ntp_assert.h revision 258945
1258945Sroberto/* 2258945Sroberto * ntp_assert.h - design by contract stuff 3258945Sroberto * 4258945Sroberto * example: 5258945Sroberto * 6258945Sroberto * int foo(char *a) { 7258945Sroberto * int result; 8258945Sroberto * int value; 9258945Sroberto * 10258945Sroberto * REQUIRE(a != NULL); 11258945Sroberto * ... 12258945Sroberto * bar(&value); 13258945Sroberto * INSIST(value > 2); 14258945Sroberto * ... 15258945Sroberto * 16258945Sroberto * ENSURE(result != 12); 17258945Sroberto * return result; 18258945Sroberto * } 19258945Sroberto * 20258945Sroberto * open question: when would we use INVARIANT()? 21258945Sroberto * 22258945Sroberto * For cases where the overhead for non-debug builds is deemed too high, 23258945Sroberto * use DEBUG_REQUIRE(), DEBUG_INSIST(), DEBUG_ENSURE(), and/or 24258945Sroberto * DEBUG_INVARIANT(). 25258945Sroberto */ 26258945Sroberto 27258945Sroberto#ifndef NTP_ASSERT_H 28258945Sroberto#define NTP_ASSERT_H 29258945Sroberto 30258945Sroberto# ifdef CALYSTO 31258945Sroberto 32258945Srobertoextern void calysto_assume(unsigned char cnd); /* assume this always holds */ 33258945Srobertoextern void calysto_assert(unsigned char cnd); /* check whether this holds */ 34258945Sroberto#define ALWAYS_REQUIRE(x) calysto_assert(x) 35258945Sroberto#define ALWAYS_INSIST(x) calysto_assume(x) /* DLH calysto_assert()? */ 36258945Sroberto#define ALWAYS_INVARIANT(x) calysto_assume(x) 37258945Sroberto#define ALWAYS_ENSURE(x) calysto_assert(x) 38258945Sroberto 39258945Sroberto/* # elif defined(__COVERITY__) */ 40258945Sroberto/* 41258945Sroberto * DH: try letting coverity scan our actual assertion macros, now that 42258945Sroberto * isc_assertioncallback_t is marked __attribute__ __noreturn__. 43258945Sroberto */ 44258945Sroberto 45258945Sroberto/* 46258945Sroberto * Coverity has special knowledge that assert(x) terminates the process 47258945Sroberto * if x is not true. Rather than teach it about our assertion macros, 48258945Sroberto * just use the one it knows about for Coverity Prevent scans. This 49258945Sroberto * means our assertion code (and ISC's) escapes Coverity analysis, but 50258945Sroberto * that seems to be a reasonable trade-off. 51258945Sroberto */ 52258945Sroberto 53258945Sroberto/* 54258945Sroberto#define ALWAYS_REQUIRE(x) assert(x) 55258945Sroberto#define ALWAYS_INSIST(x) assert(x) 56258945Sroberto#define ALWAYS_INVARIANT(x) assert(x) 57258945Sroberto#define ALWAYS_ENSURE(x) assert(x) 58258945Sroberto*/ 59258945Sroberto 60258945Sroberto# else /* neither Coverity nor Calysto */ 61258945Sroberto 62258945Sroberto#include "isc/assertions.h" 63258945Sroberto 64258945Sroberto#define ALWAYS_REQUIRE(x) ISC_REQUIRE(x) 65258945Sroberto#define ALWAYS_INSIST(x) ISC_INSIST(x) 66258945Sroberto#define ALWAYS_INVARIANT(x) ISC_INVARIANT(x) 67258945Sroberto#define ALWAYS_ENSURE(x) ISC_ENSURE(x) 68258945Sroberto 69258945Sroberto# endif /* neither Coverity nor Calysto */ 70258945Sroberto 71258945Sroberto#define REQUIRE(x) ALWAYS_REQUIRE(x) 72258945Sroberto#define INSIST(x) ALWAYS_INSIST(x) 73258945Sroberto#define INVARIANT(x) ALWAYS_INVARIANT(x) 74258945Sroberto#define ENSURE(x) ALWAYS_ENSURE(x) 75258945Sroberto 76258945Sroberto/* 77258945Sroberto * We initially used NTP_REQUIRE() instead of REQUIRE() etc, but that 78258945Sroberto * is unneccesarily verbose, as libisc use of REQUIRE() etc shows. 79258945Sroberto */ 80258945Sroberto#define NTP_REQUIRE(x) REQUIRE(x) 81258945Sroberto#define NTP_INSIST(x) INSIST(x) 82258945Sroberto#define NTP_INVARIANT(x) INVARIANT(x) 83258945Sroberto#define NTP_ENSURE(x) ENSURE(x) 84258945Sroberto 85258945Sroberto# ifdef DEBUG 86258945Sroberto#define DEBUG_REQUIRE(x) REQUIRE(x) 87258945Sroberto#define DEBUG_INSIST(x) INSIST(x) 88258945Sroberto#define DEBUG_INVARIANT(x) INVARIANT(x) 89258945Sroberto#define DEBUG_ENSURE(x) ENSURE(x) 90258945Sroberto# else 91258945Sroberto#define DEBUG_REQUIRE(x) (void)(x) 92258945Sroberto#define DEBUG_INSIST(x) (void)(x) 93258945Sroberto#define DEBUG_INVARIANT(x) (void)(x) 94258945Sroberto#define DEBUG_ENSURE(x) (void)(x) 95258945Sroberto# endif 96258945Sroberto 97258945Sroberto#endif /* NTP_ASSERT_H */ 98