Prefer static_assert to verify

Although static_assert is C11-specific, and Emacs remains on C99, it has been backported to older compilers by Gnulib. Gnulib has already changed to prefer static_assert, and we can do the same. * lib-src/asset-directory-tool.c (main_2): * src/alloc.c (BLOCK_ALIGN, aligned_alloc, lisp_align_malloc) (vectorlike_nbytes, allocate_pseudovector): * src/android.c (android_globalize_reference, android_set_dashes): * src/android.h: * src/androidfont.c (androidfont_draw, androidfont_text_extents): * src/androidvfs.c: * src/bidi.c (BIDI_CACHE_MAX_ELTS_PER_SLOT, bidi_find_bracket_pairs): * src/buffer.c (init_buffer_once): * src/casefiddle.c (do_casify_multibyte_string): * src/dispnew.c (scrolling_window, scrolling): * src/editfns.c (styled_format): * src/emacs-module.c (module_extract_big_integer): * src/fileio.c (Fdo_auto_save): * src/fns.c (next_almost_prime, hash_string): * src/fringe.c (init_fringe): * src/keyboard.h (kbd_buffer_store_event_hold): * src/keymap.c: * src/lisp.h (memclear, reduce_emacs_uint_to_hash_hash, modiff_incr): * src/lread.c (skip_lazy_string): * src/pdumper.c (dump_bignum, Fdump_emacs_portable) (dump_do_dump_relocation, pdumper_load): * src/process.c (make_process, Fmake_process, connect_network_socket): * src/regex-emacs.c: * src/sort.c (tim_sort): * src/sysdep.c (init_random, SSIZE_MAX): * src/thread.c: * src/timefns.c (trillion_factor): * src/unexelf.c: * src/xterm.c (x_send_scroll_bar_event): Prefer static_assert to Gnulib verify. Remove import of verify.h, except when used for other reasons.
2024-11-23 07:19:15 +00:00 · 2024-07-24 00:09:49 +02:00 · 2024-07-24 00:09:49 +02:00 · 7c8e28607b
commit 7c8e28607b
parent 46f3452b30
32 changed files with 106 additions and 120 deletions
--- a/lib-src/asset-directory-tool.c
+++ b/lib-src/asset-directory-tool.c
@ -20,7 +20,7 @@ along with GNU Emacs.  If not, see <https://www.gnu.org/licenses/>.  */
 #include <config.h>
 #include <stdio.h>
-#include <verify.h>
+#include <assert.h>
 #include <fcntl.h>
 #include <errno.h>
 #include <byteswap.h>
@ -236,7 +236,7 @@ main_2 (int fd, struct directory_tree *tree, size_t *offset)
  output[0] = (unsigned int) tree->st_size;
 #endif /* !WORDS_BIGENDIAN */
-  verify (sizeof output == 8 && sizeof output[0] == 4);
+  static_assert (sizeof output == 8 && sizeof output[0] == 4);
  if (!need_file_size)
    {
      if (write (fd, output + 1, 4) < 1)
--- a/src/alloc.c
+++ b/src/alloc.c
@ -709,7 +709,7 @@ buffer_memory_full (ptrdiff_t nbytes)
   where Emacs would crash if malloc returned a non-GCALIGNED pointer.  */
 enum { LISP_ALIGNMENT = alignof (union { union emacs_align_type x;
 					 GCALIGNED_UNION_MEMBER }) };
-verify (LISP_ALIGNMENT % GCALIGNMENT == 0);
+static_assert (LISP_ALIGNMENT % GCALIGNMENT == 0);
 /* True if malloc (N) is known to return storage suitably aligned for
   Lisp objects whenever N is a multiple of LISP_ALIGNMENT.  In
@ -839,7 +839,7 @@ xfree (void *block)
 /* Other parts of Emacs pass large int values to allocator functions
   expecting ptrdiff_t.  This is portable in practice, but check it to
   be safe.  */
-verify (INT_MAX <= PTRDIFF_MAX);
+static_assert (INT_MAX <= PTRDIFF_MAX);
 /* Allocate an array of NITEMS items, each of size ITEM_SIZE.
@ -1076,7 +1076,7 @@ lisp_free (void *block)
 #else  /* !HAVE_UNEXEC */
 # define BLOCK_ALIGN (1 << 15)
 #endif
-verify (POWER_OF_2 (BLOCK_ALIGN));
+static_assert (POWER_OF_2 (BLOCK_ALIGN));
 /* Use aligned_alloc if it or a simple substitute is available.
   Aligned allocation is incompatible with unexmacosx.c, so don't use
@ -1096,11 +1096,11 @@ aligned_alloc (size_t alignment, size_t size)
 {
  /* POSIX says the alignment must be a power-of-2 multiple of sizeof (void *).
     Verify this for all arguments this function is given.  */
-  verify (BLOCK_ALIGN % sizeof (void *) == 0
+  static_assert (BLOCK_ALIGN % sizeof (void *) == 0
-	  && POWER_OF_2 (BLOCK_ALIGN / sizeof (void *)));
+		 && POWER_OF_2 (BLOCK_ALIGN / sizeof (void *)));
-  verify (MALLOC_IS_LISP_ALIGNED
+  static_assert (MALLOC_IS_LISP_ALIGNED
-	  || (LISP_ALIGNMENT % sizeof (void *) == 0
+		 || (LISP_ALIGNMENT % sizeof (void *) == 0
-	      && POWER_OF_2 (LISP_ALIGNMENT / sizeof (void *))));
+		     && POWER_OF_2 (LISP_ALIGNMENT / sizeof (void *))));
  eassert (alignment == BLOCK_ALIGN
 	   || (!MALLOC_IS_LISP_ALIGNED && alignment == LISP_ALIGNMENT));
@ -1221,7 +1221,7 @@ lisp_align_malloc (size_t nbytes, enum mem_type type)
 #endif
 #ifdef USE_ALIGNED_ALLOC
-      verify (ABLOCKS_BYTES % BLOCK_ALIGN == 0);
+      static_assert (ABLOCKS_BYTES % BLOCK_ALIGN == 0);
      abase = base = aligned_alloc (BLOCK_ALIGN, ABLOCKS_BYTES);
 #else
      base = malloc (ABLOCKS_BYTES);
@ -3048,7 +3048,7 @@ enum { VECTOR_BLOCK_SIZE = 4096 };
 enum { roundup_size = COMMON_MULTIPLE (LISP_ALIGNMENT, word_size) };
 /* Verify assumption described above.  */
-verify (VECTOR_BLOCK_SIZE % roundup_size == 0);
+static_assert (VECTOR_BLOCK_SIZE % roundup_size == 0);
 /* Round up X to nearest mult-of-ROUNDUP_SIZE --- use at compile time.  */
 #define vroundup_ct(x) ROUNDUP (x, roundup_size)
@ -3062,7 +3062,7 @@ enum {VECTOR_BLOCK_BYTES = VECTOR_BLOCK_SIZE - vroundup_ct (sizeof (void *))};
 /* The current code expects to be able to represent an unused block by
   a single PVEC_FREE object, whose size is limited by the header word.
   (Of course we could use multiple such objects.)  */
-verify (VECTOR_BLOCK_BYTES <= (word_size << PSEUDOVECTOR_REST_BITS));
+static_assert (VECTOR_BLOCK_BYTES <= (word_size << PSEUDOVECTOR_REST_BITS));
 /* Size of the minimal vector allocated from block.  */
@ -3319,7 +3319,7 @@ vectorlike_nbytes (const union vectorlike_header *hdr)
 	  ptrdiff_t word_bytes = (bool_vector_words (bv->size)
 				  * sizeof (bits_word));
 	  ptrdiff_t boolvec_bytes = bool_header_size + word_bytes;
-	  verify (header_size <= bool_header_size);
+	  static_assert (header_size <= bool_header_size);
 	  nwords = (boolvec_bytes - header_size + word_size - 1) / word_size;
        }
      else
@ -3699,7 +3699,7 @@ allocate_pseudovector (int memlen, int lisplen,
  /* Catch bogus values.  */
  enum { size_max = (1 << PSEUDOVECTOR_SIZE_BITS) - 1 };
  enum { rest_max = (1 << PSEUDOVECTOR_REST_BITS) - 1 };
-  verify (size_max + rest_max <= VECTOR_ELTS_MAX);
+  static_assert (size_max + rest_max <= VECTOR_ELTS_MAX);
  eassert (0 <= tag && tag <= PVEC_TAG_MAX);
  eassert (0 <= lisplen && lisplen <= zerolen && zerolen <= memlen);
  eassert (lisplen <= size_max);
--- a/src/android.c
+++ b/src/android.c
@ -2969,7 +2969,7 @@ android_globalize_reference (jobject handle)
  (*android_java_env)->SetLongField (android_java_env, global,
 				     handle_class.handle,
 				     (jlong) global);
-  verify (sizeof (jlong) >= sizeof (intptr_t));
+  static_assert (sizeof (jlong) >= sizeof (intptr_t));
  return (intptr_t) global;
 }
@ -3521,7 +3521,7 @@ android_set_dashes (struct android_gc *gc, int dash_offset,
      /* Copy the list of segments into both arrays.  */
      for (i = 0; i < n; ++i)
 	gc->dashes[i] = dash_list[i];
-      verify (sizeof (int) == sizeof (jint));
+      static_assert (sizeof (int) == sizeof (jint));
      (*android_java_env)->SetIntArrayRegion (android_java_env,
 					      array, 0, n,
 					      (jint *) dash_list);
--- a/src/android.h
+++ b/src/android.h
@ -103,7 +103,7 @@ extern ssize_t android_readlinkat (int, const char *restrict, char *restrict,
 extern double android_pixel_density_x, android_pixel_density_y;
 extern double android_scaled_pixel_density;
-verify (sizeof (android_handle) == sizeof (jobject));
+static_assert (sizeof (android_handle) == sizeof (jobject));
 #define android_resolve_handle(handle) ((jobject) (handle))
 extern unsigned char *android_lock_bitmap (android_drawable,
--- a/src/androidfont.c
+++ b/src/androidfont.c
@ -654,7 +654,7 @@ androidfont_draw (struct glyph_string *s, int from, int to,
  /* Maybe initialize the font driver.  */
  androidfont_check_init ();
-  verify (sizeof (unsigned int) == sizeof (jint));
+  static_assert (sizeof (unsigned int) == sizeof (jint));
  info = (struct androidfont_info *) s->font;
  gcontext = android_resolve_handle (s->gc->gcontext);
@ -932,7 +932,7 @@ androidfont_text_extents (struct font *font, const unsigned int *code,
      memory_full (0);
    }
-  verify (sizeof (unsigned int) == sizeof (jint));
+  static_assert (sizeof (unsigned int) == sizeof (jint));
  /* Always true on every Android device.  */
  (*android_java_env)->SetIntArrayRegion (android_java_env,
--- a/src/androidvfs.c
+++ b/src/androidvfs.c
@ -259,7 +259,7 @@ struct android_special_vnode
  Lisp_Object special_coding_system;
 };
-verify (NIL_IS_ZERO); /* special_coding_system above.  */
+static_assert (NIL_IS_ZERO); /* special_coding_system above.  */
 enum android_vnode_type
  {
--- a/src/bidi.c
+++ b/src/bidi.c
@ -566,7 +566,7 @@ bidi_copy_it (struct bidi_it *to, struct bidi_it *from)
   RTL characters in the offending line of text.  */
 /* Do we need to allow customization of this limit?  */
 #define BIDI_CACHE_MAX_ELTS_PER_SLOT 50000
-verify (BIDI_CACHE_CHUNK < BIDI_CACHE_MAX_ELTS_PER_SLOT);
+static_assert (BIDI_CACHE_CHUNK < BIDI_CACHE_MAX_ELTS_PER_SLOT);
 static ptrdiff_t bidi_cache_max_elts = BIDI_CACHE_MAX_ELTS_PER_SLOT;
 static struct bidi_it *bidi_cache;
 static ptrdiff_t bidi_cache_size = 0;
@ -2626,7 +2626,7 @@ bidi_find_bracket_pairs (struct bidi_it *bidi_it)
      ptrdiff_t pairing_pos;
      int idx_at_entry = bidi_cache_idx;
-      verify (MAX_BPA_STACK >= 100);
+      static_assert (MAX_BPA_STACK >= 100);
      bidi_copy_it (&saved_it, bidi_it);
      /* bidi_cache_iterator_state refuses to cache on backward scans,
 	 and bidi_cache_fetch_state doesn't bring scan_dir from the
--- a/src/buffer.c
+++ b/src/buffer.c
@ -27,8 +27,6 @@ along with GNU Emacs.  If not, see <https://www.gnu.org/licenses/>.  */
 #include <stdlib.h>
 #include <unistd.h>
 #include <verify.h>
 #include "lisp.h"
 #include "intervals.h"
 #include "process.h"
@ -4860,7 +4858,7 @@ init_buffer_once (void)
     The local flag bits are in the local_var_flags slot of the buffer.  */
  /* Nothing can work if this isn't true.  */
-  { verify (sizeof (EMACS_INT) == word_size); }
+  { static_assert (sizeof (EMACS_INT) == word_size); }
  Vbuffer_alist = Qnil;
  current_buffer = 0;
--- a/src/casefiddle.c
+++ b/src/casefiddle.c
@ -285,7 +285,7 @@ do_casify_multibyte_string (struct casing_context *ctx, Lisp_Object obj)
     representation of the character is at the beginning of the
     buffer.  This is why we don’t need a separate struct
     casing_str_buf object, and can write directly to the destination.  */
-  verify (offsetof (struct casing_str_buf, data) == 0);
+  static_assert (offsetof (struct casing_str_buf, data) == 0);
  ptrdiff_t size = SCHARS (obj), n;
  USE_SAFE_ALLOCA;
--- a/src/character.h
+++ b/src/character.h
@ -23,7 +23,6 @@ along with GNU Emacs.  If not, see <https://www.gnu.org/licenses/>.  */
 #ifndef EMACS_CHARACTER_H
 #define EMACS_CHARACTER_H
 #include <verify.h>
 #include "lisp.h"
 INLINE_HEADER_BEGIN
--- a/src/decompress.c
+++ b/src/decompress.c
@ -27,8 +27,6 @@ along with GNU Emacs.  If not, see <https://www.gnu.org/licenses/>.  */
 #include "composite.h"
 #include "md5.h"
 #include <verify.h>
 #ifdef WINDOWSNT
 # include <windows.h>
 # include "w32common.h"
--- a/src/dispnew.c
+++ b/src/dispnew.c
@ -4667,7 +4667,7 @@ scrolling_window (struct window *w, int tab_line_p)
     13, then next_almost_prime_increment_max would be 14, e.g.,
     because next_almost_prime (113) would be 127.  */
  {
-    verify (NEXT_ALMOST_PRIME_LIMIT == 11);
+    static_assert (NEXT_ALMOST_PRIME_LIMIT == 11);
    enum { next_almost_prime_increment_max = 10 };
    ptrdiff_t row_table_max =
      (min (PTRDIFF_MAX, SIZE_MAX) / (3 * sizeof *row_table)
@ -5118,8 +5118,8 @@ scrolling (struct frame *frame)
  int free_at_end_vpos = height;
  struct glyph_matrix *current_matrix = frame->current_matrix;
  struct glyph_matrix *desired_matrix = frame->desired_matrix;
-  verify (sizeof (int) <= sizeof (unsigned));
+  static_assert (sizeof (int) <= sizeof (unsigned));
-  verify (alignof (unsigned) % alignof (int) == 0);
+  static_assert (alignof (unsigned) % alignof (int) == 0);
  unsigned *old_hash;
  USE_SAFE_ALLOCA;
  SAFE_NALLOCA (old_hash, 4, height);
--- a/src/editfns.c
+++ b/src/editfns.c
@ -46,7 +46,6 @@ along with GNU Emacs.  If not, see <https://www.gnu.org/licenses/>.  */
 #include <c-ctype.h>
 #include <intprops.h>
 #include <stdlib.h>
 #include <verify.h>
 #include "composite.h"
 #include "intervals.h"
@ -3408,7 +3407,7 @@ styled_format (ptrdiff_t nargs, Lisp_Object *args, bool message)
   SPRINTF_BUFSIZE = (sizeof "-." + (LDBL_MAX_10_EXP + 1)
 		      + USEFUL_PRECISION_MAX)
  };
-  verify (USEFUL_PRECISION_MAX > 0);
+  static_assert (USEFUL_PRECISION_MAX > 0);
  ptrdiff_t n;		/* The number of the next arg to substitute.  */
  char initial_buffer[1000 + SPRINTF_BUFSIZE];
--- a/src/emacs-module.c
+++ b/src/emacs-module.c
@ -94,7 +94,6 @@ To add a new module function, proceed as follows:
 #include "thread.h"
 #include <intprops.h>
 #include <verify.h>
 /* We use different strategies for allocating the user-visible objects
   (struct emacs_runtime, emacs_env, emacs_value), depending on
@ -1034,10 +1033,10 @@ import/export overhead on most platforms.
 /* Verify that emacs_limb_t indeed has unique object
   representations.  */
-verify (CHAR_BIT == 8);
+static_assert (CHAR_BIT == 8);
-verify ((sizeof (emacs_limb_t) == 4 && EMACS_LIMB_MAX == 0xFFFFFFFF)
+static_assert ((sizeof (emacs_limb_t) == 4 && EMACS_LIMB_MAX == 0xFFFFFFFF)
-        || (sizeof (emacs_limb_t) == 8
+	       || (sizeof (emacs_limb_t) == 8
-            && EMACS_LIMB_MAX == 0xFFFFFFFFFFFFFFFF));
+		   && EMACS_LIMB_MAX == 0xFFFFFFFFFFFFFFFF));
 static bool
 module_extract_big_integer (emacs_env *env, emacs_value arg, int *sign,
@ -1084,7 +1083,7 @@ module_extract_big_integer (emacs_env *env, emacs_value arg, int *sign,
         suffice.  */
      EMACS_UINT u;
      enum { required = (sizeof u + size - 1) / size };
-      verify (0 < required && +required <= module_bignum_count_max);
+      static_assert (0 < required && +required <= module_bignum_count_max);
      if (magnitude == NULL)
        {
          *count = required;
@ -1104,7 +1103,7 @@ module_extract_big_integer (emacs_env *env, emacs_value arg, int *sign,
        u = (EMACS_UINT) x;
      else
        u = -(EMACS_UINT) x;
-      verify (required * bits < PTRDIFF_MAX);
+      static_assert (required * bits < PTRDIFF_MAX);
      for (ptrdiff_t i = 0; i < required; ++i)
        magnitude[i] = (emacs_limb_t) (u >> (i * bits));
      MODULE_INTERNAL_CLEANUP ();
--- a/src/eval.c
+++ b/src/eval.c
@ -1252,7 +1252,7 @@ usage: (catch TAG BODY...)  */)
   eassert (E) when E contains variables that might be clobbered by a
   longjmp.  */
-#define clobbered_eassert(E) verify (sizeof (E) != 0)
+#define clobbered_eassert(E) static_assert (sizeof (E) != 0)
 void
 pop_handler (void)
--- a/src/fileio.c
+++ b/src/fileio.c
@ -3906,7 +3906,7 @@ union read_non_regular
  } s;
  GCALIGNED_UNION_MEMBER
 };
-verify (GCALIGNED (union read_non_regular));
+static_assert (GCALIGNED (union read_non_regular));
 static Lisp_Object
 read_non_regular (Lisp_Object state)
@ -6316,7 +6316,7 @@ A non-nil CURRENT-ONLY argument means save only current buffer.  */)
 	      continue;
 	    enum { growth_factor = 4 };
-	    verify (BUF_BYTES_MAX <= EMACS_INT_MAX / growth_factor);
+	    static_assert (BUF_BYTES_MAX <= EMACS_INT_MAX / growth_factor);
 	    set_buffer_internal (b);
 	    if (NILP (Vauto_save_include_big_deletions)
--- a/src/fns.c
+++ b/src/fns.c
@ -4631,7 +4631,7 @@ check_hash_table (Lisp_Object obj)
 EMACS_INT
 next_almost_prime (EMACS_INT n)
 {
-  verify (NEXT_ALMOST_PRIME_LIMIT == 11);
+  static_assert (NEXT_ALMOST_PRIME_LIMIT == 11);
  for (n |= 1; ; n += 2)
    if (n % 3 != 0 && n % 5 != 0 && n % 7 != 0)
      return n;
@ -5367,7 +5367,7 @@ hash_string (char const *ptr, ptrdiff_t len)
      /* String is shorter than an EMACS_UINT.  Use smaller loads.  */
      eassume (p <= end && end - p < sizeof (EMACS_UINT));
      EMACS_UINT tail = 0;
-      verify (sizeof tail <= 8);
+      static_assert (sizeof tail <= 8);
 #if EMACS_INT_MAX > INT32_MAX
      if (end - p >= 4)
 	{
--- a/src/fringe.c
+++ b/src/fringe.c
@ -1813,7 +1813,7 @@ init_fringe (void)
  fringe_bitmaps = xzalloc (max_fringe_bitmaps * sizeof *fringe_bitmaps);
-  verify (NIL_IS_ZERO);
+  static_assert (NIL_IS_ZERO);
  fringe_faces = xzalloc (max_fringe_bitmaps * sizeof *fringe_faces);
 }
--- a/src/keyboard.h
+++ b/src/keyboard.h
@ -497,8 +497,8 @@ INLINE void
 kbd_buffer_store_event_hold (struct input_event *event,
 			     struct input_event *hold_quit)
 {
-  verify (alignof (struct input_event) == alignof (union buffered_input_event)
+  static_assert (alignof (struct input_event) == alignof (union buffered_input_event)
-	  && sizeof (struct input_event) == sizeof (union buffered_input_event));
+		 && sizeof (struct input_event) == sizeof (union buffered_input_event));
  kbd_buffer_store_buffered_event ((union buffered_input_event *) event,
 				   hold_quit);
 }
--- a/src/keymap.c
+++ b/src/keymap.c
@ -518,7 +518,7 @@ union map_keymap
  } s;
  GCALIGNED_UNION_MEMBER
 };
-verify (GCALIGNED (union map_keymap));
+static_assert (GCALIGNED (union map_keymap));
 static void
 map_keymap_char_table_item (Lisp_Object args, Lisp_Object key, Lisp_Object val)
--- a/src/lisp.h
+++ b/src/lisp.h
@ -140,7 +140,7 @@ typedef unsigned char bits_word;
 # define BITS_WORD_MAX ((1u << BOOL_VECTOR_BITS_PER_CHAR) - 1)
 enum { BITS_PER_BITS_WORD = BOOL_VECTOR_BITS_PER_CHAR };
 #endif
-verify (BITS_WORD_MAX >> (BITS_PER_BITS_WORD - 1) == 1);
+static_assert (BITS_WORD_MAX >> (BITS_PER_BITS_WORD - 1) == 1);
 /* Use pD to format ptrdiff_t values, which suffice for indexes into
   buffers and strings.  Emacs never allocates objects larger than
@ -281,14 +281,14 @@ DEFINE_GDB_SYMBOL_END (VALMASK)
   emacs_align_type union in alloc.c.
   Although these macros are reasonably portable, they are not
-   guaranteed on non-GCC platforms, as the C standard does not require support
+   guaranteed on non-GCC platforms, as the C standard does not require
-   for alignment to GCALIGNMENT and older compilers may ignore
+   support for alignment to GCALIGNMENT and older compilers may ignore
-   alignment requests.  For any type T where garbage collection
+   alignment requests.  For any type T where garbage collection requires
-   requires alignment, use verify (GCALIGNED (T)) to verify the
+   alignment, use static_assert (GCALIGNED (T)) to verify the
-   requirement on the current platform.  Types need this check if
+   requirement on the current platform.  Types need this check if their
-   their objects can be allocated outside the garbage collector.  For
+   objects can be allocated outside the garbage collector.  For example,
-   example, struct Lisp_Symbol needs the check because of lispsym and
+   struct Lisp_Symbol needs the check because of lispsym and struct
-   struct Lisp_Cons needs it because of STACK_CONS.  */
+   Lisp_Cons needs it because of STACK_CONS.  */
 #define GCALIGNED_UNION_MEMBER char alignas (GCALIGNMENT) gcaligned;
 #if HAVE_STRUCT_ATTRIBUTE_ALIGNED
@ -865,7 +865,7 @@ struct Lisp_Symbol
    GCALIGNED_UNION_MEMBER
  } u;
 };
-verify (GCALIGNED (struct Lisp_Symbol));
+static_assert (GCALIGNED (struct Lisp_Symbol));
 /* Declare a Lisp-callable function.  The MAXARGS parameter has the same
   meaning as in the DEFUN macro, and is used to construct a prototype.  */
@ -1480,7 +1480,7 @@ struct Lisp_Cons
    GCALIGNED_UNION_MEMBER
  } u;
 };
-verify (GCALIGNED (struct Lisp_Cons));
+static_assert (GCALIGNED (struct Lisp_Cons));
 INLINE bool
 (NILP) (Lisp_Object x)
@ -1610,7 +1610,7 @@ struct Lisp_String
    GCALIGNED_UNION_MEMBER
  } u;
 };
-verify (GCALIGNED (struct Lisp_String));
+static_assert (GCALIGNED (struct Lisp_String));
 INLINE bool
 STRINGP (Lisp_Object x)
@ -2025,10 +2025,11 @@ gc_aset (Lisp_Object array, ptrdiff_t idx, Lisp_Object val)
 }
 /* True, since Qnil's representation is zero.  Every place in the code
-   that assumes Qnil is zero should verify (NIL_IS_ZERO), to make it easy
+   that assumes Qnil is zero should static_assert (NIL_IS_ZERO), to make
-   to find such assumptions later if we change Qnil to be nonzero.
+   it easy to find such assumptions later if we change Qnil to be
-   Test iQnil and Lisp_Symbol instead of Qnil directly, since the latter
+   nonzero.  Test iQnil and Lisp_Symbol instead of Qnil directly, since
-   is not suitable for use in an integer constant expression.  */
+   the latter is not suitable for use in an integer constant
   expression.  */
 enum { NIL_IS_ZERO = iQnil == 0 && Lisp_Symbol == 0 };
 /* Clear the object addressed by P, with size NBYTES, so that all its
@ -2037,7 +2038,7 @@ INLINE void
 memclear (void *p, ptrdiff_t nbytes)
 {
  eassert (0 <= nbytes);
-  verify (NIL_IS_ZERO);
+  static_assert (NIL_IS_ZERO);
  /* Since Qnil is zero, memset suffices.  */
  memset (p, 0, nbytes);
 }
@ -2240,7 +2241,7 @@ union Aligned_Lisp_Subr
    struct Lisp_Subr s;
    GCALIGNED_UNION_MEMBER
  };
-verify (GCALIGNED (union Aligned_Lisp_Subr));
+static_assert (GCALIGNED (union Aligned_Lisp_Subr));
 INLINE bool
 SUBRP (Lisp_Object a)
@ -2281,11 +2282,11 @@ enum char_table_specials
  };
 /* Sanity-check pseudovector layout.  */
-verify (offsetof (struct Lisp_Char_Table, defalt) == header_size);
+static_assert (offsetof (struct Lisp_Char_Table, defalt) == header_size);
-verify (offsetof (struct Lisp_Char_Table, extras)
+static_assert (offsetof (struct Lisp_Char_Table, extras)
-	== header_size + CHAR_TABLE_STANDARD_SLOTS * sizeof (Lisp_Object));
+	       == header_size + CHAR_TABLE_STANDARD_SLOTS * sizeof (Lisp_Object));
-verify (offsetof (struct Lisp_Sub_Char_Table, contents)
+static_assert (offsetof (struct Lisp_Sub_Char_Table, contents)
-	== header_size + SUB_CHAR_TABLE_OFFSET * sizeof (Lisp_Object));
+	       == header_size + SUB_CHAR_TABLE_OFFSET * sizeof (Lisp_Object));
 /* Return the number of "extra" slots in the char table CT.  */
@ -2819,7 +2820,7 @@ SXHASH_REDUCE (EMACS_UINT x)
 INLINE hash_hash_t
 reduce_emacs_uint_to_hash_hash (EMACS_UINT x)
 {
-  verify (sizeof x <= 2 * sizeof (hash_hash_t));
+  static_assert (sizeof x <= 2 * sizeof (hash_hash_t));
  return (sizeof x == sizeof (hash_hash_t)
 	  ? x
 	  : x ^ (x >> (8 * (sizeof x - sizeof (hash_hash_t)))));
@ -3214,7 +3215,7 @@ struct Lisp_Float
      GCALIGNED_UNION_MEMBER
    } u;
  };
-verify (GCALIGNED (struct Lisp_Float));
+static_assert (GCALIGNED (struct Lisp_Float));
 INLINE bool
 (FLOATP) (Lisp_Object x)
@ -4201,7 +4202,7 @@ modiff_incr (modiff_count *a, ptrdiff_t len)
  /* Increase the counter more for a large modification and less for a
     small modification.  Increase it logarithmically to avoid
     increasing it too much.  */
-  verify (PTRDIFF_MAX <= ULLONG_MAX);
+  static_assert (PTRDIFF_MAX <= ULLONG_MAX);
  int incr = len == 0 ? 1 : elogb (len) + 1;
  bool modiff_overflow = ckd_add (a, a0, incr);
  eassert (!modiff_overflow && *a >> 30 >> 30 == 0);
@ -4346,7 +4347,7 @@ extern void tim_sort (Lisp_Object, Lisp_Object, Lisp_Object *, const ptrdiff_t,
  ARG_NONNULL ((3));
 /* Defined in floatfns.c.  */
-verify (FLT_RADIX == 2 || FLT_RADIX == 16);
+static_assert (FLT_RADIX == 2 || FLT_RADIX == 16);
 enum { LOG2_FLT_RADIX = FLT_RADIX == 2 ? 1 : 4 };
 int double_integer_scale (double);
 #ifndef HAVE_TRUNC
--- a/src/lread.c
+++ b/src/lread.c
@ -3649,7 +3649,7 @@ skip_lazy_string (Lisp_Object readcharfun)
 	 and record where in the file it comes from.  */
      /* First exchange the two saved_strings.  */
-      verify (ARRAYELTS (saved_strings) == 2);
+      static_assert (ARRAYELTS (saved_strings) == 2);
      struct saved_string t = saved_strings[0];
      saved_strings[0] = saved_strings[1];
      saved_strings[1] = t;
--- a/src/nsgui.h
+++ b/src/nsgui.h
@ -29,8 +29,6 @@ along with GNU Emacs.  If not, see <https://www.gnu.org/licenses/>.  */
 #define Cursor FooFoo
 #endif  /* NS_IMPL_COCOA */
 #undef verify
 #import <AppKit/AppKit.h>
 #ifdef NS_IMPL_COCOA
@ -44,10 +42,6 @@ along with GNU Emacs.  If not, see <https://www.gnu.org/licenses/>.  */
 #endif /* __OBJC__ */
 #undef verify
 #undef _GL_VERIFY_H
 #include <verify.h>
 /* Emulate XCharStruct.  */
 typedef struct _XCharStruct
 {
--- a/src/pdumper.c
+++ b/src/pdumper.c
@ -99,11 +99,11 @@ along with GNU Emacs.  If not, see <https://www.gnu.org/licenses/>.  */
   are the same size and have the same layout, and where bytes have
   eight bits --- that is, a general-purpose computer made after 1990.
   Also require Lisp_Object to be at least as wide as pointers.  */
-verify (sizeof (ptrdiff_t) == sizeof (void *));
+static_assert (sizeof (ptrdiff_t) == sizeof (void *));
-verify (sizeof (intptr_t) == sizeof (ptrdiff_t));
+static_assert (sizeof (intptr_t) == sizeof (ptrdiff_t));
-verify (sizeof (void (*) (void)) == sizeof (void *));
+static_assert (sizeof (void (*) (void)) == sizeof (void *));
-verify (sizeof (ptrdiff_t) <= sizeof (Lisp_Object));
+static_assert (sizeof (ptrdiff_t) <= sizeof (Lisp_Object));
-verify (sizeof (ptrdiff_t) <= sizeof (EMACS_INT));
+static_assert (sizeof (ptrdiff_t) <= sizeof (EMACS_INT));
 static size_t
 divide_round_up (size_t x, size_t y)
@ -276,15 +276,15 @@ enum
   DUMP_RELOC_OFFSET_BITS = DUMP_OFF_WIDTH - DUMP_RELOC_TYPE_BITS
  };
-verify (RELOC_DUMP_TO_EMACS_LV + 8 < (1 << DUMP_RELOC_TYPE_BITS));
+static_assert (RELOC_DUMP_TO_EMACS_LV + 8 < (1 << DUMP_RELOC_TYPE_BITS));
-verify (DUMP_ALIGNMENT >= GCALIGNMENT);
+static_assert (DUMP_ALIGNMENT >= GCALIGNMENT);
 struct dump_reloc
 {
  unsigned int raw_offset : DUMP_RELOC_OFFSET_BITS;
  ENUM_BF (dump_reloc_type) type : DUMP_RELOC_TYPE_BITS;
 };
-verify (sizeof (struct dump_reloc) == sizeof (dump_off));
+static_assert (sizeof (struct dump_reloc) == sizeof (dump_off));
 /* Set the type of a dump relocation.
@ -2244,7 +2244,7 @@ dump_bignum (struct dump_context *ctx, Lisp_Object object)
 #endif
  const struct Lisp_Bignum *bignum = XBIGNUM (object);
  START_DUMP_PVEC (ctx, &bignum->header, struct Lisp_Bignum, out);
-  verify (sizeof (out->value) >= sizeof (struct bignum_reload_info));
+  static_assert (sizeof (out->value) >= sizeof (struct bignum_reload_info));
  dump_field_fixup_later (ctx, out, bignum, xbignum_val (object));
  dump_off bignum_offset = finish_dump_pvec (ctx, &out->header);
  if (ctx->flags.dump_object_contents)
@ -4248,11 +4248,11 @@ types.  */)
                        O_RDWR | O_TRUNC | O_CREAT, 0666);
  if (ctx->fd < 0)
    report_file_error ("Opening dump output", filename);
-  verify (sizeof (ctx->header.magic) == sizeof (dump_magic));
+  static_assert (sizeof (ctx->header.magic) == sizeof (dump_magic));
  memcpy (&ctx->header.magic, dump_magic, sizeof (dump_magic));
  ctx->header.magic[0] = '!'; /* Note that dump is incomplete.  */
-  verify (sizeof (fingerprint) == sizeof (ctx->header.fingerprint));
+  static_assert (sizeof (fingerprint) == sizeof (ctx->header.fingerprint));
  for (int i = 0; i < sizeof fingerprint; i++)
    ctx->header.fingerprint[i] = fingerprint[i];
@ -5522,7 +5522,7 @@ dump_do_dump_relocation (const uintptr_t dump_base,
      {
        struct Lisp_Bignum *bignum = dump_ptr (dump_base, reloc_offset);
        struct bignum_reload_info reload_info;
-        verify (sizeof (reload_info) <= sizeof (*bignum_val (bignum)));
+	static_assert (sizeof (reload_info) <= sizeof (*bignum_val (bignum)));
        memcpy (&reload_info, bignum_val (bignum), sizeof (reload_info));
        const mp_limb_t *limbs =
          dump_ptr (dump_base, reload_info.data_location);
@ -5713,7 +5713,7 @@ pdumper_load (const char *dump_filename, char *argv0)
    }
  err = PDUMPER_LOAD_VERSION_MISMATCH;
-  verify (sizeof (header->fingerprint) == sizeof (fingerprint));
+  static_assert (sizeof (header->fingerprint) == sizeof (fingerprint));
  unsigned char desired[sizeof fingerprint];
  for (int i = 0; i < sizeof fingerprint; i++)
    desired[i] = fingerprint[i];
--- a/src/process.c
+++ b/src/process.c
@ -95,7 +95,6 @@ static struct rlimit nofile_limit;
 #include <flexmember.h>
 #include <nproc.h>
 #include <sig2str.h>
 #include <verify.h>
 #endif	/* subprocesses */
@ -922,7 +921,7 @@ make_process (Lisp_Object name)
    p->open_fd[i] = -1;
 #ifdef HAVE_GNUTLS
-  verify (GNUTLS_STAGE_EMPTY == 0);
+  static_assert (GNUTLS_STAGE_EMPTY == 0);
  eassert (p->gnutls_initstage == GNUTLS_STAGE_EMPTY);
  eassert (NILP (p->gnutls_boot_parameters));
 #endif
@ -1913,7 +1912,7 @@ usage: (make-process &rest ARGS)  */)
 #ifdef HAVE_GNUTLS
  /* AKA GNUTLS_INITSTAGE(proc).  */
-  verify (GNUTLS_STAGE_EMPTY == 0);
+  static_assert (GNUTLS_STAGE_EMPTY == 0);
  eassert (XPROCESS (proc)->gnutls_initstage == GNUTLS_STAGE_EMPTY);
  eassert (NILP (XPROCESS (proc)->gnutls_cred_type));
 #endif
@ -2143,7 +2142,7 @@ enum
    EXEC_MONITOR_OUTPUT
  };
-verify (PROCESS_OPEN_FDS == EXEC_MONITOR_OUTPUT + 1);
+static_assert (PROCESS_OPEN_FDS == EXEC_MONITOR_OUTPUT + 1);
 static void
 create_process (Lisp_Object process, char **new_argv, Lisp_Object current_dir)
@ -3540,9 +3539,9 @@ connect_network_socket (Lisp_Object proc, Lisp_Object addrinfos,
 		 structures, but the standards don't guarantee that,
 		 so verify it here.  */
 	      struct sockaddr_in6 sa6;
-	      verify ((offsetof (struct sockaddr_in, sin_port)
+	      static_assert ((offsetof (struct sockaddr_in, sin_port)
-		       == offsetof (struct sockaddr_in6, sin6_port))
+			      == offsetof (struct sockaddr_in6, sin6_port))
-		      && sizeof (sa1.sin_port) == sizeof (sa6.sin6_port));
+			     && sizeof (sa1.sin_port) == sizeof (sa6.sin6_port));
 #endif
 	      DECLARE_POINTER_ALIAS (psa1, struct sockaddr, &sa1);
 	      if (getsockname (s, psa1, &len1) == 0)
--- a/src/regex-emacs.c
+++ b/src/regex-emacs.c
@ -1290,7 +1290,7 @@ typedef int regnum_t;
 /* Macros for the compile stack.  */
 typedef long pattern_offset_t;
-verify (LONG_MIN <= -(MAX_BUF_SIZE - 1) && MAX_BUF_SIZE - 1 <= LONG_MAX);
+static_assert (LONG_MIN <= -(MAX_BUF_SIZE - 1) && MAX_BUF_SIZE - 1 <= LONG_MAX);
 typedef struct
 {
--- a/src/sort.c
+++ b/src/sort.c
@ -1113,7 +1113,7 @@ tim_sort (Lisp_Object predicate, Lisp_Object keyfunc,
 	{
 	  /* Fill with valid Lisp values in case a GC occurs before all
 	     keys have been computed.  */
-	  verify (NIL_IS_ZERO);
+	  static_assert (NIL_IS_ZERO);
 	  keys = allocated_keys = xzalloc (length * word_size);
 	}
--- a/src/sysdep.c
+++ b/src/sysdep.c
@ -2248,7 +2248,7 @@ init_random (void)
  /* FIXME: Perhaps getrandom can be used here too?  */
  success = w32_init_random (&v, sizeof v) == 0;
 #else
-  verify (sizeof v <= 256);
+  static_assert (sizeof v <= 256);
  success = getrandom (&v, sizeof v, 0) == sizeof v;
 #endif
@ -2742,16 +2742,16 @@ emacs_fchmodat (int fd, const char *path, mode_t mode, int flags)
 #ifndef SSIZE_MAX
 # define SSIZE_MAX TYPE_MAXIMUM (ssize_t)
 #endif
-verify (MAX_RW_COUNT <= PTRDIFF_MAX);
+static_assert (MAX_RW_COUNT <= PTRDIFF_MAX);
-verify (MAX_RW_COUNT <= SIZE_MAX);
+static_assert (MAX_RW_COUNT <= SIZE_MAX);
-verify (MAX_RW_COUNT <= SSIZE_MAX);
+static_assert (MAX_RW_COUNT <= SSIZE_MAX);
 #ifdef WINDOWSNT
 /* Verify that Emacs read requests cannot cause trouble, even in
   64-bit builds.  The last argument of 'read' is 'unsigned int', and
   the return value's type (see 'sys_read') is 'int'.  */
-verify (MAX_RW_COUNT <= INT_MAX);
+static_assert (MAX_RW_COUNT <= INT_MAX);
-verify (MAX_RW_COUNT <= UINT_MAX);
+static_assert (MAX_RW_COUNT <= UINT_MAX);
 #endif
 /* Read from FD to a buffer BUF with size NBYTE.
--- a/src/thread.c
+++ b/src/thread.c
@ -43,7 +43,7 @@ union aligned_thread_state
  struct thread_state s;
  GCALIGNED_UNION_MEMBER
 };
-verify (GCALIGNED (union aligned_thread_state));
+static_assert (GCALIGNED (union aligned_thread_state));
 static union aligned_thread_state main_thread
  = {{
--- a/src/timefns.c
+++ b/src/timefns.c
@ -105,7 +105,7 @@ trillion_factor (Lisp_Object hz)
      if (!FIXNUM_OVERFLOW_P (TRILLION))
 	return false;
    }
-  verify (TRILLION <= INTMAX_MAX);
+  static_assert (TRILLION <= INTMAX_MAX);
  intmax_t ihz;
  return integer_to_intmax (hz, &ihz) && TRILLION % ihz == 0;
 }
--- a/src/unexelf.c
+++ b/src/unexelf.c
@ -181,10 +181,9 @@ typedef struct {
 /* The code often converts ElfW (Half) values like e_shentsize to ptrdiff_t;
   check that this doesn't lose information.  */
 #include <intprops.h>
-#include <verify.h>
+static_assert ((! TYPE_SIGNED (ElfW (Half))
-verify ((! TYPE_SIGNED (ElfW (Half))
+		|| PTRDIFF_MIN <= TYPE_MINIMUM (ElfW (Half)))
-	 || PTRDIFF_MIN <= TYPE_MINIMUM (ElfW (Half)))
+	       && TYPE_MAXIMUM (ElfW (Half)) <= PTRDIFF_MAX);
 	&& TYPE_MAXIMUM (ElfW (Half)) <= PTRDIFF_MAX);
 #ifdef UNEXELF_DEBUG
 # define DEBUG_LOG(expr) fprintf (stderr, #expr " 0x%"PRIxMAX"\n", \
--- a/src/xterm.c
+++ b/src/xterm.c
@ -15585,7 +15585,7 @@ x_send_scroll_bar_event (Lisp_Object window, enum scroll_bar_part part,
  XClientMessageEvent *ev = &event.xclient;
  struct window *w = XWINDOW (window);
  struct frame *f = XFRAME (w->frame);
-  verify (INTPTR_WIDTH <= 64);
+  static_assert (INTPTR_WIDTH <= 64);
  /* Don't do anything if too many scroll bar events have been
     sent but not received.  */