From 243c90e917f5cfc99821e5104d1c8a81c11cda4c Mon Sep 17 00:00:00 2001 From: Vincent Mailhol Date: Sat, 29 Mar 2025 01:48:50 +0900 Subject: [PATCH] build_bug.h: more user friendly error messages in BUILD_BUG_ON_ZERO() __BUILD_BUG_ON_ZERO_MSG(), as introduced in [1], makes it possible to do a static assertions in expressions. The direct benefit is to provide a meaningful error message instead of the cryptic negative bitfield size error message currently returned by BUILD_BUG_ON_ZERO(): ./include/linux/build_bug.h:16:51: error: negative width in bit-field '' 16 | #define BUILD_BUG_ON_ZERO(e) ((int)(sizeof(struct { int:(-!!(e)); }))) | ^ Get rid of BUILD_BUG_ON_ZERO()'s bitfield size hack. Instead rely on __BUILD_BUG_ON_ZERO_MSG() which in turn relies on C11's _Static_assert(). Use some macro magic, similarly to static_assert(), to either use an optional error message provided by the user or, when omitted, to produce a default error message by stringifying the tested expression. With this, for example: BUILD_BUG_ON_ZERO(1 > 0) would now throw: ./include/linux/compiler.h:197:62: error: static assertion failed: "1 > 0 is true" 197 | define __BUILD_BUG_ON_ZERO_MSG(e, msg) ((int)sizeof(struct {_Static_assert(!(e), msg);})) | ^~~~~~~~~~~~~~ Finally, __BUILD_BUG_ON_ZERO_MSG() is already guarded by an: #ifdef __CHECKER__ So no need any more for that guard clause for BUILD_BUG_ON_ZERO(). Remove it. [1] commit d7a516c6eeae ("compiler.h: Fix undefined BUILD_BUG_ON_ZERO()") Link: https://git.kernel.org/torvalds/c/d7a516c6eeae Signed-off-by: Vincent Mailhol Link: https://git.kernel.org/next/linux-next/c/b88937277df Reviewed-by: Kees Cook Signed-off-by: Yury Norov --- include/linux/build_bug.h | 10 +++++----- include/linux/compiler.h | 4 ++-- 2 files changed, 7 insertions(+), 7 deletions(-) diff --git a/include/linux/build_bug.h b/include/linux/build_bug.h index 3aa3640f8c18..2cfbb4c65c78 100644 --- a/include/linux/build_bug.h +++ b/include/linux/build_bug.h @@ -4,17 +4,17 @@ #include -#ifdef __CHECKER__ -#define BUILD_BUG_ON_ZERO(e) (0) -#else /* __CHECKER__ */ /* * Force a compilation error if condition is true, but also produce a * result (of value 0 and type int), so the expression can be used * e.g. in a structure initializer (or where-ever else comma expressions * aren't permitted). + * + * Take an error message as an optional second argument. If omitted, + * default to the stringification of the tested expression. */ -#define BUILD_BUG_ON_ZERO(e) ((int)(sizeof(struct { int:(-!!(e)); }))) -#endif /* __CHECKER__ */ +#define BUILD_BUG_ON_ZERO(e, ...) \ + __BUILD_BUG_ON_ZERO_MSG(e, ##__VA_ARGS__, #e " is true") /* Force a compilation error if a constant expression is not a power of 2 */ #define __BUILD_BUG_ON_NOT_POWER_OF_2(n) \ diff --git a/include/linux/compiler.h b/include/linux/compiler.h index 27725f1ab5ab..6f04a1d8c720 100644 --- a/include/linux/compiler.h +++ b/include/linux/compiler.h @@ -192,9 +192,9 @@ void ftrace_likely_update(struct ftrace_likely_data *f, int val, }) #ifdef __CHECKER__ -#define __BUILD_BUG_ON_ZERO_MSG(e, msg) (0) +#define __BUILD_BUG_ON_ZERO_MSG(e, msg, ...) (0) #else /* __CHECKER__ */ -#define __BUILD_BUG_ON_ZERO_MSG(e, msg) ((int)sizeof(struct {_Static_assert(!(e), msg);})) +#define __BUILD_BUG_ON_ZERO_MSG(e, msg, ...) ((int)sizeof(struct {_Static_assert(!(e), msg);})) #endif /* __CHECKER__ */ /* &a[0] degrades to a pointer: a different type from an array */ -- 2.25.1