[src/trunk]: src/sys/sys Make __CTASSERT static assert again

[kamil <kamil%NetBSD.org@localhost>]

details:   https://anonhg.NetBSD.org/src/rev/e28a2ec44f71
branches:  trunk
changeset: 1003610:e28a2ec44f71
user:      kamil <kamil%NetBSD.org@localhost>
date:      Sun Sep 22 23:13:10 2019 +0000

description:
Make __CTASSERT static assert again

Today GCC/Clang allow to specify typedef char[] with the dynamic VLA
property (as introduced in C99). This means that __CTASSERT(), when
misused with run-time semantics, was a dummy check generating either
1 or -1 size of typedef char[].

It was caught in runtime by kUBSan as -1 is size of VLA with unspecified
semantics in runtime (Undefined Behavior).

Use bit-field to enforce compile-time constant.

This approach has been inspired by the Perl variation of static_assert().

diffstat:

 sys/sys/cdefs.h |  9 ++++++---
 1 files changed, 6 insertions(+), 3 deletions(-)

diffs (23 lines):

diff -r 00badfa4b4c5 -r e28a2ec44f71 sys/sys/cdefs.h
--- a/sys/sys/cdefs.h   Sun Sep 22 23:03:20 2019 +0000
+++ b/sys/sys/cdefs.h   Sun Sep 22 23:13:10 2019 +0000
@@ -1,4 +1,4 @@
-/*     $NetBSD: cdefs.h,v 1.144 2019/09/18 15:06:03 kamil Exp $        */
+/*     $NetBSD: cdefs.h,v 1.145 2019/09/22 23:13:10 kamil Exp $        */
 
 /* * Copyright (c) 1991, 1993
  *     The Regents of the University of California.  All rights reserved.
@@ -172,8 +172,11 @@
 #define        __CTASSERT99(x, a, b)   __CTASSERT0(x, __CONCAT(__ctassert,a), \
                                               __CONCAT(_,b))
 #endif
-#define        __CTASSERT0(x, y, z)    __CTASSERT1(x, y, z) 
-#define        __CTASSERT1(x, y, z)    typedef char y ## z[/*CONSTCOND*/(x) ? 1 : -1] __unused
+#define        __CTASSERT0(x, y, z)    __CTASSERT1(x, y, z)
+#define        __CTASSERT1(x, y, z)    \
+       typedef struct { \
+               unsigned int y ## z : /*CONSTCOND*/(x) ? 1 : -1; \
+       } y ## z ## _struct __unused
 
 /*
  * The following macro is used to remove const cast-away warnings