181ad6265SDimitry Andric// -*- C++ -*- 281ad6265SDimitry Andric//===----------------------------------------------------------------------===// 381ad6265SDimitry Andric// 481ad6265SDimitry Andric// Part of the LLVM Project, under the Apache License v2.0 with LLVM Exceptions. 581ad6265SDimitry Andric// See https://llvm.org/LICENSE.txt for license information. 681ad6265SDimitry Andric// SPDX-License-Identifier: Apache-2.0 WITH LLVM-exception 781ad6265SDimitry Andric// 881ad6265SDimitry Andric//===----------------------------------------------------------------------===// 981ad6265SDimitry Andric 1081ad6265SDimitry Andric#ifndef _LIBCPP___ASSERT 1181ad6265SDimitry Andric#define _LIBCPP___ASSERT 1281ad6265SDimitry Andric 137a6dacacSDimitry Andric#include <__assertion_handler> // Note: this include is generated by CMake and is potentially vendor-provided. 1481ad6265SDimitry Andric#include <__config> 1581ad6265SDimitry Andric 1681ad6265SDimitry Andric#if !defined(_LIBCPP_HAS_NO_PRAGMA_SYSTEM_HEADER) 1781ad6265SDimitry Andric# pragma GCC system_header 1881ad6265SDimitry Andric#endif 1981ad6265SDimitry Andric 2081ad6265SDimitry Andric#define _LIBCPP_ASSERT(expression, message) \ 2106c3fb27SDimitry Andric (__builtin_expect(static_cast<bool>(expression), 1) \ 2206c3fb27SDimitry Andric ? (void)0 \ 237a6dacacSDimitry Andric : _LIBCPP_ASSERTION_HANDLER(__FILE__ ":" _LIBCPP_TOSTRING(__LINE__) ": assertion " _LIBCPP_TOSTRING( \ 247a6dacacSDimitry Andric expression) " failed: " message "\n")) 2506c3fb27SDimitry Andric 2606c3fb27SDimitry Andric// TODO: __builtin_assume can currently inhibit optimizations. Until this has been fixed and we can add 2706c3fb27SDimitry Andric// assumptions without a clear optimization intent, disable that to avoid worsening the code generation. 2806c3fb27SDimitry Andric// See https://discourse.llvm.org/t/llvm-assume-blocks-optimization/71609 for a discussion. 2906c3fb27SDimitry Andric#if 0 && __has_builtin(__builtin_assume) 3006c3fb27SDimitry Andric# define _LIBCPP_ASSUME(expression) \ 3106c3fb27SDimitry Andric (_LIBCPP_DIAGNOSTIC_PUSH _LIBCPP_CLANG_DIAGNOSTIC_IGNORED("-Wassume") \ 3206c3fb27SDimitry Andric __builtin_assume(static_cast<bool>(expression)) _LIBCPP_DIAGNOSTIC_POP) 3381ad6265SDimitry Andric#else 3406c3fb27SDimitry Andric# define _LIBCPP_ASSUME(expression) ((void)0) 3581ad6265SDimitry Andric#endif 3681ad6265SDimitry Andric 37*0fca6ea1SDimitry Andric// clang-format off 38*0fca6ea1SDimitry Andric// Fast hardening mode checks. 39*0fca6ea1SDimitry Andric 40*0fca6ea1SDimitry Andric#if _LIBCPP_HARDENING_MODE == _LIBCPP_HARDENING_MODE_FAST 41*0fca6ea1SDimitry Andric 42*0fca6ea1SDimitry Andric// Enabled checks. 43*0fca6ea1SDimitry Andric# define _LIBCPP_ASSERT_VALID_INPUT_RANGE(expression, message) _LIBCPP_ASSERT(expression, message) 44*0fca6ea1SDimitry Andric# define _LIBCPP_ASSERT_VALID_ELEMENT_ACCESS(expression, message) _LIBCPP_ASSERT(expression, message) 45*0fca6ea1SDimitry Andric// Disabled checks. 46*0fca6ea1SDimitry Andric// On most modern platforms, dereferencing a null pointer does not lead to an actual memory access. 47*0fca6ea1SDimitry Andric# define _LIBCPP_ASSERT_NON_NULL(expression, message) _LIBCPP_ASSUME(expression) 48*0fca6ea1SDimitry Andric// Overlapping ranges will make algorithms produce incorrect results but don't directly lead to a security 49*0fca6ea1SDimitry Andric// vulnerability. 50*0fca6ea1SDimitry Andric# define _LIBCPP_ASSERT_NON_OVERLAPPING_RANGES(expression, message) _LIBCPP_ASSUME(expression) 51*0fca6ea1SDimitry Andric# define _LIBCPP_ASSERT_VALID_DEALLOCATION(expression, message) _LIBCPP_ASSUME(expression) 52*0fca6ea1SDimitry Andric# define _LIBCPP_ASSERT_VALID_EXTERNAL_API_CALL(expression, message) _LIBCPP_ASSUME(expression) 53*0fca6ea1SDimitry Andric# define _LIBCPP_ASSERT_COMPATIBLE_ALLOCATOR(expression, message) _LIBCPP_ASSUME(expression) 54*0fca6ea1SDimitry Andric# define _LIBCPP_ASSERT_ARGUMENT_WITHIN_DOMAIN(expression, message) _LIBCPP_ASSUME(expression) 55*0fca6ea1SDimitry Andric# define _LIBCPP_ASSERT_PEDANTIC(expression, message) _LIBCPP_ASSUME(expression) 56*0fca6ea1SDimitry Andric# define _LIBCPP_ASSERT_SEMANTIC_REQUIREMENT(expression, message) _LIBCPP_ASSUME(expression) 57*0fca6ea1SDimitry Andric# define _LIBCPP_ASSERT_INTERNAL(expression, message) _LIBCPP_ASSUME(expression) 58*0fca6ea1SDimitry Andric# define _LIBCPP_ASSERT_UNCATEGORIZED(expression, message) _LIBCPP_ASSUME(expression) 59*0fca6ea1SDimitry Andric 60*0fca6ea1SDimitry Andric// Extensive hardening mode checks. 61*0fca6ea1SDimitry Andric 62*0fca6ea1SDimitry Andric#elif _LIBCPP_HARDENING_MODE == _LIBCPP_HARDENING_MODE_EXTENSIVE 63*0fca6ea1SDimitry Andric 64*0fca6ea1SDimitry Andric// Enabled checks. 65*0fca6ea1SDimitry Andric# define _LIBCPP_ASSERT_VALID_INPUT_RANGE(expression, message) _LIBCPP_ASSERT(expression, message) 66*0fca6ea1SDimitry Andric# define _LIBCPP_ASSERT_VALID_ELEMENT_ACCESS(expression, message) _LIBCPP_ASSERT(expression, message) 67*0fca6ea1SDimitry Andric# define _LIBCPP_ASSERT_NON_NULL(expression, message) _LIBCPP_ASSERT(expression, message) 68*0fca6ea1SDimitry Andric# define _LIBCPP_ASSERT_NON_OVERLAPPING_RANGES(expression, message) _LIBCPP_ASSERT(expression, message) 69*0fca6ea1SDimitry Andric# define _LIBCPP_ASSERT_VALID_DEALLOCATION(expression, message) _LIBCPP_ASSERT(expression, message) 70*0fca6ea1SDimitry Andric# define _LIBCPP_ASSERT_VALID_EXTERNAL_API_CALL(expression, message) _LIBCPP_ASSERT(expression, message) 71*0fca6ea1SDimitry Andric# define _LIBCPP_ASSERT_COMPATIBLE_ALLOCATOR(expression, message) _LIBCPP_ASSERT(expression, message) 72*0fca6ea1SDimitry Andric# define _LIBCPP_ASSERT_ARGUMENT_WITHIN_DOMAIN(expression, message) _LIBCPP_ASSERT(expression, message) 73*0fca6ea1SDimitry Andric# define _LIBCPP_ASSERT_PEDANTIC(expression, message) _LIBCPP_ASSERT(expression, message) 74*0fca6ea1SDimitry Andric# define _LIBCPP_ASSERT_UNCATEGORIZED(expression, message) _LIBCPP_ASSERT(expression, message) 75*0fca6ea1SDimitry Andric// Disabled checks. 76*0fca6ea1SDimitry Andric# define _LIBCPP_ASSERT_SEMANTIC_REQUIREMENT(expression, message) _LIBCPP_ASSUME(expression) 77*0fca6ea1SDimitry Andric# define _LIBCPP_ASSERT_INTERNAL(expression, message) _LIBCPP_ASSUME(expression) 78*0fca6ea1SDimitry Andric 79*0fca6ea1SDimitry Andric// Debug hardening mode checks. 80*0fca6ea1SDimitry Andric 81*0fca6ea1SDimitry Andric#elif _LIBCPP_HARDENING_MODE == _LIBCPP_HARDENING_MODE_DEBUG 82*0fca6ea1SDimitry Andric 83*0fca6ea1SDimitry Andric// All checks enabled. 84*0fca6ea1SDimitry Andric# define _LIBCPP_ASSERT_VALID_INPUT_RANGE(expression, message) _LIBCPP_ASSERT(expression, message) 85*0fca6ea1SDimitry Andric# define _LIBCPP_ASSERT_VALID_ELEMENT_ACCESS(expression, message) _LIBCPP_ASSERT(expression, message) 86*0fca6ea1SDimitry Andric# define _LIBCPP_ASSERT_NON_NULL(expression, message) _LIBCPP_ASSERT(expression, message) 87*0fca6ea1SDimitry Andric# define _LIBCPP_ASSERT_NON_OVERLAPPING_RANGES(expression, message) _LIBCPP_ASSERT(expression, message) 88*0fca6ea1SDimitry Andric# define _LIBCPP_ASSERT_VALID_DEALLOCATION(expression, message) _LIBCPP_ASSERT(expression, message) 89*0fca6ea1SDimitry Andric# define _LIBCPP_ASSERT_VALID_EXTERNAL_API_CALL(expression, message) _LIBCPP_ASSERT(expression, message) 90*0fca6ea1SDimitry Andric# define _LIBCPP_ASSERT_COMPATIBLE_ALLOCATOR(expression, message) _LIBCPP_ASSERT(expression, message) 91*0fca6ea1SDimitry Andric# define _LIBCPP_ASSERT_ARGUMENT_WITHIN_DOMAIN(expression, message) _LIBCPP_ASSERT(expression, message) 92*0fca6ea1SDimitry Andric# define _LIBCPP_ASSERT_PEDANTIC(expression, message) _LIBCPP_ASSERT(expression, message) 93*0fca6ea1SDimitry Andric# define _LIBCPP_ASSERT_SEMANTIC_REQUIREMENT(expression, message) _LIBCPP_ASSERT(expression, message) 94*0fca6ea1SDimitry Andric# define _LIBCPP_ASSERT_INTERNAL(expression, message) _LIBCPP_ASSERT(expression, message) 95*0fca6ea1SDimitry Andric# define _LIBCPP_ASSERT_UNCATEGORIZED(expression, message) _LIBCPP_ASSERT(expression, message) 96*0fca6ea1SDimitry Andric 97*0fca6ea1SDimitry Andric// Disable all checks if hardening is not enabled. 98*0fca6ea1SDimitry Andric 99*0fca6ea1SDimitry Andric#else 100*0fca6ea1SDimitry Andric 101*0fca6ea1SDimitry Andric// All checks disabled. 102*0fca6ea1SDimitry Andric# define _LIBCPP_ASSERT_VALID_INPUT_RANGE(expression, message) _LIBCPP_ASSUME(expression) 103*0fca6ea1SDimitry Andric# define _LIBCPP_ASSERT_VALID_ELEMENT_ACCESS(expression, message) _LIBCPP_ASSUME(expression) 104*0fca6ea1SDimitry Andric# define _LIBCPP_ASSERT_NON_NULL(expression, message) _LIBCPP_ASSUME(expression) 105*0fca6ea1SDimitry Andric# define _LIBCPP_ASSERT_NON_OVERLAPPING_RANGES(expression, message) _LIBCPP_ASSUME(expression) 106*0fca6ea1SDimitry Andric# define _LIBCPP_ASSERT_VALID_DEALLOCATION(expression, message) _LIBCPP_ASSUME(expression) 107*0fca6ea1SDimitry Andric# define _LIBCPP_ASSERT_VALID_EXTERNAL_API_CALL(expression, message) _LIBCPP_ASSUME(expression) 108*0fca6ea1SDimitry Andric# define _LIBCPP_ASSERT_COMPATIBLE_ALLOCATOR(expression, message) _LIBCPP_ASSUME(expression) 109*0fca6ea1SDimitry Andric# define _LIBCPP_ASSERT_ARGUMENT_WITHIN_DOMAIN(expression, message) _LIBCPP_ASSUME(expression) 110*0fca6ea1SDimitry Andric# define _LIBCPP_ASSERT_PEDANTIC(expression, message) _LIBCPP_ASSUME(expression) 111*0fca6ea1SDimitry Andric# define _LIBCPP_ASSERT_SEMANTIC_REQUIREMENT(expression, message) _LIBCPP_ASSUME(expression) 112*0fca6ea1SDimitry Andric# define _LIBCPP_ASSERT_INTERNAL(expression, message) _LIBCPP_ASSUME(expression) 113*0fca6ea1SDimitry Andric# define _LIBCPP_ASSERT_UNCATEGORIZED(expression, message) _LIBCPP_ASSUME(expression) 114*0fca6ea1SDimitry Andric 115*0fca6ea1SDimitry Andric#endif // _LIBCPP_HARDENING_MODE == _LIBCPP_HARDENING_MODE_FAST 116*0fca6ea1SDimitry Andric// clang-format on 117*0fca6ea1SDimitry Andric 11881ad6265SDimitry Andric#endif // _LIBCPP___ASSERT 119