From fb4c2bcc9195615bca02a73b8feb4aa8e8727074 Mon Sep 17 00:00:00 2001
From: Vito <5780819+Tapanito@users.noreply.github.com>
Date: Thu, 4 Jun 2026 15:43:24 +0200
Subject: [PATCH] refactor: improve assertion macro

---
 include/xrpl/beast/utility/instrumentation.h | 21 +++++++++-----------
 1 file changed, 9 insertions(+), 12 deletions(-)

diff --git a/include/xrpl/beast/utility/instrumentation.h b/include/xrpl/beast/utility/instrumentation.h
index a3b3203c62..c20c42156a 100644
--- a/include/xrpl/beast/utility/instrumentation.h
+++ b/include/xrpl/beast/utility/instrumentation.h
@@ -24,12 +24,7 @@
 #define XRPL_ASSERT_PARTS(cond, function, description, ...) \
     XRPL_ASSERT(cond, function " : " description)
 
-#define XRPL_ASSERT_IF(guard, cond, message) \
-    do                                       \
-    {                                        \
-        if ((guard))                         \
-            XRPL_ASSERT(cond, message);      \
-    } while (false)
+#define XRPL_ASSERT_IF(guard, cond, message) XRPL_ASSERT(!(guard) || (cond), message)
 
 // How to use the instrumentation macros:
 //
@@ -38,12 +33,14 @@
 // * XRPL_ASSERT_PARTS is for convenience, and works like XRPL_ASSERT, but
 //   splits the message param into "function" and "description", then joins
 //   them with " : " before passing to XRPL_ASSERT.
-// * XRPL_ASSERT_IF(guard, cond, message) fires the assertion only when guard
-//   is true (e.g. an amendment is enabled). Equivalent to
-//   `if (guard) XRPL_ASSERT(cond, message)` but safe to use in all statement
-//   contexts. NOTE: do not rely on side effects in guard — in release builds
-//   the assertion body is stripped, and the compiler may optimize away a
-//   side-effect-free guard entirely.
+// * XRPL_ASSERT_IF(guard, cond, message) asserts the implication
+//   `guard => cond`: it can only fail when guard is true (e.g. an amendment
+//   is enabled) and cond is false. Unlike `if (guard) XRPL_ASSERT(...)`, the
+//   assertion site is always evaluated, so the fuzzer registers it
+//   unconditionally; cond itself is short-circuited and only evaluated when
+//   guard is true. NOTE: do not rely on side effects in guard — in release
+//   builds the assertion body is stripped, and the compiler may optimize away
+//   a side-effect-free guard entirely.
 // * ALWAYS if cond must be true _and_ the line must be reached during fuzzing.
 //   Same like `assert` in normal use.
 // * REACHABLE if the line must be reached during fuzzing