[X2Go-Commits] [libx2goclient] 42/132: src/x2goclient-utils.h: add type safety macros X2GOCLIENT_CHECK_TYPE{, _TYPEOF}.

git-admin at x2go.org git-admin at x2go.org
Fri Dec 3 15:26:30 CET 2021 

This is an automated email from the git hooks/post-receive script.

x2go pushed a commit to branch master
in repository libx2goclient.

commit c1211652bcef93b25fc52033bcb6adf661ef75c1
Author: Mihai Moldovan <ionic at ionic.de>
Date:   Mon Apr 26 07:25:29 2021 +0200

    src/x2goclient-utils.h: add type safety macros X2GOCLIENT_CHECK_TYPE{,_TYPEOF}.
    
    These are supposed to check if a variable or storage location has a
    specific type or matches a reference type.
    
    X2GOCLIENT_CHECK_TYPE () checks a variable/storage location against a
    specific, provided type, while X2GOCLIENT_CHECK_TYPE_TYPEOF () checks if
    a variable/storage location matches a reference variable/storage
    location's type.
    
    For distinct types, that works pretty well, but aliased and
    integer-based types are more tricky. For the latter, a size-based
    approach is taken to make sure that storage sizes of source and
    destination are equal.
    
    Since the typeof () function is not part of the C standard, but often
    provided as an extension, two versions of
    X2GOCLIENT_CHECK_TYPE_TYPEOF () are made available: one relying on
    typeof (), which will also work with rvalues and is more safe (since it
    will only evaluate its input parameters once), and one that will not
    work with rvalues and doesn't create explicit sequence points for its
    arguments, making it unsafe when used with the same location and
    postfix/prefix operators multiple times.
    
    These macros will usually not terminate compilation, but rather generate
    diagnostic messages. Manual inspection of the compiler's output is
    necessary.
    
    We'll eventually use them to make sure that data we assign is not
    suddenly reinterpreted or truncated.
---
 src/x2goclient-utils.h | 84 ++++++++++++++++++++++++++++++++++++++++++++++++++
 1 file changed, 84 insertions(+)

diff --git a/src/x2goclient-utils.h b/src/x2goclient-utils.h
index 6ea340b..a4141a0 100644
--- a/src/x2goclient-utils.h
+++ b/src/x2goclient-utils.h
@@ -49,6 +49,90 @@ G_BEGIN_DECLS
 #endif /* !defined (__GI_SCANNER__) */
 #endif /* !defined (__GTK_DOC_IGNORE__) */
 
+/**
+ * X2GOCLIENT_CHECK_TYPE:
+ * @type: (in) (not optional): target type.
+ * @var: (in) (not optional): variable to check against @type.
+ *
+ * Checks if the type of @var matches @type.
+ *
+ * This check relies on function argument magic.
+ *
+ * Implicit promotion for integer-based types is attempted to be caught by
+ * checking the size of @type against the size of @var, which should match.
+ *
+ * Note that this check by itself will not automatically reject code with
+ * mismatching types. Instead, most often, a diagnostic message will be
+ * printed, which has to be interpreted and fixed by developers.
+ *
+ * Since: 0.0.5
+ */
+#define X2GOCLIENT_CHECK_TYPE(type, var) \
+  do {\
+    typedef void (*tmp_type) (const type);\
+    tmp_type tmp = (tmp_type)(NULL);\
+    typedef char sizes[((sizeof (type) == sizeof (var)) * 2) - 1];\
+    if (0) {\
+      const sizes tmp2;\
+      (void) tmp2;\
+      tmp (var);\
+    }\
+  } while (0)
+
+#ifdef HAVE_TYPEOF
+  /**
+   * CHECK_TYPE_TYPEOF:
+   * @target: (in) (not optional): target variable, often a struct field.
+   * @value: (in) (not optional): variable to check against @target.
+   *
+   * Checks if the type of @value matches the type of @target.
+   *
+   * This check relies on diagnostic messages being printed if two
+   * incompatible pointers are compared.
+   *
+   * This version of the macro uses the <code>typeof</code> compiler feature,
+   * which should make it relatively safe to use it even with rvalues
+   * (although the actual benefit of that is doubtful).
+   *
+   * Note that this check by itself will not automatically reject code with
+   * mismatching types. Instead, most often, a diagnostic message will be
+   * printed, which has to be interpreted and fixed by developers.
+   *
+   * Since: 0.0.5
+   */
+  #define X2GOCLIENT_CHECK_TYPE_TYPEOF(target, value) \
+    do {\
+      typeof (target) _target = (target);\
+      typeof (value) _value = (value);\
+      (void)(&(_target) == &(_value));\
+    } while (0)
+#else
+  /**
+   * CHECK_TYPE_TYPEOF:
+   * @target: (in) (not optional): target variable, often a struct field.
+   * @value: (in) (not optional): variable to check against @target.
+   *
+   * Checks if the type of @value matches the type of @target.
+   *
+   * This check relies on diagnostic messages being printed if two
+   * incompatible pointers are compared.
+   *
+   * This version of the macro does not use the <code>typeof</code> compiler
+   * feature and hence will fail if rvalues are provided for either @target or
+   * @value.
+   *
+   * Note that this check by itself will not automatically reject code with
+   * mismatching types. Instead, most often, a diagnostic message will be
+   * printed, which has to be interpreted and fixed by developers.
+   *
+   * Since: 0.0.5
+   */
+  #define X2GOCLIENT_CHECK_TYPE_TYPEOF(target, value) \
+    do {\
+      (void)(&(target) == &(value));\
+    } while (0)
+#endif
+
 void x2goclient_clear_strings (gpointer const data);
 
 long long x2goclient_str_to_int (const gchar * const restrict str, const _Bool min, const long long limit_min, const _Bool max, const long long limit_max, const gchar ** const restrict end, _Bool * const restrict conv_err, _Bool * const restrict min_err, _Bool * const restrict max_err);

--
Alioth's /home/x2go-admin/maintenancescripts/git/hooks/post-receive-email on /srv/git/code.x2go.org/libx2goclient.git

More information about the x2go-commits mailing list