diff options
author | Simon McVittie <smcv@collabora.com> | 2022-11-29 20:47:21 +0000 |
---|---|---|
committer | Simon McVittie <smcv@collabora.com> | 2022-11-29 22:11:07 +0000 |
commit | 0b221c4694966383b4fb4ed2a982d0ceab1be1ea (patch) | |
tree | b5aebd10e32ba6c37532a3a603c78cc25ed0a391 /dbus | |
parent | c0805bc3f1ce4ff6fe9dd072b1ceb08e854e206e (diff) | |
download | dbus-0b221c4694966383b4fb4ed2a982d0ceab1be1ea.tar.gz |
internals: Statically assert some things we assume about pointers
Like many relatively-low-level codebases, dbus has historically assumed
that data pointers are interchangeable with function pointers (which is
implied by POSIX and also true on Windows, but not guaranteed by ISO C).
Before dbus!335 was merged, we also assumed that size_t is the same
size as a pointer (which is frequently assumed, but not guaranteed by
ISO C, and notably not true on CHERI). dbus!335 is believed to have
removed all uses of that assumption.
Signed-off-by: Simon McVittie <smcv@collabora.com>
Diffstat (limited to 'dbus')
-rw-r--r-- | dbus/dbus-internals.c | 29 |
1 files changed, 29 insertions, 0 deletions
diff --git a/dbus/dbus-internals.c b/dbus/dbus-internals.c index 2c433677..3e578eb5 100644 --- a/dbus/dbus-internals.c +++ b/dbus/dbus-internals.c @@ -177,6 +177,35 @@ * Unlocks a global lock */ +/* The build system should have checked for DBUS_SIZEOF_VOID_P */ +_DBUS_STATIC_ASSERT (sizeof (void *) == DBUS_SIZEOF_VOID_P); + +/* dbus currently assumes that function pointers are essentially + * interchangeable with data pointers. There's nothing special about + * DBusShutdownFunction, it's just an arbitrary function pointer type. + * If this assertion fails on your platform, some porting will be required. */ +_DBUS_STATIC_ASSERT (sizeof (void *) == sizeof (DBusShutdownFunction)); +_DBUS_STATIC_ASSERT (_DBUS_ALIGNOF (void *) == _DBUS_ALIGNOF (DBusShutdownFunction)); + +/* This is meant to be true by definition. */ +_DBUS_STATIC_ASSERT (sizeof (void *) == sizeof (intptr_t)); +_DBUS_STATIC_ASSERT (sizeof (void *) == sizeof (uintptr_t)); + +/* + * Some frequent assumptions that we should *avoid* making include these, + * all of which are false on CHERI (which has 128-bit tagged pointers, + * but a 64-bit address space and therefore 64-bit sizes): + * + * sizeof (void *) <= sizeof (size_t) + * sizeof (void *) <= 8 + * _DBUS_ALIGNOF (void *) <= 8 + * + * We should also avoid making these assumptions, although we don't currently + * know a concrete example of platforms where they're false: + * + * sizeof (ptrdiff_t) == sizeof (size_t) + */ + /** * Fixed "out of memory" error message, just to avoid * making up a different string every time and wasting |