@@ -157,84 +157,63 @@ Fatal errors can be conditionally reported in a similar way.
157157IOX_REPORT_FATAL_IF (x<0, Code::OutOfBounds);
158158```
159159
160- ### Require That a Condition Holds
160+ ### Enforce a Condition
161161
162- Similarly we can conditionally check whether a condition does hold and report a fatal error in
162+ Similarly we can conditionally enforce whether a condition does hold and report a fatal error in
163163the case that it does not hold
164164
165165```cpp
166166int x;
167167// ...
168- IOX_REQUIRE (x>=0, "required condition violation message");
168+ IOX_ENFORCE (x>=0, "enforce violation message");
169169```
170170
171171The condition is required to hold and this requirement is always checked.
172172If the condition does not hold, panic is invoked and the execution stops.
173173
174174This should be used for conditions that may not hold on the correct path, e.g. for error cases.
175175It should not be used for assumptions that have to be true in correct code
176- (use ` IOX_ASSUME ` or ` IOX_PRECONDITION ` for this).
176+ (use ` IOX_ASSERT ` for this).
177177
178178Note that no condition can generally be enforced in the sense that it must be true and no checking is required.
179179
180- ## Using the API to Check Contracts and Assumptions
180+ ### Assert a Condition
181181
182- The following checks can be disabled and are intended to increase safety during incorrect
182+ The following check is disabled for release builds and is intended to increase safety during incorrect
183183use, specifically detect incorrect use at runtime.
184184
185- This means they should only be used for checks that are not needed in correct code (i.e. defensive
185+ This means it should only be used for checks that are not needed in correct code (i.e. defensive
186186programming).
187187
188- If these checks are disabled, there is no overhead in the code, i.e. no checking or reporting takes place.
189-
190- ### Checking Preconditions
191-
192- A precondition check
188+ When check is disabled, there is no overhead in the code, i.e. no checking or reporting takes place.
193189
194190``` cpp
195191int f (int x)
196192{
197- IOX_PRECONDITION (x>=0, "precondition violation message");
193+ IOX_ASSERT (x>=0, "precondition violation message");
198194
199- // ...
195+ // some computation
196+ int y = g(x);
197+
198+ IOX_ASSERT(y>=0, "assumption violation message");
199+ // proceed assuming that y>=0 holds
200200}
201201```
202202
203- is used to verify assumptions **BEFORE** any logic in the function body is executed. Technically copy
203+ Is can be used to verify preconditions before any logic in the function body is executed. Technically copy
204204constructors may run before any condition can be checked, and there is also the possibility of
205205reordering if the following code does not depend on the condition at all.
206206This is not a problem since any reordering is not allowed to affect the observable result.
207207Specifically it cannot affect the value of the precondition itself as this would change the
208208observable behaviour.
209209
210+ When used in the middle of a function it serves as documentation of assumptions that should hold at this
211+ point in the code before the next statement and can be used e.g. to check for out-of-bounds accesses. It can
212+ also be used to check postconditions.
213+
210214In case of violation, the violation and a (potentially empty) message are forwarded to the backend,
211215panic is invoked and execution stops.
212216
213- The verification can be optionally disabled, and hence this also documents assumptions of the
214- function itself.
215-
216- ### Checking Assumptions
217-
218- Checking assumptions is similar to checking preconditions, but can happen anywhere in the code.
219-
220- ```cpp
221- int f(int x)
222- {
223- // some computation
224- int y = g(x);
225-
226- IOX_ASSUME(y>=0, "assumption violation message");
227- // proceed assuming that y>=0 holds
228- }
229- ```
230-
231- These serve as documentation of assumptions that should hold at this point in the code before the
232- next statement and can be used e.g. to check for out-of-bounds accesses. It can also be used to
233- check postconditions.
234-
235- It should not be used at the start of a function body and instead replaced with a precondition check
236- in this case.
237-
238217## Marking Unreachable Code
239218
240219It is also possible to explicitly state that code is supposed to be unreachable.
@@ -394,7 +373,7 @@ Alternatively the shorthand version can be used
394373int algorithm(int x)
395374{
396375 // require that the condition holds or raise a fatal error
397- IOX_REQUIRE(! errorCondition(x), SomeError);
376+ IOX_REPORT_FATAL_IF( errorCondition(x), SomeError);
398377 return 42;
399378}
400379```
@@ -425,7 +404,7 @@ These are
4254048 . ` errors.hpp ` : supported error types and related free functions
426405
427406Additionally there is the ` assertions.hpp ` in ` iceoryx_hoofs/reporting ` which contains the ` IOX_PANIC ` ,
428- ` IOX_UNREACHABLE ` , ` IOX_REQUIRE ` , ` IOX_PRECONDITION ` and ` IOX_ASSUME ` macros
407+ ` IOX_UNREACHABLE ` , ` IOX_ASSERT ` and ` IOX_ENFORCE ` macros.
429408
430409All the files focus on singular aspects to allow fine-grained inclusion.
431410All definitions have to reside in ` iox::er ` , which is considered a private (detail) namespace
0 commit comments