From c0805bc3f1ce4ff6fe9dd072b1ceb08e854e206e Mon Sep 17 00:00:00 2001 From: Simon McVittie Date: Wed, 14 Sep 2022 13:32:47 +0100 Subject: [PATCH 1/2] dbus-marshal-basic: Use _DBUS_ALIGNOF to compare alignments This means we get the alignment comparisons even on non-gcc compilers. Signed-off-by: Simon McVittie --- dbus/dbus-marshal-basic.c | 17 ++++------------- 1 file changed, 4 insertions(+), 13 deletions(-) diff --git a/dbus/dbus-marshal-basic.c b/dbus/dbus-marshal-basic.c index 938e29230..1f5d54a4e 100644 --- a/dbus/dbus-marshal-basic.c +++ b/dbus/dbus-marshal-basic.c @@ -30,19 +30,10 @@ #include -#if defined(__GNUC__) && (__GNUC__ >= 4) -# define _DBUS_ASSERT_ALIGNMENT(type, op, val) \ - _DBUS_STATIC_ASSERT (__extension__ __alignof__ (type) op val) -# define _DBUS_ASSERT_CMP_ALIGNMENT(left, op, right) \ - _DBUS_STATIC_ASSERT (__extension__ __alignof__ (left) op __extension__ __alignof__ (right)) -#else - /* not gcc, so probably no alignof operator: just use a no-op statement - * that's valid in the same contexts */ -# define _DBUS_ASSERT_ALIGNMENT(type, op, val) \ - _DBUS_STATIC_ASSERT (TRUE) -# define _DBUS_ASSERT_CMP_ALIGNMENT(left, op, right) \ - _DBUS_STATIC_ASSERT (TRUE) -#endif +#define _DBUS_ASSERT_ALIGNMENT(type, op, val) \ + _DBUS_STATIC_ASSERT (_DBUS_ALIGNOF (type) op val) +#define _DBUS_ASSERT_CMP_ALIGNMENT(left, op, right) \ + _DBUS_STATIC_ASSERT (_DBUS_ALIGNOF (left) op _DBUS_ALIGNOF (right)) /* True by definition, but just for completeness... */ _DBUS_STATIC_ASSERT (sizeof (char) == 1); -- GitLab From 0b221c4694966383b4fb4ed2a982d0ceab1be1ea Mon Sep 17 00:00:00 2001 From: Simon McVittie Date: Tue, 29 Nov 2022 20:47:21 +0000 Subject: [PATCH 2/2] internals: Statically assert some things we assume about pointers Like many relatively-low-level codebases, dbus has historically assumed that data pointers are interchangeable with function pointers (which is implied by POSIX and also true on Windows, but not guaranteed by ISO C). Before dbus!335 was merged, we also assumed that size_t is the same size as a pointer (which is frequently assumed, but not guaranteed by ISO C, and notably not true on CHERI). dbus!335 is believed to have removed all uses of that assumption. Signed-off-by: Simon McVittie --- dbus/dbus-internals.c | 29 +++++++++++++++++++++++++++++ 1 file changed, 29 insertions(+) diff --git a/dbus/dbus-internals.c b/dbus/dbus-internals.c index 2c4336773..3e578eb50 100644 --- a/dbus/dbus-internals.c +++ b/dbus/dbus-internals.c @@ -177,6 +177,35 @@ * Unlocks a global lock */ +/* The build system should have checked for DBUS_SIZEOF_VOID_P */ +_DBUS_STATIC_ASSERT (sizeof (void *) == DBUS_SIZEOF_VOID_P); + +/* dbus currently assumes that function pointers are essentially + * interchangeable with data pointers. There's nothing special about + * DBusShutdownFunction, it's just an arbitrary function pointer type. + * If this assertion fails on your platform, some porting will be required. */ +_DBUS_STATIC_ASSERT (sizeof (void *) == sizeof (DBusShutdownFunction)); +_DBUS_STATIC_ASSERT (_DBUS_ALIGNOF (void *) == _DBUS_ALIGNOF (DBusShutdownFunction)); + +/* This is meant to be true by definition. */ +_DBUS_STATIC_ASSERT (sizeof (void *) == sizeof (intptr_t)); +_DBUS_STATIC_ASSERT (sizeof (void *) == sizeof (uintptr_t)); + +/* + * Some frequent assumptions that we should *avoid* making include these, + * all of which are false on CHERI (which has 128-bit tagged pointers, + * but a 64-bit address space and therefore 64-bit sizes): + * + * sizeof (void *) <= sizeof (size_t) + * sizeof (void *) <= 8 + * _DBUS_ALIGNOF (void *) <= 8 + * + * We should also avoid making these assumptions, although we don't currently + * know a concrete example of platforms where they're false: + * + * sizeof (ptrdiff_t) == sizeof (size_t) + */ + /** * Fixed "out of memory" error message, just to avoid * making up a different string every time and wasting -- GitLab