Introduce GIT_ASSERT macros

Provide macros to replace usages of `assert`.  A true `assert` is
punishing as a library.  Instead we should do our best to not crash.

GIT_ASSERT_ARG(x) will now assert that the given argument complies to
some format and sets an error message and returns `-1` if it does not.

GIT_ASSERT(x) is for internal usage, and available as an internal
consistency check.  It will set an error message and return `-1` in the
event of failure.

1 files changed, 27 insertions, 0 deletions

diff --git a/src/common.h b/src/common.h
index a4152caf2..959dd5772 100644
--- a/src/common.h
+++ b/src/common.h
@@ -95,6 +95,33 @@
 #define NETIO_BUFSIZE DEFAULT_BUFSIZE
 
 /**
+ * Assert that a consumer-provided argument is valid, setting an
+ * actionable error message and returning -1 if it is not.
+ *
+ * Note that memory leaks can occur in a release-mode assertion
+ * failure -- it is impractical to provide safe clean up routines in these very
+ * extreme failures, but care should be taken to not leak very large objects.
+ */
+#define GIT_ASSERT_ARG(expr) do { \
+		if (!(expr)) { \
+			git_error_set(GIT_ERROR_INVALID, \
+				"invalid argument: '%s'", \
+				#expr); \
+			return -1; \
+		} \
+	} while(0)
+
+/** Internal consistency check to stop the function. */
+#define GIT_ASSERT(expr) do { \
+		if (!(expr)) { \
+			git_error_set(GIT_ERROR_INTERNAL, \
+				"unrecoverable internal error: '%s'", \
+				#expr); \
+			return -1; \
+		} \
+	} while(0)
+
+/**
  * Check a pointer allocation result, returning -1 if it failed.
  */
 #define GIT_ERROR_CHECK_ALLOC(ptr) if (ptr == NULL) { return -1; }