DXR is a code search and navigation tool aimed at making sense of large projects. It supports full-text and regex searches as well as structural queries.

Implementation

Mercurial (86d1c4eab0c3)

VCS Links

Line Code
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131 132 133 134 135 136 137 138 139 140 141 142 143 144 145 146 147 148 149 150 151 152 153 154 155 156 157 158 159 160 161 162 163 164 165 166 167 168 169 170 171 172 173 174 175 176 177 178 179 180 181 182 183 184 185 186 187 188 189 190 191 192 193 194 195 196 197 198 199 200 201 202 203 204 205 206 207 208 209 210 211 212 213 214 215 216 217 218 219 220 221 222 223 224 225 226 227 228 229 230 231 232 233 234 235 236 237 238 239 240 241 242 243 244 245 246 247 248 249 250 251 252 253 254 255 256 257 258 259 260 261 262 263 264 265 266 267 268 269 270 271 272 273 274 275 276 277 278 279 280 281 282 283 284 285 286 287 288 289 290 291 292 293 294 295 296 297 298 299 300 301 302 303 304 305 306 307 308 309 310 311 312 313 314 315 316 317 318 319 320 321 322 323 324 325 326 327 328 329 330 331 332 333 334 335 336 337 338 339 340 341 342 343 344 345 346 347 348 349 350 351 352 353 354 355 356 357 358 359 360 361 362 363 364 365 366 367 368 369 370 371 372 373 374 375 376 377 378 379 380 381 382 383 384 385 386 387 388 389 390 391 392 393 394 395 396 397 398 399 400 401 402 403 404 405 406 407 408 409 410 411 412 413 414 415 416 417 418 419 420 421 422 423 424 425 426 427 428 429 430 431 432 433 434 435 436 437 438 439 440 441 442 443 444 445 446 447 448 449 450 451 452 453 454 455 456 457 458 459 460 461 462 463 464 465 466 467 468 469 470 471 472 473 474 475 476 477 478 479 480 481 482 483 484 485 486 487 488 489 490 491 492 493 494 495 496 497 498 499 500 501 502 503 504 505 506 507 508 509 510 511 512 513 514 515 516 517 518 519 520 521 522 523 524 525 526 527 528 529 530 531 532 533 534 535 536 537 538 539 540 541 542 543 544 545 546 547 548 549 550 551 552 553 554 555 556 557 558 559 560 561 562 563 564 565 566 567 568 569 570 571 572 573 574 575 576 577 578 579 580 581 582 583 584 585 586 587 588 589 590 591 592 593 594 595 596 597 598 599 600 601 602 603 604 605 606 607 608 609 610 611 612 613 614 615 616 617 618 619 620 621 622 623 624 625 626 627 628 629 630 631 632 633 634 635 636 637 638 639 640 641 642 643 644 645 646 647 648 649 650 651 652 653 654 655 656 657 658 659 660 661 662 663 664 665 666 667 668 669 670
/* -*- Mode: C++; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 2 -*- */
/* vim: set ts=8 sts=2 et sw=2 tw=80: */
/* This Source Code Form is subject to the terms of the Mozilla Public
 * License, v. 2.0. If a copy of the MPL was not distributed with this
 * file, You can obtain one at http://mozilla.org/MPL/2.0/. */

/* Implementations of runtime and static assertion macros for C and C++. */

#ifndef mozilla_Assertions_h
#define mozilla_Assertions_h

#if defined(MOZILLA_INTERNAL_API) && defined(__cplusplus)
#define MOZ_DUMP_ASSERTION_STACK
#endif

#include "mozilla/Attributes.h"
#include "mozilla/Compiler.h"
#include "mozilla/Likely.h"
#include "mozilla/MacroArgs.h"
#include "mozilla/StaticAnalysisFunctions.h"
#include "mozilla/Types.h"
#ifdef MOZ_DUMP_ASSERTION_STACK
#include "nsTraceRefcnt.h"
#endif

/*
 * The crash reason set by MOZ_CRASH_ANNOTATE is consumed by the crash reporter
 * if present. It is declared here (and defined in Assertions.cpp) to make it
 * available to all code, even libraries that don't link with the crash reporter
 * directly.
 */
MOZ_BEGIN_EXTERN_C
extern MFBT_DATA const char* gMozCrashReason;
MOZ_END_EXTERN_C

#if !defined(DEBUG) && \
    (defined(MOZ_HAS_MOZGLUE) || defined(MOZILLA_INTERNAL_API))
static inline void AnnotateMozCrashReason(const char* reason) {
  gMozCrashReason = reason;
}
#define MOZ_CRASH_ANNOTATE(...) AnnotateMozCrashReason(__VA_ARGS__)
#else
#define MOZ_CRASH_ANNOTATE(...) \
  do { /* nothing */            \
  } while (false)
#endif

#include <stddef.h>
#include <stdio.h>
#include <stdlib.h>
#ifdef _MSC_VER
/*
 * TerminateProcess and GetCurrentProcess are defined in <winbase.h>, which
 * further depends on <windef.h>.  We hardcode these few definitions manually
 * because those headers clutter the global namespace with a significant
 * number of undesired macros and symbols.
 */
MOZ_BEGIN_EXTERN_C
__declspec(dllimport) int __stdcall TerminateProcess(void* hProcess,
                                                     unsigned int uExitCode);
__declspec(dllimport) void* __stdcall GetCurrentProcess(void);
MOZ_END_EXTERN_C
#else
#include <signal.h>
#endif
#ifdef ANDROID
#include <android/log.h>
#endif

/*
 * MOZ_STATIC_ASSERT may be used to assert a condition *at compile time* in C.
 * In C++11, static_assert is provided by the compiler to the same effect.
 * This can be useful when you make certain assumptions about what must hold for
 * optimal, or even correct, behavior.  For example, you might assert that the
 * size of a struct is a multiple of the target architecture's word size:
 *
 *   struct S { ... };
 *   // C
 *   MOZ_STATIC_ASSERT(sizeof(S) % sizeof(size_t) == 0,
 *                     "S should be a multiple of word size for efficiency");
 *   // C++11
 *   static_assert(sizeof(S) % sizeof(size_t) == 0,
 *                 "S should be a multiple of word size for efficiency");
 *
 * This macro can be used in any location where both an extern declaration and a
 * typedef could be used.
 */
#ifndef __cplusplus
/*
 * Some of the definitions below create an otherwise-unused typedef.  This
 * triggers compiler warnings with some versions of gcc, so mark the typedefs
 * as permissibly-unused to disable the warnings.
 */
#if defined(__GNUC__)
#define MOZ_STATIC_ASSERT_UNUSED_ATTRIBUTE __attribute__((unused))
#else
#define MOZ_STATIC_ASSERT_UNUSED_ATTRIBUTE /* nothing */
#endif
#define MOZ_STATIC_ASSERT_GLUE1(x, y) x##y
#define MOZ_STATIC_ASSERT_GLUE(x, y) MOZ_STATIC_ASSERT_GLUE1(x, y)
#if defined(__SUNPRO_CC)
/*
 * The Sun Studio C++ compiler is buggy when declaring, inside a function,
 * another extern'd function with an array argument whose length contains a
 * sizeof, triggering the error message "sizeof expression not accepted as
 * size of array parameter".  This bug (6688515, not public yet) would hit
 * defining moz_static_assert as a function, so we always define an extern
 * array for Sun Studio.
 *
 * We include the line number in the symbol name in a best-effort attempt
 * to avoid conflicts (see below).
 */
#define MOZ_STATIC_ASSERT(cond, reason)                 \
  extern char MOZ_STATIC_ASSERT_GLUE(moz_static_assert, \
                                     __LINE__)[(cond) ? 1 : -1]
#elif defined(__COUNTER__)
/*
 * If there was no preferred alternative, use a compiler-agnostic version.
 *
 * Note that the non-__COUNTER__ version has a bug in C++: it can't be used
 * in both |extern "C"| and normal C++ in the same translation unit.  (Alas
 * |extern "C"| isn't allowed in a function.)  The only affected compiler
 * we really care about is gcc 4.2.  For that compiler and others like it,
 * we include the line number in the function name to do the best we can to
 * avoid conflicts.  These should be rare: a conflict would require use of
 * MOZ_STATIC_ASSERT on the same line in separate files in the same
 * translation unit, *and* the uses would have to be in code with
 * different linkage, *and* the first observed use must be in C++-linkage
 * code.
 */
#define MOZ_STATIC_ASSERT(cond, reason) \
  typedef int MOZ_STATIC_ASSERT_GLUE(   \
      moz_static_assert,                \
      __COUNTER__)[(cond) ? 1 : -1] MOZ_STATIC_ASSERT_UNUSED_ATTRIBUTE
#else
#define MOZ_STATIC_ASSERT(cond, reason)                            \
  extern void MOZ_STATIC_ASSERT_GLUE(moz_static_assert, __LINE__)( \
      int arg[(cond) ? 1 : -1]) MOZ_STATIC_ASSERT_UNUSED_ATTRIBUTE
#endif

#define MOZ_STATIC_ASSERT_IF(cond, expr, reason) \
  MOZ_STATIC_ASSERT(!(cond) || (expr), reason)
#else
#define MOZ_STATIC_ASSERT_IF(cond, expr, reason) \
  static_assert(!(cond) || (expr), reason)
#endif

MOZ_BEGIN_EXTERN_C

/*
 * Prints |aStr| as an assertion failure (using aFilename and aLine as the
 * location of the assertion) to the standard debug-output channel.
 *
 * Usually you should use MOZ_ASSERT or MOZ_CRASH instead of this method.  This
 * method is primarily for internal use in this header, and only secondarily
 * for use in implementing release-build assertions.
 */
MOZ_MAYBE_UNUSED static MOZ_COLD MOZ_NEVER_INLINE void
MOZ_ReportAssertionFailure(const char* aStr, const char* aFilename,
                           int aLine) MOZ_PRETEND_NORETURN_FOR_STATIC_ANALYSIS {
#ifdef ANDROID
  __android_log_print(ANDROID_LOG_FATAL, "MOZ_Assert",
                      "Assertion failure: %s, at %s:%d\n", aStr, aFilename,
                      aLine);
#else
  fprintf(stderr, "Assertion failure: %s, at %s:%d\n", aStr, aFilename, aLine);
#if defined(MOZ_DUMP_ASSERTION_STACK)
  nsTraceRefcnt::WalkTheStack(stderr);
#endif
  fflush(stderr);
#endif
}

MOZ_MAYBE_UNUSED static MOZ_COLD MOZ_NEVER_INLINE void MOZ_ReportCrash(
    const char* aStr, const char* aFilename,
    int aLine) MOZ_PRETEND_NORETURN_FOR_STATIC_ANALYSIS {
#ifdef ANDROID
  __android_log_print(ANDROID_LOG_FATAL, "MOZ_CRASH",
                      "Hit MOZ_CRASH(%s) at %s:%d\n", aStr, aFilename, aLine);
#else
  fprintf(stderr, "Hit MOZ_CRASH(%s) at %s:%d\n", aStr, aFilename, aLine);
#if defined(MOZ_DUMP_ASSERTION_STACK)
  nsTraceRefcnt::WalkTheStack(stderr);
#endif
  fflush(stderr);
#endif
}

/**
 * MOZ_REALLY_CRASH is used in the implementation of MOZ_CRASH().  You should
 * call MOZ_CRASH instead.
 */
#if defined(_MSC_VER)
/*
 * On MSVC use the __debugbreak compiler intrinsic, which produces an inline
 * (not nested in a system function) breakpoint.  This distinctively invokes
 * Breakpad without requiring system library symbols on all stack-processing
 * machines, as a nested breakpoint would require.
 *
 * We use __LINE__ to prevent the compiler from folding multiple crash sites
 * together, which would make crash reports hard to understand.
 *
 * We use TerminateProcess with the exit code aborting would generate
 * because we don't want to invoke atexit handlers, destructors, library
 * unload handlers, and so on when our process might be in a compromised
 * state.
 *
 * We don't use abort() because it'd cause Windows to annoyingly pop up the
 * process error dialog multiple times.  See bug 345118 and bug 426163.
 *
 * (Technically these are Windows requirements, not MSVC requirements.  But
 * practically you need MSVC for debugging, and we only ship builds created
 * by MSVC, so doing it this way reduces complexity.)
 */

MOZ_MAYBE_UNUSED static MOZ_COLD MOZ_NORETURN MOZ_NEVER_INLINE void
MOZ_NoReturn(int aLine) {
  *((volatile int*)NULL) = aLine;
  TerminateProcess(GetCurrentProcess(), 3);
}

#define MOZ_REALLY_CRASH(line) \
  do {                         \
    __debugbreak();            \
    MOZ_NoReturn(line);        \
  } while (false)
#else
#ifdef __cplusplus
#define MOZ_REALLY_CRASH(line)     \
  do {                             \
    *((volatile int*)NULL) = line; \
    ::abort();                     \
  } while (false)
#else
#define MOZ_REALLY_CRASH(line)     \
  do {                             \
    *((volatile int*)NULL) = line; \
    abort();                       \
  } while (false)
#endif
#endif

/*
 * MOZ_CRASH([explanation-string]) crashes the program, plain and simple, in a
 * Breakpad-compatible way, in both debug and release builds.
 *
 * MOZ_CRASH is a good solution for "handling" failure cases when you're
 * unwilling or unable to handle them more cleanly -- for OOM, for likely memory
 * corruption, and so on.  It's also a good solution if you need safe behavior
 * in release builds as well as debug builds.  But if the failure is one that
 * should be debugged and fixed, MOZ_ASSERT is generally preferable.
 *
 * The optional explanation-string, if provided, must be a string literal
 * explaining why we're crashing.  This argument is intended for use with
 * MOZ_CRASH() calls whose rationale is non-obvious; don't use it if it's
 * obvious why we're crashing.
 *
 * If we're a DEBUG build and we crash at a MOZ_CRASH which provides an
 * explanation-string, we print the string to stderr.  Otherwise, we don't
 * print anything; this is because we want MOZ_CRASH to be 100% safe in release
 * builds, and it's hard to print to stderr safely when memory might have been
 * corrupted.
 */
#ifndef DEBUG
#define MOZ_CRASH(...)                                \
  do {                                                \
    MOZ_CRASH_ANNOTATE("MOZ_CRASH(" __VA_ARGS__ ")"); \
    MOZ_REALLY_CRASH(__LINE__);                       \
  } while (false)
#else
#define MOZ_CRASH(...)                                   \
  do {                                                   \
    MOZ_ReportCrash("" __VA_ARGS__, __FILE__, __LINE__); \
    MOZ_CRASH_ANNOTATE("MOZ_CRASH(" __VA_ARGS__ ")");    \
    MOZ_REALLY_CRASH(__LINE__);                          \
  } while (false)
#endif

/*
 * MOZ_CRASH_UNSAFE_OOL(explanation-string) can be used if the explanation
 * string cannot be a string literal (but no other processing needs to be done
 * on it). A regular MOZ_CRASH() is preferred wherever possible, as passing
 * arbitrary strings from a potentially compromised process is not without risk.
 * If the string being passed is the result of a printf-style function,
 * consider using MOZ_CRASH_UNSAFE_PRINTF instead.
 *
 * @note This macro causes data collection because crash strings are annotated
 * to crash-stats and are publicly visible. Firefox data stewards must do data
 * review on usages of this macro.
 */
#ifndef DEBUG
MFBT_API MOZ_COLD MOZ_NORETURN MOZ_NEVER_INLINE void MOZ_CrashOOL(
    int aLine, const char* aReason);
#define MOZ_CRASH_UNSAFE_OOL(reason) MOZ_CrashOOL(__LINE__, reason)
#else
MFBT_API MOZ_COLD MOZ_NORETURN MOZ_NEVER_INLINE void MOZ_CrashOOL(
    const char* aFilename, int aLine, const char* aReason);
#define MOZ_CRASH_UNSAFE_OOL(reason) MOZ_CrashOOL(__FILE__, __LINE__, reason)
#endif

static const size_t sPrintfMaxArgs = 4;
static const size_t sPrintfCrashReasonSize = 1024;

#ifndef DEBUG
MFBT_API MOZ_COLD MOZ_NORETURN MOZ_NEVER_INLINE MOZ_FORMAT_PRINTF(
    2, 3) void MOZ_CrashPrintf(int aLine, const char* aFormat, ...);
#define MOZ_CALL_CRASH_PRINTF(format, ...) \
  MOZ_CrashPrintf(__LINE__, format, __VA_ARGS__)
#else
MFBT_API MOZ_COLD MOZ_NORETURN MOZ_NEVER_INLINE MOZ_FORMAT_PRINTF(
    3, 4) void MOZ_CrashPrintf(const char* aFilename, int aLine,
                               const char* aFormat, ...);
#define MOZ_CALL_CRASH_PRINTF(format, ...) \
  MOZ_CrashPrintf(__FILE__, __LINE__, format, __VA_ARGS__)
#endif

/*
 * MOZ_CRASH_UNSAFE_PRINTF(format, arg1 [, args]) can be used when more
 * information is desired than a string literal can supply. The caller provides
 * a printf-style format string, which must be a string literal and between
 * 1 and 4 additional arguments. A regular MOZ_CRASH() is preferred wherever
 * possible, as passing arbitrary strings to printf from a potentially
 * compromised process is not without risk.
 *
 * @note This macro causes data collection because crash strings are annotated
 * to crash-stats and are publicly visible. Firefox data stewards must do data
 * review on usages of this macro.
 */
#define MOZ_CRASH_UNSAFE_PRINTF(format, ...)                              \
  do {                                                                    \
    static_assert(MOZ_ARG_COUNT(__VA_ARGS__) > 0,                         \
                  "Did you forget arguments to MOZ_CRASH_UNSAFE_PRINTF? " \
                  "Or maybe you want MOZ_CRASH instead?");                \
    static_assert(MOZ_ARG_COUNT(__VA_ARGS__) <= sPrintfMaxArgs,           \
                  "Only up to 4 additional arguments are allowed!");      \
    static_assert(sizeof(format) <= sPrintfCrashReasonSize,               \
                  "The supplied format string is too long!");             \
    MOZ_CALL_CRASH_PRINTF("" format, __VA_ARGS__);                        \
  } while (false)

MOZ_END_EXTERN_C

/*
 * MOZ_ASSERT(expr [, explanation-string]) asserts that |expr| must be truthy in
 * debug builds.  If it is, execution continues.  Otherwise, an error message
 * including the expression and the explanation-string (if provided) is printed,
 * an attempt is made to invoke any existing debugger, and execution halts.
 * MOZ_ASSERT is fatal: no recovery is possible.  Do not assert a condition
 * which can correctly be falsy.
 *
 * The optional explanation-string, if provided, must be a string literal
 * explaining the assertion.  It is intended for use with assertions whose
 * correctness or rationale is non-obvious, and for assertions where the "real"
 * condition being tested is best described prosaically.  Don't provide an
 * explanation if it's not actually helpful.
 *
 *   // No explanation needed: pointer arguments often must not be NULL.
 *   MOZ_ASSERT(arg);
 *
 *   // An explanation can be helpful to explain exactly how we know an
 *   // assertion is valid.
 *   MOZ_ASSERT(state == WAITING_FOR_RESPONSE,
 *              "given that <thingA> and <thingB>, we must have...");
 *
 *   // Or it might disambiguate multiple identical (save for their location)
 *   // assertions of the same expression.
 *   MOZ_ASSERT(getSlot(PRIMITIVE_THIS_SLOT).isUndefined(),
 *              "we already set [[PrimitiveThis]] for this Boolean object");
 *   MOZ_ASSERT(getSlot(PRIMITIVE_THIS_SLOT).isUndefined(),
 *              "we already set [[PrimitiveThis]] for this String object");
 *
 * MOZ_ASSERT has no effect in non-debug builds.  It is designed to catch bugs
 * *only* during debugging, not "in the field". If you want the latter, use
 * MOZ_RELEASE_ASSERT, which applies to non-debug builds as well.
 *
 * MOZ_DIAGNOSTIC_ASSERT works like MOZ_RELEASE_ASSERT in Nightly/Aurora and
 * MOZ_ASSERT in Beta/Release - use this when a condition is potentially rare
 * enough to require real user testing to hit, but is not security-sensitive.
 * This can cause user pain, so use it sparingly. If a MOZ_DIAGNOSTIC_ASSERT
 * is firing, it should promptly be converted to a MOZ_ASSERT while the failure
 * is being investigated, rather than letting users suffer.
 *
 * MOZ_DIAGNOSTIC_ASSERT_ENABLED is defined when MOZ_DIAGNOSTIC_ASSERT is like
 * MOZ_RELEASE_ASSERT rather than MOZ_ASSERT.
 */

/*
 * Implement MOZ_VALIDATE_ASSERT_CONDITION_TYPE, which is used to guard against
 * accidentally passing something unintended in lieu of an assertion condition.
 */

#ifdef __cplusplus
#include "mozilla/TypeTraits.h"
namespace mozilla {
namespace detail {

template <typename T>
struct AssertionConditionType {
  typedef typename RemoveReference<T>::Type ValueT;
  static_assert(!IsArray<ValueT>::value,
                "Expected boolean assertion condition, got an array or a "
                "string!");
  static_assert(!IsFunction<ValueT>::value,
                "Expected boolean assertion condition, got a function! Did "
                "you intend to call that function?");
  static_assert(!IsFloatingPoint<ValueT>::value,
                "It's often a bad idea to assert that a floating-point number "
                "is nonzero, because such assertions tend to intermittently "
                "fail. Shouldn't your code gracefully handle this case instead "
                "of asserting? Anyway, if you really want to do that, write an "
                "explicit boolean condition, like !!x or x!=0.");

  static const bool isValid = true;
};

}  // namespace detail
}  // namespace mozilla
#define MOZ_VALIDATE_ASSERT_CONDITION_TYPE(x)                                  \
  static_assert(mozilla::detail::AssertionConditionType<decltype(x)>::isValid, \
                "invalid assertion condition")
#else
#define MOZ_VALIDATE_ASSERT_CONDITION_TYPE(x)
#endif

#if defined(DEBUG) || defined(MOZ_ASAN)
#define MOZ_REPORT_ASSERTION_FAILURE(...) \
  MOZ_ReportAssertionFailure(__VA_ARGS__)
#else
#define MOZ_REPORT_ASSERTION_FAILURE(...) \
  do { /* nothing */                      \
  } while (false)
#endif

/* First the single-argument form. */
#define MOZ_ASSERT_HELPER1(expr)                               \
  do {                                                         \
    MOZ_VALIDATE_ASSERT_CONDITION_TYPE(expr);                  \
    if (MOZ_UNLIKELY(!MOZ_CHECK_ASSERT_ASSIGNMENT(expr))) {    \
      MOZ_REPORT_ASSERTION_FAILURE(#expr, __FILE__, __LINE__); \
      MOZ_CRASH_ANNOTATE("MOZ_RELEASE_ASSERT(" #expr ")");     \
      MOZ_REALLY_CRASH(__LINE__);                              \
    }                                                          \
  } while (false)
/* Now the two-argument form. */
#define MOZ_ASSERT_HELPER2(expr, explain)                                \
  do {                                                                   \
    MOZ_VALIDATE_ASSERT_CONDITION_TYPE(expr);                            \
    if (MOZ_UNLIKELY(!MOZ_CHECK_ASSERT_ASSIGNMENT(expr))) {              \
      MOZ_REPORT_ASSERTION_FAILURE(#expr " (" explain ")", __FILE__,     \
                                   __LINE__);                            \
      MOZ_CRASH_ANNOTATE("MOZ_RELEASE_ASSERT(" #expr ") (" explain ")"); \
      MOZ_REALLY_CRASH(__LINE__);                                        \
    }                                                                    \
  } while (false)

#define MOZ_RELEASE_ASSERT_GLUE(a, b) a b
#define MOZ_RELEASE_ASSERT(...)                                       \
  MOZ_RELEASE_ASSERT_GLUE(                                            \
      MOZ_PASTE_PREFIX_AND_ARG_COUNT(MOZ_ASSERT_HELPER, __VA_ARGS__), \
      (__VA_ARGS__))

#ifdef DEBUG
#define MOZ_ASSERT(...) MOZ_RELEASE_ASSERT(__VA_ARGS__)
#else
#define MOZ_ASSERT(...) \
  do {                  \
  } while (false)
#endif /* DEBUG */

#if defined(NIGHTLY_BUILD) || defined(MOZ_DEV_EDITION)
#define MOZ_DIAGNOSTIC_ASSERT MOZ_RELEASE_ASSERT
#define MOZ_DIAGNOSTIC_ASSERT_ENABLED 1
#else
#define MOZ_DIAGNOSTIC_ASSERT MOZ_ASSERT
#ifdef DEBUG
#define MOZ_DIAGNOSTIC_ASSERT_ENABLED 1
#endif
#endif

/*
 * MOZ_ASSERT_IF(cond1, cond2) is equivalent to MOZ_ASSERT(cond2) if cond1 is
 * true.
 *
 *   MOZ_ASSERT_IF(isPrime(num), num == 2 || isOdd(num));
 *
 * As with MOZ_ASSERT, MOZ_ASSERT_IF has effect only in debug builds.  It is
 * designed to catch bugs during debugging, not "in the field".
 */
#ifdef DEBUG
#define MOZ_ASSERT_IF(cond, expr) \
  do {                            \
    if (cond) {                   \
      MOZ_ASSERT(expr);           \
    }                             \
  } while (false)
#else
#define MOZ_ASSERT_IF(cond, expr) \
  do {                            \
  } while (false)
#endif

/*
 * MOZ_ASSUME_UNREACHABLE_MARKER() expands to an expression which states that
 * it is undefined behavior for execution to reach this point.  No guarantees
 * are made about what will happen if this is reached at runtime.  Most code
 * should use MOZ_MAKE_COMPILER_ASSUME_IS_UNREACHABLE because it has extra
 * asserts.
 */
#if defined(__clang__) || defined(__GNUC__)
#define MOZ_ASSUME_UNREACHABLE_MARKER() __builtin_unreachable()
#elif defined(_MSC_VER)
#define MOZ_ASSUME_UNREACHABLE_MARKER() __assume(0)
#else
#ifdef __cplusplus
#define MOZ_ASSUME_UNREACHABLE_MARKER() ::abort()
#else
#define MOZ_ASSUME_UNREACHABLE_MARKER() abort()
#endif
#endif

/*
 * MOZ_MAKE_COMPILER_ASSUME_IS_UNREACHABLE([reason]) tells the compiler that it
 * can assume that the macro call cannot be reached during execution.  This lets
 * the compiler generate better-optimized code under some circumstances, at the
 * expense of the program's behavior being undefined if control reaches the
 * MOZ_MAKE_COMPILER_ASSUME_IS_UNREACHABLE.
 *
 * In Gecko, you probably should not use this macro outside of performance- or
 * size-critical code, because it's unsafe.  If you don't care about code size
 * or performance, you should probably use MOZ_ASSERT or MOZ_CRASH.
 *
 * SpiderMonkey is a different beast, and there it's acceptable to use
 * MOZ_MAKE_COMPILER_ASSUME_IS_UNREACHABLE more widely.
 *
 * Note that MOZ_MAKE_COMPILER_ASSUME_IS_UNREACHABLE is noreturn, so it's valid
 * not to return a value following a MOZ_MAKE_COMPILER_ASSUME_IS_UNREACHABLE
 * call.
 *
 * Example usage:
 *
 *   enum ValueType {
 *     VALUE_STRING,
 *     VALUE_INT,
 *     VALUE_FLOAT
 *   };
 *
 *   int ptrToInt(ValueType type, void* value) {
 *   {
 *     // We know for sure that type is either INT or FLOAT, and we want this
 *     // code to run as quickly as possible.
 *     switch (type) {
 *     case VALUE_INT:
 *       return *(int*) value;
 *     case VALUE_FLOAT:
 *       return (int) *(float*) value;
 *     default:
 *       MOZ_MAKE_COMPILER_ASSUME_IS_UNREACHABLE("Unexpected ValueType");
 *     }
 *   }
 */

/*
 * Unconditional assert in debug builds for (assumed) unreachable code paths
 * that have a safe return without crashing in release builds.
 */
#define MOZ_ASSERT_UNREACHABLE(reason) \
  MOZ_ASSERT(false, "MOZ_ASSERT_UNREACHABLE: " reason)

#define MOZ_MAKE_COMPILER_ASSUME_IS_UNREACHABLE(reason) \
  do {                                                  \
    MOZ_ASSERT_UNREACHABLE(reason);                     \
    MOZ_ASSUME_UNREACHABLE_MARKER();                    \
  } while (false)

/**
 * MOZ_FALLTHROUGH_ASSERT is an annotation to suppress compiler warnings about
 * switch cases that MOZ_ASSERT(false) (or its alias MOZ_ASSERT_UNREACHABLE) in
 * debug builds, but intentionally fall through in release builds to handle
 * unexpected values.
 *
 * Why do we need MOZ_FALLTHROUGH_ASSERT in addition to MOZ_FALLTHROUGH? In
 * release builds, the MOZ_ASSERT(false) will expand to `do { } while (false)`,
 * requiring a MOZ_FALLTHROUGH annotation to suppress a -Wimplicit-fallthrough
 * warning. In debug builds, the MOZ_ASSERT(false) will expand to something like
 * `if (true) { MOZ_CRASH(); }` and the MOZ_FALLTHROUGH annotation will cause
 * a -Wunreachable-code warning. The MOZ_FALLTHROUGH_ASSERT macro breaks this
 * warning stalemate.
 *
 * // Example before MOZ_FALLTHROUGH_ASSERT:
 * switch (foo) {
 *   default:
 *     // This case wants to assert in debug builds, fall through in release.
 *     MOZ_ASSERT(false); // -Wimplicit-fallthrough warning in release builds!
 *     MOZ_FALLTHROUGH;   // but -Wunreachable-code warning in debug builds!
 *   case 5:
 *     return 5;
 * }
 *
 * // Example with MOZ_FALLTHROUGH_ASSERT:
 * switch (foo) {
 *   default:
 *     // This case asserts in debug builds, falls through in release.
 *     MOZ_FALLTHROUGH_ASSERT("Unexpected foo value?!");
 *   case 5:
 *     return 5;
 * }
 */
#ifdef DEBUG
#define MOZ_FALLTHROUGH_ASSERT(reason) \
  MOZ_CRASH("MOZ_FALLTHROUGH_ASSERT: " reason)
#else
#define MOZ_FALLTHROUGH_ASSERT(...) MOZ_FALLTHROUGH
#endif

/*
 * MOZ_ALWAYS_TRUE(expr) and MOZ_ALWAYS_FALSE(expr) always evaluate the provided
 * expression, in debug builds and in release builds both.  Then, in debug
 * builds only, the value of the expression is asserted either true or false
 * using MOZ_ASSERT.
 */
#ifdef DEBUG
#define MOZ_ALWAYS_TRUE(expr)   \
  do {                          \
    if ((expr)) {               \
      /* Do nothing. */         \
    } else {                    \
      MOZ_ASSERT(false, #expr); \
    }                           \
  } while (false)
#define MOZ_ALWAYS_FALSE(expr)  \
  do {                          \
    if ((expr)) {               \
      MOZ_ASSERT(false, #expr); \
    } else {                    \
      /* Do nothing. */         \
    }                           \
  } while (false)
#define MOZ_ALWAYS_OK(expr) MOZ_ASSERT((expr).isOk())
#define MOZ_ALWAYS_ERR(expr) MOZ_ASSERT((expr).isErr())
#else
#define MOZ_ALWAYS_TRUE(expr)     \
  do {                            \
    if ((expr)) {                 \
      /* Silence MOZ_MUST_USE. */ \
    }                             \
  } while (false)
#define MOZ_ALWAYS_FALSE(expr)    \
  do {                            \
    if ((expr)) {                 \
      /* Silence MOZ_MUST_USE. */ \
    }                             \
  } while (false)
#define MOZ_ALWAYS_OK(expr)       \
  do {                            \
    if ((expr).isOk()) {          \
      /* Silence MOZ_MUST_USE. */ \
    }                             \
  } while (false)
#define MOZ_ALWAYS_ERR(expr)      \
  do {                            \
    if ((expr).isErr()) {         \
      /* Silence MOZ_MUST_USE. */ \
    }                             \
  } while (false)
#endif

#undef MOZ_DUMP_ASSERTION_STACK
#undef MOZ_CRASH_CRASHREPORT

#endif /* mozilla_Assertions_h */