util_bug.h 8.75 KB
Newer Older
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
/* Copyright (c) 2003-2004, Roger Dingledine
 * Copyright (c) 2004-2006, Roger Dingledine, Nick Mathewson.
 * Copyright (c) 2007-2016, The Tor Project, Inc. */
/* See LICENSE for licensing information */

/**
 * \file util_bug.h
 **/

#ifndef TOR_UTIL_BUG_H
#define TOR_UTIL_BUG_H

#include "orconfig.h"
#include "compat.h"
#include "testsupport.h"

/* Replace assert() with a variant that sends failures to the log before
 * calling assert() normally.
 */
#ifdef NDEBUG
/* Nobody should ever want to build with NDEBUG set.  99% of our asserts will
 * be outside the critical path anyway, so it's silly to disable bug-checking
 * throughout the entire program just because a few asserts are slowing you
 * down.  Profile, optimize the critical path, and keep debugging on.
 *
 * And I'm not just saying that because some of our asserts check
 * security-critical properties.
 */
#error "Sorry; we don't support building with NDEBUG."
#endif

32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
#if defined(TOR_UNIT_TESTS) && defined(__GNUC__)
/* We define this GCC macro as a replacement for PREDICT_UNLIKELY() in this
 * header, so that in our unit test builds, we'll get compiler warnings about
 * stuff like tor_assert(n = 5).
 *
 * The key here is that (e) is wrapped in exactly one layer of parentheses,
 * and then passed right to a conditional.  If you do anything else to the
 * expression here, or introduce any more parentheses, the compiler won't
 * help you.
 */
#define ASSERT_PREDICT_UNLIKELY_(e)             \
  ({                                            \
    int tor__assert_tmp_value__;                \
    if (e)                                      \
      tor__assert_tmp_value__ = 1;              \
    else                                        \
      tor__assert_tmp_value__ = 0;              \
    tor__assert_tmp_value__;                    \
  })
#define ASSERT_PREDICT_LIKELY_(e) ASSERT_PREDICT_UNLIKELY_(e)
#else
#define ASSERT_PREDICT_UNLIKELY_(e) PREDICT_UNLIKELY(e)
#define ASSERT_PREDICT_LIKELY_(e) PREDICT_LIKELY(e)
#endif

57
58
59
60
61
62
63
64
65
66
67
/* Sometimes we don't want to use assertions during branch coverage tests; it
 * leads to tons of unreached branches which in reality are only assertions we
 * didn't hit. */
#if defined(TOR_UNIT_TESTS) && defined(DISABLE_ASSERTS_IN_UNIT_TESTS)
#define tor_assert(a) STMT_BEGIN                                        \
  (void)(a);                                                            \
  STMT_END
#else
/** Like assert(3), but send assertion failures to the log as well as to
 * stderr. */
#define tor_assert(expr) STMT_BEGIN                                     \
68
69
  if (ASSERT_PREDICT_LIKELY_(expr)) {                                   \
  } else {                                                              \
70
71
72
73
74
    tor_assertion_failed_(SHORT_FILE__, __LINE__, __func__, #expr);     \
    abort();                                                            \
  } STMT_END
#endif

75
76
77
78
79
#define tor_assert_unreached() tor_assert(0)

/* Non-fatal bug assertions. The "unreached" variants mean "this line should
 * never be reached." The "once" variants mean "Don't log a warning more than
 * once".
80
81
82
83
84
 *
 * The 'BUG' macro checks a boolean condition and logs an error message if it
 * is true.  Example usage:
 *   if (BUG(x == NULL))
 *     return -1;
85
86
 */

87
88
89
90
91
92
93
94
95
96
97
98
99
#ifdef __COVERITY__
#undef BUG
// Coverity defines this in global headers; let's override it.  This is a
// magic coverity-only preprocessor thing.
#nodef BUG(x) ((x)?(__coverity_panic__(),1):0)
#endif

#if defined(__COVERITY__) || defined(__clang_analyzer__)
// We're running with a static analysis tool: let's treat even nonfatal
// assertion failures as something that we need to avoid.
#define ALL_BUGS_ARE_FATAL
#endif

100
101
102
103
104
#ifdef ALL_BUGS_ARE_FATAL
#define tor_assert_nonfatal_unreached() tor_assert(0)
#define tor_assert_nonfatal(cond) tor_assert((cond))
#define tor_assert_nonfatal_unreached_once() tor_assert(0)
#define tor_assert_nonfatal_once(cond) tor_assert((cond))
105
#define BUG(cond)                                                       \
106
  (ASSERT_PREDICT_UNLIKELY_(cond) ?                                     \
107
108
   (tor_assertion_failed_(SHORT_FILE__,__LINE__,__func__,"!("#cond")"), \
    abort(), 1)                                                         \
109
   : 0)
110
111
112
113
114
#elif defined(TOR_UNIT_TESTS) && defined(DISABLE_ASSERTS_IN_UNIT_TESTS)
#define tor_assert_nonfatal_unreached() STMT_NIL
#define tor_assert_nonfatal(cond) ((void)(cond))
#define tor_assert_nonfatal_unreached_once() STMT_NIL
#define tor_assert_nonfatal_once(cond) ((void)(cond))
115
#define BUG(cond) (ASSERT_PREDICT_UNLIKELY_(cond) ? 1 : 0)
116
117
118
119
120
#else /* Normal case, !ALL_BUGS_ARE_FATAL, !DISABLE_ASSERTS_IN_UNIT_TESTS */
#define tor_assert_nonfatal_unreached() STMT_BEGIN                      \
  tor_bug_occurred_(SHORT_FILE__, __LINE__, __func__, NULL, 0);         \
  STMT_END
#define tor_assert_nonfatal(cond) STMT_BEGIN                            \
121
122
123
  if (ASSERT_PREDICT_LIKELY_(cond)) {                                   \
  } else {                                                              \
    tor_bug_occurred_(SHORT_FILE__, __LINE__, __func__, #cond, 0);      \
124
125
126
127
128
129
130
131
132
133
134
  }                                                                     \
  STMT_END
#define tor_assert_nonfatal_unreached_once() STMT_BEGIN                 \
  static int warning_logged__ = 0;                                      \
  if (!warning_logged__) {                                              \
    warning_logged__ = 1;                                               \
    tor_bug_occurred_(SHORT_FILE__, __LINE__, __func__, NULL, 1);       \
  }                                                                     \
  STMT_END
#define tor_assert_nonfatal_once(cond) STMT_BEGIN                       \
  static int warning_logged__ = 0;                                      \
135
136
  if (ASSERT_PREDICT_LIKELY_(cond)) {                                   \
  } else if (!warning_logged__) {                                       \
137
138
139
140
    warning_logged__ = 1;                                               \
    tor_bug_occurred_(SHORT_FILE__, __LINE__, __func__, #cond, 1);      \
  }                                                                     \
  STMT_END
141
#define BUG(cond)                                                       \
142
  (ASSERT_PREDICT_UNLIKELY_(cond) ?                                     \
143
   (tor_bug_occurred_(SHORT_FILE__,__LINE__,__func__,"!("#cond")",0), 1) \
144
   : 0)
145
146
#endif

147
148
#ifdef __GNUC__
#define IF_BUG_ONCE__(cond,var)                                         \
149
  if (( {                                                               \
150
      static int var = 0;                                               \
151
152
      int bool_result = !!(cond);                                       \
      if (bool_result && !var) {                                        \
153
        var = 1;                                                        \
154
155
        tor_bug_occurred_(SHORT_FILE__, __LINE__, __func__,             \
                          "!("#cond")", 1);                             \
156
      }                                                                 \
157
      bool_result; } ))
158
159
160
#else
#define IF_BUG_ONCE__(cond,var)                                         \
  static int var = 0;                                                   \
161
  if ((cond) ?                                                          \
162
163
      (var ? 1 :                                                        \
       (var=1,                                                          \
164
165
        tor_bug_occurred_(SHORT_FILE__, __LINE__, __func__,             \
                           "!("#cond")", 1),                            \
166
167
168
169
170
171
172
173
174
175
176
177
178
        1))                                                             \
      : 0)
#endif
#define IF_BUG_ONCE_VARNAME_(a)               \
  warning_logged_on_ ## a ## __
#define IF_BUG_ONCE_VARNAME__(a)              \
  IF_BUG_ONCE_VARNAME_(a)

/** This macro behaves as 'if (bug(x))', except that it only logs its
 * warning once, no matter how many times it triggers.
 */

#define IF_BUG_ONCE(cond)                                       \
179
  IF_BUG_ONCE__(ASSERT_PREDICT_UNLIKELY_(cond),                 \
180
181
                IF_BUG_ONCE_VARNAME__(__LINE__))

182
183
/** Define this if you want Tor to crash when any problem comes up,
 * so you can get a coredump and track things down. */
184
185
// #define tor_fragile_assert() tor_assert_unreached(0)
#define tor_fragile_assert() tor_assert_nonfatal_unreached_once()
186
187
188

void tor_assertion_failed_(const char *fname, unsigned int line,
                           const char *func, const char *expr);
189
190
191
void tor_bug_occurred_(const char *fname, unsigned int line,
                       const char *func, const char *expr,
                       int once);
192

193
194
195
196
#ifdef TOR_UNIT_TESTS
void tor_capture_bugs_(int n);
void tor_end_capture_bugs_(void);
const struct smartlist_t *tor_get_captured_bug_log_(void);
197
void tor_set_failed_assertion_callback(void (*fn)(void));
198
199
#endif

200
#endif