commit 8f046e4873ea79655d9cc82984b834e2b1add229
author Karl Meakin <karl.meakin@arm.com> Thu Jul 04 12:03:36 2024 +0100
committer Joao Alves <joao.alves@arm.com> Fri Jul 19 13:03:46 2024 +0200
tree f88b6802d2aa6c371a14b5ef451a39409634a67a
parent 2b56fc163c196068416c875259baa73923c16386

refactor: remove `CHECK_OR_ZERO` macro from `std.h`

The `CHECK_OR_ZERO` macro would fill the destination with null bytes if
the condition didn't hold. However, it would then immediately panic, so
there was no point zeroing the destination. Instead, use the `CHECK`
macro.

Change-Id: I972eb994d768aea55a38cb05c233e15152dc9d36
Signed-off-by: Karl Meakin <karl.meakin@arm.com>

src/std.c

diff --git a/src/std.c b/src/std.c
index 2fce4c1..1569c04 100644
--- a/src/std.c
+++ b/src/std.c
@@ -15,24 +15,6 @@
 void *memcpy(void *dst, const void *src, size_t n);
 void *memmove(void *dst, const void *src, size_t n);
 
-/*
- * As per the C11 specification, mem*_s() operations fill the destination buffer
- * if runtime constraint validation fails, assuming that `dest` and `destsz`
- * are both valid.
- */
-#define CHECK_OR_FILL(cond, dest, destsz, ch)                               \
-	do {                                                                \
-		if (!(cond)) {                                              \
-			if ((dest) != NULL && (destsz) <= RSIZE_MAX) {      \
-				memset_s((dest), (destsz), (ch), (destsz)); \
-			}                                                   \
-			panic("%s failed: " #cond, __func__);               \
-		}                                                           \
-	} while (0)
-
-#define CHECK_OR_ZERO_FILL(cond, dest, destsz) \
-	CHECK_OR_FILL(cond, dest, destsz, '\0')
-
 void memset_s(void *dest, rsize_t destsz, int ch, rsize_t count)
 {
 	if (dest == NULL || destsz > RSIZE_MAX) {
@@ -53,21 +35,21 @@
 	uintptr_t d = (uintptr_t)dest;
 	uintptr_t s = (uintptr_t)src;
 
-	CHECK_OR_ZERO_FILL(dest != NULL, dest, destsz);
-	CHECK_OR_ZERO_FILL(src != NULL, dest, destsz);
+	CHECK(dest != NULL);
+	CHECK(src != NULL);
 
 	/* Check count <= destsz <= RSIZE_MAX. */
-	CHECK_OR_ZERO_FILL(destsz <= RSIZE_MAX, dest, destsz);
-	CHECK_OR_ZERO_FILL(count <= destsz, dest, destsz);
+	CHECK(destsz <= RSIZE_MAX);
+	CHECK(count <= destsz);
 
 	/*
 	 * Buffer overlap test.
 	 * case a) `d < s` implies `s >= d+count`
 	 * case b) `d > s` implies `d >= s+count`
 	 */
-	CHECK_OR_ZERO_FILL(d != s, dest, destsz);
-	CHECK_OR_ZERO_FILL(d < s || d >= (s + count), dest, destsz);
-	CHECK_OR_ZERO_FILL(d > s || s >= (d + count), dest, destsz);
+	CHECK(d != s);
+	CHECK(d < s || d >= (s + count));
+	CHECK(d > s || s >= (d + count));
 
 	/*
 	 * Clang analyzer doesn't like us calling unsafe memory functions, so
@@ -79,12 +61,12 @@
 
 void memmove_s(void *dest, rsize_t destsz, const void *src, rsize_t count)
 {
-	CHECK_OR_ZERO_FILL(dest != NULL, dest, destsz);
-	CHECK_OR_ZERO_FILL(src != NULL, dest, destsz);
+	CHECK(dest != NULL);
+	CHECK(src != NULL);
 
 	/* Check count <= destsz <= RSIZE_MAX. */
-	CHECK_OR_ZERO_FILL(destsz <= RSIZE_MAX, dest, destsz);
-	CHECK_OR_ZERO_FILL(count <= destsz, dest, destsz);
+	CHECK(destsz <= RSIZE_MAX);
+	CHECK(count <= destsz);
 
 	/*
 	 * Clang analyzer doesn't like us calling unsafe memory functions, so