xref: /optee_os/lib/libutils/ext/include/compiler.h (revision fc78b3ffc59ef03e599ae952b4345f03f466f11c) 
1 /* SPDX-License-Identifier: BSD-2-Clause */
2 /*
3  * Copyright (c) 2014, STMicroelectronics International N.V.
4  */
5 
6 #ifndef COMPILER_H
7 #define COMPILER_H
8 
9 #define __GCC_VERSION (__GNUC__ * 10000 + __GNUC_MINOR__ * 100 + \
10 		       __GNUC_PATCHLEVEL__)
11 
12 /*
13  * Macros that should be used instead of using __attribute__ directly to
14  * ease portability and make the code easier to read.
15  *
16  * Some of the defines below is known to sometimes cause conflicts when
17  * this file is included from xtest in normal world. It is assumed that
18  * the conflicting defines has the same meaning in that environment.
19  * Surrounding the troublesome defines with #ifndef should be enough.
20  */
21 #define __deprecated	__attribute__((deprecated))
22 #ifndef __packed
23 #define __packed	__attribute__((packed))
24 #endif
25 #define __weak		__attribute__((weak))
26 #ifndef __noreturn
27 #define __noreturn	__attribute__((noreturn))
28 #endif
29 #define __pure		__attribute__((pure))
30 #define __aligned(x)	__attribute__((aligned(x)))
31 #define __printf(a, b)	__attribute__((format(printf, a, b)))
32 #define __noinline	__attribute__((noinline))
33 #define __attr_const	__attribute__((__const__))
34 #ifndef __unused
35 #define __unused	__attribute__((unused))
36 #endif
37 #define __maybe_unused	__attribute__((unused))
38 #ifndef __used
39 #define __used		__attribute__((__used__))
40 #endif
41 #define __must_check	__attribute__((warn_unused_result))
42 #define __cold		__attribute__((__cold__))
43 #define __section(x)	__attribute__((section(x)))
44 #define __data		__section(".data")
45 #define __bss		__section(".bss")
46 #if __GCC_VERSION >= 80000
47 /*
48  * Override sections flags/type generated by the C compiler to make sure they
49  * are: "a",%progbits (thus creating an allocatable, non-writeable, non-
50  * executable data section).
51  * The trailing '//' comments out the flags generated by the compiler.
52  * This avoids a harmless warning with GCC 8.x which adds a "w" (writable) flag.
53  */
54 #define __SECTION_FLAGS_RODATA ",\"a\",%progbits //"
55 #else
56 #define __SECTION_FLAGS_RODATA
57 #endif
58 #define __rodata	__section(".rodata" __SECTION_FLAGS_RODATA)
59 #define __rodata_unpaged __section(".rodata.__unpaged" __SECTION_FLAGS_RODATA)
60 #ifdef CFG_VIRTUALIZATION
61 #define __nex_bss		__section(".nex_bss")
62 #define __nex_data		__section(".nex_data")
63 #else  /* CFG_VIRTUALIZATION */
64 #define __nex_bss
65 #define __nex_data
66 #endif	/* CFG_VIRTUALIZATION */
67 #define __noprof	__attribute__((no_instrument_function))
68 
69 #define __compiler_bswap64(x)	__builtin_bswap64((x))
70 #define __compiler_bswap32(x)	__builtin_bswap32((x))
71 #define __compiler_bswap16(x)	__builtin_bswap16((x))
72 
73 #if __GCC_VERSION >= 50100 && !defined(__CHECKER__)
74 #define __HAVE_BUILTIN_OVERFLOW 1
75 #endif
76 
77 #ifdef __HAVE_BUILTIN_OVERFLOW
78 #define __compiler_add_overflow(a, b, res) \
79 	__builtin_add_overflow((a), (b), (res))
80 
81 #define __compiler_sub_overflow(a, b, res) \
82 	__builtin_sub_overflow((a), (b), (res))
83 
84 #define __compiler_mul_overflow(a, b, res) \
85 	__builtin_mul_overflow((a), (b), (res))
86 #else /*!__HAVE_BUILTIN_OVERFLOW*/
87 
88 /*
89  * Copied/inspired from https://www.fefe.de/intof.html
90  */
91 
92 #define __INTOF_ASSIGN(dest, src) (__extension__({ \
93 	typeof(src) __intof_x = (src); \
94 	typeof(dest) __intof_y = __intof_x; \
95 	(((uintmax_t)__intof_x == (uintmax_t)__intof_y) && \
96 	 ((__intof_x < 1) == (__intof_y < 1)) ? \
97 		(void)((dest) = __intof_y) , 0 : 1); \
98 }))
99 
100 #define __INTOF_ADD(c, a, b) (__extension__({ \
101 	typeof(a) __intofa_a = (a); \
102 	typeof(b) __intofa_b = (b); \
103 	intmax_t __intofa_a_signed = __intofa_a; \
104 	uintmax_t __intofa_a_unsigned = __intofa_a; \
105 	intmax_t __intofa_b_signed = __intofa_b; \
106 	uintmax_t __intofa_b_unsigned = __intofa_b; \
107 	\
108 	__intofa_b < 1 ? \
109 		__intofa_a < 1 ? \
110 			((INTMAX_MIN - __intofa_b_signed <= \
111 			  __intofa_a_signed)) ? \
112 				__INTOF_ASSIGN((c), __intofa_a_signed + \
113 						    __intofa_b_signed) : 1 \
114 		: \
115 			((__intofa_a_unsigned >= (uintmax_t)-__intofa_b) ? \
116 				__INTOF_ASSIGN((c), __intofa_a_unsigned + \
117 						    __intofa_b_signed) \
118 			: \
119 				__INTOF_ASSIGN((c), \
120 					(intmax_t)(__intofa_a_unsigned + \
121 						   __intofa_b_signed))) \
122 	: \
123 		__intofa_a < 1 ? \
124 			((__intofa_b_unsigned >= (uintmax_t)-__intofa_a) ? \
125 				__INTOF_ASSIGN((c), __intofa_a_signed + \
126 						    __intofa_b_unsigned) \
127 			: \
128 				__INTOF_ASSIGN((c), \
129 					(intmax_t)(__intofa_a_signed + \
130 						   __intofa_b_unsigned))) \
131 		: \
132 			((UINTMAX_MAX - __intofa_b_unsigned >= \
133 			  __intofa_a_unsigned) ? \
134 				__INTOF_ASSIGN((c), __intofa_a_unsigned + \
135 						    __intofa_b_unsigned) : 1); \
136 }))
137 
138 #define __INTOF_SUB(c, a, b) (__extension__({ \
139 	typeof(a) __intofs_a = a; \
140 	typeof(b) __intofs_b = b; \
141 	intmax_t __intofs_a_signed = __intofs_a; \
142 	uintmax_t __intofs_a_unsigned = __intofs_a; \
143 	intmax_t __intofs_b_signed = __intofs_b; \
144 	uintmax_t __intofs_b_unsigned = __intofs_b; \
145 	\
146 	__intofs_b < 1 ? \
147 		__intofs_a < 1 ? \
148 			((INTMAX_MAX + __intofs_b >= __intofs_a) ? \
149 				__INTOF_ASSIGN((c), __intofs_a_signed - \
150 						    __intofs_b_signed) : 1) \
151 		: \
152 			(((uintmax_t)(UINTMAX_MAX + __intofs_b_signed) >= \
153 			  __intofs_a_unsigned) ? \
154 				__INTOF_ASSIGN((c), __intofs_a - \
155 						    __intofs_b) : 1) \
156 	: \
157 		__intofs_a < 1 ? \
158 			(((INTMAX_MIN + __intofs_b <= __intofs_a)) ? \
159 				__INTOF_ASSIGN((c), \
160 					(intmax_t)(__intofs_a_signed - \
161 						   __intofs_b_unsigned)) : 1) \
162 		: \
163 			((__intofs_b_unsigned <= __intofs_a_unsigned) ? \
164 				__INTOF_ASSIGN((c), __intofs_a_unsigned - \
165 						    __intofs_b_unsigned) \
166 			: \
167 				__INTOF_ASSIGN((c), \
168 					(intmax_t)(__intofs_a_unsigned - \
169 						   __intofs_b_unsigned))); \
170 }))
171 
172 /*
173  * Dealing with detecting overflow in multiplication of integers.
174  *
175  * First step is to remove two corner cases with the minum signed integer
176  * which can't be represented as a positive integer + sign.
177  * Multiply with 0 or 1 can't overflow, no checking needed of the operation,
178  * only if it can be assigned to the result.
179  *
180  * After the corner cases are eliminated we convert the two factors to
181  * positive unsigned values, keeping track of the original in another
182  * variable which is used at the end to determine the sign of the product.
183  *
184  * The two terms (a and b) are divided into upper and lower half (x1 upper
185  * and x0 lower), so the product is:
186  * ((a1 << hshift) + a0) * ((b1 << hshift) + b0)
187  * which also is:
188  * ((a1 * b1) << (hshift * 2)) +				(T1)
189  * ((a1 * b0 + a0 * b1) << hshift) +				(T2)
190  * (a0 * b0)							(T3)
191  *
192  * From this we can tell and (a1 * b1) has to be 0 or we'll overflow, that
193  * is, at least one of a1 or b1 has to be 0. Once this has been checked the
194  * addition: ((a1 * b0) << hshift) + ((a0 * b1) << hshift)
195  * isn't an addition as one of the terms will be 0.
196  *
197  * Since each factor in: (a0 * b0)
198  * only uses half the capicity of the underlaying type it can't overflow
199  *
200  * The addition of T2 and T3 can overflow so we use __INTOF_ADD() to
201  * perform that addition. If the addition succeeds without overflow the
202  * result is assigned the required sign and checked for overflow again.
203  */
204 
205 #define __intof_mul_negate	((__intof_oa < 1) != (__intof_ob < 1))
206 #define __intof_mul_hshift	(sizeof(uintmax_t) * 8 / 2)
207 #define __intof_mul_hmask	(UINTMAX_MAX >> __intof_mul_hshift)
208 #define __intof_mul_a0		((uintmax_t)(__intof_a) >> __intof_mul_hshift)
209 #define __intof_mul_b0		((uintmax_t)(__intof_b) >> __intof_mul_hshift)
210 #define __intof_mul_a1		((uintmax_t)(__intof_a) & __intof_mul_hmask)
211 #define __intof_mul_b1		((uintmax_t)(__intof_b) & __intof_mul_hmask)
212 #define __intof_mul_t		(__intof_mul_a1 * __intof_mul_b0 + \
213 				 __intof_mul_a0 * __intof_mul_b1)
214 
215 #define __INTOF_MUL(c, a, b) (__extension__({ \
216 	typeof(a) __intof_oa = (a); \
217 	typeof(a) __intof_a = __intof_oa < 1 ? -__intof_oa : __intof_oa; \
218 	typeof(b) __intof_ob = (b); \
219 	typeof(b) __intof_b = __intof_ob < 1 ? -__intof_ob : __intof_ob; \
220 	typeof(c) __intof_c; \
221 	\
222 	__intof_oa == 0 || __intof_ob == 0 || \
223 	__intof_oa == 1 || __intof_ob == 1 ? \
224 		__INTOF_ASSIGN((c), __intof_oa * __intof_ob) : \
225 	(__intof_mul_a0 && __intof_mul_b0) || \
226 	 __intof_mul_t > __intof_mul_hmask ?  1 : \
227 	__INTOF_ADD((__intof_c), __intof_mul_t << __intof_mul_hshift, \
228 				 __intof_mul_a1 * __intof_mul_b1) ? 1 : \
229 	__intof_mul_negate ? __INTOF_ASSIGN((c), -__intof_c) : \
230 			     __INTOF_ASSIGN((c), __intof_c); \
231 }))
232 
233 #define __compiler_add_overflow(a, b, res) __INTOF_ADD(*(res), (a), (b))
234 #define __compiler_sub_overflow(a, b, res) __INTOF_SUB(*(res), (a), (b))
235 #define __compiler_mul_overflow(a, b, res) __INTOF_MUL(*(res), (a), (b))
236 
237 #endif /*!__HAVE_BUILTIN_OVERFLOW*/
238 
239 #define __compiler_compare_and_swap(p, oval, nval) \
240 	__atomic_compare_exchange_n((p), (oval), (nval), true, \
241 				    __ATOMIC_ACQUIRE, __ATOMIC_RELAXED) \
242 
243 #define __compiler_atomic_load(p) __atomic_load_n((p), __ATOMIC_RELAXED)
244 #define __compiler_atomic_store(p, val) \
245 	__atomic_store_n((p), (val), __ATOMIC_RELAXED)
246 
247 #endif /*COMPILER_H*/
248