12 files changed, 78 insertions, 87 deletions

diff --git a/src/crypto/gcm.c b/src/crypto/gcm.c
index 9d8bae82..c21aad14 100644
--- a/src/crypto/gcm.c
+++ b/src/crypto/gcm.c
@@ -472,10 +472,10 @@ void gcm_setiv ( struct gcm_context *context, const void *iv, size_t ivlen ) {
 	union gcm_block *check = ( ( void * ) context );
 
 	/* Sanity checks */
-	linker_assert ( &context->hash == check, gcm_bad_layout );
-	linker_assert ( &context->len == check + 1, gcm_bad_layout );
-	linker_assert ( &context->ctr == check + 2, gcm_bad_layout );
-	linker_assert ( &context->key == check + 3, gcm_bad_layout );
+	build_assert ( &context->hash == check );
+	build_assert ( &context->len == check + 1 );
+	build_assert ( &context->ctr == check + 2 );
+	build_assert ( &context->key == check + 3 );
 
 	/* Reset non-key state */
 	memset ( context, 0, offsetof ( typeof ( *context ), key ) );
diff --git a/src/crypto/md4.c b/src/crypto/md4.c
index ca5dcc21..dcd86a42 100644
--- a/src/crypto/md4.c
+++ b/src/crypto/md4.c
@@ -155,11 +155,11 @@ static void md4_digest ( struct md4_context *context ) {
 
 	/* Sanity checks */
 	assert ( ( context->len % sizeof ( context->ddd.dd.data ) ) == 0 );
-	linker_assert ( &u.ddd.dd.digest.h[0] == a, md4_bad_layout );
-	linker_assert ( &u.ddd.dd.digest.h[1] == b, md4_bad_layout );
-	linker_assert ( &u.ddd.dd.digest.h[2] == c, md4_bad_layout );
-	linker_assert ( &u.ddd.dd.digest.h[3] == d, md4_bad_layout );
-	linker_assert ( &u.ddd.dd.data.dword[0] == w, md4_bad_layout );
+	build_assert ( &u.ddd.dd.digest.h[0] == a );
+	build_assert ( &u.ddd.dd.digest.h[1] == b );
+	build_assert ( &u.ddd.dd.digest.h[2] == c );
+	build_assert ( &u.ddd.dd.digest.h[3] == d );
+	build_assert ( &u.ddd.dd.data.dword[0] == w );
 
 	DBGC ( context, "MD4 digesting:\n" );
 	DBGC_HDA ( context, 0, &context->ddd.dd.digest,
diff --git a/src/crypto/md5.c b/src/crypto/md5.c
index bee382e9..5c62513e 100644
--- a/src/crypto/md5.c
+++ b/src/crypto/md5.c
@@ -178,11 +178,11 @@ static void md5_digest ( struct md5_context *context ) {
 
 	/* Sanity checks */
 	assert ( ( context->len % sizeof ( context->ddd.dd.data ) ) == 0 );
-	linker_assert ( &u.ddd.dd.digest.h[0] == a, md5_bad_layout );
-	linker_assert ( &u.ddd.dd.digest.h[1] == b, md5_bad_layout );
-	linker_assert ( &u.ddd.dd.digest.h[2] == c, md5_bad_layout );
-	linker_assert ( &u.ddd.dd.digest.h[3] == d, md5_bad_layout );
-	linker_assert ( &u.ddd.dd.data.dword[0] == w, md5_bad_layout );
+	build_assert ( &u.ddd.dd.digest.h[0] == a );
+	build_assert ( &u.ddd.dd.digest.h[1] == b );
+	build_assert ( &u.ddd.dd.digest.h[2] == c );
+	build_assert ( &u.ddd.dd.digest.h[3] == d );
+	build_assert ( &u.ddd.dd.data.dword[0] == w );
 
 	DBGC ( context, "MD5 digesting:\n" );
 	DBGC_HDA ( context, 0, &context->ddd.dd.digest,
diff --git a/src/crypto/sha1.c b/src/crypto/sha1.c
index 94fce002..8eecc75b 100644
--- a/src/crypto/sha1.c
+++ b/src/crypto/sha1.c
@@ -145,12 +145,12 @@ static void sha1_digest ( struct sha1_context *context ) {
 
 	/* Sanity checks */
 	assert ( ( context->len % sizeof ( context->ddd.dd.data ) ) == 0 );
-	linker_assert ( &u.ddd.dd.digest.h[0] == a, sha1_bad_layout );
-	linker_assert ( &u.ddd.dd.digest.h[1] == b, sha1_bad_layout );
-	linker_assert ( &u.ddd.dd.digest.h[2] == c, sha1_bad_layout );
-	linker_assert ( &u.ddd.dd.digest.h[3] == d, sha1_bad_layout );
-	linker_assert ( &u.ddd.dd.digest.h[4] == e, sha1_bad_layout );
-	linker_assert ( &u.ddd.dd.data.dword[0] == w, sha1_bad_layout );
+	build_assert ( &u.ddd.dd.digest.h[0] == a );
+	build_assert ( &u.ddd.dd.digest.h[1] == b );
+	build_assert ( &u.ddd.dd.digest.h[2] == c );
+	build_assert ( &u.ddd.dd.digest.h[3] == d );
+	build_assert ( &u.ddd.dd.digest.h[4] == e );
+	build_assert ( &u.ddd.dd.data.dword[0] == w );
 
 	DBGC ( context, "SHA1 digesting:\n" );
 	DBGC_HDA ( context, 0, &context->ddd.dd.digest,
diff --git a/src/crypto/sha256.c b/src/crypto/sha256.c
index 6bd72771..c30300eb 100644
--- a/src/crypto/sha256.c
+++ b/src/crypto/sha256.c
@@ -140,15 +140,15 @@ static void sha256_digest ( struct sha256_context *context ) {
 
 	/* Sanity checks */
 	assert ( ( context->len % sizeof ( context->ddd.dd.data ) ) == 0 );
-	linker_assert ( &u.ddd.dd.digest.h[0] == a, sha256_bad_layout );
-	linker_assert ( &u.ddd.dd.digest.h[1] == b, sha256_bad_layout );
-	linker_assert ( &u.ddd.dd.digest.h[2] == c, sha256_bad_layout );
-	linker_assert ( &u.ddd.dd.digest.h[3] == d, sha256_bad_layout );
-	linker_assert ( &u.ddd.dd.digest.h[4] == e, sha256_bad_layout );
-	linker_assert ( &u.ddd.dd.digest.h[5] == f, sha256_bad_layout );
-	linker_assert ( &u.ddd.dd.digest.h[6] == g, sha256_bad_layout );
-	linker_assert ( &u.ddd.dd.digest.h[7] == h, sha256_bad_layout );
-	linker_assert ( &u.ddd.dd.data.dword[0] == w, sha256_bad_layout );
+	build_assert ( &u.ddd.dd.digest.h[0] == a );
+	build_assert ( &u.ddd.dd.digest.h[1] == b );
+	build_assert ( &u.ddd.dd.digest.h[2] == c );
+	build_assert ( &u.ddd.dd.digest.h[3] == d );
+	build_assert ( &u.ddd.dd.digest.h[4] == e );
+	build_assert ( &u.ddd.dd.digest.h[5] == f );
+	build_assert ( &u.ddd.dd.digest.h[6] == g );
+	build_assert ( &u.ddd.dd.digest.h[7] == h );
+	build_assert ( &u.ddd.dd.data.dword[0] == w );
 
 	DBGC ( context, "SHA256 digesting:\n" );
 	DBGC_HDA ( context, 0, &context->ddd.dd.digest,
diff --git a/src/crypto/sha512.c b/src/crypto/sha512.c
index e8489501..d7d44b28 100644
--- a/src/crypto/sha512.c
+++ b/src/crypto/sha512.c
@@ -156,15 +156,15 @@ static void sha512_digest ( struct sha512_context *context ) {
 
 	/* Sanity checks */
 	assert ( ( context->len % sizeof ( context->ddq.dd.data ) ) == 0 );
-	linker_assert ( &u.ddq.dd.digest.h[0] == a, sha512_bad_layout );
-	linker_assert ( &u.ddq.dd.digest.h[1] == b, sha512_bad_layout );
-	linker_assert ( &u.ddq.dd.digest.h[2] == c, sha512_bad_layout );
-	linker_assert ( &u.ddq.dd.digest.h[3] == d, sha512_bad_layout );
-	linker_assert ( &u.ddq.dd.digest.h[4] == e, sha512_bad_layout );
-	linker_assert ( &u.ddq.dd.digest.h[5] == f, sha512_bad_layout );
-	linker_assert ( &u.ddq.dd.digest.h[6] == g, sha512_bad_layout );
-	linker_assert ( &u.ddq.dd.digest.h[7] == h, sha512_bad_layout );
-	linker_assert ( &u.ddq.dd.data.qword[0] == w, sha512_bad_layout );
+	build_assert ( &u.ddq.dd.digest.h[0] == a );
+	build_assert ( &u.ddq.dd.digest.h[1] == b );
+	build_assert ( &u.ddq.dd.digest.h[2] == c );
+	build_assert ( &u.ddq.dd.digest.h[3] == d );
+	build_assert ( &u.ddq.dd.digest.h[4] == e );
+	build_assert ( &u.ddq.dd.digest.h[5] == f );
+	build_assert ( &u.ddq.dd.digest.h[6] == g );
+	build_assert ( &u.ddq.dd.digest.h[7] == h );
+	build_assert ( &u.ddq.dd.data.qword[0] == w );
 
 	DBGC ( context, "SHA512 digesting:\n" );
 	DBGC_HDA ( context, 0, &context->ddq.dd.digest,
diff --git a/src/drivers/infiniband/linda.c b/src/drivers/infiniband/linda.c
index 8c591266..0c8a043a 100644
--- a/src/drivers/infiniband/linda.c
+++ b/src/drivers/infiniband/linda.c
@@ -721,7 +721,7 @@ static int linda_init_recv ( struct linda *linda ) {
 		eager_array_size_other = LINDA_EAGER_ARRAY_SIZE_17CTX_OTHER;
 		break;
 	default:
-		linker_assert ( 0, invalid_LINDA_NUM_CONTEXTS );
+		build_assert ( 0 );
 		return -EINVAL;
 	}
 
@@ -1108,7 +1108,7 @@ static int linda_post_recv ( struct ib_device *ibdev,
 	case 16384: bufsize = LINDA_EAGER_BUFFER_16K; break;
 	case 32768: bufsize = LINDA_EAGER_BUFFER_32K; break;
 	case 65536: bufsize = LINDA_EAGER_BUFFER_64K; break;
-	default:    linker_assert ( 0, invalid_rx_payload_size );
+	default:    build_assert ( 0 );
 		    bufsize = LINDA_EAGER_BUFFER_NONE;
 	}
 
diff --git a/src/drivers/infiniband/qib7322.c b/src/drivers/infiniband/qib7322.c
index da055b74..a011dafc 100644
--- a/src/drivers/infiniband/qib7322.c
+++ b/src/drivers/infiniband/qib7322.c
@@ -893,7 +893,7 @@ static int qib7322_init_recv ( struct qib7322 *qib7322 ) {
 		eager_array_size_user = QIB7322_EAGER_ARRAY_SIZE_18CTX_USER;
 		break;
 	default:
-		linker_assert ( 0, invalid_QIB7322_NUM_CONTEXTS );
+		build_assert ( 0 );
 		return -EINVAL;
 	}
 
@@ -1351,7 +1351,7 @@ static int qib7322_post_recv ( struct ib_device *ibdev,
 	case 16384: bufsize = QIB7322_EAGER_BUFFER_16K; break;
 	case 32768: bufsize = QIB7322_EAGER_BUFFER_32K; break;
 	case 65536: bufsize = QIB7322_EAGER_BUFFER_64K; break;
-	default:    linker_assert ( 0, invalid_rx_payload_size );
+	default:    build_assert ( 0 );
 		    bufsize = QIB7322_EAGER_BUFFER_NONE;
 	}
 
diff --git a/src/include/assert.h b/src/include/assert.h
index 6d053180..b3a9b1fe 100644
--- a/src/include/assert.h
+++ b/src/include/assert.h
@@ -65,19 +65,22 @@ assert_printf ( const char *fmt, ... ) asm ( "printf" );
 #define static_assert(x) _Static_assert( x, #x )
 
 /**
- * Assert a condition at link-time.
+ * Assert a condition at build time (after dead code elimination)
  *
- * If the condition is not true, the link will fail with an unresolved
- * symbol (error_symbol).
+ * If the compiler cannot prove that the condition is true, the build
+ * will fail with an error message.
  *
  * This macro is iPXE-specific.  Do not use this macro in code
  * intended to be portable.
- *
  */
-#define linker_assert( condition, error_symbol )	\
-        if ( ! (condition) ) {				\
-                extern void error_symbol ( void );	\
-                error_symbol();				\
-        }
+#define build_assert( condition )					     \
+	do { 								     \
+		if ( ! (condition) ) {					     \
+			extern void __attribute__ (( error (		     \
+				"build_assert(" #condition ") failed"	     \
+			) )) _C2 ( build_assert_, __LINE__ ) ( void );	     \
+			_C2 ( build_assert_, __LINE__ ) ();		     \
+		}							     \
+	} while ( 0 )
 
 #endif /* _ASSERT_H */
diff --git a/src/include/ipxe/asn1.h b/src/include/ipxe/asn1.h
index 77429f3a..452fcef0 100644
--- a/src/include/ipxe/asn1.h
+++ b/src/include/ipxe/asn1.h
@@ -390,10 +390,9 @@ asn1_built ( struct asn1_builder *builder ) {
 	} *u = container_of ( builder, typeof ( *u ), builder );
 
 	/* Sanity check */
-	linker_assert ( ( ( const void * ) &u->builder.data ) ==
-			&u->cursor.data, asn1_builder_cursor_data_mismatch );
-	linker_assert ( &u->builder.len == &u->cursor.len,
-			asn1_builder_cursor_len_mismatch );
+	build_assert ( ( ( const void * ) &u->builder.data ) ==
+		       &u->cursor.data );
+	build_assert ( &u->builder.len == &u->cursor.len );
 
 	return &u->cursor;
 }
diff --git a/src/include/ipxe/entropy.h b/src/include/ipxe/entropy.h
index 240feace..82bb1182 100644
--- a/src/include/ipxe/entropy.h
+++ b/src/include/ipxe/entropy.h
@@ -237,8 +237,7 @@ get_entropy_input ( unsigned int min_entropy_bits, void *data, size_t min_len,
 	int rc;
 
 	/* Sanity check */
-	linker_assert ( ( min_entropy_bits <= ( 8 * max_len ) ),
-			entropy_buffer_too_small );
+	build_assert ( min_entropy_bits <= ( 8 * max_len ) );
 
 	/* Round up minimum entropy to an integral number of bytes */
 	min_entropy_bits = ( ( min_entropy_bits + 7 ) & ~7 );
@@ -247,11 +246,11 @@ get_entropy_input ( unsigned int min_entropy_bits, void *data, size_t min_len,
 	 * meet or exceed the security strength indicated by the
 	 * min_entropy parameter.
 	 */
-	linker_assert ( ( ( 8 * ENTROPY_HASH_DF_OUTLEN_BYTES ) >=
-			  min_entropy_bits ), hash_df_algorithm_too_weak );
+	build_assert ( ( 8 * ENTROPY_HASH_DF_OUTLEN_BYTES ) >=
+		       min_entropy_bits );
 
 	/* 1.  If ( min_length > max_length ), then return ( FAILURE, Null ) */
-	linker_assert ( ( min_len <= max_len ), min_len_greater_than_max_len );
+	build_assert ( min_len <= max_len );
 
 	/* 2.  n = 2 * min_entropy */
 	n = ( 2 * min_entropy_bits );
@@ -269,9 +268,8 @@ get_entropy_input ( unsigned int min_entropy_bits, void *data, size_t min_len,
 	 * (The implementation of these steps is inside the function
 	 * get_entropy_input_tmp().)
 	 */
-	linker_assert ( __builtin_constant_p ( tmp_len ),
-			tmp_len_not_constant );
-	linker_assert ( ( n == ( 8 * tmp_len ) ), tmp_len_mismatch );
+	build_assert ( __builtin_constant_p ( tmp_len ) );
+	build_assert ( n == ( 8 * tmp_len ) );
 	if ( ( rc = get_entropy_input_tmp ( MIN_ENTROPY ( min_entropy_bits ),
 					    tmp, tmp_len ) ) != 0 ) {
 		return rc;
@@ -283,17 +281,17 @@ get_entropy_input ( unsigned int min_entropy_bits, void *data, size_t min_len,
 	 */
 	if ( tmp_len < min_len ) {
 		/* (Data is already in-place.) */
-		linker_assert ( ( data == tmp ), data_not_inplace );
+		build_assert ( data == tmp );
 		memset ( ( data + tmp_len ), 0, ( min_len - tmp_len ) );
 		return min_len;
 	} else if ( tmp_len > max_len ) {
-		linker_assert ( ( tmp == tmp_buf ), data_inplace );
+		build_assert ( tmp == tmp_buf );
 		hash_df ( &entropy_hash_df_algorithm, tmp, tmp_len,
 			  data, max_len );
 		return max_len;
 	} else {
 		/* (Data is already in-place.) */
-		linker_assert ( ( data == tmp ), data_not_inplace );
+		build_assert ( data == tmp );
 		return tmp_len;
 	}
 }
@@ -328,15 +326,14 @@ entropy_repetition_count_cutoff ( min_entropy_t min_entropy_per_sample ) {
 	cutoff = max_repetitions;
 	if ( cutoff < max_repetitions )
 		cutoff++;
-	linker_assert ( ( cutoff >= max_repetitions ), rounding_error );
+	build_assert ( cutoff >= max_repetitions );
 
 	/* Floating-point operations are not allowed in iPXE since we
 	 * never set up a suitable environment.  Abort the build
 	 * unless the calculated number of repetitions is a
 	 * compile-time constant.
 	 */
-	linker_assert ( __builtin_constant_p ( cutoff ),
-			repetition_count_cutoff_not_constant );
+	build_assert ( __builtin_constant_p ( cutoff ) );
 
 	return cutoff;
 }
@@ -443,12 +440,10 @@ entropy_adaptive_proportion_cutoff ( min_entropy_t min_entropy_per_sample ) {
 	cutoff = entropy_adaptive_proportion_cutoff_lookup ( n, h );
 
 	/* Fail unless cutoff value is a compile-time constant */
-	linker_assert ( __builtin_constant_p ( cutoff ),
-			adaptive_proportion_cutoff_not_constant );
+	build_assert ( __builtin_constant_p ( cutoff ) );
 
 	/* Fail if cutoff value is N/A */
-	linker_assert ( ( cutoff != APC_NA ),
-			adaptive_proportion_cutoff_not_applicable );
+	build_assert ( cutoff != APC_NA );
 
 	return cutoff;
 }
@@ -475,8 +470,7 @@ entropy_startup_test_count ( unsigned int repetition_count_cutoff,
 	num_samples = repetition_count_cutoff;
 	if ( num_samples < adaptive_proportion_cutoff )
 		num_samples = adaptive_proportion_cutoff;
-	linker_assert ( __builtin_constant_p ( num_samples ),
-			startup_test_count_not_constant );
+	build_assert ( __builtin_constant_p ( num_samples ) );
 
 	return num_samples;
 }
@@ -499,11 +493,9 @@ entropy_init ( struct entropy_source *source,
 	unsigned int startup_test_count;
 
 	/* Sanity check */
-	linker_assert ( min_entropy_per_sample > MIN_ENTROPY ( 0 ),
-			min_entropy_per_sample_is_zero );
-	linker_assert ( ( min_entropy_per_sample <=
-			  MIN_ENTROPY ( 8 * sizeof ( noise_sample_t ) ) ),
-			min_entropy_per_sample_is_impossibly_high );
+	build_assert ( min_entropy_per_sample > MIN_ENTROPY ( 0 ) );
+	build_assert ( min_entropy_per_sample <=
+		       MIN_ENTROPY ( 8 * sizeof ( noise_sample_t ) ) );
 
 	/* Calculate test cutoff values */
 	repetition_count_cutoff =
diff --git a/src/include/ipxe/gcm.h b/src/include/ipxe/gcm.h
index 90ef0b52..9653a0a1 100644
--- a/src/include/ipxe/gcm.h
+++ b/src/include/ipxe/gcm.h
@@ -88,13 +88,10 @@ struct _gcm_name ## _context {						\
 static int _gcm_name ## _setkey ( void *ctx, const void *key,		\
 				  size_t keylen ) {			\
 	struct _gcm_name ## _context *context = ctx;			\
-	linker_assert ( _blocksize == sizeof ( context->gcm.key ),	\
-			_gcm_name ## _unsupported_blocksize );		\
-	linker_assert ( ( ( void * ) &context->gcm ) == ctx,		\
-			_gcm_name ## _context_layout_error );		\
-	linker_assert ( ( ( void * ) &context->raw ) ==			\
-			( ( void * ) context->gcm.raw_ctx ),		\
-			_gcm_name ## _context_layout_error );		\
+	build_assert ( _blocksize == sizeof ( context->gcm.key ) );	\
+	build_assert ( ( ( void * ) &context->gcm ) == ctx );		\
+	build_assert ( ( ( void * ) &context->raw ) ==			\
+		       ( ( void * ) context->gcm.raw_ctx ) );		\
 	return gcm_setkey ( &context->gcm, key, keylen, &_raw_cipher );	\
 }									\
 static void _gcm_name ## _setiv ( void *ctx, const void *iv,		\