Add ASSUME(expr). Set -ABORT_ON_ASSUME_FAIL when configured with --enable-debug or --enable-fuzz.

practicalswift · practicalswift · commit 674f9d59ba4c · 2019-10-29T18:01:07.000Z
diff --git a/configure.ac b/configure.ac
@@ -291,6 +291,7 @@ if test "x$enable_debug" = xyes; then
 
   AX_CHECK_PREPROC_FLAG([-DDEBUG],[[DEBUG_CPPFLAGS="$DEBUG_CPPFLAGS -DDEBUG"]],,[[$CXXFLAG_WERROR]])
   AX_CHECK_PREPROC_FLAG([-DDEBUG_LOCKORDER],[[DEBUG_CPPFLAGS="$DEBUG_CPPFLAGS -DDEBUG_LOCKORDER"]],,[[$CXXFLAG_WERROR]])
+  AX_CHECK_PREPROC_FLAG([-DABORT_ON_FAILED_ASSUME],[[DEBUG_CPPFLAGS="$DEBUG_CPPFLAGS -DABORT_ON_FAILED_ASSUME"]],,[[$CXXFLAG_WERROR]])
   AX_CHECK_COMPILE_FLAG([-ftrapv],[DEBUG_CXXFLAGS="$DEBUG_CXXFLAGS -ftrapv"],,[[$CXXFLAG_WERROR]])
 fi
 
@@ -1017,6 +1018,7 @@ if test "x$enable_fuzz" = "xyes"; then
   use_bench=no
   use_upnp=no
   use_zmq=no
+  AX_CHECK_PREPROC_FLAG([-DABORT_ON_FAILED_ASSUME],[[DEBUG_CPPFLAGS="$DEBUG_CPPFLAGS -DABORT_ON_FAILED_ASSUME"]],,[[$CXXFLAG_WERROR]])
 else
   BITCOIN_QT_INIT
 
diff --git a/src/util/check.h b/src/util/check.h
@@ -5,6 +5,7 @@
 #ifndef BITCOIN_UTIL_CHECK_H
 #define BITCOIN_UTIL_CHECK_H
 
+#include <config/bitcoin-config.h>
 #include <tinyformat.h>
 
 #include <stdexcept>
@@ -38,4 +39,56 @@ class NonFatalCheckError : public std::runtime_error
         }                                                         \
     } while (false)
 
+/**
+ * ASSUME(expression)
+ *
+ * ASSUME(...) is used to document assumptions.
+ *
+ * Bitcoin Core is always compiled with assertions enabled. assert(...)
+ * is thus only appropriate for documenting critical assumptions
+ * where a failed assumption should lead to immediate abortion also
+ * in production environments.
+ *
+ * ASSUME(...) works like assert(...) if -DABORT_ON_FAILED_ASSUME
+ * and is side-effect safe.
+ *
+ * More specifically:
+ *
+ * * If compiled with -DABORT_ON_FAILED_ASSUME (set by --enable-debug
+ *   and --enable-fuzz): Evaluate expression and abort if expression is
+ *   false.
+ *
+ * * Otherwise:
+ *   Evaluate expression and continue execution.
+ *
+ * ABORT_ON_FAILED_ASSUME should not be set in production environments.
+ *
+ * Example
+ * =======
+ * int main(void) {
+ *     ASSUME(IsFoo());
+ *     ...
+ * }
+ *
+ * If !IsFoo() and -DABORT_ON_FAILED_ASSUME, then:
+ *     filename.cpp:123: main: ASSUME(IsFoo()) failed.
+ *     Aborted
+ * Otherwise the execution continues.
+ */
+
+#ifdef ABORT_ON_FAILED_ASSUME
+#define ACTION_ON_FAILED_ASSUME std::abort();
+#else
+#define ACTION_ON_FAILED_ASSUME
+#endif
+
+#define ASSUME(expression)                                                                               \
+    do {                                                                                                 \
+        if (!(expression)) {                                                                             \
+            tfm::format(std::cerr, "%s:%d: %s: ASSUME(%s) failed. You may report this issue here: %s\n", \
+                __FILE__, __LINE__, __func__, #expression, PACKAGE_BUGREPORT);                           \
+            ACTION_ON_FAILED_ASSUME                                                                      \
+        }                                                                                                \
+    } while (false)
+
 #endif // BITCOIN_UTIL_CHECK_H
