commit 5273dc588a39579b7b48baa38323994d9b12c49a
author George Burgess IV <gbiv@google.com> Thu May 09 13:46:57 2019 -0700
committer George Burgess IV <gbiv@google.com> Thu May 23 13:38:09 2019 -0700
tree b1df0b2c9616d944b03359c99f5f5d8eb46f8e30
parent f8813d14aa5eb70fa0cf95b36b5f68a4f631c123

fortify: use a macro in diagnose_if

Our diagnose_if conditions are repetitive. It's potentially convenient
to hide that behind a macro. There's an upcoming refactor to our
run-time checks; having static checks look super similar is convenient,
and makes correctness (hopefully) slightly more obvious.

Bug: 131861088
Test: checkbuild on internal master.
Change-Id: Ic39a3b6bf020734c1bef6be144f61ef81466aafe

libc/include/bits/fortify/string.h

diff --git a/libc/include/bits/fortify/string.h b/libc/include/bits/fortify/string.h
index 14bb133..80eb43e 100644
--- a/libc/include/bits/fortify/string.h
+++ b/libc/include/bits/fortify/string.h
@@ -44,7 +44,7 @@
 __BIONIC_FORTIFY_INLINE
 void* memcpy(void* const dst __pass_object_size0, const void* src, size_t copy_amount)
         __overloadable
-        __clang_error_if(__bos0(dst) != __BIONIC_FORTIFY_UNKNOWN_SIZE && __bos0(dst) < copy_amount,
+        __clang_error_if(__bos_unevaluated_lt(__bos0(dst), copy_amount),
                          "'memcpy' called with size bigger than buffer") {
     return __builtin___memcpy_chk(dst, src, copy_amount, __bos0(dst));
 }
@@ -52,7 +52,7 @@
 __BIONIC_FORTIFY_INLINE
 void* memmove(void* const dst __pass_object_size0, const void* src, size_t len)
         __overloadable
-        __clang_error_if(__bos0(dst) != __BIONIC_FORTIFY_UNKNOWN_SIZE && __bos0(dst) < len,
+        __clang_error_if(__bos_unevaluated_lt(__bos0(dst), len),
                          "'memmove' called with size bigger than buffer") {
     return __builtin___memmove_chk(dst, src, len, __bos0(dst));
 }
@@ -62,8 +62,7 @@
 __BIONIC_FORTIFY_INLINE
 char* stpcpy(char* const dst __pass_object_size, const char* src)
         __overloadable
-        __clang_error_if(__bos(dst) != __BIONIC_FORTIFY_UNKNOWN_SIZE &&
-                             __bos(dst) <= __builtin_strlen(src),
+        __clang_error_if(__bos_unevaluated_leq(__bos(dst), __builtin_strlen(src)),
                          "'stpcpy' called with string bigger than buffer") {
     return __builtin___stpcpy_chk(dst, src, __bos(dst));
 }
@@ -73,8 +72,7 @@
 __BIONIC_FORTIFY_INLINE
 char* strcpy(char* const dst __pass_object_size, const char* src)
         __overloadable
-        __clang_error_if(__bos(dst) != __BIONIC_FORTIFY_UNKNOWN_SIZE &&
-                             __bos(dst) <= __builtin_strlen(src),
+        __clang_error_if(__bos_unevaluated_leq(__bos(dst), __builtin_strlen(src)),
                          "'strcpy' called with string bigger than buffer") {
     return __builtin___strcpy_chk(dst, src, __bos(dst));
 }
@@ -92,7 +90,7 @@
 __BIONIC_FORTIFY_INLINE
 void* memset(void* const s __pass_object_size0, int c, size_t n)
         __overloadable
-        __clang_error_if(__bos0(s) != __BIONIC_FORTIFY_UNKNOWN_SIZE && __bos0(s) < n,
+        __clang_error_if(__bos_unevaluated_lt(__bos0(s), n),
                          "'memset' called with size bigger than buffer")
         /* If you're a user who wants this warning to go away: use `(&memset)(foo, bar, baz)`. */
         __clang_warning_if(c && !n, "'memset' will set 0 bytes; maybe the arguments got flipped?") {