xrpld
Loading...
Searching...
No Matches
instrumentation.h
1#pragma once
2
3#include <cassert>
4
5#ifdef ENABLE_VOIDSTAR
6#ifdef NDEBUG
7#error "Antithesis instrumentation requires Debug build"
8#endif
9#include <antithesis_sdk.h>
10#else
11// Macros below are copied from antithesis_sdk.h and slightly simplified
12// The duplication is because Visual Studio 2019 cannot compile that header
13// even with the option -Zc:__cplusplus added.
14// NOTE: cond must not contain bare commas outside () or []. Commas inside {}
15// are not protected by the preprocessor and would be parsed as extra arguments.
16#define ALWAYS(cond, message, ...) assert((message) && (cond))
17#define ALWAYS_OR_UNREACHABLE(cond, message) assert((message) && (cond))
18#define SOMETIMES(cond, message, ...)
19#define REACHABLE(message, ...)
20#define UNREACHABLE(message, ...) assert((message) && false) // NOLINT(misc-static-assert)
21#endif
22
23#define XRPL_ASSERT ALWAYS_OR_UNREACHABLE
24#define XRPL_ASSERT_PARTS(cond, function, description, ...) \
25 XRPL_ASSERT(cond, function " : " description)
26
27#define XRPL_ASSERT_IF(guard, cond, message) XRPL_ASSERT(!(guard) || (cond), message)
28
29// How to use the instrumentation macros:
30//
31// * XRPL_ASSERT if cond must be true but the line might not be reached during
32// fuzzing. Same like `assert` in normal use.
33// * XRPL_ASSERT_PARTS is for convenience, and works like XRPL_ASSERT, but
34// splits the message param into "function" and "description", then joins
35// them with " : " before passing to XRPL_ASSERT.
36// * XRPL_ASSERT_IF(guard, cond, message) asserts the implication
37// `guard => cond`: it can only fail when guard is true (e.g. an amendment
38// is enabled) and cond is false. Unlike `if (guard) XRPL_ASSERT(...)`, the
39// assertion site is always evaluated, so the fuzzer registers it
40// unconditionally; cond itself is short-circuited and only evaluated when
41// guard is true. NOTE: do not rely on side effects in guard — in release
42// builds the assertion body is stripped, and the compiler may optimize away
43// a side-effect-free guard entirely.
44// * ALWAYS if cond must be true _and_ the line must be reached during fuzzing.
45// Same like `assert` in normal use.
46// * REACHABLE if the line must be reached during fuzzing
47// * SOMETIMES a hint for the fuzzer to try to make the cond true
48// * UNREACHABLE if the line must not be reached (in fuzzing or in normal use).
49// Same like `assert(false)` in normal use.
50//
51// NOTE: XRPL_ASSERT has similar semantics as C `assert` macro, with only minor
52// differences:
53// * XRPL_ASSERT must have an unique name (naming convention in CONTRIBUTING.md)
54// * during fuzzing, the program will continue execution past failed XRPL_ASSERT
55//
56// We continue to use regular C `assert` inside unit tests and inside constexpr
57// functions.
58//
59// NOTE: UNREACHABLE does *not* have the same semantics as std::unreachable.
60// The program will continue execution past an UNREACHABLE in a Release build
61// and during fuzzing (similar to failed XRPL_ASSERT).
62// Also, the naming convention in UNREACHABLE is subtly different from other
63// instrumentation macros - its name describes the condition which was _not_
64// meant to happen, while name in other macros describes the condition that is
65// meant to happen (e.g. as in "assert that this happens").