From c5e631cf65f4d6875efcd571275436f2964a8b48 Mon Sep 17 00:00:00 2001 From: Rusty Russell Date: Sun, 6 May 2007 14:51:05 -0700 Subject: [PATCH] ARRAY_SIZE: check for type We can use a gcc extension to ensure that ARRAY_SIZE() is handed an array, not a pointer. This is especially important when code is changed from a fixed array to a pointer. I assume the Intel compiler doesn't support __builtin_types_compatible_p. [jdike@addtoit.com: uml: update UML definition of ARRAY_SIZE] Signed-off-by: Rusty Russell Signed-off-by: Jeff Dike Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds --- arch/um/include/user_util.h | 15 +++++++++++++-- include/linux/compiler-gcc.h | 3 +++ include/linux/compiler-intel.h | 3 +++ include/linux/kernel.h | 3 ++- 4 files changed, 21 insertions(+), 3 deletions(-) diff --git a/arch/um/include/user_util.h b/arch/um/include/user_util.h index 73ffea1..b52bc40 100644 --- a/arch/um/include/user_util.h +++ b/arch/um/include/user_util.h @@ -8,8 +8,19 @@ #include "sysdep/ptrace.h" -/* Copied from kernel.h */ -#define ARRAY_SIZE(x) (sizeof(x) / sizeof((x)[0])) +/* Copied from kernel.h and compiler-gcc.h */ + +/* Force a compilation error if condition is true, but also produce a + result (of value 0 and type size_t), so the expression can be used + e.g. in a structure initializer (or where-ever else comma expressions + aren't permitted). */ +#define BUILD_BUG_ON_ZERO(e) (sizeof(char[1 - 2 * !!(e)]) - 1) + +/* &a[0] degrades to a pointer: a different type from an array */ +#define __must_be_array(a) \ + BUILD_BUG_ON_ZERO(__builtin_types_compatible_p(typeof(a), typeof(&a[0]))) + +#define ARRAY_SIZE(arr) (sizeof(arr) / sizeof((arr)[0]) + __must_be_array(arr)) #define CATCH_EINTR(expr) while ((errno = 0, ((expr) < 0)) && (errno == EINTR)) diff --git a/include/linux/compiler-gcc.h b/include/linux/compiler-gcc.h index 9008eab..a9f7947 100644 --- a/include/linux/compiler-gcc.h +++ b/include/linux/compiler-gcc.h @@ -22,6 +22,9 @@ __asm__ ("" : "=r"(__ptr) : "0"(ptr)); \ (typeof(ptr)) (__ptr + (off)); }) +/* &a[0] degrades to a pointer: a different type from an array */ +#define __must_be_array(a) \ + BUILD_BUG_ON_ZERO(__builtin_types_compatible_p(typeof(a), typeof(&a[0]))) #define inline inline __attribute__((always_inline)) #define __inline__ __inline__ __attribute__((always_inline)) diff --git a/include/linux/compiler-intel.h b/include/linux/compiler-intel.h index a436eea..b769961 100644 --- a/include/linux/compiler-intel.h +++ b/include/linux/compiler-intel.h @@ -21,6 +21,9 @@ __ptr = (unsigned long) (ptr); \ (typeof(ptr)) (__ptr + (off)); }) +/* Intel ECC compiler doesn't support __builtin_types_compatible_p() */ +#define __must_be_array(a) 0 + #endif #define uninitialized_var(x) x diff --git a/include/linux/kernel.h b/include/linux/kernel.h index e2f41b0..144b615 100644 --- a/include/linux/kernel.h +++ b/include/linux/kernel.h @@ -35,7 +35,8 @@ extern const char linux_proc_banner[]; #define ALIGN(x,a) __ALIGN_MASK(x,(typeof(x))(a)-1) #define __ALIGN_MASK(x,mask) (((x)+(mask))&~(mask)) -#define ARRAY_SIZE(x) (sizeof(x) / sizeof((x)[0])) +#define ARRAY_SIZE(arr) (sizeof(arr) / sizeof((arr)[0]) + __must_be_array(arr)) + #define FIELD_SIZEOF(t, f) (sizeof(((t*)0)->f)) #define DIV_ROUND_UP(n,d) (((n) + (d) - 1) / (d)) #define roundup(x, y) ((((x) + ((y) - 1)) / (y)) * (y)) -- 2.7.4