///////////////////////////////////////////////////////////////////////////////
//
// Copyright (c) 2015 Microsoft Corporation. All rights reserved.
//
// This code is licensed under the MIT License (MIT).
//
// THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
// IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
// FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
// AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
// LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
// OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
// THE SOFTWARE.
//
///////////////////////////////////////////////////////////////////////////////

#ifndef GSL_CONTRACTS_H
#define GSL_CONTRACTS_H

#include <exception>
#include <stdexcept> // for logic_error

//
// There are three configuration options for this GSL implementation's behavior
// when pre/post conditions on the GSL types are violated:
//
// 1. GSL_TERMINATE_ON_CONTRACT_VIOLATION: std::terminate will be called (default)
// 2. GSL_THROW_ON_CONTRACT_VIOLATION: a gsl::fail_fast exception will be thrown
// 3. GSL_UNENFORCED_ON_CONTRACT_VIOLATION: nothing happens
//
#if !(defined(GSL_THROW_ON_CONTRACT_VIOLATION) || defined(GSL_TERMINATE_ON_CONTRACT_VIOLATION) ||  \
      defined(GSL_UNENFORCED_ON_CONTRACT_VIOLATION))
#define GSL_TERMINATE_ON_CONTRACT_VIOLATION
#endif

#define GSL_STRINGIFY_DETAIL(x) #x
#define GSL_STRINGIFY(x) GSL_STRINGIFY_DETAIL(x)

#if defined(__clang__) || defined(__GNUC__)
#define GSL_LIKELY(x) __builtin_expect(!!(x), 1)
#define GSL_UNLIKELY(x) __builtin_expect(!!(x), 0)
#else
#define GSL_LIKELY(x) (!!(x))
#define GSL_UNLIKELY(x) (!!(x))
#endif

//
// GSL_ASSUME(cond)
//
// Tell the optimizer that the predicate cond must hold. It is unspecified
// whether or not cond is actually evaluated.
//
#ifdef _MSC_VER
#define GSL_ASSUME(cond) __assume(cond)
#elif defined(__GNUC__)
#define GSL_ASSUME(cond) ((cond) ? static_cast<void>(0) : __builtin_unreachable())
#else
#define GSL_ASSUME(cond) static_cast<void>((cond) ? 0 : 0)
#endif

//
// GSL.assert: assertions
//

namespace gsl
{
struct fail_fast : public std::logic_error
{
    explicit fail_fast(char const* const message) : std::logic_error(message) {}
};
}

#if defined(GSL_THROW_ON_CONTRACT_VIOLATION)

#define GSL_CONTRACT_CHECK(type, cond)                                                             \
    (GSL_LIKELY(cond) ? static_cast<void>(0)                                                       \
                      : throw gsl::fail_fast("GSL: " type " failure at " __FILE__                  \
                                             ": " GSL_STRINGIFY(__LINE__)))

#elif defined(GSL_TERMINATE_ON_CONTRACT_VIOLATION)

#define GSL_CONTRACT_CHECK(type, cond) (GSL_LIKELY(cond) ? static_cast<void>(0) : std::terminate())

#elif defined(GSL_UNENFORCED_ON_CONTRACT_VIOLATION)

#define GSL_CONTRACT_CHECK(type, cond) GSL_ASSUME(cond)

#endif

#define Expects(cond) GSL_CONTRACT_CHECK("Precondition", cond)

#if defined(GSL_UNENFORCED_ON_CONTRACT_VIOLATION)

#define Ensures(cond)         static_cast<void>(0)
#define AlwaysEnsures(cond)   static_cast<void>(0)

#else // GSL_UNENFORCED_ON_CONTRACT_VIOLATION

// Ensures uses an object that checks the condition on destruction
// Setting `always` to true means we want the ensurer to trigger even when
// exiting via exception (this will call std::terminate).
template<class A, bool always> class gsl_ensurer {
    gsl_ensurer           (const gsl_ensurer&) = delete;
    gsl_ensurer& operator=(const gsl_ensurer&) = delete;
    A& asserter;
public:
    gsl_ensurer(A& asserter) : asserter(asserter) {}
    ~gsl_ensurer() noexcept(false)
    { if (!std::uncaught_exceptions() || always) asserter(); }
};

// Use line numbers to create unique names for each ensurer.
#define GSL_UNIQUE(a) GSL_JOIN(a, __LINE__)
#define GSL_JOIN(a, b) GSL_PASTE(a, b)
#define GSL_PASTE(a, b) a##b

// Ensure along all non-exception exit paths.
#define Ensures(cond)                                                                              \
    auto GSL_UNIQUE(GSL_ENSURER_) = [&]() {                                                        \
        GSL_CONTRACT_CHECK("Postcondition", cond);                                                 \
    };                                                                                             \
    gsl_ensurer<decltype(GSL_UNIQUE(GSL_ENSURER_)), false>                                         \
        GSL_UNIQUE(GSL_ENSURE_)(GSL_UNIQUE(GSL_ENSURER_));

// Ensure even when exiting via exception.
#define AlwaysEnsures(cond)                                                                        \
    auto GSL_UNIQUE(GSL_ENSURER_) = [&]() {                                                        \
        GSL_CONTRACT_CHECK("Postcondition", cond);                                                 \
    };                                                                                             \
    gsl_ensurer<decltype(GSL_UNIQUE(GSL_ENSURER_)), true>                                          \
        GSL_UNIQUE(GSL_ENSURE_)(GSL_UNIQUE(GSL_ENSURER_));

#endif // GSL_UNENFORCED_ON_CONTRACT_VIOLATION

// Assert that a function maintains an invariant during normal control flow
#define Maintains(cond)                                                                            \
    Expects(cond);                                                                                 \
    Ensures(cond)                                                                                  \

// Assert that the invariant is maintained even when exiting via exception
#define AlwaysMaintains(cond)                                                                      \
    Expects(cond);                                                                                 \
    AlwaysEnsures(cond)                                                                            \

#endif // GSL_CONTRACTS_H