Re: [iptables PATCH] nft: Use ARRAY_SIZE() macro in nft_strerror()

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Thu, Oct 24, 2019 at 10:45:03AM +0200, Phil Sutter wrote:
> Hi,
> 
> On Wed, Oct 23, 2019 at 10:41:49PM +0200, Pablo Neira Ayuso wrote:
> > On Wed, Oct 23, 2019 at 02:16:27PM +0200, Phil Sutter wrote:
> > > Hi Pablo,
> > > 
> > > On Wed, Oct 23, 2019 at 01:23:11PM +0200, Pablo Neira Ayuso wrote:
> > > > On Wed, Oct 23, 2019 at 01:20:24PM +0200, Pablo Neira Ayuso wrote:
> > > > > On Fri, Oct 18, 2019 at 05:51:14PM +0200, Phil Sutter wrote:
> > > > > > Variable 'table' is an array of type struct table_struct, so this is a
> > > > > > classical use-case for ARRAY_SIZE() macro.
> > > > > > 
> > > > > > Signed-off-by: Phil Sutter <phil@xxxxxx>
> > > > > 
> > > > > Acked-by: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
> > > > 
> > > > BTW, probably good to add the array check?
> > > > 
> > > > https://sourceforge.net/p/libhx/libhx/ci/master/tree/include/libHX/defs.h#l152
> > > 
> > > Copying from kernel sources, do you think that's fine?
> > > 
> > > |  #      ifndef ARRAY_SIZE
> > > | -#              define ARRAY_SIZE(x) (sizeof(x) / sizeof(*(x)))
> > > | +#              define BUILD_BUG_ON_ZERO(e) (sizeof(struct { int:(-!!(e)); }))
> > > | +#              define __same_type(a, b) \
> > > | +                       __builtin_types_compatible_p(typeof(a), typeof(b))
> > > | +/*             &a[0] degrades to a pointer: a different type from an array */
> > > | +#              define __must_be_array(a) \
> > > | +                       BUILD_BUG_ON_ZERO(__same_type((a), &(a)[0]))
> > > | +#              define ARRAY_SIZE(x) (sizeof(x) / sizeof(*(x))) + __must_be_array(x)
> > > |  #      endif
> > 
> > At quick glance I would say that's fine.
> 
> While testing it, I noticed that gcc has a builtin check already:
> 
> | ../include/xtables.h:640:36: warning: division 'sizeof (const uint32_t * {aka const unsigned int *}) / sizeof (uint32_t {aka const unsigned int})' does not compute the number of array elements [-Wsizeof-pointer-div]
> |   640 | #  define ARRAY_SIZE(x) (sizeof(x) / sizeof(*(x)))
> |       |                                    ^
> | nft.c:914:18: note: in expansion of macro 'ARRAY_SIZE'
> |   914 |  for (i = 1; i < ARRAY_SIZE(multp); i++) {
> |       |                  ^~~~~~~~~~
> | nft.c:906:25: note: first 'sizeof' operand was declared here
> |   906 |  static const uint32_t *multp = mult;
> |       |                         ^~~~~
> 
> AFAICT, the only benefit the above brings is that it causes an error
> instead of warning. Do you think we still need it? Maybe instead enable
> -Werror? ;)

If gcc is already checking for this. Warning should be fine.

Regarding -Werror, we would at least need to keep the autogenerated C
code by bison away from it.

IIRC I enabled this in conntrack-tools long time ago, and I started
getting reports on it breaking compilation with new gcc versions that
were actually spewing new warnings. That was stopping users to install
latest, probably -Werror is too agressive?



[Index of Archives]     [Netfitler Users]     [Berkeley Packet Filter]     [LARTC]     [Bugtraq]     [Yosemite Forum]

  Powered by Linux