diff options
author | Elia Pinto <gitter.spiros@gmail.com> | 2015-04-30 14:44:14 +0200 |
---|---|---|
committer | Junio C Hamano <gitster@pobox.com> | 2015-05-05 15:26:48 -0700 |
commit | 89c855ed3cbe64bea93ea081d0e96077e9ee8517 (patch) | |
tree | 72ce4c2b43a79f93f955ceafd7cf8f4ebdab6fb7 | |
parent | fdf96a20acf96a6ac538df8113b2aafd6ed71d50 (diff) | |
download | git-89c855ed3cbe64bea93ea081d0e96077e9ee8517.tar.gz |
git-compat-util.h: implement a different ARRAY_SIZE macro for for safely deriving the size of arrayep/do-not-feed-a-pointer-to-array-size
To get number of elements in an array git use the ARRAY_SIZE macro
defined as:
#define ARRAY_SIZE(x) (sizeof(x)/sizeof((x)[0]))
The problem with it is a possibility of mistakenly passing to it a
pointer instead an array. The ARRAY_SIZE macro as conventionally
defined does not provide good type-safety and the open-coded
approach is more fragile, more verbose and provides no improvement in
type-safety.
Use instead a different but compatible ARRAY_SIZE() macro,
which will also break compile if you try to
use it on a pointer. This implemention revert to the original code
if the compiler doesn't know the typeof and __builtin_types_compatible_p
GCC extensions.
This can ensure our code is robust to changes, without
needing a gratuitous macro or constant. A similar
ARRAY_SIZE implementation also exists in the linux kernel.
Credits to Rusty Russell and his ccan library.
Signed-off-by: Elia Pinto <gitter.spiros@gmail.com>
Signed-off-by: Junio C Hamano <gitster@pobox.com>
-rw-r--r-- | git-compat-util.h | 54 |
1 files changed, 53 insertions, 1 deletions
diff --git a/git-compat-util.h b/git-compat-util.h index 400e921086..7fad5aad9f 100644 --- a/git-compat-util.h +++ b/git-compat-util.h @@ -3,6 +3,23 @@ #define _FILE_OFFSET_BITS 64 + +/* Derived from Linux "Features Test Macro" header + * Convenience macros to test the versions of gcc (or + * a compatible compiler). + * Use them like this: + * #if GIT_GNUC_PREREQ (2,8) + * ... code requiring gcc 2.8 or later ... + * #endif +*/ +#if defined(__GNUC__) && defined(__GNUC_MINOR__) +# define GIT_GNUC_PREREQ(maj, min) \ + ((__GNUC__ << 16) + __GNUC_MINOR__ >= ((maj) << 16) + (min)) +#else + #define GIT_GNUC_PREREQ(maj, min) 0 +#endif + + #ifndef FLEX_ARRAY /* * See if our compiler is known to support flexible array members. @@ -25,7 +42,42 @@ #endif #endif -#define ARRAY_SIZE(x) (sizeof(x)/sizeof(x[0])) + +/* + * BUILD_ASSERT_OR_ZERO - assert a build-time dependency, as an expression. + * @cond: the compile-time condition which must be true. + * + * Your compile will fail if the condition isn't true, or can't be evaluated + * by the compiler. This can be used in an expression: its value is "0". + * + * Example: + * #define foo_to_char(foo) \ + * ((char *)(foo) \ + * + BUILD_ASSERT_OR_ZERO(offsetof(struct foo, string) == 0)) + */ +#define BUILD_ASSERT_OR_ZERO(cond) \ + (sizeof(char [1 - 2*!(cond)]) - 1) + +#if defined(__GNUC__) && (__GNUC__ >= 3) +# if GIT_GNUC_PREREQ(3, 1) + /* &arr[0] degrades to a pointer: a different type from an array */ +# define BARF_UNLESS_AN_ARRAY(arr) \ + BUILD_ASSERT_OR_ZERO(!__builtin_types_compatible_p(__typeof__(arr), \ + __typeof__(&(arr)[0]))) +# else +# define BARF_UNLESS_AN_ARRAY(arr) 0 +# endif +#endif +/* + * ARRAY_SIZE - get the number of elements in a visible array + * <at> x: the array whose size you want. + * + * This does not work on pointers, or arrays declared as [], or + * function parameters. With correct compiler support, such usage + * will cause a build error (see the build_assert_or_zero macro). + */ +#define ARRAY_SIZE(x) (sizeof(x) / sizeof((x)[0]) + BARF_UNLESS_AN_ARRAY(x)) + #define bitsizeof(x) (CHAR_BIT * sizeof(x)) #define maximum_signed_value_of_type(a) \ |