1 /* 2 * Copyright (c) 2014, STMicroelectronics International N.V. 3 * All rights reserved. 4 * 5 * Redistribution and use in source and binary forms, with or without 6 * modification, are permitted provided that the following conditions are met: 7 * 8 * 1. Redistributions of source code must retain the above copyright notice, 9 * this list of conditions and the following disclaimer. 10 * 11 * 2. Redistributions in binary form must reproduce the above copyright notice, 12 * this list of conditions and the following disclaimer in the documentation 13 * and/or other materials provided with the distribution. 14 * 15 * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" 16 * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 17 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 18 * ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE 19 * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR 20 * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF 21 * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS 22 * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN 23 * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) 24 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE 25 * POSSIBILITY OF SUCH DAMAGE. 26 */ 27 28 #ifndef COMPILER_H 29 #define COMPILER_H 30 31 /* 32 * Macros that should be used instead of using __attribute__ directly to 33 * ease portability and make the code easier to read. 34 */ 35 36 #define __deprecated __attribute__((deprecated)) 37 #define __packed __attribute__((packed)) 38 #define __weak __attribute__((weak)) 39 #define __noreturn __attribute__((noreturn)) 40 #define __pure __attribute__((pure)) 41 #define __aligned(x) __attribute__((aligned(x))) 42 #define __printf(a, b) __attribute__((format(printf, a, b))) 43 #define __noinline __attribute__((noinline)) 44 #define __attr_const __attribute__((__const__)) 45 #define __unused __attribute__((unused)) 46 #define __maybe_unused __attribute__((unused)) 47 #define __used __attribute__((__used__)) 48 #define __must_check __attribute__((warn_unused_result)) 49 #define __cold __attribute__((__cold__)) 50 #define __section(x) __attribute__((section(x))) 51 #define __data __section(".data") 52 #define __bss __section(".bss") 53 #define __rodata __section(".rodata") 54 #define __rodata_unpaged __section(".rodata.__unpaged") 55 #define __noprof __attribute__((no_instrument_function)) 56 57 #define __compiler_bswap64(x) __builtin_bswap64((x)) 58 #define __compiler_bswap32(x) __builtin_bswap32((x)) 59 #define __compiler_bswap16(x) __builtin_bswap16((x)) 60 61 #define __GCC_VERSION (__GNUC__ * 10000 + __GNUC_MINOR__ * 100 + \ 62 __GNUC_PATCHLEVEL__) 63 64 #if __GCC_VERSION >= 50100 && !defined(__CHECKER__) 65 #define __HAVE_BUILTIN_OVERFLOW 1 66 #endif 67 68 #ifdef __HAVE_BUILTIN_OVERFLOW 69 #define __compiler_add_overflow(a, b, res) \ 70 __builtin_add_overflow((a), (b), (res)) 71 72 #define __compiler_sub_overflow(a, b, res) \ 73 __builtin_sub_overflow((a), (b), (res)) 74 75 #define __compiler_mul_overflow(a, b, res) \ 76 __builtin_mul_overflow((a), (b), (res)) 77 #else /*!__HAVE_BUILTIN_OVERFLOW*/ 78 79 /* 80 * Copied/inspired from https://www.fefe.de/intof.html 81 */ 82 #define __INTOF_HALF_MAX_SIGNED(type) ((type)1 << (sizeof(type)*8-2)) 83 #define __INTOF_MAX_SIGNED(type) (__INTOF_HALF_MAX_SIGNED(type) - 1 + \ 84 __INTOF_HALF_MAX_SIGNED(type)) 85 #define __INTOF_MIN_SIGNED(type) (-1 - __INTOF_MAX_SIGNED(type)) 86 87 #define __INTOF_MIN(type) ((type)-1 < 1?__INTOF_MIN_SIGNED(type):(type)0) 88 #define __INTOF_MAX(type) ((type)~__INTOF_MIN(type)) 89 90 #define __INTOF_ASSIGN(dest, src) (__extension__({ \ 91 typeof(src) __intof_x = (src); \ 92 typeof(dest) __intof_y = __intof_x; \ 93 (((uintmax_t)__intof_x == (uintmax_t)__intof_y) && \ 94 ((__intof_x < 1) == (__intof_y < 1)) ? \ 95 (void)((dest) = __intof_y) , 0 : 1); \ 96 })) 97 98 #define __INTOF_ADD(c, a, b) (__extension__({ \ 99 typeof(a) __intofa_a = (a); \ 100 typeof(b) __intofa_b = (b); \ 101 \ 102 __intofa_b < 1 ? \ 103 ((__INTOF_MIN(typeof(c)) - __intofa_b <= __intofa_a) ? \ 104 __INTOF_ASSIGN((c), __intofa_a + __intofa_b) : 1) : \ 105 ((__INTOF_MAX(typeof(c)) - __intofa_b >= __intofa_a) ? \ 106 __INTOF_ASSIGN((c), __intofa_a + __intofa_b) : 1); \ 107 })) 108 109 #define __INTOF_SUB(c, a, b) (__extension__({ \ 110 typeof(a) __intofs_a = a; \ 111 typeof(b) __intofs_b = b; \ 112 \ 113 __intofs_b < 1 ? \ 114 ((__INTOF_MAX(typeof(c)) + __intofs_b >= __intofs_a) ? \ 115 __INTOF_ASSIGN((c), __intofs_a - __intofs_b) : 1) : \ 116 ((__INTOF_MIN(typeof(c)) + __intofs_b <= __intofs_a) ? \ 117 __INTOF_ASSIGN((c), __intofs_a - __intofs_b) : 1); \ 118 })) 119 120 /* 121 * Dealing with detecting overflow in multiplication of integers. 122 * 123 * First step is to remove two corner cases with the minum signed integer 124 * which can't be represented as a positive integer + sign. 125 * Multiply with 0 or 1 can't overflow, no checking needed of the operation, 126 * only if it can be assigned to the result. 127 * 128 * After the corner cases are eliminated we convert the two factors to 129 * positive unsigned values, keeping track of the original in another 130 * variable which is used at the end to determine the sign of the product. 131 * 132 * The two terms (a and b) are divided into upper and lower half (x1 upper 133 * and x0 lower), so the product is: 134 * ((a1 << hshift) + a0) * ((b1 << hshift) + b0) 135 * which also is: 136 * ((a1 * b1) << (hshift * 2)) + (T1) 137 * ((a1 * b0 + a0 * b1) << hshift) + (T2) 138 * (a0 * b0) (T3) 139 * 140 * From this we can tell and (a1 * b1) has to be 0 or we'll overflow, that 141 * is, at least one of a1 or b1 has to be 0. Once this has been checked the 142 * addition: ((a1 * b0) << hshift) + ((a0 * b1) << hshift) 143 * isn't an addition as one of the terms will be 0. 144 * 145 * Since each factor in: (a0 * b0) 146 * only uses half the capicity of the underlaying type it can't overflow 147 * 148 * The addition of T2 and T3 can overflow so we use __INTOF_ADD() to 149 * perform that addition. If the addition succeeds without overflow the 150 * result is assigned the required sign and checked for overflow again. 151 */ 152 153 #define __intof_mul_negate ((__intof_oa < 1) != (__intof_ob < 1)) 154 #define __intof_mul_hshift (sizeof(uintmax_t) * 8 / 2) 155 #define __intof_mul_hmask (UINTMAX_MAX >> __intof_mul_hshift) 156 #define __intof_mul_a0 ((uintmax_t)(__intof_a) >> __intof_mul_hshift) 157 #define __intof_mul_b0 ((uintmax_t)(__intof_b) >> __intof_mul_hshift) 158 #define __intof_mul_a1 ((uintmax_t)(__intof_a) & __intof_mul_hmask) 159 #define __intof_mul_b1 ((uintmax_t)(__intof_b) & __intof_mul_hmask) 160 #define __intof_mul_t (__intof_mul_a1 * __intof_mul_b0 + \ 161 __intof_mul_a0 * __intof_mul_b1) 162 163 #define __INTOF_MUL(c, a, b) (__extension__({ \ 164 typeof(a) __intof_oa = (a); \ 165 typeof(a) __intof_a = __intof_oa < 1 ? -__intof_oa : __intof_oa; \ 166 typeof(b) __intof_ob = (b); \ 167 typeof(b) __intof_b = __intof_ob < 1 ? -__intof_ob : __intof_ob; \ 168 typeof(c) __intof_c; \ 169 \ 170 __intof_oa == 0 || __intof_ob == 0 || \ 171 __intof_oa == 1 || __intof_ob == 1 ? \ 172 __INTOF_ASSIGN((c), __intof_oa * __intof_ob) : \ 173 (__intof_mul_a0 && __intof_mul_b0) || \ 174 __intof_mul_t > __intof_mul_hmask ? 1 : \ 175 __INTOF_ADD((__intof_c), __intof_mul_t << __intof_mul_hshift, \ 176 __intof_mul_a1 * __intof_mul_b1) ? 1 : \ 177 __intof_mul_negate ? __INTOF_ASSIGN((c), -__intof_c) : \ 178 __INTOF_ASSIGN((c), __intof_c); \ 179 })) 180 181 #define __compiler_add_overflow(a, b, res) __INTOF_ADD(*(res), (a), (b)) 182 #define __compiler_sub_overflow(a, b, res) __INTOF_SUB(*(res), (a), (b)) 183 #define __compiler_mul_overflow(a, b, res) __INTOF_MUL(*(res), (a), (b)) 184 185 #endif /*!__HAVE_BUILTIN_OVERFLOW*/ 186 187 #endif /*COMPILER_H*/ 188