qemu/include/qapi/qmp/qobject.h
Markus Armbruster bb71846325 qobject atomics osdep: Make a few macros more hygienic
Variables declared in macros can shadow other variables.  Much of the
time, this is harmless, e.g.:

    #define _FDT(exp)                                                  \
        do {                                                           \
            int ret = (exp);                                           \
            if (ret < 0) {                                             \
                error_report("error creating device tree: %s: %s",   \
                        #exp, fdt_strerror(ret));                      \
                exit(1);                                               \
            }                                                          \
        } while (0)

Harmless shadowing in h_client_architecture_support():

        target_ulong ret;

        [...]

        ret = do_client_architecture_support(cpu, spapr, vec, fdt_bufsize);
        if (ret == H_SUCCESS) {
            _FDT((fdt_pack(spapr->fdt_blob)));
            [...]
        }

        return ret;

However, we can get in trouble when the shadowed variable is used in a
macro argument:

    #define QOBJECT(obj) ({                                 \
        typeof(obj) o = (obj);                              \
        o ? container_of(&(o)->base, QObject, base) : NULL; \
     })

QOBJECT(o) expands into

    ({
--->    typeof(o) o = (o);
        o ? container_of(&(o)->base, QObject, base) : NULL;
    })

Unintended variable name capture at --->.  We'd be saved by
-Winit-self.  But I could certainly construct more elaborate death
traps that don't trigger it.

To reduce the risk of trapping ourselves, we use variable names in
macros that no sane person would use elsewhere.  Here's our actual
definition of QOBJECT():

    #define QOBJECT(obj) ({                                         \
        typeof(obj) _obj = (obj);                                   \
        _obj ? container_of(&(_obj)->base, QObject, base) : NULL;   \
    })

Works well enough until we nest macro calls.  For instance, with

    #define qobject_ref(obj) ({                     \
        typeof(obj) _obj = (obj);                   \
        qobject_ref_impl(QOBJECT(_obj));            \
        _obj;                                       \
    })

the expression qobject_ref(obj) expands into

    ({
        typeof(obj) _obj = (obj);
        qobject_ref_impl(
            ({
--->            typeof(_obj) _obj = (_obj);
                _obj ? container_of(&(_obj)->base, QObject, base) : NULL;
            }));
        _obj;
    })

Unintended variable name capture at --->.

The only reliable way to prevent unintended variable name capture is
-Wshadow.

One blocker for enabling it is shadowing hiding in function-like
macros like

     qdict_put(dict, "name", qobject_ref(...))

qdict_put() wraps its last argument in QOBJECT(), and the last
argument here contains another QOBJECT().

Use dark preprocessor sorcery to make the macros that give us this
problem use different variable names on every call.

Signed-off-by: Markus Armbruster <armbru@redhat.com>
Reviewed-by: Eric Blake <eblake@redhat.com>
Message-ID: <20230921121312.1301864-8-armbru@redhat.com>
Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org>
2023-09-29 08:13:57 +02:00

145 lines
4.2 KiB
C

/*
* QEMU Object Model.
*
* Based on ideas by Avi Kivity <avi@redhat.com>
*
* Copyright (C) 2009, 2015 Red Hat Inc.
*
* Authors:
* Luiz Capitulino <lcapitulino@redhat.com>
*
* This work is licensed under the terms of the GNU LGPL, version 2.1 or later.
* See the COPYING.LIB file in the top-level directory.
*
* QObject Reference Counts Terminology
* ------------------------------------
*
* - Returning references: A function that returns an object may
* return it as either a weak or a strong reference. If the
* reference is strong, you are responsible for calling
* qobject_unref() on the reference when you are done.
*
* If the reference is weak, the owner of the reference may free it at
* any time in the future. Before storing the reference anywhere, you
* should call qobject_ref() to make the reference strong.
*
* - Transferring ownership: when you transfer ownership of a reference
* by calling a function, you are no longer responsible for calling
* qobject_unref() when the reference is no longer needed. In other words,
* when the function returns you must behave as if the reference to the
* passed object was weak.
*/
#ifndef QOBJECT_H
#define QOBJECT_H
#include "qapi/qapi-builtin-types.h"
/* Not for use outside include/qapi/qmp/ */
struct QObjectBase_ {
QType type;
size_t refcnt;
};
/* this struct must have no other members than base */
struct QObject {
struct QObjectBase_ base;
};
/*
* Preprocessor sorcery ahead: use a different identifier for the
* local variable in each expansion, so we can nest macro calls
* without shadowing variables.
*/
#define QOBJECT_INTERNAL(obj, _obj) ({ \
typeof(obj) _obj = (obj); \
_obj ? container_of(&_obj->base, QObject, base) : NULL; \
})
#define QOBJECT(obj) QOBJECT_INTERNAL((obj), MAKE_IDENTFIER(_obj))
/* Required for qobject_to() */
#define QTYPE_CAST_TO_QNull QTYPE_QNULL
#define QTYPE_CAST_TO_QNum QTYPE_QNUM
#define QTYPE_CAST_TO_QString QTYPE_QSTRING
#define QTYPE_CAST_TO_QDict QTYPE_QDICT
#define QTYPE_CAST_TO_QList QTYPE_QLIST
#define QTYPE_CAST_TO_QBool QTYPE_QBOOL
QEMU_BUILD_BUG_MSG(QTYPE__MAX != 7,
"The QTYPE_CAST_TO_* list needs to be extended");
#define qobject_to(type, obj) \
((type *)qobject_check_type(obj, glue(QTYPE_CAST_TO_, type)))
static inline void qobject_ref_impl(QObject *obj)
{
if (obj) {
obj->base.refcnt++;
}
}
/**
* qobject_is_equal(): Return whether the two objects are equal.
*
* Any of the pointers may be NULL; return true if both are. Always
* return false if only one is (therefore a QNull object is not
* considered equal to a NULL pointer).
*/
bool qobject_is_equal(const QObject *x, const QObject *y);
/**
* qobject_destroy(): Free resources used by the object
* For use via qobject_unref() only!
*/
void qobject_destroy(QObject *obj);
static inline void qobject_unref_impl(QObject *obj)
{
assert(!obj || obj->base.refcnt);
if (obj && --obj->base.refcnt == 0) {
qobject_destroy(obj);
}
}
/**
* qobject_ref(): Increment QObject's reference count
*
* Returns: the same @obj. The type of @obj will be propagated to the
* return type.
*/
#define qobject_ref(obj) ({ \
typeof(obj) _o = (obj); \
qobject_ref_impl(QOBJECT(_o)); \
_o; \
})
/**
* qobject_unref(): Decrement QObject's reference count, deallocate
* when it reaches zero
*/
#define qobject_unref(obj) qobject_unref_impl(QOBJECT(obj))
/**
* qobject_type(): Return the QObject's type
*/
static inline QType qobject_type(const QObject *obj)
{
assert(QTYPE_NONE < obj->base.type && obj->base.type < QTYPE__MAX);
return obj->base.type;
}
/**
* qobject_check_type(): Helper function for the qobject_to() macro.
* Return @obj, but only if @obj is not NULL and @type is equal to
* @obj's type. Return NULL otherwise.
*/
static inline QObject *qobject_check_type(const QObject *obj, QType type)
{
if (obj && qobject_type(obj) == type) {
return (QObject *)obj;
} else {
return NULL;
}
}
#endif /* QOBJECT_H */