lib/crash.cpp: Some checking (bounds etc. via the new nelems and azzert).
#3297
Conversation
|
Hi @DoctorNoobingstoneIPresume, this is the ONF bot 🤖 I'm glad you want to contribute to our projects! However, before accepting your contribution, we need to ask you to sign a Contributor License Agreement (CLA). You can do it online, it will take only a few minutes: ✒️ 👉 https://cla.opennetworking.org After signing, make sure to add your Github user ID For more information or help:" |
DoctorNoobingstoneIPresume
force-pushed
the
220509_lib_crash_01h
branch
from
b619009
to
b512fd5
Compare
lib/util.h
Outdated
| // TODO: We should only allow `a` to be an array (i.e. we should rule out pointers). | ||
|
|
||
| #ifndef nelems | ||
| #define nelems(a) (sizeof (a) / sizeof (0 [a])) |
There was a problem hiding this comment.
we have a definition of this macro in algorithms.h too.
There was a problem hiding this comment.
we have a definition of this macro in algorithms.h too.
Thank you. I am seeing it now:
#define ELEMENTS(a) (sizeof(a) / sizeof(a[0]))
I think it should be (in order to support non-trivial argument in macro invocation):
#define ELEMENTS(a) (sizeof(a) / sizeof((a)[0]))
or better (in order to prevent a from being an object with user-defined operator[], e.g. std::vector <...> or std::deque <...>, which would not give what the user probably expects):
#define ELEMENTS(a) (sizeof(a) / sizeof(0[a]))
There was a problem hiding this comment.
Note an even better implementation (for C 11 and above) is just:
template<typename t, size_t i>
constexpr inline size_t sizeofarray(const t (&arr)[i]) { return i; }
No reasons for macros.
There was a problem hiding this comment.
Note for C 17 , std::size works too.
See https://en.cppreference.com/w/cpp/iterator/size .
There was a problem hiding this comment.
Note an even better implementation (for C 11 and above) is just: template<typename t, size_t i> constexpr inline size_t sizeofarray(const t (&arr)[i]) { return i; }
No reasons for macros.
Thank you.
I believe your suggestion is also safer, preventing errors such as invoking the macro not with (a reference to) an array, but instead with (a reference to) a pointer (possibly after array-to-pointer conversion, as for argument-to-parameter when calling a function).
lib/util.h
Outdated
| [[noreturn]] void azzertionHasFailed (const char *pszFile, unsigned iLine, const char *pszFunction, const char *pszExpression, const char *pszMessage = nullptr); | ||
|
|
||
| #ifndef azzert | ||
| #define azzert(b) do { if (! (b)) azzertionHasFailed (__FILE__, __LINE__, __PRETTY_FUNC__, #e); } while (0) |
There was a problem hiding this comment.
I find "util.h" obscuring the contents of this file. This should be in either in error.h or in a file called "azzert.h".
…azzert`. `azzert` is generally useful to bring internal compiler errors closer to bugs and to self-document code expectancies (in an easy-to-`grep`-for form).
DoctorNoobingstoneIPresume
force-pushed
the
220509_lib_crash_01h
branch
from
b512fd5
to
6805db2
Compare
|
Even if you don't like our cpplint rules, your code still has to pass the check to be merged. |
Thank you for the suggestion (also appliable to my other pull requests (#3296, #3295, #3294). FWTAW (for whaterver they are worth), my current thoughts are:
Regarding the order of => We currently might not want to impose different constraints on existing code, but instead to relax constraints or modify them for new code.
I intend to learn how to do that, but I need some time (really to learn the basics of Python). In the meanwhile, I think opinions from others will be very good (I am just a new person here, with ~zero contribution). E.g.: "Yes, sometimes the style constraints are too restrictive and parts of |
|
Contributions are appreciated, but I have too much other stuff to do to fight with cpplint. |
|
Part of the reason these linters exist is for style consistency and to offload some of the review work to automated tools. I think we should have even more linters, particularly ones that enforce code formatting. I might add clang-format at some point. We have been using it successfully for other P4C projects. Afaik the order this project uses is defined by the Google style guide. I personally also prefer the LLVM style, but this repo has committed to this particular guideline. Even then, I have not encountered a case where the include order restriction really causes a substantial problem. If there really is a case where the include order matters, we can always use NOLINT. However, usually these scenarios indicate that there is something funky going on. |
Thank you. IIUC, we have //NOLINT for individual lines, but not for blocks (i.e. groups of lines). I hope to be able to implement that. |
Automating such tasks is good !
I have not found the rationale behind the FWIW, I have given my rationale for the different order: #3295 (comment).
Let us suppose we want to modify the behaviour of This is not going to work smoothly because of the current order of Also the self-sufficiency of headers is less checked with the current order of (I am sorry for repeating myself.) |
Yeah I do not think there is one provided. Afaik the reason is a) consistent style b) to throw an error when you redefine something in a local file (since you can change those). Regarding your example, the easiest solution it to likely mandate to always include the customized include header instead of the gc system header. Or to have the #define directive be explicit with every include. Personally I am not opposed to changing the include style. In fact, I would not mind getting rid of cpplint and using the better-maintained clang-tidy instead. However, there does not seem sufficient justification for that right now. Does #3295 not compile if you move the include up? |
No description provided.