xref: /netbsd-src/external/bsd/ntp/dist/include/ntp_assert.h (revision 6a493d6bc668897c91594964a732d38505b70cbb) 
1 /*	$NetBSD: ntp_assert.h,v 1.1.1.3 2013/12/27 23:30:46 christos Exp $	*/
2 
3 /*
4  * ntp_assert.h - design by contract stuff
5  *
6  * example:
7  *
8  * int foo(char *a) {
9  *	int result;
10  *	int value;
11  *
12  *	REQUIRE(a != NULL);
13  *	...
14  *	bar(&value);
15  *	INSIST(value > 2);
16  *	...
17  *
18  *	ENSURE(result != 12);
19  *	return result;
20  * }
21  *
22  * open question: when would we use INVARIANT()?
23  *
24  * For cases where the overhead for non-debug builds is deemed too high,
25  * use DEBUG_REQUIRE(), DEBUG_INSIST(), DEBUG_ENSURE(), and/or
26  * DEBUG_INVARIANT().
27  */
28 
29 #ifndef NTP_ASSERT_H
30 #define NTP_ASSERT_H
31 
32 # ifdef CALYSTO
33 
34 extern void calysto_assume(unsigned char cnd); /* assume this always holds */
35 extern void calysto_assert(unsigned char cnd); /* check whether this holds */
36 #define ALWAYS_REQUIRE(x)	calysto_assert(x)
37 #define ALWAYS_INSIST(x)	calysto_assume(x) /* DLH calysto_assert()? */
38 #define ALWAYS_INVARIANT(x)	calysto_assume(x)
39 #define ALWAYS_ENSURE(x)	calysto_assert(x)
40 
41 /* # elif defined(__COVERITY__) */
42 /*
43  * DH: try letting coverity scan our actual assertion macros, now that
44  * isc_assertioncallback_t is marked __attribute__ __noreturn__.
45  */
46 
47 /*
48  * Coverity has special knowledge that assert(x) terminates the process
49  * if x is not true.  Rather than teach it about our assertion macros,
50  * just use the one it knows about for Coverity Prevent scans.  This
51  * means our assertion code (and ISC's) escapes Coverity analysis, but
52  * that seems to be a reasonable trade-off.
53  */
54 
55 /*
56 #define ALWAYS_REQUIRE(x)	assert(x)
57 #define ALWAYS_INSIST(x)	assert(x)
58 #define ALWAYS_INVARIANT(x)	assert(x)
59 #define ALWAYS_ENSURE(x)	assert(x)
60 */
61 
62 # else	/* neither Coverity nor Calysto */
63 
64 #include "isc/assertions.h"
65 
66 #define ALWAYS_REQUIRE(x)	ISC_REQUIRE(x)
67 #define ALWAYS_INSIST(x)	ISC_INSIST(x)
68 #define ALWAYS_INVARIANT(x)	ISC_INVARIANT(x)
69 #define ALWAYS_ENSURE(x)	ISC_ENSURE(x)
70 
71 # endif /* neither Coverity nor Calysto */
72 
73 #define	REQUIRE(x)		ALWAYS_REQUIRE(x)
74 #define	INSIST(x)		ALWAYS_INSIST(x)
75 #define	INVARIANT(x)		ALWAYS_INVARIANT(x)
76 #define	ENSURE(x)		ALWAYS_ENSURE(x)
77 
78 /*
79  * We initially used NTP_REQUIRE() instead of REQUIRE() etc, but that
80  * is unneccesarily verbose, as libisc use of REQUIRE() etc shows.
81  */
82 #define	NTP_REQUIRE(x)		REQUIRE(x)
83 #define	NTP_INSIST(x)		INSIST(x)
84 #define	NTP_INVARIANT(x)	INVARIANT(x)
85 #define	NTP_ENSURE(x)		ENSURE(x)
86 
87 # ifdef DEBUG
88 #define	DEBUG_REQUIRE(x)	REQUIRE(x)
89 #define	DEBUG_INSIST(x)		INSIST(x)
90 #define	DEBUG_INVARIANT(x)	INVARIANT(x)
91 #define	DEBUG_ENSURE(x)		ENSURE(x)
92 # else
93 #define	DEBUG_REQUIRE(x)	do {} while (FALSE)
94 #define	DEBUG_INSIST(x)		do {} while (FALSE)
95 #define	DEBUG_INVARIANT(x)	do {} while (FALSE)
96 #define	DEBUG_ENSURE(x)		do {} while (FALSE)
97 # endif
98 
99 #endif	/* NTP_ASSERT_H */
100