]>
Commit | Line | Data |
---|---|---|
db9ecf05 | 1 | /* SPDX-License-Identifier: LGPL-2.1-or-later */ |
c2f1db8f | 2 | #pragma once |
60918275 | 3 | |
7e61bd0f | 4 | #include <assert.h> |
666a84ea | 5 | #include <errno.h> |
c31e1495 | 6 | #include <inttypes.h> |
c01ff965 | 7 | #include <stdbool.h> |
afc5dbf3 | 8 | #include <sys/param.h> |
27d13af7 | 9 | #include <sys/sysmacros.h> |
afc5dbf3 | 10 | #include <sys/types.h> |
60918275 | 11 | |
28db6fbf | 12 | #include "constants.h" |
e5bc5f1f YW |
13 | #include "macro-fundamental.h" |
14 | ||
026c2677 LP |
15 | /* Note: on GCC "no_sanitize_address" is a function attribute only, on llvm it may also be applied to global |
16 | * variables. We define a specific macro which knows this. Note that on GCC we don't need this decorator so much, since | |
7227dd81 | 17 | * our primary use case for this attribute is registration structures placed in named ELF sections which shall not be |
026c2677 LP |
18 | * padded, but GCC doesn't pad those anyway if AddressSanitizer is enabled. */ |
19 | #if HAS_FEATURE_ADDRESS_SANITIZER && defined(__clang__) | |
20 | #define _variable_no_sanitize_address_ __attribute__((__no_sanitize_address__)) | |
21 | #else | |
22 | #define _variable_no_sanitize_address_ | |
23 | #endif | |
24 | ||
8e2fa6e2 LP |
25 | /* Apparently there's no has_feature() call defined to check for ubsan, hence let's define this |
26 | * unconditionally on llvm */ | |
27 | #if defined(__clang__) | |
28 | #define _function_no_sanitize_float_cast_overflow_ __attribute__((no_sanitize("float-cast-overflow"))) | |
29 | #else | |
30 | #define _function_no_sanitize_float_cast_overflow_ | |
31 | #endif | |
32 | ||
7ebe131a | 33 | /* Temporarily disable some warnings */ |
4b6f74f5 ZJS |
34 | #define DISABLE_WARNING_DEPRECATED_DECLARATIONS \ |
35 | _Pragma("GCC diagnostic push"); \ | |
36 | _Pragma("GCC diagnostic ignored \"-Wdeprecated-declarations\"") | |
37 | ||
bcfce235 LP |
38 | #define DISABLE_WARNING_FORMAT_NONLITERAL \ |
39 | _Pragma("GCC diagnostic push"); \ | |
40 | _Pragma("GCC diagnostic ignored \"-Wformat-nonliteral\"") | |
41 | ||
f0f2e63b LP |
42 | #define DISABLE_WARNING_MISSING_PROTOTYPES \ |
43 | _Pragma("GCC diagnostic push"); \ | |
44 | _Pragma("GCC diagnostic ignored \"-Wmissing-prototypes\"") | |
45 | ||
8fca4e30 LP |
46 | #define DISABLE_WARNING_NONNULL \ |
47 | _Pragma("GCC diagnostic push"); \ | |
48 | _Pragma("GCC diagnostic ignored \"-Wnonnull\"") | |
49 | ||
d442e2ec DH |
50 | #define DISABLE_WARNING_SHADOW \ |
51 | _Pragma("GCC diagnostic push"); \ | |
52 | _Pragma("GCC diagnostic ignored \"-Wshadow\"") | |
53 | ||
df99a9ef ZJS |
54 | #define DISABLE_WARNING_INCOMPATIBLE_POINTER_TYPES \ |
55 | _Pragma("GCC diagnostic push"); \ | |
56 | _Pragma("GCC diagnostic ignored \"-Wincompatible-pointer-types\"") | |
57 | ||
6695c200 ZJS |
58 | #if HAVE_WSTRINGOP_TRUNCATION |
59 | # define DISABLE_WARNING_STRINGOP_TRUNCATION \ | |
60 | _Pragma("GCC diagnostic push"); \ | |
61 | _Pragma("GCC diagnostic ignored \"-Wstringop-truncation\"") | |
62 | #else | |
63 | # define DISABLE_WARNING_STRINGOP_TRUNCATION \ | |
64 | _Pragma("GCC diagnostic push") | |
65 | #endif | |
66 | ||
9c29d87b | 67 | #define DISABLE_WARNING_TYPE_LIMITS \ |
6028d766 LP |
68 | _Pragma("GCC diagnostic push"); \ |
69 | _Pragma("GCC diagnostic ignored \"-Wtype-limits\"") | |
70 | ||
9c29d87b YW |
71 | #define DISABLE_WARNING_ADDRESS \ |
72 | _Pragma("GCC diagnostic push"); \ | |
73 | _Pragma("GCC diagnostic ignored \"-Waddress\"") | |
74 | ||
7ebe131a LP |
75 | #define REENABLE_WARNING \ |
76 | _Pragma("GCC diagnostic pop") | |
77 | ||
49e5de64 ZJS |
78 | /* automake test harness */ |
79 | #define EXIT_TEST_SKIP 77 | |
80 | ||
13b498f9 TJ |
81 | /* builtins */ |
82 | #if __SIZEOF_INT__ == 4 | |
83 | #define BUILTIN_FFS_U32(x) __builtin_ffs(x); | |
84 | #elif __SIZEOF_LONG__ == 4 | |
85 | #define BUILTIN_FFS_U32(x) __builtin_ffsl(x); | |
86 | #else | |
87 | #error "neither int nor long are four bytes long?!?" | |
88 | #endif | |
89 | ||
625e870b DH |
90 | /* align to next higher power-of-2 (except for: 0 => 0, overflow => 0) */ |
91 | static inline unsigned long ALIGN_POWER2(unsigned long u) { | |
85c267af LP |
92 | |
93 | /* Avoid subtraction overflow */ | |
94 | if (u == 0) | |
95 | return 0; | |
96 | ||
625e870b DH |
97 | /* clz(0) is undefined */ |
98 | if (u == 1) | |
99 | return 1; | |
100 | ||
101 | /* left-shift overflow is undefined */ | |
102 | if (__builtin_clzl(u - 1UL) < 1) | |
103 | return 0; | |
104 | ||
105 | return 1UL << (sizeof(u) * 8 - __builtin_clzl(u - 1UL)); | |
106 | } | |
107 | ||
e49e4c33 LP |
108 | static inline size_t GREEDY_ALLOC_ROUND_UP(size_t l) { |
109 | size_t m; | |
110 | ||
111 | /* Round up allocation sizes a bit to some reasonable, likely larger value. This is supposed to be | |
112 | * used for cases which are likely called in an allocation loop of some form, i.e. that repetitively | |
113 | * grow stuff, for example strv_extend() and suchlike. | |
114 | * | |
115 | * Note the difference to GREEDY_REALLOC() here, as this helper operates on a single size value only, | |
116 | * and rounds up to next multiple of 2, needing no further counter. | |
117 | * | |
118 | * Note the benefits of direct ALIGN_POWER2() usage: type-safety for size_t, sane handling for very | |
119 | * small (i.e. <= 2) and safe handling for very large (i.e. > SSIZE_MAX) values. */ | |
120 | ||
121 | if (l <= 2) | |
122 | return 2; /* Never allocate less than 2 of something. */ | |
123 | ||
124 | m = ALIGN_POWER2(l); | |
125 | if (m == 0) /* overflow? */ | |
126 | return l; | |
127 | ||
128 | return m; | |
129 | } | |
130 | ||
bbc98d32 KS |
131 | /* |
132 | * container_of - cast a member of a structure out to the containing structure | |
133 | * @ptr: the pointer to the member. | |
134 | * @type: the type of the container struct this is embedded in. | |
135 | * @member: the name of the member within the struct. | |
bbc98d32 | 136 | */ |
fb835651 DH |
137 | #define container_of(ptr, type, member) __container_of(UNIQ, (ptr), type, member) |
138 | #define __container_of(uniq, ptr, type, member) \ | |
117efe06 | 139 | ({ \ |
fb835651 | 140 | const typeof( ((type*)0)->member ) *UNIQ_T(A, uniq) = (ptr); \ |
117efe06 | 141 | (type*)( (char *)UNIQ_T(A, uniq) - offsetof(type, member) ); \ |
fb835651 | 142 | }) |
bbc98d32 | 143 | |
d9fb7afb FB |
144 | #ifdef __COVERITY__ |
145 | ||
146 | /* Use special definitions of assertion macros in order to prevent | |
147 | * false positives of ASSERT_SIDE_EFFECT on Coverity static analyzer | |
148 | * for uses of assert_se() and assert_return(). | |
149 | * | |
150 | * These definitions make expression go through a (trivial) function | |
151 | * call to ensure they are not discarded. Also use ! or !! to ensure | |
152 | * the boolean expressions are seen as such. | |
153 | * | |
154 | * This technique has been described and recommended in: | |
155 | * https://community.synopsys.com/s/question/0D534000046Yuzb/suppressing-assertsideeffect-for-functions-that-allow-for-sideeffects | |
156 | */ | |
157 | ||
158 | extern void __coverity_panic__(void); | |
159 | ||
065a74a7 FS |
160 | static inline void __coverity_check__(int condition) { |
161 | if (!condition) | |
162 | __coverity_panic__(); | |
163 | } | |
164 | ||
165 | static inline int __coverity_check_and_return__(int condition) { | |
d9fb7afb FB |
166 | return condition; |
167 | } | |
168 | ||
065a74a7 | 169 | #define assert_message_se(expr, message) __coverity_check__(!!(expr)) |
d9fb7afb | 170 | |
065a74a7 | 171 | #define assert_log(expr, message) __coverity_check_and_return__(!!(expr)) |
d9fb7afb FB |
172 | |
173 | #else /* ! __COVERITY__ */ | |
174 | ||
34c38d2a | 175 | #define assert_message_se(expr, message) \ |
dd8f71ee | 176 | do { \ |
93a46b0b | 177 | if (_unlikely_(!(expr))) \ |
5a9b9157 | 178 | log_assert_failed(message, PROJECT_FILE, __LINE__, __func__); \ |
34c38d2a MS |
179 | } while (false) |
180 | ||
d9fb7afb FB |
181 | #define assert_log(expr, message) ((_likely_(expr)) \ |
182 | ? (true) \ | |
5a9b9157 | 183 | : (log_assert_failed_return(message, PROJECT_FILE, __LINE__, __func__), false)) |
d9fb7afb FB |
184 | |
185 | #endif /* __COVERITY__ */ | |
186 | ||
34c38d2a | 187 | #define assert_se(expr) assert_message_se(expr, #expr) |
dd8f71ee LP |
188 | |
189 | /* We override the glibc assert() here. */ | |
190 | #undef assert | |
191 | #ifdef NDEBUG | |
be166688 | 192 | #define assert(expr) ({ if (!(expr)) __builtin_unreachable(); }) |
dd8f71ee | 193 | #else |
34c38d2a | 194 | #define assert(expr) assert_message_se(expr, #expr) |
dd8f71ee | 195 | #endif |
60918275 | 196 | |
04499a70 | 197 | #define assert_not_reached() \ |
5a9b9157 | 198 | log_assert_failed_unreachable(PROJECT_FILE, __LINE__, __func__) |
60918275 | 199 | |
80514f9c LP |
200 | #define assert_return(expr, r) \ |
201 | do { \ | |
34c38d2a | 202 | if (!assert_log(expr, #expr)) \ |
80514f9c | 203 | return (r); \ |
18387b59 LP |
204 | } while (false) |
205 | ||
aa029628 TG |
206 | #define assert_return_errno(expr, r, err) \ |
207 | do { \ | |
34c38d2a | 208 | if (!assert_log(expr, #expr)) { \ |
aa029628 TG |
209 | errno = err; \ |
210 | return (r); \ | |
211 | } \ | |
212 | } while (false) | |
213 | ||
fd05c424 YW |
214 | #define return_with_errno(r, err) \ |
215 | do { \ | |
216 | errno = abs(err); \ | |
217 | return r; \ | |
218 | } while (false) | |
219 | ||
a3dc3547 KS |
220 | #define PTR_TO_INT(p) ((int) ((intptr_t) (p))) |
221 | #define INT_TO_PTR(u) ((void *) ((intptr_t) (u))) | |
14cb109d | 222 | #define PTR_TO_UINT(p) ((unsigned) ((uintptr_t) (p))) |
a3dc3547 | 223 | #define UINT_TO_PTR(u) ((void *) ((uintptr_t) (u))) |
60918275 | 224 | |
a3dc3547 KS |
225 | #define PTR_TO_LONG(p) ((long) ((intptr_t) (p))) |
226 | #define LONG_TO_PTR(u) ((void *) ((intptr_t) (u))) | |
c6c18be3 | 227 | #define PTR_TO_ULONG(p) ((unsigned long) ((uintptr_t) (p))) |
a3dc3547 | 228 | #define ULONG_TO_PTR(u) ((void *) ((uintptr_t) (u))) |
c6c18be3 | 229 | |
4081756a YW |
230 | #define PTR_TO_UINT8(p) ((uint8_t) ((uintptr_t) (p))) |
231 | #define UINT8_TO_PTR(u) ((void *) ((uintptr_t) (u))) | |
232 | ||
a3dc3547 KS |
233 | #define PTR_TO_INT32(p) ((int32_t) ((intptr_t) (p))) |
234 | #define INT32_TO_PTR(u) ((void *) ((intptr_t) (u))) | |
235 | #define PTR_TO_UINT32(p) ((uint32_t) ((uintptr_t) (p))) | |
236 | #define UINT32_TO_PTR(u) ((void *) ((uintptr_t) (u))) | |
60918275 | 237 | |
a3dc3547 KS |
238 | #define PTR_TO_INT64(p) ((int64_t) ((intptr_t) (p))) |
239 | #define INT64_TO_PTR(u) ((void *) ((intptr_t) (u))) | |
240 | #define PTR_TO_UINT64(p) ((uint64_t) ((uintptr_t) (p))) | |
241 | #define UINT64_TO_PTR(u) ((void *) ((uintptr_t) (u))) | |
c6c18be3 | 242 | |
74b2466e LP |
243 | #define PTR_TO_SIZE(p) ((size_t) ((uintptr_t) (p))) |
244 | #define SIZE_TO_PTR(u) ((void *) ((uintptr_t) (u))) | |
245 | ||
a9c55a88 LP |
246 | #define CHAR_TO_STR(x) ((char[2]) { x, 0 }) |
247 | ||
034c6ed7 LP |
248 | #define char_array_0(x) x[sizeof(x)-1] = 0; |
249 | ||
aaec2d7b | 250 | #define sizeof_field(struct_type, member) sizeof(((struct_type *) 0)->member) |
d6e9e8c7 | 251 | #define endoffsetof_field(struct_type, member) (offsetof(struct_type, member) + sizeof_field(struct_type, member)) |
aaec2d7b | 252 | |
37232d55 LB |
253 | /* Maximum buffer size needed for formatting an unsigned integer type as hex, including space for '0x' |
254 | * prefix and trailing NUL suffix. */ | |
255 | #define HEXADECIMAL_STR_MAX(type) (2 + sizeof(type) * 2 + 1) | |
256 | ||
56da8d5a LP |
257 | /* Returns the number of chars needed to format variables of the specified type as a decimal string. Adds in |
258 | * extra space for a negative '-' prefix for signed types. Includes space for the trailing NUL. */ | |
fa70beaa | 259 | #define DECIMAL_STR_MAX(type) \ |
56da8d5a LP |
260 | ((size_t) IS_SIGNED_INTEGER_TYPE(type) + 1U + \ |
261 | (sizeof(type) <= 1 ? 3U : \ | |
d3e40294 ZJS |
262 | sizeof(type) <= 2 ? 5U : \ |
263 | sizeof(type) <= 4 ? 10U : \ | |
56da8d5a | 264 | sizeof(type) <= 8 ? (IS_SIGNED_INTEGER_TYPE(type) ? 19U : 20U) : sizeof(int[-2*(sizeof(type) > 8)]))) |
fa70beaa | 265 | |
92463840 LP |
266 | /* Returns the number of chars needed to format the specified integer value. It's hence more specific than |
267 | * DECIMAL_STR_MAX() which answers the same question for all possible values of the specified type. Does | |
268 | * *not* include space for a trailing NUL. (If you wonder why we special case _x_ == 0 here: it's to trick | |
269 | * out gcc's -Wtype-limits, which would complain on comparing an unsigned type with < 0, otherwise. By | |
270 | * special-casing == 0 here first, we can use <= 0 instead of < 0 to trick out gcc.) */ | |
e3dd9ea8 FS |
271 | #define DECIMAL_STR_WIDTH(x) \ |
272 | ({ \ | |
273 | typeof(x) _x_ = (x); \ | |
92463840 LP |
274 | size_t ans; \ |
275 | if (_x_ == 0) \ | |
276 | ans = 1; \ | |
277 | else { \ | |
278 | ans = _x_ <= 0 ? 2 : 1; \ | |
279 | while ((_x_ /= 10) != 0) \ | |
280 | ans++; \ | |
281 | } \ | |
e3dd9ea8 | 282 | ans; \ |
0d1dbeb3 LP |
283 | }) |
284 | ||
35aa04e9 LP |
285 | #define SWAP_TWO(x, y) do { \ |
286 | typeof(x) _t = (x); \ | |
287 | (x) = (y); \ | |
288 | (y) = (_t); \ | |
289 | } while (false) | |
290 | ||
46bf625a ZJS |
291 | #define STRV_MAKE(...) ((char**) ((const char*[]) { __VA_ARGS__, NULL })) |
292 | #define STRV_MAKE_EMPTY ((char*[1]) { NULL }) | |
8b8024f1 | 293 | #define STRV_MAKE_CONST(...) ((const char* const*) ((const char*[]) { __VA_ARGS__, NULL })) |
46bf625a | 294 | |
66032ef4 LP |
295 | /* Pointers range from NULL to POINTER_MAX */ |
296 | #define POINTER_MAX ((void*) UINTPTR_MAX) | |
297 | ||
298 | /* Iterates through a specified list of pointers. Accepts NULL pointers, but uses POINTER_MAX as internal marker for EOL. */ | |
299 | #define FOREACH_POINTER(p, x, ...) \ | |
300 | for (typeof(p) *_l = (typeof(p)[]) { ({ p = x; }), ##__VA_ARGS__, POINTER_MAX }; \ | |
301 | p != (typeof(p)) POINTER_MAX; \ | |
1146b664 LP |
302 | p = *(++_l)) |
303 | ||
b9872fe1 YW |
304 | #define _FOREACH_ARRAY(i, array, num, m, end) \ |
305 | for (typeof(array[0]) *i = (array), *end = ({ \ | |
306 | typeof(num) m = (num); \ | |
307 | (i && m > 0) ? i + m : NULL; \ | |
308 | }); end && i < end; i++) | |
5716c27e YW |
309 | |
310 | #define FOREACH_ARRAY(i, array, num) \ | |
b9872fe1 | 311 | _FOREACH_ARRAY(i, array, num, UNIQ_T(m, UNIQ), UNIQ_T(end, UNIQ)) |
5716c27e | 312 | |
3c4c109d ZJS |
313 | /* A wrapper for 'func' to return void. |
314 | * Only useful when a void-returning function is required by some API. */ | |
1e26b1df YW |
315 | #define DEFINE_TRIVIAL_DESTRUCTOR(name, type, func) \ |
316 | static inline void name(type *p) { \ | |
317 | func(p); \ | |
318 | } | |
319 | ||
fd421c4a | 320 | /* When func() returns the void value (NULL, -1, …) of the appropriate type */ |
a2341f68 ZJS |
321 | #define DEFINE_TRIVIAL_CLEANUP_FUNC(type, func) \ |
322 | static inline void func##p(type *p) { \ | |
323 | if (*p) \ | |
fd421c4a ZJS |
324 | *p = func(*p); \ |
325 | } | |
326 | ||
9c29d87b YW |
327 | /* When func() doesn't return the appropriate type, set variable to empty afterwards. |
328 | * The func() may be provided by a dynamically loaded shared library, hence add an assertion. */ | |
fd421c4a ZJS |
329 | #define DEFINE_TRIVIAL_CLEANUP_FUNC_FULL(type, func, empty) \ |
330 | static inline void func##p(type *p) { \ | |
331 | if (*p != (empty)) { \ | |
9c29d87b YW |
332 | DISABLE_WARNING_ADDRESS; \ |
333 | assert(func); \ | |
334 | REENABLE_WARNING; \ | |
a2341f68 | 335 | func(*p); \ |
fd421c4a ZJS |
336 | *p = (empty); \ |
337 | } \ | |
f6a8265b | 338 | } |
a2341f68 | 339 | |
900e73f8 DS |
340 | /* When func() doesn't return the appropriate type, and is also a macro, set variable to empty afterwards. */ |
341 | #define DEFINE_TRIVIAL_CLEANUP_FUNC_FULL_MACRO(type, func, empty) \ | |
342 | static inline void func##p(type *p) { \ | |
343 | if (*p != (empty)) { \ | |
344 | func(*p); \ | |
345 | *p = (empty); \ | |
346 | } \ | |
347 | } | |
348 | ||
a6a08596 YW |
349 | #define _DEFINE_TRIVIAL_REF_FUNC(type, name, scope) \ |
350 | scope type *name##_ref(type *p) { \ | |
351 | if (!p) \ | |
352 | return NULL; \ | |
353 | \ | |
c8431e9e YW |
354 | /* For type check. */ \ |
355 | unsigned *q = &p->n_ref; \ | |
356 | assert(*q > 0); \ | |
7d3e856e | 357 | assert_se(*q < UINT_MAX); \ |
c8431e9e YW |
358 | \ |
359 | (*q)++; \ | |
a6a08596 YW |
360 | return p; \ |
361 | } | |
362 | ||
363 | #define _DEFINE_TRIVIAL_UNREF_FUNC(type, name, free_func, scope) \ | |
364 | scope type *name##_unref(type *p) { \ | |
365 | if (!p) \ | |
366 | return NULL; \ | |
367 | \ | |
368 | assert(p->n_ref > 0); \ | |
369 | p->n_ref--; \ | |
370 | if (p->n_ref > 0) \ | |
371 | return NULL; \ | |
372 | \ | |
373 | return free_func(p); \ | |
374 | } | |
375 | ||
376 | #define DEFINE_TRIVIAL_REF_FUNC(type, name) \ | |
377 | _DEFINE_TRIVIAL_REF_FUNC(type, name,) | |
378 | #define DEFINE_PRIVATE_TRIVIAL_REF_FUNC(type, name) \ | |
379 | _DEFINE_TRIVIAL_REF_FUNC(type, name, static) | |
380 | #define DEFINE_PUBLIC_TRIVIAL_REF_FUNC(type, name) \ | |
381 | _DEFINE_TRIVIAL_REF_FUNC(type, name, _public_) | |
382 | ||
383 | #define DEFINE_TRIVIAL_UNREF_FUNC(type, name, free_func) \ | |
384 | _DEFINE_TRIVIAL_UNREF_FUNC(type, name, free_func,) | |
385 | #define DEFINE_PRIVATE_TRIVIAL_UNREF_FUNC(type, name, free_func) \ | |
386 | _DEFINE_TRIVIAL_UNREF_FUNC(type, name, free_func, static) | |
387 | #define DEFINE_PUBLIC_TRIVIAL_UNREF_FUNC(type, name, free_func) \ | |
388 | _DEFINE_TRIVIAL_UNREF_FUNC(type, name, free_func, _public_) | |
389 | ||
390 | #define DEFINE_TRIVIAL_REF_UNREF_FUNC(type, name, free_func) \ | |
391 | DEFINE_TRIVIAL_REF_FUNC(type, name); \ | |
392 | DEFINE_TRIVIAL_UNREF_FUNC(type, name, free_func); | |
393 | ||
394 | #define DEFINE_PRIVATE_TRIVIAL_REF_UNREF_FUNC(type, name, free_func) \ | |
395 | DEFINE_PRIVATE_TRIVIAL_REF_FUNC(type, name); \ | |
396 | DEFINE_PRIVATE_TRIVIAL_UNREF_FUNC(type, name, free_func); | |
397 | ||
398 | #define DEFINE_PUBLIC_TRIVIAL_REF_UNREF_FUNC(type, name, free_func) \ | |
399 | DEFINE_PUBLIC_TRIVIAL_REF_FUNC(type, name); \ | |
400 | DEFINE_PUBLIC_TRIVIAL_UNREF_FUNC(type, name, free_func); | |
401 | ||
ed50f18c LP |
402 | /* A macro to force copying of a variable from memory. This is useful whenever we want to read something from |
403 | * memory and want to make sure the compiler won't optimize away the destination variable for us. It's not | |
404 | * supposed to be a full CPU memory barrier, i.e. CPU is still allowed to reorder the reads, but it is not | |
405 | * allowed to remove our local copies of the variables. We want this to work for unaligned memory, hence | |
406 | * memcpy() is great for our purposes. */ | |
407 | #define READ_NOW(x) \ | |
408 | ({ \ | |
409 | typeof(x) _copy; \ | |
410 | memcpy(&_copy, &(x), sizeof(_copy)); \ | |
411 | asm volatile ("" : : : "memory"); \ | |
412 | _copy; \ | |
413 | }) | |
414 | ||
8b0c4347 ZJS |
415 | #define saturate_add(x, y, limit) \ |
416 | ({ \ | |
417 | typeof(limit) _x = (x); \ | |
418 | typeof(limit) _y = (y); \ | |
419 | _x > (limit) || _y >= (limit) - _x ? (limit) : _x + _y; \ | |
420 | }) | |
421 | ||
b0e3d799 | 422 | static inline size_t size_add(size_t x, size_t y) { |
8b0c4347 | 423 | return saturate_add(x, y, SIZE_MAX); |
b0e3d799 | 424 | } |
7c502303 | 425 | |
3cc3dc77 MG |
426 | typedef struct { |
427 | int _empty[0]; | |
428 | } dummy_t; | |
429 | ||
430 | assert_cc(sizeof(dummy_t) == 0); | |
431 | ||
30fd9a2d | 432 | /* A little helper for subtracting 1 off a pointer in a safe UB-free way. This is intended to be used for |
50996f04 LP |
433 | * loops that count down from a high pointer until some base. A naive loop would implement this like this: |
434 | * | |
435 | * for (p = end-1; p >= base; p--) … | |
436 | * | |
437 | * But this is not safe because p before the base is UB in C. With this macro the loop becomes this instead: | |
438 | * | |
439 | * for (p = PTR_SUB1(end, base); p; p = PTR_SUB1(p, base)) … | |
440 | * | |
441 | * And is free from UB! */ | |
442 | #define PTR_SUB1(p, base) \ | |
443 | ({ \ | |
444 | typeof(p) _q = (p); \ | |
445 | _q && _q > (base) ? &_q[-1] : NULL; \ | |
446 | }) | |
447 | ||
e179f2d8 | 448 | /* Iterate through each variadic arg. All must be the same type as 'entry' or must be implicitly |
94d82b59 | 449 | * convertible. The iteration variable 'entry' must already be defined. */ |
e179f2d8 DS |
450 | #define VA_ARGS_FOREACH(entry, ...) \ |
451 | _VA_ARGS_FOREACH(entry, UNIQ_T(_entries_, UNIQ), UNIQ_T(_current_, UNIQ), ##__VA_ARGS__) | |
452 | #define _VA_ARGS_FOREACH(entry, _entries_, _current_, ...) \ | |
453 | for (typeof(entry) _entries_[] = { __VA_ARGS__ }, *_current_ = _entries_; \ | |
454 | ((long)(_current_ - _entries_) < (long)ELEMENTSOF(_entries_)) && ({ entry = *_current_; true; }); \ | |
455 | _current_++) | |
456 | ||
dd8f71ee | 457 | #include "log.h" |