C 编译器断言 - 如何实现? [英] C compiler asserts - how to implement?

问题描述

我想实现一个断言"，在错误情况下阻止编译，而不是在运行时失败.

我目前有一个这样的定义，效果很好，但会增加二进制文件的大小.

#define MY_COMPILER_ASSERT(EXPRESSION) switch (0) {case 0: case (EXPRESSION):;}

示例代码(无法编译).

#define DEFINE_A 1#define DEFINE_B 1MY_COMPILER_ASSERT(DEFINE_A == DEFINE_B);

我该如何实现它才能不生成任何代码(以最小化生成的二进制文件的大小)?

解决方案

纯标准 C 中的编译时断言是可能的，并且一些预处理器技巧使其使用看起来与 assert().

关键技巧是找到一个可以在编译时评估的构造，并且可以导致某些值出错.一个答案是数组的声明不能有负大小.使用 typedef 可防止成功时分配空间，并保留失败时的错误.

错误消息本身会隐含地引用负大小的声明(GCC 说数组 foo 的大小为负")，因此您应该为数组类型选择一个名称，以暗示此错误确实是断言检查.

要处理的另一个问题是，在任何编译单元中只能typedef 一次特定类型名称.因此，宏必须为每个用法安排一个唯一的类型名称来声明.

我通常的解决方案是要求宏有两个参数.第一个是断言的条件为真，第二个是在幕后声明的类型名称的一部分.底座的答案暗示使用标记粘贴和 __LINE__ 预定义宏来形成唯一的名称，可能不需要额外的参数.

不幸的是，如果断言检查在一个包含文件中，它仍然可能与第二个包含文件中相同行号或主源文件中该行号的检查发生冲突.我们可以通过使用宏 __FILE__ 来掩盖它，但它被定义为字符串常量，并且没有预处理技巧可以将字符串常量转回标识符名称的一部分；更不用说合法的文件名可以包含不属于标识符合法部分的字符.

所以，我建议使用以下代码片段:

/** 编译时断言检查.** 在编译时验证谓词是否为真* 生成代码.这可以在源文件中的任何位置使用* 其中 typedef 是合法的.** 成功后，编译正常进行.** 失败时，尝试 typedef 一个负大小的数组类型.这* 违规行看起来像* typedef assertion_failed_file_h_42[-1]* 其中文件是第二个参数的内容，它应该* 通常以某种明显的方式与包含文件相关* name, 42 是断言所在文件的行号* 出现，-1 是基于* 谓词失败.** param predicate 要测试的谓词.它必须评估为* 可以强制转换为普通 C 布尔值的东西.** param file 一个合法的标识符字符序列* 唯一标识出现此条件的源文件.*/#define CASSERT(predicate, file) _impl_CASSERT_LINE(predicate,__LINE__,file)#define _impl_PASTE(a,b) a##b#define _impl_CASSERT_LINE(谓词，行，文件)	ypedef char _impl_PASTE(assertion_failed_##file##_,line)[2*!!(predicate)-1];

一个典型的用法可能是这样的:

#include "CAssert.h"...结构 foo {.../* 76 字节的成员 */};CASSERT(sizeof(struct foo) == 76, demo_c);

在 GCC 中，断言失败看起来像:

<前>$ gcc -c demo.cdemo.c:32: 错误:数组assertion_failed_demo_c_32"的大小为负$

I'd like to implement an "assert" that prevents compilation, rather than failing at runtime, in the error case.

I currently have one defined like this, which works great, but which increases the size of the binaries.

#define MY_COMPILER_ASSERT(EXPRESSION) switch (0) {case 0: case (EXPRESSION):;}

Sample code (which fails to compile).

#define DEFINE_A 1
#define DEFINE_B 1
MY_COMPILER_ASSERT(DEFINE_A == DEFINE_B);

How can I implement this so that it does not generate any code (in order to minimize the size of the binaries generated)?

解决方案

A compile-time assert in pure standard C is possible, and a little bit of preprocessor trickery makes its usage look just as clean as the runtime usage of assert().

The key trick is to find a construct that can be evaluated at compile time and can cause an error for some values. One answer is the declaration of an array cannot have a negative size. Using a typedef prevents the allocation of space on success, and preserves the error on failure.

The error message itself will cryptically refer to declaration of a negative size (GCC says "size of array foo is negative"), so you should pick a name for the array type that hints that this error really is an assertion check.

A further issue to handle is that it is only possible to typedef a particular type name once in any compilation unit. So, the macro has to arrange for each usage to get a unique type name to declare.

My usual solution has been to require that the macro have two parameters. The first is the condition to assert is true, and the second is part of the type name declared behind the scenes. The answer by plinth hints at using token pasting and the __LINE__ predefined macro to form a unique name possibly without needing an extra argument.

Unfortunately, if the assertion check is in an included file, it can still collide with a check at the same line number in a second included file, or at that line number in the main source file. We could paper over that by using the macro __FILE__, but it is defined to be a string constant and there is no preprocessor trick that can turn a string constant back into part of an identifier name; not to mention that legal file names can contain characters that are not legal parts of an identifier.

So, I would propose the following code fragment:

/** A compile time assertion check.
 *
 *  Validate at compile time that the predicate is true without
 *  generating code. This can be used at any point in a source file
 *  where typedef is legal.
 *
 *  On success, compilation proceeds normally.
 *
 *  On failure, attempts to typedef an array type of negative size. The
 *  offending line will look like
 *      typedef assertion_failed_file_h_42[-1]
 *  where file is the content of the second parameter which should
 *  typically be related in some obvious way to the containing file
 *  name, 42 is the line number in the file on which the assertion
 *  appears, and -1 is the result of a calculation based on the
 *  predicate failing.
 *
 *  param predicate The predicate to test. It must evaluate to
 *  something that can be coerced to a normal C boolean.
 *
 *  param file A sequence of legal identifier characters that should
 *  uniquely identify the source file in which this condition appears.
 */
#define CASSERT(predicate, file) _impl_CASSERT_LINE(predicate,__LINE__,file)

#define _impl_PASTE(a,b) a##b
#define _impl_CASSERT_LINE(predicate, line, file) 
    typedef char _impl_PASTE(assertion_failed_##file##_,line)[2*!!(predicate)-1];

A typical usage might be something like:

#include "CAssert.h"
...
struct foo { 
    ...  /* 76 bytes of members */
};
CASSERT(sizeof(struct foo) == 76, demo_c);

In GCC, an assertion failure would look like:

$ gcc -c demo.c
demo.c:32: error: size of array `assertion_failed_demo_c_32' is negative
$

这篇关于C 编译器断言 - 如何实现?的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！