From a3ccc497cd17147713363a4bf975f1a269fadb6d Mon Sep 17 00:00:00 2001 From: Daniel Santos Date: Thu, 21 Feb 2013 16:41:52 -0800 Subject: [PATCH] bug.h: make BUILD_BUG_ON generate compile-time error Negative sized arrays wont create a compile-time error in some cases starting with gcc 4.4 (e.g., inlined functions), but gcc 4.3 introduced the error function attribute that will. This patch modifies BUILD_BUG_ON to behave like BUILD_BUG already does, using the error function attribute so that you don't have to build the entire kernel to discover that you have a problem, and then enjoy trying to track it down from a link-time error. Also, we are only including asm/bug.h and then expecting that linux/compiler.h will eventually be included to define __linktime_error (used in BUILD_BUG_ON). This patch includes it directly for clarity and to avoid the possibility of changes in /*/include/asm/bug.h being changed or not including linux/compiler.h for some reason. Signed-off-by: Daniel Santos Acked-by: Borislav Petkov Cc: Andi Kleen Cc: David Rientjes Cc: Joe Perches Cc: Josh Triplett Cc: Paul Gortmaker Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds --- include/linux/bug.h | 32 +++++++++++++++++++------------- 1 file changed, 19 insertions(+), 13 deletions(-) diff --git a/include/linux/bug.h b/include/linux/bug.h index 89fb91d0c929..73af37ca472c 100644 --- a/include/linux/bug.h +++ b/include/linux/bug.h @@ -2,6 +2,7 @@ #define _LINUX_BUG_H #include +#include enum bug_trap_type { BUG_TRAP_TYPE_NONE = 0, @@ -43,25 +44,30 @@ struct pt_regs; * @condition: the condition which the compiler should know is false. * * If you have some code which relies on certain constants being equal, or - * other compile-time-evaluated condition, you should use BUILD_BUG_ON to + * some other compile-time-evaluated condition, you should use BUILD_BUG_ON to * detect if someone changes it. * - * The implementation uses gcc's reluctance to create a negative array, but - * gcc (as of 4.4) only emits that error for obvious cases (eg. not arguments - * to inline functions). So as a fallback we use the optimizer; if it can't - * prove the condition is false, it will cause a link error on the undefined - * "__build_bug_on_failed". This error message can be harder to track down - * though, hence the two different methods. + * The implementation uses gcc's reluctance to create a negative array, but gcc + * (as of 4.4) only emits that error for obvious cases (e.g. not arguments to + * inline functions). Luckily, in 4.3 they added the "error" function + * attribute just for this type of case. Thus, we use a negative sized array + * (should always create an error on gcc versions older than 4.4) and then call + * an undefined function with the error attribute (should always create an + * error on gcc 4.3 and later). If for some reason, neither creates a + * compile-time error, we'll still have a link-time error, which is harder to + * track down. */ #ifndef __OPTIMIZE__ #define BUILD_BUG_ON(condition) ((void)sizeof(char[1 - 2*!!(condition)])) #else -extern int __build_bug_on_failed; -#define BUILD_BUG_ON(condition) \ - do { \ - bool __cond = !!(condition); \ - ((void)sizeof(char[1 - 2 * __cond])); \ - if (__cond) __build_bug_on_failed = 1; \ +#define BUILD_BUG_ON(condition) \ + do { \ + bool __cond = !!(condition); \ + extern void __build_bug_on_failed(void) \ + __compiletime_error("BUILD_BUG_ON failed"); \ + if (__cond) \ + __build_bug_on_failed(); \ + ((void)sizeof(char[1 - 2 * __cond])); \ } while (0) #endif