1/* 2 * ntp_assert.h - design by contract stuff 3 * 4 * example: 5 * 6 * int foo(char *a) { 7 * int result; 8 * int value; 9 * 10 * NTP_REQUIRE(a != NULL); 11 * ... 12 * bar(&value); 13 * NTP_INSIST(value > 2); 14 * ... 15 * 16 * NTP_ENSURE(result != 12); 17 * return result; 18 * } 19 * 20 * open question: when would we use NTP_INVARIANT()? 21 */ 22 23#ifndef NTP_ASSERT_H 24#define NTP_ASSERT_H 25 26# ifdef CALYSTO 27 28extern void calysto_assume(unsigned char cnd); /* assume this always holds */ 29extern void calysto_assert(unsigned char cnd); /* check whether this holds */ 30#define NTP_REQUIRE(x) calysto_assert(x) 31#define NTP_INSIST(x) calysto_assume(x) /* DLH calysto_assert()? */ 32#define NTP_INVARIANT(x) calysto_assume(x) 33#define NTP_ENSURE(x) calysto_assert(x) 34 35# elif defined(__COVERITY__) 36 37/* 38 * Coverity has special knowledge that assert(x) terminates the process 39 * if x is not true. Rather than teach it about our assertion macros, 40 * just use the one it knows about for Coverity Prevent scans. This 41 * means our assertion code (and ISC's) escapes Coverity analysis, but 42 * that seems to be a reasonable trade-off. 43 */ 44 45#define NTP_REQUIRE(x) assert(x) 46#define NTP_INSIST(x) assert(x) 47#define NTP_INVARIANT(x) assert(x) 48#define NTP_ENSURE(x) assert(x) 49 50# else /* neither Coverity nor Calysto */ 51 52#include "isc/assertions.h" 53 54#define NTP_REQUIRE(x) ISC_REQUIRE(x) 55#define NTP_INSIST(x) ISC_INSIST(x) 56#define NTP_INVARIANT(x) ISC_INVARIANT(x) 57#define NTP_ENSURE(x) ISC_ENSURE(x) 58 59# endif /* neither Coverity nor Calysto */ 60#endif /* NTP_ASSERT_H */ 61