argv-iter
assert
assert-h
+ assure
attribute
autobuild
backupfile
#include "gettext.h"
#define _(msgid) gettext (msgid)
+#include "assure.h"
#include "minmax.h"
#include "rand-isaac.h"
#include "stdio-safer.h"
static void
randread_error (void const *file_name)
{
- if (file_name)
- error (exit_failure, errno,
- errno == 0 ? _("%s: end of file") : _("%s: read error"),
- quote (file_name));
- abort ();
+ affirm (exit_failure);
+ error (exit_failure, errno,
+ errno == 0 ? _("%s: end of file") : _("%s: read error"),
+ quote (file_name));
}
/* Simply return a new randread_source object with the default error
#include <errno.h>
#include <inttypes.h>
+#include <stddef.h>
#include <stdlib.h>
#include "error.h"
#include "quote.h"
-#include "verify.h"
#include "xstrtol.h"
/* Parse numeric string N_STR of base BASE, and return the value.
/* EINVAL error message is redundant in this context. */
error (err_exit ? err_exit : EXIT_FAILURE, errno == EINVAL ? 0 : errno,
"%s: %s", err, quote (n_str));
- assume (false);
+ unreachable ();
}
return tnum;
#include <stdlib.h>
#include <errno.h>
-#include <assert.h>
+#include "assure.h"
#include "xalloc.h"
#include "xfts.h"
{
/* This can fail in two ways: out of memory or with errno==EINVAL,
which indicates it was called with invalid bit_flags. */
- assert (errno != EINVAL);
+ affirm (errno != EINVAL);
xalloc_die ();
}
#elif BASE_TYPE == 42
# include "base32.h"
# include "base64.h"
-# include <assert.h>
+# include "assure.h"
# define PROGRAM_NAME "basenc"
#else
# error missing/invalid BASE_TYPE definition
for (char *p = out; outlen--; p++)
{
- assert (0x32 <= *p && *p <= 0x5a); /* LCOV_EXCL_LINE */
+ affirm (0x32 <= *p && *p <= 0x5a); /* LCOV_EXCL_LINE */
*p = base32_norm_to_hex[*p - 0x32];
}
}
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
-#include <assert.h>
#include <errno.h>
#include <ctype.h>
#include <sys/types.h>
#include "system.h"
+#include "assure.h"
#include "dev-ino.h"
#include "die.h"
#include "error.h"
printf (fmt, quoted_file, m, &perms[1]);
return;
default:
- abort ();
+ affirm (false);
}
printf (fmt, quoted_file, old_m, &old_perms[1], m, &perms[1]);
}
#include <grp.h>
#include "system.h"
+#include "assure.h"
#include "chown-core.h"
#include "error.h"
#include "ignore-value.h"
: _("ownership of %s retained\n"));
break;
default:
- abort ();
+ affirm (false);
}
printf (fmt, quoteaf (file), old_spec, spec);
break;
default:
- abort ();
+ unreachable ();
}
}
#include <config.h>
#include <stdio.h>
-#include <assert.h>
#include <sys/ioctl.h>
#include <sys/types.h>
#include <selinux/selinux.h>
#include "system.h"
#include "acl.h"
#include "alignalloc.h"
+#include "assure.h"
#include "backupfile.h"
#include "buffer-lcm.h"
#include "canonicalize.h"
int dst_dirfd, char const *dst_relname,
struct stat const *dst_sb)
{
- assert (x->move_mode);
+ affirm (x->move_mode);
return (x->interactive == I_ALWAYS_NO
|| x->interactive == I_ALWAYS_SKIP
|| ((x->interactive == I_ASK_USER
else
{
#if defined lint && (defined __clang__ || defined __COVERITY__)
- assert (x->move_mode);
+ affirm (x->move_mode);
memset (&src_sb, 0, sizeof src_sb);
#endif
}
return false;
}
-ATTRIBUTE_PURE
-static bool
+static void
valid_options (const struct cp_options *co)
{
- assert (VALID_BACKUP_TYPE (co->backup_type));
- assert (VALID_SPARSE_MODE (co->sparse_mode));
- assert (VALID_REFLINK_MODE (co->reflink_mode));
- assert (!(co->hard_link && co->symbolic_link));
- assert (!
+ affirm (VALID_BACKUP_TYPE (co->backup_type));
+ affirm (VALID_SPARSE_MODE (co->sparse_mode));
+ affirm (VALID_REFLINK_MODE (co->reflink_mode));
+ affirm (!(co->hard_link && co->symbolic_link));
+ affirm (!
(co->reflink_mode == REFLINK_ALWAYS
&& co->sparse_mode != SPARSE_AUTO));
- return true;
}
/* Copy the file SRC_NAME to the file DST_NAME aka DST_DIRFD+DST_RELNAME.
int nonexistent_dst, const struct cp_options *options,
bool *copy_into_self, bool *rename_succeeded)
{
- assert (valid_options (options));
+ valid_options (options);
/* Record the file names: they're used in case of error, when copying
a directory into itself. I don't like to make these tools do *any*
#include "system.h"
#include "argmatch.h"
+#include "assure.h"
#include "backupfile.h"
#include "copy.h"
#include "cp-hash.h"
break;
default:
- abort ();
+ affirm (false);
}
s = comma;
}
#include <config.h>
-#include <assert.h>
#include <getopt.h>
#include <sys/types.h>
#include <signal.h>
for (b = head;;)
{
- assert (b);
if (linenum < b->start_line + b->num_lines)
{
/* The line is in this buffer. */
#include <config.h>
#include <stdio.h>
-#include <assert.h>
#include <getopt.h>
#include <sys/types.h>
#include "system.h"
+#include "assure.h"
#include "error.h"
#include "fadvise.h"
#include "getndelim2.h"
}
n_bytes = len;
- assert (n_bytes != 0);
+ affirm (n_bytes != 0);
c = 0;
#include <stdio.h>
#include <sys/types.h>
#include <getopt.h>
-#include <assert.h>
#include <c-ctype.h>
#include <wchar.h>
#include <wctype.h>
#include "system.h"
+#include "assure.h"
#include "canonicalize.h"
#include "die.h"
#include "error.h"
static struct fs_usage grand_fsu;
/* Display modes. */
-enum
+static enum
{
DEFAULT_MODE,
INODES_MODE,
HUMAN_MODE,
POSIX_MODE,
OUTPUT_MODE
-};
-static int header_mode = DEFAULT_MODE;
+} header_mode = DEFAULT_MODE;
/* Displayable fields. */
typedef enum
if (c != nullptr)
columns[ncolumns - 1]->caption = c;
- if (field_data[f].used)
- assert (!"field used");
+ affirm (!field_data[f].used);
/* Mark field as used. */
field_data[f].used = true;
break;
default:
- assert (!"invalid field");
+ affirm (!"invalid field");
}
s = comma;
}
break;
default:
- assert (!"invalid header_mode");
+ unreachable ();
}
}
v = nullptr;
break;
default:
- v = nullptr; /* Avoid warnings where assert() is not __noreturn__. */
- assert (!"bad field_type");
+ affirm (!"bad field_type");
}
switch (columns[col]->field)
break;
default:
- assert (!"unhandled field");
+ affirm (!"unhandled field");
}
- if (!cell)
- assert (!"empty cell");
+ affirm (cell);
replace_problematic_chars (cell);
size_t cell_width = mbswidth (cell, 0);
# define DIE_H
# include <error.h>
-# include <verify.h>
+# include <stddef.h>
/* Like 'error (STATUS, ...)', except STATUS must be a nonzero constant.
This may pacify the compiler or help it generate better code. */
# define die(status, ...) \
- verify_expr (status, (error (status, __VA_ARGS__), assume (false)))
+ verify_expr (status, (error (status, __VA_ARGS__), unreachable ()))
#endif /* DIE_H */
#include <config.h>
#include <getopt.h>
#include <sys/types.h>
-#include <assert.h>
#include "system.h"
#include "argmatch.h"
#include "argv-iter.h"
+#include "assure.h"
#include "di-set.h"
#include "die.h"
#include "error.h"
if (info == FTS_NSOK)
{
fts_set (fts, ent, FTS_AGAIN);
- FTSENT const *e = fts_read (fts);
- assert (e == ent);
+ MAYBE_UNUSED FTSENT const *e = fts_read (fts);
+ affirm (e == ent);
info = ent->fts_info;
}
if (info == FTS_D)
{
fts_set (fts, ent, FTS_SKIP);
- FTSENT const *e = fts_read (fts);
- assert (e == ent);
+ MAYBE_UNUSED FTSENT const *e = fts_read (fts);
+ affirm (e == ent);
}
return true;
propagate sums from the children (prev_level) to the parent.
Here, the current level is always one smaller than the
previous one. */
- assert (level == prev_level - 1);
+ affirm (level == prev_level - 1);
duinfo_add (&dui_to_print, &dulvl[prev_level].ent);
if (!opt_separate_dirs)
duinfo_add (&dui_to_print, &dulvl[prev_level].subdir);
case AI_ERR_MEM:
xalloc_die ();
default:
- assert (!"unexpected error code from argv_iter");
+ affirm (!"unexpected error code from argv_iter");
}
}
if (files_from && STREQ (files_from, "-") && STREQ (file_name, "-"))
#include <config.h>
#include <stdio.h>
-#include <assert.h>
#include <sys/types.h>
#include "system.h"
+#include "assure.h"
/* The official name of this program (e.g., no 'g' prefix). */
#define PROGRAM_NAME "echo"
{
/* STATUS should always be EXIT_SUCCESS (unlike in most other
utilities which would call emit_try_help otherwise). */
- assert (status == EXIT_SUCCESS);
+ affirm (status == EXIT_SUCCESS);
printf (_("\
Usage: %s [SHORT-OPTION]... [STRING]...\n\
#include <config.h>
-#include <assert.h>
#include <stdio.h>
#include <sys/types.h>
#include "system.h"
if (fp)
{
- assert (prev_file);
int err = errno;
if (!ferror (fp))
err = 0;
puts (v->u.s);
break;
default:
- abort ();
+ unreachable ();
}
}
return true;
}
default:
- abort ();
+ unreachable ();
}
}
case string:
break;
default:
- abort ();
+ unreachable ();
}
}
return true;
}
default:
- abort ();
+ unreachable ();
}
}
case not_equal: val = (cmp != 0); break;
case greater_equal: val = (cmp >= 0); break;
case greater_than: val = (cmp > 0); break;
- default: abort ();
+ default: unreachable ();
}
}
#include <getopt.h>
#include <stdio.h>
#include <gmp.h>
-#include <assert.h>
#include "system.h"
+#include "assure.h"
#include "die.h"
#include "error.h"
#include "full-write.h"
do { \
uintmax_t __d1, __d0, __q, __r1, __r0; \
\
- assert ((n1) < (d)); \
__d1 = (d); __d0 = 0; \
__r1 = (n1); __r0 = (n0); \
+ affirm (__r1 < __d1); \
__q = 0; \
for (unsigned int __i = W_TYPE_SIZE; __i > 0; __i--) \
{ \
{
int cntd, cnta;
- assert (d1 != 0);
+ affirm (d1 != 0);
if (a1 == 0)
{
static uintmax_t
gcd2_odd (uintmax_t *r1, uintmax_t a1, uintmax_t a0, uintmax_t b1, uintmax_t b0)
{
- assert (b0 & 1);
+ affirm (b0 & 1);
if ((a0 | a1) == 0)
{
{
if (p1 > 0)
{
- assert (factors->plarge[1] == 0);
+ affirm (factors->plarge[1] == 0);
factors->plarge[0] = p0;
factors->plarge[1] = p1;
}
uintmax_t r1, r0, q, p1, t1, t0, s1, s0;
MAYBE_UNUSED uintmax_t p0;
mi = -mi;
- assert ((a1 >> (W_TYPE_SIZE - 1)) == 0);
- assert ((b1 >> (W_TYPE_SIZE - 1)) == 0);
- assert ((m1 >> (W_TYPE_SIZE - 1)) == 0);
+ affirm ((a1 >> (W_TYPE_SIZE - 1)) == 0);
+ affirm ((b1 >> (W_TYPE_SIZE - 1)) == 0);
+ affirm ((m1 >> (W_TYPE_SIZE - 1)) == 0);
/* First compute a0 * <b1, b0> B^{-1}
+-----+
/* Lucas' prime test. The number of iterations vary greatly, up to a few dozen
have been observed. The average seem to be about 2. */
-static bool
+static bool ATTRIBUTE_PURE
prime_p (uintmax_t n)
{
int k;
return false;
}
- error (0, 0, _("Lucas prime test failure. This should not happen"));
- abort ();
+ affirm (!"Lucas prime test failure. This should not happen");
}
-static bool
+static bool ATTRIBUTE_PURE
prime2_p (uintmax_t n1, uintmax_t n0)
{
uintmax_t q[2], nm1[2];
return false;
}
- error (0, 0, _("Lucas prime test failure. This should not happen"));
- abort ();
+ affirm (!"Lucas prime test failure. This should not happen");
}
static bool
}
}
- error (0, 0, _("Lucas prime test failure. This should not happen"));
- abort ();
+ affirm (!"Lucas prime test failure. This should not happen");
ret1:
if (flag_prove_primality)
while (n != 1)
{
- assert (a < n);
+ affirm (a < n);
binv (ni, n); /* FIXME: when could we use old 'ni' value? */
uintmax_t x;
/* Ensures the remainder fits in an uintmax_t. */
- assert (nh < ((uintmax_t) 1 << (W_TYPE_SIZE - 2)));
+ affirm (nh < ((uintmax_t) 1 << (W_TYPE_SIZE - 2)));
if (nh == 0)
return isqrt (nl);
{
uintmax_t hi, lo;
umul_ppmm (hi, lo, x + 1, x + 1);
- assert (gt2 (hi, lo, nh, nl));
+ affirm (gt2 (hi, lo, nh, nl));
umul_ppmm (hi, lo, x, x);
- assert (ge2 (nh, nl, hi, lo));
+ affirm (ge2 (nh, nl, hi, lo));
sub_ddmmss (hi, lo, nh, nl, hi, lo);
- assert (hi == 0);
+ affirm (hi == 0);
return x;
}
_mask = -(uintmax_t) (_r >= (d)); \
(r) = _r - (_mask & (d)); \
(q) = _q - _mask; \
- assert ((q) * (d) + (r) == u); \
+ affirm ((q) * (d) + (r) == u); \
} \
else \
{ \
uintmax_t p1, p0;
umul_ppmm (p1, p0, sqrt_n, sqrt_n);
- assert (p0 == n0);
+ affirm (p0 == n0);
if (n1 == p1)
{
unsigned int mu = *m;
unsigned int qpos = 0;
- assert (mu * n0 % 4 == 3);
+ affirm (mu * n0 % 4 == 3);
/* In the notation of the paper, with mu * n == 3 (mod 4), we
get \Delta = 4 mu * n, and the paper's \mu is 2 mu. As far as
umul_ppmm (Dh, Dl, n0, mu);
Dh += n1 * mu;
- assert (Dl % 4 != 1);
- assert (Dh < (uintmax_t) 1 << (W_TYPE_SIZE - 2));
+ affirm (Dl % 4 != 1);
+ affirm (Dh < (uintmax_t) 1 << (W_TYPE_SIZE - 2));
S = isqrt2 (Dh, Dl);
div_smallq (q, rem, S + P, Q);
P1 = S - rem; /* P1 = q*Q - P */
- assert (q > 0 && Q > 0);
+ affirm (q > 0 && Q > 0);
# if STAT_SQUFOF
q_freq[0]++;
/* We have found a square form, which should give a
factor. */
Q1 = r;
- assert (S >= P); /* What signs are possible? */
+ affirm (S >= P); /* What signs are possible? */
P += r * ((S - P) / r);
/* Note: Paper says (N - P*P) / Q1, that seems incorrect
umul_ppmm (hi, lo, P, P);
sub_ddmmss (hi, lo, Dh, Dl, hi, lo);
udiv_qrnnd (Q, rem, hi, lo, Q1);
- assert (rem == 0);
+ affirm (rem == 0);
for (;;)
{
Q /= 2;
Q /= gcd_odd (Q, mu);
- assert (Q > 1 && (n1 || Q < n0));
+ affirm (Q > 1 && (n1 || Q < n0));
if (prime_p (Q))
factor_insert (factors, Q);
#include <stdio.h>
#include <sys/types.h>
#include <getopt.h>
-#include <assert.h>
/* Redefine. Otherwise, systems (Unicos for one) with headers that define
it to be a type get syntax errors for the variable declaration below. */
/* Tell static analysis tools that using word_limit[-1] is ok.
word_limit is guaranteed to have been incremented by get_line. */
- assert (word < word_limit);
+ assume (word < word_limit);
(word_limit - 1)->period = (word_limit - 1)->final = true;
next_char = c;
#include "system.h"
+#include "assure.h"
#include "die.h"
#include "error.h"
#include "full-read.h"
error (0, errno, _("%s: file has shrunk too much"), quotef (filename));
break;
default:
- abort ();
+ affirm (false);
}
}
#include <config.h>
-#include <assert.h>
-
/* poll(2) is needed on AIX (where 'select' gives a readable
event immediately) and Solaris (where 'select' never gave
a readable event). Also use poll(2) on systems we know work
#endif
#include "system.h"
+#include "assure.h"
#include "iopoll.h"
#include "isapipe.h"
static int
iopoll_internal (int fdin, int fdout, bool block, bool broken_output)
{
- assert (fdin != -1 || fdout != -1);
+ affirm (fdin != -1 || fdout != -1);
#if IOPOLL_USES_POLL
struct pollfd pfds[2] = { /* POLLRDBAND needed for illumos, macOS. */
continue;
if (ret == 0 && ! block)
return 0;
- assert (0 < ret);
+ affirm (0 < ret);
if (pfds[0].revents) /* input available or pipe closed indicating EOF; */
return 0; /* should now be able to read() without blocking */
if (pfds[1].revents & check_out_events)
continue;
if (ret == 0 && ! block)
return 0;
- assert (0 < ret);
+ affirm (0 < ret);
if (0 <= fdin && FD_ISSET (fdin, &fds)) /* input available or EOF; */
return 0; /* should now be able to read() without blocking */
if (0 <= fdout && FD_ISSET (fdout, &fds)) /* equiv to POLLERR */
{
const size_t written = fwrite (buf, 1, size, f);
size -= written;
- assert (size >= 0);
+ affirm (size >= 0);
if (size <= 0) /* everything written */
return true;
#include <config.h>
-#include <assert.h>
#include <sys/types.h>
#include <getopt.h>
#include "system.h"
+#include "assure.h"
#include "die.h"
#include "error.h"
#include "fadvise.h"
{
struct outlist *o;
- assert (file == 0 || file == 1 || file == 2);
- assert (file != 0 || field == 0);
+ affirm (file == 0 || file == 1 || file == 2);
+ affirm (file != 0 || field == 0);
o = xmalloc (sizeof *o);
o->file = file;
default:
die (EXIT_FAILURE, 0,
_("invalid file number in field spec: %s"), quote (s));
-
- /* Tell gcc -W -Wall that we can't get beyond this point.
- This avoids a warning (otherwise legit) that the caller's copies
- of *file_index and *field_index might be used uninitialized. */
- abort ();
-
- break;
}
}
#endif
#include <stdio.h>
-#include <assert.h>
#include <setjmp.h>
#include <pwd.h>
#include <getopt.h>
#include "acl.h"
#include "argmatch.h"
+#include "assure.h"
#include "c-strcase.h"
#include "dev-ino.h"
#include "die.h"
void *vdi;
struct dev_ino *di;
int dev_ino_size = sizeof *di;
- assert (dev_ino_size <= obstack_object_size (&dev_ino_obstack));
+ affirm (dev_ino_size <= obstack_object_size (&dev_ino_obstack));
obstack_blank_fast (&dev_ino_obstack, -dev_ino_size);
vdi = obstack_next_free (&dev_ino_obstack);
di = vdi;
static void
assert_matching_dev_ino (char const *name, struct dev_ino di)
{
- struct stat sb;
- assert (name);
- assert (0 <= stat (name, &sb));
- assert (sb.st_dev == di.st_dev);
- assert (sb.st_ino == di.st_ino);
+ MAYBE_UNUSED struct stat sb;
+ assure (0 <= stat (name, &sb));
+ assure (sb.st_dev == di.st_dev);
+ assure (sb.st_ino == di.st_ino);
}
static char eolbyte = '\n';
case time_btime:
return STATX_BTIME;
default:
- abort ();
+ unreachable ();
}
return 0;
}
mask |= STATX_SIZE;
break;
default:
- abort ();
+ unreachable ();
}
return mask;
initialize_exit_failure (LS_FAILURE);
atexit (close_stdout);
- assert (ARRAY_CARDINALITY (color_indicator) + 1
- == ARRAY_CARDINALITY (indicator_name));
+ static_assert (ARRAY_CARDINALITY (color_indicator) + 1
+ == ARRAY_CARDINALITY (indicator_name));
exit_status = EXIT_SUCCESS;
print_dir_name = true;
struct dev_ino *found = hash_remove (active_dir_set, &di);
if (false)
assert_matching_dev_ino (thispend->realname, di);
- assert (found);
+ affirm (found);
dev_ino_free (found);
free_pending_ent (thispend);
continue;
if (LOOP_DETECT)
{
- assert (hash_get_n_entries (active_dir_set) == 0);
+ assure (hash_get_n_entries (active_dir_set) == 0);
hash_free (active_dir_set);
}
break;
default:
- abort ();
+ unreachable ();
}
}
goto done;
default:
- abort ();
+ affirm (false);
}
}
done:
/* An inode value prior to gobble_file necessarily came from readdir,
which is not used for command line arguments. */
- assert (! command_line_arg || inode == NOT_AN_INODE_NUMBER);
+ affirm (! command_line_arg || inode == NOT_AN_INODE_NUMBER);
if (cwd_n_used == cwd_n_alloc)
{
else
{
use_strcmp = true;
- assert (sort_type != sort_version);
+ affirm (sort_type != sort_version);
initialize_ordering_vector ();
}
}
/* Return a pointer to a formatted version of F->stat.st_ino,
- possibly using buffer, BUF, of length BUFLEN, which must be at least
+ possibly using buffer, which must be at least
INT_BUFSIZE_BOUND (uintmax_t) bytes. */
static char *
-format_inode (char *buf, size_t buflen, const struct fileinfo *f)
+format_inode (char buf[INT_BUFSIZE_BOUND (uintmax_t)],
+ const struct fileinfo *f)
{
- assert (INT_BUFSIZE_BOUND (uintmax_t) <= buflen);
return (f->stat_ok && f->stat.st_ino != NOT_AN_INODE_NUMBER
? umaxtostr (f->stat.st_ino, buf)
: (char *) "?");
btime_ok = false;
break;
default:
- abort ();
+ unreachable ();
}
p = buf;
if (print_inode)
{
char hbuf[INT_BUFSIZE_BOUND (uintmax_t)];
- p += sprintf (p, "%*s ", inode_number_width,
- format_inode (hbuf, sizeof hbuf, f));
+ p += sprintf (p, "%*s ", inode_number_width, format_inode (hbuf, f));
}
if (print_block_size)
if (print_inode)
printf ("%*s ", format == with_commas ? 0 : inode_number_width,
- format_inode (buf, sizeof buf, f));
+ format_inode (buf, f));
if (print_block_size)
printf ("%*s ", format == with_commas ? 0 : block_size_width,
#include <stdio.h>
#include <getopt.h>
#include <sys/types.h>
-#include <assert.h>
#include <selinux/label.h>
#include "system.h"
#include "argmatch.h"
+#include "assure.h"
#include "backupfile.h"
#include "copy.h"
#include "cp-hash.h"
dir[1] = nullptr;
status = rm ((void *) dir, &rm_options);
- assert (VALID_STATUS (status));
+ affirm (VALID_STATUS (status));
if (status == RM_ERROR)
ok = false;
}
case SSE_OK_PRECISION_LOSS:
case SSE_OK:
/* should never happen - this function isn't called when OK. */
- abort ();
+ unreachable ();
case SSE_OVERFLOW:
msgid = N_("value too large to be converted: %s");
#include <config.h>
#include <stdio.h>
-#include <assert.h>
#include <getopt.h>
#include <sys/types.h>
#include "system.h"
#include "argmatch.h"
+#include "assure.h"
#include "die.h"
#include "error.h"
#include "ftoastr.h"
string argument.
*/
-static bool
+static bool ATTRIBUTE_NONNULL ()
decode_one_format (char const *s_orig, char const *s, char const **next,
struct tspec *tspec)
{
char c;
int field_width;
- assert (tspec != nullptr);
-
switch (*s)
{
case 'd':
break;
default:
- abort ();
+ unreachable ();
}
- assert (strlen (tspec->fmt_string) < FMT_BYTES_ALLOCATED);
-
switch (size_spec)
{
case CHAR:
break;
default:
- abort ();
+ affirm (false);
}
break;
break;
default:
- abort ();
+ affirm (false);
}
break;
if (tspec->hexl_mode_trailer)
s++;
- if (next != nullptr)
- *next = s;
-
+ *next = s;
return true;
}
representation to the global array SPEC, reallocating SPEC if
necessary. Return true if S is valid. */
-static bool
+static bool ATTRIBUTE_NONNULL ()
decode_format_string (char const *s)
{
char const *s_orig = s;
- assert (s != nullptr);
while (*s != '\0')
{
if (! decode_one_format (s_orig, s, &next, &spec[n_specs]))
return false;
- assert (s != next);
+ affirm (s != next);
s = next;
++n_specs;
}
{
bool ok = true;
- assert (0 < n && n <= bytes_per_block);
+ affirm (0 < n && n <= bytes_per_block);
*n_bytes_in_buffer = 0;
ok &= read_block (n_needed, block[idx], &n_bytes_read);
if (n_bytes_read < bytes_per_block)
break;
- assert (n_bytes_read == bytes_per_block);
+ affirm (n_bytes_read == bytes_per_block);
write_block (current_offset, n_bytes_read,
block[!idx], block[idx]);
current_offset += n_bytes_read;
ok &= read_block (bytes_per_block, block[idx], &n_bytes_read);
if (n_bytes_read < bytes_per_block)
break;
- assert (n_bytes_read == bytes_per_block);
+ affirm (n_bytes_read == bytes_per_block);
write_block (current_offset, n_bytes_read,
block[!idx], block[idx]);
current_offset += n_bytes_read;
for (i = 0; i < n_specs; i++)
{
int fields_per_block = bytes_per_block / width_bytes[spec[i].size];
- assert (bytes_per_block % width_bytes[spec[i].size] == 0);
- assert (1 <= spec[i].pad_width / fields_per_block);
+ affirm (bytes_per_block % width_bytes[spec[i].size] == 0);
+ affirm (1 <= spec[i].pad_width / fields_per_block);
printf ("%d: fmt=\"%s\" in_width=%d out_width=%d pad=%d\n",
i, spec[i].fmt_string, width_bytes[spec[i].size],
spec[i].field_width, spec[i].pad_width);
#include <config.h>
#include <stdio.h>
#include <sys/types.h>
-#include <assert.h>
#include "system.h"
+#include "assure.h"
#include "error.h"
#include "file-type.h"
#include "filenamecat.h"
enum RM_status s = rm_fts (fts, ent, x);
- assert (VALID_STATUS (s));
+ affirm (VALID_STATUS (s));
UPDATE_STATUS (rm_status, s);
}
#include <stdio.h>
#include <getopt.h>
#include <sys/types.h>
-#include <assert.h>
#include "system.h"
#include "argmatch.h"
+#include "assure.h"
#include "die.h"
#include "error.h"
#include "remove.h"
}
enum RM_status status = rm (file, &x);
- assert (VALID_STATUS (status));
+ affirm (VALID_STATUS (status));
return status == RM_ERROR ? EXIT_FAILURE : EXIT_SUCCESS;
}
#include <getopt.h>
#include <stdio.h>
-#include <assert.h>
#include <setjmp.h>
#include <sys/types.h>
#if defined __linux__ && HAVE_SYS_MTIO_H
#include "system.h"
#include "alignalloc.h"
#include "argmatch.h"
+#include "assure.h"
#include "xdectoint.h"
#include "die.h"
#include "error.h"
}
}
top = num - randpasses; /* Top of initialized data */
- /* assert (d == dest + top); */
+ /* affirm (d == dest + top); */
/*
* We now have fixed patterns in the dest buffer up to
}
accum -= randpasses;
}
- /* assert (top == num); */
+ /* affirm (top == num); */
}
/*
/* Given that NAME is composed of bytes from NAMESET,
P will never be null here. */
- assert (p);
/* If this character has a successor, use it. */
if (p[1])
#include <sys/types.h>
#include <sys/wait.h>
#include <signal.h>
-#include <assert.h>
#include "system.h"
#include "argmatch.h"
+#include "assure.h"
#include "die.h"
#include "error.h"
#include "fadvise.h"
fp = stdout;
}
else
- assert (!"unexpected mode passed to stream_open");
+ affirm (!"unexpected mode passed to stream_open");
return fp;
}
char const *optarg1 = argv[optind++];
s = parse_field_count (optarg1 + 1, &key->eword,
N_("invalid number after '-'"));
- /* When called with a non-null message ID,
- parse_field_count cannot return a null pointer.
- Tell static analysis tools that
- dereferencing S is safe. */
- assert (s);
if (*s == '.')
s = parse_field_count (s + 1, &key->echar,
N_("invalid number after '.'"));
* support --suppress-matched as in csplit. */
#include <config.h>
-#include <assert.h>
#include <stdio.h>
#include <getopt.h>
#include <signal.h>
#include "system.h"
#include "alignalloc.h"
+#include "assure.h"
#include "die.h"
#include "error.h"
#include "fadvise.h"
if (numeric_suffix_start)
{
- assert (! widen);
+ affirm (! widen);
/* Update the output file name. */
idx_t i = strlen (numeric_suffix_start);
lines_chunk_split (intmax_t k, intmax_t n, char *buf, idx_t bufsize,
ssize_t initial_read, off_t file_size)
{
- assert (n && k <= n);
+ affirm (n && k <= n);
intmax_t rem_bytes = file_size % n;
off_t chunk_size = file_size / n;
break;
default:
- abort ();
+ affirm (false);
}
if (close (STDIN_FILENO) != 0)
# define USE_STATVFS 0
#endif
-#include <stddef.h>
#include <stdio.h>
#include <sys/types.h>
#include <pwd.h>
#include <stdio.h>
#include <getopt.h>
#include <sys/types.h>
-#include <assert.h>
#include "system.h"
+#include "assure.h"
#include "die.h"
#include "error.h"
#include "filenamecat.h"
case 'i':
case 'o':
opt_fileno = optc_to_fileno (c);
- assert (0 <= opt_fileno && opt_fileno < ARRAY_CARDINALITY (stdbuf));
+ affirm (0 <= opt_fileno && opt_fileno < ARRAY_CARDINALITY (stdbuf));
stdbuf[opt_fileno].optc = c;
while (c_isspace (*optarg))
optarg++;
#endif
#include <getopt.h>
#include <stdarg.h>
-#include <assert.h>
#include "system.h"
+#include "assure.h"
#include "die.h"
#include "error.h"
#include "fd-reopen.h"
Therefore we don't report the device name in any errors. */
speed_t baud = string_to_baud (arg);
- assert (baud != (speed_t) -1);
+ affirm (baud != (speed_t) -1);
if (type == input_speed || type == both_speeds)
{
return nullptr;
default:
- abort ();
+ unreachable ();
}
}
/* bitsp would be null only for "combination" modes, yet those
are filtered out above via the OMIT flag. Tell static analysis
tools that it's ok to dereference bitsp here. */
- assert (bitsp);
+ assume (bitsp);
if ((*bitsp & mask) == mode_info[i].bits)
{
bitsp = mode_type_flag (mode_info[i].type, mode);
mask = mode_info[i].mask ? mode_info[i].mask : mode_info[i].bits;
- assert (bitsp); /* See the identical assertion and comment above. */
+ assume (bitsp); /* See the identical assertion and comment above. */
if ((*bitsp & mask) == mode_info[i].bits)
wrapf ("%s", mode_info[i].name);
else if (mode_info[i].flags & REV)
if (mode_info[i].flags & SANE_SET)
{
bitsp = mode_type_flag (mode_info[i].type, mode);
- assert (bitsp); /* combination modes will not have SANE_SET. */
+ assume (bitsp); /* combination modes will not have SANE_SET. */
*bitsp = (*bitsp & ~mode_info[i].mask) | mode_info[i].bits;
}
else if (mode_info[i].flags & SANE_UNSET)
{
bitsp = mode_type_flag (mode_info[i].type, mode);
- assert (bitsp); /* combination modes will not have SANE_UNSET. */
+ assume (bitsp); /* combination modes will not have SANE_UNSET. */
*bitsp = *bitsp & ~mode_info[i].mask & ~mode_info[i].bits;
}
}
/* Written by Jim Meyering */
#include <config.h>
-#include <assert.h>
#include <getopt.h>
#include <stdio.h>
#include <sys/types.h>
#endif
default:
- assert ("invalid sync_mode");
+ unreachable ();
}
if (sync_status < 0)
# define makedev(maj, min) mkdev (maj, min)
#endif
+#include <stddef.h>
#include <string.h>
#include <errno.h>
along with this program. If not, see <https://www.gnu.org/licenses/>. */
/* FIXME */
-#include <assert.h>
+#include "assure.h"
#include "die.h"
}
else
{
- assert (lp->i > 0);
+ affirm (lp->i > 0);
lp_new.i = lp->i - 1;
lp_new.ptr = ONE_PAST_END (x, lp->i - 1) - 1;
}
{
Line_ptr lp_new;
- assert (lp->ptr <= ONE_PAST_END (x, lp->i) - 1);
+ affirm (lp->ptr <= ONE_PAST_END (x, lp->i) - 1);
if (lp->ptr < ONE_PAST_END (x, lp->i) - 1)
{
lp_new.i = lp->i;
}
else
{
- assert (lp->i < x->n_bufs - 1);
+ affirm (lp->i < x->n_bufs - 1);
lp_new.i = lp->i + 1;
lp_new.ptr = x->p[lp->i + 1].start;
}
#include <config.h>
#include <stdio.h>
-#include <assert.h>
#include <getopt.h>
#include <sys/types.h>
#include <signal.h>
#include "system.h"
#include "argmatch.h"
+#include "assure.h"
#include "cl-strtod.h"
#include "die.h"
#include "error.h"
die_pipe ();
}
-static bool
+MAYBE_UNUSED static bool
valid_file_spec (struct File_spec const *f)
{
/* Exactly one of the following subexpressions must be true. */
switch (whence)
{
case SEEK_SET:
- error (0, errno, _("%s: cannot seek to offset %s"),
+ error (EXIT_FAILURE, errno, _("%s: cannot seek to offset %s"),
quotef (filename), s);
break;
case SEEK_CUR:
- error (0, errno, _("%s: cannot seek to relative offset %s"),
+ error (EXIT_FAILURE, errno, _("%s: cannot seek to relative offset %s"),
quotef (filename), s);
break;
case SEEK_END:
- error (0, errno, _("%s: cannot seek to end-relative offset %s"),
+ error (EXIT_FAILURE, errno,
+ _("%s: cannot seek to end-relative offset %s"),
quotef (filename), s);
break;
default:
- abort ();
+ unreachable ();
}
-
- exit (EXIT_FAILURE);
}
/* Print the last N_LINES lines from the end of file FD.
}
else
{
- switch (is_local_fs_type (buf.f_type))
- {
- case 0:
- break;
- case -1:
- /* Treat unrecognized file systems as "remote", so caller polls.
- Note README-release has instructions for syncing the internal
- list with the latest Linux kernel file system constants. */
- break;
- case 1:
- remote = false;
- break;
- default:
- assert (!"unexpected return value from is_local_fs_type");
- }
+ /* Treat unrecognized file systems as "remote", so caller polls.
+ Note README-release has instructions for syncing the internal
+ list with the latest Linux kernel file system constants. */
+ remote = is_local_fs_type (buf.f_type) <= 0;
}
#endif
? STDIN_FILENO
: open (f->name, O_RDONLY | (blocking ? 0 : O_NONBLOCK)));
- assert (valid_file_spec (f));
+ affirm (valid_file_spec (f));
/* If the open fails because the file doesn't exist,
then mark the file as not tailable. */
else if (prev_errnum && prev_errnum != ENOENT)
{
new_file = true;
- assert (f->fd == -1);
+ affirm (f->fd == -1);
error (0, 0, _("%s has become accessible"), quoteaf (pretty_name (f)));
}
else if (f->fd == -1)
read_unchanged = true;
}
- assert (fd == f[i].fd);
+ affirm (fd == f[i].fd);
/* This file has changed. Print out what we can, and
then keep looping. */
#endif
#include "system.h"
+#include "assure.h"
#include "quote.h"
#include "stat-time.h"
#include "strnumcmp.h"
}
/* Not reached. */
- abort ();
+ affirm (false);
}
static bool
FALLTHROUGH;
case 5:
default:
- if (nargs <= 0)
- abort ();
+ affirm (0 < nargs);
value = expr ();
}
#include <stdio.h>
#include <getopt.h>
#include <sys/types.h>
-#include <assert.h>
#include "system.h"
#include "argmatch.h"
+#include "assure.h"
#include "die.h"
#include "error.h"
#include "fd-reopen.h"
newtime[0].tv_nsec = UTIME_OMIT;
else
{
- assert (change_times == CH_ATIME);
+ affirm (change_times == CH_ATIME);
newtime[1].tv_nsec = UTIME_OMIT;
}
}
#include <config.h>
#include <stdio.h>
-#include <assert.h>
#include <sys/types.h>
#include <getopt.h>
#include "system.h"
+#include "assure.h"
#include "die.h"
#include "error.h"
#include "fadvise.h"
result = isxdigit (c);
break;
default:
- abort ();
+ unreachable ();
}
return !! result;
new->next = nullptr;
new->type = RE_NORMAL_CHAR;
new->u.normal_char = c;
- assert (list->tail);
list->tail->next = new;
list->tail = new;
}
new->type = RE_RANGE;
new->u.range.first_char = first;
new->u.range.last_char = last;
- assert (list->tail);
list->tail->next = new;
list->tail = new;
return true;
new->next = nullptr;
new->type = RE_CHAR_CLASS;
new->u.char_class = char_class;
- assert (list->tail);
list->tail->next = new;
list->tail = new;
return true;
new->type = RE_REPEATED_CHAR;
new->u.repeated_char.the_repeated_char = the_char;
new->u.repeated_char.repeat_count = repeat_count;
- assert (list->tail);
list->tail->next = new;
list->tail = new;
}
new->next = nullptr;
new->type = RE_EQUIV_CLASS;
new->u.equiv_code = *equiv_class_str;
- assert (list->tail);
list->tail->next = new;
list->tail = new;
return true;
unsigned char *char_to_repeat, count *repeat_count,
size_t *closing_bracket_idx)
{
- assert (start_idx + 1 < es->len);
+ affirm (start_idx + 1 < es->len);
if (!es_match (es, start_idx + 1, '*'))
return -1;
for (i = 0; i < N_CHARS; i++)
if (is_char_class_member (p->u.char_class, i))
break;
- assert (i < N_CHARS);
+ affirm (i < N_CHARS);
s->state = i;
}
- assert (is_char_class_member (p->u.char_class, s->state));
+ assure (is_char_class_member (p->u.char_class, s->state));
return_val = s->state;
for (i = s->state + 1; i < N_CHARS; i++)
if (is_char_class_member (p->u.char_class, i))
break;
default:
- abort ();
+ unreachable ();
}
return return_val;
size_t n_lower = 0;
int c1 = 0;
int c2 = 0;
- count old_s1_len = s1->length;
- count old_s2_len = s2->length;
+ MAYBE_UNUSED count old_s1_len = s1->length, old_s2_len = s2->length;
struct List_element *s1_tail = s1->tail;
struct List_element *s2_tail = s2->tail;
bool s1_new_element = true;
s2_new_element = s2->state == NEW_ELEMENT; /* Next element is new. */
}
- assert (old_s1_len >= s1->length && old_s2_len >= s2->length);
+ affirm (old_s1_len >= s1->length && old_s2_len >= s2->length);
s1->tail = s1_tail;
s2->tail = s2_tail;
break;
case RE_RANGE:
- assert (p->u.range.last_char >= p->u.range.first_char);
+ affirm (p->u.range.last_char >= p->u.range.first_char);
len = p->u.range.last_char - p->u.range.first_char + 1;
break;
break;
default:
- abort ();
+ unreachable ();
}
/* Check for arithmetic overflow in computing length. Also, reject
struct List_element *p;
unsigned char char_to_repeat;
- assert (translating);
- assert (s1->length > s2->length);
- assert (s2->length > 0);
+ affirm (translating);
+ affirm (s1->length > s2->length);
+ affirm (s2->length > 0);
p = s2->tail;
switch (p->type)
case RE_EQUIV_CLASS:
/* This shouldn't happen, because validate exits with an error
if it finds an equiv class in string2 when translating. */
- abort ();
+ affirm (false);
default:
- abort ();
+ unreachable ();
}
append_repeated_char (s2, char_to_repeat, s1->length - s2->length);
if (!in_s1[i])
{
int ch = get_next (s2, nullptr);
- assert (ch != -1 || truncate_set1);
+ affirm (ch != -1 || truncate_set1);
if (ch == -1)
{
/* This will happen when tr is invoked like e.g.
skip_construct (s2);
}
}
- assert (c1 == -1 || truncate_set1);
+ affirm (c1 == -1 || truncate_set1);
}
if (squeeze_repeats)
{
#include <config.h>
-#include <assert.h>
#include <sys/types.h>
#include "system.h"
+#include "assure.h"
#include "long-options.h"
#include "die.h"
#include "error.h"
struct item *p, *q, *r, *s, *t;
int a;
- assert (root);
-
/* Make sure the tree is not empty, since that is what the algorithm
below expects. */
if (root->right == nullptr)
while (true)
{
/* A2. Compare. */
- assert (str && p && p->str);
a = strcmp (str, p->str);
if (a == 0)
return p;
p->right = q;
/* A6. Adjust balance factors. */
- assert (str && s && s->str && !STREQ (str, s->str));
- if (strcmp (str, s->str) < 0)
+ a = strcmp (str, s->str);
+ if (a < 0)
{
r = p = s->left;
a = -1;
}
else
{
+ affirm (0 < a);
r = p = s->right;
a = 1;
}
while (p != q)
{
- assert (str && p && p->str && !STREQ (str, p->str));
- if (strcmp (str, p->str) < 0)
+ int cmp = strcmp (str, p->str);
+ if (cmp < 0)
{
p->balance = -1;
p = p->left;
}
else
{
+ affirm (0 < cmp);
p->balance = 1;
p = p->right;
}
break;
}
- assert (len != 0);
+ affirm (len != 0);
k = search_item (root, tokenbuffer.buffer);
if (j)
#include <config.h>
#include <stdio.h>
-#include <assert.h>
#include <getopt.h>
#include <sys/types.h>
#include <wchar.h>
#include <wctype.h>
#include "system.h"
+#include "assure.h"
#include "argmatch.h"
#include "argv-iter.h"
#include "die.h"
case AI_ERR_MEM:
xalloc_die ();
default:
- assert (!"unexpected error code from argv_iter");
+ affirm (!"unexpected error code from argv_iter");
}
}
if (files_from && STREQ (files_from, "-") && STREQ (file_name, "-"))
#include <config.h>
#include <getopt.h>
#include <stdio.h>
-#include <assert.h>
#include <sys/types.h>
#include "system.h"
else
{
static char idle_hhmm[IDLESTR_LEN];
- /* FIXME-in-2018: see if this assert is still required in order
+ /* FIXME-in-2024: see if this is still required in order
to suppress gcc's unwarranted -Wformat-length= warning. */
- assert (seconds_idle / (60 * 60) < 24);
+ assume (seconds_idle / (60 * 60) < 24);
sprintf (idle_hhmm, "%02d:%02d",
seconds_idle / (60 * 60),
(seconds_idle % (60 * 60)) / 60);
projects / thirdparty / coreutils.git / commitdiff
