binutils-gdb/gdbsupport/poison.h

249 lines
6.0 KiB
C
Raw Normal View History

/* Poison symbols at compile time.
Copyright (C) 2017-2021 Free Software Foundation, Inc.
This file is part of GDB.
This program is free software; you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation; either version 3 of the License, or
(at your option) any later version.
This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details.
You should have received a copy of the GNU General Public License
along with this program. If not, see <http://www.gnu.org/licenses/>. */
#ifndef COMMON_POISON_H
#define COMMON_POISON_H
#include "traits.h"
Introduce obstack_new, poison other "typed" obstack functions Since we use obstacks with objects that are not default constructible, we sometimes need to manually call the constructor by hand using placement new: foo *f = obstack_alloc (obstack, sizeof (foo)); f = new (f) foo; It's possible to use allocate_on_obstack instead, but there are types that we sometimes want to allocate on an obstack, and sometimes on the regular heap. This patch introduces a utility to make this pattern simpler if allocate_on_obstack is not an option: foo *f = obstack_new<foo> (obstack); Right now there's only one usage (in tdesc_data_init). To help catch places where we would forget to call new when allocating such an object on an obstack, this patch also poisons some other methods of allocating an instance of a type on an obstack: - OBSTACK_ZALLOC/OBSTACK_CALLOC - XOBNEW/XOBNEW - GDBARCH_OBSTACK_ZALLOC/GDBARCH_OBSTACK_CALLOC Unfortunately, there's no way to catch wrong usages of obstack_alloc. By pulling on that string though, it tripped on allocating struct template_symbol using OBSTACK_ZALLOC. The criterion currently used to know whether it's safe to "malloc" an instance of a struct is whether it is a POD. Because it inherits from struct symbol, template_symbol is not a POD. This criterion is a bit too strict however, it should still safe to allocate memory for a template_symbol and memset it to 0. We didn't use is_trivially_constructible as the criterion in the first place only because it is not available in gcc < 5. So here I considered two alternatives: 1. Relax that criterion to use std::is_trivially_constructible and add a bit more glue code to make it work with gcc < 5 2. Continue pulling on the string and change how the symbol structures are allocated and initialized I managed to do both, but I decided to go with #1 to keep this patch simpler and more focused. When building with a compiler that does not have is_trivially_constructible, the check will just not be enforced. gdb/ChangeLog: * common/traits.h (HAVE_IS_TRIVIALLY_COPYABLE): Define if compiler supports std::is_trivially_constructible. * common/poison.h: Include obstack.h. (IsMallocable): Define to is_trivially_constructible if the compiler supports it, define to true_type otherwise. (xobnew): New. (XOBNEW): Redefine. (xobnewvec): New. (XOBNEWVEC): Redefine. * gdb_obstack.h (obstack_zalloc): New. (OBSTACK_ZALLOC): Redefine. (obstack_calloc): New. (OBSTACK_CALLOC): Redefine. (obstack_new): New. * gdbarch.sh: Include gdb_obstack in gdbarch.h. (gdbarch_obstack): New declaration in gdbarch.h, definition in gdbarch.c. (GDBARCH_OBSTACK_CALLOC, GDBARCH_OBSTACK_ZALLOC): Use obstack_calloc/obstack_zalloc. (gdbarch_obstack_zalloc): Remove. * target-descriptions.c (tdesc_data_init): Use obstack_new.
2018-05-21 09:06:03 +08:00
#include "obstack.h"
/* Poison memset of non-POD types. The idea is catching invalid
initialization of non-POD structs that is easy to be introduced as
side effect of refactoring. For example, say this:
struct S { VEC(foo_s) *m_data; };
is converted to this at some point:
struct S {
S() { m_data.reserve (10); }
std::vector<foo> m_data;
};
and old code was initializing S objects like this:
struct S s;
memset (&s, 0, sizeof (S)); // whoops, now wipes vector.
Declaring memset as deleted for non-POD types makes the memset above
be a compile-time error. */
/* Helper for SFINAE. True if "T *" is memsettable. I.e., if T is
either void, or POD. */
template<typename T>
struct IsMemsettable
: gdb::Or<std::is_void<T>,
std::is_pod<T>>
{};
template <typename T,
typename = gdb::Requires<gdb::Not<IsMemsettable<T>>>>
void *memset (T *s, int c, size_t n) = delete;
#if HAVE_IS_TRIVIALLY_COPYABLE
/* Similarly, poison memcpy and memmove of non trivially-copyable
types, which is undefined. */
/* True if "T *" is relocatable. I.e., copyable with memcpy/memmove.
I.e., T is either trivially copyable, or void. */
template<typename T>
struct IsRelocatable
: gdb::Or<std::is_void<T>,
std::is_trivially_copyable<T>>
{};
/* True if both source and destination are relocatable. */
template <typename D, typename S>
using BothAreRelocatable
= gdb::And<IsRelocatable<D>, IsRelocatable<S>>;
template <typename D, typename S,
typename = gdb::Requires<gdb::Not<BothAreRelocatable<D, S>>>>
void *memcpy (D *dest, const S *src, size_t n) = delete;
template <typename D, typename S,
typename = gdb::Requires<gdb::Not<BothAreRelocatable<D, S>>>>
void *memmove (D *dest, const S *src, size_t n) = delete;
#endif /* HAVE_IS_TRIVIALLY_COPYABLE */
Poison XNEW and friends for types that should use new/delete This patch (finally!) makes it so that trying to use XNEW with a type that requires "new" will cause a compilation error. The criterion I initially used to allow a type to use XNEW (which calls malloc in the end) was std::is_trivially_constructible, but then realized that gcc 4.8 did not have it. Instead, I went with: using IsMallocatable = std::is_pod<T>; which is just a bit more strict, which doesn't hurt. A similar thing is done for macros that free instead of allocated, the criterion is: using IsFreeable = gdb::Or<std::is_trivially_destructible<T>, std::is_void<T>>; Trying to use XNEW on a type that requires new will result in an error like this: In file included from /home/simark/src/binutils-gdb/gdb/common/common-utils.h:26:0, from /home/simark/src/binutils-gdb/gdb/common/common-defs.h:78, from /home/simark/src/binutils-gdb/gdb/defs.h:28, from /home/simark/src/binutils-gdb/gdb/lala.c:1: /home/simark/src/binutils-gdb/gdb/common/poison.h: In instantiation of ‘T* xnew() [with T = bar]’: /home/simark/src/binutils-gdb/gdb/lala.c:13:3: required from here /home/simark/src/binutils-gdb/gdb/common/poison.h:103:3: error: static assertion failed: Trying to use XNEW with a non-POD data type. Use operator new instead. static_assert (IsMallocatable<T>::value, "Trying to use XNEW with a non-POD\ ^~~~~~~~~~~~~ Generated-code-wise, it adds one more function call (xnew<T>) when using XNEW and building with -O0, but it all goes away with optimizations enabled. gdb/ChangeLog: * common/common-utils.h: Include poison.h. (xfree): Remove declaration, add definition with static_assert. * common/common-utils.c (xfree): Remove. * common/poison.h (IsMallocatable): Define. (IsFreeable): Define. (free): Delete for non-freeable types. (xnew): New. (XNEW): Undef and redefine. (xcnew): New. (XCNEW): Undef and redefine. (xdelete): New. (XDELETE): Undef and redefine. (xnewvec): New. (XNEWVEC): Undef and redefine. (xcnewvec): New. (XCNEWVEC): Undef and redefine. (xresizevec): New. (XRESIZEVEC): Undef and redefine. (xdeletevec): New. (XDELETEVEC): Undef and redefine. (xnewvar): New. (XNEWVAR): Undef and redefine. (xcnewvar): New. (XCNEWVAR): Undef and redefine. (xresizevar): New. (XRESIZEVAR): Undef and redefine.
2017-11-24 23:42:01 +08:00
/* Poison XNEW and friends to catch usages of malloc-style allocations on
objects that require new/delete. */
template<typename T>
Introduce obstack_new, poison other "typed" obstack functions Since we use obstacks with objects that are not default constructible, we sometimes need to manually call the constructor by hand using placement new: foo *f = obstack_alloc (obstack, sizeof (foo)); f = new (f) foo; It's possible to use allocate_on_obstack instead, but there are types that we sometimes want to allocate on an obstack, and sometimes on the regular heap. This patch introduces a utility to make this pattern simpler if allocate_on_obstack is not an option: foo *f = obstack_new<foo> (obstack); Right now there's only one usage (in tdesc_data_init). To help catch places where we would forget to call new when allocating such an object on an obstack, this patch also poisons some other methods of allocating an instance of a type on an obstack: - OBSTACK_ZALLOC/OBSTACK_CALLOC - XOBNEW/XOBNEW - GDBARCH_OBSTACK_ZALLOC/GDBARCH_OBSTACK_CALLOC Unfortunately, there's no way to catch wrong usages of obstack_alloc. By pulling on that string though, it tripped on allocating struct template_symbol using OBSTACK_ZALLOC. The criterion currently used to know whether it's safe to "malloc" an instance of a struct is whether it is a POD. Because it inherits from struct symbol, template_symbol is not a POD. This criterion is a bit too strict however, it should still safe to allocate memory for a template_symbol and memset it to 0. We didn't use is_trivially_constructible as the criterion in the first place only because it is not available in gcc < 5. So here I considered two alternatives: 1. Relax that criterion to use std::is_trivially_constructible and add a bit more glue code to make it work with gcc < 5 2. Continue pulling on the string and change how the symbol structures are allocated and initialized I managed to do both, but I decided to go with #1 to keep this patch simpler and more focused. When building with a compiler that does not have is_trivially_constructible, the check will just not be enforced. gdb/ChangeLog: * common/traits.h (HAVE_IS_TRIVIALLY_COPYABLE): Define if compiler supports std::is_trivially_constructible. * common/poison.h: Include obstack.h. (IsMallocable): Define to is_trivially_constructible if the compiler supports it, define to true_type otherwise. (xobnew): New. (XOBNEW): Redefine. (xobnewvec): New. (XOBNEWVEC): Redefine. * gdb_obstack.h (obstack_zalloc): New. (OBSTACK_ZALLOC): Redefine. (obstack_calloc): New. (OBSTACK_CALLOC): Redefine. (obstack_new): New. * gdbarch.sh: Include gdb_obstack in gdbarch.h. (gdbarch_obstack): New declaration in gdbarch.h, definition in gdbarch.c. (GDBARCH_OBSTACK_CALLOC, GDBARCH_OBSTACK_ZALLOC): Use obstack_calloc/obstack_zalloc. (gdbarch_obstack_zalloc): Remove. * target-descriptions.c (tdesc_data_init): Use obstack_new.
2018-05-21 09:06:03 +08:00
#if HAVE_IS_TRIVIALLY_CONSTRUCTIBLE
using IsMallocable = std::is_trivially_constructible<T>;
#else
using IsMallocable = std::true_type;
#endif
Poison XNEW and friends for types that should use new/delete This patch (finally!) makes it so that trying to use XNEW with a type that requires "new" will cause a compilation error. The criterion I initially used to allow a type to use XNEW (which calls malloc in the end) was std::is_trivially_constructible, but then realized that gcc 4.8 did not have it. Instead, I went with: using IsMallocatable = std::is_pod<T>; which is just a bit more strict, which doesn't hurt. A similar thing is done for macros that free instead of allocated, the criterion is: using IsFreeable = gdb::Or<std::is_trivially_destructible<T>, std::is_void<T>>; Trying to use XNEW on a type that requires new will result in an error like this: In file included from /home/simark/src/binutils-gdb/gdb/common/common-utils.h:26:0, from /home/simark/src/binutils-gdb/gdb/common/common-defs.h:78, from /home/simark/src/binutils-gdb/gdb/defs.h:28, from /home/simark/src/binutils-gdb/gdb/lala.c:1: /home/simark/src/binutils-gdb/gdb/common/poison.h: In instantiation of ‘T* xnew() [with T = bar]’: /home/simark/src/binutils-gdb/gdb/lala.c:13:3: required from here /home/simark/src/binutils-gdb/gdb/common/poison.h:103:3: error: static assertion failed: Trying to use XNEW with a non-POD data type. Use operator new instead. static_assert (IsMallocatable<T>::value, "Trying to use XNEW with a non-POD\ ^~~~~~~~~~~~~ Generated-code-wise, it adds one more function call (xnew<T>) when using XNEW and building with -O0, but it all goes away with optimizations enabled. gdb/ChangeLog: * common/common-utils.h: Include poison.h. (xfree): Remove declaration, add definition with static_assert. * common/common-utils.c (xfree): Remove. * common/poison.h (IsMallocatable): Define. (IsFreeable): Define. (free): Delete for non-freeable types. (xnew): New. (XNEW): Undef and redefine. (xcnew): New. (XCNEW): Undef and redefine. (xdelete): New. (XDELETE): Undef and redefine. (xnewvec): New. (XNEWVEC): Undef and redefine. (xcnewvec): New. (XCNEWVEC): Undef and redefine. (xresizevec): New. (XRESIZEVEC): Undef and redefine. (xdeletevec): New. (XDELETEVEC): Undef and redefine. (xnewvar): New. (XNEWVAR): Undef and redefine. (xcnewvar): New. (XCNEWVAR): Undef and redefine. (xresizevar): New. (XRESIZEVAR): Undef and redefine.
2017-11-24 23:42:01 +08:00
template<typename T>
using IsFreeable = gdb::Or<std::is_trivially_destructible<T>, std::is_void<T>>;
template <typename T, typename = gdb::Requires<gdb::Not<IsFreeable<T>>>>
void free (T *ptr) = delete;
template<typename T>
static T *
xnew ()
{
static_assert (IsMallocable<T>::value, "Trying to use XNEW with a non-POD \
data type. Use operator new instead.");
return XNEW (T);
}
#undef XNEW
#define XNEW(T) xnew<T>()
template<typename T>
static T *
xcnew ()
{
static_assert (IsMallocable<T>::value, "Trying to use XCNEW with a non-POD \
data type. Use operator new instead.");
return XCNEW (T);
}
#undef XCNEW
#define XCNEW(T) xcnew<T>()
template<typename T>
static void
xdelete (T *p)
{
static_assert (IsFreeable<T>::value, "Trying to use XDELETE with a non-POD \
data type. Use operator delete instead.");
XDELETE (p);
}
#undef XDELETE
#define XDELETE(P) xdelete (P)
Poison XNEW and friends for types that should use new/delete This patch (finally!) makes it so that trying to use XNEW with a type that requires "new" will cause a compilation error. The criterion I initially used to allow a type to use XNEW (which calls malloc in the end) was std::is_trivially_constructible, but then realized that gcc 4.8 did not have it. Instead, I went with: using IsMallocatable = std::is_pod<T>; which is just a bit more strict, which doesn't hurt. A similar thing is done for macros that free instead of allocated, the criterion is: using IsFreeable = gdb::Or<std::is_trivially_destructible<T>, std::is_void<T>>; Trying to use XNEW on a type that requires new will result in an error like this: In file included from /home/simark/src/binutils-gdb/gdb/common/common-utils.h:26:0, from /home/simark/src/binutils-gdb/gdb/common/common-defs.h:78, from /home/simark/src/binutils-gdb/gdb/defs.h:28, from /home/simark/src/binutils-gdb/gdb/lala.c:1: /home/simark/src/binutils-gdb/gdb/common/poison.h: In instantiation of ‘T* xnew() [with T = bar]’: /home/simark/src/binutils-gdb/gdb/lala.c:13:3: required from here /home/simark/src/binutils-gdb/gdb/common/poison.h:103:3: error: static assertion failed: Trying to use XNEW with a non-POD data type. Use operator new instead. static_assert (IsMallocatable<T>::value, "Trying to use XNEW with a non-POD\ ^~~~~~~~~~~~~ Generated-code-wise, it adds one more function call (xnew<T>) when using XNEW and building with -O0, but it all goes away with optimizations enabled. gdb/ChangeLog: * common/common-utils.h: Include poison.h. (xfree): Remove declaration, add definition with static_assert. * common/common-utils.c (xfree): Remove. * common/poison.h (IsMallocatable): Define. (IsFreeable): Define. (free): Delete for non-freeable types. (xnew): New. (XNEW): Undef and redefine. (xcnew): New. (XCNEW): Undef and redefine. (xdelete): New. (XDELETE): Undef and redefine. (xnewvec): New. (XNEWVEC): Undef and redefine. (xcnewvec): New. (XCNEWVEC): Undef and redefine. (xresizevec): New. (XRESIZEVEC): Undef and redefine. (xdeletevec): New. (XDELETEVEC): Undef and redefine. (xnewvar): New. (XNEWVAR): Undef and redefine. (xcnewvar): New. (XCNEWVAR): Undef and redefine. (xresizevar): New. (XRESIZEVAR): Undef and redefine.
2017-11-24 23:42:01 +08:00
template<typename T>
static T *
xnewvec (size_t n)
{
static_assert (IsMallocable<T>::value, "Trying to use XNEWVEC with a \
non-POD data type. Use operator new[] (or std::vector) instead.");
return XNEWVEC (T, n);
}
#undef XNEWVEC
#define XNEWVEC(T, N) xnewvec<T> (N)
template<typename T>
static T *
xcnewvec (size_t n)
{
static_assert (IsMallocable<T>::value, "Trying to use XCNEWVEC with a \
non-POD data type. Use operator new[] (or std::vector) instead.");
return XCNEWVEC (T, n);
}
#undef XCNEWVEC
#define XCNEWVEC(T, N) xcnewvec<T> (N)
template<typename T>
static T *
xresizevec (T *p, size_t n)
{
static_assert (IsMallocable<T>::value, "Trying to use XRESIZEVEC with a \
non-POD data type.");
return XRESIZEVEC (T, p, n);
}
#undef XRESIZEVEC
#define XRESIZEVEC(T, P, N) xresizevec<T> (P, N)
template<typename T>
static void
xdeletevec (T *p)
{
static_assert (IsFreeable<T>::value, "Trying to use XDELETEVEC with a \
non-POD data type. Use operator delete[] (or std::vector) instead.");
XDELETEVEC (p);
}
#undef XDELETEVEC
#define XDELETEVEC(P) xdeletevec (P)
template<typename T>
static T *
xnewvar (size_t s)
{
static_assert (IsMallocable<T>::value, "Trying to use XNEWVAR with a \
non-POD data type.");
return XNEWVAR (T, s);;
}
#undef XNEWVAR
#define XNEWVAR(T, S) xnewvar<T> (S)
template<typename T>
static T *
xcnewvar (size_t s)
{
static_assert (IsMallocable<T>::value, "Trying to use XCNEWVAR with a \
non-POD data type.");
return XCNEWVAR (T, s);
}
#undef XCNEWVAR
#define XCNEWVAR(T, S) xcnewvar<T> (S)
template<typename T>
static T *
xresizevar (T *p, size_t s)
{
static_assert (IsMallocable<T>::value, "Trying to use XRESIZEVAR with a \
non-POD data type.");
return XRESIZEVAR (T, p, s);
}
#undef XRESIZEVAR
#define XRESIZEVAR(T, P, S) xresizevar<T> (P, S)
Introduce obstack_new, poison other "typed" obstack functions Since we use obstacks with objects that are not default constructible, we sometimes need to manually call the constructor by hand using placement new: foo *f = obstack_alloc (obstack, sizeof (foo)); f = new (f) foo; It's possible to use allocate_on_obstack instead, but there are types that we sometimes want to allocate on an obstack, and sometimes on the regular heap. This patch introduces a utility to make this pattern simpler if allocate_on_obstack is not an option: foo *f = obstack_new<foo> (obstack); Right now there's only one usage (in tdesc_data_init). To help catch places where we would forget to call new when allocating such an object on an obstack, this patch also poisons some other methods of allocating an instance of a type on an obstack: - OBSTACK_ZALLOC/OBSTACK_CALLOC - XOBNEW/XOBNEW - GDBARCH_OBSTACK_ZALLOC/GDBARCH_OBSTACK_CALLOC Unfortunately, there's no way to catch wrong usages of obstack_alloc. By pulling on that string though, it tripped on allocating struct template_symbol using OBSTACK_ZALLOC. The criterion currently used to know whether it's safe to "malloc" an instance of a struct is whether it is a POD. Because it inherits from struct symbol, template_symbol is not a POD. This criterion is a bit too strict however, it should still safe to allocate memory for a template_symbol and memset it to 0. We didn't use is_trivially_constructible as the criterion in the first place only because it is not available in gcc < 5. So here I considered two alternatives: 1. Relax that criterion to use std::is_trivially_constructible and add a bit more glue code to make it work with gcc < 5 2. Continue pulling on the string and change how the symbol structures are allocated and initialized I managed to do both, but I decided to go with #1 to keep this patch simpler and more focused. When building with a compiler that does not have is_trivially_constructible, the check will just not be enforced. gdb/ChangeLog: * common/traits.h (HAVE_IS_TRIVIALLY_COPYABLE): Define if compiler supports std::is_trivially_constructible. * common/poison.h: Include obstack.h. (IsMallocable): Define to is_trivially_constructible if the compiler supports it, define to true_type otherwise. (xobnew): New. (XOBNEW): Redefine. (xobnewvec): New. (XOBNEWVEC): Redefine. * gdb_obstack.h (obstack_zalloc): New. (OBSTACK_ZALLOC): Redefine. (obstack_calloc): New. (OBSTACK_CALLOC): Redefine. (obstack_new): New. * gdbarch.sh: Include gdb_obstack in gdbarch.h. (gdbarch_obstack): New declaration in gdbarch.h, definition in gdbarch.c. (GDBARCH_OBSTACK_CALLOC, GDBARCH_OBSTACK_ZALLOC): Use obstack_calloc/obstack_zalloc. (gdbarch_obstack_zalloc): Remove. * target-descriptions.c (tdesc_data_init): Use obstack_new.
2018-05-21 09:06:03 +08:00
template<typename T>
static T *
xobnew (obstack *ob)
{
static_assert (IsMallocable<T>::value, "Trying to use XOBNEW with a \
non-POD data type.");
return XOBNEW (ob, T);
}
#undef XOBNEW
#define XOBNEW(O, T) xobnew<T> (O)
template<typename T>
static T *
xobnewvec (obstack *ob, size_t n)
{
static_assert (IsMallocable<T>::value, "Trying to use XOBNEWVEC with a \
non-POD data type.");
return XOBNEWVEC (ob, T, n);
}
#undef XOBNEWVEC
#define XOBNEWVEC(O, T, N) xobnewvec<T> (O, N)
#endif /* COMMON_POISON_H */