summaryrefslogtreecommitdiff
path: root/lib/verify.h
diff options
context:
space:
mode:
Diffstat (limited to 'lib/verify.h')
-rw-r--r--lib/verify.h162
1 files changed, 92 insertions, 70 deletions
diff --git a/lib/verify.h b/lib/verify.h
index a3b2a2d6..07b2f486 100644
--- a/lib/verify.h
+++ b/lib/verify.h
@@ -1,27 +1,18 @@
/* Compile-time assert-like macros.
- Copyright (C) 2005-2006, 2009-2018 Free Software Foundation, Inc.
+ Copyright (C) 2005-2006, 2009-2022 Free Software Foundation, Inc.
- This program is free software: you can redistribute it and/or
- modify it under the terms of either:
+ This file is free software: you can redistribute it and/or modify
+ it under the terms of the GNU Lesser General Public License as
+ published by the Free Software Foundation; either version 2.1 of the
+ License, or (at your option) any later version.
- * the GNU Lesser General Public License as published by the Free
- Software Foundation; either version 3 of the License, or (at your
- option) any later version.
-
- or
-
- * the GNU General Public License as published by the Free
- Software Foundation; either version 2 of the License, or (at your
- option) any later version.
-
- or both in parallel, as here.
- This program is distributed in the hope that it will be useful,
+ This file is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- GNU General Public License for more details.
+ GNU Lesser General Public License for more details.
- You should have received a copy of the GNU General Public License
+ You should have received a copy of the GNU Lesser General Public License
along with this program. If not, see <https://www.gnu.org/licenses/>. */
/* Written by Paul Eggert, Bruno Haible, and Jim Meyering. */
@@ -30,31 +21,32 @@
#define _GL_VERIFY_H
-/* Define _GL_HAVE__STATIC_ASSERT to 1 if _Static_assert works as per C11.
- This is supported by GCC 4.6.0 and later, in C mode, and its use
- here generates easier-to-read diagnostics when verify (R) fails.
+/* Define _GL_HAVE__STATIC_ASSERT to 1 if _Static_assert (R, DIAGNOSTIC)
+ works as per C11. This is supported by GCC 4.6.0+ and by clang 4+.
- Define _GL_HAVE_STATIC_ASSERT to 1 if static_assert works as per C++11.
- This will likely be supported by future GCC versions, in C++ mode.
+ Define _GL_HAVE__STATIC_ASSERT1 to 1 if _Static_assert (R) works as
+ per C2x. This is supported by GCC 9.1+.
- Use this only with GCC. If we were willing to slow 'configure'
- down we could also use it with other compilers, but since this
- affects only the quality of diagnostics, why bother? */
-#if (4 < __GNUC__ + (6 <= __GNUC_MINOR__) \
- && (201112L <= __STDC_VERSION__ || !defined __STRICT_ANSI__) \
- && !defined __cplusplus)
-# define _GL_HAVE__STATIC_ASSERT 1
-#endif
-/* The condition (99 < __GNUC__) is temporary, until we know about the
- first G++ release that supports static_assert. */
-#if (99 < __GNUC__) && defined __cplusplus
-# define _GL_HAVE_STATIC_ASSERT 1
+ Support compilers claiming conformance to the relevant standard,
+ and also support GCC when not pedantic. If we were willing to slow
+ 'configure' down we could also use it with other compilers, but
+ since this affects only the quality of diagnostics, why bother? */
+#ifndef __cplusplus
+# if (201112L <= __STDC_VERSION__ \
+ || (!defined __STRICT_ANSI__ \
+ && (4 < __GNUC__ + (6 <= __GNUC_MINOR__) || 4 <= __clang_major__)))
+# define _GL_HAVE__STATIC_ASSERT 1
+# endif
+# if (202000L <= __STDC_VERSION__ \
+ || (!defined __STRICT_ANSI__ && 9 <= __GNUC__))
+# define _GL_HAVE__STATIC_ASSERT1 1
+# endif
#endif
/* FreeBSD 9.1 <sys/cdefs.h>, included by <stddef.h> and lots of other
system headers, defines a conflicting _Static_assert that is no
better than ours; override it. */
-#ifndef _GL_HAVE_STATIC_ASSERT
+#ifndef _GL_HAVE__STATIC_ASSERT
# include <stddef.h>
# undef _Static_assert
#endif
@@ -152,9 +144,9 @@
which do not support _Static_assert, also do not warn about the
last declaration mentioned above.
- * GCC warns if -Wnested-externs is enabled and verify() is used
+ * GCC warns if -Wnested-externs is enabled and 'verify' is used
within a function body; but inside a function, you can always
- arrange to use verify_expr() instead.
+ arrange to use verify_expr instead.
* In C++, any struct definition inside sizeof is invalid.
Use a template type to work around the problem. */
@@ -206,48 +198,63 @@ template <int w>
#endif
/* Verify requirement R at compile-time, as a declaration without a
- trailing ';'. If R is false, fail at compile-time, preferably
- with a diagnostic that includes the string-literal DIAGNOSTIC.
+ trailing ';'. If R is false, fail at compile-time.
+
+ This macro requires three or more arguments but uses at most the first
+ two, so that the _Static_assert macro optionally defined below supports
+ both the C11 two-argument syntax and the C2x one-argument syntax.
Unfortunately, unlike C11, this implementation must appear as an
ordinary declaration, and cannot appear inside struct { ... }. */
-#ifdef _GL_HAVE__STATIC_ASSERT
-# define _GL_VERIFY _Static_assert
+#if 200410 <= __cpp_static_assert
+# define _GL_VERIFY(R, DIAGNOSTIC, ...) static_assert (R, DIAGNOSTIC)
+#elif defined _GL_HAVE__STATIC_ASSERT
+# define _GL_VERIFY(R, DIAGNOSTIC, ...) _Static_assert (R, DIAGNOSTIC)
#else
-# define _GL_VERIFY(R, DIAGNOSTIC) \
+# define _GL_VERIFY(R, DIAGNOSTIC, ...) \
extern int (*_GL_GENSYM (_gl_verify_function) (void)) \
[_GL_VERIFY_TRUE (R, DIAGNOSTIC)]
#endif
/* _GL_STATIC_ASSERT_H is defined if this code is copied into assert.h. */
#ifdef _GL_STATIC_ASSERT_H
-# if !defined _GL_HAVE__STATIC_ASSERT && !defined _Static_assert
-# define _Static_assert(R, DIAGNOSTIC) _GL_VERIFY (R, DIAGNOSTIC)
+# if !defined _GL_HAVE__STATIC_ASSERT1 && !defined _Static_assert
+# define _Static_assert(...) \
+ _GL_VERIFY (__VA_ARGS__, "static assertion failed", -)
# endif
-# if !defined _GL_HAVE_STATIC_ASSERT && !defined static_assert
+# if __cpp_static_assert < 201411 && !defined static_assert
# define static_assert _Static_assert /* C11 requires this #define. */
# endif
#endif
/* @assert.h omit start@ */
+#if 3 < __GNUC__ + (3 < __GNUC_MINOR__ + (4 <= __GNUC_PATCHLEVEL__))
+# define _GL_HAS_BUILTIN_TRAP 1
+#elif defined __has_builtin
+# define _GL_HAS_BUILTIN_TRAP __has_builtin (__builtin_trap)
+#else
+# define _GL_HAS_BUILTIN_TRAP 0
+#endif
+
+#if 4 < __GNUC__ + (5 <= __GNUC_MINOR__)
+# define _GL_HAS_BUILTIN_UNREACHABLE 1
+#elif defined __has_builtin
+# define _GL_HAS_BUILTIN_UNREACHABLE __has_builtin (__builtin_unreachable)
+#else
+# define _GL_HAS_BUILTIN_UNREACHABLE 0
+#endif
+
/* Each of these macros verifies that its argument R is nonzero. To
be portable, R should be an integer constant expression. Unlike
assert (R), there is no run-time overhead.
There are two macros, since no single macro can be used in all
- contexts in C. verify_true (R) is for scalar contexts, including
+ contexts in C. verify_expr (R, E) is for scalar contexts, including
integer constant expression contexts. verify (R) is for declaration
contexts, e.g., the top level. */
-/* Verify requirement R at compile-time, as an integer constant expression.
- Return 1. This is equivalent to verify_expr (R, 1).
-
- verify_true is obsolescent; please use verify_expr instead. */
-
-#define verify_true(R) _GL_VERIFY_TRUE (R, "verify_true (" #R ")")
-
/* Verify requirement R at compile-time. Return the value of the
expression E. */
@@ -255,37 +262,52 @@ template <int w>
(_GL_VERIFY_TRUE (R, "verify_expr (" #R ", " #E ")") ? (E) : (E))
/* Verify requirement R at compile-time, as a declaration without a
- trailing ';'. */
+ trailing ';'. verify (R) acts like static_assert (R) except that
+ it is portable to C11/C++14 and earlier, it can issue better
+ diagnostics, and its name is shorter and may be more convenient. */
-#ifdef __GNUC__
-# define verify(R) _GL_VERIFY (R, "verify (" #R ")")
+#ifdef __PGI
+/* PGI barfs if R is long. */
+# define verify(R) _GL_VERIFY (R, "verify (...)", -)
#else
-/* PGI barfs if R is long. Play it safe. */
-# define verify(R) _GL_VERIFY (R, "verify (...)")
+# define verify(R) _GL_VERIFY (R, "verify (" #R ")", -)
#endif
-#ifndef __has_builtin
-# define __has_builtin(x) 0
-#endif
+/* Assume that R always holds. Behavior is undefined if R is false,
+ fails to evaluate, or has side effects.
+
+ 'assume (R)' is a directive from the programmer telling the
+ compiler that R is true so the compiler needn't generate code to
+ test R. This is why 'assume' is in verify.h: it's related to
+ static checking (in this case, static checking done by the
+ programmer), not dynamic checking.
+
+ 'assume (R)' can affect compilation of all the code, not just code
+ that happens to be executed after the assume (R) is "executed".
+ For example, if the code mistakenly does 'assert (R); assume (R);'
+ the compiler is entitled to optimize away the 'assert (R)'.
+
+ Although assuming R can help a compiler generate better code or
+ diagnostics, performance can suffer if R uses hard-to-optimize
+ features such as function calls not inlined by the compiler.
-/* Assume that R always holds. This lets the compiler optimize
- accordingly. R should not have side-effects; it may or may not be
- evaluated. Behavior is undefined if R is false. */
+ Avoid Clang's __builtin_assume, as it breaks GNU Emacs master
+ as of 2020-08-23T21:09:49Z!eggert@cs.ucla.edu; see
+ <https://bugs.gnu.org/43152#71>. It's not known whether this breakage
+ is a Clang bug or an Emacs bug; play it safe for now. */
-#if (__has_builtin (__builtin_unreachable) \
- || 4 < __GNUC__ + (5 <= __GNUC_MINOR__))
+#if _GL_HAS_BUILTIN_UNREACHABLE
# define assume(R) ((R) ? (void) 0 : __builtin_unreachable ())
#elif 1200 <= _MSC_VER
# define assume(R) __assume (R)
-#elif ((defined GCC_LINT || defined lint) \
- && (__has_builtin (__builtin_trap) \
- || 3 < __GNUC__ + (3 < __GNUC_MINOR__ + (4 <= __GNUC_PATCHLEVEL__))))
+#elif (defined GCC_LINT || defined lint) && _GL_HAS_BUILTIN_TRAP
/* Doing it this way helps various packages when configured with
--enable-gcc-warnings, which compiles with -Dlint. It's nicer
when 'assume' silences warnings even with older GCCs. */
# define assume(R) ((R) ? (void) 0 : __builtin_trap ())
#else
-# define assume(R) ((void) (0 && (R)))
+ /* Some tools grok NOTREACHED, e.g., Oracle Studio 12.6. */
+# define assume(R) ((R) ? (void) 0 : /*NOTREACHED*/ (void) 0)
#endif
/* @assert.h omit end@ */