You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Right now, most of the codebase uses int as the function return value. As documented in s2n_result.c, this has a few problems:
GUARDing in a function that returns integer types
GUARDing a function that returns integer type
Forgetting to GUARD a function that returned an error signal
Solution:
The majority of the codebase should return S2N_RESULT. This is statically checked to ensure:
The code cannot GUARD in a function that returns integer types:
uint8_ts2n_answer_to_the_ultimate_question() {
GUARD(s2n_sleep_for_years(7500000)); /* <- Won't compile since this function doesn't return an S2N_RESULT */return42;
}
The code cannot GUARD a function that returns integer types:
S2N_RESULTs2n_deep_thought() {
GUARD(s2n_answer_to_the_ultimate_question()); /* <- Won't compile since the function being called doesn't return an S2N_RESULT */returnS2N_RESULT_OK;
}
The code cannot ignore the return value of a function
uint8_ts2n_answer_to_the_ultimate_question() {
s2n_sleep_for_years(7500000); /* <- Won't compile since the function being called returns a `S2N_RESULT` isn't `GUARD`ed */return42;
}
Requirements / Acceptance Criteria:
The following tasks are implemented in a way that will make the transition as painless as possible, especially for any pending PRs.
Update the safety macros codegen script to add prefix-less set of macros by duplicating all of the RESULT_ declarations. This means that RESULT_GUARD is now just GUARD.
Add a codemod script to move all of the RESULT_ invocations in the codebase, since it's now the default.
Manually update all of the functions in the codebase to return S2N_RESULT instead of int (see utils: continued result migration #1891Add S2N_RESULT to a couple functions. #2371)
This can be done per module and replacing all of the int with S2N_RESULT and trying to compile it. After working through all of the compiler issues, that module should continue to have the same functionality with the added guarantees that S2N_RESULT provides.
Improve comparison macros to ensure values have the same type before comparing
The text was updated successfully, but these errors were encountered:
Problem:
Right now, most of the codebase uses
int
as the function return value. As documented in s2n_result.c, this has a few problems:GUARD
ing in a function that returns integer typesGUARD
ing a function that returns integer typeGUARD
a function that returned an error signalSolution:
The majority of the codebase should return
S2N_RESULT
. This is statically checked to ensure:The code cannot
GUARD
in a function that returns integer types:The code cannot
GUARD
a function that returns integer types:The code cannot ignore the return value of a function
Requirements / Acceptance Criteria:
The following tasks are implemented in a way that will make the transition as painless as possible, especially for any pending PRs.
S2N_RESULT_FREE
return type that is allowed to be used in theDEFER_CLEANUP
macro. Fix and simplify psk_param lifecycle #2523RESULT_
declarations. This means thatRESULT_GUARD
is now justGUARD
.RESULT_
invocations in the codebase, since it's now the default.S2N_RESULT
instead ofint
(see utils: continued result migration #1891 Add S2N_RESULT to a couple functions. #2371)This can be done per module and replacing all of the
int
withS2N_RESULT
and trying to compile it. After working through all of the compiler issues, that module should continue to have the same functionality with the added guarantees thatS2N_RESULT
provides.The text was updated successfully, but these errors were encountered: