"Fossies" - the Fresh Open Source Software Archive

Member "nano-4.5/lib/verify.h" (4 Oct 2019, 11945 Bytes) of package /linux/misc/nano-4.5.tar.xz:


As a special service "Fossies" has tried to format the requested source page into HTML format using (guessed) C and C++ source code syntax highlighting (style: standard) with prefixed line numbers and code folding option. Alternatively you can here view or download the uninterpreted source code file. For more information about "verify.h" see the Fossies "Dox" file reference documentation and the latest Fossies "Diffs" side-by-side code changes report: 4.4_vs_4.5.

    1 /* Compile-time assert-like macros.
    2 
    3    Copyright (C) 2005-2006, 2009-2019 Free Software Foundation, Inc.
    4 
    5    This program is free software: you can redistribute it and/or modify
    6    it under the terms of the GNU General Public License as published by
    7    the Free Software Foundation; either version 3 of the License, or
    8    (at your option) any later version.
    9 
   10    This program is distributed in the hope that it will be useful,
   11    but WITHOUT ANY WARRANTY; without even the implied warranty of
   12    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
   13    GNU General Public License for more details.
   14 
   15    You should have received a copy of the GNU General Public License
   16    along with this program.  If not, see <https://www.gnu.org/licenses/>.  */
   17 
   18 /* Written by Paul Eggert, Bruno Haible, and Jim Meyering.  */
   19 
   20 #ifndef _GL_VERIFY_H
   21 #define _GL_VERIFY_H
   22 
   23 
   24 /* Define _GL_HAVE__STATIC_ASSERT to 1 if _Static_assert (R, DIAGNOSTIC)
   25    works as per C11.  This is supported by GCC 4.6.0 and later, in C
   26    mode.
   27 
   28    Define _GL_HAVE__STATIC_ASSERT1 to 1 if _Static_assert (R) works as
   29    per C2X, and define _GL_HAVE_STATIC_ASSERT1 if static_assert (R)
   30    works as per C++17.  This is supported by GCC 9.1 and later.
   31 
   32    Support compilers claiming conformance to the relevant standard,
   33    and also support GCC when not pedantic.  If we were willing to slow
   34    'configure' down we could also use it with other compilers, but
   35    since this affects only the quality of diagnostics, why bother?  */
   36 #ifndef __cplusplus
   37 # if (201112L <= __STDC_VERSION__ \
   38       || (!defined __STRICT_ANSI__ && 4 < __GNUC__ + (6 <= __GNUC_MINOR__)))
   39 #  define _GL_HAVE__STATIC_ASSERT 1
   40 # endif
   41 # if (202000L <= __STDC_VERSION__ \
   42       || (!defined __STRICT_ANSI__ && 9 <= __GNUC__))
   43 #  define _GL_HAVE__STATIC_ASSERT1 1
   44 # endif
   45 #else
   46 # if 201703L <= __cplusplus || 9 <= __GNUC__
   47 #  define _GL_HAVE_STATIC_ASSERT1 1
   48 # endif
   49 #endif
   50 
   51 /* FreeBSD 9.1 <sys/cdefs.h>, included by <stddef.h> and lots of other
   52    system headers, defines a conflicting _Static_assert that is no
   53    better than ours; override it.  */
   54 #ifndef _GL_HAVE__STATIC_ASSERT
   55 # include <stddef.h>
   56 # undef _Static_assert
   57 #endif
   58 
   59 /* If the compiler lacks __has_builtin, define it well enough for this
   60    source file only.  */
   61 #ifndef __has_builtin
   62 # define __has_builtin(x) _GL_HAS_##x
   63 # define _GL_HAS___builtin_unreachable (4 < __GNUC__ + (5 <= __GNUC_MINOR__))
   64 # define _GL_HAS___builtin_trap \
   65     (3 < __GNUC__ + (3 < __GNUC_MINOR__ + (4 <= __GNUC_PATCHLEVEL__)))
   66 # define _GL_TEMPDEF___has_builtin
   67 #endif
   68 
   69 /* Each of these macros verifies that its argument R is nonzero.  To
   70    be portable, R should be an integer constant expression.  Unlike
   71    assert (R), there is no run-time overhead.
   72 
   73    If _Static_assert works, verify (R) uses it directly.  Similarly,
   74    _GL_VERIFY_TRUE works by packaging a _Static_assert inside a struct
   75    that is an operand of sizeof.
   76 
   77    The code below uses several ideas for C++ compilers, and for C
   78    compilers that do not support _Static_assert:
   79 
   80    * The first step is ((R) ? 1 : -1).  Given an expression R, of
   81      integral or boolean or floating-point type, this yields an
   82      expression of integral type, whose value is later verified to be
   83      constant and nonnegative.
   84 
   85    * Next this expression W is wrapped in a type
   86      struct _gl_verify_type {
   87        unsigned int _gl_verify_error_if_negative: W;
   88      }.
   89      If W is negative, this yields a compile-time error.  No compiler can
   90      deal with a bit-field of negative size.
   91 
   92      One might think that an array size check would have the same
   93      effect, that is, that the type struct { unsigned int dummy[W]; }
   94      would work as well.  However, inside a function, some compilers
   95      (such as C++ compilers and GNU C) allow local parameters and
   96      variables inside array size expressions.  With these compilers,
   97      an array size check would not properly diagnose this misuse of
   98      the verify macro:
   99 
  100        void function (int n) { verify (n < 0); }
  101 
  102    * For the verify macro, the struct _gl_verify_type will need to
  103      somehow be embedded into a declaration.  To be portable, this
  104      declaration must declare an object, a constant, a function, or a
  105      typedef name.  If the declared entity uses the type directly,
  106      such as in
  107 
  108        struct dummy {...};
  109        typedef struct {...} dummy;
  110        extern struct {...} *dummy;
  111        extern void dummy (struct {...} *);
  112        extern struct {...} *dummy (void);
  113 
  114      two uses of the verify macro would yield colliding declarations
  115      if the entity names are not disambiguated.  A workaround is to
  116      attach the current line number to the entity name:
  117 
  118        #define _GL_CONCAT0(x, y) x##y
  119        #define _GL_CONCAT(x, y) _GL_CONCAT0 (x, y)
  120        extern struct {...} * _GL_CONCAT (dummy, __LINE__);
  121 
  122      But this has the problem that two invocations of verify from
  123      within the same macro would collide, since the __LINE__ value
  124      would be the same for both invocations.  (The GCC __COUNTER__
  125      macro solves this problem, but is not portable.)
  126 
  127      A solution is to use the sizeof operator.  It yields a number,
  128      getting rid of the identity of the type.  Declarations like
  129 
  130        extern int dummy [sizeof (struct {...})];
  131        extern void dummy (int [sizeof (struct {...})]);
  132        extern int (*dummy (void)) [sizeof (struct {...})];
  133 
  134      can be repeated.
  135 
  136    * Should the implementation use a named struct or an unnamed struct?
  137      Which of the following alternatives can be used?
  138 
  139        extern int dummy [sizeof (struct {...})];
  140        extern int dummy [sizeof (struct _gl_verify_type {...})];
  141        extern void dummy (int [sizeof (struct {...})]);
  142        extern void dummy (int [sizeof (struct _gl_verify_type {...})]);
  143        extern int (*dummy (void)) [sizeof (struct {...})];
  144        extern int (*dummy (void)) [sizeof (struct _gl_verify_type {...})];
  145 
  146      In the second and sixth case, the struct type is exported to the
  147      outer scope; two such declarations therefore collide.  GCC warns
  148      about the first, third, and fourth cases.  So the only remaining
  149      possibility is the fifth case:
  150 
  151        extern int (*dummy (void)) [sizeof (struct {...})];
  152 
  153    * GCC warns about duplicate declarations of the dummy function if
  154      -Wredundant-decls is used.  GCC 4.3 and later have a builtin
  155      __COUNTER__ macro that can let us generate unique identifiers for
  156      each dummy function, to suppress this warning.
  157 
  158    * This implementation exploits the fact that older versions of GCC,
  159      which do not support _Static_assert, also do not warn about the
  160      last declaration mentioned above.
  161 
  162    * GCC warns if -Wnested-externs is enabled and 'verify' is used
  163      within a function body; but inside a function, you can always
  164      arrange to use verify_expr instead.
  165 
  166    * In C++, any struct definition inside sizeof is invalid.
  167      Use a template type to work around the problem.  */
  168 
  169 /* Concatenate two preprocessor tokens.  */
  170 #define _GL_CONCAT(x, y) _GL_CONCAT0 (x, y)
  171 #define _GL_CONCAT0(x, y) x##y
  172 
  173 /* _GL_COUNTER is an integer, preferably one that changes each time we
  174    use it.  Use __COUNTER__ if it works, falling back on __LINE__
  175    otherwise.  __LINE__ isn't perfect, but it's better than a
  176    constant.  */
  177 #if defined __COUNTER__ && __COUNTER__ != __COUNTER__
  178 # define _GL_COUNTER __COUNTER__
  179 #else
  180 # define _GL_COUNTER __LINE__
  181 #endif
  182 
  183 /* Generate a symbol with the given prefix, making it unique if
  184    possible.  */
  185 #define _GL_GENSYM(prefix) _GL_CONCAT (prefix, _GL_COUNTER)
  186 
  187 /* Verify requirement R at compile-time, as an integer constant expression
  188    that returns 1.  If R is false, fail at compile-time, preferably
  189    with a diagnostic that includes the string-literal DIAGNOSTIC.  */
  190 
  191 #define _GL_VERIFY_TRUE(R, DIAGNOSTIC) \
  192    (!!sizeof (_GL_VERIFY_TYPE (R, DIAGNOSTIC)))
  193 
  194 #ifdef __cplusplus
  195 # if !GNULIB_defined_struct__gl_verify_type
  196 template <int w>
  197   struct _gl_verify_type {
  198     unsigned int _gl_verify_error_if_negative: w;
  199   };
  200 #  define GNULIB_defined_struct__gl_verify_type 1
  201 # endif
  202 # define _GL_VERIFY_TYPE(R, DIAGNOSTIC) \
  203     _gl_verify_type<(R) ? 1 : -1>
  204 #elif defined _GL_HAVE__STATIC_ASSERT
  205 # define _GL_VERIFY_TYPE(R, DIAGNOSTIC) \
  206     struct {                                   \
  207       _Static_assert (R, DIAGNOSTIC);          \
  208       int _gl_dummy;                          \
  209     }
  210 #else
  211 # define _GL_VERIFY_TYPE(R, DIAGNOSTIC) \
  212     struct { unsigned int _gl_verify_error_if_negative: (R) ? 1 : -1; }
  213 #endif
  214 
  215 /* Verify requirement R at compile-time, as a declaration without a
  216    trailing ';'.  If R is false, fail at compile-time.
  217 
  218    This macro requires three or more arguments but uses at most the first
  219    two, so that the _Static_assert macro optionally defined below supports
  220    both the C11 two-argument syntax and the C2X one-argument syntax.
  221 
  222    Unfortunately, unlike C11, this implementation must appear as an
  223    ordinary declaration, and cannot appear inside struct { ... }.  */
  224 
  225 #if defined _GL_HAVE__STATIC_ASSERT
  226 # define _GL_VERIFY(R, DIAGNOSTIC, ...) _Static_assert (R, DIAGNOSTIC)
  227 #else
  228 # define _GL_VERIFY(R, DIAGNOSTIC, ...)                                \
  229     extern int (*_GL_GENSYM (_gl_verify_function) (void))          \
  230       [_GL_VERIFY_TRUE (R, DIAGNOSTIC)]
  231 #endif
  232 
  233 /* _GL_STATIC_ASSERT_H is defined if this code is copied into assert.h.  */
  234 #ifdef _GL_STATIC_ASSERT_H
  235 # if !defined _GL_HAVE__STATIC_ASSERT1 && !defined _Static_assert
  236 #  define _Static_assert(...) \
  237      _GL_VERIFY (__VA_ARGS__, "static assertion failed", -)
  238 # endif
  239 # if !defined _GL_HAVE_STATIC_ASSERT1 && !defined static_assert
  240 #  define static_assert _Static_assert /* C11 requires this #define.  */
  241 # endif
  242 #endif
  243 
  244 /* @assert.h omit start@  */
  245 
  246 /* Each of these macros verifies that its argument R is nonzero.  To
  247    be portable, R should be an integer constant expression.  Unlike
  248    assert (R), there is no run-time overhead.
  249 
  250    There are two macros, since no single macro can be used in all
  251    contexts in C.  verify_expr (R, E) is for scalar contexts, including
  252    integer constant expression contexts.  verify (R) is for declaration
  253    contexts, e.g., the top level.  */
  254 
  255 /* Verify requirement R at compile-time.  Return the value of the
  256    expression E.  */
  257 
  258 #define verify_expr(R, E) \
  259    (_GL_VERIFY_TRUE (R, "verify_expr (" #R ", " #E ")") ? (E) : (E))
  260 
  261 /* Verify requirement R at compile-time, as a declaration without a
  262    trailing ';'.  verify (R) acts like static_assert (R) except that
  263    it is portable to C11/C++14 and earlier, it can issue better
  264    diagnostics, and its name is shorter and may be more convenient.  */
  265 
  266 #ifdef __PGI
  267 /* PGI barfs if R is long.  */
  268 # define verify(R) _GL_VERIFY (R, "verify (...)", -)
  269 #else
  270 # define verify(R) _GL_VERIFY (R, "verify (" #R ")", -)
  271 #endif
  272 
  273 /* Assume that R always holds.  Behavior is undefined if R is false,
  274    fails to evaluate, or has side effects.  Although assuming R can
  275    help a compiler generate better code or diagnostics, performance
  276    can suffer if R uses hard-to-optimize features such as function
  277    calls not inlined by the compiler.  */
  278 
  279 #if __has_builtin (__builtin_unreachable)
  280 # define assume(R) ((R) ? (void) 0 : __builtin_unreachable ())
  281 #elif 1200 <= _MSC_VER
  282 # define assume(R) __assume (R)
  283 #elif (defined GCC_LINT || defined lint) && __has_builtin (__builtin_trap)
  284   /* Doing it this way helps various packages when configured with
  285      --enable-gcc-warnings, which compiles with -Dlint.  It's nicer
  286      when 'assume' silences warnings even with older GCCs.  */
  287 # define assume(R) ((R) ? (void) 0 : __builtin_trap ())
  288 #else
  289   /* Some tools grok NOTREACHED, e.g., Oracle Studio 12.6.  */
  290 # define assume(R) ((R) ? (void) 0 : /*NOTREACHED*/ (void) 0)
  291 #endif
  292 
  293 #ifdef _GL_TEMPDEF___has_builtin
  294 # undef __has_builtin
  295 # undef _GL_HAS___builtin_unreachable
  296 # undef _GL_HAS___builtin_trap
  297 # undef _GL_TEMPDEF___has_builtin
  298 #endif
  299 
  300 /* @assert.h omit end@  */
  301 
  302 #endif