Re: [iptables PATCH] nft: Use ARRAY_SIZE() macro in nft_strerror()

Phil Sutter <phil@xxxxxx> · Thu, 24 Oct 2019 10:45:03 +0200

Hi,

On Wed, Oct 23, 2019 at 10:41:49PM +0200, Pablo Neira Ayuso wrote:
> On Wed, Oct 23, 2019 at 02:16:27PM +0200, Phil Sutter wrote:
> > Hi Pablo,
> > 
> > On Wed, Oct 23, 2019 at 01:23:11PM +0200, Pablo Neira Ayuso wrote:
> > > On Wed, Oct 23, 2019 at 01:20:24PM +0200, Pablo Neira Ayuso wrote:
> > > > On Fri, Oct 18, 2019 at 05:51:14PM +0200, Phil Sutter wrote:
> > > > > Variable 'table' is an array of type struct table_struct, so this is a
> > > > > classical use-case for ARRAY_SIZE() macro.
> > > > > 
> > > > > Signed-off-by: Phil Sutter <phil@xxxxxx>
> > > > 
> > > > Acked-by: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
> > > 
> > > BTW, probably good to add the array check?
> > > 
> > > https://sourceforge.net/p/libhx/libhx/ci/master/tree/include/libHX/defs.h#l152
> > 
> > Copying from kernel sources, do you think that's fine?
> > 
> > |  #      ifndef ARRAY_SIZE
> > | -#              define ARRAY_SIZE(x) (sizeof(x) / sizeof(*(x)))
> > | +#              define BUILD_BUG_ON_ZERO(e) (sizeof(struct { int:(-!!(e)); }))
> > | +#              define __same_type(a, b) \
> > | +                       __builtin_types_compatible_p(typeof(a), typeof(b))
> > | +/*             &a[0] degrades to a pointer: a different type from an array */
> > | +#              define __must_be_array(a) \
> > | +                       BUILD_BUG_ON_ZERO(__same_type((a), &(a)[0]))
> > | +#              define ARRAY_SIZE(x) (sizeof(x) / sizeof(*(x))) + __must_be_array(x)
> > |  #      endif
> 
> At quick glance I would say that's fine.

While testing it, I noticed that gcc has a builtin check already:

| ../include/xtables.h:640:36: warning: division 'sizeof (const uint32_t * {aka const unsigned int *}) / sizeof (uint32_t {aka const unsigned int})' does not compute the number of array elements [-Wsizeof-pointer-div]
|   640 | #  define ARRAY_SIZE(x) (sizeof(x) / sizeof(*(x)))
|       |                                    ^
| nft.c:914:18: note: in expansion of macro 'ARRAY_SIZE'
|   914 |  for (i = 1; i < ARRAY_SIZE(multp); i++) {
|       |                  ^~~~~~~~~~
| nft.c:906:25: note: first 'sizeof' operand was declared here
|   906 |  static const uint32_t *multp = mult;
|       |                         ^~~~~

AFAICT, the only benefit the above brings is that it causes an error
instead of warning. Do you think we still need it? Maybe instead enable
-Werror? ;)

Cheers, Phil