Re: [Intel-gfx] [PATCH v2] overflow: Introduce overflows_type() and castable_to_type()
Hi Kees, I love your patch! Yet something to improve: [auto build test ERROR on kees/for-next/hardening] [also build test ERROR on next-20220928] [cannot apply to drm-tip/drm-tip drm-intel/for-linux-next drm-misc/drm-misc-next linus/master v6.0-rc7] [If your patch is applied to the wrong git tree, kindly drop us a note. And when submitting patch, we suggest to use '--base' as documented in https://git-scm.com/docs/git-format-patch#_base_tree_information] url: https://github.com/intel-lab-lkp/linux/commits/Kees-Cook/overflow-Introduce-overflows_type-and-castable_to_type/20220927-094847 base: https://git.kernel.org/pub/scm/linux/kernel/git/kees/linux.git for-next/hardening config: i386-defconfig compiler: gcc-11 (Debian 11.3.0-5) 11.3.0 reproduce (this is a W=1 build): # https://github.com/intel-lab-lkp/linux/commit/ffc9129a19eb65b2d20780558b0c1af24d66434a git remote add linux-review https://github.com/intel-lab-lkp/linux git fetch --no-tags linux-review Kees-Cook/overflow-Introduce-overflows_type-and-castable_to_type/20220927-094847 git checkout ffc9129a19eb65b2d20780558b0c1af24d66434a # save the config file mkdir build_dir && cp config build_dir/.config make W=1 O=build_dir ARCH=i386 SHELL=/bin/bash If you fix the issue, kindly add following tag where applicable | Reported-by: kernel test robot All errors (new ones prefixed by >>): In file included from drivers/gpu/drm/i915/i915_utils.h:29, from drivers/gpu/drm/i915/i915_user_extensions.c:14: drivers/gpu/drm/i915/i915_user_extensions.c: In function 'i915_user_extensions': >> include/linux/overflow.h:33:40: error: invalid operands to binary << (have >> 'struct i915_user_extension *' and 'unsigned int') 33 | #define __type_half_max(type) ((type)1 << (8*sizeof(type) - 1 - is_signed_type(type))) |^~ ~~~ | | | unsigned int include/linux/overflow.h:34:27: note: in expansion of macro '__type_half_max' 34 | #define type_max(T) ((T)((__type_half_max(T) - 1) + __type_half_max(T))) | ^~~ include/linux/overflow.h:132:23: note: in expansion of macro 'type_max' 132 | (x) > type_max(typeof(T)) ? 1 : 0 \ | ^~~~ include/linux/overflow.h:159:31: note: in expansion of macro '__overflows_type_constexpr' 159 | __overflows_type_constexpr(n, T), \ | ^~ drivers/gpu/drm/i915/i915_user_extensions.c:54:21: note: in expansion of macro 'overflows_type' 54 | overflows_type(next, ext)) | ^~ >> include/linux/overflow.h:33:40: error: invalid operands to binary << (have >> 'struct i915_user_extension *' and 'unsigned int') 33 | #define __type_half_max(type) ((type)1 << (8*sizeof(type) - 1 - is_signed_type(type))) |^~ ~~~ | | | unsigned int include/linux/overflow.h:34:53: note: in expansion of macro '__type_half_max' 34 | #define type_max(T) ((T)((__type_half_max(T) - 1) + __type_half_max(T))) | ^~~ include/linux/overflow.h:132:23: note: in expansion of macro 'type_max' 132 | (x) > type_max(typeof(T)) ? 1 : 0 \ | ^~~~ include/linux/overflow.h:159:31: note: in expansion of macro '__overflows_type_constexpr' 159 | __overflows_type_constexpr(n, T), \ | ^~ drivers/gpu/drm/i915/i915_user_extensions.c:54:21: note: in expansion of macro 'overflows_type' 54 | overflows_type(next, ext)) | ^~ >> include/linux/overflow.h:33:40: error: invalid operands to binary << (have >> 'struct i915_user_extension *' and 'unsigned int') 33 | #define __type_half_max(type) ((type)1 << (8*sizeof(type) - 1 - is_signed_type(type))) |^~ ~~~ | | | unsigned int include/linux/overflow.h:34:27: note: in expansion of macro '__type_half_max' 34 | #define type_max(T) ((T)((__type_half_max(T)
Re: [Intel-gfx] [PATCH v2] overflow: Introduce overflows_type() and castable_to_type()
Hi Kees, To check the intel-gfx ci results and test results from other mailing lists, I have rebased this patch and included it in this series [1]. [1] https://patchwork.freedesktop.org/series/109169/ G.G On 9/26/22 10:11 PM, Kees Cook wrote: Implement a robust overflows_type() macro to test if a variable or constant value would overflow another variable or type. This can be used as a constant expression for static_assert() (which requires a constant expression[1][2]) when used on constant values. This must be constructed manually, since __builtin_add_overflow() does not produce a constant expression[3]. Additionally adds castable_to_type(), similar to __same_type(), but for checking if a constant value would overflow if cast to a given type. Add unit tests for overflows_type(), __same_type(), and castable_to_type() to the existing KUnit "overflow" test. [1] https://en.cppreference.com/w/c/language/_Static_assert [2] C11 standard (ISO/IEC 9899:2011): 6.7.10 Static assertions [3] https://gcc.gnu.org/onlinedocs/gcc/Integer-Overflow-Builtins.html 6.56 Built-in Functions to Perform Arithmetic with Overflow Checking Built-in Function: bool __builtin_add_overflow (type1 a, type2 b, Cc: Luc Van Oostenryck Cc: Nathan Chancellor Cc: Nick Desaulniers Cc: Tom Rix Cc: Daniel Latypov Cc: Vitor Massaru Iha Cc: "Gustavo A. R. Silva" Cc: linux-harden...@vger.kernel.org Cc: l...@lists.linux.dev Co-developed-by: Gwan-gyeong Mun Signed-off-by: Gwan-gyeong Mun Signed-off-by: Kees Cook --- v2: - fix comment typo - wrap clang pragma to avoid GCC warnings - style nit cleanups - rename __castable_to_type() to castable_to_type() - remove prior overflows_type() definition v1: https://lore.kernel.org/lkml/20220926003743.409911-1-keesc...@chromium.org --- drivers/gpu/drm/i915/i915_utils.h | 4 - include/linux/compiler.h | 1 + include/linux/overflow.h | 48 lib/overflow_kunit.c | 388 +- 4 files changed, 436 insertions(+), 5 deletions(-) diff --git a/drivers/gpu/drm/i915/i915_utils.h b/drivers/gpu/drm/i915/i915_utils.h index c10d68cdc3ca..d14b7faee054 100644 --- a/drivers/gpu/drm/i915/i915_utils.h +++ b/drivers/gpu/drm/i915/i915_utils.h @@ -111,10 +111,6 @@ bool i915_error_injected(void); #define range_overflows_end_t(type, start, size, max) \ range_overflows_end((type)(start), (type)(size), (type)(max)) -/* Note we don't consider signbits :| */ -#define overflows_type(x, T) \ - (sizeof(x) > sizeof(T) && (x) >> BITS_PER_TYPE(T)) - #define ptr_mask_bits(ptr, n) ({ \ unsigned long __v = (unsigned long)(ptr); \ (typeof(ptr))(__v & -BIT(n)); \ diff --git a/include/linux/compiler.h b/include/linux/compiler.h index 7713d7bcdaea..c631107e93b1 100644 --- a/include/linux/compiler.h +++ b/include/linux/compiler.h @@ -244,6 +244,7 @@ static inline void *offset_to_ptr(const int *off) * bool and also pointer types. */ #define is_signed_type(type) (((type)(-1)) < (__force type)1) +#define is_unsigned_type(type) (!is_signed_type(type)) /* * This is needed in functions which generate the stack canary, see diff --git a/include/linux/overflow.h b/include/linux/overflow.h index 19dfdd74835e..58eb34aa2af9 100644 --- a/include/linux/overflow.h +++ b/include/linux/overflow.h @@ -127,6 +127,54 @@ static inline bool __must_check __must_check_overflow(bool overflow) (*_d >> _to_shift) != _a);\ })) +#define __overflows_type_constexpr(x, T) ( \ + is_unsigned_type(typeof(x)) ? \ + (x) > type_max(typeof(T)) ? 1 : 0\ + : is_unsigned_type(typeof(T)) ? \ + (x) < 0 || (x) > type_max(typeof(T)) ? 1 : 0 \ + : (x) < type_min(typeof(T)) || \ + (x) > type_max(typeof(T)) ? 1 : 0) + +#define __overflows_type(x, T) ({ \ + typeof(T) v = 0;\ + check_add_overflow((x), v, ); \ +}) + +/** + * overflows_type - helper for checking the overflows between value, variables, + * or data type + * + * @n: source constant value or variable to be checked + * @T: destination variable or data type proposed to store @x + * + * Compares the @x expression for whether or not it can safely fit in + * the storage of the type in @T. @x and @T can have different types. + * If @x is a constant expression, this will also resolve to a constant + * expression. + * + * Returns: true if overflow can occur, false otherwise. + */ +#define overflows_type(n, T) \ + __builtin_choose_expr(__is_constexpr(n),\ + __overflows_type_constexpr(n, T), \ +
Re: [Intel-gfx] [PATCH v2] overflow: Introduce overflows_type() and castable_to_type()
Hi Kees, Thanks for update it to v2. I'm leaving a comment because the patches this patch depends on aren't part of one of the series. If this patch alone is forwarded to the intel-gfx mailing, it will report a build issue. If this patch is only for review, please ignore my comments. In order to remove overflows_type() from the i915 gpu driver and add the updated overflows_type() to overflows.h, the following two patches must be applied first because of dependencies. "overflow: Allow mixed type arguments" [1][2] "overflow: Introduce check_assign() and check_assign_user_ptr()" [2] https://www.spinics.net/lists/kernel/msg4495457.html [1] https://patchwork.freedesktop.org/patch/504792/?series=109063=1 [2] https://patchwork.freedesktop.org/patch/504791/?series=109063=1 [3] br, G.G On 9/26/22 10:11 PM, Kees Cook wrote: Implement a robust overflows_type() macro to test if a variable or constant value would overflow another variable or type. This can be used as a constant expression for static_assert() (which requires a constant expression[1][2]) when used on constant values. This must be constructed manually, since __builtin_add_overflow() does not produce a constant expression[3]. Additionally adds castable_to_type(), similar to __same_type(), but for checking if a constant value would overflow if cast to a given type. Add unit tests for overflows_type(), __same_type(), and castable_to_type() to the existing KUnit "overflow" test. [1] https://en.cppreference.com/w/c/language/_Static_assert [2] C11 standard (ISO/IEC 9899:2011): 6.7.10 Static assertions [3] https://gcc.gnu.org/onlinedocs/gcc/Integer-Overflow-Builtins.html 6.56 Built-in Functions to Perform Arithmetic with Overflow Checking Built-in Function: bool __builtin_add_overflow (type1 a, type2 b, Cc: Luc Van Oostenryck Cc: Nathan Chancellor Cc: Nick Desaulniers Cc: Tom Rix Cc: Daniel Latypov Cc: Vitor Massaru Iha Cc: "Gustavo A. R. Silva" Cc: linux-harden...@vger.kernel.org Cc: l...@lists.linux.dev Co-developed-by: Gwan-gyeong Mun Signed-off-by: Gwan-gyeong Mun Signed-off-by: Kees Cook --- v2: - fix comment typo - wrap clang pragma to avoid GCC warnings - style nit cleanups - rename __castable_to_type() to castable_to_type() - remove prior overflows_type() definition v1: https://lore.kernel.org/lkml/20220926003743.409911-1-keesc...@chromium.org --- drivers/gpu/drm/i915/i915_utils.h | 4 - include/linux/compiler.h | 1 + include/linux/overflow.h | 48 lib/overflow_kunit.c | 388 +- 4 files changed, 436 insertions(+), 5 deletions(-) diff --git a/drivers/gpu/drm/i915/i915_utils.h b/drivers/gpu/drm/i915/i915_utils.h index c10d68cdc3ca..d14b7faee054 100644 --- a/drivers/gpu/drm/i915/i915_utils.h +++ b/drivers/gpu/drm/i915/i915_utils.h @@ -111,10 +111,6 @@ bool i915_error_injected(void); #define range_overflows_end_t(type, start, size, max) \ range_overflows_end((type)(start), (type)(size), (type)(max)) -/* Note we don't consider signbits :| */ -#define overflows_type(x, T) \ - (sizeof(x) > sizeof(T) && (x) >> BITS_PER_TYPE(T)) - #define ptr_mask_bits(ptr, n) ({ \ unsigned long __v = (unsigned long)(ptr); \ (typeof(ptr))(__v & -BIT(n)); \ diff --git a/include/linux/compiler.h b/include/linux/compiler.h index 7713d7bcdaea..c631107e93b1 100644 --- a/include/linux/compiler.h +++ b/include/linux/compiler.h @@ -244,6 +244,7 @@ static inline void *offset_to_ptr(const int *off) * bool and also pointer types. */ #define is_signed_type(type) (((type)(-1)) < (__force type)1) +#define is_unsigned_type(type) (!is_signed_type(type)) /* * This is needed in functions which generate the stack canary, see diff --git a/include/linux/overflow.h b/include/linux/overflow.h index 19dfdd74835e..58eb34aa2af9 100644 --- a/include/linux/overflow.h +++ b/include/linux/overflow.h @@ -127,6 +127,54 @@ static inline bool __must_check __must_check_overflow(bool overflow) (*_d >> _to_shift) != _a);\ })) +#define __overflows_type_constexpr(x, T) ( \ + is_unsigned_type(typeof(x)) ? \ + (x) > type_max(typeof(T)) ? 1 : 0\ + : is_unsigned_type(typeof(T)) ? \ + (x) < 0 || (x) > type_max(typeof(T)) ? 1 : 0 \ + : (x) < type_min(typeof(T)) || \ + (x) > type_max(typeof(T)) ? 1 : 0) + +#define __overflows_type(x, T) ({ \ + typeof(T) v = 0;\ + check_add_overflow((x), v, ); \ +}) + +/** + * overflows_type - helper for checking the overflows between value, variables, + * or data type + * + * @n: source constant value or variable to be checked + *
Re: [Intel-gfx] [PATCH v2] overflow: Introduce overflows_type() and castable_to_type()
On Mon, Sep 26, 2022, at 11:07 PM, Kees Cook wrote: > On Mon, Sep 26, 2022 at 01:17:18PM -0700, Nick Desaulniers wrote: >> + Arnd >> >> On Mon, Sep 26, 2022 at 12:11 PM Kees Cook wrote: >> > --- >> > v2: >> > - fix comment typo >> > - wrap clang pragma to avoid GCC warnings >> > - style nit cleanups >> > - rename __castable_to_type() to castable_to_type() >> > - remove prior overflows_type() definition >> > v1: >> > https://lore.kernel.org/lkml/20220926003743.409911-1-keesc...@chromium.org >> > diff --git a/lib/overflow_kunit.c b/lib/overflow_kunit.c >> > index f385ca652b74..fffc3f86181d 100644 >> > --- a/lib/overflow_kunit.c >> > +++ b/lib/overflow_kunit.c >> > @@ -16,6 +16,11 @@ >> > #include >> > #include >> > >> > +/* We're expecting to do a lot of "always true" or "always false" tests. >> > */ >> > +#ifdef CONFIG_CC_IS_CLANG >> > +#pragma clang diagnostic ignored >> > "-Wtautological-constant-out-of-range-compare" >> > +#endif >> >> Any chance we can reuse parts of __diag_ignore or __diag_clang from >> include/linux/compiler_types.h or include/linux/compiler-clang.h >> respectively? > > Hm, I'm not sure how those are supposed to be used. Those defines don't > seem to be used externally? We use them in a couple of places. When I originally introduced them, the idea was to add more infrastructure around these to replace the various -Wno-... flags in local makefiles with more targetted annotations, and then have a way to control the warning levels (W=1 W=2 E=1 etc) per directory and per file, but I never completed the work to add the interesting bits. >> Those are needed for pragmas within preprocessor macros, which we >> don't have here, but I suspect they may be more concise to use here. > > Yeah, I was surprised when I had to wrap it in #ifdef given "clang" is > part of the string. > >> >> > +#define TEST_SAME_TYPE(t1, t2, same) do {\ >> > + typeof(t1) __t1h = type_max(t1);\ >> > + typeof(t1) __t1l = type_min(t1);\ >> > + typeof(t2) __t2h = type_max(t2);\ >> > + typeof(t2) __t2l = type_min(t2);\ >> >> Can we use __auto_type here rather than typeof(macro expansion)? > > I'd rather it stay explicit -- otherwise we start to wander into "oops, > we got lucky" territory for what should be a really distinct test case. The idea of __auto_type is to avoid the more deeply nested macros. If the preprocessed file turns into an absolute mess, adding a temporary variable may help. Not sure if that applies here. Arnd
Re: [Intel-gfx] [PATCH v2] overflow: Introduce overflows_type() and castable_to_type()
On Mon, Sep 26, 2022 at 01:17:18PM -0700, Nick Desaulniers wrote: > + Arnd > > On Mon, Sep 26, 2022 at 12:11 PM Kees Cook wrote: > > --- > > v2: > > - fix comment typo > > - wrap clang pragma to avoid GCC warnings > > - style nit cleanups > > - rename __castable_to_type() to castable_to_type() > > - remove prior overflows_type() definition > > v1: > > https://lore.kernel.org/lkml/20220926003743.409911-1-keesc...@chromium.org > > diff --git a/lib/overflow_kunit.c b/lib/overflow_kunit.c > > index f385ca652b74..fffc3f86181d 100644 > > --- a/lib/overflow_kunit.c > > +++ b/lib/overflow_kunit.c > > @@ -16,6 +16,11 @@ > > #include > > #include > > > > +/* We're expecting to do a lot of "always true" or "always false" tests. */ > > +#ifdef CONFIG_CC_IS_CLANG > > +#pragma clang diagnostic ignored > > "-Wtautological-constant-out-of-range-compare" > > +#endif > > Any chance we can reuse parts of __diag_ignore or __diag_clang from > include/linux/compiler_types.h or include/linux/compiler-clang.h > respectively? Hm, I'm not sure how those are supposed to be used. Those defines don't seem to be used externally? > Those are needed for pragmas within preprocessor macros, which we > don't have here, but I suspect they may be more concise to use here. Yeah, I was surprised when I had to wrap it in #ifdef given "clang" is part of the string. > > > +#define TEST_SAME_TYPE(t1, t2, same) do {\ > > + typeof(t1) __t1h = type_max(t1);\ > > + typeof(t1) __t1l = type_min(t1);\ > > + typeof(t2) __t2h = type_max(t2);\ > > + typeof(t2) __t2l = type_min(t2);\ > > Can we use __auto_type here rather than typeof(macro expansion)? I'd rather it stay explicit -- otherwise we start to wander into "oops, we got lucky" territory for what should be a really distinct test case. -- Kees Cook
Re: [Intel-gfx] [PATCH v2] overflow: Introduce overflows_type() and castable_to_type()
+ Arnd On Mon, Sep 26, 2022 at 12:11 PM Kees Cook wrote: > --- > v2: > - fix comment typo > - wrap clang pragma to avoid GCC warnings > - style nit cleanups > - rename __castable_to_type() to castable_to_type() > - remove prior overflows_type() definition > v1: https://lore.kernel.org/lkml/20220926003743.409911-1-keesc...@chromium.org > diff --git a/lib/overflow_kunit.c b/lib/overflow_kunit.c > index f385ca652b74..fffc3f86181d 100644 > --- a/lib/overflow_kunit.c > +++ b/lib/overflow_kunit.c > @@ -16,6 +16,11 @@ > #include > #include > > +/* We're expecting to do a lot of "always true" or "always false" tests. */ > +#ifdef CONFIG_CC_IS_CLANG > +#pragma clang diagnostic ignored > "-Wtautological-constant-out-of-range-compare" > +#endif Any chance we can reuse parts of __diag_ignore or __diag_clang from include/linux/compiler_types.h or include/linux/compiler-clang.h respectively? Those are needed for pragmas within preprocessor macros, which we don't have here, but I suspect they may be more concise to use here. > +#define TEST_SAME_TYPE(t1, t2, same) do {\ > + typeof(t1) __t1h = type_max(t1);\ > + typeof(t1) __t1l = type_min(t1);\ > + typeof(t2) __t2h = type_max(t2);\ > + typeof(t2) __t2l = type_min(t2);\ Can we use __auto_type here rather than typeof(macro expansion)? -- Thanks, ~Nick Desaulniers
[Intel-gfx] [PATCH v2] overflow: Introduce overflows_type() and castable_to_type()
Implement a robust overflows_type() macro to test if a variable or constant value would overflow another variable or type. This can be used as a constant expression for static_assert() (which requires a constant expression[1][2]) when used on constant values. This must be constructed manually, since __builtin_add_overflow() does not produce a constant expression[3]. Additionally adds castable_to_type(), similar to __same_type(), but for checking if a constant value would overflow if cast to a given type. Add unit tests for overflows_type(), __same_type(), and castable_to_type() to the existing KUnit "overflow" test. [1] https://en.cppreference.com/w/c/language/_Static_assert [2] C11 standard (ISO/IEC 9899:2011): 6.7.10 Static assertions [3] https://gcc.gnu.org/onlinedocs/gcc/Integer-Overflow-Builtins.html 6.56 Built-in Functions to Perform Arithmetic with Overflow Checking Built-in Function: bool __builtin_add_overflow (type1 a, type2 b, Cc: Luc Van Oostenryck Cc: Nathan Chancellor Cc: Nick Desaulniers Cc: Tom Rix Cc: Daniel Latypov Cc: Vitor Massaru Iha Cc: "Gustavo A. R. Silva" Cc: linux-harden...@vger.kernel.org Cc: l...@lists.linux.dev Co-developed-by: Gwan-gyeong Mun Signed-off-by: Gwan-gyeong Mun Signed-off-by: Kees Cook --- v2: - fix comment typo - wrap clang pragma to avoid GCC warnings - style nit cleanups - rename __castable_to_type() to castable_to_type() - remove prior overflows_type() definition v1: https://lore.kernel.org/lkml/20220926003743.409911-1-keesc...@chromium.org --- drivers/gpu/drm/i915/i915_utils.h | 4 - include/linux/compiler.h | 1 + include/linux/overflow.h | 48 lib/overflow_kunit.c | 388 +- 4 files changed, 436 insertions(+), 5 deletions(-) diff --git a/drivers/gpu/drm/i915/i915_utils.h b/drivers/gpu/drm/i915/i915_utils.h index c10d68cdc3ca..d14b7faee054 100644 --- a/drivers/gpu/drm/i915/i915_utils.h +++ b/drivers/gpu/drm/i915/i915_utils.h @@ -111,10 +111,6 @@ bool i915_error_injected(void); #define range_overflows_end_t(type, start, size, max) \ range_overflows_end((type)(start), (type)(size), (type)(max)) -/* Note we don't consider signbits :| */ -#define overflows_type(x, T) \ - (sizeof(x) > sizeof(T) && (x) >> BITS_PER_TYPE(T)) - #define ptr_mask_bits(ptr, n) ({ \ unsigned long __v = (unsigned long)(ptr); \ (typeof(ptr))(__v & -BIT(n)); \ diff --git a/include/linux/compiler.h b/include/linux/compiler.h index 7713d7bcdaea..c631107e93b1 100644 --- a/include/linux/compiler.h +++ b/include/linux/compiler.h @@ -244,6 +244,7 @@ static inline void *offset_to_ptr(const int *off) * bool and also pointer types. */ #define is_signed_type(type) (((type)(-1)) < (__force type)1) +#define is_unsigned_type(type) (!is_signed_type(type)) /* * This is needed in functions which generate the stack canary, see diff --git a/include/linux/overflow.h b/include/linux/overflow.h index 19dfdd74835e..58eb34aa2af9 100644 --- a/include/linux/overflow.h +++ b/include/linux/overflow.h @@ -127,6 +127,54 @@ static inline bool __must_check __must_check_overflow(bool overflow) (*_d >> _to_shift) != _a); \ })) +#define __overflows_type_constexpr(x, T) ( \ + is_unsigned_type(typeof(x)) ? \ + (x) > type_max(typeof(T)) ? 1 : 0 \ + : is_unsigned_type(typeof(T)) ? \ + (x) < 0 || (x) > type_max(typeof(T)) ? 1 : 0\ + : (x) < type_min(typeof(T)) || \ + (x) > type_max(typeof(T)) ? 1 : 0) + +#define __overflows_type(x, T) ({ \ + typeof(T) v = 0;\ + check_add_overflow((x), v, ); \ +}) + +/** + * overflows_type - helper for checking the overflows between value, variables, + * or data type + * + * @n: source constant value or variable to be checked + * @T: destination variable or data type proposed to store @x + * + * Compares the @x expression for whether or not it can safely fit in + * the storage of the type in @T. @x and @T can have different types. + * If @x is a constant expression, this will also resolve to a constant + * expression. + * + * Returns: true if overflow can occur, false otherwise. + */ +#define overflows_type(n, T) \ + __builtin_choose_expr(__is_constexpr(n),\ + __overflows_type_constexpr(n, T), \ + __overflows_type(n, T)) + +/** + * castable_to_type - like __same_type(), but also allows for casted literals + * + * @n: variable or constant value + * @T: variable or data type + * + * Unlike the __same_type() macro, this allows a constant value as the + * first