util: Allow `Assert` (et al.) in contexts without __func__ #33785

pull maflcko wants to merge 4 commits into bitcoin:master from maflcko:2511-assert-func changing 6 files +42 −51
  1. maflcko commented at 9:04 PM on November 4, 2025: member

    Without this, compile warnings could be hit about __func__ being only valid inside functions.

    warning: predefined identifier is only valid inside function [-Wpredefined-identifier-outside-function] note: expanded from macro Assert
  115 | #define Assert(val) inline_assertion_check<true>(val, __FILE__, __LINE__, __func__, #val)
      |                                                                           ^

    Ref #32740 (review)

    This also introduces a slight behaviour change, because std::source_location::function_name usually includes the entire function signature instead of just the name.

  2. DrahtBot added the label Utils/log/libs on Nov 4, 2025
  3. DrahtBot commented at 9:04 PM on November 4, 2025: contributor

    <!--e57a25ab6845829454e8d69fc972939a-->

    The following sections might be updated with supplementary metadata relevant to reviewers and maintainers.

    <!--006a51241073e994b41acfe9ec718e94-->

    Code Coverage & Benchmarks

    For details see: https://corecheck.dev/bitcoin/bitcoin/pulls/33785.

    <!--021abf342d371248e50ceaed478a90ca-->

    Reviews

    See the guideline for information on the review process.

    Type Reviewers
    ACK l0rinc, stickies-v, hodlinator

    If your review is incorrectly listed, please react with 👎 to this comment and the bot will ignore it on the next update.

    <!--174a7506f384e20aa4161008e828411d-->

    Conflicts

    Reviewers, this pull request conflicts with the following ones:

    • #32543 (kernel: Remove dependency on clientversion by TheCharlatan)

    If you consider this pull request important, please also help to review the conflicting pull requests. Ideally, start with the one that should be merged first.

    <!--5faf32d7da4f0f540f40219e4f7537a3-->

  4. maflcko commented at 9:16 PM on November 4, 2025: member

    Can be tested via the following diff:

    diff --git a/src/logging.cpp b/src/logging.cpp
index 2ed6835197..890e461cb9 100644
--- a/src/logging.cpp
+++ b/src/logging.cpp
@@ -20,6 +20,7 @@
 using util::Join;
 using util::RemovePrefixView;
 
+const int g_FOO{Assert(false)};
 const char * const DEFAULT_DEBUGLOGFILE = "debug.log";
 constexpr auto MAX_USER_SETABLE_SEVERITY_LEVEL{BCLog::Level::Info};

    Or with a function name (slight change in behavior):

    diff --git a/src/logging.cpp b/src/logging.cpp
index 2ed6835197..761dbcbf58 100644
--- a/src/logging.cpp
+++ b/src/logging.cpp
@@ -20,6 +20,7 @@
 using util::Join;
 using util::RemovePrefixView;
 
+const int g_FOO{[]() { return Assert(false); }()};
 const char * const DEFAULT_DEBUGLOGFILE = "debug.log";
 constexpr auto MAX_USER_SETABLE_SEVERITY_LEVEL{BCLog::Level::Info};
  5. maflcko force-pushed on Nov 4, 2025
  6. DrahtBot added the label CI failed on Nov 4, 2025
  7. DrahtBot removed the label CI failed on Nov 4, 2025
  8. util: Allow Assert() in contexts without __func__
    Without this, compile warnings could be hit about __func__ being only
valid inside functions.

warning: predefined identifier is only valid inside function [-Wpredefined-identifier-outside-function]
note: expanded from macro Assert
  115 | #define Assert(val) inline_assertion_check<true>(val, __FILE__, __LINE__, __func__, #val)
      |                                                                           ^

Ref https://github.com/bitcoin/bitcoin/pull/32740#discussion_r2486258473
    fa5fbcd615
  9. refactor: Use const reference to std::source_location
    Performance likely does not matter here, but from a perspective of
code-readablilty, a const reference should be preferred for read-only
access.

So use it here.

This requires to set -Wno-error=dangling-reference for GCC 13.1
compilations, but this false-positive is fixed in later GCC versions.

See also https://godbolt.org/z/fjc6be65M
    fae1d99651
  10. maflcko force-pushed on Nov 5, 2025
  11. stickies-v approved
  12. stickies-v commented at 4:13 PM on November 5, 2025: contributor

    ACK fae1d99651e29341e486a10e6340335c71a2144e

    Note that this also introduces behaviour change by including the entire function signature instead of just the name. Might be worth mentioning in OP.

  13. in ci/test/00_setup_env_win64.sh:1 in fae1d99651 outdated
    hodlinator commented at 9:39 AM on November 6, 2025:

    remark: Disabling dangling reference warnings globally is not ideal, but chances that it will not be reverted as the container is upgraded seem slim.

    maflcko commented at 9:48 AM on November 6, 2025:

    Correct, it is not ideal. Though, it is only disabled for two specific tasks and only temporary. Also, the GCC check is mostly or fully redundant anyway with the clang check (which works better due to lifetime annotations), as well as all the runtime sanitizers.

    hodlinator commented at 10:58 AM on November 6, 2025:

    Tested running...

    ₿ env -i HOME="$HOME" PATH="$PATH" USER="$USER" bash -c 'MAKEJOBS="-j$(nproc)" FILE_ENV="./ci/test/00_setup_env_win64.sh" ./ci/test_run_all.sh'

    ...without the modification to the env shell scripts. Got the expected error:

    C++ compiler .......................... GNU 13.0.0, /bin/x86_64-w64-mingw32-g++-posix
...
/ci_container_base/src/test/blockmanager_tests.cpp: In member function ‘void blockmanager_tests::blockmanager_scan_unlink_already_pruned_files::test_method()’:
/ci_container_base/src/test/blockmanager_tests.cpp:63:17: error: possibly dangling reference to a temporary [-Werror=dangling-reference]
   63 |     const auto& chainman = Assert(m_node.chainman);
      |                 ^~~~~~~~
In file included from /ci_container_base/src/streams.h:13,
                 from /ci_container_base/src/dbwrapper.h:11,
                 from /ci_container_base/src/node/blockstorage.h:10,
                 from /ci_container_base/src/test/blockmanager_tests.cpp:8:
/ci_container_base/src/util/check.h:116:49: note: the temporary was destroyed at the end of the full expression ‘inline_assertion_check<true, std::unique_ptr<ChainstateManager>&>(((blockmanager_tests::blockmanager_scan_unlink_already_pruned_files*)this)->blockmanager_tests::blockmanager_scan_unlink_already_pruned_files::<anonymous>.TestChain100Setup::<anonymous>.TestingSetup::<anonymous>.ChainTestingSetup::<anonymous>.BasicTestingSetup::m_node.node::NodeContext::chainman, std::source_location{(& *.Lsrc_loc27)}, std::basic_string_view<char>(((const char*)"m_node.chainman")))’
  116 | #define Assert(val) inline_assertion_check<true>(val, std::source_location::current(), #val)
      |                     ~~~~~~~~~~~~~~~~~~~~~~~~~~~~^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
/ci_container_base/src/test/blockmanager_tests.cpp:63:28: note: in expansion of macro ‘Assert’
   63 |     const auto& chainman = Assert(m_node.chainman);
      |                            ^~~~~~
cc1plus: all warnings being treated as errors
gmake[2]: Leaving directory '/ci_container_base/ci/scratch/build-x86_64-w64-mingw32'
gmake[2]: *** [src/test/CMakeFiles/test_bitcoin.dir/build.make:382: src/test/CMakeFiles/test_bitcoin.dir/blockmanager_tests.cpp.obj] Error 1
gmake[1]: *** [CMakeFiles/Makefile2:1810: src/test/CMakeFiles/test_bitcoin.dir/all] Error 2
gmake[1]: Leaving directory '/ci_container_base/ci/scratch/build-x86_64-w64-mingw32'
gmake: *** [Makefile:146: all] Error 2

    Makes sense as this PR is doing, changing the warning to no longer be an error, but still output it as a reminder, as is already done for -Wno-error=maybe-uninitialized.

    l0rinc commented at 11:37 AM on November 6, 2025:

    I'm also not a fan of globally disabling these, they could hide real problems.

    Doing a git grep -n "const auto&.*Assert(" shows there are only a few of these

    src/index/coinstatsindex.cpp:204:                const auto& tx_undo{Assert(block.undo_data)->vtxundo.at(i - 1)};
src/init.cpp:2006:        const auto& tip{*Assert(chainman.ActiveTip())};
src/node/miner.cpp:304:    const auto& mempool{*Assert(m_mempool)};
src/policy/rbf.cpp:41:    const auto& entry{*Assert(pool.GetEntry(tx.GetHash()))};
src/test/blockmanager_tests.cpp:63:    const auto& chainman = Assert(m_node.chainman);
src/test/fuzz/package_eval.cpp:174:        const auto& entry = *Assert(tx_pool.GetEntry(tx_info.tx->GetHash()));
src/test/miniminer_tests.cpp:182:        const auto& entry{*Assert(pool.GetEntry(tx->GetHash()))};
src/test/miniminer_tests.cpp:450:    const auto& tx3_entry{*Assert(pool.GetEntry(tx3->GetHash()))};
src/test/miniminer_tests.cpp:454:    const auto& tx6_entry{*Assert(pool.GetEntry(tx6->GetHash()))};
src/test/miniminer_tests.cpp:457:    const auto& tx7_entry{*Assert(pool.GetEntry(tx7->GetHash()))};
src/test/util/txmempool.cpp:149:        const auto& entry = *Assert(tx_pool.GetEntry(tx_info.tx->GetHash()));
src/test/util/txmempool.cpp:186:        const auto& entry = *Assert(tx_pool.GetEntry(tx_info.tx->GetHash()));
src/validation.cpp:1756:            const auto& entry{*Assert(m_pool.GetEntry(txid))};
src/validation.cpp:1766:            const auto& entry{*Assert(m_pool.GetEntry(txid))};

    But most of them seem to be harmless pointer dereferences, only the mentioned one seems to have the problematic forwarding reference. I haven't checked, but is there a simpler way to resolve the false positive without the global suppression, maybe by just removing the const?

    auto& chainman = Assert(m_node.chainman);
    maflcko commented at 1:20 PM on November 6, 2025:

    I think a temporary workaround, local to two CI tasks, is fine. I don't think there is value in doing more here. See #33785 (review). Leaving as-is for now.

    stickies-v commented at 5:21 PM on November 6, 2025:

    There are 2 places in validation.cpp where STR_INTERNAL_BUG could be used too, but I suppose you didn't because it (afaik) requires us to abandon the compile time format string checking?

    maflcko commented at 7:18 PM on November 6, 2025:

    There are 2 places in validation.cpp where STR_INTERNAL_BUG could be used too, but I suppose you didn't because it (afaik) requires us to abandon the compile time format string checking?

    I think all format strings should be checked at compile time, even with STR_INTERNAL_BUG. I think STR_INTERNAL_BUG can't be used in the validation places, because STR_INTERNAL_BUG includes raw newlines and those are discouraged from logging. Though, it only happens on internal bugs anyway, so I can also see using STR_INTERNAL_BUG there and just dealing with the raw newlines in the debug log output.

    l0rinc commented at 10:18 AM on November 10, 2025:

    Bumped into this again - if we remove the const from https://godbolt.org/z/fjc6be65M (int& ref{Assert(a)};) that seems to also fix the problem - why is that worse than introducing global suppression?

    maflcko commented at 10:24 AM on November 10, 2025:

    Removing const over a bunch of places, including consensus code, seems like the wrong fix for a short-term temporary workaround for a long-fixed single compiler bug that affects a single version.

    The suppression is not global, all other CI or local runs will still have the warning enabled.

    Also, the temporary workaround can trivially and quickly removed in #33775, which is needed anyway for other reasons.

    l0rinc commented at 10:30 AM on November 10, 2025:

    Removing const over a bunch of places

    k, I had the impression this was the only one 👍

    fanquake commented at 1:23 PM on November 10, 2025:

    Rebased #33775 on this, and dropped the workarounds back out.

    maflcko commented at 2:11 PM on November 10, 2025:

    k, I had the impression this was the only one 👍

    Oh, I think I misunderstood the previous comments. Clearly a test-only workaround to a single file is better than a ci-wide workaround to all files.

    The test code is "wrong" anyway. Using a pointer here makes little sense, when a reference should be used.

  14. hodlinator approved
  15. hodlinator commented at 9:40 AM on November 6, 2025: contributor

    ACK fae1d99651e29341e486a10e6340335c71a2144e

    Tested inserting CHECK_NONFATAL to see how output differed

    Was concerned that std::source_location::current() inside of macros might behave slightly differently than __func__ etc. But only expected differences where observed.

    --- a/src/script/miniscript.cpp
+++ b/src/script/miniscript.cpp
@@ -17,6 +17,7 @@ namespace miniscript {
 namespace internal {
 
 Type SanitizeType(Type e) {
+    CHECK_NONFATAL(false);
     int num_types = (e << "K"_mst) + (e << "V"_mst) + (e << "B"_mst) + (e << "W"_mst);
     if (num_types == 0) return ""_mst; // No valid type, don't care about the rest
     CHECK_NONFATAL(num_types == 1); // K, V, B, W all conflict with each other
    Before
    ₿ build/bin/bitcoin-cli -regtest deriveaddresses "wsh(1)#mrg7xj7p"
error code: -1
error message:
Internal bug detected: false
../src/script/miniscript.cpp:20 (SanitizeType)
...
    After
    ₿ build/bin/bitcoin-cli -regtest deriveaddresses "wsh(1)#mrg7xj7p"
error code: -1
error message:
Internal bug detected: false
../src/script/miniscript.cpp:20 (miniscript::Type miniscript::internal::SanitizeType(miniscript::Type))
...
  16. in src/util/check.h:133 in fae1d99651 
     129 | +#define Assume(val) inline_assertion_check<false>(val, std::source_location::current(), #val)
 130 |  
 131 |  /**
 132 |   * NONFATAL_UNREACHABLE() is a macro that is used to mark unreachable code. It throws a NonFatalCheckError.
 133 |   */
 134 |  #define NONFATAL_UNREACHABLE()                                        \
    l0rinc commented at 11:04 AM on November 6, 2025:

    nit: can we align the formatting - either in column or at the end of each line, but this in-between looks weird

    maflcko commented at 1:21 PM on November 6, 2025:

    thx, ran clang-format while changing the {} initialization.

  17. in src/util/check.h:96 in fae1d99651 
      95 | @@ -95,7 +96,7 @@ constexpr T&& inline_assertion_check(LIFETIMEBOUND T&& val, [[maybe_unused]] con
  96 |  // All macros may use __func__ inside a lambda, so put them under nolint.
    l0rinc commented at 11:12 AM on November 6, 2025:

    is the comment still accurate now that there's no __func__ here anymore? And do we need it in the first place, given that it seems to have been introduced because of it?

    maflcko commented at 1:22 PM on November 6, 2025:

    thx, removed redundant and fixed NOLINT

  18. in src/util/check.h:112 in fae1d99651 outdated 
     109 | @@ -109,10 +110,10 @@ constexpr T&& inline_assertion_check(LIFETIMEBOUND T&& val, [[maybe_unused]] con
 110 |   * caller, which can then report the issue to the developers.
 111 |   */
 112 |  #define CHECK_NONFATAL(condition) \
    l0rinc commented at 11:14 AM on November 6, 2025:

    might be unrelated, but we have remaining __FILE__, __LINE__, __func__ combos in one more file: https://github.com/bitcoin/bitcoin/blob/1a1f46c2285994908df9c11991c1f363c9733087/src/rest.cpp#L91-L94

    Could we migrate that as well to something like:

    StrFormatInternalBug("Node context not found!", 
                    std::source_location::current()));
    maflcko commented at 1:20 PM on November 6, 2025:

    Thx, done for all in a new, unrelated, commit.

  19. in src/util/check.h:137 in fae1d99651 
     134 |  #define NONFATAL_UNREACHABLE()                                        \
 135 |      throw NonFatalCheckError(                                         \
 136 | -        "Unreachable code reached (non-fatal)", __FILE__, __LINE__, __func__)
 137 | +        "Unreachable code reached (non-fatal)", std::source_location::current())
 138 |  
 139 |  // NOLINTEND(bugprone-lambda-function-name)
    l0rinc commented at 11:15 AM on November 6, 2025:

    Same, we don't have a function name here anymore, do we still need the linter suppression?

  20. in src/util/check.cpp:39 in fae1d99651 outdated 
      41 |      if (g_detail_test_only_CheckFailuresAreExceptionsNotAborts) {
  42 | -        throw NonFatalCheckError{assertion, file, line, func};
  43 | +        throw NonFatalCheckError{assertion, loc};
  44 |      }
  45 | -    auto str = strprintf("%s:%s %s: Assertion `%s' failed.\n", file, line, func, assertion);
  46 | +    auto str = strprintf("%s:%s %s: Assertion `%s' failed.\n", loc.file_name(), loc.line(), loc.function_name(), assertion);
    l0rinc commented at 11:20 AM on November 6, 2025:

    nit: we should probably use %d for the line number instead of %s

        auto str = strprintf("%s:%d %s: Assertion `%s' failed.\n", loc.file_name(), loc.line(), loc.function_name(), assertion);
    maflcko commented at 1:20 PM on November 6, 2025:

    My preference is to just use %s for all args, unless there is a reason not to. So I'll leave this as-is for now.

    Now that the libc++ minimum version is 17, which includes std::format, in about 12 months, we can probably bump GCC to 13 as well. Then {} can be used for all args, unless there is a reason not to.

  21. l0rinc changes_requested
  22. l0rinc commented at 11:41 AM on November 6, 2025: contributor

    Concept ACK

    It seems to me we should do a deeper cleanup now that __func__ isn't used, apply it to a few more cases and not use a global suppression but adjust the call-sites instead.

    nit: it seems to me it's not just Assert that's affected (as the PR title claims), but Assume as well.

  23. doc: Remove unused bugprone-lambda-function-name suppression
    Now that the __func__ is no longer used, the
NOLINTBEGIN(bugprone-lambda-function-name) can be removed.

Also, re-format the NONFATAL_UNREACHABLE macro, while touching the
adjacent line.
    fada379589
  24. refactor: Use STR_INTERNAL_BUG macro where possible
    This ensures a uniform bug template and allows to drop includes and
logic at the call sites.
    fad6efd3be
  25. maflcko renamed this:
    util: Allow Assert() in contexts without __func__
    util: Allow `Assert` (et al.) in contexts without __func__
    on Nov 6, 2025
  26. l0rinc approved
  27. l0rinc commented at 3:06 PM on November 6, 2025: contributor

    Code review ACK fad6efd3bef1d123f806d492f019e29530b03a5e

    The only nit I still have is the global suppression, but we can also just tackle that in a follow-up if needed.

  28. DrahtBot requested review from stickies-v on Nov 6, 2025
  29. DrahtBot requested review from hodlinator on Nov 6, 2025
  30. stickies-v approved
  31. stickies-v commented at 5:21 PM on November 6, 2025: contributor

    ACK fad6efd3bef1d123f806d492f019e29530b03a5e

  32. in src/util/check.h:131 in fad6efd3be 
     132 | -    throw NonFatalCheckError(                                         \
 133 | -        "Unreachable code reached (non-fatal)", __FILE__, __LINE__, __func__)
 134 | -
 135 | -// NOLINTEND(bugprone-lambda-function-name)
 136 | +#define NONFATAL_UNREACHABLE() \
 137 | +    throw NonFatalCheckError { "Unreachable code reached (non-fatal)", std::source_location::current() }
    hodlinator commented at 6:59 PM on November 6, 2025:

    nit: This is a case of clang-format failing to understand what is happening inside a macro.

    https://releases.llvm.org/17.0.1/tools/clang/docs/ClangFormatStyleOptions.html#cpp11bracedliststyle

    https://github.com/bitcoin/bitcoin/blob/fada379589a17e86396aa7c2ce458ff2ff602b84/src/.clang-format#L87

    If I in the same commit change this to...

        throw NonFatalCheckError{"Unreachable code reached (non-fatal)", std::source_location::current()}

    ...and also add...

    void Func_NONFATAL_UNREACHABLE()
{
    throw NonFatalCheckError { "Unreachable code reached (non-fatal)", std::source_location::current() };
}

    Then run this afterwards...

    ₿ git diff -U0 HEAD~1.. | ./contrib/devtools/clang-format-diff.py -p1 -i -v

    ...it results in:

     #define NONFATAL_UNREACHABLE() \
-    throw NonFatalCheckError{"Unreachable code reached (non-fatal)", std::source_location::current()}
+    throw NonFatalCheckError { "Unreachable code reached (non-fatal)", std::source_location::current() }

 void Func_NONFATAL_UNREACHABLE()
 {
-    throw NonFatalCheckError { "Unreachable code reached (non-fatal)", std::source_location::current() };
+    throw NonFatalCheckError{"Unreachable code reached (non-fatal)", std::source_location::current()};
 }

    Proving what clang-format is aiming to do when it better understands the context. (I'm running 19.1.7 which seems to have the same behavior as PR author's).

    maflcko commented at 9:37 AM on November 10, 2025:

    Just for ref, one could write this to please clang-format, but not sure if it is worth it:

    #define NONFATAL_UNREACHABLE()                             \
    do {                                                   \
        throw NonFatalCheckError{                          \
            "Unreachable code reached (non-fatal)",        \
            std::source_location::current(),               \
        };                                                 \
    } while (0)
  33. hodlinator approved
  34. hodlinator commented at 7:35 PM on November 6, 2025: contributor

    re-ACK fad6efd3bef1d123f806d492f019e29530b03a5e

    2 added commits since previous review (https://github.com/bitcoin/bitcoin/pull/33785#pullrequestreview-3427192513):

    • Remove no longer needed disabling of linter according to CI. 👍 (Re-touching NONFATAL_UNREACHABLE but no big deal).
    • De-duplicate code by using STR_INTERNAL_BUG().
  35. maflcko commented at 8:45 AM on November 10, 2025: member

    Is this rfm with 3 acks?

  36. fanquake merged this on Nov 10, 2025
  37. fanquake closed this on Nov 10, 2025
  38. maflcko deleted the branch on Nov 10, 2025
  39. TheCharlatan referenced this in commit 94f024ad07 on Nov 11, 2025
  40. fanquake referenced this in commit 1c3d5c8ffd on Nov 11, 2025
  41. danielabrozzoni commented at 4:00 AM on November 14, 2025: member

    post-merge concept ACK, thanks for working on this! :)

Contributors
maflckoDrahtBotstickies-vhodlinatorl0rincfanquakedanielabrozzoni
Labels
Utils/log/libs
Linked (view graph)
#32740 refactor: Header sync optimisations & simplifications#33840 test: [refactor] Use reference over ptr to chainman
github-metadata-mirror

This is a metadata mirror of the GitHub repository bitcoin/bitcoin. This site is not affiliated with GitHub. Content is generated from a GitHub metadata backup.
generated: 2026-04-13 15:12 UTC
This site is hosted by @0xB10C
More mirrored repositories can be found on mirror.b10c.me