Use a non-atomic counter when passing to stats dumper

diff --git a/lib/isc/stats.c b/lib/isc/stats.c
index 24614e1ec4353353d97106fbebc10b7ae1a27e63..abce29693ab02037ea4ecbdf25e4b8f4df3b6367 100644 (file)
--- a/lib/isc/stats.c
+++ b/lib/isc/stats.c
@@ -29,6 +29,16 @@
 
 typedef atomic_int_fast64_t isc__atomic_statcounter_t;
 
+/*
+ * Statistics are counted with an atomic int_fast64_t but exported to functions
+ * taking int64_t (isc_stats_dumper_t). A 128-bit native and fast architecture
+ * doesn't exist in reality so these two are the same thing in practise.
+ * However, a silent truncation happening silently in the future is still not
+ * acceptable.
+ */
+STATIC_ASSERT(sizeof(isc__atomic_statcounter_t) <= sizeof(int64_t),
+             "Exported statistics must fit into the statistic counter size");
+
 struct isc_stats {
        unsigned int magic;
        isc_mem_t *mctx;
@@ -116,7 +126,7 @@ isc_stats_dump(isc_stats_t *stats, isc_stats_dumper_t dump_fn, void *arg,
        REQUIRE(ISC_STATS_VALID(stats));
 
        for (i = 0; i < stats->ncounters; i++) {
-               isc__atomic_statcounter_t counter = atomic_load_acquire(&stats->counters[i]);
+               int_fast64_t counter = atomic_load_acquire(&stats->counters[i]);
                if ((options & ISC_STATSDUMP_VERBOSE) == 0 && counter == 0) {
                        continue;
                }