macro: add ASSERT_SE_PTR() macro

ASSERT_SE_PTR() is like ASSERT_PTR() but uses assert_se() instead of
assert() internally.

Code should use ASSERT_SE_PTR() where the check should never be
optimized away, even if NDEBUG is set.

Rationale: assert() is the right choice for validating assumptions about
our own code, i.e. checking conditions that are "impossible" to not
hold, because we ourselves hacked things up the "right" way of course.
assert_se() is the right choice for tests that come with a weaker
guarantee, they encode assumptions over other's API behaviour, i.e.
whether something can fail there or not.

When developing tools that are not oom-safe assert_se() is the right
choice: we know that on Linux OOM doesn't really happen, even though
theoretically the API allows it to happen.

Usecase for ASSERT_SE_PTR() is mostly the fatal memory allocation logic
for EFI memory allocations. So far it used regular assert() i.e. OOM
failurs would be totally ignored if NDEBUG is set. We'd rather have our
EFI program to print an assert message and freeze instead though.

diff --git a/src/fundamental/macro-fundamental.h b/src/fundamental/macro-fundamental.h
index a1cbc3a5b3b26f5d1f84f3aa743e545d7c9ffa54..15b93165dc2b33f00022cba4c3076f32cb73402f 100644 (file)
--- a/src/fundamental/macro-fundamental.h
+++ b/src/fundamental/macro-fundamental.h
@@ -76,6 +76,13 @@
                 _expr_;                         \
         })
 
+#define ASSERT_SE_PTR(expr)                     \
+        ({                                      \
+                typeof(expr) _expr_ = (expr);   \
+                assert_se(_expr_);              \
+                _expr_;                         \
+        })
+
 #if defined(static_assert)
 #define assert_cc(expr)                                                 \
         static_assert(expr, #expr)