From ef203135b49eb37327fb6884c272108fef485e0d Mon Sep 17 00:00:00 2001 From: Jean-Marc Valin Date: Thu, 22 Mar 2018 17:40:35 -0400 Subject: Adding ENABLE_HARDENING Enables "safes" assertions even with ENABLE_ASSERTIONS isn't set --- celt/arch.h | 25 ++++++++++++++++++++----- celt/arm/celt_neon_intr.c | 2 +- celt/bands.c | 6 +++--- celt/cwrs.c | 2 +- celt/entcode.h | 4 ++-- celt/mathops.c | 2 +- celt/mathops.h | 2 +- celt/pitch.c | 2 +- celt/quant_bands.c | 2 +- celt/tests/test_unit_entropy.c | 1 + celt/tests/test_unit_laplace.c | 2 +- celt/tests/test_unit_rotation.c | 2 -- celt/vq.c | 4 ++-- celt/x86/vq_sse2.c | 2 +- 14 files changed, 36 insertions(+), 22 deletions(-) (limited to 'celt') diff --git a/celt/arch.h b/celt/arch.h index d1e6457c..ffca8cf3 100644 --- a/celt/arch.h +++ b/celt/arch.h @@ -56,25 +56,40 @@ #define CELT_SIG_SCALE 32768.f -#define celt_fatal(str) _celt_fatal(str, __FILE__, __LINE__); -#ifdef ENABLE_ASSERTIONS +#define CELT_FATAL(str) celt_fatal(str, __FILE__, __LINE__); + +#if defined(ENABLE_ASSERTIONS) || defined(ENABLE_HARDENING) +#ifdef __GNUC__ +__attribute__((noreturn)) +#endif +void celt_fatal(const char *str, const char *file, int line); + +#if defined(CELT_C) && !defined(OVERRIDE_celt_fatal) #include #include #ifdef __GNUC__ __attribute__((noreturn)) #endif -static OPUS_INLINE void _celt_fatal(const char *str, const char *file, int line) +void celt_fatal(const char *str, const char *file, int line) { fprintf (stderr, "Fatal (internal) error in %s, line %d: %s\n", file, line, str); abort(); } -#define celt_assert(cond) {if (!(cond)) {celt_fatal("assertion failed: " #cond);}} -#define celt_assert2(cond, message) {if (!(cond)) {celt_fatal("assertion failed: " #cond "\n" message);}} +#endif + +#define celt_assert(cond) {if (!(cond)) {CELT_FATAL("assertion failed: " #cond);}} +#define celt_assert2(cond, message) {if (!(cond)) {CELT_FATAL("assertion failed: " #cond "\n" message);}} #else #define celt_assert(cond) #define celt_assert2(cond, message) #endif +#if defined(ENABLE_ASSERTIONS) +#define celt_sig_assert(cond) {if (!(cond)) {CELT_FATAL("signal assertion failed: " #cond);}} +#else +#define celt_sig_assert(cond) +#endif + #define IMUL32(a,b) ((a)*(b)) #define MIN16(a,b) ((a) < (b) ? (a) : (b)) /**< Minimum 16-bit value. */ diff --git a/celt/arm/celt_neon_intr.c b/celt/arm/celt_neon_intr.c index cf443988..effda769 100644 --- a/celt/arm/celt_neon_intr.c +++ b/celt/arm/celt_neon_intr.c @@ -196,7 +196,7 @@ void celt_pitch_xcorr_float_neon(const opus_val16 *_x, const opus_val16 *_y, int i; (void)arch; celt_assert(max_pitch > 0); - celt_assert((((unsigned char *)_x-(unsigned char *)NULL)&3)==0); + celt_sig_assert((((unsigned char *)_x-(unsigned char *)NULL)&3)==0); for (i = 0; i < (max_pitch-3); i += 4) { xcorr_kernel_neon_float((const float32_t *)_x, (const float32_t *)_y+i, diff --git a/celt/bands.c b/celt/bands.c index 19a5f1af..52228f7d 100644 --- a/celt/bands.c +++ b/celt/bands.c @@ -70,10 +70,10 @@ opus_int16 bitexact_cos(opus_int16 x) opus_int32 tmp; opus_int16 x2; tmp = (4096+((opus_int32)(x)*(x)))>>13; - celt_assert(tmp<=32767); + celt_sig_assert(tmp<=32767); x2 = tmp; x2 = (32767-x2) + FRAC_MUL16(x2, (-7651 + FRAC_MUL16(x2, (8277 + FRAC_MUL16(-626, x2))))); - celt_assert(x2<=32766); + celt_sig_assert(x2<=32766); return 1+x2; } @@ -282,7 +282,7 @@ void anti_collapse(const CELTMode *m, celt_norm *X_, unsigned char *collapse_mas N0 = m->eBands[i+1]-m->eBands[i]; /* depth in 1/8 bits */ - celt_assert(pulses[i]>=0); + celt_sig_assert(pulses[i]>=0); depth = celt_udiv(1+pulses[i], (m->eBands[i+1]-m->eBands[i]))>>LM; #ifdef FIXED_POINT diff --git a/celt/cwrs.c b/celt/cwrs.c index 9722f0ac..a552e4f0 100644 --- a/celt/cwrs.c +++ b/celt/cwrs.c @@ -482,7 +482,7 @@ static opus_val32 cwrsi(int _n,int _k,opus_uint32 _i,int *_y){ k0=_k; q=row[_n]; if(q>_i){ - celt_assert(p>q); + celt_sig_assert(p>q); _k=_n; do p=CELT_PVQ_U_ROW[--_k][_n]; while(p>_i); diff --git a/celt/entcode.h b/celt/entcode.h index 13d6c84e..3763e3f2 100644 --- a/celt/entcode.h +++ b/celt/entcode.h @@ -122,7 +122,7 @@ opus_uint32 ec_tell_frac(ec_ctx *_this); /* Tested exhaustively for all n and for 1<=d<=256 */ static OPUS_INLINE opus_uint32 celt_udiv(opus_uint32 n, opus_uint32 d) { - celt_assert(d>0); + celt_sig_assert(d>0); #ifdef USE_SMALL_DIV_TABLE if (d>256) return n/d; @@ -138,7 +138,7 @@ static OPUS_INLINE opus_uint32 celt_udiv(opus_uint32 n, opus_uint32 d) { } static OPUS_INLINE opus_int32 celt_sudiv(opus_int32 n, opus_int32 d) { - celt_assert(d>0); + celt_sig_assert(d>0); #ifdef USE_SMALL_DIV_TABLE if (n<0) return -(opus_int32)celt_udiv(-n, d); diff --git a/celt/mathops.c b/celt/mathops.c index 21a01f52..78b52cc8 100644 --- a/celt/mathops.c +++ b/celt/mathops.c @@ -182,7 +182,7 @@ opus_val32 celt_rcp(opus_val32 x) int i; opus_val16 n; opus_val16 r; - celt_assert2(x>0, "celt_rcp() only defined for positive values"); + celt_sig_assert(x>0); i = celt_ilog2(x); /* n is Q15 with range [0,1). */ n = VSHR32(x,i-15)-32768; diff --git a/celt/mathops.h b/celt/mathops.h index 5324c18a..5e86ff0d 100644 --- a/celt/mathops.h +++ b/celt/mathops.h @@ -179,7 +179,7 @@ static OPUS_INLINE float celt_exp2(float x) /** Integer log in base2. Undefined for zero and negative numbers */ static OPUS_INLINE opus_int16 celt_ilog2(opus_int32 x) { - celt_assert2(x>0, "celt_ilog2() only defined for strictly positive numbers"); + celt_sig_assert(x>0); return EC_ILOG(x)-1; } #endif diff --git a/celt/pitch.c b/celt/pitch.c index 38a9e68d..872582a4 100644 --- a/celt/pitch.c +++ b/celt/pitch.c @@ -249,7 +249,7 @@ celt_pitch_xcorr_c(const opus_val16 *_x, const opus_val16 *_y, opus_val32 maxcorr=1; #endif celt_assert(max_pitch>0); - celt_assert((((unsigned char *)_x-(unsigned char *)NULL)&3)==0); + celt_sig_assert((((unsigned char *)_x-(unsigned char *)NULL)&3)==0); for (i=0;i=15) { diff --git a/celt/tests/test_unit_entropy.c b/celt/tests/test_unit_entropy.c index ff926586..7f674529 100644 --- a/celt/tests/test_unit_entropy.c +++ b/celt/tests/test_unit_entropy.c @@ -34,6 +34,7 @@ #include #include #include +#define CELT_C #include "entcode.h" #include "entenc.h" #include "entdec.h" diff --git a/celt/tests/test_unit_laplace.c b/celt/tests/test_unit_laplace.c index 22951e29..727bf012 100644 --- a/celt/tests/test_unit_laplace.c +++ b/celt/tests/test_unit_laplace.c @@ -31,8 +31,8 @@ #include #include -#include "laplace.h" #define CELT_C +#include "laplace.h" #include "stack_alloc.h" #include "entenc.c" diff --git a/celt/tests/test_unit_rotation.c b/celt/tests/test_unit_rotation.c index 267b9830..8a31b3f2 100644 --- a/celt/tests/test_unit_rotation.c +++ b/celt/tests/test_unit_rotation.c @@ -33,8 +33,6 @@ #define CUSTOM_MODES #endif -#define CELT_C - #include #include #include "vq.h" diff --git a/celt/vq.c b/celt/vq.c index 8ef80e50..a6b5552d 100644 --- a/celt/vq.c +++ b/celt/vq.c @@ -230,12 +230,12 @@ opus_val16 op_pvq_search_c(celt_norm *X, int *iy, int K, int N, int arch) pulsesLeft -= iy[j]; } while (++j=0, "Allocated too many pulses in the quick pass"); + celt_sig_assert(pulsesLeft>=0); /* This should never happen, but just in case it does (e.g. on silence) we fill the first bin with pulses. */ #ifdef FIXED_POINT_DEBUG - celt_assert2(pulsesLeft<=N+3, "Not enough pulses in the quick pass"); + celt_sig_assert(pulsesLeft<=N+3); #endif if (pulsesLeft > N+3) { diff --git a/celt/x86/vq_sse2.c b/celt/x86/vq_sse2.c index 6a317703..77504286 100644 --- a/celt/x86/vq_sse2.c +++ b/celt/x86/vq_sse2.c @@ -135,7 +135,7 @@ opus_val16 op_pvq_search_sse2(celt_norm *_X, int *iy, int K, int N, int arch) } X[N] = X[N+1] = X[N+2] = -100; y[N] = y[N+1] = y[N+2] = 100; - celt_assert2(pulsesLeft>=0, "Allocated too many pulses in the quick pass"); + celt_sig_assert(pulsesLeft>=0); /* This should never happen, but just in case it does (e.g. on silence) we fill the first bin with pulses. */ -- cgit v1.2.3