ntp_assert.h revision 258945
1/* 2 * ntp_assert.h - design by contract stuff 3 * 4 * example: 5 * 6 * int foo(char *a) { 7 * int result; 8 * int value; 9 * 10 * REQUIRE(a != NULL); 11 * ... 12 * bar(&value); 13 * INSIST(value > 2); 14 * ... 15 * 16 * ENSURE(result != 12); 17 * return result; 18 * } 19 * 20 * open question: when would we use INVARIANT()? 21 * 22 * For cases where the overhead for non-debug builds is deemed too high, 23 * use DEBUG_REQUIRE(), DEBUG_INSIST(), DEBUG_ENSURE(), and/or 24 * DEBUG_INVARIANT(). 25 */ 26 27#ifndef NTP_ASSERT_H 28#define NTP_ASSERT_H 29 30# ifdef CALYSTO 31 32extern void calysto_assume(unsigned char cnd); /* assume this always holds */ 33extern void calysto_assert(unsigned char cnd); /* check whether this holds */ 34#define ALWAYS_REQUIRE(x) calysto_assert(x) 35#define ALWAYS_INSIST(x) calysto_assume(x) /* DLH calysto_assert()? */ 36#define ALWAYS_INVARIANT(x) calysto_assume(x) 37#define ALWAYS_ENSURE(x) calysto_assert(x) 38 39/* # elif defined(__COVERITY__) */ 40/* 41 * DH: try letting coverity scan our actual assertion macros, now that 42 * isc_assertioncallback_t is marked __attribute__ __noreturn__. 43 */ 44 45/* 46 * Coverity has special knowledge that assert(x) terminates the process 47 * if x is not true. Rather than teach it about our assertion macros, 48 * just use the one it knows about for Coverity Prevent scans. This 49 * means our assertion code (and ISC's) escapes Coverity analysis, but 50 * that seems to be a reasonable trade-off. 51 */ 52 53/* 54#define ALWAYS_REQUIRE(x) assert(x) 55#define ALWAYS_INSIST(x) assert(x) 56#define ALWAYS_INVARIANT(x) assert(x) 57#define ALWAYS_ENSURE(x) assert(x) 58*/ 59 60# else /* neither Coverity nor Calysto */ 61 62#include "isc/assertions.h" 63 64#define ALWAYS_REQUIRE(x) ISC_REQUIRE(x) 65#define ALWAYS_INSIST(x) ISC_INSIST(x) 66#define ALWAYS_INVARIANT(x) ISC_INVARIANT(x) 67#define ALWAYS_ENSURE(x) ISC_ENSURE(x) 68 69# endif /* neither Coverity nor Calysto */ 70 71#define REQUIRE(x) ALWAYS_REQUIRE(x) 72#define INSIST(x) ALWAYS_INSIST(x) 73#define INVARIANT(x) ALWAYS_INVARIANT(x) 74#define ENSURE(x) ALWAYS_ENSURE(x) 75 76/* 77 * We initially used NTP_REQUIRE() instead of REQUIRE() etc, but that 78 * is unneccesarily verbose, as libisc use of REQUIRE() etc shows. 79 */ 80#define NTP_REQUIRE(x) REQUIRE(x) 81#define NTP_INSIST(x) INSIST(x) 82#define NTP_INVARIANT(x) INVARIANT(x) 83#define NTP_ENSURE(x) ENSURE(x) 84 85# ifdef DEBUG 86#define DEBUG_REQUIRE(x) REQUIRE(x) 87#define DEBUG_INSIST(x) INSIST(x) 88#define DEBUG_INVARIANT(x) INVARIANT(x) 89#define DEBUG_ENSURE(x) ENSURE(x) 90# else 91#define DEBUG_REQUIRE(x) (void)(x) 92#define DEBUG_INSIST(x) (void)(x) 93#define DEBUG_INVARIANT(x) (void)(x) 94#define DEBUG_ENSURE(x) (void)(x) 95# endif 96 97#endif /* NTP_ASSERT_H */ 98