46/mozilla/xpcom/io/nsLocalFileWin.cpp#3186
Does not fail.

Linux + Mac:
https://dxr.mozilla.org/comm-central/rev/24763f58772d45279a935790f732d80851924b46/mozilla/xpcom/io/nsLocalFileUnix.cpp#1885
https://dxr.mozilla.org/comm-central/rev/24763f58772d45279a935790f732d80851924b46/mozilla/xpcom/io/nsLocalFileUnix.cpp#600
Does not fail.
(In reply to Jorg K (GMT+2, PTO during summer) from comment #16)
> Why do you ignore the return value here?
> https://hg.mozilla.org/mozilla-central/rev/ed27be6470e5#l1.29
> Further down persistentDescriptor is passed into AddDownloadToDB().
> Never fails under the given circumstances?

There was already a cast to void. That's not enough to satisfy GCC when a MOZ_MUST_USE annotation is present, so I changed it to |Unused <<|. I assumed that the existing cast to void was legitimate.

> GetPersistentDescriptor() doesn't seem to fail in general, but there are
> call sites in M-C which check the return value.
> 
> Windows:
> https://dxr.mozilla.org/comm-central/rev/
> 24763f58772d45279a935790f732d80851924b46/mozilla/xpcom/io/nsLocalFileWin.
> cpp#3186
> Does not fail.
> 
> Linux + Mac:
> https://dxr.mozilla.org/comm-central/rev/
> 24763f58772d45279a935790f732d80851924b46/mozilla/xpcom/io/nsLocalFileUnix.
> cpp#1885
> https://dxr.mozilla.org/comm-central/rev/
> 24763f58772d45279a935790f732d80851924b46/mozilla/xpcom/io/nsLocalFileUnix.
> cpp#600
> Does not fail.

The RemoteOpenFileChild::GetPersistentDescriptor() implementation can fail. I don't know how often that implementation is used, so I erred on the side of conservatism, i.e. over-checking. If you know this is wrong, please file a follow-up bug!
I will continue this in bug 1297950.
Status: ASSIGNED → RESOLVED
Closed: 8 years ago
Keywords: leave-open
Resolution: --- → FIXED
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: