Adding ENABLE_HARDENING

Enables "safes" assertions even with ENABLE_ASSERTIONS isn't set
author: Jean-Marc Valin <jmvalin@jmvalin.ca> 2018-03-23 00:40:35 +0300
committer: Jean-Marc Valin <jmvalin@jmvalin.ca> 2018-03-23 00:40:35 +0300
commit: e5d684944995bd695249f4aa5044aee134e30fc2 (patch)
tree: 6cf6ac8c9d8d591b123d9bb75b946da0d9d5e6af
parent: 9b092dd388a98f8ceb8ec703fe2b757e88e96ec0 (diff)
14 files changed, 36 insertions, 22 deletions
diff --git a/celt/arch.h b/celt/arch.h
index d1e6457c..ffca8cf3 100644
--- a/celt/arch.h
+++ b/celt/arch.h
@@ -56,25 +56,40 @@
 
 #define CELT_SIG_SCALE 32768.f
 
-#define celt_fatal(str) _celt_fatal(str, __FILE__, __LINE__);
-#ifdef ENABLE_ASSERTIONS
+#define CELT_FATAL(str) celt_fatal(str, __FILE__, __LINE__);
+
+#if defined(ENABLE_ASSERTIONS) || defined(ENABLE_HARDENING)
+#ifdef __GNUC__
+__attribute__((noreturn))
+#endif
+void celt_fatal(const char *str, const char *file, int line);
+
+#if defined(CELT_C) && !defined(OVERRIDE_celt_fatal)
 #include <stdio.h>
 #include <stdlib.h>
 #ifdef __GNUC__
 __attribute__((noreturn))
 #endif
-static OPUS_INLINE void _celt_fatal(const char *str, const char *file, int line)
+void celt_fatal(const char *str, const char *file, int line)
 {
    fprintf (stderr, "Fatal (internal) error in %s, line %d: %s\n", file, line, str);
    abort();
 }
-#define celt_assert(cond) {if (!(cond)) {celt_fatal("assertion failed: " #cond);}}
-#define celt_assert2(cond, message) {if (!(cond)) {celt_fatal("assertion failed: " #cond "\n" message);}}
+#endif
+
+#define celt_assert(cond) {if (!(cond)) {CELT_FATAL("assertion failed: " #cond);}}
+#define celt_assert2(cond, message) {if (!(cond)) {CELT_FATAL("assertion failed: " #cond "\n" message);}}
 #else
 #define celt_assert(cond)
 #define celt_assert2(cond, message)
 #endif
 
+#if defined(ENABLE_ASSERTIONS)
+#define celt_sig_assert(cond) {if (!(cond)) {CELT_FATAL("signal assertion failed: " #cond);}}
+#else
+#define celt_sig_assert(cond)
+#endif
+
 #define IMUL32(a,b) ((a)*(b))
 
 #define MIN16(a,b) ((a) < (b) ? (a) : (b))   /**< Minimum 16-bit value.   */
diff --git a/celt/arm/celt_neon_intr.c b/celt/arm/celt_neon_intr.c
index cf443988..effda769 100644
--- a/celt/arm/celt_neon_intr.c
+++ b/celt/arm/celt_neon_intr.c
@@ -196,7 +196,7 @@ void celt_pitch_xcorr_float_neon(const opus_val16 *_x, const opus_val16 *_y,
    int i;
    (void)arch;
    celt_assert(max_pitch > 0);
-   celt_assert((((unsigned char *)_x-(unsigned char *)NULL)&3)==0);
+   celt_sig_assert((((unsigned char *)_x-(unsigned char *)NULL)&3)==0);
 
    for (i = 0; i < (max_pitch-3); i += 4) {
       xcorr_kernel_neon_float((const float32_t *)_x, (const float32_t *)_y+i,
diff --git a/celt/bands.c b/celt/bands.c
index 19a5f1af..52228f7d 100644
--- a/celt/bands.c
+++ b/celt/bands.c
@@ -70,10 +70,10 @@ opus_int16 bitexact_cos(opus_int16 x)
    opus_int32 tmp;
    opus_int16 x2;
    tmp = (4096+((opus_int32)(x)*(x)))>>13;
-   celt_assert(tmp<=32767);
+   celt_sig_assert(tmp<=32767);
    x2 = tmp;
    x2 = (32767-x2) + FRAC_MUL16(x2, (-7651 + FRAC_MUL16(x2, (8277 + FRAC_MUL16(-626, x2)))));
-   celt_assert(x2<=32766);
+   celt_sig_assert(x2<=32766);
    return 1+x2;
 }
 
@@ -282,7 +282,7 @@ void anti_collapse(const CELTMode *m, celt_norm *X_, unsigned char *collapse_mas
 
       N0 = m->eBands[i+1]-m->eBands[i];
       /* depth in 1/8 bits */
-      celt_assert(pulses[i]>=0);
+      celt_sig_assert(pulses[i]>=0);
       depth = celt_udiv(1+pulses[i], (m->eBands[i+1]-m->eBands[i]))>>LM;
 
 #ifdef FIXED_POINT
diff --git a/celt/cwrs.c b/celt/cwrs.c
index 9722f0ac..a552e4f0 100644
--- a/celt/cwrs.c
+++ b/celt/cwrs.c
@@ -482,7 +482,7 @@ static opus_val32 cwrsi(int _n,int _k,opus_uint32 _i,int *_y){
       k0=_k;
       q=row[_n];
       if(q>_i){
-        celt_assert(p>q);
+        celt_sig_assert(p>q);
         _k=_n;
         do p=CELT_PVQ_U_ROW[--_k][_n];
         while(p>_i);
diff --git a/celt/entcode.h b/celt/entcode.h
index 13d6c84e..3763e3f2 100644
--- a/celt/entcode.h
+++ b/celt/entcode.h
@@ -122,7 +122,7 @@ opus_uint32 ec_tell_frac(ec_ctx *_this);
 
 /* Tested exhaustively for all n and for 1<=d<=256 */
 static OPUS_INLINE opus_uint32 celt_udiv(opus_uint32 n, opus_uint32 d) {
-   celt_assert(d>0);
+   celt_sig_assert(d>0);
 #ifdef USE_SMALL_DIV_TABLE
    if (d>256)
       return n/d;
@@ -138,7 +138,7 @@ static OPUS_INLINE opus_uint32 celt_udiv(opus_uint32 n, opus_uint32 d) {
 }
 
 static OPUS_INLINE opus_int32 celt_sudiv(opus_int32 n, opus_int32 d) {
-   celt_assert(d>0);
+   celt_sig_assert(d>0);
 #ifdef USE_SMALL_DIV_TABLE
    if (n<0)
       return -(opus_int32)celt_udiv(-n, d);
diff --git a/celt/mathops.c b/celt/mathops.c
index 21a01f52..78b52cc8 100644
--- a/celt/mathops.c
+++ b/celt/mathops.c
@@ -182,7 +182,7 @@ opus_val32 celt_rcp(opus_val32 x)
    int i;
    opus_val16 n;
    opus_val16 r;
-   celt_assert2(x>0, "celt_rcp() only defined for positive values");
+   celt_sig_assert(x>0);
    i = celt_ilog2(x);
    /* n is Q15 with range [0,1). */
    n = VSHR32(x,i-15)-32768;
diff --git a/celt/mathops.h b/celt/mathops.h
index 5324c18a..5e86ff0d 100644
--- a/celt/mathops.h
+++ b/celt/mathops.h
@@ -179,7 +179,7 @@ static OPUS_INLINE float celt_exp2(float x)
 /** Integer log in base2. Undefined for zero and negative numbers */
 static OPUS_INLINE opus_int16 celt_ilog2(opus_int32 x)
 {
-   celt_assert2(x>0, "celt_ilog2() only defined for strictly positive numbers");
+   celt_sig_assert(x>0);
    return EC_ILOG(x)-1;
 }
 #endif
diff --git a/celt/pitch.c b/celt/pitch.c
index 38a9e68d..872582a4 100644
--- a/celt/pitch.c
+++ b/celt/pitch.c
@@ -249,7 +249,7 @@ celt_pitch_xcorr_c(const opus_val16 *_x, const opus_val16 *_y,
    opus_val32 maxcorr=1;
 #endif
    celt_assert(max_pitch>0);
-   celt_assert((((unsigned char *)_x-(unsigned char *)NULL)&3)==0);
+   celt_sig_assert((((unsigned char *)_x-(unsigned char *)NULL)&3)==0);
    for (i=0;i<max_pitch-3;i+=4)
    {
       opus_val32 sum[4]={0,0,0,0};
diff --git a/celt/quant_bands.c b/celt/quant_bands.c
index 56101b1c..39a221ed 100644
--- a/celt/quant_bands.c
+++ b/celt/quant_bands.c
@@ -457,7 +457,7 @@ void unquant_coarse_energy(const CELTMode *m, int start, int end, opus_val16 *ol
          /* It would be better to express this invariant as a
             test on C at function entry, but that isn't enough
             to make the static analyzer happy. */
-         celt_assert(c<2);
+         celt_sig_assert(c<2);
          tell = ec_tell(dec);
          if(budget-tell>=15)
          {
diff --git a/celt/tests/test_unit_entropy.c b/celt/tests/test_unit_entropy.c
index ff926586..7f674529 100644
--- a/celt/tests/test_unit_entropy.c
+++ b/celt/tests/test_unit_entropy.c
@@ -34,6 +34,7 @@
 #include <stdio.h>
 #include <math.h>
 #include <time.h>
+#define CELT_C
 #include "entcode.h"
 #include "entenc.h"
 #include "entdec.h"
diff --git a/celt/tests/test_unit_laplace.c b/celt/tests/test_unit_laplace.c
index 22951e29..727bf012 100644
--- a/celt/tests/test_unit_laplace.c
+++ b/celt/tests/test_unit_laplace.c
@@ -31,8 +31,8 @@
 
 #include <stdio.h>
 #include <stdlib.h>
-#include "laplace.h"
 #define CELT_C
+#include "laplace.h"
 #include "stack_alloc.h"
 
 #include "entenc.c"
diff --git a/celt/tests/test_unit_rotation.c b/celt/tests/test_unit_rotation.c
index 267b9830..8a31b3f2 100644
--- a/celt/tests/test_unit_rotation.c
+++ b/celt/tests/test_unit_rotation.c
@@ -33,8 +33,6 @@
 #define CUSTOM_MODES
 #endif
 
-#define CELT_C
-
 #include <stdio.h>
 #include <stdlib.h>
 #include "vq.h"
diff --git a/celt/vq.c b/celt/vq.c
index 8ef80e50..a6b5552d 100644
--- a/celt/vq.c
+++ b/celt/vq.c
@@ -230,12 +230,12 @@ opus_val16 op_pvq_search_c(celt_norm *X, int *iy, int K, int N, int arch)
          pulsesLeft -= iy[j];
       }  while (++j<N);
    }
-   celt_assert2(pulsesLeft>=0, "Allocated too many pulses in the quick pass");
+   celt_sig_assert(pulsesLeft>=0);
 
    /* This should never happen, but just in case it does (e.g. on silence)
       we fill the first bin with pulses. */
 #ifdef FIXED_POINT_DEBUG
-   celt_assert2(pulsesLeft<=N+3, "Not enough pulses in the quick pass");
+   celt_sig_assert(pulsesLeft<=N+3);
 #endif
    if (pulsesLeft > N+3)
    {
diff --git a/celt/x86/vq_sse2.c b/celt/x86/vq_sse2.c
index 6a317703..77504286 100644
--- a/celt/x86/vq_sse2.c
+++ b/celt/x86/vq_sse2.c
@@ -135,7 +135,7 @@ opus_val16 op_pvq_search_sse2(celt_norm *_X, int *iy, int K, int N, int arch)
    }
    X[N] = X[N+1] = X[N+2] = -100;
    y[N] = y[N+1] = y[N+2] = 100;
-   celt_assert2(pulsesLeft>=0, "Allocated too many pulses in the quick pass");
+   celt_sig_assert(pulsesLeft>=0);
 
    /* This should never happen, but just in case it does (e.g. on silence)
       we fill the first bin with pulses. */
author	Jean-Marc Valin <jmvalin@jmvalin.ca>	2018-03-23 00:40:35 +0300
committer	Jean-Marc Valin <jmvalin@jmvalin.ca>	2018-03-23 00:40:35 +0300
commit	e5d684944995bd695249f4aa5044aee134e30fc2 (patch)
tree	6cf6ac8c9d8d591b123d9bb75b946da0d9d5e6af
parent	9b092dd388a98f8ceb8ec703fe2b757e88e96ec0 (diff)