]> git.ipfire.org Git - thirdparty/systemd.git/blob - src/basic/macro.h
projects / thirdparty / systemd.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
Merge pull request #29708 from DaanDeMeyer/bootctl-always
[thirdparty/systemd.git] / src / basic / macro.h
1 /* SPDX-License-Identifier: LGPL-2.1-or-later */
2 #pragma once
3
4 #include <assert.h>
5 #include <errno.h>
6 #include <inttypes.h>
7 #include <stdbool.h>
8 #include <sys/param.h>
9 #include <sys/sysmacros.h>
10 #include <sys/types.h>
11
12 #include "constants.h"
13 #include "macro-fundamental.h"
14
15 /* Note: on GCC "no_sanitize_address" is a function attribute only, on llvm it may also be applied to global
16 * variables. We define a specific macro which knows this. Note that on GCC we don't need this decorator so much, since
17 * our primary use case for this attribute is registration structures placed in named ELF sections which shall not be
18 * padded, but GCC doesn't pad those anyway if AddressSanitizer is enabled. */
19 #if HAS_FEATURE_ADDRESS_SANITIZER && defined(__clang__)
20 #define _variable_no_sanitize_address_ __attribute__((__no_sanitize_address__))
21 #else
22 #define _variable_no_sanitize_address_
23 #endif
24
25 /* Apparently there's no has_feature() call defined to check for ubsan, hence let's define this
26 * unconditionally on llvm */
27 #if defined(__clang__)
28 #define _function_no_sanitize_float_cast_overflow_ __attribute__((no_sanitize("float-cast-overflow")))
29 #else
30 #define _function_no_sanitize_float_cast_overflow_
31 #endif
32
33 #if HAVE_WSTRINGOP_TRUNCATION
34 # define DISABLE_WARNING_STRINGOP_TRUNCATION \
35 _Pragma("GCC diagnostic push"); \
36 _Pragma("GCC diagnostic ignored \"-Wstringop-truncation\"")
37 #else
38 # define DISABLE_WARNING_STRINGOP_TRUNCATION \
39 _Pragma("GCC diagnostic push")
40 #endif
41
42 /* test harness */
43 #define EXIT_TEST_SKIP 77
44
45 /* builtins */
46 #if __SIZEOF_INT__ == 4
47 #define BUILTIN_FFS_U32(x) __builtin_ffs(x);
48 #elif __SIZEOF_LONG__ == 4
49 #define BUILTIN_FFS_U32(x) __builtin_ffsl(x);
50 #else
51 #error "neither int nor long are four bytes long?!?"
52 #endif
53
54 static inline uint64_t u64_multiply_safe(uint64_t a, uint64_t b) {
55 if (_unlikely_(a != 0 && b > (UINT64_MAX / a)))
56 return 0; /* overflow */
57
58 return a * b;
59 }
60
61 /* align to next higher power-of-2 (except for: 0 => 0, overflow => 0) */
62 static inline unsigned long ALIGN_POWER2(unsigned long u) {
63
64 /* Avoid subtraction overflow */
65 if (u == 0)
66 return 0;
67
68 /* clz(0) is undefined */
69 if (u == 1)
70 return 1;
71
72 /* left-shift overflow is undefined */
73 if (__builtin_clzl(u - 1UL) < 1)
74 return 0;
75
76 return 1UL << (sizeof(u) * 8 - __builtin_clzl(u - 1UL));
77 }
78
79 static inline size_t GREEDY_ALLOC_ROUND_UP(size_t l) {
80 size_t m;
81
82 /* Round up allocation sizes a bit to some reasonable, likely larger value. This is supposed to be
83 * used for cases which are likely called in an allocation loop of some form, i.e. that repetitively
84 * grow stuff, for example strv_extend() and suchlike.
85 *
86 * Note the difference to GREEDY_REALLOC() here, as this helper operates on a single size value only,
87 * and rounds up to next multiple of 2, needing no further counter.
88 *
89 * Note the benefits of direct ALIGN_POWER2() usage: type-safety for size_t, sane handling for very
90 * small (i.e. <= 2) and safe handling for very large (i.e. > SSIZE_MAX) values. */
91
92 if (l <= 2)
93 return 2; /* Never allocate less than 2 of something. */
94
95 m = ALIGN_POWER2(l);
96 if (m == 0) /* overflow? */
97 return l;
98
99 return m;
100 }
101
102 /*
103 * container_of - cast a member of a structure out to the containing structure
104 * @ptr: the pointer to the member.
105 * @type: the type of the container struct this is embedded in.
106 * @member: the name of the member within the struct.
107 */
108 #define container_of(ptr, type, member) __container_of(UNIQ, (ptr), type, member)
109 #define __container_of(uniq, ptr, type, member) \
110 ({ \
111 const typeof( ((type*)0)->member ) *UNIQ_T(A, uniq) = (ptr); \
112 (type*)( (char *)UNIQ_T(A, uniq) - offsetof(type, member) ); \
113 })
114
115 #ifdef __COVERITY__
116
117 /* Use special definitions of assertion macros in order to prevent
118 * false positives of ASSERT_SIDE_EFFECT on Coverity static analyzer
119 * for uses of assert_se() and assert_return().
120 *
121 * These definitions make expression go through a (trivial) function
122 * call to ensure they are not discarded. Also use ! or !! to ensure
123 * the boolean expressions are seen as such.
124 *
125 * This technique has been described and recommended in:
126 * https://community.synopsys.com/s/question/0D534000046Yuzb/suppressing-assertsideeffect-for-functions-that-allow-for-sideeffects
127 */
128
129 extern void __coverity_panic__(void);
130
131 static inline void __coverity_check__(int condition) {
132 if (!condition)
133 __coverity_panic__();
134 }
135
136 static inline int __coverity_check_and_return__(int condition) {
137 return condition;
138 }
139
140 #define assert_message_se(expr, message) __coverity_check__(!!(expr))
141
142 #define assert_log(expr, message) __coverity_check_and_return__(!!(expr))
143
144 #else /* ! __COVERITY__ */
145
146 #define assert_message_se(expr, message) \
147 do { \
148 if (_unlikely_(!(expr))) \
149 log_assert_failed(message, PROJECT_FILE, __LINE__, __func__); \
150 } while (false)
151
152 #define assert_log(expr, message) ((_likely_(expr)) \
153 ? (true) \
154 : (log_assert_failed_return(message, PROJECT_FILE, __LINE__, __func__), false))
155
156 #endif /* __COVERITY__ */
157
158 #define assert_se(expr) assert_message_se(expr, #expr)
159
160 /* We override the glibc assert() here. */
161 #undef assert
162 #ifdef NDEBUG
163 #define assert(expr) ({ if (!(expr)) __builtin_unreachable(); })
164 #else
165 #define assert(expr) assert_message_se(expr, #expr)
166 #endif
167
168 #define assert_not_reached() \
169 log_assert_failed_unreachable(PROJECT_FILE, __LINE__, __func__)
170
171 #define assert_return(expr, r) \
172 do { \
173 if (!assert_log(expr, #expr)) \
174 return (r); \
175 } while (false)
176
177 #define assert_return_errno(expr, r, err) \
178 do { \
179 if (!assert_log(expr, #expr)) { \
180 errno = err; \
181 return (r); \
182 } \
183 } while (false)
184
185 #define return_with_errno(r, err) \
186 do { \
187 errno = abs(err); \
188 return r; \
189 } while (false)
190
191 #define PTR_TO_INT(p) ((int) ((intptr_t) (p)))
192 #define INT_TO_PTR(u) ((void *) ((intptr_t) (u)))
193 #define PTR_TO_UINT(p) ((unsigned) ((uintptr_t) (p)))
194 #define UINT_TO_PTR(u) ((void *) ((uintptr_t) (u)))
195
196 #define PTR_TO_LONG(p) ((long) ((intptr_t) (p)))
197 #define LONG_TO_PTR(u) ((void *) ((intptr_t) (u)))
198 #define PTR_TO_ULONG(p) ((unsigned long) ((uintptr_t) (p)))
199 #define ULONG_TO_PTR(u) ((void *) ((uintptr_t) (u)))
200
201 #define PTR_TO_UINT8(p) ((uint8_t) ((uintptr_t) (p)))
202 #define UINT8_TO_PTR(u) ((void *) ((uintptr_t) (u)))
203
204 #define PTR_TO_INT32(p) ((int32_t) ((intptr_t) (p)))
205 #define INT32_TO_PTR(u) ((void *) ((intptr_t) (u)))
206 #define PTR_TO_UINT32(p) ((uint32_t) ((uintptr_t) (p)))
207 #define UINT32_TO_PTR(u) ((void *) ((uintptr_t) (u)))
208
209 #define PTR_TO_INT64(p) ((int64_t) ((intptr_t) (p)))
210 #define INT64_TO_PTR(u) ((void *) ((intptr_t) (u)))
211 #define PTR_TO_UINT64(p) ((uint64_t) ((uintptr_t) (p)))
212 #define UINT64_TO_PTR(u) ((void *) ((uintptr_t) (u)))
213
214 #define PTR_TO_SIZE(p) ((size_t) ((uintptr_t) (p)))
215 #define SIZE_TO_PTR(u) ((void *) ((uintptr_t) (u)))
216
217 #define CHAR_TO_STR(x) ((char[2]) { x, 0 })
218
219 #define char_array_0(x) x[sizeof(x)-1] = 0;
220
221 #define sizeof_field(struct_type, member) sizeof(((struct_type *) 0)->member)
222 #define endoffsetof_field(struct_type, member) (offsetof(struct_type, member) + sizeof_field(struct_type, member))
223
224 /* Maximum buffer size needed for formatting an unsigned integer type as hex, including space for '0x'
225 * prefix and trailing NUL suffix. */
226 #define HEXADECIMAL_STR_MAX(type) (2 + sizeof(type) * 2 + 1)
227
228 /* Returns the number of chars needed to format variables of the specified type as a decimal string. Adds in
229 * extra space for a negative '-' prefix for signed types. Includes space for the trailing NUL. */
230 #define DECIMAL_STR_MAX(type) \
231 ((size_t) IS_SIGNED_INTEGER_TYPE(type) + 1U + \
232 (sizeof(type) <= 1 ? 3U : \
233 sizeof(type) <= 2 ? 5U : \
234 sizeof(type) <= 4 ? 10U : \
235 sizeof(type) <= 8 ? (IS_SIGNED_INTEGER_TYPE(type) ? 19U : 20U) : sizeof(int[-2*(sizeof(type) > 8)])))
236
237 /* Returns the number of chars needed to format the specified integer value. It's hence more specific than
238 * DECIMAL_STR_MAX() which answers the same question for all possible values of the specified type. Does
239 * *not* include space for a trailing NUL. (If you wonder why we special case _x_ == 0 here: it's to trick
240 * out gcc's -Wtype-limits, which would complain on comparing an unsigned type with < 0, otherwise. By
241 * special-casing == 0 here first, we can use <= 0 instead of < 0 to trick out gcc.) */
242 #define DECIMAL_STR_WIDTH(x) \
243 ({ \
244 typeof(x) _x_ = (x); \
245 size_t ans; \
246 if (_x_ == 0) \
247 ans = 1; \
248 else { \
249 ans = _x_ <= 0 ? 2 : 1; \
250 while ((_x_ /= 10) != 0) \
251 ans++; \
252 } \
253 ans; \
254 })
255
256 #define SWAP_TWO(x, y) do { \
257 typeof(x) _t = (x); \
258 (x) = (y); \
259 (y) = (_t); \
260 } while (false)
261
262 #define STRV_MAKE(...) ((char**) ((const char*[]) { __VA_ARGS__, NULL }))
263 #define STRV_MAKE_EMPTY ((char*[1]) { NULL })
264 #define STRV_MAKE_CONST(...) ((const char* const*) ((const char*[]) { __VA_ARGS__, NULL }))
265
266 /* Pointers range from NULL to POINTER_MAX */
267 #define POINTER_MAX ((void*) UINTPTR_MAX)
268
269 /* Iterates through a specified list of pointers. Accepts NULL pointers, but uses POINTER_MAX as internal marker for EOL. */
270 #define FOREACH_POINTER(p, x, ...) \
271 for (typeof(p) *_l = (typeof(p)[]) { ({ p = x; }), ##__VA_ARGS__, POINTER_MAX }; \
272 p != (typeof(p)) POINTER_MAX; \
273 p = *(++_l))
274
275 #define _FOREACH_ARRAY(i, array, num, m, end) \
276 for (typeof(array[0]) *i = (array), *end = ({ \
277 typeof(num) m = (num); \
278 (i && m > 0) ? i + m : NULL; \
279 }); end && i < end; i++)
280
281 #define FOREACH_ARRAY(i, array, num) \
282 _FOREACH_ARRAY(i, array, num, UNIQ_T(m, UNIQ), UNIQ_T(end, UNIQ))
283
284 #define _DEFINE_TRIVIAL_REF_FUNC(type, name, scope) \
285 scope type *name##_ref(type *p) { \
286 if (!p) \
287 return NULL; \
288 \
289 /* For type check. */ \
290 unsigned *q = &p->n_ref; \
291 assert(*q > 0); \
292 assert_se(*q < UINT_MAX); \
293 \
294 (*q)++; \
295 return p; \
296 }
297
298 #define _DEFINE_TRIVIAL_UNREF_FUNC(type, name, free_func, scope) \
299 scope type *name##_unref(type *p) { \
300 if (!p) \
301 return NULL; \
302 \
303 assert(p->n_ref > 0); \
304 p->n_ref--; \
305 if (p->n_ref > 0) \
306 return NULL; \
307 \
308 return free_func(p); \
309 }
310
311 #define DEFINE_TRIVIAL_REF_FUNC(type, name) \
312 _DEFINE_TRIVIAL_REF_FUNC(type, name,)
313 #define DEFINE_PRIVATE_TRIVIAL_REF_FUNC(type, name) \
314 _DEFINE_TRIVIAL_REF_FUNC(type, name, static)
315 #define DEFINE_PUBLIC_TRIVIAL_REF_FUNC(type, name) \
316 _DEFINE_TRIVIAL_REF_FUNC(type, name, _public_)
317
318 #define DEFINE_TRIVIAL_UNREF_FUNC(type, name, free_func) \
319 _DEFINE_TRIVIAL_UNREF_FUNC(type, name, free_func,)
320 #define DEFINE_PRIVATE_TRIVIAL_UNREF_FUNC(type, name, free_func) \
321 _DEFINE_TRIVIAL_UNREF_FUNC(type, name, free_func, static)
322 #define DEFINE_PUBLIC_TRIVIAL_UNREF_FUNC(type, name, free_func) \
323 _DEFINE_TRIVIAL_UNREF_FUNC(type, name, free_func, _public_)
324
325 #define DEFINE_TRIVIAL_REF_UNREF_FUNC(type, name, free_func) \
326 DEFINE_TRIVIAL_REF_FUNC(type, name); \
327 DEFINE_TRIVIAL_UNREF_FUNC(type, name, free_func);
328
329 #define DEFINE_PRIVATE_TRIVIAL_REF_UNREF_FUNC(type, name, free_func) \
330 DEFINE_PRIVATE_TRIVIAL_REF_FUNC(type, name); \
331 DEFINE_PRIVATE_TRIVIAL_UNREF_FUNC(type, name, free_func);
332
333 #define DEFINE_PUBLIC_TRIVIAL_REF_UNREF_FUNC(type, name, free_func) \
334 DEFINE_PUBLIC_TRIVIAL_REF_FUNC(type, name); \
335 DEFINE_PUBLIC_TRIVIAL_UNREF_FUNC(type, name, free_func);
336
337 /* A macro to force copying of a variable from memory. This is useful whenever we want to read something from
338 * memory and want to make sure the compiler won't optimize away the destination variable for us. It's not
339 * supposed to be a full CPU memory barrier, i.e. CPU is still allowed to reorder the reads, but it is not
340 * allowed to remove our local copies of the variables. We want this to work for unaligned memory, hence
341 * memcpy() is great for our purposes. */
342 #define READ_NOW(x) \
343 ({ \
344 typeof(x) _copy; \
345 memcpy(&_copy, &(x), sizeof(_copy)); \
346 asm volatile ("" : : : "memory"); \
347 _copy; \
348 })
349
350 #define saturate_add(x, y, limit) \
351 ({ \
352 typeof(limit) _x = (x); \
353 typeof(limit) _y = (y); \
354 _x > (limit) || _y >= (limit) - _x ? (limit) : _x + _y; \
355 })
356
357 static inline size_t size_add(size_t x, size_t y) {
358 return saturate_add(x, y, SIZE_MAX);
359 }
360
361 typedef struct {
362 int _empty[0];
363 } dummy_t;
364
365 assert_cc(sizeof(dummy_t) == 0);
366
367 /* A little helper for subtracting 1 off a pointer in a safe UB-free way. This is intended to be used for
368 * loops that count down from a high pointer until some base. A naive loop would implement this like this:
369 *
370 * for (p = end-1; p >= base; p--) …
371 *
372 * But this is not safe because p before the base is UB in C. With this macro the loop becomes this instead:
373 *
374 * for (p = PTR_SUB1(end, base); p; p = PTR_SUB1(p, base)) …
375 *
376 * And is free from UB! */
377 #define PTR_SUB1(p, base) \
378 ({ \
379 typeof(p) _q = (p); \
380 _q && _q > (base) ? &_q[-1] : NULL; \
381 })
382
383 /* Iterate through each variadic arg. All must be the same type as 'entry' or must be implicitly
384 * convertible. The iteration variable 'entry' must already be defined. */
385 #define VA_ARGS_FOREACH(entry, ...) \
386 _VA_ARGS_FOREACH(entry, UNIQ_T(_entries_, UNIQ), UNIQ_T(_current_, UNIQ), ##__VA_ARGS__)
387 #define _VA_ARGS_FOREACH(entry, _entries_, _current_, ...) \
388 for (typeof(entry) _entries_[] = { __VA_ARGS__ }, *_current_ = _entries_; \
389 ((long)(_current_ - _entries_) < (long)ELEMENTSOF(_entries_)) && ({ entry = *_current_; true; }); \
390 _current_++)
391
392 #include "log.h"
Unnamed repository; edit this file 'description' to name the repository.