On Thu, Mar 15, 2018 at 3:16 PM, Kees Cook <keesc...@chromium.org> wrote:
>
> size_t __error_not_const_arg(void) \
> __compiletime_error("const_max() used with non-compile-time constant arg");
> #define const_max(x, y) \
> __builtin_choose_expr(__builtin_constant_p(x) && \
> __builtin_constant_p(y), \
> (typeof(x))(x) > (typeof(y))(y) ? \
> (x) : (y), \
> __error_not_const_arg())
>
> Is typeof() forcing enums to int? Regardless, I'll put this through
> larger testing. How does that look?
Ok, that alleviates my worry about one class of insane behavior, but
it does raise a few other questions:
- what drugs is gcc on where (typeof(x)(x)) makes a difference? Funky.
- this does have the usual "what happen if you do
const_max(-1,sizeof(x))
where the comparison will now be done in 'size_t', and -1 ends up
being a very very big unsigned integer.
Is there no way to get that type checking inserted? Maybe now is a
good point for that __builtin_types_compatible(), and add it to the
constness checking (and change the name of that error case function)?
Linus
