|
| 1 | +/* No include guard. Just like <assert.h>, we can include the header multiple |
| 2 | + * times to update the macros for NDEBUG/C_MORE_ASSERTS changes. |
| 3 | + * |
| 4 | + * The user can define NDEBUG to disable all asserts. |
| 5 | + * |
| 6 | + * The user can define C_MORE_ASSERTS to a non-negative number. |
| 7 | + * - defined(NDEBUG) implies C_MORE_ASSERTS 0 |
| 8 | + * - C_MORE_ASSERTS 0 means asserts are disabled (like NDEBUG) |
| 9 | + * - C_MORE_ASSERTS 1 is the default, and assert() and c_assert() is enabled. |
| 10 | + * - C_MORE_ASSERTS > 1 means that c_more_assert() is enabled, based on the |
| 11 | + * level. */ |
| 12 | + |
| 13 | +#include <assert.h> |
| 14 | +#include <c-stdaux-generic.h> |
| 15 | + |
| 16 | +/** |
| 17 | + * C_MORE_ASSERTS_LEVEL: the detected assertion level. Depends on NDEBUG and |
| 18 | + * C_MORE_ASSERTS define. */ |
| 19 | +#undef C_MORE_ASSERTS_LEVEL |
| 20 | +#ifdef NDEBUG |
| 21 | +#define C_MORE_ASSERTS_LEVEL 0 |
| 22 | +#elif !defined(C_MORE_ASSERTS) |
| 23 | +#define C_MORE_ASSERTS_LEVEL 1 |
| 24 | +#else |
| 25 | +#define C_MORE_ASSERTS_LEVEL (C_MORE_ASSERTS) |
| 26 | +#endif |
| 27 | + |
| 28 | +#undef _c_assert_fail |
| 29 | +#if !defined(C_COMPILER_GNUC) |
| 30 | +#define _c_assert_fail(drop_msg, msg) assert(false && msg) |
| 31 | +#elif C_MORE_ASSERTS_LEVEL <= 0 |
| 32 | +#define _c_assert_fail(drop_msg, msg) _c_unreachable_code() |
| 33 | +#elif defined(__GNU_LIBRARY__) |
| 34 | +/* __assert_fail() also exists on musl, but we don't detect that. |
| 35 | + * |
| 36 | + * Depending on "drop_msg", we hide the "msg" unless we build with |
| 37 | + * "C_MORE_ASSERTS > 1". The reason is that an assertion failure is not useful |
| 38 | + * for the end user, and for the developer the __FILE__:__LINE__ is |
| 39 | + * sufficient. The __func__ is dropped unless "C_MORE_ASSERTS > 1". |
| 40 | + * The point is to not embed many debugging strings in the binary. */ |
| 41 | +#define _c_assert_fail(drop_msg, msg) \ |
| 42 | + __assert_fail( \ |
| 43 | + (drop_msg) && C_MORE_ASSERTS_LEVEL < 1 ? "<dropped>" : "" msg "", \ |
| 44 | + __FILE__, __LINE__, \ |
| 45 | + C_MORE_ASSERTS_LEVEL < 1 ? "<unknown-fcn>" : __func__) |
| 46 | +#else |
| 47 | +#define _c_assert_fail(drop_msg, msg) \ |
| 48 | + ((void)assert(false && msg), _c_unreachable_code()) |
| 49 | +#endif |
| 50 | + |
| 51 | +/* The remainder we only define once (upon multiple inclusions) */ |
| 52 | +#if !defined(C_HAS_STDAUX_ASSERT) |
| 53 | +#define C_HAS_STDAUX_ASSERT |
| 54 | + |
| 55 | +#if defined(C_COMPILER_GNUC) |
| 56 | + |
| 57 | +#define _c_unreachable_code() __builtin_unreachable() |
| 58 | + |
| 59 | +#define _c_assert_nse_on_disabled(_cond) \ |
| 60 | + do { \ |
| 61 | + if (__builtin_constant_p(_cond) && !(_cond)) { \ |
| 62 | + /* With gcc, constant expressions are still evaluated and result \ |
| 63 | + * in unreachable code too. \ |
| 64 | + * \ |
| 65 | + * This can avoid compiler warnings about unreachable code with \ |
| 66 | + * c_assert_nse(false). \ |
| 67 | + */ \ |
| 68 | + _c_unreachable_code(); \ |
| 69 | + } \ |
| 70 | + } while (0) |
| 71 | + |
| 72 | +#else /* defined(C_COMPILER_GNUC) */ |
| 73 | + |
| 74 | +#define _c_unreachable_code() \ |
| 75 | + do { \ |
| 76 | + /* Infinite loop for unreachable. */ \ |
| 77 | + } while (1) |
| 78 | + |
| 79 | +#define _c_assert_nse_on_disabled(_cond) \ |
| 80 | + do { \ |
| 81 | + /* This does nothing. */ \ |
| 82 | + } while (0) |
| 83 | + |
| 84 | +#endif /* defined(C_COMPILER_GNUC) */ |
| 85 | + |
| 86 | +#define c_assert_nse_on(_level, _cond) \ |
| 87 | + do { \ |
| 88 | + /* c_assert_nse_on() must do *nothing* of effect, \ |
| 89 | + * except evaluating @_cond (0 or 1 times). \ |
| 90 | + * \ |
| 91 | + * As such, it is async-signal-safe (provided @_cond and \ |
| 92 | + * @_level is, and the assertion does not fail). */ \ |
| 93 | + if ((_level) < C_MORE_ASSERTS_LEVEL) { \ |
| 94 | + _c_assert_nse_on_disabled(_cond); \ |
| 95 | + /* pass */ \ |
| 96 | + } else if (_c_likely_(_cond)) { \ |
| 97 | + /* pass */ \ |
| 98 | + } else { \ |
| 99 | + _c_assert_fail(true, #_cond); \ |
| 100 | + } \ |
| 101 | + } while (0) |
| 102 | + |
| 103 | +#define c_assert_nse(_cond) c_assert_nse_on(1, _cond) |
| 104 | +#define c_assert_nse2(_cond) c_assert_nse_on(2, _cond) |
| 105 | + |
| 106 | +/** |
| 107 | + * c_assert() - Runtime assertions |
| 108 | + * @_cond: Result of an expression |
| 109 | + * |
| 110 | + * This function behaves like the standard ``assert(3)`` macro. That is, if |
| 111 | + * ``NDEBUG`` is defined, it is a no-op. In all other cases it will assert that |
| 112 | + * the result of the passed expression is true. |
| 113 | + * |
| 114 | + * Unlike the standard ``assert(3)`` macro, this function always evaluates its |
| 115 | + * argument. This means side-effects will always be evaluated! However, if the |
| 116 | + * macro is used with constant expressions, the compiler will be able to |
| 117 | + * optimize it away. |
| 118 | + * |
| 119 | + * The macro is async-signal-safe, if @_cond is and the assertion doesn't fail. |
| 120 | + */ |
| 121 | +#define c_assert(_cond) \ |
| 122 | + do { \ |
| 123 | + if (!_c_likely_(_cond)) { \ |
| 124 | + _c_assert_fail(true, #_cond); \ |
| 125 | + } \ |
| 126 | + } while (0) |
| 127 | + |
| 128 | +/** |
| 129 | + * c_assert_not_reached() - Fail assertion when called. |
| 130 | + * |
| 131 | + * With C_COMPILER_GNUC, the macro calls assert(false) and marks the code |
| 132 | + * path as __builtin_unreachable(). The benefit is that also with NDEBUG the |
| 133 | + * compiler considers the path unreachable. |
| 134 | + * |
| 135 | + * Otherwise, just calls assert(false). |
| 136 | + */ |
| 137 | +#define c_assert_not_reached() _c_assert_fail(false, "unreachable") |
| 138 | + |
| 139 | +#endif /* !defined(C_HAS_STDAUX_ASSERT) */ |
| 140 | + |
| 141 | +#ifdef __cplusplus |
| 142 | +} |
| 143 | +#endif |
0 commit comments