From 48d20fd1cf90179e778c6155900cbed2be140273 Mon Sep 17 00:00:00 2001 From: Faraz Vahedi Date: Sat, 6 Jun 2026 15:08:47 +0330 Subject: [PATCH] libc: Fix assert() sanitiser for C++ contextual bool conversion Replace the `(bool(*)(bool))` probe in `__assert_sanitize()` with an unevaluated conditional expression, so types with `explicit operator bool()` that require a contextually converted constant expression of type `bool` are handled correctly. Ergo, arity check is now performed separately via `__assert_sanitize_arity()`, a unary template whose parameter pack must bind to exactly on argument after `__VA_ARGS__` is substituted into the call. Also align NDEBUG with C23 requirements. Reported by: dim, aokblast Signed-off-by: Faraz Vahedi Reviewed by: aokblast, fuz MFC after: 1 week Fixes: 867b51452ea78ece0b312a387e63fdbc2a11056a Pull Request: https://github.com/freebsd/freebsd-src/pull/2265 --- include/assert.h | 38 +++++++++----------------------------- 1 file changed, 9 insertions(+), 29 deletions(-) diff --git a/include/assert.h b/include/assert.h index d4c9627bf3e..afbf2c1092e 100644 --- a/include/assert.h +++ b/include/assert.h @@ -46,42 +46,22 @@ #undef __assert_unreachable #ifdef NDEBUG -#define assert(e) ((void)0) -#define _assert(e) ((void)0) +#define assert(...) ((void)0) +#define _assert(...) ((void)0) #if __BSD_VISIBLE #define __assert_unreachable() __unreachable() #endif /* __BSD_VISIBLE */ #else #ifdef __cplusplus -#if __cplusplus < 202002L -/* - * C++ modes prior to C++20 cannot simultaneously satisfy all three - * desirable properties of the sanitiser: - * - * Approach No double-eval Lambda support Arity check - * ----------------------------- -------------- -------------- ----------- - * sizeof(cast(expression)) yes no yes - * static_cast(expression) no yes no - * (void)bool(expression) no yes no - * - * NOTE: C++20 introduced lambdas in unevaluated contexts; see P0315R4. - * - * Since no approach satisfies all three below C++20, the least harmful - * choice is to forgo the check entirely rather than silently break one - * of the remaining guarantees. - * - */ -#define __assert_sanitize(...) ((void)0) +#define assert(...) ((void)(bool(__VA_ARGS__) ? ((void)0) : \ + __assert(__func__, __FILE__, __LINE__, \ + #__VA_ARGS__))) #else -#define __assert_sanitize(...) (void)sizeof(((bool(*)(bool))0)(__VA_ARGS__)) -#endif /* __cplusplus < 202002L */ -#else -#define __assert_sanitize(...) (void)sizeof(((_Bool(*)(_Bool))0)(__VA_ARGS__)) -#endif /* __cplusplus */ -#define assert(...) (__assert_sanitize(__VA_ARGS__), \ - (__VA_ARGS__) ? (void)0 : \ - __assert(__func__, __FILE__, \ +#define assert(...) ((void)sizeof(((_Bool(*)(_Bool))0)(__VA_ARGS__)), \ + (__VA_ARGS__) ? (void)0 : \ + __assert(__func__, __FILE__, \ __LINE__, #__VA_ARGS__)) +#endif /* __cplusplus */ #define _assert(...) assert(__VA_ARGS__) #if __BSD_VISIBLE #define __assert_unreachable() assert(0 && "unreachable segment reached")