[thirdparty/systemd.git] / src / fundamental / macro-fundamental.h

/* SPDX-License-Identifier: LGPL-2.1-or-later */
#pragma once

#ifndef SD_BOOT
#include <assert.h>
#endif

#include <limits.h>
#include "types-fundamental.h"

#define _align_(x) __attribute__((__aligned__(x)))
#define _const_ __attribute__((__const__))
#define _pure_ __attribute__((__pure__))
#define _section_(x) __attribute__((__section__(x)))
#define _packed_ __attribute__((__packed__))
#define _retain_ __attribute__((__retain__))
#define _used_ __attribute__((__used__))
#define _unused_ __attribute__((__unused__))
#define _cleanup_(x) __attribute__((__cleanup__(x)))
#define _likely_(x) (__builtin_expect(!!(x), 1))
#define _unlikely_(x) (__builtin_expect(!!(x), 0))
#if __GNUC__ >= 7
#define _fallthrough_ __attribute__((__fallthrough__))
#else
#define _fallthrough_
#endif
/* Define C11 noreturn without <stdnoreturn.h> and even on older gcc
 * compiler versions */
#ifndef _noreturn_
#if __STDC_VERSION__ >= 201112L
#define _noreturn_ _Noreturn
#else
#define _noreturn_ __attribute__((__noreturn__))
#endif
#endif

#define XSTRINGIFY(x) #x
#define STRINGIFY(x) XSTRINGIFY(x)

#ifndef __COVERITY__
#  define VOID_0 ((void)0)
#else
#  define VOID_0 ((void*)0)
#endif

#define ELEMENTSOF(x)                                                   \
        (__builtin_choose_expr(                                         \
                !__builtin_types_compatible_p(typeof(x), typeof(&*(x))), \
                sizeof(x)/sizeof((x)[0]),                               \
                VOID_0))

#define XCONCATENATE(x, y) x ## y
#define CONCATENATE(x, y) XCONCATENATE(x, y)

#ifdef SD_BOOT
        void efi_assert(const char *expr, const char *file, unsigned line, const char *function) _noreturn_;

        #ifdef NDEBUG
                #define assert(expr)
                #define assert_not_reached() __builtin_unreachable()
        #else
                #define assert(expr) ({ _likely_(expr) ? VOID_0 : efi_assert(#expr, __FILE__, __LINE__, __PRETTY_FUNCTION__); })
                #define assert_not_reached() efi_assert("Code should not be reached", __FILE__, __LINE__, __PRETTY_FUNCTION__)
        #endif
        #define assert_se(expr) ({ _likely_(expr) ? VOID_0 : efi_assert(#expr, __FILE__, __LINE__, __PRETTY_FUNCTION__); })

        #define memcpy(a, b, c) CopyMem((a), (b), (c))
        #define free(a) FreePool(a)
#endif

/* This passes the argument through after (if asserts are enabled) checking that it is not null. */
#define ASSERT_PTR(expr)                        \
        ({                                      \
                typeof(expr) _expr_ = (expr);   \
                assert(_expr_);                 \
                _expr_;                         \
        })

#if defined(static_assert)
#define assert_cc(expr)                                                 \
        static_assert(expr, #expr)
#else
#define assert_cc(expr)                                                 \
        struct CONCATENATE(_assert_struct_, __COUNTER__) {              \
                char x[(expr) ? 0 : -1];                                \
        }
#endif

#define UNIQ_T(x, uniq) CONCATENATE(__unique_prefix_, CONCATENATE(x, uniq))
#define UNIQ __COUNTER__

/* Note that this works differently from pthread_once(): this macro does
 * not synchronize code execution, i.e. code that is run conditionalized
 * on this macro will run concurrently to all other code conditionalized
 * the same way, there's no ordering or completion enforced. */
#define ONCE __ONCE(UNIQ_T(_once_, UNIQ))
#define __ONCE(o)                                                       \
        ({                                                              \
                static sd_bool (o) = sd_false;                          \
                __sync_bool_compare_and_swap(&(o), sd_false, sd_true);  \
        })

#undef MAX
#define MAX(a, b) __MAX(UNIQ, (a), UNIQ, (b))
#define __MAX(aq, a, bq, b)                             \
        ({                                              \
                const typeof(a) UNIQ_T(A, aq) = (a);    \
                const typeof(b) UNIQ_T(B, bq) = (b);    \
                UNIQ_T(A, aq) > UNIQ_T(B, bq) ? UNIQ_T(A, aq) : UNIQ_T(B, bq); \
        })

#define IS_UNSIGNED_INTEGER_TYPE(type) \
        (__builtin_types_compatible_p(typeof(type), unsigned char) ||   \
         __builtin_types_compatible_p(typeof(type), unsigned short) ||  \
         __builtin_types_compatible_p(typeof(type), unsigned) ||        \
         __builtin_types_compatible_p(typeof(type), unsigned long) ||   \
         __builtin_types_compatible_p(typeof(type), unsigned long long))

#define IS_SIGNED_INTEGER_TYPE(type) \
        (__builtin_types_compatible_p(typeof(type), signed char) ||   \
         __builtin_types_compatible_p(typeof(type), signed short) ||  \
         __builtin_types_compatible_p(typeof(type), signed) ||        \
         __builtin_types_compatible_p(typeof(type), signed long) ||   \
         __builtin_types_compatible_p(typeof(type), signed long long))

/* Evaluates to (void) if _A or _B are not constant or of different types (being integers of different sizes
 * is also OK as long as the signedness matches) */
#define CONST_MAX(_A, _B) \
        (__builtin_choose_expr(                                         \
                __builtin_constant_p(_A) &&                             \
                __builtin_constant_p(_B) &&                             \
                (__builtin_types_compatible_p(typeof(_A), typeof(_B)) || \
                 (IS_UNSIGNED_INTEGER_TYPE(_A) && IS_UNSIGNED_INTEGER_TYPE(_B)) || \
                 (IS_SIGNED_INTEGER_TYPE(_A) && IS_SIGNED_INTEGER_TYPE(_B))), \
                ((_A) > (_B)) ? (_A) : (_B),                            \
                VOID_0))

/* takes two types and returns the size of the larger one */
#define MAXSIZE(A, B) (sizeof(union _packed_ { typeof(A) a; typeof(B) b; }))

#define MAX3(x, y, z)                                   \
        ({                                              \
                const typeof(x) _c = MAX(x, y);         \
                MAX(_c, z);                             \
        })

#define MAX4(x, y, z, a)                                \
        ({                                              \
                const typeof(x) _d = MAX3(x, y, z);     \
                MAX(_d, a);                             \
        })

#undef MIN
#define MIN(a, b) __MIN(UNIQ, (a), UNIQ, (b))
#define __MIN(aq, a, bq, b)                             \
        ({                                              \
                const typeof(a) UNIQ_T(A, aq) = (a);    \
                const typeof(b) UNIQ_T(B, bq) = (b);    \
                UNIQ_T(A, aq) < UNIQ_T(B, bq) ? UNIQ_T(A, aq) : UNIQ_T(B, bq); \
        })

/* evaluates to (void) if _A or _B are not constant or of different types */
#define CONST_MIN(_A, _B) \
        (__builtin_choose_expr(                                         \
                __builtin_constant_p(_A) &&                             \
                __builtin_constant_p(_B) &&                             \
                __builtin_types_compatible_p(typeof(_A), typeof(_B)),   \
                ((_A) < (_B)) ? (_A) : (_B),                            \
                VOID_0))

#define MIN3(x, y, z)                                   \
        ({                                              \
                const typeof(x) _c = MIN(x, y);         \
                MIN(_c, z);                             \
        })

#define LESS_BY(a, b) __LESS_BY(UNIQ, (a), UNIQ, (b))
#define __LESS_BY(aq, a, bq, b)                         \
        ({                                              \
                const typeof(a) UNIQ_T(A, aq) = (a);    \
                const typeof(b) UNIQ_T(B, bq) = (b);    \
                UNIQ_T(A, aq) > UNIQ_T(B, bq) ? UNIQ_T(A, aq) - UNIQ_T(B, bq) : 0; \
        })

#define CMP(a, b) __CMP(UNIQ, (a), UNIQ, (b))
#define __CMP(aq, a, bq, b)                             \
        ({                                              \
                const typeof(a) UNIQ_T(A, aq) = (a);    \
                const typeof(b) UNIQ_T(B, bq) = (b);    \
                UNIQ_T(A, aq) < UNIQ_T(B, bq) ? -1 :    \
                UNIQ_T(A, aq) > UNIQ_T(B, bq) ? 1 : 0;  \
        })

#undef CLAMP
#define CLAMP(x, low, high) __CLAMP(UNIQ, (x), UNIQ, (low), UNIQ, (high))
#define __CLAMP(xq, x, lowq, low, highq, high)                          \
        ({                                                              \
                const typeof(x) UNIQ_T(X, xq) = (x);                    \
                const typeof(low) UNIQ_T(LOW, lowq) = (low);            \
                const typeof(high) UNIQ_T(HIGH, highq) = (high);        \
                        UNIQ_T(X, xq) > UNIQ_T(HIGH, highq) ?           \
                                UNIQ_T(HIGH, highq) :                   \
                                UNIQ_T(X, xq) < UNIQ_T(LOW, lowq) ?     \
                                        UNIQ_T(LOW, lowq) :             \
                                        UNIQ_T(X, xq);                  \
        })

/* [(x + y - 1) / y] suffers from an integer overflow, even though the
 * computation should be possible in the given type. Therefore, we use
 * [x / y + !!(x % y)]. Note that on "Real CPUs" a division returns both the
 * quotient and the remainder, so both should be equally fast. */
#define DIV_ROUND_UP(x, y) __DIV_ROUND_UP(UNIQ, (x), UNIQ, (y))
#define __DIV_ROUND_UP(xq, x, yq, y)                                    \
        ({                                                              \
                const typeof(x) UNIQ_T(X, xq) = (x);                    \
                const typeof(y) UNIQ_T(Y, yq) = (y);                    \
                (UNIQ_T(X, xq) / UNIQ_T(Y, yq) + !!(UNIQ_T(X, xq) % UNIQ_T(Y, yq))); \
        })

#define CASE_F(X) case X:
#define CASE_F_1(CASE, X) CASE_F(X)
#define CASE_F_2(CASE, X, ...)  CASE(X) CASE_F_1(CASE, __VA_ARGS__)
#define CASE_F_3(CASE, X, ...)  CASE(X) CASE_F_2(CASE, __VA_ARGS__)
#define CASE_F_4(CASE, X, ...)  CASE(X) CASE_F_3(CASE, __VA_ARGS__)
#define CASE_F_5(CASE, X, ...)  CASE(X) CASE_F_4(CASE, __VA_ARGS__)
#define CASE_F_6(CASE, X, ...)  CASE(X) CASE_F_5(CASE, __VA_ARGS__)
#define CASE_F_7(CASE, X, ...)  CASE(X) CASE_F_6(CASE, __VA_ARGS__)
#define CASE_F_8(CASE, X, ...)  CASE(X) CASE_F_7(CASE, __VA_ARGS__)
#define CASE_F_9(CASE, X, ...)  CASE(X) CASE_F_8(CASE, __VA_ARGS__)
#define CASE_F_10(CASE, X, ...) CASE(X) CASE_F_9(CASE, __VA_ARGS__)
#define CASE_F_11(CASE, X, ...) CASE(X) CASE_F_10(CASE, __VA_ARGS__)
#define CASE_F_12(CASE, X, ...) CASE(X) CASE_F_11(CASE, __VA_ARGS__)
#define CASE_F_13(CASE, X, ...) CASE(X) CASE_F_12(CASE, __VA_ARGS__)
#define CASE_F_14(CASE, X, ...) CASE(X) CASE_F_13(CASE, __VA_ARGS__)
#define CASE_F_15(CASE, X, ...) CASE(X) CASE_F_14(CASE, __VA_ARGS__)
#define CASE_F_16(CASE, X, ...) CASE(X) CASE_F_15(CASE, __VA_ARGS__)
#define CASE_F_17(CASE, X, ...) CASE(X) CASE_F_16(CASE, __VA_ARGS__)
#define CASE_F_18(CASE, X, ...) CASE(X) CASE_F_17(CASE, __VA_ARGS__)
#define CASE_F_19(CASE, X, ...) CASE(X) CASE_F_18(CASE, __VA_ARGS__)
#define CASE_F_20(CASE, X, ...) CASE(X) CASE_F_19(CASE, __VA_ARGS__)

#define GET_CASE_F(_1,_2,_3,_4,_5,_6,_7,_8,_9,_10,_11,_12,_13,_14,_15,_16,_17,_18,_19,_20,NAME,...) NAME
#define FOR_EACH_MAKE_CASE(...) \
        GET_CASE_F(__VA_ARGS__,CASE_F_20,CASE_F_19,CASE_F_18,CASE_F_17,CASE_F_16,CASE_F_15,CASE_F_14,CASE_F_13,CASE_F_12,CASE_F_11, \
                               CASE_F_10,CASE_F_9,CASE_F_8,CASE_F_7,CASE_F_6,CASE_F_5,CASE_F_4,CASE_F_3,CASE_F_2,CASE_F_1) \
                   (CASE_F,__VA_ARGS__)

#define IN_SET(x, ...)                          \
        ({                                      \
                sd_bool _found = sd_false;      \
                /* If the build breaks in the line below, you need to extend the case macros. (We use "long double" as  \
                 * type for the array, in the hope that checkers such as ubsan don't complain that the initializers for \
                 * the array are not representable by the base type. Ideally we'd use typeof(x) as base type, but that  \
                 * doesn't work, as we want to use this on bitfields and gcc refuses typeof() on bitfields.) */         \
                static const long double __assert_in_set[] _unused_ = { __VA_ARGS__ }; \
                assert_cc(ELEMENTSOF(__assert_in_set) <= 20); \
                switch(x) {                     \
                FOR_EACH_MAKE_CASE(__VA_ARGS__) \
                        _found = sd_true;       \
                        break;                  \
                default:                        \
                        break;                  \
                }                               \
                _found;                         \
        })

/* Takes inspiration from Rust's Option::take() method: reads and returns a pointer, but at the same time
 * resets it to NULL. See: https://doc.rust-lang.org/std/option/enum.Option.html#method.take */
#define TAKE_PTR(ptr)                           \
        ({                                      \
                typeof(ptr) *_pptr_ = &(ptr);   \
                typeof(ptr) _ptr_ = *_pptr_;    \
                *_pptr_ = NULL;                 \
                _ptr_;                          \
        })

/*
 * STRLEN - return the length of a string literal, minus the trailing NUL byte.
 *          Contrary to strlen(), this is a constant expression.
 * @x: a string literal.
 */
#define STRLEN(x) (sizeof(""x"") - sizeof(typeof(x[0])))

#define mfree(memory)                           \
        ({                                      \
                free(memory);                   \
                (typeof(memory)) NULL;          \
        })

static inline size_t ALIGN_TO(size_t l, size_t ali) {
        /* sd-boot uses UINTN for size_t, let's make sure SIZE_MAX is correct. */
        assert_cc(SIZE_MAX == ~(size_t)0);

        /* Check that alignment is exponent of 2 */
#if SIZE_MAX == UINT_MAX
        assert(__builtin_popcount(ali) == 1);
#elif SIZE_MAX == ULONG_MAX
        assert(__builtin_popcountl(ali) == 1);
#elif SIZE_MAX == ULLONG_MAX
        assert(__builtin_popcountll(ali) == 1);
#else
        #error "Unexpected size_t"
#endif

        if (l > SIZE_MAX - (ali - 1))
                return SIZE_MAX; /* indicate overflow */

        return ((l + ali - 1) & ~(ali - 1));
}

/* Same as ALIGN_TO but callable in constant contexts. */
#define CONST_ALIGN_TO(l, ali)                                         \
        __builtin_choose_expr(                                         \
                __builtin_constant_p(l) &&                             \
                __builtin_constant_p(ali) &&                           \
                __builtin_popcountll(ali) == 1 && /* is power of 2? */ \
                (l <= SIZE_MAX - (ali - 1)),      /* overflow? */      \
                ((l) + (ali) - 1) & ~((ali) - 1),                      \
                VOID_0)

#define UPDATE_FLAG(orig, flag, b)                      \
        ((b) ? ((orig) | (flag)) : ((orig) & ~(flag)))
#define SET_FLAG(v, flag, b) \
        (v) = UPDATE_FLAG(v, flag, b)
#define FLAGS_SET(v, flags) \
        ((~(v) & (flags)) == 0)
Commit	Line	Data
e5bc5f1f YW	1	/* SPDX-License-Identifier: LGPL-2.1-or-later */
	2	#pragma once
	3
	4	#ifndef SD_BOOT
	5	#include <assert.h>
	6	#endif
	7
a36a0d15	8	#include <limits.h>
e514b507	9	#include "types-fundamental.h"
e5bc5f1f	10
9137c03c	11	#define _align_(x) __attribute__((__aligned__(x)))
e5bc5f1f YW	12	#define _const_ __attribute__((__const__))
e5bc5f1f YW	13	#define _pure_ __attribute__((__pure__))
9137c03c	14	#define _section_(x) __attribute__((__section__(x)))
1328150d	15	#define _packed_ __attribute__((__packed__))
a3aff1c4	16	#define _retain_ __attribute__((__retain__))
9137c03c	17	#define _used_ __attribute__((__used__))
e5bc5f1f YW	18	#define _unused_ __attribute__((__unused__))
e5bc5f1f YW	19	#define _cleanup_(x) __attribute__((__cleanup__(x)))
f862e847 JJ	20	#define _likely_(x) (__builtin_expect(!!(x), 1))
	21	#define _unlikely_(x) (__builtin_expect(!!(x), 0))
	22	#if __GNUC__ >= 7
	23	#define _fallthrough_ __attribute__((__fallthrough__))
	24	#else
	25	#define _fallthrough_
	26	#endif
	27	/* Define C11 noreturn without <stdnoreturn.h> and even on older gcc
	28	* compiler versions */
	29	#ifndef _noreturn_
	30	#if __STDC_VERSION__ >= 201112L
	31	#define _noreturn_ _Noreturn
	32	#else
	33	#define _noreturn_ __attribute__((__noreturn__))
	34	#endif
	35	#endif
e5bc5f1f	36
9137c03c DJL	37	#define XSTRINGIFY(x) #x
	38	#define STRINGIFY(x) XSTRINGIFY(x)
	39
e5bc5f1f YW	40	#ifndef __COVERITY__
	41	# define VOID_0 ((void)0)
	42	#else
	43	# define VOID_0 ((void*)0)
	44	#endif
	45
	46	#define ELEMENTSOF(x) \
	47	(__builtin_choose_expr( \
	48	!__builtin_types_compatible_p(typeof(x), typeof(&*(x))), \
	49	sizeof(x)/sizeof((x)[0]), \
	50	VOID_0))
	51
	52	#define XCONCATENATE(x, y) x ## y
	53	#define CONCATENATE(x, y) XCONCATENATE(x, y)
	54
	55	#ifdef SD_BOOT
3b23a6c4 LP	56	void efi_assert(const char expr, const char file, unsigned line, const char *function) _noreturn_;
3b23a6c4 LP	57
7a7267bf JJ	58	#ifdef NDEBUG
	59	#define assert(expr)
	60	#define assert_not_reached() __builtin_unreachable()
	61	#else
7a7267bf JJ	62	#define assert(expr) ({ _likely_(expr) ? VOID_0 : efi_assert(#expr, __FILE__, __LINE__, __PRETTY_FUNCTION__); })
	63	#define assert_not_reached() efi_assert("Code should not be reached", __FILE__, __LINE__, __PRETTY_FUNCTION__)
	64	#endif
3b23a6c4	65	#define assert_se(expr) ({ _likely_(expr) ? VOID_0 : efi_assert(#expr, __FILE__, __LINE__, __PRETTY_FUNCTION__); })
5d8a725b LB	66
5d8a725b LB	67	#define memcpy(a, b, c) CopyMem((a), (b), (c))
200b1d99	68	#define free(a) FreePool(a)
e5bc5f1f YW	69	#endif
e5bc5f1f YW	70
d821e40c ZJS	71	/* This passes the argument through after (if asserts are enabled) checking that it is not null. */
	72	#define ASSERT_PTR(expr) \
	73	({ \
	74	typeof(expr) _expr_ = (expr); \
	75	assert(_expr_); \
	76	_expr_; \
	77	})
	78
e5bc5f1f YW	79	#if defined(static_assert)
	80	#define assert_cc(expr) \
	81	static_assert(expr, #expr)
	82	#else
	83	#define assert_cc(expr) \
	84	struct CONCATENATE(_assert_struct_, __COUNTER__) { \
	85	char x[(expr) ? 0 : -1]; \
	86	}
	87	#endif
	88
	89	#define UNIQ_T(x, uniq) CONCATENATE(__unique_prefix_, CONCATENATE(x, uniq))
	90	#define UNIQ __COUNTER__
	91
ea42da38 DS	92	/* Note that this works differently from pthread_once(): this macro does
	93	* not synchronize code execution, i.e. code that is run conditionalized
	94	* on this macro will run concurrently to all other code conditionalized
	95	* the same way, there's no ordering or completion enforced. */
	96	#define ONCE __ONCE(UNIQ_T(_once_, UNIQ))
	97	#define __ONCE(o) \
	98	({ \
e7cef2a6	99	static sd_bool (o) = sd_false; \
f22abf38	100	__sync_bool_compare_and_swap(&(o), sd_false, sd_true); \
ea42da38 DS	101	})
ea42da38 DS	102
e5bc5f1f YW	103	#undef MAX
	104	#define MAX(a, b) __MAX(UNIQ, (a), UNIQ, (b))
	105	#define __MAX(aq, a, bq, b) \
	106	({ \
	107	const typeof(a) UNIQ_T(A, aq) = (a); \
	108	const typeof(b) UNIQ_T(B, bq) = (b); \
	109	UNIQ_T(A, aq) > UNIQ_T(B, bq) ? UNIQ_T(A, aq) : UNIQ_T(B, bq); \
	110	})
	111
addae96a LP	112	#define IS_UNSIGNED_INTEGER_TYPE(type) \
	113	(__builtin_types_compatible_p(typeof(type), unsigned char) \|\| \
	114	__builtin_types_compatible_p(typeof(type), unsigned short) \|\| \
	115	__builtin_types_compatible_p(typeof(type), unsigned) \|\| \
	116	__builtin_types_compatible_p(typeof(type), unsigned long) \|\| \
	117	__builtin_types_compatible_p(typeof(type), unsigned long long))
	118
	119	#define IS_SIGNED_INTEGER_TYPE(type) \
	120	(__builtin_types_compatible_p(typeof(type), signed char) \|\| \
	121	__builtin_types_compatible_p(typeof(type), signed short) \|\| \
	122	__builtin_types_compatible_p(typeof(type), signed) \|\| \
	123	__builtin_types_compatible_p(typeof(type), signed long) \|\| \
	124	__builtin_types_compatible_p(typeof(type), signed long long))
	125
	126	/* Evaluates to (void) if _A or _B are not constant or of different types (being integers of different sizes
	127	* is also OK as long as the signedness matches) */
e5bc5f1f YW	128	#define CONST_MAX(_A, _B) \
	129	(__builtin_choose_expr( \
	130	__builtin_constant_p(_A) && \
	131	__builtin_constant_p(_B) && \
addae96a LP	132	(__builtin_types_compatible_p(typeof(_A), typeof(_B)) \|\| \
	133	(IS_UNSIGNED_INTEGER_TYPE(_A) && IS_UNSIGNED_INTEGER_TYPE(_B)) \|\| \
	134	(IS_SIGNED_INTEGER_TYPE(_A) && IS_SIGNED_INTEGER_TYPE(_B))), \
e5bc5f1f YW	135	((_A) > (_B)) ? (_A) : (_B), \
	136	VOID_0))
	137
	138	/* takes two types and returns the size of the larger one */
	139	#define MAXSIZE(A, B) (sizeof(union _packed_ { typeof(A) a; typeof(B) b; }))
	140
	141	#define MAX3(x, y, z) \
	142	({ \
	143	const typeof(x) _c = MAX(x, y); \
	144	MAX(_c, z); \
	145	})
	146
	147	#define MAX4(x, y, z, a) \
	148	({ \
	149	const typeof(x) _d = MAX3(x, y, z); \
	150	MAX(_d, a); \
	151	})
	152
	153	#undef MIN
	154	#define MIN(a, b) __MIN(UNIQ, (a), UNIQ, (b))
	155	#define __MIN(aq, a, bq, b) \
	156	({ \
	157	const typeof(a) UNIQ_T(A, aq) = (a); \
	158	const typeof(b) UNIQ_T(B, bq) = (b); \
	159	UNIQ_T(A, aq) < UNIQ_T(B, bq) ? UNIQ_T(A, aq) : UNIQ_T(B, bq); \
	160	})
	161
	162	/* evaluates to (void) if _A or _B are not constant or of different types */
	163	#define CONST_MIN(_A, _B) \
	164	(__builtin_choose_expr( \
	165	__builtin_constant_p(_A) && \
	166	__builtin_constant_p(_B) && \
	167	__builtin_types_compatible_p(typeof(_A), typeof(_B)), \
	168	((_A) < (_B)) ? (_A) : (_B), \
	169	VOID_0))
	170
	171	#define MIN3(x, y, z) \
	172	({ \
	173	const typeof(x) _c = MIN(x, y); \
	174	MIN(_c, z); \
	175	})
	176
	177	#define LESS_BY(a, b) __LESS_BY(UNIQ, (a), UNIQ, (b))
	178	#define __LESS_BY(aq, a, bq, b) \
	179	({ \
	180	const typeof(a) UNIQ_T(A, aq) = (a); \
	181	const typeof(b) UNIQ_T(B, bq) = (b); \
	182	UNIQ_T(A, aq) > UNIQ_T(B, bq) ? UNIQ_T(A, aq) - UNIQ_T(B, bq) : 0; \
	183	})
	184
	185	#define CMP(a, b) __CMP(UNIQ, (a), UNIQ, (b))
	186	#define __CMP(aq, a, bq, b) \
	187	({ \
	188	const typeof(a) UNIQ_T(A, aq) = (a); \
	189	const typeof(b) UNIQ_T(B, bq) = (b); \
	190	UNIQ_T(A, aq) < UNIQ_T(B, bq) ? -1 : \
	191	UNIQ_T(A, aq) > UNIQ_T(B, bq) ? 1 : 0; \
	192	})
	193
	194	#undef CLAMP
	195	#define CLAMP(x, low, high) __CLAMP(UNIQ, (x), UNIQ, (low), UNIQ, (high))
	196	#define __CLAMP(xq, x, lowq, low, highq, high) \
	197	({ \
	198	const typeof(x) UNIQ_T(X, xq) = (x); \
199	const typeof(low) UNIQ_T(LOW, lowq) = (low); \
200	const typeof(high) UNIQ_T(HIGH, highq) = (high); \
201	UNIQ_T(X, xq) > UNIQ_T(HIGH, highq) ? \
202	UNIQ_T(HIGH, highq) : \
203	UNIQ_T(X, xq) < UNIQ_T(LOW, lowq) ? \
204	UNIQ_T(LOW, lowq) : \
205	UNIQ_T(X, xq); \
206	})
207
208	/* [(x + y - 1) / y] suffers from an integer overflow, even though the
209	* computation should be possible in the given type. Therefore, we use
210	* [x / y + !!(x % y)]. Note that on "Real CPUs" a division returns both the
211	* quotient and the remainder, so both should be equally fast. */
212	#define DIV_ROUND_UP(x, y) __DIV_ROUND_UP(UNIQ, (x), UNIQ, (y))
213	#define __DIV_ROUND_UP(xq, x, yq, y) \
214	({ \
215	const typeof(x) UNIQ_T(X, xq) = (x); \
216	const typeof(y) UNIQ_T(Y, yq) = (y); \
217	(UNIQ_T(X, xq) / UNIQ_T(Y, yq) + !!(UNIQ_T(X, xq) % UNIQ_T(Y, yq))); \
218	})
219
220	#define CASE_F(X) case X:
221	#define CASE_F_1(CASE, X) CASE_F(X)
222	#define CASE_F_2(CASE, X, ...) CASE(X) CASE_F_1(CASE, __VA_ARGS__)
223	#define CASE_F_3(CASE, X, ...) CASE(X) CASE_F_2(CASE, __VA_ARGS__)
224	#define CASE_F_4(CASE, X, ...) CASE(X) CASE_F_3(CASE, __VA_ARGS__)
225	#define CASE_F_5(CASE, X, ...) CASE(X) CASE_F_4(CASE, __VA_ARGS__)
226	#define CASE_F_6(CASE, X, ...) CASE(X) CASE_F_5(CASE, __VA_ARGS__)
227	#define CASE_F_7(CASE, X, ...) CASE(X) CASE_F_6(CASE, __VA_ARGS__)
228	#define CASE_F_8(CASE, X, ...) CASE(X) CASE_F_7(CASE, __VA_ARGS__)
229	#define CASE_F_9(CASE, X, ...) CASE(X) CASE_F_8(CASE, __VA_ARGS__)
230	#define CASE_F_10(CASE, X, ...) CASE(X) CASE_F_9(CASE, __VA_ARGS__)
231	#define CASE_F_11(CASE, X, ...) CASE(X) CASE_F_10(CASE, __VA_ARGS__)
232	#define CASE_F_12(CASE, X, ...) CASE(X) CASE_F_11(CASE, __VA_ARGS__)
233	#define CASE_F_13(CASE, X, ...) CASE(X) CASE_F_12(CASE, __VA_ARGS__)
234	#define CASE_F_14(CASE, X, ...) CASE(X) CASE_F_13(CASE, __VA_ARGS__)
235	#define CASE_F_15(CASE, X, ...) CASE(X) CASE_F_14(CASE, __VA_ARGS__)
236	#define CASE_F_16(CASE, X, ...) CASE(X) CASE_F_15(CASE, __VA_ARGS__)
237	#define CASE_F_17(CASE, X, ...) CASE(X) CASE_F_16(CASE, __VA_ARGS__)
238	#define CASE_F_18(CASE, X, ...) CASE(X) CASE_F_17(CASE, __VA_ARGS__)
239	#define CASE_F_19(CASE, X, ...) CASE(X) CASE_F_18(CASE, __VA_ARGS__)
240	#define CASE_F_20(CASE, X, ...) CASE(X) CASE_F_19(CASE, __VA_ARGS__)
241
242	#define GET_CASE_F(_1,_2,_3,_4,_5,_6,_7,_8,_9,_10,_11,_12,_13,_14,_15,_16,_17,_18,_19,_20,NAME,...) NAME
243	#define FOR_EACH_MAKE_CASE(...) \
244	GET_CASE_F(__VA_ARGS__,CASE_F_20,CASE_F_19,CASE_F_18,CASE_F_17,CASE_F_16,CASE_F_15,CASE_F_14,CASE_F_13,CASE_F_12,CASE_F_11, \
245	CASE_F_10,CASE_F_9,CASE_F_8,CASE_F_7,CASE_F_6,CASE_F_5,CASE_F_4,CASE_F_3,CASE_F_2,CASE_F_1) \
246	(CASE_F,__VA_ARGS__)
247
248	#define IN_SET(x, ...) \
249	({ \
f22abf38	250	sd_bool _found = sd_false; \
e5bc5f1f YW	251	/* If the build breaks in the line below, you need to extend the case macros. (We use "long double" as \
	252	* type for the array, in the hope that checkers such as ubsan don't complain that the initializers for \
	253	* the array are not representable by the base type. Ideally we'd use typeof(x) as base type, but that \
	254	* doesn't work, as we want to use this on bitfields and gcc refuses typeof() on bitfields.) */ \
	255	static const long double __assert_in_set[] _unused_ = { __VA_ARGS__ }; \
	256	assert_cc(ELEMENTSOF(__assert_in_set) <= 20); \
	257	switch(x) { \
	258	FOR_EACH_MAKE_CASE(__VA_ARGS__) \
f22abf38	259	_found = sd_true; \
e5bc5f1f YW	260	break; \
	261	default: \
	262	break; \
	263	} \
	264	_found; \
	265	})
	266
	267	/* Takes inspiration from Rust's Option::take() method: reads and returns a pointer, but at the same time
	268	* resets it to NULL. See: https://doc.rust-lang.org/std/option/enum.Option.html#method.take */
	269	#define TAKE_PTR(ptr) \
	270	({ \
b7759c8f LP	271	typeof(ptr) *_pptr_ = &(ptr); \
	272	typeof(ptr) _ptr_ = *_pptr_; \
	273	*_pptr_ = NULL; \
e5bc5f1f YW	274	_ptr_; \
e5bc5f1f YW	275	})
f862e847 JJ	276
	277	/*
	278	* STRLEN - return the length of a string literal, minus the trailing NUL byte.
	279	* Contrary to strlen(), this is a constant expression.
	280	* @x: a string literal.
	281	*/
	282	#define STRLEN(x) (sizeof(""x"") - sizeof(typeof(x[0])))
200b1d99 MR	283
	284	#define mfree(memory) \
	285	({ \
	286	free(memory); \
	287	(typeof(memory)) NULL; \
	288	})
a36a0d15 JJ	289
	290	static inline size_t ALIGN_TO(size_t l, size_t ali) {
	291	/* sd-boot uses UINTN for size_t, let's make sure SIZE_MAX is correct. */
	292	assert_cc(SIZE_MAX == ~(size_t)0);
	293
	294	/* Check that alignment is exponent of 2 */
	295	#if SIZE_MAX == UINT_MAX
	296	assert(__builtin_popcount(ali) == 1);
	297	#elif SIZE_MAX == ULONG_MAX
	298	assert(__builtin_popcountl(ali) == 1);
	299	#elif SIZE_MAX == ULLONG_MAX
	300	assert(__builtin_popcountll(ali) == 1);
	301	#else
	302	#error "Unexpected size_t"
	303	#endif
	304
	305	if (l > SIZE_MAX - (ali - 1))
	306	return SIZE_MAX; /* indicate overflow */
	307
	308	return ((l + ali - 1) & ~(ali - 1));
	309	}
	310
	311	/* Same as ALIGN_TO but callable in constant contexts. */
	312	#define CONST_ALIGN_TO(l, ali) \
	313	__builtin_choose_expr( \
	314	__builtin_constant_p(l) && \
	315	__builtin_constant_p(ali) && \
	316	__builtin_popcountll(ali) == 1 && /* is power of 2? */ \
	317	(l <= SIZE_MAX - (ali - 1)), /* overflow? */ \
	318	((l) + (ali) - 1) & ~((ali) - 1), \
	319	VOID_0)
a8a7723b JJ	320
	321	#define UPDATE_FLAG(orig, flag, b) \
	322	((b) ? ((orig) \| (flag)) : ((orig) & ~(flag)))
	323	#define SET_FLAG(v, flag, b) \
	324	(v) = UPDATE_FLAG(v, flag, b)
	325	#define FLAGS_SET(v, flags) \
	326	((~(v) & (flags)) == 0)