C++ tricks: compile time assert

Intro. I've been long thinking to start my own blog, at least a couple of years now. A common objection everyone always has is "OK, I feel enthusiastic right now. But can I keep up in the long-term?" The bad news is I still don't know the answer, though I'll do my best to allocate at least some time on it. But luckily this question does not stop me anymore. "If you feel like you'd love to write, right now, don't think, just write!" That's what I said to myself. And here it is: my first blog post! The topic I've chosen to discuss for the very first post is rather simple, yet nevertheless interesting: compile time assertion in C++.

Motivation: evaluate a static expression and make sure certain contract is always met.

static int PACKAGE_SIZE = 1024; void send_bytes(char* data) { // Assert that PACKAGE_SIZE is less than 4Kb so be TCP/IP friendly? } /* Another example */ struct Data { char buffer[64]; }; void write_data(const Data& data) { // Assert that sizeof(data) is exactly 64 bytes? }

First of all, one can add a runtime check of course. Second, it's better to document the restrictions anyway to avoid accidental bugs. But: explicit assert is better than implicit and the sooner the problem is found, the better. If we have a static expression, can't we use some magic to assert that at compilation? So that if for some reason the contract is not met, the compilation would fail and report exactly what happened. Yes, we can.

Solution: among plenty of features, C++11 finally comes along with a static assert and allows to use static_assert function like this:

#include <type_traits> void send_bytes(char* data) { static_assert(PACKAGE_SIZE < 4096, "Package size is too big"); } void write_data(const Data& data) { static_assert(sizeof(data) == 64, "Data must be 64 bytes"); }

And these solutions work just fine, supported by all major compilers. But I'd like to draw attention to the alternatives some of which I used long before C++0x and it's nice to know they exist.

Boost solution: BOOST_STATIC_ASSERT from Boost library solves the problem, though it has a limitation: one can't pass a human readable message to the compiler. And everyone knows compiler errors can be very cryptic.

// Boost example. namespace my_conditions { BOOST_STATIC_ASSERT(std::numeric_limits<int>::digits >= 32); BOOST_STATIC_ASSERT(WCHAR_MIN >= 0); }

When the assertion is false, the programmer would see "Illegal use of STATIC_ASSERTION_FAILURE <false>" error. OK, seems good enough, but what if one does not want a dependency on Boost?

Windows solution: Use C_ASSERT macro from Windows.h. A major drawback is quite obvious, this solution is platform dependent. But the implementation is so simple, let's try to port it and in addition make a couple of improvements.

Google solution. My favourite one. I call this a Google solution, because I learned it when I worked for Google back in 2006, though I'm pretty sure it was used even before that. Here's the code:

// Implementation details of COMPILE_ASSERT: // // - COMPILE_ASSERT works by defining an array type that has -1 // elements (and thus is invalid) when the expression is false. // // - The simpler definition // // #define COMPILE_ASSERT(expr, msg) typedef char msg[(expr) ? 1 : -1] // // does not work, as gcc supports variable-length arrays whose sizes // are determined at run-time (this is gcc's extension and not part // of the C++ standard). As a result, gcc fails to reject the // following code with the simple definition: // // int foo; // COMPILE_ASSERT(foo, msg); // not supposed to compile as foo is // // not a compile-time constant. // // - By using the type CompileAssert<(bool(expr))>, we ensure that // expr is a compile-time constant. (Template arguments must be // determined at compile-time.) // // - The outer parentheses in CompileAssert<(bool(expr))> are necessary // to work around a bug in gcc 3.4.4 and 4.0.1. If we had written // // CompileAssert<bool(expr)> // // instead, these compilers will refuse to compile // // COMPILE_ASSERT(5 > 0, some_message); // // (They seem to think the ">" in "5 > 0" marks the end of the // template argument list.) // // - The array size is (bool(expr) ? 1 : -1), instead of simply // // ((expr) ? 1 : -1). // // This is to avoid running into a bug in MS VC 7.1, which // causes ((0.0) ? 1 : -1) to incorrectly evaluate to 1. template <bool> struct CompileAssert { }; #define COMPILE_ASSERT(expr, msg) \ typedef CompileAssert<(bool(expr))> msg[bool(expr) ? 1 : -1] // and the use of it as follows void write_data(const Data& data) { COMPILE_ASSERT(sizeof(data) == 64, data_should_be_exactly_64_bytes); }

The compiler now triggers a "error: size of array ‘data_should_be_exactly_64_bytes’ is negative". It's still not ideal, but it points to the exact line of the assert, and provides at least some reason. Also note that under the hood the assert is just a typedef, so it's not compiled into assembly instructions and doesn't consume memory.

Real-life usages. Let's repeat that dedicated compiler support (static_assert is not even a macro, but a special directive) is always better and everyone is encouraged to use it now. Here are a few examples when it might be handy:

template <class T> void swap(T& a, T& b) { static_assert(std::is_copy_constructible<t>::value, "Swap requires copying"); static_assert(std::is_nothrow_move_constructible<t>::value && std::is_nothrow_move_assignable<t>::value, "Swap may throw"); auto c = b; b = a; a = c; } template <class T> struct data_structure { static_assert(std::is_default_constructible<t>::value, "Data Structure requires default-constructible elements"); };