Fix bugs and make code tinier

- Fixed bug where stdio eof wasn't being sticky - Fixed bug where fseeko() wasn't clearing eof state - Removed assert() usage from libc favoring _unassert() / _npassert()
2025-07-03 17:58:30 +00:00 · 2022-10-09 22:38:28 -07:00 · 2022-10-09 22:38:28 -07:00 · d5910e2673
commit d5910e2673
parent 9b7c8db846
115 changed files with 510 additions and 290 deletions
--- a/libc/assert.h
+++ b/libc/assert.h
@ -16,23 +16,60 @@ void __assert_fail(const char *, const char *, int) hidden relegated;
 #define static_assert _Static_assert
 #endif

-#define _unassert(x)                 \
-  do {                               \
-    if (__builtin_expect(!(x), 0)) { \
-      unreachable;                   \
-    }                                \
-  } while (0)
-
+#ifdef __GNUC__
 #ifndef TINY
+/**
+ * Specifies expression can't possibly be false.
+ *
+ * This macro uses the `notpossible` keyword and is intended for things
+ * like systems integration, where we know for a fact that something is
+ * never going to happen, but there's no proof. So we don't want to add
+ * extra bloat for filenames and line numbers, since `ShowCrashReports`
+ * can print a backtrace if we just embed the UD2 instruction to crash.
+ * That's useful for systems code, for the following reason. Invariants
+ * make sense with _unassert() since they usually get placed at the top
+ * of functions. But if you used _unassert() to test a system call does
+ * not fail, then check happens at the end of your function usually and
+ * is therefore likely to result in a failure condition where execution
+ * falls through into a different function, which is shocking to debug.
+ *
+ * In `MODE=tiny` these assertions are redefined as undefined behavior.
+ */
 #define _npassert(x)                 \
-  do {                               \
+  ({                                 \
    if (__builtin_expect(!(x), 0)) { \
      notpossible;                   \
    }                                \
-  } while (0)
+    (void)0;                         \
+  })
 #else
 #define _npassert(x) _unassert(x)
 #endif
+#endif
+
+#ifdef __GNUC__
+/**
+ * Specifies expression being false is undefined behavior.
+ *
+ * This is a good way to tell the compiler about your invariants, which
+ * leads to smaller faster programs. The expression is never removed by
+ * the preprocessor so it's recommended that it be free of side-effects
+ * if you intend for it to be removed. At the same time, this guarantee
+ * makes this assertion useful for things like system calls, since they
+ * won't be removed by `NDEBUG` mode.
+ *
+ * If this assertion fails, the worst possible things can happen unless
+ * you've built your binary in `MODE=dbg` since UBSAN is the only thing
+ * that's capable of debugging this macro.
+ */
+#define _unassert(x)                 \
+  ({                                 \
+    if (__builtin_expect(!(x), 0)) { \
+      unreachable;                   \
+    }                                \
+    (void)0;                         \
+  })
+#endif

 COSMOPOLITAN_C_END_
 #endif /* !(__ASSEMBLER__ + __LINKER__ + 0) */