Rename assert to CHECK.
To avoid confusion with the usual definition of assert in C which will
sometimes be compiled out and the expression not evaluated. CHECK will
always be evaluated and tested.
Change-Id: I6a36359ecdecdada5c12ebf70c67cffec9574f7d
diff --git a/inc/hf/assert.h b/inc/hf/check.h
similarity index 77%
rename from inc/hf/assert.h
rename to inc/hf/check.h
index 299b296..41e005f 100644
--- a/inc/hf/assert.h
+++ b/inc/hf/check.h
@@ -16,22 +16,19 @@
#pragma once
-#if !defined(__cplusplus)
-
#include "hf/panic.h"
/**
- * Only use for exceptional cases and never if the condition could be false e.g.
- * when processing external inputs.
+ * Only use to check assumptions which, if false, mean the system is in a bad
+ * state and it is unsafe to continue.
+ *
+ * Do not use if the condition could ever be legitimately false e.g. when
+ * processing external inputs.
*/
-#define assert(x) \
+#define CHECK(x) \
do { \
if (!(x)) { \
panic("assertion failed (%s) at %s:%d", #x, __FILE__, \
__LINE__); \
} \
} while (0)
-
-#define static_assert _Static_assert
-
-#endif
diff --git a/inc/hf/io.h b/inc/hf/io.h
index 12bc440..fbafaf8 100644
--- a/inc/hf/io.h
+++ b/inc/hf/io.h
@@ -21,7 +21,7 @@
#include "hf/arch/barriers.h"
-#include "hf/assert.h"
+#include "hf/check.h"
/* Opaque types for different sized fields of memory mapped IO. */
@@ -101,25 +101,25 @@
static inline uint8_t io_read8_array(io8_array_t io, size_t n)
{
- assert(n < io.count);
+ CHECK(n < io.count);
return io.base[n];
}
static inline uint16_t io_read16_array(io16_array_t io, size_t n)
{
- assert(n < io.count);
+ CHECK(n < io.count);
return io.base[n];
}
static inline uint32_t io_read32_array(io32_array_t io, size_t n)
{
- assert(n < io.count);
+ CHECK(n < io.count);
return io.base[n];
}
static inline uint64_t io_read64_array(io64_array_t io, size_t n)
{
- assert(n < io.count);
+ CHECK(n < io.count);
return io.base[n];
}
@@ -217,25 +217,25 @@
static inline void io_write8_array(io8_array_t io, size_t n, uint8_t v)
{
- assert(n < io.count);
+ CHECK(n < io.count);
io.base[n] = v;
}
static inline void io_write16_array(io16_array_t io, size_t n, uint16_t v)
{
- assert(n < io.count);
+ CHECK(n < io.count);
io.base[n] = v;
}
static inline void io_write32_array(io32_array_t io, size_t n, uint32_t v)
{
- assert(n < io.count);
+ CHECK(n < io.count);
io.base[n] = v;
}
static inline void io_write64_array(io64_array_t io, size_t n, uint64_t v)
{
- assert(n < io.count);
+ CHECK(n < io.count);
io.base[n] = v;
}
diff --git a/inc/hf/mm.h b/inc/hf/mm.h
index b34fb2c..aebe77d 100644
--- a/inc/hf/mm.h
+++ b/inc/hf/mm.h
@@ -23,8 +23,8 @@
#include "hf/arch/mm.h"
#include "hf/addr.h"
-#include "hf/assert.h"
#include "hf/mpool.h"
+#include "hf/static_assert.h"
/* Keep macro alignment */
/* clang-format off */
diff --git a/inc/hf/static_assert.h b/inc/hf/static_assert.h
new file mode 100644
index 0000000..da71ac6
--- /dev/null
+++ b/inc/hf/static_assert.h
@@ -0,0 +1,23 @@
+/*
+ * Copyright 2019 The Hafnium Authors.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * https://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+#pragma once
+
+#if !defined(__cplusplus)
+
+#define static_assert _Static_assert
+
+#endif
diff --git a/src/api.c b/src/api.c
index dae8683..fea419a 100644
--- a/src/api.c
+++ b/src/api.c
@@ -19,11 +19,12 @@
#include "hf/arch/cpu.h"
#include "hf/arch/timer.h"
-#include "hf/assert.h"
+#include "hf/check.h"
#include "hf/dlog.h"
#include "hf/mm.h"
#include "hf/spci.h"
#include "hf/spinlock.h"
+#include "hf/static_assert.h"
#include "hf/std.h"
#include "hf/vm.h"
diff --git a/src/arch/aarch64/hftest/power_mgmt.c b/src/arch/aarch64/hftest/power_mgmt.c
index 7970970..e9b2c1b 100644
--- a/src/arch/aarch64/hftest/power_mgmt.c
+++ b/src/arch/aarch64/hftest/power_mgmt.c
@@ -16,8 +16,9 @@
#include "hf/arch/vm/power_mgmt.h"
-#include "hf/assert.h"
+#include "hf/check.h"
#include "hf/spinlock.h"
+#include "hf/static_assert.h"
#include "vmapi/hf/call.h"
diff --git a/src/arch/aarch64/hypervisor/offsets.c b/src/arch/aarch64/hypervisor/offsets.c
index 366a595..1f32581 100644
--- a/src/arch/aarch64/hypervisor/offsets.c
+++ b/src/arch/aarch64/hypervisor/offsets.c
@@ -16,8 +16,8 @@
#include "offsets.h"
-#include "hf/assert.h"
#include "hf/cpu.h"
+#include "hf/static_assert.h"
#define CHECK_OFFSET(name, type, field) \
CHECK_OFFSET_1(#name, name, offsetof(type, field))
diff --git a/src/arch/aarch64/inc/hf/arch/types.h b/src/arch/aarch64/inc/hf/arch/types.h
index 527ce92..980a34c 100644
--- a/src/arch/aarch64/inc/hf/arch/types.h
+++ b/src/arch/aarch64/inc/hf/arch/types.h
@@ -19,8 +19,8 @@
#include <stdalign.h>
#include <stdint.h>
-#include "hf/assert.h"
#include "hf/spci.h"
+#include "hf/static_assert.h"
#define PAGE_BITS 12
#define PAGE_LEVEL_BITS 9
diff --git a/src/cpu.c b/src/cpu.c
index eeea904..daeb1a0 100644
--- a/src/cpu.c
+++ b/src/cpu.c
@@ -21,6 +21,7 @@
#include "hf/arch/cpu.h"
#include "hf/api.h"
+#include "hf/check.h"
#include "hf/dlog.h"
#include "hf/spci.h"
#include "hf/std.h"
@@ -208,7 +209,7 @@
{
size_t index = vcpu - vcpu->vm->vcpus;
- assert(index < UINT16_MAX);
+ CHECK(index < UINT16_MAX);
return index;
}
@@ -251,7 +252,7 @@
struct vm *vm = vcpu->vm;
bool vcpu_was_off;
- assert(vm->id != HF_PRIMARY_VM_ID);
+ CHECK(vm->id != HF_PRIMARY_VM_ID);
vcpu_locked = vcpu_lock(vcpu);
vcpu_was_off = vcpu_is_off(vcpu_locked);
diff --git a/src/load.c b/src/load.c
index 7556533..8b1dce3 100644
--- a/src/load.c
+++ b/src/load.c
@@ -19,13 +19,13 @@
#include <stdbool.h>
#include "hf/api.h"
-#include "hf/assert.h"
#include "hf/boot_params.h"
#include "hf/dlog.h"
#include "hf/layout.h"
#include "hf/memiter.h"
#include "hf/mm.h"
#include "hf/plat/console.h"
+#include "hf/static_assert.h"
#include "hf/std.h"
#include "hf/vm.h"
diff --git a/src/mm.c b/src/mm.c
index be87e69..ee9384a 100644
--- a/src/mm.c
+++ b/src/mm.c
@@ -19,10 +19,11 @@
#include <stdatomic.h>
#include <stdint.h>
-#include "hf/assert.h"
+#include "hf/check.h"
#include "hf/dlog.h"
#include "hf/layout.h"
#include "hf/plat/console.h"
+#include "hf/static_assert.h"
/**
* This file has functions for managing the level 1 and 2 page tables used by
@@ -500,7 +501,7 @@
* Assert condition to communicate the API constraint of mm_max_level(),
* that isn't encoded in the types, to the static analyzer.
*/
- assert(root_level >= 2);
+ CHECK(root_level >= 2);
/* Cap end to stay within the bounds of the page table. */
if (end > ptable_end) {
@@ -875,7 +876,7 @@
void mm_unlock_stage1(struct mm_stage1_locked *lock)
{
- assert(lock->ptable == &ptable);
+ CHECK(lock->ptable == &ptable);
sl_unlock(&ptable_lock);
lock->ptable = NULL;
}
diff --git a/src/vm.c b/src/vm.c
index 7c5166b..0119fd8 100644
--- a/src/vm.c
+++ b/src/vm.c
@@ -17,6 +17,7 @@
#include "hf/vm.h"
#include "hf/api.h"
+#include "hf/check.h"
#include "hf/cpu.h"
#include "hf/spci.h"
#include "hf/std.h"
@@ -115,6 +116,6 @@
*/
struct vcpu *vm_get_vcpu(struct vm *vm, spci_vcpu_index_t vcpu_index)
{
- assert(vcpu_index < vm->vcpu_count);
+ CHECK(vcpu_index < vm->vcpu_count);
return &vm->vcpus[vcpu_index];
}
diff --git a/test/vmapi/primary_with_secondaries/no_services.c b/test/vmapi/primary_with_secondaries/no_services.c
index 9f190e0..e2c52f1 100644
--- a/test/vmapi/primary_with_secondaries/no_services.c
+++ b/test/vmapi/primary_with_secondaries/no_services.c
@@ -17,8 +17,8 @@
#include <stdalign.h>
#include <stdint.h>
-#include "hf/assert.h"
#include "hf/mm.h"
+#include "hf/static_assert.h"
#include "hf/std.h"
#include "vmapi/hf/call.h"
diff --git a/test/vmapi/primary_with_secondaries/run_race.c b/test/vmapi/primary_with_secondaries/run_race.c
index bd832c7..49c95e3 100644
--- a/test/vmapi/primary_with_secondaries/run_race.c
+++ b/test/vmapi/primary_with_secondaries/run_race.c
@@ -19,7 +19,6 @@
#include "hf/arch/vm/power_mgmt.h"
-#include "hf/assert.h"
#include "hf/mm.h"
#include "hf/std.h"
diff --git a/test/vmapi/primary_with_secondaries/util.c b/test/vmapi/primary_with_secondaries/util.c
index 24b2b9e..082daf6 100644
--- a/test/vmapi/primary_with_secondaries/util.c
+++ b/test/vmapi/primary_with_secondaries/util.c
@@ -18,6 +18,7 @@
#include "hf/mm.h"
#include "hf/spci.h"
+#include "hf/static_assert.h"
#include "vmapi/hf/call.h"
