"Fossies" - the Fresh Open Source Software Archive

Member "cpio-2.13/gnu/verify.h" (2 Jan 2017, 11018 Bytes) of package /linux/misc/cpio-2.13.tar.bz2:


As a special service "Fossies" has tried to format the requested source page into HTML format using (guessed) C and C++ source code syntax highlighting (style: standard) with prefixed line numbers and code folding option. Alternatively you can here view or download the uninterpreted source code file. For more information about "verify.h" see the Fossies "Dox" file reference documentation and the latest Fossies "Diffs" side-by-side code changes report: 2.12_vs_2.13.

    1 /* Compile-time assert-like macros.
    2 
    3    Copyright (C) 2005-2006, 2009-2017 Free Software Foundation, Inc.
    4 
    5    This program is free software: you can redistribute it and/or modify
    6    it under the terms of the GNU General Public License as published by
    7    the Free Software Foundation; either version 3 of the License, or
    8    (at your option) any later version.
    9 
   10    This program is distributed in the hope that it will be useful,
   11    but WITHOUT ANY WARRANTY; without even the implied warranty of
   12    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
   13    GNU General Public License for more details.
   14 
   15    You should have received a copy of the GNU General Public License
   16    along with this program.  If not, see <http://www.gnu.org/licenses/>.  */
   17 
   18 /* Written by Paul Eggert, Bruno Haible, and Jim Meyering.  */
   19 
   20 #ifndef _GL_VERIFY_H
   21 #define _GL_VERIFY_H
   22 
   23 
   24 /* Define _GL_HAVE__STATIC_ASSERT to 1 if _Static_assert works as per C11.
   25    This is supported by GCC 4.6.0 and later, in C mode, and its use
   26    here generates easier-to-read diagnostics when verify (R) fails.
   27 
   28    Define _GL_HAVE_STATIC_ASSERT to 1 if static_assert works as per C++11.
   29    This will likely be supported by future GCC versions, in C++ mode.
   30 
   31    Use this only with GCC.  If we were willing to slow 'configure'
   32    down we could also use it with other compilers, but since this
   33    affects only the quality of diagnostics, why bother?  */
   34 #if (4 < __GNUC__ + (6 <= __GNUC_MINOR__) \
   35      && (201112L <= __STDC_VERSION__  || !defined __STRICT_ANSI__) \
   36      && !defined __cplusplus)
   37 # define _GL_HAVE__STATIC_ASSERT 1
   38 #endif
   39 /* The condition (99 < __GNUC__) is temporary, until we know about the
   40    first G++ release that supports static_assert.  */
   41 #if (99 < __GNUC__) && defined __cplusplus
   42 # define _GL_HAVE_STATIC_ASSERT 1
   43 #endif
   44 
   45 /* FreeBSD 9.1 <sys/cdefs.h>, included by <stddef.h> and lots of other
   46    system headers, defines a conflicting _Static_assert that is no
   47    better than ours; override it.  */
   48 #ifndef _GL_HAVE_STATIC_ASSERT
   49 # include <stddef.h>
   50 # undef _Static_assert
   51 #endif
   52 
   53 /* Each of these macros verifies that its argument R is nonzero.  To
   54    be portable, R should be an integer constant expression.  Unlike
   55    assert (R), there is no run-time overhead.
   56 
   57    If _Static_assert works, verify (R) uses it directly.  Similarly,
   58    _GL_VERIFY_TRUE works by packaging a _Static_assert inside a struct
   59    that is an operand of sizeof.
   60 
   61    The code below uses several ideas for C++ compilers, and for C
   62    compilers that do not support _Static_assert:
   63 
   64    * The first step is ((R) ? 1 : -1).  Given an expression R, of
   65      integral or boolean or floating-point type, this yields an
   66      expression of integral type, whose value is later verified to be
   67      constant and nonnegative.
   68 
   69    * Next this expression W is wrapped in a type
   70      struct _gl_verify_type {
   71        unsigned int _gl_verify_error_if_negative: W;
   72      }.
   73      If W is negative, this yields a compile-time error.  No compiler can
   74      deal with a bit-field of negative size.
   75 
   76      One might think that an array size check would have the same
   77      effect, that is, that the type struct { unsigned int dummy[W]; }
   78      would work as well.  However, inside a function, some compilers
   79      (such as C++ compilers and GNU C) allow local parameters and
   80      variables inside array size expressions.  With these compilers,
   81      an array size check would not properly diagnose this misuse of
   82      the verify macro:
   83 
   84        void function (int n) { verify (n < 0); }
   85 
   86    * For the verify macro, the struct _gl_verify_type will need to
   87      somehow be embedded into a declaration.  To be portable, this
   88      declaration must declare an object, a constant, a function, or a
   89      typedef name.  If the declared entity uses the type directly,
   90      such as in
   91 
   92        struct dummy {...};
   93        typedef struct {...} dummy;
   94        extern struct {...} *dummy;
   95        extern void dummy (struct {...} *);
   96        extern struct {...} *dummy (void);
   97 
   98      two uses of the verify macro would yield colliding declarations
   99      if the entity names are not disambiguated.  A workaround is to
  100      attach the current line number to the entity name:
  101 
  102        #define _GL_CONCAT0(x, y) x##y
  103        #define _GL_CONCAT(x, y) _GL_CONCAT0 (x, y)
  104        extern struct {...} * _GL_CONCAT (dummy, __LINE__);
  105 
  106      But this has the problem that two invocations of verify from
  107      within the same macro would collide, since the __LINE__ value
  108      would be the same for both invocations.  (The GCC __COUNTER__
  109      macro solves this problem, but is not portable.)
  110 
  111      A solution is to use the sizeof operator.  It yields a number,
  112      getting rid of the identity of the type.  Declarations like
  113 
  114        extern int dummy [sizeof (struct {...})];
  115        extern void dummy (int [sizeof (struct {...})]);
  116        extern int (*dummy (void)) [sizeof (struct {...})];
  117 
  118      can be repeated.
  119 
  120    * Should the implementation use a named struct or an unnamed struct?
  121      Which of the following alternatives can be used?
  122 
  123        extern int dummy [sizeof (struct {...})];
  124        extern int dummy [sizeof (struct _gl_verify_type {...})];
  125        extern void dummy (int [sizeof (struct {...})]);
  126        extern void dummy (int [sizeof (struct _gl_verify_type {...})]);
  127        extern int (*dummy (void)) [sizeof (struct {...})];
  128        extern int (*dummy (void)) [sizeof (struct _gl_verify_type {...})];
  129 
  130      In the second and sixth case, the struct type is exported to the
  131      outer scope; two such declarations therefore collide.  GCC warns
  132      about the first, third, and fourth cases.  So the only remaining
  133      possibility is the fifth case:
  134 
  135        extern int (*dummy (void)) [sizeof (struct {...})];
  136 
  137    * GCC warns about duplicate declarations of the dummy function if
  138      -Wredundant-decls is used.  GCC 4.3 and later have a builtin
  139      __COUNTER__ macro that can let us generate unique identifiers for
  140      each dummy function, to suppress this warning.
  141 
  142    * This implementation exploits the fact that older versions of GCC,
  143      which do not support _Static_assert, also do not warn about the
  144      last declaration mentioned above.
  145 
  146    * GCC warns if -Wnested-externs is enabled and verify() is used
  147      within a function body; but inside a function, you can always
  148      arrange to use verify_expr() instead.
  149 
  150    * In C++, any struct definition inside sizeof is invalid.
  151      Use a template type to work around the problem.  */
  152 
  153 /* Concatenate two preprocessor tokens.  */
  154 #define _GL_CONCAT(x, y) _GL_CONCAT0 (x, y)
  155 #define _GL_CONCAT0(x, y) x##y
  156 
  157 /* _GL_COUNTER is an integer, preferably one that changes each time we
  158    use it.  Use __COUNTER__ if it works, falling back on __LINE__
  159    otherwise.  __LINE__ isn't perfect, but it's better than a
  160    constant.  */
  161 #if defined __COUNTER__ && __COUNTER__ != __COUNTER__
  162 # define _GL_COUNTER __COUNTER__
  163 #else
  164 # define _GL_COUNTER __LINE__
  165 #endif
  166 
  167 /* Generate a symbol with the given prefix, making it unique if
  168    possible.  */
  169 #define _GL_GENSYM(prefix) _GL_CONCAT (prefix, _GL_COUNTER)
  170 
  171 /* Verify requirement R at compile-time, as an integer constant expression
  172    that returns 1.  If R is false, fail at compile-time, preferably
  173    with a diagnostic that includes the string-literal DIAGNOSTIC.  */
  174 
  175 #define _GL_VERIFY_TRUE(R, DIAGNOSTIC) \
  176    (!!sizeof (_GL_VERIFY_TYPE (R, DIAGNOSTIC)))
  177 
  178 #ifdef __cplusplus
  179 # if !GNULIB_defined_struct__gl_verify_type
  180 template <int w>
  181   struct _gl_verify_type {
  182     unsigned int _gl_verify_error_if_negative: w;
  183   };
  184 #  define GNULIB_defined_struct__gl_verify_type 1
  185 # endif
  186 # define _GL_VERIFY_TYPE(R, DIAGNOSTIC) \
  187     _gl_verify_type<(R) ? 1 : -1>
  188 #elif defined _GL_HAVE__STATIC_ASSERT
  189 # define _GL_VERIFY_TYPE(R, DIAGNOSTIC) \
  190     struct {                                   \
  191       _Static_assert (R, DIAGNOSTIC);          \
  192       int _gl_dummy;                          \
  193     }
  194 #else
  195 # define _GL_VERIFY_TYPE(R, DIAGNOSTIC) \
  196     struct { unsigned int _gl_verify_error_if_negative: (R) ? 1 : -1; }
  197 #endif
  198 
  199 /* Verify requirement R at compile-time, as a declaration without a
  200    trailing ';'.  If R is false, fail at compile-time, preferably
  201    with a diagnostic that includes the string-literal DIAGNOSTIC.
  202 
  203    Unfortunately, unlike C11, this implementation must appear as an
  204    ordinary declaration, and cannot appear inside struct { ... }.  */
  205 
  206 #ifdef _GL_HAVE__STATIC_ASSERT
  207 # define _GL_VERIFY _Static_assert
  208 #else
  209 # define _GL_VERIFY(R, DIAGNOSTIC)                     \
  210     extern int (*_GL_GENSYM (_gl_verify_function) (void))          \
  211       [_GL_VERIFY_TRUE (R, DIAGNOSTIC)]
  212 #endif
  213 
  214 /* _GL_STATIC_ASSERT_H is defined if this code is copied into assert.h.  */
  215 #ifdef _GL_STATIC_ASSERT_H
  216 # if !defined _GL_HAVE__STATIC_ASSERT && !defined _Static_assert
  217 #  define _Static_assert(R, DIAGNOSTIC) _GL_VERIFY (R, DIAGNOSTIC)
  218 # endif
  219 # if !defined _GL_HAVE_STATIC_ASSERT && !defined static_assert
  220 #  define static_assert _Static_assert /* C11 requires this #define.  */
  221 # endif
  222 #endif
  223 
  224 /* @assert.h omit start@  */
  225 
  226 /* Each of these macros verifies that its argument R is nonzero.  To
  227    be portable, R should be an integer constant expression.  Unlike
  228    assert (R), there is no run-time overhead.
  229 
  230    There are two macros, since no single macro can be used in all
  231    contexts in C.  verify_true (R) is for scalar contexts, including
  232    integer constant expression contexts.  verify (R) is for declaration
  233    contexts, e.g., the top level.  */
  234 
  235 /* Verify requirement R at compile-time, as an integer constant expression.
  236    Return 1.  This is equivalent to verify_expr (R, 1).
  237 
  238    verify_true is obsolescent; please use verify_expr instead.  */
  239 
  240 #define verify_true(R) _GL_VERIFY_TRUE (R, "verify_true (" #R ")")
  241 
  242 /* Verify requirement R at compile-time.  Return the value of the
  243    expression E.  */
  244 
  245 #define verify_expr(R, E) \
  246    (_GL_VERIFY_TRUE (R, "verify_expr (" #R ", " #E ")") ? (E) : (E))
  247 
  248 /* Verify requirement R at compile-time, as a declaration without a
  249    trailing ';'.  */
  250 
  251 #define verify(R) _GL_VERIFY (R, "verify (" #R ")")
  252 
  253 #ifndef __has_builtin
  254 # define __has_builtin(x) 0
  255 #endif
  256 
  257 /* Assume that R always holds.  This lets the compiler optimize
  258    accordingly.  R should not have side-effects; it may or may not be
  259    evaluated.  Behavior is undefined if R is false.  */
  260 
  261 #if (__has_builtin (__builtin_unreachable) \
  262      || 4 < __GNUC__ + (5 <= __GNUC_MINOR__))
  263 # define assume(R) ((R) ? (void) 0 : __builtin_unreachable ())
  264 #elif 1200 <= _MSC_VER
  265 # define assume(R) __assume (R)
  266 #elif ((defined GCC_LINT || defined lint) \
  267        && (__has_builtin (__builtin_trap) \
  268            || 3 < __GNUC__ + (3 < __GNUC_MINOR__ + (4 <= __GNUC_PATCHLEVEL__))))
  269   /* Doing it this way helps various packages when configured with
  270      --enable-gcc-warnings, which compiles with -Dlint.  It's nicer
  271      when 'assume' silences warnings even with older GCCs.  */
  272 # define assume(R) ((R) ? (void) 0 : __builtin_trap ())
  273 #else
  274 # define assume(R) ((void) (0 && (R)))
  275 #endif
  276 
  277 /* @assert.h omit end@  */
  278 
  279 #endif