summaryrefslogtreecommitdiffstats
path: root/src/vppinfra/string.h
diff options
context:
space:
mode:
authorDave Barach <dave@barachs.net>2018-10-17 10:38:51 -0400
committerDamjan Marion <dmarion@me.com>2018-10-23 13:06:46 +0000
commitb7b929931a07fbb27b43d5cd105f366c3e29807e (patch)
tree438681c89738802dbb5d339715b96ea2c31bafb4 /src/vppinfra/string.h
parentb9a4c445c1d4e9cdab476a8e1fb8a46ff0fc6080 (diff)
c11 safe string handling support
Change-Id: Ied34720ca5a6e6e717eea4e86003e854031b6eab Signed-off-by: Dave Barach <dave@barachs.net>
Diffstat (limited to 'src/vppinfra/string.h')
-rw-r--r--src/vppinfra/string.h113
1 files changed, 110 insertions, 3 deletions
diff --git a/src/vppinfra/string.h b/src/vppinfra/string.h
index 2c794baf71f..5c1d8267742 100644
--- a/src/vppinfra/string.h
+++ b/src/vppinfra/string.h
@@ -35,6 +35,12 @@
WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
*/
+/** \file
+
+ Optimized string handling code, including c11-compliant
+ "safe C library" variants.
+*/
+
#ifndef included_clib_string_h
#define included_clib_string_h
@@ -72,12 +78,114 @@ void clib_memswap (void *_a, void *_b, uword bytes);
#elif __SSSE3__
#include <vppinfra/memcpy_sse3.h>
#else
-#define clib_memcpy(a,b,c) memcpy(a,b,c)
+#define _clib_memcpy(a,b,c) memcpy(a,b,c)
#endif
#else /* __COVERITY__ */
-#define clib_memcpy(a,b,c) memcpy(a,b,c)
+#define _clib_memcpy(a,b,c) memcpy(a,b,c)
#endif
+/* c-11 string manipulation variants */
+
+#ifndef EOK
+#define EOK 0
+#endif
+#ifndef EINVAL
+#define EINVAL 22
+#endif
+
+typedef int errno_t;
+typedef uword rsize_t;
+
+void clib_c11_violation (const char *s);
+errno_t memcpy_s (void *__restrict__ dest, rsize_t dmax,
+ const void *__restrict__ src, rsize_t n);
+
+always_inline errno_t
+memcpy_s_inline (void *__restrict__ dest, rsize_t dmax,
+ const void *__restrict__ src, rsize_t n)
+{
+ uword low, hi;
+ u8 bad;
+
+ /*
+ * call bogus if: src or dst NULL, trying to copy
+ * more data than we have space in dst, or src == dst.
+ * n == 0 isn't really "bad", so check first in the
+ * "wall-of-shame" department...
+ */
+ bad = (dest == 0) + (src == 0) + (n > dmax) + (dest == src) + (n == 0);
+ if (PREDICT_FALSE (bad != 0))
+ {
+ /* Not actually trying to copy anything is OK */
+ if (n == 0)
+ return EOK;
+ if (dest == NULL)
+ clib_c11_violation ("dest NULL");
+ if (src == NULL)
+ clib_c11_violation ("src NULL");
+ if (n > dmax)
+ clib_c11_violation ("n > dmax");
+ if (dest == src)
+ clib_c11_violation ("dest == src");
+ return EINVAL;
+ }
+
+ /* Check for src/dst overlap, which is not allowed */
+ low = (uword) (src < dest ? src : dest);
+ hi = (uword) (src < dest ? dest : src);
+
+ if (PREDICT_FALSE (low + (n - 1) >= hi))
+ {
+ clib_c11_violation ("src/dest overlap");
+ return EINVAL;
+ }
+
+ _clib_memcpy (dest, src, n);
+ return EOK;
+}
+
+/*
+ * Note: $$$ This macro is a crutch. Folks need to manually
+ * inspect every extant clib_memcpy(...) call and
+ * attempt to provide a real destination buffer size
+ * argument...
+ */
+#define clib_memcpy(d,s,n) memcpy_s_inline(d,n,s,n)
+
+errno_t memset_s (void *s, rsize_t smax, int c, rsize_t n);
+
+always_inline errno_t
+memset_s_inline (void *s, rsize_t smax, int c, rsize_t n)
+{
+ u8 bad;
+
+ bad = (s == 0) + (n > smax);
+
+ if (PREDICT_FALSE (bad != 0))
+ {
+ if (s == 0)
+ clib_c11_violation ("s NULL");
+ if (n > smax)
+ clib_c11_violation ("n > smax");
+ return (EINVAL);
+ }
+ memset (s, c, n);
+ return (EOK);
+}
+
+/*
+ * This macro is not [so much of] a crutch.
+ * It's super-typical to write:
+ *
+ * ep = pool_get (<pool>);
+ * clib_memset(ep, 0, sizeof (*ep));
+ *
+ * The compiler should delete the not-so useful
+ * (n > smax) test. TBH the NULL pointer check isn't
+ * so useful in this case, but so be it.
+ */
+#define clib_memset(s,c,n) memset_s_inline(s,n,c,n)
+
/*
* Copy 64 bytes of data to 4 destinations
* this function is typically used in quad-loop case when whole cacheline
@@ -575,7 +683,6 @@ clib_count_equal_u8 (u8 * data, uword max_count)
return count;
}
-
#endif /* included_clib_string_h */
/*