LCOV - code coverage report
Current view: top level - utils - s2n_result.h (source / functions) Hit Total Coverage
Test: unit_test_coverage.info Lines: 9 9 100.0 %
Date: 2025-08-15 07:28:39 Functions: 120 516 23.3 %
Branches: 0 0 - 

           Branch data     Line data    Source code
       1                 :            : /*
       2                 :            :  * Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved.
       3                 :            :  *
       4                 :            :  * Licensed under the Apache License, Version 2.0 (the "License").
       5                 :            :  * You may not use this file except in compliance with the License.
       6                 :            :  * A copy of the License is located at
       7                 :            :  *
       8                 :            :  *  http://aws.amazon.com/apache2.0
       9                 :            :  *
      10                 :            :  * or in the "license" file accompanying this file. This file is distributed
      11                 :            :  * on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either
      12                 :            :  * express or implied. See the License for the specific language governing
      13                 :            :  * permissions and limitations under the License.
      14                 :            :  */
      15                 :            : 
      16                 :            : #pragma once
      17                 :            : 
      18                 :            : /*
      19                 :            :  * The goal of s2n_result is to provide a strongly-typed error
      20                 :            :  * signal value, which provides the compiler with enough information
      21                 :            :  * to catch bugs.
      22                 :            :  *
      23                 :            :  * Historically, s2n has used int to signal errors. This has caused a few issues:
      24                 :            :  *
      25                 :            :  * ## GUARD in a function returning integer types
      26                 :            :  *
      27                 :            :  * There is no compiler error if `GUARD(nested_call());` is used in a function
      28                 :            :  * that is meant to return integer type - not a error signal.
      29                 :            :  *
      30                 :            :  * ```c
      31                 :            :  * uint8_t s2n_answer_to_the_ultimate_question() {
      32                 :            :  *   POSIX_GUARD(s2n_sleep_for_years(7500000));
      33                 :            :  *   return 42;
      34                 :            :  * }
      35                 :            :  * ```
      36                 :            :  *
      37                 :            :  * In this function we intended to return a `uint8_t` but used a
      38                 :            :  * `GUARD` which will return -1 if the call fails. This can lead to
      39                 :            :  * very subtle bugs.
      40                 :            :  *
      41                 :            :  * ## `GUARD`ing a function returning any integer type
      42                 :            :  *
      43                 :            :  * There is no compiler error if `GUARD(nested_call());` is used
      44                 :            :  * on a function that doesn't actually return an error signal
      45                 :            :  *
      46                 :            :  * ```c
      47                 :            :  * int s2n_deep_thought() {
      48                 :            :  *   POSIX_GUARD(s2n_answer_to_the_ultimate_question());
      49                 :            :  *   return 0;
      50                 :            :  * }
      51                 :            :  * ```
      52                 :            :  *
      53                 :            :  * In this function we intended guard against a failure of
      54                 :            :  * `s2n_answer_to_the_ultimate_question` but that function doesn't
      55                 :            :  * actually return an error signal. Again, this can lead to sublte
      56                 :            :  * bugs.
      57                 :            :  *
      58                 :            :  * ## Ignored error signals
      59                 :            :  *
      60                 :            :  * Without the `warn_unused_result` function attribute, the compiler
      61                 :            :  * provides no warning when forgetting to `GUARD` a function. Missing
      62                 :            :  * a `GUARD` can lead to subtle bugs.
      63                 :            :  *
      64                 :            :  * ```c
      65                 :            :  * int s2n_answer_to_the_ultimate_question() {
      66                 :            :  *   s2n_sleep_for_years(7500000); // <- THIS SHOULD BE GUARDED!!!
      67                 :            :  *   return 42;
      68                 :            :  * }
      69                 :            :  * ```
      70                 :            :  *
      71                 :            :  * # Solution
      72                 :            :  *
      73                 :            :  * s2n_result provides a newtype declaration, which is popular in
      74                 :            :  * languages like [Haskell](https://wiki.haskell.org/Newtype) and
      75                 :            :  * [Rust](https://doc.rust-lang.org/rust-by-example/generics/new_types.html).
      76                 :            :  *
      77                 :            :  * Functions that return S2N_RESULT are automatically marked with the
      78                 :            :  * `warn_unused_result` attribute, which ensures they are GUARDed.
      79                 :            :  */
      80                 :            : 
      81                 :            : #include <stdbool.h>
      82                 :            : 
      83                 :            : #include "api/s2n.h"
      84                 :            : 
      85                 :            : /* A value which indicates the outcome of a function */
      86                 :            : typedef struct {
      87                 :            :     int __error_signal;
      88                 :            : } s2n_result;
      89                 :            : 
      90                 :            : /* used to signal a successful function return */
      91                 : 2180774579 : #define S2N_RESULT_OK ((s2n_result){ S2N_SUCCESS })
      92                 :            : 
      93                 :            : /* used to signal an error while executing a function */
      94                 :            : #define S2N_RESULT_ERROR ((s2n_result){ S2N_FAILURE })
      95                 :            : 
      96                 :            : #if defined(__clang__) || defined(__GNUC__)
      97                 :            :     #define S2N_RESULT_MUST_USE __attribute__((warn_unused_result))
      98                 :            : #else
      99                 :            :     #define S2N_RESULT_MUST_USE
     100                 :            : #endif
     101                 :            : 
     102                 :            : /* returns true when the result is S2N_RESULT_OK */
     103                 :            : S2N_RESULT_MUST_USE static inline bool s2n_result_is_ok(s2n_result result)
     104                 : 3207871895 : {
     105                 : 3207871895 :     return result.__error_signal == S2N_SUCCESS;
     106                 : 3207871895 : }
     107                 :            : 
     108                 :            : /* returns true when the result is S2N_RESULT_ERROR */
     109                 :            : S2N_RESULT_MUST_USE static inline bool s2n_result_is_error(s2n_result result)
     110                 :     250380 : {
     111                 :     250380 :     return result.__error_signal != S2N_SUCCESS;
     112                 :     250380 : }
     113                 :            : 
     114                 :            : /**
     115                 :            :  * Ignores the returned result of a function
     116                 :            :  *
     117                 :            :  * Generally, function results should always be checked. Using this function
     118                 :            :  * could cause the system to behave in unexpected ways. As such, this function
     119                 :            :  * should only be used in scenarios where the system state is not affected by
     120                 :            :  * errors.
     121                 :            :  */
     122                 :            : static inline void s2n_result_ignore(s2n_result result)
     123                 :      40746 : {
     124                 :            :     /* noop */
     125                 :      40746 : }
     126                 :            : 
     127                 :            : /* used in function declarations to signal function fallibility */
     128                 :            : #define S2N_RESULT S2N_RESULT_MUST_USE s2n_result
     129                 :            : 
     130                 :            : /* The DEFER_CLEANUP macro discards the result of its cleanup function.
     131                 :            :  * We need a version of s2n_result which can be ignored.
     132                 :            :  */
     133                 :            : #define S2N_CLEANUP_RESULT s2n_result

Generated by: LCOV version 1.14