[libpng16] Renamed "assert" to "affirm", not affected by NDEBUG.

ANNOUNCE

@@ -1,5 +1,5 @@
 
-Libpng 1.7.0beta58 - March 21, 2015
+Libpng 1.7.0beta58 - March 22, 2015
 
 This is not intended to be a public release.  It will be replaced
 within a few weeks by a public version or by another test version.
@@ -757,9 +757,8 @@ Version 1.7.0beta57 [March 16, 2015]
     in libpng-1.6.17beta01 (John Bowler).
   Revert change to png_default_read_data() made in libpng-1.7.0beta55.
 
-Version 1.7.0beta58 [March 21, 2015]
-  Implemented assert support and usage.
-  Made assert (and impossible) removeable by defining NDEBUG.
+Version 1.7.0beta58 [March 22, 2015]
+  Implemented affirm() support and usage.
   Remove pnglibconf.dfn and pnglibconf.pre with "make clean".
 
 Send comments/corrections/commendations to png-mng-implement at lists.sf.net

CHANGES

@@ -5047,9 +5047,8 @@ Version 1.7.0beta57 [March 16, 2015]
     in libpng-1.6.17beta01 (John Bowler).
   Revert change to png_default_read_data() made in libpng-1.7.0beta55.
 
-Version 1.7.0beta58 [March 21, 2015]
-  Implemented assert support and usage.
-  Made assert (and impossible) removeable by defining NDEBUG.
+Version 1.7.0beta58 [March 22, 2015]
+  Implemented affirm() support and usage.
   Remove pnglibconf.dfn and pnglibconf.pre with "make clean".
 
 Send comments/corrections/commendations to png-mng-implement at lists.sf.net

png.c

@@ -689,13 +689,13 @@ png_get_copyright(png_const_structrp png_ptr)
 #else
 #  ifdef __STDC__
    return PNG_STRING_NEWLINE \
-     "libpng version 1.7.0beta58 - March 20, 2015" PNG_STRING_NEWLINE \
+     "libpng version 1.7.0beta58 - March 22, 2015" PNG_STRING_NEWLINE \
      "Copyright (c) 1998-2015 Glenn Randers-Pehrson" PNG_STRING_NEWLINE \
      "Copyright (c) 1996-1997 Andreas Dilger" PNG_STRING_NEWLINE \
      "Copyright (c) 1995-1996 Guy Eric Schalnat, Group 42, Inc." \
      PNG_STRING_NEWLINE;
 #  else
-      return "libpng version 1.7.0beta58 - March 20, 2015\
+      return "libpng version 1.7.0beta58 - March 22, 2015\
       Copyright (c) 1998-2015 Glenn Randers-Pehrson\
       Copyright (c) 1996-1997 Andreas Dilger\
       Copyright (c) 1995-1996 Guy Eric Schalnat, Group 42, Inc.";

pngerror.c

@@ -649,7 +649,7 @@ png_set_longjmp_fn(png_structrp png_ptr, png_longjmp_ptr longjmp_fn,
             /* This is an internal error in libpng: somehow we have been left
              * with a stack allocated jmp_buf when the application regained
              * control.  It's always possible to fix this up, but for the moment
-             * this is an assert because that makes it easy to detect.
+             * this is an affirm because that makes it easy to detect.
              */
             impossible("Libpng jmp_buf still allocated");
             /* png_ptr->jmp_buf_ptr = &png_ptr->jmp_buf_local; */
@@ -980,23 +980,23 @@ png_safe_execute(png_imagep image_in, int (*function)(png_voidp), png_voidp arg)
  * The code always produces a message if it is possible, regardless of the
  * setting of PNG_ERROR_TEXT_SUPPORTED, except that in stable builds
  * PNG_ERROR_TEXT_SUPPORTED is honoured.  See pngpriv.h for the calculation of
- * the two control macros PNG_ASSERT_ERROR (don't abort; stable build or rc) and
- * PNG_ASSERT_TEXT (output text.)
+ * the two control macros PNG_AFFIRM_ERROR (don't abort; stable build or rc) and
+ * PNG_AFFIRM_TEXT (output text.)
  */
-#if PNG_ASSERT_TEXT
+#if PNG_AFFIRM_TEXT
 #  ifdef PNG_HAVE_FORMAT_NUMBER
 static size_t
-png_assert_number(png_charp buffer, size_t bufsize, size_t pos,
+png_affirm_number(png_charp buffer, size_t bufsize, size_t pos,
    unsigned int number, int format)
 {
    char numbuf[PNG_NUMBER_BUFFER_SIZE];
    return png_safecat(buffer, bufsize, pos,
       png_format_number(numbuf, numbuf + sizeof numbuf, format, number));
 }
-#  define assert_number(a,b,c,d,e) png_assert_number(a,b,c,d,e)
+#  define affirm_number(a,b,c,d,e) png_affirm_number(a,b,c,d,e)
 #  else /* !HAVE_FORMAT_NUMBER */
 static size_t
-png_assert_number(png_charp buffer, size_t bufsize, size_t pos,
+png_affirm_number(png_charp buffer, size_t bufsize, size_t pos,
    unsigned int number)
 {
    /* binhex it; highly non-portable, assumes the ASCII character set, but
@@ -1026,29 +1026,29 @@ png_assert_number(png_charp buffer, size_t bufsize, size_t pos,
 
    return png_safecat(buffer, bufsize, pos, numbuf+i);
 }
-#  define assert_number(a,b,c,d,e) png_assert_number(a,b,c,d)
+#  define affirm_number(a,b,c,d,e) png_affirm_number(a,b,c,d)
 #endif /* !HAVE_FORMAT_NUMBER */
-#endif /* ASSERT_TEXT */
+#endif /* AFFIRM_TEXT */
 
-#if PNG_ASSERT_ERROR
-PNG_FUNCTION(void, png_assert,(png_const_structrp png_ptr,
+#if PNG_AFFIRM_ERROR
+PNG_FUNCTION(void, png_affirm,(png_const_structrp png_ptr,
         unsigned int position), PNG_NORETURN)
 #else
-PNG_FUNCTION(void, png_assert,(png_const_structrp png_ptr,
+PNG_FUNCTION(void, png_affirm,(png_const_structrp png_ptr,
         png_const_charp condition, unsigned int position), PNG_NORETURN)
 #endif
 {
-#  if PNG_ASSERT_TEXT
+#  if PNG_AFFIRM_TEXT
       /* Format the 'position' number and output:
        *
        *  " libpng version <version> - <date>\n"
        *  "  translated __DATE__ __TIME__\n"
-       *  "  <file>, <line>: assert 'condition' failed"
+       *  "  <file>, <line>: affirm 'condition' failed"
        *
        * In the STABLE versions the output is the same for the first two lines
        * but the last line becomes:
        *
-       *  "  <position>: assert failed"
+       *  "  <position>: affirm failed"
        *
        * If there is no number formatting the numbers just get replaced by
        * some binhex (see the utility above).
@@ -1059,10 +1059,10 @@ PNG_FUNCTION(void, png_assert,(png_const_structrp png_ptr,
       pos = png_safecat(buffer, sizeof buffer, 0, PNG_HEADER_VERSION_STRING);
       pos = png_safecat(buffer, sizeof buffer, pos,
          "  translated " __DATE__ " " __TIME__ "\n  ");
-#     if PNG_ASSERT_ERROR /* no 'condition' parameter: minimal text */
-         pos = assert_number(buffer, sizeof buffer, pos, position,
+#     if PNG_AFFIRM_ERROR /* no 'condition' parameter: minimal text */
+         pos = affirm_number(buffer, sizeof buffer, pos, position,
             PNG_NUMBER_FORMAT_x);
-         pos = png_safecat(buffer, sizeof buffer, pos, ": assert failed");
+         pos = png_safecat(buffer, sizeof buffer, pos, ": affirm failed");
 #     else /* !STABLE */
          /* Break down 'position' into a file name and a line number: */
          {
@@ -1096,34 +1096,34 @@ PNG_FUNCTION(void, png_assert,(png_const_structrp png_ptr,
 
              pos = png_safecat(buffer, sizeof buffer, pos, filename);
              pos = png_safecat(buffer, sizeof buffer, pos, ".c, ");
-             pos = assert_number(buffer, sizeof buffer, pos, position,
+             pos = affirm_number(buffer, sizeof buffer, pos, position,
                 PNG_NUMBER_FORMAT_u);
          }
 
-         pos = png_safecat(buffer, sizeof buffer, pos, ": assert '");
+         pos = png_safecat(buffer, sizeof buffer, pos, ": affirm '");
          pos = png_safecat(buffer, sizeof buffer, pos, condition);
          pos = png_safecat(buffer, sizeof buffer, pos, "' failed");
 #     endif /* !STABLE */
-#  else /* !ASSERT_TEXT */
+#  else /* !AFFIRM_TEXT */
       PNG_UNUSED(position)
-#     if !PNG_ASSERT_ERROR
+#     if !PNG_AFFIRM_ERROR
          PNG_UNUSED(condition)
 #     endif
-#  endif /* HAVE_ASSERT_TEXT */
+#  endif /* AFFIRM_TEXT */
 
    /* Now in STABLE do a png_error, but in other builds output the message
     * (if possible) then abort (PNG_ABORT).
     */
-#  if PNG_ASSERT_ERROR
+#  if PNG_AFFIRM_ERROR
       png_error(png_ptr, buffer/*only if ERROR_TEXT*/);
-#  else /* !ASSERT_ERROR */
+#  else /* !AFFIRM_ERROR */
       /* Use the app warning message mechanism is possible, this is an inline
        * expansion of png_warning without the extra formatting of the message
        * that png_default_warning does and with the case !WARNINGS && CONSOLE_IO
        * implemented.
        *
        * Note that it is possible that neither WARNINGS nor CONSOLE_IO are
-       * supported; in that case no text will be output (and PNG_ASSERT_TEXT
+       * supported; in that case no text will be output (and PNG_AFFIRM_TEXT
        * will be false.)
        */
 #     ifdef PNG_WARNINGS_SUPPORTED
@@ -1140,7 +1140,7 @@ PNG_FUNCTION(void, png_assert,(png_const_structrp png_ptr,
 #     endif
 
       PNG_ABORT
-#  endif /* ASSERT_ERROR */
+#  endif /* AFFIRM_ERROR */
 }
 
 #endif /* READ || WRITE */

pngmem.c

@@ -120,7 +120,7 @@ PNG_FUNCTION(png_voidp /* PRIVATE */,
 png_malloc_array,(png_const_structrp png_ptr, int nelements,
    size_t element_size),PNG_ALLOCATED)
 {
-   assert(nelements > 0 && element_size > 0);
+   affirm(nelements > 0 && element_size > 0);
    return png_malloc_array_checked(png_ptr, nelements, element_size);
 }
 
@@ -129,7 +129,7 @@ png_realloc_array,(png_structrp png_ptr, png_const_voidp old_array,
    int old_elements, int add_elements, size_t element_size),PNG_ALLOCATED)
 {
    /* These are internal errors: */
-   assert(add_elements > 0 && element_size > 0 && old_elements >= 0 &&
+   affirm(add_elements > 0 && element_size > 0 && old_elements >= 0 &&
       (old_array != NULL || old_elements == 0));
 
    /* Check for overflow on the elements count (so the caller does not have to

pngpread.c

@@ -712,7 +712,7 @@ png_process_IDAT_data(png_structrp png_ptr, png_bytep buffer,
    png_size_t buffer_length)
 {
    /* The caller checks for a non-zero buffer length. */
-   assert(buffer_length > 0 && buffer != NULL);
+   affirm(buffer_length > 0 && buffer != NULL);
 
    /* This routine must process all the data it has been given
     * before returning, calling the row callback as required to

pngpriv.h

@@ -332,66 +332,64 @@
 #  define PNG_DLL_EXPORT
 #endif
 
-#ifndef NDEBUG
-/* The assert mechanism results in a minimal png_error in released versions
+/* The affirm mechanism results in a minimal png_error in released versions
  * ('STABLE' versions) and a more descriptive abort in all other cases.
  * The macros rely on the naming convention throughout this code - png_ptr
  * exists and is of type png_const_structrp or a compatible type - and the
  * presence in each file of a uniquely defined macro PNG_SRC_FILE; a number
  * indicating which file this is (this is to save space in released versions).
  *
- * 'assert' is intended to look like the ANSI-C <assert.h> macro; note that this
- * is legal ANSI-C code because ANSI-C only reserves 'assert' if <assert.h> is
- * included.  Doing it this way allows <assert.h> to be used if the ANSI-C
- * behavior is preferred in the future.
+ * 'affirm' is intended to look like the ANSI-C <assert.h> macro; note that
+ * this macro can coexist with the assert macro if <assert.h> is
+ * included.
  *
- * PNG_SRC_LINE is the position of the assert macro.  There are currently 15
+ * PNG_SRC_LINE is the position of the affirm macro.  There are currently 15
  * main source files (4 bits) and the biggest (pngrtran.c) has more than 4095
  * lines (12 bits), but to ensure the number will fit into 16-bits in the
- * future and to allow hardware files to use assert the encoding is a bit-wise
+ * future and to allow hardware files to use affirm the encoding is a bit-wise
  * encoding based on the current number of lines.
  *
  * The following works out the value for two numeric #defines:
  *
- *   PNG_ASSERT_ERROR: Set to 1 if asserts should png_error (or png_err) rather
+ *   PNG_AFFIRM_ERROR: Set to 1 if affirm should png_error (or png_err) rather
  *                     than abort.  The png_error text is the minimal (file
  *                     location) text in this case, if it is produced.  This
  *                     flag indicates a STABLE (or RC) build.
- *   PNG_ASSERT_TEXT:  Set to 1 if assert text should be produced, either the
- *                     minimal text or, if PNG_ASSERT_ERROR is 0, the more
+ *   PNG_AFFIRM_TEXT:  Set to 1 if affirm text should be produced, either the
+ *                     minimal text or, if PNG_AFFIRM_ERROR is 0, the more
  *                     verbose text including the 'condition' string.  This
  *                     value depends on whether the build supports an
  *                     appropriate way of outputing the message.
  *
- * Note that these are not configurable: this is just the assert code, there's
+ * Note that these are not configurable: this is just the affirm code, there's
  * no reason to allow configuration of these options.
  */
-#define PNG_ASSERT_ERROR (PNG_LIBPNG_BUILD_BASE_TYPE >= PNG_LIBPNG_BUILD_RC)
-#define PNG_ASSERT_TEXT (PNG_ASSERT_ERROR ?\
+#define PNG_AFFIRM_ERROR (PNG_LIBPNG_BUILD_BASE_TYPE >= PNG_LIBPNG_BUILD_RC)
+#define PNG_AFFIRM_TEXT (PNG_AFFIRM_ERROR ?\
          (defined PNG_ERROR_TEXT_SUPPORTED) :\
          (defined PNG_WARNINGS_SUPPORTED) || (defined PNG_CONSOLE_IO_SUPPORTED))
 
 #define PNG_SRC_LINE (PNG_SRC_FILE + __LINE__)
 
-/* png_assertpp and png_impossiblepp are macros to make the correct call to the
- * png_assert function; these macros do not assume that the png_structp is
+/* png_affirmpp and png_impossiblepp are macros to make the correct call to the
+ * png_affirm function; these macros do not assume that the png_structp is
  * called png_ptr.
  */
-#if PNG_ASSERT_ERROR
-#  define png_assertpp(pp, cond)\
+#if PNG_AFFIRM_ERROR
+#  define png_affirmpp(pp, cond)\
       do\
-         if (!(cond)) png_assert(pp, PNG_SRC_LINE);\
+         if (!(cond)) png_affirm(pp, PNG_SRC_LINE);\
       while (0)
-#  define png_impossiblepp(pp, reason) png_assert(pp, PNG_SRC_LINE)
+#  define png_impossiblepp(pp, reason) png_affirm(pp, PNG_SRC_LINE)
 #else
-#  define png_assertpp(pp, cond)\
+#  define png_affirmpp(pp, cond)\
       do\
-         if (!(cond)) png_assert(pp, #cond, PNG_SRC_LINE);\
+         if (!(cond)) png_affirm(pp, #cond, PNG_SRC_LINE);\
       while (0)
-#  define png_impossiblepp(pp, reason) png_assert(pp, reason, PNG_SRC_LINE)
+#  define png_impossiblepp(pp, reason) png_affirm(pp, reason, PNG_SRC_LINE)
 #endif
 
-#define assert(cond) png_assertpp(png_ptr, cond)
+#define affirm(cond) png_affirmpp(png_ptr, cond)
 #define impossible(cond) png_impossiblepp(png_ptr, cond)
 
 /* The defines for PNG_SRC_FILE: */
@@ -442,28 +440,6 @@
    PNG_apply(arm_arm_init)\
    PNG_apply(arm_filter_neon_intrinsics)\
    PNG_end
-#else
-# define assert(cond)
-# define impossible(cond)
-# define png_impossiblepp(pp, cond)
-# define PNG_SRC_FILE_png
-# define PNG_SRC_FILE_pngerror
-# define PNG_SRC_FILE_pngget
-# define PNG_SRC_FILE_pngmem
-# define PNG_SRC_FILE_pngpread
-# define PNG_SRC_FILE_pngread
-# define PNG_SRC_FILE_pngrio
-# define PNG_SRC_FILE_pngrtran
-# define PNG_SRC_FILE_pngrutil
-# define PNG_SRC_FILE_pngset
-# define PNG_SRC_FILE_pngtrans
-# define PNG_SRC_FILE_pngwio
-# define PNG_SRC_FILE_pngwrite
-# define PNG_SRC_FILE_pngwtran
-# define PNG_SRC_FILE_pngwutil
-# define PNG_SRC_FILE_arm_arm_init
-# define PNG_SRC_FILE_arm_filter_neon_intrinsics
-#endif /* NDEBUG */
 
 /* SECURITY and SAFETY:
  *
@@ -850,11 +826,11 @@ extern "C" {
  * All of these functions must be declared with PNG_INTERNAL_FUNCTION.
  */
 /* Assert handling */
-#if PNG_ASSERT_ERROR
-PNG_INTERNAL_FUNCTION(void, png_assert,(png_const_structrp png_ptr,
+#if PNG_AFFIRM_ERROR
+PNG_INTERNAL_FUNCTION(void, png_affirm,(png_const_structrp png_ptr,
       unsigned int position), PNG_NORETURN);
 #else
-PNG_INTERNAL_FUNCTION(void, png_assert,(png_const_structrp png_ptr,
+PNG_INTERNAL_FUNCTION(void, png_affirm,(png_const_structrp png_ptr,
       png_const_charp condition, unsigned int position), PNG_NORETURN);
 #endif
 

pngread.c

@@ -2862,7 +2862,7 @@ png_image_read_colormap(png_voidp argument)
          break;
    }
 
-   assert(cmap_entries <= 256 && cmap_entries <= image->colormap_entries);
+   affirm(cmap_entries <= 256 && cmap_entries <= image->colormap_entries);
 
    image->colormap_entries = cmap_entries;
 
@@ -3958,7 +3958,7 @@ png_image_read_direct(png_voidp argument)
       }
 
       else
-         assert(do_local_compose == 0 /* else alpha channel lost */);
+         affirm(do_local_compose == 0 /* else alpha channel lost */);
 
       if (info_ptr->bit_depth == 16)
          info_format |= PNG_FORMAT_FLAG_LINEAR;
@@ -3987,7 +3987,7 @@ png_image_read_direct(png_voidp argument)
 #     endif
 
       /* This is actually an internal error. */
-      assert(info_format == format /* else unimplemented transformations */);
+      affirm(info_format == format /* else unimplemented transformations */);
    }
 
    /* Now read the rows.  If do_local_compose is set then it is necessary to use

pngrtran.c

@@ -1272,7 +1272,7 @@ png_init_background_transformations(png_structrp png_ptr)
        * than the libpng required depth scale the values back to the 8-bit
        * range, the test below verifies that this is correct.
        */
-      assert(bit_depth <= required_bit_depth ||
+      affirm(bit_depth <= required_bit_depth ||
               (bit_depth == 16 && required_bit_depth == 8));
 
       if ((color_type & PNG_COLOR_MASK_COLOR) != 0)
@@ -2195,7 +2195,7 @@ png_do_unshift(png_row_infop row_info, png_bytep row,
 
          case 2:
          /* Must be 2bpp gray */
-         /* assert(channels == 1 && shift[0] == 1) */
+         /* affirm(channels == 1 && shift[0] == 1) */
          {
             png_bytep bp = row;
             png_bytep bp_end = bp + row_info->rowbytes;
@@ -2210,7 +2210,7 @@ png_do_unshift(png_row_infop row_info, png_bytep row,
 
          case 4:
          /* Must be 4bpp gray */
-         /* assert(channels == 1) */
+         /* affirm(channels == 1) */
          {
             png_bytep bp = row;
             png_bytep bp_end = bp + row_info->rowbytes;

pngwutil.c

@@ -663,7 +663,7 @@ png_write_compressed_data_out(png_structrp png_ptr, compression_state *comp)
    }
 
    /* This is an internal error; 'next' must have been NULL! */
-   assert(output_len == 0);
+   affirm(output_len == 0);
 }
 #endif /* WRITE_COMPRESSED_TEXT */
 
@@ -1204,7 +1204,7 @@ png_write_iCCP(png_structrp png_ptr, png_const_charp name,
    /* These are all internal problems: the profile should have been checked
     * before when it was stored.
     */
-   assert(profile != NULL);
+   affirm(profile != NULL);
 
    profile_len = png_get_uint_32(profile);