Back to index

enigmail  1.4.3
Assertions.h
Go to the documentation of this file.
00001 /* -*- Mode: C++; tab-width: 4; indent-tabs-mode: nil; c-basic-offset: 4 -*-
00002  * vim: set ts=8 sw=4 et tw=99 ft=cpp:
00003  *
00004  * ***** BEGIN LICENSE BLOCK *****
00005  * Version: MPL 1.1/GPL 2.0/LGPL 2.1
00006  *
00007  * The contents of this file are subject to the Mozilla Public License Version
00008  * 1.1 (the "License"); you may not use this file except in compliance with
00009  * the License. You may obtain a copy of the License at:
00010  * http://www.mozilla.org/MPL/
00011  *
00012  * Software distributed under the License is distributed on an "AS IS" basis,
00013  * WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License
00014  * for the specific language governing rights and limitations under the
00015  * License.
00016  *
00017  * The Original Code is Mozilla Code.
00018  *
00019  * The Initial Developer of the Original Code is
00020  *   The Mozilla Foundation
00021  * Portions created by the Initial Developer are Copyright (C) 2011
00022  * the Initial Developer. All Rights Reserved.
00023  *
00024  * Contributor(s):
00025  *   Jeff Walden <jwalden+code@mit.edu>
00026  *
00027  * Alternatively, the contents of this file may be used under the terms of
00028  * either the GNU General Public License Version 2 or later (the "GPL"), or
00029  * the GNU Lesser General Public License Version 2.1 or later (the "LGPL"),
00030  * in which case the provisions of the GPL or the LGPL are applicable instead
00031  * of those above. If you wish to allow use of your version of this file only
00032  * under the terms of either the GPL or the LGPL, and not to allow others to
00033  * use your version of this file under the terms of the MPL, indicate your
00034  * decision by deleting the provisions above and replace them with the notice
00035  * and other provisions required by the GPL or the LGPL. If you do not delete
00036  * the provisions above, a recipient may use your version of this file under
00037  * the terms of any one of the MPL, the GPL or the LGPL.
00038  *
00039  * ***** END LICENSE BLOCK ***** */
00040 
00041 /* Implementations of runtime and static assertion macros for C and C++. */
00042 
00043 #ifndef mozilla_Assertions_h_
00044 #define mozilla_Assertions_h_
00045 
00046 #include "mozilla/Attributes.h"
00047 #include "mozilla/Types.h"
00048 
00049 /*
00050  * MOZ_STATIC_ASSERT may be used to assert a condition *at compile time*.  This
00051  * can be useful when you make certain assumptions about what must hold for
00052  * optimal, or even correct, behavior.  For example, you might assert that the
00053  * size of a struct is a multiple of the target architecture's word size:
00054  *
00055  *   struct S { ... };
00056  *   MOZ_STATIC_ASSERT(sizeof(S) % sizeof(size_t) == 0,
00057  *                     "S should be a multiple of word size for efficiency");
00058  *
00059  * This macro can be used in any location where both an extern declaration and a
00060  * typedef could be used.
00061  *
00062  * Be aware of the gcc 4.2 concerns noted further down when writing patches that
00063  * use this macro, particularly if a patch only bounces on OS X.
00064  */
00065 #ifdef __cplusplus
00066 #  if defined(__clang__)
00067 #    ifndef __has_extension
00068 #      define __has_extension __has_feature /* compatibility, for older versions of clang */
00069 #    endif
00070 #    if __has_extension(cxx_static_assert)
00071 #      define MOZ_STATIC_ASSERT(cond, reason)    static_assert((cond), reason)
00072 #    endif
00073 #  elif defined(__GNUC__)
00074 #    if (defined(__GXX_EXPERIMENTAL_CXX0X__) || __cplusplus >= 201103L) && \
00075         (__GNUC__ > 4 || (__GNUC__ == 4 && __GNUC_MINOR__ >= 3))
00076 #      define MOZ_STATIC_ASSERT(cond, reason)    static_assert((cond), reason)
00077 #    endif
00078 #  elif defined(_MSC_VER)
00079 #    if _MSC_VER >= 1600 /* MSVC 10 */
00080 #      define MOZ_STATIC_ASSERT(cond, reason)    static_assert((cond), reason)
00081 #    endif
00082 #  elif defined(__HP_aCC)
00083 #    if __HP_aCC >= 62500 && defined(_HP_CXX0x_SOURCE)
00084 #      define MOZ_STATIC_ASSERT(cond, reason)    static_assert((cond), reason)
00085 #    endif
00086 #  endif
00087 #endif
00088 #ifndef MOZ_STATIC_ASSERT
00089 #  define MOZ_STATIC_ASSERT_GLUE1(x, y)          x##y
00090 #  define MOZ_STATIC_ASSERT_GLUE(x, y)           MOZ_STATIC_ASSERT_GLUE1(x, y)
00091 #  if defined(__SUNPRO_CC)
00092      /*
00093       * The Sun Studio C++ compiler is buggy when declaring, inside a function,
00094       * another extern'd function with an array argument whose length contains a
00095       * sizeof, triggering the error message "sizeof expression not accepted as
00096       * size of array parameter".  This bug (6688515, not public yet) would hit
00097       * defining moz_static_assert as a function, so we always define an extern
00098       * array for Sun Studio.
00099       *
00100       * We include the line number in the symbol name in a best-effort attempt
00101       * to avoid conflicts (see below).
00102       */
00103 #    define MOZ_STATIC_ASSERT(cond, reason) \
00104        extern char MOZ_STATIC_ASSERT_GLUE(moz_static_assert, __LINE__)[(cond) ? 1 : -1]
00105 #  elif defined(__COUNTER__)
00106      /*
00107       * If there was no preferred alternative, use a compiler-agnostic version.
00108       *
00109       * Note that the non-__COUNTER__ version has a bug in C++: it can't be used
00110       * in both |extern "C"| and normal C++ in the same translation unit.  (Alas
00111       * |extern "C"| isn't allowed in a function.)  The only affected compiler
00112       * we really care about is gcc 4.2.  For that compiler and others like it,
00113       * we include the line number in the function name to do the best we can to
00114       * avoid conflicts.  These should be rare: a conflict would require use of
00115       * MOZ_STATIC_ASSERT on the same line in separate files in the same
00116       * translation unit, *and* the uses would have to be in code with
00117       * different linkage, *and* the first observed use must be in C++-linkage
00118       * code.
00119       */
00120 #    define MOZ_STATIC_ASSERT(cond, reason) \
00121        typedef int MOZ_STATIC_ASSERT_GLUE(moz_static_assert, __COUNTER__)[(cond) ? 1 : -1]
00122 #  else
00123 #    define MOZ_STATIC_ASSERT(cond, reason) \
00124        extern void MOZ_STATIC_ASSERT_GLUE(moz_static_assert, __LINE__)(int arg[(cond) ? 1 : -1])
00125 #  endif
00126 #endif
00127 
00128 #define MOZ_STATIC_ASSERT_IF(cond, expr, reason)  MOZ_STATIC_ASSERT(!(cond) || (expr), reason)
00129 
00130 #ifdef __cplusplus
00131 extern "C" {
00132 #endif
00133 
00134 extern MFBT_API(void)
00135 MOZ_Crash(void);
00136 
00137 extern MFBT_API(void)
00138 MOZ_Assert(const char* s, const char* file, int ln);
00139 
00140 #ifdef __cplusplus
00141 } /* extern "C" */
00142 #endif
00143 
00144 /*
00145  * MOZ_ASSERT(expr [, explanation-string]) asserts that |expr| must be truthy in
00146  * debug builds.  If it is, execution continues.  Otherwise, an error message
00147  * including the expression and the explanation-string (if provided) is printed,
00148  * an attempt is made to invoke any existing debugger, and execution halts.
00149  * MOZ_ASSERT is fatal: no recovery is possible.  Do not assert a condition
00150  * which can correctly be falsy.
00151  *
00152  * The optional explanation-string, if provided, must be a string literal
00153  * explaining the assertion.  It is intended for use with assertions whose
00154  * correctness or rationale is non-obvious, and for assertions where the "real"
00155  * condition being tested is best described prosaically.  Don't provide an
00156  * explanation if it's not actually helpful.
00157  *
00158  *   // No explanation needed: pointer arguments often must not be NULL.
00159  *   MOZ_ASSERT(arg);
00160  *
00161  *   // An explanation can be helpful to explain exactly how we know an
00162  *   // assertion is valid.
00163  *   MOZ_ASSERT(state == WAITING_FOR_RESPONSE,
00164  *              "given that <thingA> and <thingB>, we must have...");
00165  *
00166  *   // Or it might disambiguate multiple identical (save for their location)
00167  *   // assertions of the same expression.
00168  *   MOZ_ASSERT(getSlot(PRIMITIVE_THIS_SLOT).isUndefined(),
00169  *              "we already set [[PrimitiveThis]] for this Boolean object");
00170  *   MOZ_ASSERT(getSlot(PRIMITIVE_THIS_SLOT).isUndefined(),
00171  *              "we already set [[PrimitiveThis]] for this String object");
00172  *
00173  * MOZ_ASSERT has no effect in non-debug builds.  It is designed to catch bugs
00174  * *only* during debugging, not "in the field".
00175  */
00176 #ifdef DEBUG
00177    /* First the single-argument form. */
00178 #  define MOZ_ASSERT_HELPER1(expr) \
00179      ((expr) ? ((void)0) : MOZ_Assert(#expr, __FILE__, __LINE__))
00180    /* Now the two-argument form. */
00181 #  define MOZ_ASSERT_HELPER2(expr, explain) \
00182      ((expr) ? ((void)0) : MOZ_Assert(#expr " (" explain ")", __FILE__, __LINE__))
00183    /* And now, helper macrology up the wazoo. */
00184    /*
00185     * Count the number of arguments passed to MOZ_ASSERT, very carefully
00186     * tiptoeing around an MSVC bug where it improperly expands __VA_ARGS__ as a
00187     * single token in argument lists.  See these URLs for details:
00188     *
00189     *   http://connect.microsoft.com/VisualStudio/feedback/details/380090/variadic-macro-replacement
00190     *   http://cplusplus.co.il/2010/07/17/variadic-macro-to-count-number-of-arguments/#comment-644
00191     */
00192 #  define MOZ_COUNT_ASSERT_ARGS_IMPL2(_1, _2, count, ...) \
00193      count
00194 #  define MOZ_COUNT_ASSERT_ARGS_IMPL(args) \
00195         MOZ_COUNT_ASSERT_ARGS_IMPL2 args
00196 #  define MOZ_COUNT_ASSERT_ARGS(...) \
00197      MOZ_COUNT_ASSERT_ARGS_IMPL((__VA_ARGS__, 2, 1, 0))
00198    /* Pick the right helper macro to invoke. */
00199 #  define MOZ_ASSERT_CHOOSE_HELPER2(count) MOZ_ASSERT_HELPER##count
00200 #  define MOZ_ASSERT_CHOOSE_HELPER1(count) MOZ_ASSERT_CHOOSE_HELPER2(count)
00201 #  define MOZ_ASSERT_CHOOSE_HELPER(count) MOZ_ASSERT_CHOOSE_HELPER1(count)
00202    /* The actual macro. */
00203 #  define MOZ_ASSERT_GLUE(x, y) x y
00204 #  define MOZ_ASSERT(...) \
00205      MOZ_ASSERT_GLUE(MOZ_ASSERT_CHOOSE_HELPER(MOZ_COUNT_ASSERT_ARGS(__VA_ARGS__)), \
00206                      (__VA_ARGS__))
00207 #else
00208 #  define MOZ_ASSERT(...) ((void)0)
00209 #endif /* DEBUG */
00210 
00211 /*
00212  * MOZ_ASSERT_IF(cond1, cond2) is equivalent to MOZ_ASSERT(cond2) if cond1 is
00213  * true.
00214  *
00215  *   MOZ_ASSERT_IF(isPrime(num), num == 2 || isOdd(num));
00216  *
00217  * As with MOZ_ASSERT, MOZ_ASSERT_IF has effect only in debug builds.  It is
00218  * designed to catch bugs during debugging, not "in the field".
00219  */
00220 #ifdef DEBUG
00221 #  define MOZ_ASSERT_IF(cond, expr)  ((cond) ? MOZ_ASSERT(expr) : ((void)0))
00222 #else
00223 #  define MOZ_ASSERT_IF(cond, expr)  ((void)0)
00224 #endif
00225 
00226 /* MOZ_NOT_REACHED_MARKER() expands (in compilers which support it) to an
00227  * expression which states that it is undefined behavior for the compiler to
00228  * reach this point. Most code should probably use the higher level
00229  * MOZ_NOT_REACHED (which expands to this when appropriate).
00230  */
00231 #if defined(__clang__)
00232 #  define MOZ_NOT_REACHED_MARKER() __builtin_unreachable()
00233 #elif defined(__GNUC__)
00234 #  if __GNUC__ > 4 || (__GNUC__ == 4 && __GNUC_MINOR__ >= 5)
00235 #    define MOZ_NOT_REACHED_MARKER() __builtin_unreachable()
00236 #  endif
00237 #elif defined(_MSC_VER)
00238 # define MOZ_NOT_REACHED_MARKER() __assume(0)
00239 #endif
00240 
00241 /*
00242  * MOZ_NOT_REACHED(reason) indicates that the given point can't be reached
00243  * during execution: simply reaching that point in execution is a bug.  It takes
00244  * as an argument an error message indicating the reason why that point should
00245  * not have been reachable.
00246  *
00247  *   // ...in a language parser...
00248  *   void handle(BooleanLiteralNode node)
00249  *   {
00250  *     if (node.isTrue())
00251  *       handleTrueLiteral();
00252  *     else if (node.isFalse())
00253  *       handleFalseLiteral();
00254  *     else
00255  *       MOZ_NOT_REACHED("boolean literal that's not true or false?");
00256  *   }
00257  */
00258 #if defined(MOZ_NOT_REACHED_MARKER)
00259 #  if defined(DEBUG)
00260 #    define MOZ_NOT_REACHED(reason)  do { \
00261                                        MOZ_Assert(reason, __FILE__, __LINE__); \
00262                                        MOZ_NOT_REACHED_MARKER();        \
00263                                      } while (0)
00264 #  else
00265 #    define MOZ_NOT_REACHED(reason)  MOZ_NOT_REACHED_MARKER()
00266 #  endif
00267 #else
00268 #  if defined(__GNUC__)
00269      /*
00270       * On older versions of gcc we need to call a noreturn function to mark the
00271       * code as unreachable. Since what we want is an unreachable version of
00272       * MOZ_Assert, we use an asm label
00273       * (http://gcc.gnu.org/onlinedocs/gcc-4.6.2/gcc/Asm-Labels.html) to create
00274       * a new declaration to the same symbol. MOZ_ASSERT_NR should only be
00275       * used via this macro, as it is a very specific hack to older versions of
00276       * gcc.
00277       */
00278 #    define MOZ_GETASMPREFIX2(X) #X
00279 #    define MOZ_GETASMPREFIX(X) MOZ_GETASMPREFIX2(X)
00280 #    define MOZ_ASMPREFIX MOZ_GETASMPREFIX(__USER_LABEL_PREFIX__)
00281      extern MOZ_NORETURN MFBT_API(void)
00282      MOZ_ASSERT_NR(const char* s, const char* file, int ln) \
00283        asm (MOZ_ASMPREFIX "MOZ_Assert");
00284 
00285 #    define MOZ_NOT_REACHED(reason)    MOZ_ASSERT_NR(reason, __FILE__, __LINE__)
00286 #  elif defined(DEBUG)
00287 #    define MOZ_NOT_REACHED(reason)    MOZ_Assert(reason, __FILE__, __LINE__)
00288 #  else
00289 #    define MOZ_NOT_REACHED(reason)    ((void)0)
00290 #  endif
00291 #endif
00292 
00293 /*
00294  * MOZ_ALWAYS_TRUE(expr) and MOZ_ALWAYS_FALSE(expr) always evaluate the provided
00295  * expression, in debug builds and in release builds both.  Then, in debug
00296  * builds only, the value of the expression is asserted either true or false
00297  * using MOZ_ASSERT.
00298  */
00299 #ifdef DEBUG
00300 #  define MOZ_ALWAYS_TRUE(expr)      MOZ_ASSERT((expr))
00301 #  define MOZ_ALWAYS_FALSE(expr)     MOZ_ASSERT(!(expr))
00302 #else
00303 #  define MOZ_ALWAYS_TRUE(expr)      ((void)(expr))
00304 #  define MOZ_ALWAYS_FALSE(expr)     ((void)(expr))
00305 #endif
00306 
00307 #endif /* mozilla_Assertions_h_ */