From: "Michael S. Tsirkin" <mst@redhat.com>
To: Eric Blake <eblake@redhat.com>
Cc: qemu-devel@nongnu.org, Markus Armbruster <armbru@redhat.com>,
Paolo Bonzini <pbonzini@redhat.com>,
Peter Maydell <peter.maydell@linaro.org>,
Sergey Fedorov <serge.fdrv@gmail.com>
Subject: Re: [Qemu-devel] [PATCH v3 4/4] ARRAY_SIZE: check that argument is an array
Date: Fri, 20 Jan 2017 00:11:02 +0200 [thread overview]
Message-ID: <20170120000636-mutt-send-email-mst@kernel.org> (raw)
In-Reply-To: <aa9a259a-a649-d399-5895-837a5a23f56c@redhat.com>
On Thu, Jan 19, 2017 at 03:59:33PM -0600, Eric Blake wrote:
> On 01/19/2017 03:07 PM, Michael S. Tsirkin wrote:
> > It's a familiar pattern: some code uses ARRAY_SIZE, then refactoring
> > changes the argument from an array to a pointer to a dynamically
> > allocated buffer. Code keeps compiling but any ARRAY_SIZE calls now
> > return the size of the pointer divided by element size.
> >
> > Let's add build time checks to ARRAY_SIZE before we allow more
> > of these in the code-base.
> >
> > Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
> > Reviewed-by: Markus Armbruster <armbru@redhat.com>
> > ---
> > include/qemu/osdep.h | 9 ++++++++-
> > 1 file changed, 8 insertions(+), 1 deletion(-)
>
> Reviewed-by: Eric Blake <eblake@redhat.com>
>
> >
> > diff --git a/include/qemu/osdep.h b/include/qemu/osdep.h
> > index 689f253..56c9e22 100644
> > --- a/include/qemu/osdep.h
> > +++ b/include/qemu/osdep.h
> > @@ -198,8 +198,15 @@ extern int daemon(int, int);
> > #define DIV_ROUND_UP(n,d) (((n) + (d) - 1) / (d))
> > #endif
> >
> > +/*
> > + * &(x)[0] is always a pointer - if it's same type as x then the argument is a
> > + * pointer, not an array.
> > + */
> > +#define QEMU_IS_ARRAY(x) (!__builtin_types_compatible_p(typeof(x), \
> > + typeof(&(x)[0])))
> > #ifndef ARRAY_SIZE
> > -#define ARRAY_SIZE(x) (sizeof(x) / sizeof((x)[0]))
> > +#define ARRAY_SIZE(x) ((sizeof(x) / sizeof((x)[0])) + \
> > + QEMU_BUILD_BUG_ON_ZERO(!QEMU_IS_ARRAY(x)))
>
> We've got some double-negation going on here ("cause a build bug if the
> negation of QEMU_IS_ARRAY() is not 0") which takes some mental
> gymnastics, but it is the correct result. [I kind of like that gnulib
> uses positive logic in its 'verify(x)' meaning "verify that x is true,
> or cause a build error"; compared to the negative logic in the kernal
> 'BUILD_BUG_ON[_ZERO](x)' meaning "cause a build bug if x is non-zero" -
> but that's personal preference and not something for qemu to change]
I can rename QEMU_IS_ARRAY to QEMU_IS_PTR and reverse the logic - would
this be preferable?
--
MST
next prev parent reply other threads:[~2017-01-19 22:11 UTC|newest]
Thread overview: 25+ messages / expand[flat|nested] mbox.gz Atom feed top
2017-01-19 21:07 [Qemu-devel] [PATCH v3 0/4] ARRAY_SIZE fixups Michael S. Tsirkin
2017-01-19 21:07 ` [Qemu-devel] [PATCH v3 1/4] compiler: drop ; after BUILD_BUG_ON Michael S. Tsirkin
2017-01-19 21:22 ` Eric Blake
2017-01-19 21:07 ` [Qemu-devel] [PATCH v3 2/4] compiler: rework BUG_ON using a struct Michael S. Tsirkin
2017-01-19 21:26 ` Eric Blake
2017-01-20 7:44 ` Markus Armbruster
2017-01-20 7:42 ` Markus Armbruster
2017-01-20 16:57 ` Michael S. Tsirkin
2017-01-20 17:09 ` Paolo Bonzini
2017-01-20 17:45 ` Michael S. Tsirkin
2017-01-20 18:33 ` Markus Armbruster
2017-01-20 9:41 ` Dr. David Alan Gilbert
2017-01-20 14:36 ` Eric Blake
2017-01-20 14:53 ` Dr. David Alan Gilbert
2017-01-19 21:07 ` [Qemu-devel] [PATCH v3 3/4] compiler: expression version of QEMU_BUILD_BUG_ON Michael S. Tsirkin
2017-01-19 21:28 ` Eric Blake
2017-01-19 21:07 ` [Qemu-devel] [PATCH v3 4/4] ARRAY_SIZE: check that argument is an array Michael S. Tsirkin
2017-01-19 21:59 ` Eric Blake
2017-01-19 22:11 ` Michael S. Tsirkin [this message]
2017-01-19 23:00 ` Eric Blake
2017-01-20 7:34 ` Markus Armbruster
2017-01-20 12:20 ` Paolo Bonzini
2017-01-20 7:45 ` [Qemu-devel] [PATCH v3 0/4] ARRAY_SIZE fixups Markus Armbruster
2017-01-20 14:57 ` no-reply
2017-01-20 15:15 ` no-reply
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20170120000636-mutt-send-email-mst@kernel.org \
--to=mst@redhat.com \
--cc=armbru@redhat.com \
--cc=eblake@redhat.com \
--cc=pbonzini@redhat.com \
--cc=peter.maydell@linaro.org \
--cc=qemu-devel@nongnu.org \
--cc=serge.fdrv@gmail.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.