mirror of
https://github.com/yuzu-emu/unicorn.git
synced 2025-03-26 00:45:18 +00:00
3017797f7d
We already have several files that knowingly require assert() to work, sometimes because refactoring the code for proper error handling has not been tackled yet; there are probably other files that have a similar situation but with no comments documenting the same. In fact, we have places in migration that handle untrusted input with assertions, where disabling the assertions risks a worse security hole than the current behavior of losing the guest to SIGABRT when migration fails because of the assertion. Promote our current per-file safety-valve to instead be project-wide, and expand it to also cover glib's g_assert(). Note that we do NOT want to encourage 'assert(side-effects);' (that is a bad practice that prevents copy-and-paste of code to other projects that CAN disable assertions; plus it costs unnecessary reviewer mental cycles to remember whether a project special-cases the crippling of asserts); and we would LIKE to fix migration to not rely on asserts (but that takes a big code audit). But in the meantime, we DO want to send a message that anyone that disables assertions has to tweak code in order to compile, making it obvious that they are taking on additional risk that we are not going to support. At the same time, leave comments mentioning NDEBUG in files that we know still need to be scrubbed, so there is at least something to grep for. It would be possible to come up with some other mechanism for doing runtime checking by default, but which does not abort the program on failure, while leaving side effects in place (unlike how crippling assert() avoids even the side effects), perhaps under the name q_verify(); but it was not deemed worth the effort (developers should not have to learn a replacement when the standard C macro works just fine, and it would be a lot of churn for little gain). The patch specifically uses #error rather than #warn so that a user is forced to tweak the header to acknowledge the issue, even when not using a -Werror compilation. Backports commit 262a69f4282e44426c7a132138581d400053e0a1 from qemu
252 lines
6.8 KiB
C
252 lines
6.8 KiB
C
/*
|
|
* OS includes and handling of OS dependencies
|
|
*
|
|
* This header exists to pull in some common system headers that
|
|
* most code in QEMU will want, and to fix up some possible issues with
|
|
* it (missing defines, Windows weirdness, and so on).
|
|
*
|
|
* To avoid getting into possible circular include dependencies, this
|
|
* file should not include any other QEMU headers, with the exceptions
|
|
* of config-host.h, config-target.h, qemu/compiler.h,
|
|
* sysemu/os-posix.h, sysemu/os-win32.h, glib-compat.h and
|
|
* qemu/typedefs.h, all of which are doing a similar job to this file
|
|
* and are under similar constraints.
|
|
*
|
|
* This header also contains prototypes for functions defined in
|
|
* os-*.c and util/oslib-*.c; those would probably be better split
|
|
* out into separate header files.
|
|
*
|
|
* In an ideal world this header would contain only:
|
|
* (1) things which everybody needs
|
|
* (2) things without which code would work on most platforms but
|
|
* fail to compile or misbehave on a minority of host OSes
|
|
*
|
|
* This work is licensed under the terms of the GNU GPL, version 2 or later.
|
|
* See the COPYING file in the top-level directory.
|
|
*/
|
|
#ifndef QEMU_OSDEP_H
|
|
#define QEMU_OSDEP_H
|
|
|
|
#include "config-host.h"
|
|
#ifdef NEED_CPU_H
|
|
#include "config-target.h"
|
|
#endif
|
|
#include "qemu/compiler.h"
|
|
|
|
/* Older versions of C++ don't get definitions of various macros from
|
|
* stdlib.h unless we define these macros before first inclusion of
|
|
* that system header.
|
|
*/
|
|
#ifndef __STDC_CONSTANT_MACROS
|
|
#define __STDC_CONSTANT_MACROS
|
|
#endif
|
|
#ifndef __STDC_LIMIT_MACROS
|
|
#define __STDC_LIMIT_MACROS
|
|
#endif
|
|
#ifndef __STDC_FORMAT_MACROS
|
|
#define __STDC_FORMAT_MACROS
|
|
#endif
|
|
|
|
|
|
#include <stdarg.h>
|
|
#include <stddef.h>
|
|
#include "unicorn/platform.h"
|
|
#include <sys/types.h>
|
|
#include <stdlib.h>
|
|
#include <stdio.h>
|
|
#include <string.h>
|
|
#include <strings.h>
|
|
#include <inttypes.h>
|
|
#include <limits.h>
|
|
#include <time.h>
|
|
#include <ctype.h>
|
|
#include <errno.h>
|
|
#include <unistd.h>
|
|
#include <fcntl.h>
|
|
#include <sys/stat.h>
|
|
#include <sys/time.h>
|
|
#include <assert.h>
|
|
/* setjmp must be declared before sysemu/os-win32.h
|
|
* because it is redefined there. */
|
|
#include <setjmp.h>
|
|
#include <signal.h>
|
|
|
|
#ifdef __OpenBSD__
|
|
#include <sys/signal.h>
|
|
#endif
|
|
|
|
#ifndef _WIN32
|
|
#include <sys/wait.h>
|
|
#else
|
|
#define WIFEXITED(x) 1
|
|
#define WEXITSTATUS(x) (x)
|
|
#endif
|
|
|
|
#ifdef _WIN32
|
|
#include "sysemu/os-win32.h"
|
|
#endif
|
|
|
|
#include "glib_compat.h"
|
|
|
|
#include "qemu/typedefs.h"
|
|
|
|
/*
|
|
* We have a lot of unaudited code that may fail in strange ways, or
|
|
* even be a security risk during migration, if you disable assertions
|
|
* at compile-time. You may comment out these safety checks if you
|
|
* absolutely want to disable assertion overhead, but it is not
|
|
* supported upstream so the risk is all yours. Meanwhile, please
|
|
* submit patches to remove any side-effects inside an assertion, or
|
|
* fixing error handling that should use Error instead of assert.
|
|
*/
|
|
#ifdef NDEBUG
|
|
#error building with NDEBUG is not supported
|
|
#endif
|
|
#ifdef G_DISABLE_ASSERT
|
|
#error building with G_DISABLE_ASSERT is not supported
|
|
#endif
|
|
|
|
#ifndef O_LARGEFILE
|
|
#define O_LARGEFILE 0
|
|
#endif
|
|
#ifndef O_BINARY
|
|
#define O_BINARY 0
|
|
#endif
|
|
#ifndef MAP_ANONYMOUS
|
|
#define MAP_ANONYMOUS MAP_ANON
|
|
#endif
|
|
#ifndef ENOMEDIUM
|
|
#define ENOMEDIUM ENODEV
|
|
#endif
|
|
#if !defined(ENOTSUP)
|
|
#define ENOTSUP 4096
|
|
#endif
|
|
#if !defined(ECANCELED)
|
|
#define ECANCELED 4097
|
|
#endif
|
|
#if !defined(EMEDIUMTYPE)
|
|
#define EMEDIUMTYPE 4098
|
|
#endif
|
|
#ifndef TIME_MAX
|
|
#define TIME_MAX LONG_MAX
|
|
#endif
|
|
|
|
/* HOST_LONG_BITS is the size of a native pointer in bits. */
|
|
#if UINTPTR_MAX == UINT32_MAX
|
|
# define HOST_LONG_BITS 32
|
|
#elif UINTPTR_MAX == UINT64_MAX
|
|
# define HOST_LONG_BITS 64
|
|
#else
|
|
# error Unknown pointer size
|
|
#endif
|
|
|
|
#ifndef MIN
|
|
#define MIN(a, b) (((a) < (b)) ? (a) : (b))
|
|
#endif
|
|
#ifndef MAX
|
|
#define MAX(a, b) (((a) > (b)) ? (a) : (b))
|
|
#endif
|
|
|
|
/* Minimum function that returns zero only iff both values are zero.
|
|
* Intended for use with unsigned values only. */
|
|
#ifndef MIN_NON_ZERO
|
|
#define MIN_NON_ZERO(a, b) ((a) == 0 ? (b) : \
|
|
((b) == 0 ? (a) : (MIN(a, b))))
|
|
#endif
|
|
|
|
/* Round number down to multiple */
|
|
#define QEMU_ALIGN_DOWN(n, m) ((n) / (m) * (m))
|
|
|
|
/* Round number up to multiple. Safe when m is not a power of 2 (see
|
|
* ROUND_UP for a faster version when a power of 2 is guaranteed) */
|
|
#define QEMU_ALIGN_UP(n, m) QEMU_ALIGN_DOWN((n) + (m) - 1, (m))
|
|
|
|
/* Check if n is a multiple of m */
|
|
#define QEMU_IS_ALIGNED(n, m) (((n) % (m)) == 0)
|
|
|
|
/* Unfortunately MSVC compatibility means explicit casting */
|
|
#ifdef _MSC_VER
|
|
/* n-byte align pointer down */
|
|
#define QEMU_ALIGN_PTR_DOWN(p, n) \
|
|
(QEMU_ALIGN_DOWN((uintptr_t)(p), (n)))
|
|
|
|
/* n-byte align pointer up */
|
|
#define QEMU_ALIGN_PTR_UP(p, n) \
|
|
(QEMU_ALIGN_UP((uintptr_t)(p), (n)))
|
|
|
|
/* Check if pointer p is n-bytes aligned */
|
|
#define QEMU_PTR_IS_ALIGNED(p, n) QEMU_IS_ALIGNED((uintptr_t)(p), (n))
|
|
#else
|
|
/* n-byte align pointer down */
|
|
#define QEMU_ALIGN_PTR_DOWN(p, n) \
|
|
((typeof(p))QEMU_ALIGN_DOWN((uintptr_t)(p), (n)))
|
|
|
|
/* n-byte align pointer up */
|
|
#define QEMU_ALIGN_PTR_UP(p, n) \
|
|
((typeof(p))QEMU_ALIGN_UP((uintptr_t)(p), (n)))
|
|
|
|
/* Check if pointer p is n-bytes aligned */
|
|
#define QEMU_PTR_IS_ALIGNED(p, n) QEMU_IS_ALIGNED((uintptr_t)(p), (n))
|
|
#endif
|
|
|
|
/* Round number up to multiple. Requires that d be a power of 2 (see
|
|
* QEMU_ALIGN_UP for a safer but slower version on arbitrary
|
|
* numbers); works even if d is a smaller type than n. */
|
|
#ifndef ROUND_UP
|
|
#define ROUND_UP(n, d) (((n) + (d) - 1) & -(0 ? (n) : (d)))
|
|
#endif
|
|
|
|
#ifndef DIV_ROUND_UP
|
|
#define DIV_ROUND_UP(n, d) (((n) + (d) - 1) / (d))
|
|
#endif
|
|
|
|
#ifdef _MSC_VER
|
|
#define QEMU_IS_ARRAY(x) (x)
|
|
#else
|
|
/*
|
|
* &(x)[0] is always a pointer - if it's same type as x then the argument is a
|
|
* pointer, not an array.
|
|
*/
|
|
#define QEMU_IS_ARRAY(x) (!__builtin_types_compatible_p(typeof(x), \
|
|
typeof(&(x)[0])))
|
|
#endif
|
|
|
|
#ifndef ARRAY_SIZE
|
|
#define ARRAY_SIZE(x) ((sizeof(x) / sizeof((x)[0])) + \
|
|
QEMU_BUILD_BUG_ON_ZERO(!QEMU_IS_ARRAY(x)))
|
|
#endif
|
|
|
|
void *qemu_try_memalign(size_t alignment, size_t size);
|
|
void *qemu_memalign(size_t alignment, size_t size);
|
|
void *qemu_anon_ram_alloc(size_t size, uint64_t *align);
|
|
void qemu_vfree(void *ptr);
|
|
void qemu_anon_ram_free(void *ptr, size_t size);
|
|
|
|
#if defined(__HAIKU__) && defined(__i386__)
|
|
#define FMT_pid "%ld"
|
|
#elif defined(WIN64)
|
|
#define FMT_pid "%" PRId64
|
|
#else
|
|
#define FMT_pid "%d"
|
|
#endif
|
|
|
|
/**
|
|
* qemu_getauxval:
|
|
* @type: the auxiliary vector key to lookup
|
|
*
|
|
* Search the auxiliary vector for @type, returning the value
|
|
* or 0 if @type is not present.
|
|
*/
|
|
unsigned long qemu_getauxval(unsigned long type);
|
|
|
|
/* Starting on QEMU 2.5, qemu_hw_version() returns "2.5+" by default
|
|
* instead of QEMU_VERSION, so setting hw_version on MachineClass
|
|
* is no longer mandatory.
|
|
*
|
|
* Do NOT change this string, or it will break compatibility on all
|
|
* machine classes that don't set hw_version.
|
|
*/
|
|
#define QEMU_HW_VERSION "2.5+"
|
|
|
|
#endif
|