compiler: Provide LIBPLDM_CC_NONNULL{,_ARGS()}
This allows us to elide checks where they're not necessary, and warn
people at compile-time when they're doing things they shouldn't.
Note that this comes with an apparent ABI break. abi-compliance-checker
reports:
```
platform.h, libpldm.so.0.8.0
[−] decode_sensor_op_data ( uint8_t const* sensor_data, size_t sensor_data_length, uint8_t* present_op_state, uint8_t* previous_op_state )
Change: The parameter previous_op_state became passed in r8 register instead of rcx.
Effect Applications will read the wrong memory block instead of the parameter value.
```
It's unclear to me why. The signature hasn't changed, but how the
implementation tests the parameter values has.
Change-Id: Ie8d8bc1641280522532d9b4764bf07c64b1921c8
Signed-off-by: Andrew Jeffery <andrew@codeconstruct.com.au>
diff --git a/src/msgbuf.h b/src/msgbuf.h
index c3498bb..38c7055 100644
--- a/src/msgbuf.h
+++ b/src/msgbuf.h
@@ -98,6 +98,7 @@
* `PLDM_MSGBUF_C_ERRNO`, or the equivalent PLDM completion code if the
* error mode is `PLDM_MSGBUF_PLDM_CC`.
*/
+LIBPLDM_CC_NONNULL
LIBPLDM_CC_ALWAYS_INLINE int pldm_msgbuf_status(struct pldm_msgbuf *ctx,
unsigned int err)
{
@@ -150,19 +151,15 @@
* @return 0 on success, otherwise an error code appropriate for the current
* personality.
*/
+LIBPLDM_CC_NONNULL
LIBPLDM_CC_ALWAYS_INLINE int
// NOLINTNEXTLINE(bugprone-reserved-identifier,cert-dcl37-c,cert-dcl51-cpp)
pldm__msgbuf_init(struct pldm_msgbuf *ctx, size_t minsize, const void *buf,
size_t len)
{
- assert(ctx);
assert(ctx->mode == PLDM_MSGBUF_PLDM_CC ||
ctx->mode == PLDM_MSGBUF_C_ERRNO);
- if (!buf) {
- return pldm_msgbuf_status(ctx, EINVAL);
- }
-
if ((minsize > len)) {
return pldm_msgbuf_status(ctx, EOVERFLOW);
}
@@ -197,14 +194,11 @@
* otherwise PLDM_ERROR_INVALID_DATA if pointer parameters are invalid,
* or PLDM_ERROR_INVALID_LENGTH if length constraints are violated.
*/
+LIBPLDM_CC_NONNULL
LIBPLDM_CC_ALWAYS_INLINE int pldm_msgbuf_init_cc(struct pldm_msgbuf *ctx,
size_t minsize,
const void *buf, size_t len)
{
- if (!ctx) {
- return PLDM_ERROR_INVALID_DATA;
- }
-
ctx->mode = PLDM_MSGBUF_PLDM_CC;
return pldm__msgbuf_init(ctx, minsize, buf, len);
}
@@ -223,14 +217,11 @@
* pointer parameters are invalid, or -EOVERFLOW if length constraints
* are violated.
*/
+LIBPLDM_CC_NONNULL
LIBPLDM_CC_ALWAYS_INLINE int pldm_msgbuf_init_errno(struct pldm_msgbuf *ctx,
size_t minsize,
const void *buf, size_t len)
{
- if (!ctx) {
- return -EINVAL;
- }
-
ctx->mode = PLDM_MSGBUF_C_ERRNO;
return pldm__msgbuf_init(ctx, minsize, buf, len);
}
@@ -246,9 +237,9 @@
* PLDM_ERROR_INVALID_DATA indicates that the provided context was not a valid
* pointer.
*/
+LIBPLDM_CC_NONNULL
LIBPLDM_CC_ALWAYS_INLINE int pldm_msgbuf_validate(struct pldm_msgbuf *ctx)
{
- assert(ctx);
if (ctx->remaining < 0) {
return pldm_msgbuf_status(ctx, EOVERFLOW);
}
@@ -267,9 +258,9 @@
* PLDM_ERROR_INVALID_DATA indicates that the provided context was not a valid
* pointer.
*/
+LIBPLDM_CC_NONNULL
LIBPLDM_CC_ALWAYS_INLINE int pldm_msgbuf_consumed(struct pldm_msgbuf *ctx)
{
- assert(ctx);
if (ctx->remaining != 0) {
return pldm_msgbuf_status(ctx, EBADMSG);
}
@@ -287,11 +278,11 @@
* PLDM_ERROR_INVALID_LENGTH if prior accesses would have occurred beyond the
* bounds of the buffer.
*/
+LIBPLDM_CC_NONNULL
LIBPLDM_CC_ALWAYS_INLINE int pldm_msgbuf_destroy(struct pldm_msgbuf *ctx)
{
int valid;
- assert(ctx);
valid = pldm_msgbuf_validate(ctx);
ctx->cursor = NULL;
@@ -311,12 +302,12 @@
* parameter is invalid, or PLDM_ERROR_INVALID_LENGTH if prior accesses would
* have occurred byond the bounds of the buffer
*/
+LIBPLDM_CC_NONNULL
LIBPLDM_CC_ALWAYS_INLINE int
pldm_msgbuf_destroy_consumed(struct pldm_msgbuf *ctx)
{
int consumed;
- assert(ctx);
consumed = pldm_msgbuf_consumed(ctx);
ctx->cursor = NULL;
@@ -425,13 +416,12 @@
#define pldm_msgbuf_extract_uint8(ctx, dst) \
pldm_msgbuf_extract_typecheck(uint8_t, pldm__msgbuf_extract_uint8, \
dst, ctx, dst)
+LIBPLDM_CC_NONNULL
LIBPLDM_CC_ALWAYS_INLINE int
// NOLINTNEXTLINE(bugprone-reserved-identifier,cert-dcl37-c,cert-dcl51-cpp)
pldm__msgbuf_extract_uint8(struct pldm_msgbuf *ctx, void *dst)
{
- assert(ctx);
-
- if (!ctx->cursor || !dst) {
+ if (!ctx->cursor) {
return pldm_msgbuf_status(ctx, EINVAL);
}
@@ -454,13 +444,12 @@
#define pldm_msgbuf_extract_int8(ctx, dst) \
pldm_msgbuf_extract_typecheck(int8_t, pldm__msgbuf_extract_int8, dst, \
ctx, dst)
+LIBPLDM_CC_NONNULL
LIBPLDM_CC_ALWAYS_INLINE int
// NOLINTNEXTLINE(bugprone-reserved-identifier,cert-dcl37-c,cert-dcl51-cpp)
pldm__msgbuf_extract_int8(struct pldm_msgbuf *ctx, void *dst)
{
- assert(ctx);
-
- if (!ctx->cursor || !dst) {
+ if (!ctx->cursor) {
return pldm_msgbuf_status(ctx, EINVAL);
}
@@ -482,15 +471,14 @@
#define pldm_msgbuf_extract_uint16(ctx, dst) \
pldm_msgbuf_extract_typecheck(uint16_t, pldm__msgbuf_extract_uint16, \
dst, ctx, dst)
+LIBPLDM_CC_NONNULL
LIBPLDM_CC_ALWAYS_INLINE int
// NOLINTNEXTLINE(bugprone-reserved-identifier,cert-dcl37-c,cert-dcl51-cpp)
pldm__msgbuf_extract_uint16(struct pldm_msgbuf *ctx, void *dst)
{
uint16_t ldst;
- assert(ctx);
-
- if (!ctx->cursor || !dst) {
+ if (!ctx->cursor) {
return pldm_msgbuf_status(ctx, EINVAL);
}
@@ -535,15 +523,14 @@
#define pldm_msgbuf_extract_int16(ctx, dst) \
pldm_msgbuf_extract_typecheck(int16_t, pldm__msgbuf_extract_int16, \
dst, ctx, dst)
+LIBPLDM_CC_NONNULL
LIBPLDM_CC_ALWAYS_INLINE int
// NOLINTNEXTLINE(bugprone-reserved-identifier,cert-dcl37-c,cert-dcl51-cpp)
pldm__msgbuf_extract_int16(struct pldm_msgbuf *ctx, void *dst)
{
int16_t ldst;
- assert(ctx);
-
- if (!ctx->cursor || !dst) {
+ if (!ctx->cursor) {
return pldm_msgbuf_status(ctx, EINVAL);
}
@@ -573,15 +560,14 @@
#define pldm_msgbuf_extract_uint32(ctx, dst) \
pldm_msgbuf_extract_typecheck(uint32_t, pldm__msgbuf_extract_uint32, \
dst, ctx, dst)
+LIBPLDM_CC_NONNULL
LIBPLDM_CC_ALWAYS_INLINE int
// NOLINTNEXTLINE(bugprone-reserved-identifier,cert-dcl37-c,cert-dcl51-cpp)
pldm__msgbuf_extract_uint32(struct pldm_msgbuf *ctx, void *dst)
{
uint32_t ldst;
- assert(ctx);
-
- if (!ctx->cursor || !dst) {
+ if (!ctx->cursor) {
return pldm_msgbuf_status(ctx, EINVAL);
}
@@ -610,15 +596,14 @@
#define pldm_msgbuf_extract_int32(ctx, dst) \
pldm_msgbuf_extract_typecheck(int32_t, pldm__msgbuf_extract_int32, \
dst, ctx, dst)
+LIBPLDM_CC_NONNULL
LIBPLDM_CC_ALWAYS_INLINE int
// NOLINTNEXTLINE(bugprone-reserved-identifier,cert-dcl37-c,cert-dcl51-cpp)
pldm__msgbuf_extract_int32(struct pldm_msgbuf *ctx, void *dst)
{
int32_t ldst;
- assert(ctx);
-
- if (!ctx->cursor || !dst) {
+ if (!ctx->cursor) {
return pldm_msgbuf_status(ctx, EINVAL);
}
@@ -647,6 +632,7 @@
#define pldm_msgbuf_extract_real32(ctx, dst) \
pldm_msgbuf_extract_typecheck(real32_t, pldm__msgbuf_extract_real32, \
dst, ctx, dst)
+LIBPLDM_CC_NONNULL
LIBPLDM_CC_ALWAYS_INLINE int
// NOLINTNEXTLINE(bugprone-reserved-identifier,cert-dcl37-c,cert-dcl51-cpp)
pldm__msgbuf_extract_real32(struct pldm_msgbuf *ctx, void *dst)
@@ -656,9 +642,7 @@
static_assert(sizeof(real32_t) == sizeof(ldst),
"Mismatched type sizes for dst and ldst");
- assert(ctx);
-
- if (!ctx->cursor || !dst) {
+ if (!ctx->cursor) {
return pldm_msgbuf_status(ctx, EINVAL);
}
@@ -725,15 +709,14 @@
/**
* @ref pldm_msgbuf_extract_array
*/
+LIBPLDM_CC_NONNULL
LIBPLDM_CC_WARN_UNUSED_RESULT
LIBPLDM_CC_ALWAYS_INLINE int
// NOLINTNEXTLINE(bugprone-reserved-identifier,cert-dcl37-c,cert-dcl51-cpp)
pldm__msgbuf_extract_array_void(struct pldm_msgbuf *ctx, size_t count,
void *dst, size_t dst_count)
{
- assert(ctx);
-
- if (!ctx->cursor || !dst || count > dst_count) {
+ if (!ctx->cursor || count > dst_count) {
return pldm_msgbuf_status(ctx, EINVAL);
}
@@ -765,6 +748,7 @@
/**
* @ref pldm_msgbuf_extract_array
*/
+LIBPLDM_CC_NONNULL
LIBPLDM_CC_WARN_UNUSED_RESULT
LIBPLDM_CC_ALWAYS_INLINE int
pldm_msgbuf_extract_array_char(struct pldm_msgbuf *ctx, size_t count, char *dst,
@@ -776,6 +760,7 @@
/**
* @ref pldm_msgbuf_extract_array
*/
+LIBPLDM_CC_NONNULL
LIBPLDM_CC_WARN_UNUSED_RESULT
LIBPLDM_CC_ALWAYS_INLINE int
pldm_msgbuf_extract_array_uint8(struct pldm_msgbuf *ctx, size_t count,
@@ -803,13 +788,12 @@
char: pldm_msgbuf_extract_array_char)(ctx, count, dst, \
dst_count)
+LIBPLDM_CC_NONNULL
LIBPLDM_CC_ALWAYS_INLINE int pldm_msgbuf_insert_uint32(struct pldm_msgbuf *ctx,
const uint32_t src)
{
uint32_t val = htole32(src);
- assert(ctx);
-
if (!ctx->cursor) {
return pldm_msgbuf_status(ctx, EINVAL);
}
@@ -834,13 +818,12 @@
return 0;
}
+LIBPLDM_CC_NONNULL
LIBPLDM_CC_ALWAYS_INLINE int pldm_msgbuf_insert_uint16(struct pldm_msgbuf *ctx,
const uint16_t src)
{
uint16_t val = htole16(src);
- assert(ctx);
-
if (!ctx->cursor) {
return pldm_msgbuf_status(ctx, EINVAL);
}
@@ -865,11 +848,10 @@
return 0;
}
+LIBPLDM_CC_NONNULL
LIBPLDM_CC_ALWAYS_INLINE int pldm_msgbuf_insert_uint8(struct pldm_msgbuf *ctx,
const uint8_t src)
{
- assert(ctx);
-
if (!ctx->cursor) {
return pldm_msgbuf_status(ctx, EINVAL);
}
@@ -894,13 +876,12 @@
return 0;
}
+LIBPLDM_CC_NONNULL
LIBPLDM_CC_ALWAYS_INLINE int pldm_msgbuf_insert_int32(struct pldm_msgbuf *ctx,
const int32_t src)
{
int32_t val = htole32(src);
- assert(ctx);
-
if (!ctx->cursor) {
return pldm_msgbuf_status(ctx, EINVAL);
}
@@ -925,13 +906,12 @@
return 0;
}
+LIBPLDM_CC_NONNULL
LIBPLDM_CC_ALWAYS_INLINE int pldm_msgbuf_insert_int16(struct pldm_msgbuf *ctx,
const int16_t src)
{
int16_t val = htole16(src);
- assert(ctx);
-
if (!ctx->cursor) {
return pldm_msgbuf_status(ctx, EINVAL);
}
@@ -956,11 +936,10 @@
return 0;
}
+LIBPLDM_CC_NONNULL
LIBPLDM_CC_ALWAYS_INLINE int pldm_msgbuf_insert_int8(struct pldm_msgbuf *ctx,
const int8_t src)
{
- assert(ctx);
-
if (!ctx->cursor) {
return pldm_msgbuf_status(ctx, EINVAL);
}
@@ -997,15 +976,14 @@
/**
* @ref pldm_msgbuf_insert_array
*/
+LIBPLDM_CC_NONNULL
LIBPLDM_CC_WARN_UNUSED_RESULT
LIBPLDM_CC_ALWAYS_INLINE int
// NOLINTNEXTLINE(bugprone-reserved-identifier,cert-dcl37-c,cert-dcl51-cpp)
pldm__msgbuf_insert_array_void(struct pldm_msgbuf *ctx, size_t count,
const void *src, size_t src_count)
{
- assert(ctx);
-
- if (!ctx->cursor || !src || count > src_count) {
+ if (!ctx->cursor || count > src_count) {
return pldm_msgbuf_status(ctx, EINVAL);
}
@@ -1037,6 +1015,7 @@
/**
* @ref pldm_msgbuf_insert_array
*/
+LIBPLDM_CC_NONNULL
LIBPLDM_CC_WARN_UNUSED_RESULT
LIBPLDM_CC_ALWAYS_INLINE int
pldm_msgbuf_insert_array_char(struct pldm_msgbuf *ctx, size_t count,
@@ -1048,6 +1027,7 @@
/**
* @ref pldm_msgbuf_insert_array
*/
+LIBPLDM_CC_NONNULL
LIBPLDM_CC_WARN_UNUSED_RESULT
LIBPLDM_CC_ALWAYS_INLINE int
pldm_msgbuf_insert_array_uint8(struct pldm_msgbuf *ctx, size_t count,
@@ -1076,13 +1056,12 @@
char: pldm_msgbuf_insert_array_char)(dst, count, src, \
src_count)
+LIBPLDM_CC_NONNULL
LIBPLDM_CC_ALWAYS_INLINE int pldm_msgbuf_span_required(struct pldm_msgbuf *ctx,
size_t required,
void **cursor)
{
- assert(ctx);
-
- if (!ctx->cursor || !cursor || *cursor) {
+ if (!ctx->cursor || *cursor) {
return pldm_msgbuf_status(ctx, EINVAL);
}
@@ -1107,14 +1086,13 @@
return 0;
}
+LIBPLDM_CC_NONNULL_ARGS(1)
LIBPLDM_CC_ALWAYS_INLINE int
pldm_msgbuf_span_string_ascii(struct pldm_msgbuf *ctx, void **cursor,
size_t *length)
{
intmax_t measured;
- assert(ctx);
-
if (!ctx->cursor || (cursor && *cursor)) {
return pldm_msgbuf_status(ctx, EINVAL);
}
@@ -1162,6 +1140,7 @@
return 0;
}
+LIBPLDM_CC_NONNULL_ARGS(1)
LIBPLDM_CC_ALWAYS_INLINE int
pldm_msgbuf_span_string_utf16(struct pldm_msgbuf *ctx, void **cursor,
size_t *length)
@@ -1170,8 +1149,6 @@
ptrdiff_t measured;
void *end;
- assert(ctx);
-
if (!ctx->cursor || (cursor && *cursor)) {
return pldm_msgbuf_status(ctx, EINVAL);
}
@@ -1243,12 +1220,11 @@
return 0;
}
+LIBPLDM_CC_NONNULL
LIBPLDM_CC_ALWAYS_INLINE int
pldm_msgbuf_span_remaining(struct pldm_msgbuf *ctx, void **cursor, size_t *len)
{
- assert(ctx);
-
- if (!ctx->cursor || !cursor || *cursor || !len) {
+ if (!ctx->cursor || *cursor) {
return pldm_msgbuf_status(ctx, EINVAL);
}
@@ -1279,16 +1255,15 @@
*/
#define pldm_msgbuf_copy(dst, src, type, name) \
pldm__msgbuf_copy(dst, src, sizeof(type), #name)
+LIBPLDM_CC_NONNULL
LIBPLDM_CC_ALWAYS_INLINE int
// NOLINTNEXTLINE(bugprone-reserved-identifier,cert-dcl37-c,cert-dcl51-cpp)
pldm__msgbuf_copy(struct pldm_msgbuf *dst, struct pldm_msgbuf *src, size_t size,
- const char *description)
+ const char *description LIBPLDM_CC_UNUSED)
{
- assert(src);
- assert(dst);
assert(src->mode == dst->mode);
- if (!src->cursor || !dst->cursor || !description) {
+ if (!src->cursor || !dst->cursor) {
return pldm_msgbuf_status(dst, EINVAL);
}
@@ -1325,6 +1300,7 @@
return 0;
}
+LIBPLDM_CC_NONNULL
LIBPLDM_CC_WARN_UNUSED_RESULT
LIBPLDM_CC_ALWAYS_INLINE int
pldm_msgbuf_copy_string_ascii(struct pldm_msgbuf *dst, struct pldm_msgbuf *src)
@@ -1341,6 +1317,7 @@
return pldm__msgbuf_insert_array_void(dst, len, ascii, len);
}
+LIBPLDM_CC_NONNULL
LIBPLDM_CC_WARN_UNUSED_RESULT
LIBPLDM_CC_ALWAYS_INLINE int
pldm_msgbuf_copy_string_utf16(struct pldm_msgbuf *dst, struct pldm_msgbuf *src)