clean up UB detection

author: Jakob Kaivo <jkk@ung.org> 2024-01-31 15:54:38 -0500
committer: Jakob Kaivo <jkk@ung.org> 2024-01-31 15:54:38 -0500
commit: 57fd57ab4005e37bfab4bf7c637eecc1eb5445b5 (patch)
tree: a5cc5b9ad040955a0a7247091cbc542f297229bb
parent: 1dcdfdc0141e94b57b80526ca917b1228fe53f53 (diff)
31 files changed, 53 insertions, 37 deletions
diff --git a/src/__undefined.c b/src/__undefined.c
index 9bffff76..40026dac 100644
--- a/src/__undefined.c
+++ b/src/__undefined.c
@@ -10,6 +10,8 @@ static _Noreturn void _Exit(int);
 
 _Noreturn void __undefined(const char *fmt, ...)
 {
+	___signal.current = 0;
+
 	va_list ap;
 	va_start(ap, fmt);
 	fprintf(stderr, "Undefined Behavior: ");
diff --git a/src/_safety.h b/src/_safety.h
index fada025c..7dd08dc2 100644
--- a/src/_safety.h
+++ b/src/_safety.h
@@ -5,7 +5,9 @@ _Noreturn void __undefined(const char *, ...);
 
 #include <errno.h>
 #include <stdio.h>
+/*
 #include "stdlib/_stdlib.h"
+*/
 #include "signal/_signal.h"
 
 #if __STDC_VERSION__ >= 199901L
@@ -30,12 +32,6 @@ extern struct __checked_call {
 	} \
 } while (0)
 
-#define ASSERT_NONZERO(__n) do { \
-	if (!__n) { \
-		__undefined("In call to %s(), parameter %s cannot be 0", __func__, #__n); \
-	} \
-} while (0)
-
 #define ASSERT_NOOVERLAP(__p1, __l1, __p2, __l2) do { \
 	char *__s1 = (char*)(__p1); \
 	char *__s2 = (char*)(__p2); \
@@ -44,12 +40,6 @@ extern struct __checked_call {
 	} \
 } while (0)
 
-#define ASSERT_REPRESENTABLE(_n, _min, _max, _type, _sentinel) do { \
-	if (!(((_n) == (_sentinel)) || (((_min) <= (_n)) && ((_n) <= (_max))))) { \
-		__undefined("In call to %s(), parameter %s (value 0x%ju) is not representable as a %s (range [%s, %s]) or exactly %s", __func__, #_n, (uintmax_t)(_n), #_type, #_min, #_max, #_sentinel); \
-	} \
-} while (0)
-
 #define SIGNAL_SAFE(__n) do { \
 	if (__n == 0 && ___signal.current != 0) { \
 		int _sig = ___signal.current; \
@@ -139,10 +129,18 @@ extern struct __checked_call {
 #define __check_4(__type, __def, __fn, __t1, __t2, __t3, __t4) CHECK_4(__type, __def, __fn, __t1, __t2, __t3, __t4)
 #else
 
-#define ASSERT_REPRESENTABLE(_n, _min, _max, _type, _sentinel)
 #define ASSERT_NOOVERLAP(__x, __y, __s)
 #define ASSERT_NONNULL(x)
-#define ASSERT_NONZERO(n)
+#define VCHECK_0(f)
+#define VCHECK_1(f, a)
+#define VCHECK_2(f, a, b)
+#define VCHECK_3(f, a, b, c)
+#define VCHECK_4(f, a, b, c, d)
+#define CHECK_0(t, d, f)
+#define CHECK_1(t, d, f, a)
+#define CHECK_2(t, d, f, a, b)
+#define CHECK_3(t, d, f, a, b, c)
+#define CHECK_4(t, d, f, a, b, c, d)
 
 #endif
 
diff --git a/src/ctype/_ctype.h b/src/ctype/_ctype.h
index 2b5fd907..d0771acc 100644
--- a/src/ctype/_ctype.h
+++ b/src/ctype/_ctype.h
@@ -4,6 +4,16 @@
 #include "locale/_locale.h"
 #include "_safety.h"
 
+#ifdef NDEBUG
+#define ASSERT_REPRESENTABLE(_n, _min, _max, _type, _sentinel) (void)
+#else
+#define ASSERT_REPRESENTABLE(_n, _min, _max, _type, _sentinel) do { \
+	if (!(((_n) == (_sentinel)) || (((_min) <= (_n)) && ((_n) <= (_max))))) { \
+		__undefined("In call to %s(), parameter %s (value 0x%ju) is not representable as a %s (range [%s, %s]) or exactly %s", __func__, #_n, (uintmax_t)(_n), #_type, #_min, #_max, #_sentinel); \
+	} \
+} while (0)                                                                       
+#endif
+
 typedef enum {
 	CT_ALPHA = (1 << 0),
 	CT_CNTRL = (1 << 1),
diff --git a/src/ctype/isalnum.c b/src/ctype/isalnum.c
index b8ffc414..81a1a0fa 100644
--- a/src/ctype/isalnum.c
+++ b/src/ctype/isalnum.c
@@ -1,7 +1,7 @@
 #include <ctype.h>
 #include <limits.h>
 #include <stdio.h>
-#include "_safety.h"
+#include "_ctype.h"
 
 /** test whether a character is alphanumeric **/
 
diff --git a/src/ctype/isalpha.c b/src/ctype/isalpha.c
index 98fa0853..658e5af9 100644
--- a/src/ctype/isalpha.c
+++ b/src/ctype/isalpha.c
@@ -1,7 +1,7 @@
 #include <ctype.h>
 #include <limits.h>
 #include <stdio.h>
-#include "_safety.h"
+#include "_ctype.h"
 
 /** test whether a character is alphabetic **/
 
diff --git a/src/ctype/isascii.c b/src/ctype/isascii.c
index 8807bea2..cf7bba28 100644
--- a/src/ctype/isascii.c
+++ b/src/ctype/isascii.c
@@ -1,4 +1,5 @@
 #include <ctype.h>
+#include "_ctype.h"
 
 /** test whether a character is in the ASCII range **/
 
diff --git a/src/ctype/isdigit.c b/src/ctype/isdigit.c
index bf13158b..b1e7871f 100644
--- a/src/ctype/isdigit.c
+++ b/src/ctype/isdigit.c
@@ -1,7 +1,7 @@
 #include <ctype.h>
 #include <limits.h>
 #include <stdio.h>
-#include "_safety.h"
+#include "_ctype.h"
 
 /** test whether a character is a digit **/
 
diff --git a/src/ctype/toascii.c b/src/ctype/toascii.c
index c3728ae1..c352a121 100644
--- a/src/ctype/toascii.c
+++ b/src/ctype/toascii.c
@@ -1,4 +1,5 @@
 #include <ctype.h>
+#include "_ctype.h"
 
 /** convert a character to 7-bit ASCII **/
 
diff --git a/src/fenv/_fenv.h b/src/fenv/_fenv.h
index d07d568f..718bd136 100644
--- a/src/fenv/_fenv.h
+++ b/src/fenv/_fenv.h
@@ -4,6 +4,7 @@
 #ifdef NDEBUG
 #define ASSERT_VALID_EXCEPTION_MASK(_n) (void)(_n)
 #define ASSERT_PREVIOUS_FEXCEPT(_f, _e) (void)(_f)
+#define ASSERT_PREVIOUS_FENV(_f) (void)(_f)
 #else
 #define ASSERT_VALID_EXCEPTION_MASK(_n) do { \
 	if (((_n) & ~(FE_ALL_EXCEPT)) != 0) { \
@@ -13,4 +14,5 @@
 
 /* TODO!!! */
 #define ASSERT_PREVIOUS_FEXCEPT(_f, _e) (void)(_f)
+#define ASSERT_PREVIOUS_FENV(_f) (void)(_f)
 #endif
diff --git a/src/fenv/fesetenv.c b/src/fenv/fesetenv.c
index 2f2d07c6..b9debb35 100644
--- a/src/fenv/fesetenv.c
+++ b/src/fenv/fesetenv.c
@@ -1,13 +1,16 @@
 #include <fenv.h>
-#include "_safety.h"
+#include "_fenv.h"
 
 int fesetenv(const fenv_t *envp)
 {
 	SIGNAL_SAFE(0);
+	ASSERT_PREVIOUS_FENV(envp);
 	(void)envp;
 	return 0;
 }
 
+CHECK_1(int, 0, fesetenv, const fenv_t *)
+
 /*
 The fesetenv function establishes the floating-point environment represented by the
 object pointed to by envp. The argument envp shall point to an object set by a call to
diff --git a/src/locale/localeconv.c b/src/locale/localeconv.c
index ba4687d9..4e87bfb3 100644
--- a/src/locale/localeconv.c
+++ b/src/locale/localeconv.c
@@ -11,6 +11,7 @@ struct lconv * localeconv(void)
 	/*
 	RETURN_SUCCESS(a pointer to a filled-in STRUCTDEF(lconv) for the current locale);
 	*/
+	/* TODO: mark return value read-only */
 	return &(__get_locale()->lconv);
 }
 
diff --git a/src/locale/setlocale.c b/src/locale/setlocale.c
index ab355dc6..521b118e 100644
--- a/src/locale/setlocale.c
+++ b/src/locale/setlocale.c
@@ -41,6 +41,7 @@ char * setlocale(int category, const char *locale)
 	default:		return NULL;
 	}
 
+	/* TODO: mark return value read-only */
 	return __load_locale(l, mask, locale);
 }
 
diff --git a/src/math/atan2.c b/src/math/atan2.c
index f1cbe879..48321d3d 100644
--- a/src/math/atan2.c
+++ b/src/math/atan2.c
@@ -11,7 +11,6 @@ TYPE TGFN(atan2)(TYPE y, TYPE x)
 	SIGNAL_SAFE(0);
 	int classy = fpclassify(y);
 	int classx = fpclassify(x);
-	ASSERT_NONZERO(x);
 
 	if (classy == FP_ZERO && classx == 0) {
 		if (signbit(x)) {
diff --git a/src/wctype/iswalnum.c b/src/wctype/iswalnum.c
index 82a0c345..98c2f08c 100644
--- a/src/wctype/iswalnum.c
+++ b/src/wctype/iswalnum.c
@@ -1,7 +1,7 @@
 #include <wctype.h>
 #include <limits.h>
 #include <wchar.h>
-#include "_safety.h"
+#include "_wctype.h"
 
 /** test whether a wide character is alphanumeric **/
 int iswalnum(wint_t wc)
diff --git a/src/wctype/iswalpha.c b/src/wctype/iswalpha.c
index 5888647b..8300b7ea 100644
--- a/src/wctype/iswalpha.c
+++ b/src/wctype/iswalpha.c
@@ -1,6 +1,6 @@
 #include <wctype.h>
 #include <wchar.h>
-#include "_safety.h"
+#include "_wctype.h"
 
 /** test whether a wide character is alphabetic **/
 int iswalpha(wint_t wc)
diff --git a/src/wctype/iswblank.c b/src/wctype/iswblank.c
index 153b1d2b..2e0f0724 100644
--- a/src/wctype/iswblank.c
+++ b/src/wctype/iswblank.c
@@ -1,5 +1,5 @@
 #include <wctype.h>
-#include "_safety.h"
+#include "_wctype.h"
 
 /** test whether a wide character is blank **/
 int iswblank(wint_t wc)
diff --git a/src/wctype/iswcntrl.c b/src/wctype/iswcntrl.c
index fe8b86ea..de6dd237 100644
--- a/src/wctype/iswcntrl.c
+++ b/src/wctype/iswcntrl.c
@@ -1,6 +1,6 @@
 #include <wctype.h>
 #include <wchar.h>
-#include "_safety.h"
+#include "_wctype.h"
 
 /** test whether a wide character is a control character */
 int iswcntrl(wint_t wc)
diff --git a/src/wctype/iswctype.c b/src/wctype/iswctype.c
index 4113e790..8ce67657 100644
--- a/src/wctype/iswctype.c
+++ b/src/wctype/iswctype.c
@@ -1,6 +1,6 @@
 #include <wctype.h>
 #include <wchar.h>
-#include "_safety.h"
+#include "_wctype.h"
 
 /** test whether a wide character is part of a character class **/
 int iswctype(wint_t wc, wctype_t desc)
diff --git a/src/wctype/iswdigit.c b/src/wctype/iswdigit.c
index 12e3a793..94feb0a3 100644
--- a/src/wctype/iswdigit.c
+++ b/src/wctype/iswdigit.c
@@ -1,6 +1,6 @@
 #include <wctype.h>
 #include <wchar.h>
-#include "_safety.h"
+#include "_wctype.h"
 
 /** test whether a wide character is a digit **/
 int iswdigit(wint_t wc)
diff --git a/src/wctype/iswgraph.c b/src/wctype/iswgraph.c
index 0a3f1727..346af2b1 100644
--- a/src/wctype/iswgraph.c
+++ b/src/wctype/iswgraph.c
@@ -1,6 +1,6 @@
 #include <wctype.h>
 #include <wchar.h>
-#include "_safety.h"
+#include "_wctype.h"
 
 /** test whether a wide character is graphic **/
 int iswgraph(wint_t wc)
diff --git a/src/wctype/iswlower.c b/src/wctype/iswlower.c
index f181779e..ec3a59a3 100644
--- a/src/wctype/iswlower.c
+++ b/src/wctype/iswlower.c
@@ -1,6 +1,6 @@
 #include <wctype.h>
 #include <wchar.h>
-#include "_safety.h"
+#include "_wctype.h"
 
 /** test whether a character is a lowercase letter **/
 int iswlower(wint_t wc)
diff --git a/src/wctype/iswprint.c b/src/wctype/iswprint.c
index e026ae61..8d6ec64a 100644
--- a/src/wctype/iswprint.c
+++ b/src/wctype/iswprint.c
@@ -1,6 +1,6 @@
 #include <wctype.h>
 #include <wchar.h>
-#include "_safety.h"
+#include "_wctype.h"
 
 /** test whether a wide character is printable **/
 int iswprint(wint_t wc)
diff --git a/src/wctype/iswpunct.c b/src/wctype/iswpunct.c
index 3aa074c7..831448db 100644
--- a/src/wctype/iswpunct.c
+++ b/src/wctype/iswpunct.c
@@ -1,6 +1,6 @@
 #include <wctype.h>
 #include <wchar.h>
-#include "_safety.h"
+#include "_wctype.h"
 
 /** test whether a wide character is punctuation **/
 int iswpunct(wint_t wc)
diff --git a/src/wctype/iswspace.c b/src/wctype/iswspace.c
index 198ed6ec..c95a4e1d 100644
--- a/src/wctype/iswspace.c
+++ b/src/wctype/iswspace.c
@@ -1,6 +1,6 @@
 #include <wctype.h>
 #include <wchar.h>
-#include "_safety.h"
+#include "_wctype.h"
 
 /** test whether a wide character is white-space **/
 int iswspace(wint_t wc)
diff --git a/src/wctype/iswupper.c b/src/wctype/iswupper.c
index 1abe4116..7c9faa9c 100644
--- a/src/wctype/iswupper.c
+++ b/src/wctype/iswupper.c
@@ -1,6 +1,6 @@
 #include <wctype.h>
 #include <wchar.h>
-#include "_safety.h"
+#include "_wctype.h"
 
 /** test whether a wide character is an uppercase letter **/
 int iswupper(wint_t wc)
diff --git a/src/wctype/iswxdigit.c b/src/wctype/iswxdigit.c
index 9f3aabd6..bbb669ca 100644
--- a/src/wctype/iswxdigit.c
+++ b/src/wctype/iswxdigit.c
@@ -1,6 +1,6 @@
 #include <wctype.h>
 #include <wchar.h>
-#include "_safety.h"
+#include "_wctype.h"
 
 /** test whether a wide character is a hexadecimal digit **/
 int iswxdigit(wint_t wc)
diff --git a/src/wctype/towctrans.c b/src/wctype/towctrans.c
index fdb25589..0c3d9a06 100644
--- a/src/wctype/towctrans.c
+++ b/src/wctype/towctrans.c
@@ -1,6 +1,6 @@
 #include <wctype.h>
 #include <wchar.h>
-#include "_safety.h"
+#include "_wctype.h"
 
 wint_t towctrans(wint_t wc, wctrans_t desc)
 {
diff --git a/src/wctype/towlower.c b/src/wctype/towlower.c
index b162afa7..8fa94e5a 100644
--- a/src/wctype/towlower.c
+++ b/src/wctype/towlower.c
@@ -1,7 +1,7 @@
 #include <wctype.h>
 #include <wchar.h>
 #include <stdlib.h>
-#include "_safety.h"
+#include "_wctype.h"
 
 /** convert a wide uppercase letter to lowercase **/
 wint_t towlower(wint_t wc)
diff --git a/src/wctype/towupper.c b/src/wctype/towupper.c
index 2426d689..1c819c32 100644
--- a/src/wctype/towupper.c
+++ b/src/wctype/towupper.c
@@ -1,6 +1,6 @@
 #include <wctype.h>
 #include <wchar.h>
-#include "_safety.h"
+#include "_wctype.h"
 
 /** convert a wide lowercase letter to uppercase **/
 wint_t towupper(wint_t wc)
diff --git a/src/wctype/wctrans.c b/src/wctype/wctrans.c
index d8e65d96..9fc08884 100644
--- a/src/wctype/wctrans.c
+++ b/src/wctype/wctrans.c
@@ -1,6 +1,5 @@
 #include <wctype.h>
 #include <string.h>
-#include "_safety.h"
 #include "_wctype.h"
 
 /** lookup character translation **/
diff --git a/src/wctype/wctype.c b/src/wctype/wctype.c
index 89c8ccc2..767025e0 100644
--- a/src/wctype/wctype.c
+++ b/src/wctype/wctype.c
@@ -1,6 +1,5 @@
 #include <wctype.h>
 #include <string.h>
-#include "_safety.h"
 #include "_wctype.h"
 
 /** lookup character class **/
author	Jakob Kaivo <jkk@ung.org>	2024-01-31 15:54:38 -0500
committer	Jakob Kaivo <jkk@ung.org>	2024-01-31 15:54:38 -0500
commit	57fd57ab4005e37bfab4bf7c637eecc1eb5445b5 (patch)
tree	a5cc5b9ad040955a0a7247091cbc542f297229bb
parent	1dcdfdc0141e94b57b80526ca917b1228fe53f53 (diff)