[thirdparty/systemd.git] / src / basic / macro.h

/* SPDX-License-Identifier: LGPL-2.1-or-later */
#pragma once

#include <assert.h>
#include <errno.h>
#include <inttypes.h>
#include <stdbool.h>
#include <sys/param.h>
#include <sys/sysmacros.h>
#include <sys/types.h>

#include "macro-fundamental.h"

#define _printf_(a, b) __attribute__((__format__(printf, a, b)))
#ifdef __clang__
#  define _alloc_(...)
#else
#  define _alloc_(...) __attribute__((__alloc_size__(__VA_ARGS__)))
#endif
#define _sentinel_ __attribute__((__sentinel__))
#define _section_(x) __attribute__((__section__(x)))
#define _used_ __attribute__((__used__))
#define _destructor_ __attribute__((__destructor__))
#define _deprecated_ __attribute__((__deprecated__))
#define _packed_ __attribute__((__packed__))
#define _malloc_ __attribute__((__malloc__))
#define _weak_ __attribute__((__weak__))
#define _likely_(x) (__builtin_expect(!!(x), 1))
#define _unlikely_(x) (__builtin_expect(!!(x), 0))
#define _public_ __attribute__((__visibility__("default")))
#define _hidden_ __attribute__((__visibility__("hidden")))
#define _weakref_(x) __attribute__((__weakref__(#x)))
#define _align_(x) __attribute__((__aligned__(x)))
#define _alignas_(x) __attribute__((__aligned__(__alignof(x))))
#define _alignptr_ __attribute__((__aligned__(sizeof(void*))))
#if __GNUC__ >= 7
#define _fallthrough_ __attribute__((__fallthrough__))
#else
#define _fallthrough_
#endif
/* Define C11 noreturn without <stdnoreturn.h> and even on older gcc
 * compiler versions */
#ifndef _noreturn_
#if __STDC_VERSION__ >= 201112L
#define _noreturn_ _Noreturn
#else
#define _noreturn_ __attribute__((__noreturn__))
#endif
#endif

#if !defined(HAS_FEATURE_MEMORY_SANITIZER)
#  if defined(__has_feature)
#    if __has_feature(memory_sanitizer)
#      define HAS_FEATURE_MEMORY_SANITIZER 1
#    endif
#  endif
#  if !defined(HAS_FEATURE_MEMORY_SANITIZER)
#    define HAS_FEATURE_MEMORY_SANITIZER 0
#  endif
#endif

#if !defined(HAS_FEATURE_ADDRESS_SANITIZER)
#  ifdef __SANITIZE_ADDRESS__
#      define HAS_FEATURE_ADDRESS_SANITIZER 1
#  elif defined(__has_feature)
#    if __has_feature(address_sanitizer)
#      define HAS_FEATURE_ADDRESS_SANITIZER 1
#    endif
#  endif
#  if !defined(HAS_FEATURE_ADDRESS_SANITIZER)
#    define HAS_FEATURE_ADDRESS_SANITIZER 0
#  endif
#endif

/* Note: on GCC "no_sanitize_address" is a function attribute only, on llvm it may also be applied to global
 * variables. We define a specific macro which knows this. Note that on GCC we don't need this decorator so much, since
 * our primary usecase for this attribute is registration structures placed in named ELF sections which shall not be
 * padded, but GCC doesn't pad those anyway if AddressSanitizer is enabled. */
#if HAS_FEATURE_ADDRESS_SANITIZER && defined(__clang__)
#define _variable_no_sanitize_address_ __attribute__((__no_sanitize_address__))
#else
#define _variable_no_sanitize_address_
#endif

/* Apparently there's no has_feature() call defined to check for ubsan, hence let's define this
 * unconditionally on llvm */
#if defined(__clang__)
#define _function_no_sanitize_float_cast_overflow_ __attribute__((no_sanitize("float-cast-overflow")))
#else
#define _function_no_sanitize_float_cast_overflow_
#endif

/* Temporarily disable some warnings */
#define DISABLE_WARNING_DEPRECATED_DECLARATIONS                         \
        _Pragma("GCC diagnostic push");                                 \
        _Pragma("GCC diagnostic ignored \"-Wdeprecated-declarations\"")

#define DISABLE_WARNING_FORMAT_NONLITERAL                               \
        _Pragma("GCC diagnostic push");                                 \
        _Pragma("GCC diagnostic ignored \"-Wformat-nonliteral\"")

#define DISABLE_WARNING_MISSING_PROTOTYPES                              \
        _Pragma("GCC diagnostic push");                                 \
        _Pragma("GCC diagnostic ignored \"-Wmissing-prototypes\"")

#define DISABLE_WARNING_NONNULL                                         \
        _Pragma("GCC diagnostic push");                                 \
        _Pragma("GCC diagnostic ignored \"-Wnonnull\"")

#define DISABLE_WARNING_SHADOW                                          \
        _Pragma("GCC diagnostic push");                                 \
        _Pragma("GCC diagnostic ignored \"-Wshadow\"")

#define DISABLE_WARNING_INCOMPATIBLE_POINTER_TYPES                      \
        _Pragma("GCC diagnostic push");                                 \
        _Pragma("GCC diagnostic ignored \"-Wincompatible-pointer-types\"")

#if HAVE_WSTRINGOP_TRUNCATION
#  define DISABLE_WARNING_STRINGOP_TRUNCATION                           \
        _Pragma("GCC diagnostic push");                                 \
        _Pragma("GCC diagnostic ignored \"-Wstringop-truncation\"")
#else
#  define DISABLE_WARNING_STRINGOP_TRUNCATION                           \
        _Pragma("GCC diagnostic push")
#endif

#define DISABLE_WARNING_FLOAT_EQUAL \
        _Pragma("GCC diagnostic push");                                 \
        _Pragma("GCC diagnostic ignored \"-Wfloat-equal\"")

#define DISABLE_WARNING_TYPE_LIMITS \
        _Pragma("GCC diagnostic push");                                 \
        _Pragma("GCC diagnostic ignored \"-Wtype-limits\"")

#define REENABLE_WARNING                                                \
        _Pragma("GCC diagnostic pop")

/* automake test harness */
#define EXIT_TEST_SKIP 77

#define XSTRINGIFY(x) #x
#define STRINGIFY(x) XSTRINGIFY(x)

/* builtins */
#if __SIZEOF_INT__ == 4
#define BUILTIN_FFS_U32(x) __builtin_ffs(x);
#elif __SIZEOF_LONG__ == 4
#define BUILTIN_FFS_U32(x) __builtin_ffsl(x);
#else
#error "neither int nor long are four bytes long?!?"
#endif

/* Rounds up */

#define ALIGN4(l) (((l) + 3) & ~3)
#define ALIGN8(l) (((l) + 7) & ~7)

#if __SIZEOF_POINTER__ == 8
#define ALIGN(l) ALIGN8(l)
#elif __SIZEOF_POINTER__ == 4
#define ALIGN(l) ALIGN4(l)
#else
#error "Wut? Pointers are neither 4 nor 8 bytes long?"
#endif

#define ALIGN_PTR(p) ((void*) ALIGN((unsigned long) (p)))
#define ALIGN4_PTR(p) ((void*) ALIGN4((unsigned long) (p)))
#define ALIGN8_PTR(p) ((void*) ALIGN8((unsigned long) (p)))

static inline size_t ALIGN_TO(size_t l, size_t ali) {
        return ((l + ali - 1) & ~(ali - 1));
}

#define ALIGN_TO_PTR(p, ali) ((void*) ALIGN_TO((unsigned long) (p), (ali)))

/* align to next higher power-of-2 (except for: 0 => 0, overflow => 0) */
static inline unsigned long ALIGN_POWER2(unsigned long u) {

        /* Avoid subtraction overflow */
        if (u == 0)
                return 0;

        /* clz(0) is undefined */
        if (u == 1)
                return 1;

        /* left-shift overflow is undefined */
        if (__builtin_clzl(u - 1UL) < 1)
                return 0;

        return 1UL << (sizeof(u) * 8 - __builtin_clzl(u - 1UL));
}

static inline size_t GREEDY_ALLOC_ROUND_UP(size_t l) {
        size_t m;

        /* Round up allocation sizes a bit to some reasonable, likely larger value. This is supposed to be
         * used for cases which are likely called in an allocation loop of some form, i.e. that repetitively
         * grow stuff, for example strv_extend() and suchlike.
         *
         * Note the difference to GREEDY_REALLOC() here, as this helper operates on a single size value only,
         * and rounds up to next multiple of 2, needing no further counter.
         *
         * Note the benefits of direct ALIGN_POWER2() usage: type-safety for size_t, sane handling for very
         * small (i.e. <= 2) and safe handling for very large (i.e. > SSIZE_MAX) values. */

        if (l <= 2)
                return 2; /* Never allocate less than 2 of something.  */

        m = ALIGN_POWER2(l);
        if (m == 0) /* overflow? */
                return l;

        return m;
}

/*
 * STRLEN - return the length of a string literal, minus the trailing NUL byte.
 *          Contrary to strlen(), this is a constant expression.
 * @x: a string literal.
 */
#define STRLEN(x) (sizeof(""x"") - 1)

/*
 * container_of - cast a member of a structure out to the containing structure
 * @ptr: the pointer to the member.
 * @type: the type of the container struct this is embedded in.
 * @member: the name of the member within the struct.
 */
#define container_of(ptr, type, member) __container_of(UNIQ, (ptr), type, member)
#define __container_of(uniq, ptr, type, member)                         \
        ({                                                              \
                const typeof( ((type*)0)->member ) *UNIQ_T(A, uniq) = (ptr); \
                (type*)( (char *)UNIQ_T(A, uniq) - offsetof(type, member) ); \
        })

#ifdef __COVERITY__

/* Use special definitions of assertion macros in order to prevent
 * false positives of ASSERT_SIDE_EFFECT on Coverity static analyzer
 * for uses of assert_se() and assert_return().
 *
 * These definitions make expression go through a (trivial) function
 * call to ensure they are not discarded. Also use ! or !! to ensure
 * the boolean expressions are seen as such.
 *
 * This technique has been described and recommended in:
 * https://community.synopsys.com/s/question/0D534000046Yuzb/suppressing-assertsideeffect-for-functions-that-allow-for-sideeffects
 */

extern void __coverity_panic__(void);

static inline void __coverity_check__(int condition) {
        if (!condition)
                __coverity_panic__();
}

static inline int __coverity_check_and_return__(int condition) {
        return condition;
}

#define assert_message_se(expr, message) __coverity_check__(!!(expr))

#define assert_log(expr, message) __coverity_check_and_return__(!!(expr))

#else  /* ! __COVERITY__ */

#define assert_message_se(expr, message)                                \
        do {                                                            \
                if (_unlikely_(!(expr)))                                \
                        log_assert_failed(message, PROJECT_FILE, __LINE__, __PRETTY_FUNCTION__); \
        } while (false)

#define assert_log(expr, message) ((_likely_(expr))                     \
        ? (true)                                                        \
        : (log_assert_failed_return(message, PROJECT_FILE, __LINE__, __PRETTY_FUNCTION__), false))

#endif  /* __COVERITY__ */

#define assert_se(expr) assert_message_se(expr, #expr)

/* We override the glibc assert() here. */
#undef assert
#ifdef NDEBUG
#define assert(expr) do {} while (false)
#else
#define assert(expr) assert_message_se(expr, #expr)
#endif

#define assert_not_reached(t)                                           \
        log_assert_failed_unreachable(t, PROJECT_FILE, __LINE__, __PRETTY_FUNCTION__)

#define assert_return(expr, r)                                          \
        do {                                                            \
                if (!assert_log(expr, #expr))                           \
                        return (r);                                     \
        } while (false)

#define assert_return_errno(expr, r, err)                               \
        do {                                                            \
                if (!assert_log(expr, #expr)) {                         \
                        errno = err;                                    \
                        return (r);                                     \
                }                                                       \
        } while (false)

#define return_with_errno(r, err)                     \
        do {                                          \
                errno = abs(err);                     \
                return r;                             \
        } while (false)

#define PTR_TO_INT(p) ((int) ((intptr_t) (p)))
#define INT_TO_PTR(u) ((void *) ((intptr_t) (u)))
#define PTR_TO_UINT(p) ((unsigned) ((uintptr_t) (p)))
#define UINT_TO_PTR(u) ((void *) ((uintptr_t) (u)))

#define PTR_TO_LONG(p) ((long) ((intptr_t) (p)))
#define LONG_TO_PTR(u) ((void *) ((intptr_t) (u)))
#define PTR_TO_ULONG(p) ((unsigned long) ((uintptr_t) (p)))
#define ULONG_TO_PTR(u) ((void *) ((uintptr_t) (u)))

#define PTR_TO_UINT8(p) ((uint8_t) ((uintptr_t) (p)))
#define UINT8_TO_PTR(u) ((void *) ((uintptr_t) (u)))

#define PTR_TO_INT32(p) ((int32_t) ((intptr_t) (p)))
#define INT32_TO_PTR(u) ((void *) ((intptr_t) (u)))
#define PTR_TO_UINT32(p) ((uint32_t) ((uintptr_t) (p)))
#define UINT32_TO_PTR(u) ((void *) ((uintptr_t) (u)))

#define PTR_TO_INT64(p) ((int64_t) ((intptr_t) (p)))
#define INT64_TO_PTR(u) ((void *) ((intptr_t) (u)))
#define PTR_TO_UINT64(p) ((uint64_t) ((uintptr_t) (p)))
#define UINT64_TO_PTR(u) ((void *) ((uintptr_t) (u)))

#define PTR_TO_SIZE(p) ((size_t) ((uintptr_t) (p)))
#define SIZE_TO_PTR(u) ((void *) ((uintptr_t) (u)))

#define CHAR_TO_STR(x) ((char[2]) { x, 0 })

#define char_array_0(x) x[sizeof(x)-1] = 0;

#define sizeof_field(struct_type, member) sizeof(((struct_type *) 0)->member)

/* Returns the number of chars needed to format variables of the
 * specified type as a decimal string. Adds in extra space for a
 * negative '-' prefix (hence works correctly on signed
 * types). Includes space for the trailing NUL. */
#define DECIMAL_STR_MAX(type)                                           \
        (2+(sizeof(type) <= 1 ? 3 :                                     \
            sizeof(type) <= 2 ? 5 :                                     \
            sizeof(type) <= 4 ? 10 :                                    \
            sizeof(type) <= 8 ? 20 : sizeof(int[-2*(sizeof(type) > 8)])))

#define DECIMAL_STR_WIDTH(x)                            \
        ({                                              \
                typeof(x) _x_ = (x);                    \
                unsigned ans = 1;                       \
                while ((_x_ /= 10) != 0)                \
                        ans++;                          \
                ans;                                    \
        })

#define UPDATE_FLAG(orig, flag, b)                      \
        ((b) ? ((orig) | (flag)) : ((orig) & ~(flag)))
#define SET_FLAG(v, flag, b) \
        (v) = UPDATE_FLAG(v, flag, b)
#define FLAGS_SET(v, flags) \
        ((~(v) & (flags)) == 0)

#define SWAP_TWO(x, y) do {                        \
                typeof(x) _t = (x);                \
                (x) = (y);                         \
                (y) = (_t);                        \
        } while (false)

#define STRV_MAKE(...) ((char**) ((const char*[]) { __VA_ARGS__, NULL }))
#define STRV_MAKE_EMPTY ((char*[1]) { NULL })

/* Pointers range from NULL to POINTER_MAX */
#define POINTER_MAX ((void*) UINTPTR_MAX)

/* Iterates through a specified list of pointers. Accepts NULL pointers, but uses POINTER_MAX as internal marker for EOL. */
#define FOREACH_POINTER(p, x, ...)                                                       \
        for (typeof(p) *_l = (typeof(p)[]) { ({ p = x; }), ##__VA_ARGS__, POINTER_MAX }; \
             p != (typeof(p)) POINTER_MAX;                                               \
             p = *(++_l))

/* Define C11 thread_local attribute even on older gcc compiler
 * version */
#ifndef thread_local
/*
 * Don't break on glibc < 2.16 that doesn't define __STDC_NO_THREADS__
 * see http://gcc.gnu.org/bugzilla/show_bug.cgi?id=53769
 */
#if __STDC_VERSION__ >= 201112L && !(defined(__STDC_NO_THREADS__) || (defined(__GNU_LIBRARY__) && __GLIBC__ == 2 && __GLIBC_MINOR__ < 16))
#define thread_local _Thread_local
#else
#define thread_local __thread
#endif
#endif

#define DEFINE_TRIVIAL_DESTRUCTOR(name, type, func)             \
        static inline void name(type *p) {                      \
                func(p);                                        \
        }

/* When func() returns the void value (NULL, -1, …) of the appropriate type */
#define DEFINE_TRIVIAL_CLEANUP_FUNC(type, func)                 \
        static inline void func##p(type *p) {                   \
                if (*p)                                         \
                        *p = func(*p);                          \
        }

/* When func() doesn't return the appropriate type, set variable to empty afterwards */
#define DEFINE_TRIVIAL_CLEANUP_FUNC_FULL(type, func, empty)     \
        static inline void func##p(type *p) {                   \
                if (*p != (empty)) {                            \
                        func(*p);                               \
                        *p = (empty);                           \
                }                                               \
        }

#define _DEFINE_TRIVIAL_REF_FUNC(type, name, scope)             \
        scope type *name##_ref(type *p) {                       \
                if (!p)                                         \
                        return NULL;                            \
                                                                \
                assert(p->n_ref > 0);                           \
                p->n_ref++;                                     \
                return p;                                       \
        }

#define _DEFINE_TRIVIAL_UNREF_FUNC(type, name, free_func, scope) \
        scope type *name##_unref(type *p) {                      \
                if (!p)                                          \
                        return NULL;                             \
                                                                 \
                assert(p->n_ref > 0);                            \
                p->n_ref--;                                      \
                if (p->n_ref > 0)                                \
                        return NULL;                             \
                                                                 \
                return free_func(p);                             \
        }

#define DEFINE_TRIVIAL_REF_FUNC(type, name)     \
        _DEFINE_TRIVIAL_REF_FUNC(type, name,)
#define DEFINE_PRIVATE_TRIVIAL_REF_FUNC(type, name)     \
        _DEFINE_TRIVIAL_REF_FUNC(type, name, static)
#define DEFINE_PUBLIC_TRIVIAL_REF_FUNC(type, name)      \
        _DEFINE_TRIVIAL_REF_FUNC(type, name, _public_)

#define DEFINE_TRIVIAL_UNREF_FUNC(type, name, free_func)        \
        _DEFINE_TRIVIAL_UNREF_FUNC(type, name, free_func,)
#define DEFINE_PRIVATE_TRIVIAL_UNREF_FUNC(type, name, free_func)        \
        _DEFINE_TRIVIAL_UNREF_FUNC(type, name, free_func, static)
#define DEFINE_PUBLIC_TRIVIAL_UNREF_FUNC(type, name, free_func)         \
        _DEFINE_TRIVIAL_UNREF_FUNC(type, name, free_func, _public_)

#define DEFINE_TRIVIAL_REF_UNREF_FUNC(type, name, free_func)    \
        DEFINE_TRIVIAL_REF_FUNC(type, name);                    \
        DEFINE_TRIVIAL_UNREF_FUNC(type, name, free_func);

#define DEFINE_PRIVATE_TRIVIAL_REF_UNREF_FUNC(type, name, free_func)    \
        DEFINE_PRIVATE_TRIVIAL_REF_FUNC(type, name);                    \
        DEFINE_PRIVATE_TRIVIAL_UNREF_FUNC(type, name, free_func);

#define DEFINE_PUBLIC_TRIVIAL_REF_UNREF_FUNC(type, name, free_func)    \
        DEFINE_PUBLIC_TRIVIAL_REF_FUNC(type, name);                    \
        DEFINE_PUBLIC_TRIVIAL_UNREF_FUNC(type, name, free_func);

/* A macro to force copying of a variable from memory. This is useful whenever we want to read something from
 * memory and want to make sure the compiler won't optimize away the destination variable for us. It's not
 * supposed to be a full CPU memory barrier, i.e. CPU is still allowed to reorder the reads, but it is not
 * allowed to remove our local copies of the variables. We want this to work for unaligned memory, hence
 * memcpy() is great for our purposes. */
#define READ_NOW(x)                                                     \
        ({                                                              \
                typeof(x) _copy;                                        \
                memcpy(&_copy, &(x), sizeof(_copy));                    \
                asm volatile ("" : : : "memory");                       \
                _copy;                                                  \
        })

static inline size_t size_add(size_t x, size_t y) {
        return y >= SIZE_MAX - x ? SIZE_MAX : x + y;
}

#include "log.h"
Commit	Line	Data
db9ecf05	1	/* SPDX-License-Identifier: LGPL-2.1-or-later */
c2f1db8f	2	#pragma once
60918275	3
7e61bd0f	4	#include <assert.h>
666a84ea	5	#include <errno.h>
c31e1495	6	#include <inttypes.h>
c01ff965	7	#include <stdbool.h>
afc5dbf3	8	#include <sys/param.h>
27d13af7	9	#include <sys/sysmacros.h>
afc5dbf3	10	#include <sys/types.h>
60918275	11
e5bc5f1f YW	12	#include "macro-fundamental.h"
e5bc5f1f YW	13
2ee1c55d	14	#define _printf_(a, b) __attribute__((__format__(printf, a, b)))
26e9e10b ZJS	15	#ifdef __clang__
	16	# define _alloc_(...)
	17	#else
2ee1c55d	18	# define _alloc_(...) __attribute__((__alloc_size__(__VA_ARGS__)))
26e9e10b	19	#endif
2ee1c55d	20	#define _sentinel_ __attribute__((__sentinel__))
d752090f LP	21	#define _section_(x) __attribute__((__section__(x)))
d752090f LP	22	#define _used_ __attribute__((__used__))
2ee1c55d	23	#define _destructor_ __attribute__((__destructor__))
2ee1c55d LP	24	#define _deprecated_ __attribute__((__deprecated__))
	25	#define _packed_ __attribute__((__packed__))
	26	#define _malloc_ __attribute__((__malloc__))
	27	#define _weak_ __attribute__((__weak__))
117efe06 FB	28	#define _likely_(x) (__builtin_expect(!!(x), 1))
117efe06 FB	29	#define _unlikely_(x) (__builtin_expect(!!(x), 0))
2ee1c55d LP	30	#define _public_ __attribute__((__visibility__("default")))
2ee1c55d LP	31	#define _hidden_ __attribute__((__visibility__("hidden")))
012c2f76	32	#define _weakref_(x) __attribute__((__weakref__(#x)))
d752090f	33	#define _align_(x) __attribute__((__aligned__(x)))
012c2f76	34	#define _alignas_(x) __attribute__((__aligned__(__alignof(x))))
d752090f	35	#define _alignptr_ __attribute__((__aligned__(sizeof(void*))))
fb8e74a4	36	#if __GNUC__ >= 7
012c2f76	37	#define _fallthrough_ __attribute__((__fallthrough__))
fb8e74a4 SL	38	#else
	39	#define _fallthrough_
	40	#endif
848e863a FB	41	/* Define C11 noreturn without <stdnoreturn.h> and even on older gcc
	42	* compiler versions */
	43	#ifndef _noreturn_
	44	#if __STDC_VERSION__ >= 201112L
	45	#define _noreturn_ _Noreturn
	46	#else
012c2f76	47	#define _noreturn_ __attribute__((__noreturn__))
848e863a FB	48	#endif
848e863a FB	49	#endif
60918275	50
989290db ZJS	51	#if !defined(HAS_FEATURE_MEMORY_SANITIZER)
	52	# if defined(__has_feature)
	53	# if __has_feature(memory_sanitizer)
	54	# define HAS_FEATURE_MEMORY_SANITIZER 1
	55	# endif
	56	# endif
	57	# if !defined(HAS_FEATURE_MEMORY_SANITIZER)
	58	# define HAS_FEATURE_MEMORY_SANITIZER 0
	59	# endif
	60	#endif
	61
289acab9	62	#if !defined(HAS_FEATURE_ADDRESS_SANITIZER)
be5f77b2 LP	63	# ifdef __SANITIZE_ADDRESS__
	64	# define HAS_FEATURE_ADDRESS_SANITIZER 1
	65	# elif defined(__has_feature)
289acab9 EV	66	# if __has_feature(address_sanitizer)
	67	# define HAS_FEATURE_ADDRESS_SANITIZER 1
	68	# endif
	69	# endif
	70	# if !defined(HAS_FEATURE_ADDRESS_SANITIZER)
	71	# define HAS_FEATURE_ADDRESS_SANITIZER 0
	72	# endif
	73	#endif
	74
026c2677 LP	75	/* Note: on GCC "no_sanitize_address" is a function attribute only, on llvm it may also be applied to global
	76	* variables. We define a specific macro which knows this. Note that on GCC we don't need this decorator so much, since
	77	* our primary usecase for this attribute is registration structures placed in named ELF sections which shall not be
	78	* padded, but GCC doesn't pad those anyway if AddressSanitizer is enabled. */
	79	#if HAS_FEATURE_ADDRESS_SANITIZER && defined(__clang__)
	80	#define _variable_no_sanitize_address_ __attribute__((__no_sanitize_address__))
	81	#else
	82	#define _variable_no_sanitize_address_
	83	#endif
	84
8e2fa6e2 LP	85	/* Apparently there's no has_feature() call defined to check for ubsan, hence let's define this
	86	* unconditionally on llvm */
	87	#if defined(__clang__)
	88	#define _function_no_sanitize_float_cast_overflow_ __attribute__((no_sanitize("float-cast-overflow")))
	89	#else
	90	#define _function_no_sanitize_float_cast_overflow_
	91	#endif
	92
7ebe131a	93	/* Temporarily disable some warnings */
4b6f74f5 ZJS	94	#define DISABLE_WARNING_DEPRECATED_DECLARATIONS \
	95	_Pragma("GCC diagnostic push"); \
	96	_Pragma("GCC diagnostic ignored \"-Wdeprecated-declarations\"")
	97
bcfce235 LP	98	#define DISABLE_WARNING_FORMAT_NONLITERAL \
	99	_Pragma("GCC diagnostic push"); \
	100	_Pragma("GCC diagnostic ignored \"-Wformat-nonliteral\"")
	101
f0f2e63b LP	102	#define DISABLE_WARNING_MISSING_PROTOTYPES \
	103	_Pragma("GCC diagnostic push"); \
	104	_Pragma("GCC diagnostic ignored \"-Wmissing-prototypes\"")
	105
8fca4e30 LP	106	#define DISABLE_WARNING_NONNULL \
	107	_Pragma("GCC diagnostic push"); \
	108	_Pragma("GCC diagnostic ignored \"-Wnonnull\"")
	109
d442e2ec DH	110	#define DISABLE_WARNING_SHADOW \
	111	_Pragma("GCC diagnostic push"); \
	112	_Pragma("GCC diagnostic ignored \"-Wshadow\"")
	113
df99a9ef ZJS	114	#define DISABLE_WARNING_INCOMPATIBLE_POINTER_TYPES \
	115	_Pragma("GCC diagnostic push"); \
	116	_Pragma("GCC diagnostic ignored \"-Wincompatible-pointer-types\"")
	117
6695c200 ZJS	118	#if HAVE_WSTRINGOP_TRUNCATION
	119	# define DISABLE_WARNING_STRINGOP_TRUNCATION \
	120	_Pragma("GCC diagnostic push"); \
	121	_Pragma("GCC diagnostic ignored \"-Wstringop-truncation\"")
	122	#else
	123	# define DISABLE_WARNING_STRINGOP_TRUNCATION \
	124	_Pragma("GCC diagnostic push")
	125	#endif
	126
6a5b28de LP	127	#define DISABLE_WARNING_FLOAT_EQUAL \
	128	_Pragma("GCC diagnostic push"); \
	129	_Pragma("GCC diagnostic ignored \"-Wfloat-equal\"")
	130
6028d766 LP	131	#define DISABLE_WARNING_TYPE_LIMITS \
	132	_Pragma("GCC diagnostic push"); \
	133	_Pragma("GCC diagnostic ignored \"-Wtype-limits\"")
	134
7ebe131a LP	135	#define REENABLE_WARNING \
	136	_Pragma("GCC diagnostic pop")
	137
49e5de64 ZJS	138	/* automake test harness */
	139	#define EXIT_TEST_SKIP 77
	140
bef2733f LP	141	#define XSTRINGIFY(x) #x
	142	#define STRINGIFY(x) XSTRINGIFY(x)
	143
13b498f9 TJ	144	/* builtins */
	145	#if __SIZEOF_INT__ == 4
	146	#define BUILTIN_FFS_U32(x) __builtin_ffs(x);
	147	#elif __SIZEOF_LONG__ == 4
	148	#define BUILTIN_FFS_U32(x) __builtin_ffsl(x);
	149	#else
	150	#error "neither int nor long are four bytes long?!?"
	151	#endif
	152
60918275	153	/* Rounds up */
9be9c7cf LP	154
	155	#define ALIGN4(l) (((l) + 3) & ~3)
	156	#define ALIGN8(l) (((l) + 7) & ~7)
	157
	158	#if __SIZEOF_POINTER__ == 8
	159	#define ALIGN(l) ALIGN8(l)
	160	#elif __SIZEOF_POINTER__ == 4
	161	#define ALIGN(l) ALIGN4(l)
	162	#else
	163	#error "Wut? Pointers are neither 4 nor 8 bytes long?"
	164	#endif
	165
5f86c1f4 LP	166	#define ALIGN_PTR(p) ((void*) ALIGN((unsigned long) (p)))
	167	#define ALIGN4_PTR(p) ((void*) ALIGN4((unsigned long) (p)))
	168	#define ALIGN8_PTR(p) ((void*) ALIGN8((unsigned long) (p)))
e86b80b8	169
37f85e66	170	static inline size_t ALIGN_TO(size_t l, size_t ali) {
37f85e66	171	return ((l + ali - 1) & ~(ali - 1));
22be093f LP	172	}
22be093f LP	173
5f86c1f4	174	#define ALIGN_TO_PTR(p, ali) ((void*) ALIGN_TO((unsigned long) (p), (ali)))
49aa47c7	175
625e870b DH	176	/* align to next higher power-of-2 (except for: 0 => 0, overflow => 0) */
625e870b DH	177	static inline unsigned long ALIGN_POWER2(unsigned long u) {
85c267af LP	178
	179	/* Avoid subtraction overflow */
	180	if (u == 0)
	181	return 0;
	182
625e870b DH	183	/* clz(0) is undefined */
	184	if (u == 1)
	185	return 1;
	186
	187	/* left-shift overflow is undefined */
	188	if (__builtin_clzl(u - 1UL) < 1)
	189	return 0;
	190
	191	return 1UL << (sizeof(u) * 8 - __builtin_clzl(u - 1UL));
	192	}
	193
e49e4c33 LP	194	static inline size_t GREEDY_ALLOC_ROUND_UP(size_t l) {
	195	size_t m;
	196
	197	/* Round up allocation sizes a bit to some reasonable, likely larger value. This is supposed to be
	198	* used for cases which are likely called in an allocation loop of some form, i.e. that repetitively
	199	* grow stuff, for example strv_extend() and suchlike.
	200	*
	201	* Note the difference to GREEDY_REALLOC() here, as this helper operates on a single size value only,
	202	* and rounds up to next multiple of 2, needing no further counter.
	203	*
	204	* Note the benefits of direct ALIGN_POWER2() usage: type-safety for size_t, sane handling for very
	205	* small (i.e. <= 2) and safe handling for very large (i.e. > SSIZE_MAX) values. */
	206
	207	if (l <= 2)
	208	return 2; /* Never allocate less than 2 of something. */
	209
	210	m = ALIGN_POWER2(l);
	211	if (m == 0) /* overflow? */
	212	return l;
	213
	214	return m;
	215	}
	216
6febe75d TH	217	/*
	218	* STRLEN - return the length of a string literal, minus the trailing NUL byte.
	219	* Contrary to strlen(), this is a constant expression.
	220	* @x: a string literal.
	221	*/
	222	#define STRLEN(x) (sizeof(""x"") - 1)
	223
bbc98d32 KS	224	/*
	225	* container_of - cast a member of a structure out to the containing structure
	226	* @ptr: the pointer to the member.
	227	* @type: the type of the container struct this is embedded in.
	228	* @member: the name of the member within the struct.
bbc98d32	229	*/
fb835651 DH	230	#define container_of(ptr, type, member) __container_of(UNIQ, (ptr), type, member)
fb835651 DH	231	#define __container_of(uniq, ptr, type, member) \
117efe06	232	({ \
fb835651	233	const typeof( ((type)0)->member ) UNIQ_T(A, uniq) = (ptr); \
117efe06	234	(type)( (char )UNIQ_T(A, uniq) - offsetof(type, member) ); \
fb835651	235	})
bbc98d32	236
d9fb7afb FB	237	#ifdef __COVERITY__
	238
	239	/* Use special definitions of assertion macros in order to prevent
	240	* false positives of ASSERT_SIDE_EFFECT on Coverity static analyzer
	241	* for uses of assert_se() and assert_return().
	242	*
	243	* These definitions make expression go through a (trivial) function
	244	* call to ensure they are not discarded. Also use ! or !! to ensure
	245	* the boolean expressions are seen as such.
	246	*
	247	* This technique has been described and recommended in:
	248	* https://community.synopsys.com/s/question/0D534000046Yuzb/suppressing-assertsideeffect-for-functions-that-allow-for-sideeffects
	249	*/
	250
	251	extern void __coverity_panic__(void);
	252
065a74a7 FS	253	static inline void __coverity_check__(int condition) {
	254	if (!condition)
	255	__coverity_panic__();
	256	}
	257
	258	static inline int __coverity_check_and_return__(int condition) {
d9fb7afb FB	259	return condition;
	260	}
	261
065a74a7	262	#define assert_message_se(expr, message) __coverity_check__(!!(expr))
d9fb7afb	263
065a74a7	264	#define assert_log(expr, message) __coverity_check_and_return__(!!(expr))
d9fb7afb FB	265
	266	#else /* ! __COVERITY__ */
	267
34c38d2a	268	#define assert_message_se(expr, message) \
dd8f71ee	269	do { \
93a46b0b	270	if (_unlikely_(!(expr))) \
62c6bbbc	271	log_assert_failed(message, PROJECT_FILE, __LINE__, __PRETTY_FUNCTION__); \
34c38d2a MS	272	} while (false)
34c38d2a MS	273
d9fb7afb FB	274	#define assert_log(expr, message) ((_likely_(expr)) \
d9fb7afb FB	275	? (true) \
62c6bbbc	276	: (log_assert_failed_return(message, PROJECT_FILE, __LINE__, __PRETTY_FUNCTION__), false))
d9fb7afb FB	277
	278	#endif /* __COVERITY__ */
	279
34c38d2a	280	#define assert_se(expr) assert_message_se(expr, #expr)
dd8f71ee LP	281
	282	/* We override the glibc assert() here. */
	283	#undef assert
	284	#ifdef NDEBUG
9ed794a3	285	#define assert(expr) do {} while (false)
dd8f71ee	286	#else
34c38d2a	287	#define assert(expr) assert_message_se(expr, #expr)
dd8f71ee	288	#endif
60918275	289
dd8f71ee	290	#define assert_not_reached(t) \
cfec3117	291	log_assert_failed_unreachable(t, PROJECT_FILE, __LINE__, __PRETTY_FUNCTION__)
60918275	292
80514f9c LP	293	#define assert_return(expr, r) \
80514f9c LP	294	do { \
34c38d2a	295	if (!assert_log(expr, #expr)) \
80514f9c	296	return (r); \
18387b59 LP	297	} while (false)
18387b59 LP	298
aa029628 TG	299	#define assert_return_errno(expr, r, err) \
aa029628 TG	300	do { \
34c38d2a	301	if (!assert_log(expr, #expr)) { \
aa029628 TG	302	errno = err; \
	303	return (r); \
	304	} \
	305	} while (false)
	306
fd05c424 YW	307	#define return_with_errno(r, err) \
	308	do { \
	309	errno = abs(err); \
	310	return r; \
	311	} while (false)
	312
a3dc3547 KS	313	#define PTR_TO_INT(p) ((int) ((intptr_t) (p)))
a3dc3547 KS	314	#define INT_TO_PTR(u) ((void *) ((intptr_t) (u)))
14cb109d	315	#define PTR_TO_UINT(p) ((unsigned) ((uintptr_t) (p)))
a3dc3547	316	#define UINT_TO_PTR(u) ((void *) ((uintptr_t) (u)))
60918275	317
a3dc3547 KS	318	#define PTR_TO_LONG(p) ((long) ((intptr_t) (p)))
a3dc3547 KS	319	#define LONG_TO_PTR(u) ((void *) ((intptr_t) (u)))
c6c18be3	320	#define PTR_TO_ULONG(p) ((unsigned long) ((uintptr_t) (p)))
a3dc3547	321	#define ULONG_TO_PTR(u) ((void *) ((uintptr_t) (u)))
c6c18be3	322
4081756a YW	323	#define PTR_TO_UINT8(p) ((uint8_t) ((uintptr_t) (p)))
	324	#define UINT8_TO_PTR(u) ((void *) ((uintptr_t) (u)))
	325
a3dc3547 KS	326	#define PTR_TO_INT32(p) ((int32_t) ((intptr_t) (p)))
	327	#define INT32_TO_PTR(u) ((void *) ((intptr_t) (u)))
	328	#define PTR_TO_UINT32(p) ((uint32_t) ((uintptr_t) (p)))
	329	#define UINT32_TO_PTR(u) ((void *) ((uintptr_t) (u)))
60918275	330
a3dc3547 KS	331	#define PTR_TO_INT64(p) ((int64_t) ((intptr_t) (p)))
	332	#define INT64_TO_PTR(u) ((void *) ((intptr_t) (u)))
	333	#define PTR_TO_UINT64(p) ((uint64_t) ((uintptr_t) (p)))
	334	#define UINT64_TO_PTR(u) ((void *) ((uintptr_t) (u)))
c6c18be3	335
74b2466e LP	336	#define PTR_TO_SIZE(p) ((size_t) ((uintptr_t) (p)))
	337	#define SIZE_TO_PTR(u) ((void *) ((uintptr_t) (u)))
	338
a9c55a88 LP	339	#define CHAR_TO_STR(x) ((char[2]) { x, 0 })
a9c55a88 LP	340
034c6ed7 LP	341	#define char_array_0(x) x[sizeof(x)-1] = 0;
034c6ed7 LP	342
aaec2d7b MAL	343	#define sizeof_field(struct_type, member) sizeof(((struct_type *) 0)->member)
aaec2d7b MAL	344
fa70beaa LP	345	/* Returns the number of chars needed to format variables of the
fa70beaa LP	346	* specified type as a decimal string. Adds in extra space for a
b7ce6b59 LP	347	* negative '-' prefix (hence works correctly on signed
b7ce6b59 LP	348	* types). Includes space for the trailing NUL. */
fa70beaa	349	#define DECIMAL_STR_MAX(type) \
5bcb0f2b	350	(2+(sizeof(type) <= 1 ? 3 : \
fa70beaa LP	351	sizeof(type) <= 2 ? 5 : \
	352	sizeof(type) <= 4 ? 10 : \
	353	sizeof(type) <= 8 ? 20 : sizeof(int[-2*(sizeof(type) > 8)])))
	354
0d1dbeb3 LP	355	#define DECIMAL_STR_WIDTH(x) \
	356	({ \
	357	typeof(x) _x_ = (x); \
	358	unsigned ans = 1; \
ce2090ab	359	while ((_x_ /= 10) != 0) \
0d1dbeb3 LP	360	ans++; \
	361	ans; \
	362	})
	363
0da96503 ZJS	364	#define UPDATE_FLAG(orig, flag, b) \
0da96503 ZJS	365	((b) ? ((orig) \| (flag)) : ((orig) & ~(flag)))
264ad849	366	#define SET_FLAG(v, flag, b) \
0da96503	367	(v) = UPDATE_FLAG(v, flag, b)
d94a24ca	368	#define FLAGS_SET(v, flags) \
222c8d4e	369	((~(v) & (flags)) == 0)
264ad849	370
35aa04e9 LP	371	#define SWAP_TWO(x, y) do { \
	372	typeof(x) _t = (x); \
	373	(x) = (y); \
	374	(y) = (_t); \
	375	} while (false)
	376
46bf625a ZJS	377	#define STRV_MAKE(...) ((char*) ((const char[]) { __VA_ARGS__, NULL }))
	378	#define STRV_MAKE_EMPTY ((char*[1]) { NULL })
	379
66032ef4 LP	380	/* Pointers range from NULL to POINTER_MAX */
	381	#define POINTER_MAX ((void*) UINTPTR_MAX)
	382
	383	/* Iterates through a specified list of pointers. Accepts NULL pointers, but uses POINTER_MAX as internal marker for EOL. */
	384	#define FOREACH_POINTER(p, x, ...) \
	385	for (typeof(p) *_l = (typeof(p)[]) { ({ p = x; }), ##__VA_ARGS__, POINTER_MAX }; \
	386	p != (typeof(p)) POINTER_MAX; \
1146b664 LP	387	p = *(++_l))
1146b664 LP	388
919ce0b7 SL	389	/* Define C11 thread_local attribute even on older gcc compiler
919ce0b7 SL	390	* version */
ec202eae SL	391	#ifndef thread_local
	392	/*
	393	* Don't break on glibc < 2.16 that doesn't define __STDC_NO_THREADS__
	394	* see http://gcc.gnu.org/bugzilla/show_bug.cgi?id=53769
	395	*/
	396	#if __STDC_VERSION__ >= 201112L && !(defined(__STDC_NO_THREADS__) \|\| (defined(__GNU_LIBRARY__) && __GLIBC__ == 2 && __GLIBC_MINOR__ < 16))
	397	#define thread_local _Thread_local
	398	#else
	399	#define thread_local __thread
	400	#endif
	401	#endif
cabb7806	402
1e26b1df YW	403	#define DEFINE_TRIVIAL_DESTRUCTOR(name, type, func) \
	404	static inline void name(type *p) { \
	405	func(p); \
	406	}
	407
fd421c4a	408	/* When func() returns the void value (NULL, -1, …) of the appropriate type */
a2341f68 ZJS	409	#define DEFINE_TRIVIAL_CLEANUP_FUNC(type, func) \
	410	static inline void func##p(type *p) { \
	411	if (*p) \
fd421c4a ZJS	412	p = func(p); \
	413	}
	414
	415	/* When func() doesn't return the appropriate type, set variable to empty afterwards */
	416	#define DEFINE_TRIVIAL_CLEANUP_FUNC_FULL(type, func, empty) \
	417	static inline void func##p(type *p) { \
	418	if (*p != (empty)) { \
a2341f68	419	func(*p); \
fd421c4a ZJS	420	*p = (empty); \
fd421c4a ZJS	421	} \
f6a8265b	422	}
a2341f68	423
a6a08596 YW	424	#define _DEFINE_TRIVIAL_REF_FUNC(type, name, scope) \
	425	scope type name##_ref(type p) { \
	426	if (!p) \
	427	return NULL; \
	428	\
	429	assert(p->n_ref > 0); \
	430	p->n_ref++; \
	431	return p; \
	432	}
	433
	434	#define _DEFINE_TRIVIAL_UNREF_FUNC(type, name, free_func, scope) \
	435	scope type name##_unref(type p) { \
	436	if (!p) \
	437	return NULL; \
	438	\
	439	assert(p->n_ref > 0); \
	440	p->n_ref--; \
	441	if (p->n_ref > 0) \
	442	return NULL; \
	443	\
	444	return free_func(p); \
	445	}
	446
	447	#define DEFINE_TRIVIAL_REF_FUNC(type, name) \
	448	_DEFINE_TRIVIAL_REF_FUNC(type, name,)
	449	#define DEFINE_PRIVATE_TRIVIAL_REF_FUNC(type, name) \
	450	_DEFINE_TRIVIAL_REF_FUNC(type, name, static)
	451	#define DEFINE_PUBLIC_TRIVIAL_REF_FUNC(type, name) \
	452	_DEFINE_TRIVIAL_REF_FUNC(type, name, _public_)
	453
	454	#define DEFINE_TRIVIAL_UNREF_FUNC(type, name, free_func) \
	455	_DEFINE_TRIVIAL_UNREF_FUNC(type, name, free_func,)
	456	#define DEFINE_PRIVATE_TRIVIAL_UNREF_FUNC(type, name, free_func) \
	457	_DEFINE_TRIVIAL_UNREF_FUNC(type, name, free_func, static)
	458	#define DEFINE_PUBLIC_TRIVIAL_UNREF_FUNC(type, name, free_func) \
	459	_DEFINE_TRIVIAL_UNREF_FUNC(type, name, free_func, _public_)
	460
	461	#define DEFINE_TRIVIAL_REF_UNREF_FUNC(type, name, free_func) \
	462	DEFINE_TRIVIAL_REF_FUNC(type, name); \
	463	DEFINE_TRIVIAL_UNREF_FUNC(type, name, free_func);
	464
	465	#define DEFINE_PRIVATE_TRIVIAL_REF_UNREF_FUNC(type, name, free_func) \
	466	DEFINE_PRIVATE_TRIVIAL_REF_FUNC(type, name); \
	467	DEFINE_PRIVATE_TRIVIAL_UNREF_FUNC(type, name, free_func);
	468
	469	#define DEFINE_PUBLIC_TRIVIAL_REF_UNREF_FUNC(type, name, free_func) \
	470	DEFINE_PUBLIC_TRIVIAL_REF_FUNC(type, name); \
	471	DEFINE_PUBLIC_TRIVIAL_UNREF_FUNC(type, name, free_func);
	472
ed50f18c LP	473	/* A macro to force copying of a variable from memory. This is useful whenever we want to read something from
	474	* memory and want to make sure the compiler won't optimize away the destination variable for us. It's not
	475	* supposed to be a full CPU memory barrier, i.e. CPU is still allowed to reorder the reads, but it is not
	476	* allowed to remove our local copies of the variables. We want this to work for unaligned memory, hence
	477	* memcpy() is great for our purposes. */
	478	#define READ_NOW(x) \
	479	({ \
	480	typeof(x) _copy; \
	481	memcpy(&_copy, &(x), sizeof(_copy)); \
	482	asm volatile ("" : : : "memory"); \
	483	_copy; \
	484	})
	485
b0e3d799 ZJS	486	static inline size_t size_add(size_t x, size_t y) {
	487	return y >= SIZE_MAX - x ? SIZE_MAX : x + y;
	488	}
7c502303	489
dd8f71ee	490	#include "log.h"