From 608c724addbb45dee0c9c112c7a57868f935c4d9 Mon Sep 17 00:00:00 2001 From: Oswald Buddenhagen Date: Thu, 16 Jun 2022 10:38:58 +0200 Subject: [PATCH] assert sizes of smaller-than-int bit fields in structures --- src/common.h | 4 ++++ src/driver.h | 5 +++++ src/sync_p.h | 3 +++ 3 files changed, 12 insertions(+) diff --git a/src/common.h b/src/common.h index 112b735..f99b647 100644 --- a/src/common.h +++ b/src/common.h @@ -45,6 +45,10 @@ typedef unsigned long ulong; #define BIT_ENUM(...) +#define static_assert_bits(pfx, type, field) \ + static_assert( pfx##__NUM_BITS <= sizeof(((type){ 0 }).field) * 8, \ + stringify(type) "::" stringify(field) " is too small" ) + #if __GNUC__ > 2 || (__GNUC__ == 2 && __GNUC_MINOR__ > 4) # define ATTR_UNUSED __attribute__((unused)) # define ATTR_NORETURN __attribute__((noreturn)) diff --git a/src/driver.h b/src/driver.h index 1f9749f..b23e50b 100644 --- a/src/driver.h +++ b/src/driver.h @@ -74,6 +74,9 @@ typedef struct message { MESSAGE(struct message) } message_t; +static_assert_bits(F, message_t, flags); +static_assert_bits(M, message_t, status); + // For driver_t->prepare_load_box(), which may amend the passed flags. // The drivers don't use the first two, but may set them if loading the // particular range is required to handle some other flag; note that these @@ -108,6 +111,8 @@ typedef struct { uchar flags; } msg_data_t; +static_assert_bits(F, msg_data_t, flags); + #define DRV_OK 0 /* Message went missing, or mailbox is full, etc. */ #define DRV_MSG_BAD 1 diff --git a/src/sync_p.h b/src/sync_p.h index dcfa819..529a010 100644 --- a/src/sync_p.h +++ b/src/sync_p.h @@ -36,6 +36,9 @@ typedef struct sync_rec { char tuid[TUIDL]; } sync_rec_t; +static_assert_bits(F, sync_rec_t, flags); +static_assert_bits(S, sync_rec_t, status); + typedef struct { int t[2]; void (*cb)( int sts, void *aux ), *aux;