procyberian/emacs
1
0
Fork 0
Code Issues 1 Pull requests Projects 1 Releases Packages Wiki Activity Actions

Prefer static_assert to verify

Browse source 
Although static_assert is C11-specific, and Emacs remains on C99, it
has been backported to older compilers by Gnulib.  Gnulib has already
changed to prefer static_assert, and we can do the same.

* lib-src/asset-directory-tool.c (main_2):
* src/alloc.c (BLOCK_ALIGN, aligned_alloc, lisp_align_malloc)
(vectorlike_nbytes, allocate_pseudovector):
* src/android.c (android_globalize_reference, android_set_dashes):
* src/android.h:
* src/androidfont.c (androidfont_draw, androidfont_text_extents):
* src/androidvfs.c:
* src/bidi.c (BIDI_CACHE_MAX_ELTS_PER_SLOT, bidi_find_bracket_pairs):
* src/buffer.c (init_buffer_once):
* src/casefiddle.c (do_casify_multibyte_string):
* src/dispnew.c (scrolling_window, scrolling):
* src/editfns.c (styled_format):
* src/emacs-module.c (module_extract_big_integer):
* src/fileio.c (Fdo_auto_save):
* src/fns.c (next_almost_prime, hash_string):
* src/fringe.c (init_fringe):
* src/keyboard.h (kbd_buffer_store_event_hold):
* src/keymap.c:
* src/lisp.h (memclear, reduce_emacs_uint_to_hash_hash, modiff_incr):
* src/lread.c (skip_lazy_string):
* src/pdumper.c (dump_bignum, Fdump_emacs_portable)
(dump_do_dump_relocation, pdumper_load):
* src/process.c (make_process, Fmake_process, connect_network_socket):
* src/regex-emacs.c:
* src/sort.c (tim_sort):
* src/sysdep.c (init_random, SSIZE_MAX):
* src/thread.c:
* src/timefns.c (trillion_factor):
* src/unexelf.c:
* src/xterm.c (x_send_scroll_bar_event): Prefer static_assert to Gnulib
verify.  Remove import of verify.h, except when used for other reasons.
This commit is contained in:
Stefan Kangas 2024-07-24 00:09:49 +02:00
parent 46f3452b30
commit 7c8e28607b
32 changed files with 106 additions and 120 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

4
lib-src/asset-directory-tool.c
View file

@ -20,7 +20,7 @@ along with GNU Emacs. If not, see <https://www.gnu.org/licenses/>. */
#include <config.h>
#include <stdio.h>
#include <verify.h>
#include <assert.h>
#include <fcntl.h>
#include <errno.h>
#include <byteswap.h>
@ -236,7 +236,7 @@ main_2 (int fd, struct directory_tree *tree, size_t *offset)
output[0] = (unsigned int) tree->st_size;
#endif /* !WORDS_BIGENDIAN */
verify (sizeof output == 8 && sizeof output[0] == 4);
static_assert (sizeof output == 8 && sizeof output[0] == 4);
if (!need_file_size)
{
if (write (fd, output + 1, 4) < 1)

26
src/alloc.c
View file

@ -709,7 +709,7 @@ buffer_memory_full (ptrdiff_t nbytes)
where Emacs would crash if malloc returned a non-GCALIGNED pointer. */
enum { LISP_ALIGNMENT = alignof (union { union emacs_align_type x;
GCALIGNED_UNION_MEMBER }) };
verify (LISP_ALIGNMENT % GCALIGNMENT == 0);
static_assert (LISP_ALIGNMENT % GCALIGNMENT == 0);
/* True if malloc (N) is known to return storage suitably aligned for
Lisp objects whenever N is a multiple of LISP_ALIGNMENT. In
@ -839,7 +839,7 @@ xfree (void *block)
/* Other parts of Emacs pass large int values to allocator functions
expecting ptrdiff_t. This is portable in practice, but check it to
be safe. */
verify (INT_MAX <= PTRDIFF_MAX);
static_assert (INT_MAX <= PTRDIFF_MAX);
/* Allocate an array of NITEMS items, each of size ITEM_SIZE.
@ -1076,7 +1076,7 @@ lisp_free (void *block)
#else /* !HAVE_UNEXEC */
# define BLOCK_ALIGN (1 << 15)
#endif
verify (POWER_OF_2 (BLOCK_ALIGN));
static_assert (POWER_OF_2 (BLOCK_ALIGN));
/* Use aligned_alloc if it or a simple substitute is available.
Aligned allocation is incompatible with unexmacosx.c, so don't use
@ -1096,11 +1096,11 @@ aligned_alloc (size_t alignment, size_t size)
{
/* POSIX says the alignment must be a power-of-2 multiple of sizeof (void *).
Verify this for all arguments this function is given. */
verify (BLOCK_ALIGN % sizeof (void *) == 0
&& POWER_OF_2 (BLOCK_ALIGN / sizeof (void *)));
verify (MALLOC_IS_LISP_ALIGNED
|| (LISP_ALIGNMENT % sizeof (void *) == 0
&& POWER_OF_2 (LISP_ALIGNMENT / sizeof (void *))));
static_assert (BLOCK_ALIGN % sizeof (void *) == 0
&& POWER_OF_2 (BLOCK_ALIGN / sizeof (void *)));
static_assert (MALLOC_IS_LISP_ALIGNED
|| (LISP_ALIGNMENT % sizeof (void *) == 0
&& POWER_OF_2 (LISP_ALIGNMENT / sizeof (void *))));
eassert (alignment == BLOCK_ALIGN
|| (!MALLOC_IS_LISP_ALIGNED && alignment == LISP_ALIGNMENT));
@ -1221,7 +1221,7 @@ lisp_align_malloc (size_t nbytes, enum mem_type type)
#endif
#ifdef USE_ALIGNED_ALLOC
verify (ABLOCKS_BYTES % BLOCK_ALIGN == 0);
static_assert (ABLOCKS_BYTES % BLOCK_ALIGN == 0);
abase = base = aligned_alloc (BLOCK_ALIGN, ABLOCKS_BYTES);
#else
base = malloc (ABLOCKS_BYTES);
@ -3048,7 +3048,7 @@ enum { VECTOR_BLOCK_SIZE = 4096 };
enum { roundup_size = COMMON_MULTIPLE (LISP_ALIGNMENT, word_size) };
/* Verify assumption described above. */
verify (VECTOR_BLOCK_SIZE % roundup_size == 0);
static_assert (VECTOR_BLOCK_SIZE % roundup_size == 0);
/* Round up X to nearest mult-of-ROUNDUP_SIZE --- use at compile time. */
#define vroundup_ct(x) ROUNDUP (x, roundup_size)
@ -3062,7 +3062,7 @@ enum {VECTOR_BLOCK_BYTES = VECTOR_BLOCK_SIZE - vroundup_ct (sizeof (void *))};
/* The current code expects to be able to represent an unused block by
a single PVEC_FREE object, whose size is limited by the header word.
(Of course we could use multiple such objects.) */
verify (VECTOR_BLOCK_BYTES <= (word_size << PSEUDOVECTOR_REST_BITS));
static_assert (VECTOR_BLOCK_BYTES <= (word_size << PSEUDOVECTOR_REST_BITS));
/* Size of the minimal vector allocated from block. */
@ -3319,7 +3319,7 @@ vectorlike_nbytes (const union vectorlike_header *hdr)
ptrdiff_t word_bytes = (bool_vector_words (bv->size)
* sizeof (bits_word));
ptrdiff_t boolvec_bytes = bool_header_size + word_bytes;
verify (header_size <= bool_header_size);
static_assert (header_size <= bool_header_size);
nwords = (boolvec_bytes - header_size + word_size - 1) / word_size;
}
else
@ -3699,7 +3699,7 @@ allocate_pseudovector (int memlen, int lisplen,
/* Catch bogus values. */
enum { size_max = (1 << PSEUDOVECTOR_SIZE_BITS) - 1 };
enum { rest_max = (1 << PSEUDOVECTOR_REST_BITS) - 1 };
verify (size_max + rest_max <= VECTOR_ELTS_MAX);
static_assert (size_max + rest_max <= VECTOR_ELTS_MAX);
eassert (0 <= tag && tag <= PVEC_TAG_MAX);
eassert (0 <= lisplen && lisplen <= zerolen && zerolen <= memlen);
eassert (lisplen <= size_max);

4
src/android.c
View file

@ -2969,7 +2969,7 @@ android_globalize_reference (jobject handle)
(*android_java_env)->SetLongField (android_java_env, global,
handle_class.handle,
(jlong) global);
verify (sizeof (jlong) >= sizeof (intptr_t));
static_assert (sizeof (jlong) >= sizeof (intptr_t));
return (intptr_t) global;
}
@ -3521,7 +3521,7 @@ android_set_dashes (struct android_gc *gc, int dash_offset,
/* Copy the list of segments into both arrays. */
for (i = 0; i < n; ++i)
gc->dashes[i] = dash_list[i];
verify (sizeof (int) == sizeof (jint));
static_assert (sizeof (int) == sizeof (jint));
(*android_java_env)->SetIntArrayRegion (android_java_env,
array, 0, n,
(jint *) dash_list);

2
src/android.h
View file

@ -103,7 +103,7 @@ extern ssize_t android_readlinkat (int, const char *restrict, char *restrict,
extern double android_pixel_density_x, android_pixel_density_y;
extern double android_scaled_pixel_density;
verify (sizeof (android_handle) == sizeof (jobject));
static_assert (sizeof (android_handle) == sizeof (jobject));
#define android_resolve_handle(handle) ((jobject) (handle))
extern unsigned char *android_lock_bitmap (android_drawable,

4
src/androidfont.c
View file

@ -654,7 +654,7 @@ androidfont_draw (struct glyph_string *s, int from, int to,
/* Maybe initialize the font driver. */
androidfont_check_init ();
verify (sizeof (unsigned int) == sizeof (jint));
static_assert (sizeof (unsigned int) == sizeof (jint));
info = (struct androidfont_info *) s->font;
gcontext = android_resolve_handle (s->gc->gcontext);
@ -932,7 +932,7 @@ androidfont_text_extents (struct font *font, const unsigned int *code,
memory_full (0);
}
verify (sizeof (unsigned int) == sizeof (jint));
static_assert (sizeof (unsigned int) == sizeof (jint));
/* Always true on every Android device. */
(*android_java_env)->SetIntArrayRegion (android_java_env,

2
src/androidvfs.c
View file

@ -259,7 +259,7 @@ struct android_special_vnode
Lisp_Object special_coding_system;
};
verify (NIL_IS_ZERO); /* special_coding_system above. */
static_assert (NIL_IS_ZERO); /* special_coding_system above. */
enum android_vnode_type
{

4
src/bidi.c
View file

@ -566,7 +566,7 @@ bidi_copy_it (struct bidi_it *to, struct bidi_it *from)
RTL characters in the offending line of text. */
/* Do we need to allow customization of this limit? */
#define BIDI_CACHE_MAX_ELTS_PER_SLOT 50000
verify (BIDI_CACHE_CHUNK < BIDI_CACHE_MAX_ELTS_PER_SLOT);
static_assert (BIDI_CACHE_CHUNK < BIDI_CACHE_MAX_ELTS_PER_SLOT);
static ptrdiff_t bidi_cache_max_elts = BIDI_CACHE_MAX_ELTS_PER_SLOT;
static struct bidi_it *bidi_cache;
static ptrdiff_t bidi_cache_size = 0;
@ -2626,7 +2626,7 @@ bidi_find_bracket_pairs (struct bidi_it *bidi_it)
ptrdiff_t pairing_pos;
int idx_at_entry = bidi_cache_idx;
verify (MAX_BPA_STACK >= 100);
static_assert (MAX_BPA_STACK >= 100);
bidi_copy_it (&saved_it, bidi_it);
/* bidi_cache_iterator_state refuses to cache on backward scans,
and bidi_cache_fetch_state doesn't bring scan_dir from the

4
src/buffer.c
View file

@ -27,8 +27,6 @@ along with GNU Emacs. If not, see <https://www.gnu.org/licenses/>. */
#include <stdlib.h>
#include <unistd.h>
#include <verify.h>
#include "lisp.h"
#include "intervals.h"
#include "process.h"
@ -4860,7 +4858,7 @@ init_buffer_once (void)
The local flag bits are in the local_var_flags slot of the buffer. */
/* Nothing can work if this isn't true. */
{ verify (sizeof (EMACS_INT) == word_size); }
{ static_assert (sizeof (EMACS_INT) == word_size); }
Vbuffer_alist = Qnil;
current_buffer = 0;

2
src/casefiddle.c
View file

@ -285,7 +285,7 @@ do_casify_multibyte_string (struct casing_context *ctx, Lisp_Object obj)
representation of the character is at the beginning of the
buffer. This is why we dont need a separate struct
casing_str_buf object, and can write directly to the destination. */
verify (offsetof (struct casing_str_buf, data) == 0);
static_assert (offsetof (struct casing_str_buf, data) == 0);
ptrdiff_t size = SCHARS (obj), n;
USE_SAFE_ALLOCA;

1
src/character.h
View file

@ -23,7 +23,6 @@ along with GNU Emacs. If not, see <https://www.gnu.org/licenses/>. */
#ifndef EMACS_CHARACTER_H
#define EMACS_CHARACTER_H
#include <verify.h>
#include "lisp.h"
INLINE_HEADER_BEGIN

2
src/decompress.c
View file

@ -27,8 +27,6 @@ along with GNU Emacs. If not, see <https://www.gnu.org/licenses/>. */
#include "composite.h"
#include "md5.h"
#include <verify.h>
#ifdef WINDOWSNT
# include <windows.h>
# include "w32common.h"

6
src/dispnew.c
View file

@ -4667,7 +4667,7 @@ scrolling_window (struct window *w, int tab_line_p)
13, then next_almost_prime_increment_max would be 14, e.g.,
because next_almost_prime (113) would be 127. */
{
verify (NEXT_ALMOST_PRIME_LIMIT == 11);
static_assert (NEXT_ALMOST_PRIME_LIMIT == 11);
enum { next_almost_prime_increment_max = 10 };
ptrdiff_t row_table_max =
(min (PTRDIFF_MAX, SIZE_MAX) / (3 * sizeof *row_table)
@ -5118,8 +5118,8 @@ scrolling (struct frame *frame)
int free_at_end_vpos = height;
struct glyph_matrix *current_matrix = frame->current_matrix;
struct glyph_matrix *desired_matrix = frame->desired_matrix;
verify (sizeof (int) <= sizeof (unsigned));
verify (alignof (unsigned) % alignof (int) == 0);
static_assert (sizeof (int) <= sizeof (unsigned));
static_assert (alignof (unsigned) % alignof (int) == 0);
unsigned *old_hash;
USE_SAFE_ALLOCA;
SAFE_NALLOCA (old_hash, 4, height);

3
src/editfns.c
View file

@ -46,7 +46,6 @@ along with GNU Emacs. If not, see <https://www.gnu.org/licenses/>. */
#include <c-ctype.h>
#include <intprops.h>
#include <stdlib.h>
#include <verify.h>
#include "composite.h"
#include "intervals.h"
@ -3408,7 +3407,7 @@ styled_format (ptrdiff_t nargs, Lisp_Object *args, bool message)
SPRINTF_BUFSIZE = (sizeof "-." + (LDBL_MAX_10_EXP + 1)
+ USEFUL_PRECISION_MAX)
};
verify (USEFUL_PRECISION_MAX > 0);
static_assert (USEFUL_PRECISION_MAX > 0);
ptrdiff_t n; /* The number of the next arg to substitute. */
char initial_buffer[1000 + SPRINTF_BUFSIZE];

13
src/emacs-module.c
View file

@ -94,7 +94,6 @@ To add a new module function, proceed as follows:
#include "thread.h"
#include <intprops.h>
#include <verify.h>
/* We use different strategies for allocating the user-visible objects
(struct emacs_runtime, emacs_env, emacs_value), depending on
@ -1034,10 +1033,10 @@ import/export overhead on most platforms.
/* Verify that emacs_limb_t indeed has unique object
representations. */
verify (CHAR_BIT == 8);
verify ((sizeof (emacs_limb_t) == 4 && EMACS_LIMB_MAX == 0xFFFFFFFF)
|| (sizeof (emacs_limb_t) == 8
&& EMACS_LIMB_MAX == 0xFFFFFFFFFFFFFFFF));
static_assert (CHAR_BIT == 8);
static_assert ((sizeof (emacs_limb_t) == 4 && EMACS_LIMB_MAX == 0xFFFFFFFF)
|| (sizeof (emacs_limb_t) == 8
&& EMACS_LIMB_MAX == 0xFFFFFFFFFFFFFFFF));
static bool
module_extract_big_integer (emacs_env *env, emacs_value arg, int *sign,
@ -1084,7 +1083,7 @@ module_extract_big_integer (emacs_env *env, emacs_value arg, int *sign,
suffice. */
EMACS_UINT u;
enum { required = (sizeof u + size - 1) / size };
verify (0 < required && +required <= module_bignum_count_max);
static_assert (0 < required && +required <= module_bignum_count_max);
if (magnitude == NULL)
{
*count = required;
@ -1104,7 +1103,7 @@ module_extract_big_integer (emacs_env *env, emacs_value arg, int *sign,
u = (EMACS_UINT) x;
else
u = -(EMACS_UINT) x;
verify (required * bits < PTRDIFF_MAX);
static_assert (required * bits < PTRDIFF_MAX);
for (ptrdiff_t i = 0; i < required; ++i)
magnitude[i] = (emacs_limb_t) (u >> (i * bits));
MODULE_INTERNAL_CLEANUP ();

2
src/eval.c
View file

@ -1252,7 +1252,7 @@ usage: (catch TAG BODY...) */)
eassert (E) when E contains variables that might be clobbered by a
longjmp. */
#define clobbered_eassert(E) verify (sizeof (E) != 0)
#define clobbered_eassert(E) static_assert (sizeof (E) != 0)
void
pop_handler (void)

4
src/fileio.c
View file

@ -3906,7 +3906,7 @@ union read_non_regular
} s;
GCALIGNED_UNION_MEMBER
};
verify (GCALIGNED (union read_non_regular));
static_assert (GCALIGNED (union read_non_regular));
static Lisp_Object
read_non_regular (Lisp_Object state)
@ -6316,7 +6316,7 @@ A non-nil CURRENT-ONLY argument means save only current buffer. */)
continue;
enum { growth_factor = 4 };
verify (BUF_BYTES_MAX <= EMACS_INT_MAX / growth_factor);
static_assert (BUF_BYTES_MAX <= EMACS_INT_MAX / growth_factor);
set_buffer_internal (b);
if (NILP (Vauto_save_include_big_deletions)

4
src/fns.c
View file

@ -4631,7 +4631,7 @@ check_hash_table (Lisp_Object obj)
EMACS_INT
next_almost_prime (EMACS_INT n)
{
verify (NEXT_ALMOST_PRIME_LIMIT == 11);
static_assert (NEXT_ALMOST_PRIME_LIMIT == 11);
for (n |= 1; ; n += 2)
if (n % 3 != 0 && n % 5 != 0 && n % 7 != 0)
return n;
@ -5367,7 +5367,7 @@ hash_string (char const *ptr, ptrdiff_t len)
/* String is shorter than an EMACS_UINT. Use smaller loads. */
eassume (p <= end && end - p < sizeof (EMACS_UINT));
EMACS_UINT tail = 0;
verify (sizeof tail <= 8);
static_assert (sizeof tail <= 8);
#if EMACS_INT_MAX > INT32_MAX
if (end - p >= 4)
{

2
src/fringe.c
View file

@ -1813,7 +1813,7 @@ init_fringe (void)
fringe_bitmaps = xzalloc (max_fringe_bitmaps * sizeof *fringe_bitmaps);
verify (NIL_IS_ZERO);
static_assert (NIL_IS_ZERO);
fringe_faces = xzalloc (max_fringe_bitmaps * sizeof *fringe_faces);
}

4
src/keyboard.h
View file

@ -497,8 +497,8 @@ INLINE void
kbd_buffer_store_event_hold (struct input_event *event,
struct input_event *hold_quit)
{
verify (alignof (struct input_event) == alignof (union buffered_input_event)
&& sizeof (struct input_event) == sizeof (union buffered_input_event));
static_assert (alignof (struct input_event) == alignof (union buffered_input_event)
&& sizeof (struct input_event) == sizeof (union buffered_input_event));
kbd_buffer_store_buffered_event ((union buffered_input_event *) event,
hold_quit);
}

2
src/keymap.c
View file

@ -518,7 +518,7 @@ union map_keymap
} s;
GCALIGNED_UNION_MEMBER
};
verify (GCALIGNED (union map_keymap));
static_assert (GCALIGNED (union map_keymap));
static void
map_keymap_char_table_item (Lisp_Object args, Lisp_Object key, Lisp_Object val)

55
src/lisp.h
View file

@ -140,7 +140,7 @@ typedef unsigned char bits_word;
# define BITS_WORD_MAX ((1u << BOOL_VECTOR_BITS_PER_CHAR) - 1)
enum { BITS_PER_BITS_WORD = BOOL_VECTOR_BITS_PER_CHAR };
#endif
verify (BITS_WORD_MAX >> (BITS_PER_BITS_WORD - 1) == 1);
static_assert (BITS_WORD_MAX >> (BITS_PER_BITS_WORD - 1) == 1);
/* Use pD to format ptrdiff_t values, which suffice for indexes into
buffers and strings. Emacs never allocates objects larger than
@ -281,14 +281,14 @@ DEFINE_GDB_SYMBOL_END (VALMASK)
emacs_align_type union in alloc.c.
Although these macros are reasonably portable, they are not
guaranteed on non-GCC platforms, as the C standard does not require support
for alignment to GCALIGNMENT and older compilers may ignore
alignment requests. For any type T where garbage collection
requires alignment, use verify (GCALIGNED (T)) to verify the
requirement on the current platform. Types need this check if
their objects can be allocated outside the garbage collector. For
example, struct Lisp_Symbol needs the check because of lispsym and
struct Lisp_Cons needs it because of STACK_CONS. */
guaranteed on non-GCC platforms, as the C standard does not require
support for alignment to GCALIGNMENT and older compilers may ignore
alignment requests. For any type T where garbage collection requires
alignment, use static_assert (GCALIGNED (T)) to verify the
requirement on the current platform. Types need this check if their
objects can be allocated outside the garbage collector. For example,
struct Lisp_Symbol needs the check because of lispsym and struct
Lisp_Cons needs it because of STACK_CONS. */
#define GCALIGNED_UNION_MEMBER char alignas (GCALIGNMENT) gcaligned;
#if HAVE_STRUCT_ATTRIBUTE_ALIGNED
@ -865,7 +865,7 @@ struct Lisp_Symbol
GCALIGNED_UNION_MEMBER
} u;
};
verify (GCALIGNED (struct Lisp_Symbol));
static_assert (GCALIGNED (struct Lisp_Symbol));
/* Declare a Lisp-callable function. The MAXARGS parameter has the same
meaning as in the DEFUN macro, and is used to construct a prototype. */
@ -1480,7 +1480,7 @@ struct Lisp_Cons
GCALIGNED_UNION_MEMBER
} u;
};
verify (GCALIGNED (struct Lisp_Cons));
static_assert (GCALIGNED (struct Lisp_Cons));
INLINE bool
(NILP) (Lisp_Object x)
@ -1610,7 +1610,7 @@ struct Lisp_String
GCALIGNED_UNION_MEMBER
} u;
};
verify (GCALIGNED (struct Lisp_String));
static_assert (GCALIGNED (struct Lisp_String));
INLINE bool
STRINGP (Lisp_Object x)
@ -2025,10 +2025,11 @@ gc_aset (Lisp_Object array, ptrdiff_t idx, Lisp_Object val)
}
/* True, since Qnil's representation is zero. Every place in the code
that assumes Qnil is zero should verify (NIL_IS_ZERO), to make it easy
to find such assumptions later if we change Qnil to be nonzero.
Test iQnil and Lisp_Symbol instead of Qnil directly, since the latter
is not suitable for use in an integer constant expression. */
that assumes Qnil is zero should static_assert (NIL_IS_ZERO), to make
it easy to find such assumptions later if we change Qnil to be
nonzero. Test iQnil and Lisp_Symbol instead of Qnil directly, since
the latter is not suitable for use in an integer constant
expression. */
enum { NIL_IS_ZERO = iQnil == 0 && Lisp_Symbol == 0 };
/* Clear the object addressed by P, with size NBYTES, so that all its
@ -2037,7 +2038,7 @@ INLINE void
memclear (void *p, ptrdiff_t nbytes)
{
eassert (0 <= nbytes);
verify (NIL_IS_ZERO);
static_assert (NIL_IS_ZERO);
/* Since Qnil is zero, memset suffices. */
memset (p, 0, nbytes);
}
@ -2240,7 +2241,7 @@ union Aligned_Lisp_Subr
struct Lisp_Subr s;
GCALIGNED_UNION_MEMBER
};
verify (GCALIGNED (union Aligned_Lisp_Subr));
static_assert (GCALIGNED (union Aligned_Lisp_Subr));
INLINE bool
SUBRP (Lisp_Object a)
@ -2281,11 +2282,11 @@ enum char_table_specials
};
/* Sanity-check pseudovector layout. */
verify (offsetof (struct Lisp_Char_Table, defalt) == header_size);
verify (offsetof (struct Lisp_Char_Table, extras)
== header_size + CHAR_TABLE_STANDARD_SLOTS * sizeof (Lisp_Object));
verify (offsetof (struct Lisp_Sub_Char_Table, contents)
== header_size + SUB_CHAR_TABLE_OFFSET * sizeof (Lisp_Object));
static_assert (offsetof (struct Lisp_Char_Table, defalt) == header_size);
static_assert (offsetof (struct Lisp_Char_Table, extras)
== header_size + CHAR_TABLE_STANDARD_SLOTS * sizeof (Lisp_Object));
static_assert (offsetof (struct Lisp_Sub_Char_Table, contents)
== header_size + SUB_CHAR_TABLE_OFFSET * sizeof (Lisp_Object));
/* Return the number of "extra" slots in the char table CT. */
@ -2819,7 +2820,7 @@ SXHASH_REDUCE (EMACS_UINT x)
INLINE hash_hash_t
reduce_emacs_uint_to_hash_hash (EMACS_UINT x)
{
verify (sizeof x <= 2 * sizeof (hash_hash_t));
static_assert (sizeof x <= 2 * sizeof (hash_hash_t));
return (sizeof x == sizeof (hash_hash_t)
? x
: x ^ (x >> (8 * (sizeof x - sizeof (hash_hash_t)))));
@ -3214,7 +3215,7 @@ struct Lisp_Float
GCALIGNED_UNION_MEMBER
} u;
};
verify (GCALIGNED (struct Lisp_Float));
static_assert (GCALIGNED (struct Lisp_Float));
INLINE bool
(FLOATP) (Lisp_Object x)
@ -4201,7 +4202,7 @@ modiff_incr (modiff_count *a, ptrdiff_t len)
/* Increase the counter more for a large modification and less for a
small modification. Increase it logarithmically to avoid
increasing it too much. */
verify (PTRDIFF_MAX <= ULLONG_MAX);
static_assert (PTRDIFF_MAX <= ULLONG_MAX);
int incr = len == 0 ? 1 : elogb (len) + 1;
bool modiff_overflow = ckd_add (a, a0, incr);
eassert (!modiff_overflow && *a >> 30 >> 30 == 0);
@ -4346,7 +4347,7 @@ extern void tim_sort (Lisp_Object, Lisp_Object, Lisp_Object *, const ptrdiff_t,
ARG_NONNULL ((3));
/* Defined in floatfns.c. */
verify (FLT_RADIX == 2 || FLT_RADIX == 16);
static_assert (FLT_RADIX == 2 || FLT_RADIX == 16);
enum { LOG2_FLT_RADIX = FLT_RADIX == 2 ? 1 : 4 };
int double_integer_scale (double);
#ifndef HAVE_TRUNC

2
src/lread.c
View file

@ -3649,7 +3649,7 @@ skip_lazy_string (Lisp_Object readcharfun)
and record where in the file it comes from. */
/* First exchange the two saved_strings. */
verify (ARRAYELTS (saved_strings) == 2);
static_assert (ARRAYELTS (saved_strings) == 2);
struct saved_string t = saved_strings[0];
saved_strings[0] = saved_strings[1];
saved_strings[1] = t;

6
src/nsgui.h
View file

@ -29,8 +29,6 @@ along with GNU Emacs. If not, see <https://www.gnu.org/licenses/>. */
#define Cursor FooFoo
#endif /* NS_IMPL_COCOA */
#undef verify
#import <AppKit/AppKit.h>
#ifdef NS_IMPL_COCOA
@ -44,10 +42,6 @@ along with GNU Emacs. If not, see <https://www.gnu.org/licenses/>. */
#endif /* __OBJC__ */
#undef verify
#undef _GL_VERIFY_H
#include <verify.h>
/* Emulate XCharStruct. */
typedef struct _XCharStruct
{

26
src/pdumper.c
View file

@ -99,11 +99,11 @@ along with GNU Emacs. If not, see <https://www.gnu.org/licenses/>. */
are the same size and have the same layout, and where bytes have
eight bits --- that is, a general-purpose computer made after 1990.
Also require Lisp_Object to be at least as wide as pointers. */
verify (sizeof (ptrdiff_t) == sizeof (void *));
verify (sizeof (intptr_t) == sizeof (ptrdiff_t));
verify (sizeof (void (*) (void)) == sizeof (void *));
verify (sizeof (ptrdiff_t) <= sizeof (Lisp_Object));
verify (sizeof (ptrdiff_t) <= sizeof (EMACS_INT));
static_assert (sizeof (ptrdiff_t) == sizeof (void *));
static_assert (sizeof (intptr_t) == sizeof (ptrdiff_t));
static_assert (sizeof (void (*) (void)) == sizeof (void *));
static_assert (sizeof (ptrdiff_t) <= sizeof (Lisp_Object));
static_assert (sizeof (ptrdiff_t) <= sizeof (EMACS_INT));
static size_t
divide_round_up (size_t x, size_t y)
@ -276,15 +276,15 @@ enum
DUMP_RELOC_OFFSET_BITS = DUMP_OFF_WIDTH - DUMP_RELOC_TYPE_BITS
};
verify (RELOC_DUMP_TO_EMACS_LV + 8 < (1 << DUMP_RELOC_TYPE_BITS));
verify (DUMP_ALIGNMENT >= GCALIGNMENT);
static_assert (RELOC_DUMP_TO_EMACS_LV + 8 < (1 << DUMP_RELOC_TYPE_BITS));
static_assert (DUMP_ALIGNMENT >= GCALIGNMENT);
struct dump_reloc
{
unsigned int raw_offset : DUMP_RELOC_OFFSET_BITS;
ENUM_BF (dump_reloc_type) type : DUMP_RELOC_TYPE_BITS;
};
verify (sizeof (struct dump_reloc) == sizeof (dump_off));
static_assert (sizeof (struct dump_reloc) == sizeof (dump_off));
/* Set the type of a dump relocation.
@ -2244,7 +2244,7 @@ dump_bignum (struct dump_context *ctx, Lisp_Object object)
#endif
const struct Lisp_Bignum *bignum = XBIGNUM (object);
START_DUMP_PVEC (ctx, &bignum->header, struct Lisp_Bignum, out);
verify (sizeof (out->value) >= sizeof (struct bignum_reload_info));
static_assert (sizeof (out->value) >= sizeof (struct bignum_reload_info));
dump_field_fixup_later (ctx, out, bignum, xbignum_val (object));
dump_off bignum_offset = finish_dump_pvec (ctx, &out->header);
if (ctx->flags.dump_object_contents)
@ -4248,11 +4248,11 @@ types. */)
O_RDWR | O_TRUNC | O_CREAT, 0666);
if (ctx->fd < 0)
report_file_error ("Opening dump output", filename);
verify (sizeof (ctx->header.magic) == sizeof (dump_magic));
static_assert (sizeof (ctx->header.magic) == sizeof (dump_magic));
memcpy (&ctx->header.magic, dump_magic, sizeof (dump_magic));
ctx->header.magic[0] = '!'; /* Note that dump is incomplete. */
verify (sizeof (fingerprint) == sizeof (ctx->header.fingerprint));
static_assert (sizeof (fingerprint) == sizeof (ctx->header.fingerprint));
for (int i = 0; i < sizeof fingerprint; i++)
ctx->header.fingerprint[i] = fingerprint[i];
@ -5522,7 +5522,7 @@ dump_do_dump_relocation (const uintptr_t dump_base,
{
struct Lisp_Bignum *bignum = dump_ptr (dump_base, reloc_offset);
struct bignum_reload_info reload_info;
verify (sizeof (reload_info) <= sizeof (*bignum_val (bignum)));
static_assert (sizeof (reload_info) <= sizeof (*bignum_val (bignum)));
memcpy (&reload_info, bignum_val (bignum), sizeof (reload_info));
const mp_limb_t *limbs =
dump_ptr (dump_base, reload_info.data_location);
@ -5713,7 +5713,7 @@ pdumper_load (const char *dump_filename, char *argv0)
}
err = PDUMPER_LOAD_VERSION_MISMATCH;
verify (sizeof (header->fingerprint) == sizeof (fingerprint));
static_assert (sizeof (header->fingerprint) == sizeof (fingerprint));
unsigned char desired[sizeof fingerprint];
for (int i = 0; i < sizeof fingerprint; i++)
desired[i] = fingerprint[i];

13
src/process.c
View file

@ -95,7 +95,6 @@ static struct rlimit nofile_limit;
#include <flexmember.h>
#include <nproc.h>
#include <sig2str.h>
#include <verify.h>
#endif /* subprocesses */
@ -922,7 +921,7 @@ make_process (Lisp_Object name)
p->open_fd[i] = -1;
#ifdef HAVE_GNUTLS
verify (GNUTLS_STAGE_EMPTY == 0);
static_assert (GNUTLS_STAGE_EMPTY == 0);
eassert (p->gnutls_initstage == GNUTLS_STAGE_EMPTY);
eassert (NILP (p->gnutls_boot_parameters));
#endif
@ -1913,7 +1912,7 @@ usage: (make-process &rest ARGS) */)
#ifdef HAVE_GNUTLS
/* AKA GNUTLS_INITSTAGE(proc). */
verify (GNUTLS_STAGE_EMPTY == 0);
static_assert (GNUTLS_STAGE_EMPTY == 0);
eassert (XPROCESS (proc)->gnutls_initstage == GNUTLS_STAGE_EMPTY);
eassert (NILP (XPROCESS (proc)->gnutls_cred_type));
#endif
@ -2143,7 +2142,7 @@ enum
EXEC_MONITOR_OUTPUT
};
verify (PROCESS_OPEN_FDS == EXEC_MONITOR_OUTPUT + 1);
static_assert (PROCESS_OPEN_FDS == EXEC_MONITOR_OUTPUT + 1);
static void
create_process (Lisp_Object process, char **new_argv, Lisp_Object current_dir)
@ -3540,9 +3539,9 @@ connect_network_socket (Lisp_Object proc, Lisp_Object addrinfos,
structures, but the standards don't guarantee that,
so verify it here. */
struct sockaddr_in6 sa6;
verify ((offsetof (struct sockaddr_in, sin_port)
== offsetof (struct sockaddr_in6, sin6_port))
&& sizeof (sa1.sin_port) == sizeof (sa6.sin6_port));
static_assert ((offsetof (struct sockaddr_in, sin_port)
== offsetof (struct sockaddr_in6, sin6_port))
&& sizeof (sa1.sin_port) == sizeof (sa6.sin6_port));
#endif
DECLARE_POINTER_ALIAS (psa1, struct sockaddr, &sa1);
if (getsockname (s, psa1, &len1) == 0)

2
src/regex-emacs.c
View file

@ -1290,7 +1290,7 @@ typedef int regnum_t;
/* Macros for the compile stack. */
typedef long pattern_offset_t;
verify (LONG_MIN <= -(MAX_BUF_SIZE - 1) && MAX_BUF_SIZE - 1 <= LONG_MAX);
static_assert (LONG_MIN <= -(MAX_BUF_SIZE - 1) && MAX_BUF_SIZE - 1 <= LONG_MAX);
typedef struct
{

2
src/sort.c
View file

@ -1113,7 +1113,7 @@ tim_sort (Lisp_Object predicate, Lisp_Object keyfunc,
{
/* Fill with valid Lisp values in case a GC occurs before all
keys have been computed. */
verify (NIL_IS_ZERO);
static_assert (NIL_IS_ZERO);
keys = allocated_keys = xzalloc (length * word_size);
}

12
src/sysdep.c
View file

@ -2248,7 +2248,7 @@ init_random (void)
/* FIXME: Perhaps getrandom can be used here too? */
success = w32_init_random (&v, sizeof v) == 0;
#else
verify (sizeof v <= 256);
static_assert (sizeof v <= 256);
success = getrandom (&v, sizeof v, 0) == sizeof v;
#endif
@ -2742,16 +2742,16 @@ emacs_fchmodat (int fd, const char *path, mode_t mode, int flags)
#ifndef SSIZE_MAX
# define SSIZE_MAX TYPE_MAXIMUM (ssize_t)
#endif
verify (MAX_RW_COUNT <= PTRDIFF_MAX);
verify (MAX_RW_COUNT <= SIZE_MAX);
verify (MAX_RW_COUNT <= SSIZE_MAX);
static_assert (MAX_RW_COUNT <= PTRDIFF_MAX);
static_assert (MAX_RW_COUNT <= SIZE_MAX);
static_assert (MAX_RW_COUNT <= SSIZE_MAX);
#ifdef WINDOWSNT
/* Verify that Emacs read requests cannot cause trouble, even in
64-bit builds. The last argument of 'read' is 'unsigned int', and
the return value's type (see 'sys_read') is 'int'. */
verify (MAX_RW_COUNT <= INT_MAX);
verify (MAX_RW_COUNT <= UINT_MAX);
static_assert (MAX_RW_COUNT <= INT_MAX);
static_assert (MAX_RW_COUNT <= UINT_MAX);
#endif
/* Read from FD to a buffer BUF with size NBYTE.

2
src/thread.c
View file

@ -43,7 +43,7 @@ union aligned_thread_state
struct thread_state s;
GCALIGNED_UNION_MEMBER
};
verify (GCALIGNED (union aligned_thread_state));
static_assert (GCALIGNED (union aligned_thread_state));
static union aligned_thread_state main_thread
= {{

2
src/timefns.c
View file

@ -105,7 +105,7 @@ trillion_factor (Lisp_Object hz)
if (!FIXNUM_OVERFLOW_P (TRILLION))
return false;
}
verify (TRILLION <= INTMAX_MAX);
static_assert (TRILLION <= INTMAX_MAX);
intmax_t ihz;
return integer_to_intmax (hz, &ihz) && TRILLION % ihz == 0;
}

7
src/unexelf.c
View file

@ -181,10 +181,9 @@ typedef struct {
/* The code often converts ElfW (Half) values like e_shentsize to ptrdiff_t;
check that this doesn't lose information. */
#include <intprops.h>
#include <verify.h>
verify ((! TYPE_SIGNED (ElfW (Half))
|| PTRDIFF_MIN <= TYPE_MINIMUM (ElfW (Half)))
&& TYPE_MAXIMUM (ElfW (Half)) <= PTRDIFF_MAX);
static_assert ((! TYPE_SIGNED (ElfW (Half))
|| PTRDIFF_MIN <= TYPE_MINIMUM (ElfW (Half)))
&& TYPE_MAXIMUM (ElfW (Half)) <= PTRDIFF_MAX);
#ifdef UNEXELF_DEBUG
# define DEBUG_LOG(expr) fprintf (stderr, #expr " 0x%"PRIxMAX"\n", \

2
src/xterm.c
View file

@ -15585,7 +15585,7 @@ x_send_scroll_bar_event (Lisp_Object window, enum scroll_bar_part part,
XClientMessageEvent *ev = &event.xclient;
struct window *w = XWINDOW (window);
struct frame *f = XFRAME (w->frame);
verify (INTPTR_WIDTH <= 64);
static_assert (INTPTR_WIDTH <= 64);
/* Don't do anything if too many scroll bar events have been
sent but not received. */