On Mon, Jun 29, 2015 at 06:22:47PM -0400, Eric Sunshine wrote: > Clients of strbuf rightly expect the buffer to grow as needed in > order to complete the requested operation. It is, therefore, both > weird and expectation-breaking for strbuf_addftime() to lack this > behavior. Worse, it doesn't even signal when the format has failed > due to insufficient buffer space. Agreed on all points. > --- 8< --- > void strbuf_addftime(struct strbuf *sb, const char *fmt, const struct tm *tm) > { > size_t len; > struct strbuf f = STRBUF_INIT; > > /* > * This is a bit tricky since strftime returns 0 if the result did not > * fit in the supplied buffer, as well as when the formatted time has > * zero length. In the former case, we need to grow the buffer and try > * again. To distinguish between the two cases, we supply strftime with > * a format string one character longer than what the client supplied, > * which ensures that a successful format will have non-zero length, > * and then drop the extra character from the formatted time before > * returning. > */ > strbuf_addf(&f, "%s ", fmt); Basically I was trying to avoid making any assumptions about exactly how strftime works. But presumably "stick a space in the format" is a universally reasonable thing to do. It's a hack, but it's contained to the function. > do { > strbuf_grow(sb, 128); > len = strftime(sb->buf + sb->len, sb->alloc - sb->len, > f.buf, tm); > } while (!len); I think we need to keep growing this 128 ourselves, or else each loop iteration will just say "yup, we have 128 bytes available; no need to grow". > [...] > > If this is performance critical code, then the augmented format > string can be constructed with less expensive functions than > strbuf_addf(). This does get called a lot (e.g., once per commit). One extra allocation would probably not kill us there, but I think we could fairly trivially put this on the unlikely path: size_t hint = 128; size_t len; /* optimize out obvious 0-length case */ if (!*fmt) return; strbuf_grow(sb, hint); len = strftime(sb->buf + sb->len, sb->alloc - sb->len, fmt, tm); /* maybe not enough room, or maybe 0-length output */ if (!len) { struct strbuf f = STRBUF_INIT; strbuf_addf(&f, "%s ", fmt); while (!len) { hint *= 2; strbuf_grow(sb, hint); len = strftime(sb->buf + sb->len, sb->alloc - sb->len, f.buf, tm); } } I'd guess most cases will fit in 128 bytes and never even hit this code path. You could also get fancier and start the buffer smaller, but only do the fmt hack when we cross a threshold. -Peff -- To unsubscribe from this list: send the line "unsubscribe git" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html