alarsyo/spot
1
0
Fork 0
Code Issues Pull requests Projects Releases Wiki Activity
spot/lib/verify.h
Alexandre Duret-Lutz 1e86463205 update gnulib to 47bf2cf3184027c1eb9c1dfeea5c5b8b2d69710d 
* lib/dosname.h, lib/glthread/lock.c, lib/glthread/lock.h,
lib/glthread/threadlib.c, lib/windows-mutex.c, lib/windows-mutex.h,
lib/windows-once.c, lib/windows-once.h, lib/windows-recmutex.c,
lib/windows-recmutex.h, lib/windows-rwlock.c, lib/windows-rwlock.h,
m4/host-cpu-c-abi.m4, m4/lib-ld.m4, m4/lib-link.m4, m4/lib-prefix.m4,
m4/lock.m4, m4/longlong.m4, m4/pthread_rwlock_rdlock.m4,
tools/config.rpath: Delete.
* lib/alloca.in.h, lib/argmatch.c, lib/argmatch.h, lib/arg-nonnull.h,
lib/argp-ba.c, lib/argp-eexst.c, lib/argp-fmtstream.c,
lib/argp-fmtstream.h, lib/argp-fs-xinl.c, lib/argp.h, lib/argp-help.c,
lib/argp-namefrob.h, lib/argp-parse.c, lib/argp-pin.c, lib/argp-pv.c,
lib/argp-pvh.c, lib/argp-xinl.c, lib/asnprintf.c, lib/basename-lgpl.c,
lib/c-ctype.h, lib/c++defs.h, lib/cdefs.h, lib/closeout.c,
lib/closeout.h, lib/close-stream.c, lib/c-strcasecmp.c,
lib/c-strcaseeq.h, lib/c-strcase.h, lib/c-strncasecmp.c,
lib/dirname.h, lib/dirname-lgpl.c, lib/errno.in.h, lib/error.c,
lib/error.h, lib/exitfail.c, lib/exitfail.h, lib/fcntl.in.h,
lib/filename.h, lib/float.c, lib/float+.h, lib/float.in.h,
lib/fpending.c, lib/fpending.h, lib/getopt1.c, lib/getopt.c,
lib/getopt-cdefs.in.h, lib/getopt-core.h, lib/getopt-ext.h,
lib/getopt.in.h, lib/getopt_int.h, lib/getopt-pfx-core.h,
lib/getopt-pfx-ext.h, lib/getprogname.c, lib/getprogname.h,
lib/gettext.h, lib/gettimeofday.c, lib/hard-locale.c,
lib/hard-locale.h, lib/intprops.h, lib/isatty.c, lib/itold.c,
lib/libc-config.h, lib/limits.in.h, lib/localcharset.c,
lib/localcharset.h, lib/localtime-buffer.c, lib/localtime-buffer.h,
lib/lstat.c, lib/Makefile.am, lib/malloca.c, lib/malloca.h,
lib/malloc.c, lib/mbrtowc.c, lib/mbsinit.c, lib/memchr.c,
lib/memchr.valgrind, lib/mempcpy.c, lib/minmax.h, lib/mkdir.c,
lib/mkstemp.c, lib/mkstemps.c, lib/msvc-inval.c, lib/msvc-inval.h,
lib/msvc-nothrow.c, lib/msvc-nothrow.h, lib/_Noreturn.h,
lib/pathmax.h, lib/printf-args.c, lib/printf-args.h,
lib/printf-parse.c, lib/printf-parse.h, lib/progname.c,
lib/progname.h, lib/quotearg.c, lib/quotearg.h, lib/quote.h,
lib/rawmemchr.c, lib/rawmemchr.valgrind, lib/secure_getenv.c,
lib/size_max.h, lib/sleep.c, lib/stat.c, lib/stat-time.h,
lib/stat-w32.c, lib/stat-w32.h, lib/stdalign.in.h, lib/stdbool.in.h,
lib/stddef.in.h, lib/stdint.in.h, lib/stdio-impl.h, lib/stdio.in.h,
lib/stdlib.in.h, lib/stpcpy.c, lib/strcasecmp.c, lib/strchrnul.c,
lib/strchrnul.valgrind, lib/streq.h, lib/strerror.c,
lib/strerror-override.c, lib/strerror-override.h, lib/string.in.h,
lib/strings.in.h, lib/stripslash.c, lib/strncasecmp.c, lib/strndup.c,
lib/strnlen.c, lib/strverscmp.c, lib/sysexits.in.h, lib/sys_stat.in.h,
lib/sys_time.in.h, lib/sys_types.in.h, lib/sys_wait.in.h,
lib/tempname.c, lib/tempname.h, lib/time.in.h, lib/unistd.in.h,
lib/vasnprintf.c, lib/vasnprintf.h, lib/verify.h, lib/vsnprintf.c,
lib/warn-on-use.h, lib/wchar.in.h, lib/wctype.in.h,
lib/windows-initguard.h, lib/xalloc-die.c, lib/xalloc.h,
lib/xalloc-oversized.h, lib/xmalloc.c, lib/xsize.h, m4/00gnulib.m4,
m4/absolute-header.m4, m4/alloca.m4, m4/argp.m4, m4/codeset.m4,
m4/dirname.m4, m4/double-slash-root.m4, m4/eealloc.m4, m4/errno_h.m4,
m4/error.m4, m4/exponentd.m4, m4/extensions.m4, m4/extern-inline.m4,
m4/fcntl_h.m4, m4/fcntl-o.m4, m4/float_h.m4, m4/fpending.m4,
m4/getopt.m4, m4/getprogname.m4, m4/gettimeofday.m4,
m4/gnulib-cache.m4, m4/gnulib-common.m4, m4/gnulib-comp.m4,
m4/gnulib-tool.m4, m4/include_next.m4, m4/__inline.m4, m4/intmax_t.m4,
m4/inttypes_h.m4, m4/isatty.m4, m4/largefile.m4, m4/limits-h.m4,
m4/localcharset.m4, m4/locale-fr.m4, m4/locale-ja.m4, m4/locale-zh.m4,
m4/localtime-buffer.m4, m4/lstat.m4, m4/malloca.m4, m4/malloc.m4,
m4/math_h.m4, m4/mbrtowc.m4, m4/mbsinit.m4, m4/mbstate_t.m4,
m4/memchr.m4, m4/mempcpy.m4, m4/minmax.m4, m4/mkdir.m4, m4/mkstemp.m4,
m4/mkstemps.m4, m4/mmap-anon.m4, m4/msvc-inval.m4, m4/msvc-nothrow.m4,
m4/multiarch.m4, m4/nocrash.m4, m4/off_t.m4, m4/pathmax.m4,
m4/printf.m4, m4/quotearg.m4, m4/quote.m4, m4/rawmemchr.m4,
m4/secure_getenv.m4, m4/size_max.m4, m4/sleep.m4, m4/ssize_t.m4,
m4/stat.m4, m4/stat-time.m4, m4/stdalign.m4, m4/stdbool.m4,
m4/stddef_h.m4, m4/std-gnu11.m4, m4/stdint_h.m4, m4/stdint.m4,
m4/stdio_h.m4, m4/stdlib_h.m4, m4/stpcpy.m4, m4/strcase.m4,
m4/strchrnul.m4, m4/strerror.m4, m4/string_h.m4, m4/strings_h.m4,
m4/strndup.m4, m4/strnlen.m4, m4/strverscmp.m4, m4/sysexits.m4,
m4/sys_socket_h.m4, m4/sys_stat_h.m4, m4/sys_time_h.m4,
m4/sys_types_h.m4, m4/sys_wait_h.m4, m4/tempname.m4, m4/threadlib.m4,
m4/time_h.m4, m4/unistd_h.m4, m4/vasnprintf.m4, m4/vsnprintf.m4,
m4/warn-on-use.m4, m4/wchar_h.m4, m4/wchar_t.m4, m4/wctype_h.m4,
m4/wint_t.m4, m4/xalloc.m4, m4/xsize.m4: Update.
* lib/inttypes.in.h, lib/lc-charset-dispatch.c,
lib/lc-charset-dispatch.h, lib/locale.in.h, lib/mbrtowc-impl.h,
lib/mbrtowc-impl-utf8.h, lib/mbtowc-lock.c, lib/mbtowc-lock.h,
lib/setlocale-lock.c, lib/setlocale_null.c, lib/setlocale_null.h,
m4/inttypes.m4, m4/locale_h.m4, m4/setlocale_null.m4,
m4/visibility.m4, m4/zzgnulib.m4: New files.
2020-04-16 21:12:30 +02:00

301 lines
12 KiB
C++
Raw Permalink Blame History

/* Compile-time assert-like macros.
Copyright (C) 2005-2006, 2009-2020 Free Software Foundation, Inc.
This program is free software: you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation; either version 3 of the License, or
(at your option) any later version.
This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details.
You should have received a copy of the GNU General Public License
along with this program. If not, see <https://www.gnu.org/licenses/>. */
/* Written by Paul Eggert, Bruno Haible, and Jim Meyering. */
#ifndef _GL_VERIFY_H
#define _GL_VERIFY_H
/* Define _GL_HAVE__STATIC_ASSERT to 1 if _Static_assert (R, DIAGNOSTIC)
works as per C11. This is supported by GCC 4.6.0 and later, in C
mode.
Define _GL_HAVE__STATIC_ASSERT1 to 1 if _Static_assert (R) works as
per C2X, and define _GL_HAVE_STATIC_ASSERT1 if static_assert (R)
works as per C++17. This is supported by GCC 9.1 and later.
Support compilers claiming conformance to the relevant standard,
and also support GCC when not pedantic. If we were willing to slow
'configure' down we could also use it with other compilers, but
since this affects only the quality of diagnostics, why bother? */
#ifndef __cplusplus
# if (201112L <= __STDC_VERSION__ \
|| (!defined __STRICT_ANSI__ && 4 < __GNUC__ + (6 <= __GNUC_MINOR__)))
# define _GL_HAVE__STATIC_ASSERT 1
# endif
# if (202000L <= __STDC_VERSION__ \
|| (!defined __STRICT_ANSI__ && 9 <= __GNUC__))
# define _GL_HAVE__STATIC_ASSERT1 1
# endif
#else
# if 201703L <= __cplusplus || 9 <= __GNUC__
# define _GL_HAVE_STATIC_ASSERT1 1
# endif
#endif
/* FreeBSD 9.1 <sys/cdefs.h>, included by <stddef.h> and lots of other
system headers, defines a conflicting _Static_assert that is no
better than ours; override it. */
#ifndef _GL_HAVE__STATIC_ASSERT
# include <stddef.h>
# undef _Static_assert
#endif
/* Each of these macros verifies that its argument R is nonzero. To
be portable, R should be an integer constant expression. Unlike
assert (R), there is no run-time overhead.
If _Static_assert works, verify (R) uses it directly. Similarly,
_GL_VERIFY_TRUE works by packaging a _Static_assert inside a struct
that is an operand of sizeof.
The code below uses several ideas for C++ compilers, and for C
compilers that do not support _Static_assert:
* The first step is ((R) ? 1 : -1). Given an expression R, of
integral or boolean or floating-point type, this yields an
expression of integral type, whose value is later verified to be
constant and nonnegative.
* Next this expression W is wrapped in a type
struct _gl_verify_type {
unsigned int _gl_verify_error_if_negative: W;
}.
If W is negative, this yields a compile-time error. No compiler can
deal with a bit-field of negative size.
One might think that an array size check would have the same
effect, that is, that the type struct { unsigned int dummy[W]; }
would work as well. However, inside a function, some compilers
(such as C++ compilers and GNU C) allow local parameters and
variables inside array size expressions. With these compilers,
an array size check would not properly diagnose this misuse of
the verify macro:
void function (int n) { verify (n < 0); }
* For the verify macro, the struct _gl_verify_type will need to
somehow be embedded into a declaration. To be portable, this
declaration must declare an object, a constant, a function, or a
typedef name. If the declared entity uses the type directly,
such as in
struct dummy {...};
typedef struct {...} dummy;
extern struct {...} *dummy;
extern void dummy (struct {...} *);
extern struct {...} *dummy (void);
two uses of the verify macro would yield colliding declarations
if the entity names are not disambiguated. A workaround is to
attach the current line number to the entity name:
#define _GL_CONCAT0(x, y) x##y
#define _GL_CONCAT(x, y) _GL_CONCAT0 (x, y)
extern struct {...} * _GL_CONCAT (dummy, __LINE__);
But this has the problem that two invocations of verify from
within the same macro would collide, since the __LINE__ value
would be the same for both invocations. (The GCC __COUNTER__
macro solves this problem, but is not portable.)
A solution is to use the sizeof operator. It yields a number,
getting rid of the identity of the type. Declarations like
extern int dummy [sizeof (struct {...})];
extern void dummy (int [sizeof (struct {...})]);
extern int (*dummy (void)) [sizeof (struct {...})];
can be repeated.
* Should the implementation use a named struct or an unnamed struct?
Which of the following alternatives can be used?
extern int dummy [sizeof (struct {...})];
extern int dummy [sizeof (struct _gl_verify_type {...})];
extern void dummy (int [sizeof (struct {...})]);
extern void dummy (int [sizeof (struct _gl_verify_type {...})]);
extern int (*dummy (void)) [sizeof (struct {...})];
extern int (*dummy (void)) [sizeof (struct _gl_verify_type {...})];
In the second and sixth case, the struct type is exported to the
outer scope; two such declarations therefore collide. GCC warns
about the first, third, and fourth cases. So the only remaining
possibility is the fifth case:
extern int (*dummy (void)) [sizeof (struct {...})];
* GCC warns about duplicate declarations of the dummy function if
-Wredundant-decls is used. GCC 4.3 and later have a builtin
__COUNTER__ macro that can let us generate unique identifiers for
each dummy function, to suppress this warning.
* This implementation exploits the fact that older versions of GCC,
which do not support _Static_assert, also do not warn about the
last declaration mentioned above.
* GCC warns if -Wnested-externs is enabled and 'verify' is used
within a function body; but inside a function, you can always
arrange to use verify_expr instead.
* In C++, any struct definition inside sizeof is invalid.
Use a template type to work around the problem. */
/* Concatenate two preprocessor tokens. */
#define _GL_CONCAT(x, y) _GL_CONCAT0 (x, y)
#define _GL_CONCAT0(x, y) x##y
/* _GL_COUNTER is an integer, preferably one that changes each time we
use it. Use __COUNTER__ if it works, falling back on __LINE__
otherwise. __LINE__ isn't perfect, but it's better than a
constant. */
#if defined __COUNTER__ && __COUNTER__ != __COUNTER__
# define _GL_COUNTER __COUNTER__
#else
# define _GL_COUNTER __LINE__
#endif
/* Generate a symbol with the given prefix, making it unique if
possible. */
#define _GL_GENSYM(prefix) _GL_CONCAT (prefix, _GL_COUNTER)
/* Verify requirement R at compile-time, as an integer constant expression
that returns 1. If R is false, fail at compile-time, preferably
with a diagnostic that includes the string-literal DIAGNOSTIC. */
#define _GL_VERIFY_TRUE(R, DIAGNOSTIC) \
(!!sizeof (_GL_VERIFY_TYPE (R, DIAGNOSTIC)))
#ifdef __cplusplus
# if !GNULIB_defined_struct__gl_verify_type
template <int w>
struct _gl_verify_type {
unsigned int _gl_verify_error_if_negative: w;
};
# define GNULIB_defined_struct__gl_verify_type 1
# endif
# define _GL_VERIFY_TYPE(R, DIAGNOSTIC) \
_gl_verify_type<(R) ? 1 : -1>
#elif defined _GL_HAVE__STATIC_ASSERT
# define _GL_VERIFY_TYPE(R, DIAGNOSTIC) \
struct { \
_Static_assert (R, DIAGNOSTIC); \
int _gl_dummy; \
}
#else
# define _GL_VERIFY_TYPE(R, DIAGNOSTIC) \
struct { unsigned int _gl_verify_error_if_negative: (R) ? 1 : -1; }
#endif
/* Verify requirement R at compile-time, as a declaration without a
trailing ';'. If R is false, fail at compile-time.
This macro requires three or more arguments but uses at most the first
two, so that the _Static_assert macro optionally defined below supports
both the C11 two-argument syntax and the C2X one-argument syntax.
Unfortunately, unlike C11, this implementation must appear as an
ordinary declaration, and cannot appear inside struct { ... }. */
#if defined _GL_HAVE__STATIC_ASSERT
# define _GL_VERIFY(R, DIAGNOSTIC, ...) _Static_assert (R, DIAGNOSTIC)
#else
# define _GL_VERIFY(R, DIAGNOSTIC, ...) \
extern int (*_GL_GENSYM (_gl_verify_function) (void)) \
[_GL_VERIFY_TRUE (R, DIAGNOSTIC)]
#endif
/* _GL_STATIC_ASSERT_H is defined if this code is copied into assert.h. */
#ifdef _GL_STATIC_ASSERT_H
# if !defined _GL_HAVE__STATIC_ASSERT1 && !defined _Static_assert
# define _Static_assert(...) \
_GL_VERIFY (__VA_ARGS__, "static assertion failed", -)
# endif
# if !defined _GL_HAVE_STATIC_ASSERT1 && !defined static_assert
# define static_assert _Static_assert /* C11 requires this #define. */
# endif
#endif
/* @assert.h omit start@ */
#if 3 < __GNUC__ + (3 < __GNUC_MINOR__ + (4 <= __GNUC_PATCHLEVEL__))
# define _GL_HAS_BUILTIN_TRAP 1
#elif defined __has_builtin
# define _GL_HAS_BUILTIN_TRAP __has_builtin (__builtin_trap)
#else
# define _GL_HAS_BUILTIN_TRAP 0
#endif
#if 4 < __GNUC__ + (5 <= __GNUC_MINOR__)
# define _GL_HAS_BUILTIN_UNREACHABLE 1
#elif defined __has_builtin
# define _GL_HAS_BUILTIN_UNREACHABLE __has_builtin (__builtin_unreachable)
#else
# define _GL_HAS_BUILTIN_UNREACHABLE 0
#endif
/* Each of these macros verifies that its argument R is nonzero. To
be portable, R should be an integer constant expression. Unlike
assert (R), there is no run-time overhead.
There are two macros, since no single macro can be used in all
contexts in C. verify_expr (R, E) is for scalar contexts, including
integer constant expression contexts. verify (R) is for declaration
contexts, e.g., the top level. */
/* Verify requirement R at compile-time. Return the value of the
expression E. */
#define verify_expr(R, E) \
(_GL_VERIFY_TRUE (R, "verify_expr (" #R ", " #E ")") ? (E) : (E))
/* Verify requirement R at compile-time, as a declaration without a
trailing ';'. verify (R) acts like static_assert (R) except that
it is portable to C11/C++14 and earlier, it can issue better
diagnostics, and its name is shorter and may be more convenient. */
#ifdef __PGI
/* PGI barfs if R is long. */
# define verify(R) _GL_VERIFY (R, "verify (...)", -)
#else
# define verify(R) _GL_VERIFY (R, "verify (" #R ")", -)
#endif
/* Assume that R always holds. Behavior is undefined if R is false,
fails to evaluate, or has side effects. Although assuming R can
help a compiler generate better code or diagnostics, performance
can suffer if R uses hard-to-optimize features such as function
calls not inlined by the compiler. */
#if _GL_HAS_BUILTIN_UNREACHABLE
# define assume(R) ((R) ? (void) 0 : __builtin_unreachable ())
#elif 1200 <= _MSC_VER
# define assume(R) __assume (R)
#elif (defined GCC_LINT || defined lint) && _GL_HAS_BUILTIN_TRAP
/* Doing it this way helps various packages when configured with
--enable-gcc-warnings, which compiles with -Dlint. It's nicer
when 'assume' silences warnings even with older GCCs. */
# define assume(R) ((R) ? (void) 0 : __builtin_trap ())
#else
/* Some tools grok NOTREACHED, e.g., Oracle Studio 12.6. */
# define assume(R) ((R) ? (void) 0 : /*NOTREACHED*/ (void) 0)
#endif
/* @assert.h omit end@ */
#endif
Reference in a new issue View git blame Copy permalink