-
Notifications
You must be signed in to change notification settings - Fork 441
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
lib/crash.cpp: Some checking (bounds etc. via the new nelems
and azzert
).
#3297
base: main
Are you sure you want to change the base?
lib/crash.cpp: Some checking (bounds etc. via the new nelems
and azzert
).
#3297
Conversation
Hi @DoctorNoobingstoneIPresume, this is the ONF bot 🤖 I'm glad you want to contribute to our projects! However, before accepting your contribution, we need to ask you to sign a Contributor License Agreement (CLA). You can do it online, it will take only a few minutes: ✒️ 👉 https://cla.opennetworking.org After signing, make sure to add your Github user ID For more information or help:" |
b619009
to
b512fd5
Compare
lib/util.h
Outdated
// TODO: We should only allow `a` to be an array (i.e. we should rule out pointers). | ||
|
||
#ifndef nelems | ||
#define nelems(a) (sizeof (a) / sizeof (0 [a])) |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
we have a definition of this macro in algorithms.h too.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
we have a definition of this macro in algorithms.h too.
Thank you. I am seeing it now:
#define ELEMENTS(a) (sizeof(a) / sizeof(a[0]))
I think it should be (in order to support non-trivial argument in macro invocation):
#define ELEMENTS(a) (sizeof(a) / sizeof((a)[0]))
or better (in order to prevent a
from being an object with user-defined operator[]
, e.g. std::vector <...>
or std::deque <...>
, which would not give what the user probably expects):
#define ELEMENTS(a) (sizeof(a) / sizeof(0[a]))
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Note an even better implementation (for C 11 and above) is just:
template<typename t, size_t i>
constexpr inline size_t sizeofarray(const t (&arr)[i]) { return i; }
No reasons for macros.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Note for C 17 , std::size works too.
See https://en.cppreference.com/w/cpp/iterator/size .
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Note an even better implementation (for C 11 and above) is just: template<typename t, size_t i> constexpr inline size_t sizeofarray(const t (&arr)[i]) { return i; }
No reasons for macros.
Thank you.
I believe your suggestion is also safer, preventing errors such as invoking the macro not with (a reference to) an array, but instead with (a reference to) a pointer (possibly after array-to-pointer conversion, as for argument-to-parameter when calling a function).
lib/util.h
Outdated
[[noreturn]] void azzertionHasFailed (const char *pszFile, unsigned iLine, const char *pszFunction, const char *pszExpression, const char *pszMessage = nullptr); | ||
|
||
#ifndef azzert | ||
#define azzert(b) do { if (! (b)) azzertionHasFailed (__FILE__, __LINE__, __PRETTY_FUNC__, #e); } while (0) |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I find "util.h" obscuring the contents of this file. This should be in either in error.h or in a file called "azzert.h".
…azzert`. `azzert` is generally useful to bring internal compiler errors closer to bugs and to self-document code expectancies (in an easy-to-`grep`-for form).
b512fd5
to
6805db2
Compare
Even if you don't like our cpplint rules, your code still has to pass the check to be merged. |
Thank you for the suggestion (also appliable to my other pull requests (#3296, #3295, #3294). FWTAW (for whaterver they are worth), my current thoughts are:
Regarding the order of => We currently might not want to impose different constraints on existing code, but instead to relax constraints or modify them for new code.
I intend to learn how to do that, but I need some time (really to learn the basics of Python). In the meanwhile, I think opinions from others will be very good (I am just a new person here, with ~zero contribution). E.g.: "Yes, sometimes the style constraints are too restrictive and parts of |
Contributions are appreciated, but I have too much other stuff to do to fight with cpplint. |
Part of the reason these linters exist is for style consistency and to offload some of the review work to automated tools. I think we should have even more linters, particularly ones that enforce code formatting. I might add clang-format at some point. We have been using it successfully for other P4C projects. Afaik the order this project uses is defined by the Google style guide. I personally also prefer the LLVM style, but this repo has committed to this particular guideline. Even then, I have not encountered a case where the include order restriction really causes a substantial problem. If there really is a case where the include order matters, we can always use NOLINT. However, usually these scenarios indicate that there is something funky going on. |
Thank you. IIUC, we have //NOLINT for individual lines, but not for blocks (i.e. groups of lines). I hope to be able to implement that. |
Automating such tasks is good !
I have not found the rationale behind the FWIW, I have given my rationale for the different order: #3295 (comment).
Let us suppose we want to modify the behaviour of This is not going to work smoothly because of the current order of Also the self-sufficiency of headers is less checked with the current order of (I am sorry for repeating myself.) |
Yeah I do not think there is one provided. Afaik the reason is a) consistent style b) to throw an error when you redefine something in a local file (since you can change those). Regarding your example, the easiest solution it to likely mandate to always include the customized include header instead of the gc system header. Or to have the #define directive be explicit with every include. Personally I am not opposed to changing the include style. In fact, I would not mind getting rid of cpplint and using the better-maintained clang-tidy instead. However, there does not seem sufficient justification for that right now. Does #3295 not compile if you move the include up? |
No description provided.