Commit abe2efe1ff84d423ef5f104b1e95e9ef66442c0f
2019-12-09T12:37:34
Introduce GIT_ASSERT macros Provide macros to replace usages of `assert`. A true `assert` is punishing as a library. Instead we should do our best to not crash. GIT_ASSERT_ARG(x) will now assert that the given argument complies to some format and sets an error message and returns `-1` if it does not. GIT_ASSERT(x) is for internal usage, and available as an internal consistency check. It will set an error message and return `-1` in the event of failure.
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97
diff --git a/include/git2/errors.h b/include/git2/errors.h
index 5c85c4d..8887b32 100644
--- a/include/git2/errors.h
+++ b/include/git2/errors.h
@@ -107,7 +107,8 @@ typedef enum {
GIT_ERROR_PATCH,
GIT_ERROR_WORKTREE,
GIT_ERROR_SHA1,
- GIT_ERROR_HTTP
+ GIT_ERROR_HTTP,
+ GIT_ERROR_INTERNAL
} git_error_t;
/**
diff --git a/src/common.h b/src/common.h
index a4152ca..959dd57 100644
--- a/src/common.h
+++ b/src/common.h
@@ -95,6 +95,33 @@
#define NETIO_BUFSIZE DEFAULT_BUFSIZE
/**
+ * Assert that a consumer-provided argument is valid, setting an
+ * actionable error message and returning -1 if it is not.
+ *
+ * Note that memory leaks can occur in a release-mode assertion
+ * failure -- it is impractical to provide safe clean up routines in these very
+ * extreme failures, but care should be taken to not leak very large objects.
+ */
+#define GIT_ASSERT_ARG(expr) do { \
+ if (!(expr)) { \
+ git_error_set(GIT_ERROR_INVALID, \
+ "invalid argument: '%s'", \
+ #expr); \
+ return -1; \
+ } \
+ } while(0)
+
+/** Internal consistency check to stop the function. */
+#define GIT_ASSERT(expr) do { \
+ if (!(expr)) { \
+ git_error_set(GIT_ERROR_INTERNAL, \
+ "unrecoverable internal error: '%s'", \
+ #expr); \
+ return -1; \
+ } \
+ } while(0)
+
+/**
* Check a pointer allocation result, returning -1 if it failed.
*/
#define GIT_ERROR_CHECK_ALLOC(ptr) if (ptr == NULL) { return -1; }
diff --git a/tests/core/assert.c b/tests/core/assert.c
new file mode 100644
index 0000000..8fd7093
--- /dev/null
+++ b/tests/core/assert.c
@@ -0,0 +1,39 @@
+#include "clar_libgit2.h"
+
+static const char *hello_world = "hello, world";
+
+static int dummy_fn(const char *myarg)
+{
+ GIT_ASSERT_ARG(myarg);
+ GIT_ASSERT_ARG(myarg != hello_world);
+ return 0;
+}
+
+static int bad_math(void)
+{
+ GIT_ASSERT(1 + 1 == 3);
+ return 42;
+}
+
+void test_core_assert__argument(void)
+{
+ cl_git_fail(dummy_fn(NULL));
+ cl_assert(git_error_last());
+ cl_assert_equal_i(GIT_ERROR_INVALID, git_error_last()->klass);
+ cl_assert_equal_s("invalid argument: 'myarg'", git_error_last()->message);
+
+ cl_git_fail(dummy_fn(hello_world));
+ cl_assert(git_error_last());
+ cl_assert_equal_i(GIT_ERROR_INVALID, git_error_last()->klass);
+ cl_assert_equal_s("invalid argument: 'myarg != hello_world'", git_error_last()->message);
+
+ cl_git_pass(dummy_fn("foo"));
+}
+
+void test_core_assert__internal(void)
+{
+ cl_git_fail(bad_math());
+ cl_assert(git_error_last());
+ cl_assert_equal_i(GIT_ERROR_INTERNAL, git_error_last()->klass);
+ cl_assert_equal_s("unrecoverable internal error: '1 + 1 == 3'", git_error_last()->message);
+}