[grpc][Gpr_To_Absl_Logging] Migrating from gpr to absl logging GPR_ASSERT (#36481)

[grpc][Gpr_To_Absl_Logging] Migrating from gpr to absl logging GPR_ASSERT Replacing GPR_ASSERT with absl CHECK. These changes have been made using string replacement and regex. Will not be replacing all instances of CHECK with CHECK_EQ , CHECK_NE etc because there are too many callsites. Only ones which are doable using very simple regex with least chance of failure will be replaced. Given that we have 5000+ instances of GPR_ASSERT to edit, Doing it manually is too much work for both the author and reviewer. Closes #36481 COPYBARA_INTEGRATE_REVIEW=https://github.com/grpc/grpc/pull/36481 from tanvi-jagtap:tjagtap_src_core_lib_security_credentials cfbb326b34 PiperOrigin-RevId: 629913921
10 months ago · 468bb253f5
parent 07bb602855
commit 468bb253f5
24 changed files with 141 additions and 108 deletions
--- a/2
+++ b/2
@ -2259,6 +2259,7 @@ grpc_cc_library(
    external_deps = [
        "absl/base:core_headers",
        "absl/container:inlined_vector",
+        "absl/log:check",
        "absl/status",
        "absl/status:statusor",
        "absl/strings",
@ -3948,6 +3949,7 @@ grpc_cc_library(
        "//src/core:lib/security/credentials/jwt/jwt_verifier.h",
    ],
    external_deps = [
+        "absl/log:check",
        "absl/status",
        "absl/status:statusor",
        "absl/strings",
--- a/src/core/BUILD
+++ b/src/core/BUILD
@ -3990,6 +3990,7 @@ grpc_cc_library(
        "lib/security/security_connector/ssl/ssl_security_connector.h",
    ],
    external_deps = [
+        "absl/log:check",
        "absl/status",
        "absl/strings",
        "absl/strings:str_format",
@ -4034,6 +4035,7 @@ grpc_cc_library(
        "load_balancing/grpclb/grpclb.h",
    ],
    external_deps = [
+        "absl/log:check",
        "absl/status:statusor",
        "absl/strings",
        "absl/types:optional",
@ -4115,6 +4117,7 @@ grpc_cc_library(
        "absl/base:core_headers",
        "absl/container:inlined_vector",
        "absl/functional:bind_front",
+        "absl/log:check",
        "absl/status",
        "absl/status:statusor",
        "absl/strings",
@ -4166,6 +4169,7 @@ grpc_cc_library(
        "lib/security/credentials/iam/iam_credentials.h",
    ],
    external_deps = [
+        "absl/log:check",
        "absl/status:statusor",
        "absl/strings",
        "absl/strings:str_format",
@ -4199,6 +4203,7 @@ grpc_cc_library(
        "lib/security/credentials/oauth2/oauth2_credentials.h",
    ],
    external_deps = [
+        "absl/log:check",
        "absl/status",
        "absl/status:statusor",
        "absl/strings",
@ -4260,6 +4265,7 @@ grpc_cc_library(
        "lib/security/credentials/external/url_external_account_credentials.h",
    ],
    external_deps = [
+        "absl/log:check",
        "absl/status",
        "absl/status:statusor",
        "absl/strings",
--- a/src/core/lib/security/credentials/composite/composite_credentials.cc
+++ b/src/core/lib/security/credentials/composite/composite_credentials.cc
@ -22,6 +22,7 @@
 #include <memory>
 #include <vector>

+#include "absl/log/check.h"
 #include "absl/strings/str_cat.h"
 #include "absl/strings/str_join.h"

@ -130,9 +131,9 @@ grpc_call_credentials* grpc_composite_call_credentials_create(
      "grpc_composite_call_credentials_create(creds1=%p, creds2=%p, "
      "reserved=%p)",
      3, (creds1, creds2, reserved));
-  GPR_ASSERT(reserved == nullptr);
-  GPR_ASSERT(creds1 != nullptr);
-  GPR_ASSERT(creds2 != nullptr);
+  CHECK_EQ(reserved, nullptr);
+  CHECK_NE(creds1, nullptr);
+  CHECK_NE(creds2, nullptr);

  return composite_call_credentials_create(creds1->Ref(), creds2->Ref())
      .release();
@ -144,7 +145,8 @@ grpc_core::RefCountedPtr<grpc_channel_security_connector>
 grpc_composite_channel_credentials::create_security_connector(
    grpc_core::RefCountedPtr<grpc_call_credentials> call_creds,
    const char* target, grpc_core::ChannelArgs* args) {
-  GPR_ASSERT(inner_creds_ != nullptr && call_creds_ != nullptr);
+  CHECK(inner_creds_ != nullptr);
+  CHECK(call_creds_ != nullptr);
  // If we are passed a call_creds, create a call composite to pass it
  // downstream.
  if (call_creds != nullptr) {
@ -159,8 +161,8 @@ grpc_composite_channel_credentials::create_security_connector(
 grpc_channel_credentials* grpc_composite_channel_credentials_create(
    grpc_channel_credentials* channel_creds, grpc_call_credentials* call_creds,
    void* reserved) {
-  GPR_ASSERT(channel_creds != nullptr && call_creds != nullptr &&
-             reserved == nullptr);
+  CHECK(channel_creds != nullptr && call_creds != nullptr &&
+        reserved == nullptr);
  GRPC_API_TRACE(
      "grpc_composite_channel_credentials_create(channel_creds=%p, "
      "call_creds=%p, reserved=%p)",
--- a/src/core/lib/security/credentials/credentials.cc
+++ b/src/core/lib/security/credentials/credentials.cc
@ -21,6 +21,8 @@
 #include <stdint.h>
 #include <string.h>

+#include "absl/log/check.h"
+
 #include <grpc/support/log.h>
 #include <grpc/support/port_platform.h>

@ -111,7 +113,7 @@ void grpc_server_credentials::set_auth_metadata_processor(

 void grpc_server_credentials_set_auth_metadata_processor(
    grpc_server_credentials* creds, grpc_auth_metadata_processor processor) {
-  GPR_DEBUG_ASSERT(creds != nullptr);
+  DCHECK_NE(creds, nullptr);
  creds->set_auth_metadata_processor(processor);
 }

--- a/src/core/lib/security/credentials/credentials.h
+++ b/src/core/lib/security/credentials/credentials.h
@ -23,6 +23,7 @@
 #include <utility>
 #include <vector>

+#include "absl/log/check.h"
 #include "absl/status/statusor.h"
 #include "absl/strings/string_view.h"

@ -137,7 +138,7 @@ struct grpc_channel_credentials
  // two different `grpc_channel_credentials` objects are used but they compare
  // as equal (assuming other channel args match).
  int cmp(const grpc_channel_credentials* other) const {
-    GPR_ASSERT(other != nullptr);
+    CHECK_NE(other, nullptr);
    int r = type().Compare(other->type());
    if (r != 0) return r;
    return cmp_impl(other);
@ -218,7 +219,7 @@ struct grpc_call_credentials
  // If this method returns 0, it means that gRPC can treat the two call
  // credentials as effectively the same..
  int cmp(const grpc_call_credentials* other) const {
-    GPR_ASSERT(other != nullptr);
+    CHECK_NE(other, nullptr);
    int r = type().Compare(other->type());
    if (r != 0) return r;
    return cmp_impl(other);
--- a/src/core/lib/security/credentials/external/aws_external_account_credentials.cc
+++ b/src/core/lib/security/credentials/external/aws_external_account_credentials.cc
@ -20,6 +20,7 @@
 #include <map>
 #include <utility>

+#include "absl/log/check.h"
 #include "absl/status/status.h"
 #include "absl/status/statusor.h"
 #include "absl/strings/str_cat.h"
@ -228,8 +229,8 @@ void AwsExternalAccountCredentials::OnRetrieveImdsV2SessionTokenInternal(
 void AwsExternalAccountCredentials::AddMetadataRequestHeaders(
    grpc_http_request* request) {
  if (!imdsv2_session_token_.empty()) {
-    GPR_ASSERT(request->hdr_count == 0);
-    GPR_ASSERT(request->hdrs == nullptr);
+    CHECK_EQ(request->hdr_count, 0u);
+    CHECK_EQ(request->hdrs, nullptr);
    grpc_http_header* headers =
        static_cast<grpc_http_header*>(gpr_malloc(sizeof(grpc_http_header)));
    headers[0].key = gpr_strdup("x-aws-ec2-metadata-token");
--- a/src/core/lib/security/credentials/external/external_account_credentials.cc
+++ b/src/core/lib/security/credentials/external/external_account_credentials.cc
@ -22,6 +22,7 @@
 #include <memory>
 #include <utility>

+#include "absl/log/check.h"
 #include "absl/status/status.h"
 #include "absl/status/statusor.h"
 #include "absl/strings/escaping.h"
@ -110,7 +111,7 @@ bool MatchWorkforcePoolAudience(absl::string_view audience) {
 RefCountedPtr<ExternalAccountCredentials> ExternalAccountCredentials::Create(
    const Json& json, std::vector<std::string> scopes,
    grpc_error_handle* error) {
-  GPR_ASSERT(error->ok());
+  CHECK(error->ok());
  Options options;
  options.type = GRPC_AUTH_JSON_TYPE_INVALID;
  if (json.type() != Json::Type::kObject) {
@ -301,7 +302,7 @@ void ExternalAccountCredentials::fetch_oauth2(
    grpc_credentials_metadata_request* metadata_req,
    grpc_polling_entity* pollent, grpc_iomgr_cb_func response_cb,
    Timestamp deadline) {
-  GPR_ASSERT(ctx_ == nullptr);
+  CHECK_EQ(ctx_, nullptr);
  ctx_ = new HTTPRequestContext(pollent, deadline);
  metadata_req_ = metadata_req;
  response_cb_ = response_cb;
@ -381,7 +382,7 @@ void ExternalAccountCredentials::ExchangeToken(
  grpc_http_response_destroy(&ctx_->response);
  ctx_->response = {};
  GRPC_CLOSURE_INIT(&ctx_->closure, OnExchangeToken, this, nullptr);
-  GPR_ASSERT(http_request_ == nullptr);
+  CHECK(http_request_ == nullptr);
  RefCountedPtr<grpc_channel_credentials> http_request_creds;
  if (uri->scheme() == "http") {
    http_request_creds = RefCountedPtr<grpc_channel_credentials>(
@ -483,7 +484,7 @@ void ExternalAccountCredentials::ImpersenateServiceAccount() {
  ctx_->response = {};
  GRPC_CLOSURE_INIT(&ctx_->closure, OnImpersenateServiceAccount, this, nullptr);
  // TODO(ctiller): Use the callers resource quota.
-  GPR_ASSERT(http_request_ == nullptr);
+  CHECK(http_request_ == nullptr);
  RefCountedPtr<grpc_channel_credentials> http_request_creds;
  if (uri->scheme() == "http") {
    http_request_creds = RefCountedPtr<grpc_channel_credentials>(
--- a/src/core/lib/security/credentials/external/url_external_account_credentials.cc
+++ b/src/core/lib/security/credentials/external/url_external_account_credentials.cc
@ -20,6 +20,7 @@
 #include <memory>
 #include <utility>

+#include "absl/log/check.h"
 #include "absl/status/status.h"
 #include "absl/status/statusor.h"
 #include "absl/strings/str_cat.h"
@ -167,7 +168,7 @@ void UrlExternalAccountCredentials::RetrieveSubjectToken(
  grpc_http_response_destroy(&ctx_->response);
  ctx_->response = {};
  GRPC_CLOSURE_INIT(&ctx_->closure, OnRetrieveSubjectToken, this, nullptr);
-  GPR_ASSERT(http_request_ == nullptr);
+  CHECK(http_request_ == nullptr);
  RefCountedPtr<grpc_channel_credentials> http_request_creds;
  if (url_.scheme() == "http") {
    http_request_creds = RefCountedPtr<grpc_channel_credentials>(
--- a/src/core/lib/security/credentials/google_default/google_default_credentials.cc
+++ b/src/core/lib/security/credentials/google_default/google_default_credentials.cc
@ -23,6 +23,7 @@
 #include <memory>
 #include <string>

+#include "absl/log/check.h"
 #include "absl/status/statusor.h"
 #include "absl/strings/match.h"
 #include "absl/strings/string_view.h"
@ -215,7 +216,7 @@ static int is_metadata_server_reachable() {
  auto uri =
      grpc_core::URI::Create("http", GRPC_COMPUTE_ENGINE_DETECTION_HOST, "/",
                             {} /* query params */, "" /* fragment */);
-  GPR_ASSERT(uri.ok());  // params are hardcoded
+  CHECK(uri.ok());  // params are hardcoded
  auto http_request = grpc_core::HttpRequest::Get(
      std::move(*uri), nullptr /* channel args */, &detector.pollent, &request,
      grpc_core::Timestamp::Now() + max_detection_delay,
@ -317,7 +318,7 @@ static grpc_error_handle create_default_creds_from_path(
  result = grpc_core::ExternalAccountCredentials::Create(json, {}, &error);

 end:
-  GPR_ASSERT((result == nullptr) + (error.ok()) == 1);
+  CHECK((result == nullptr) + (error.ok()) == 1);
  *creds = result;
  return error;
 }
@ -395,7 +396,7 @@ grpc_channel_credentials* grpc_google_default_credentials_create(
    // Create google default credentials.
    grpc_channel_credentials* ssl_creds =
        grpc_ssl_credentials_create(nullptr, nullptr, nullptr, nullptr);
-    GPR_ASSERT(ssl_creds != nullptr);
+    CHECK_NE(ssl_creds, nullptr);
    grpc_alts_credentials_options* options =
        grpc_alts_credentials_client_options_create();
    grpc_channel_credentials* alts_creds =
@ -407,7 +408,7 @@ grpc_channel_credentials* grpc_google_default_credentials_create(
            grpc_core::RefCountedPtr<grpc_channel_credentials>(ssl_creds));
    result = grpc_composite_channel_credentials_create(
        creds.get(), call_creds.get(), nullptr);
-    GPR_ASSERT(result != nullptr);
+    CHECK_NE(result, nullptr);
  } else {
    gpr_log(GPR_ERROR, "Could not create google default credentials: %s",
            grpc_core::StatusToString(error).c_str());
--- a/src/core/lib/security/credentials/iam/iam_credentials.cc
+++ b/src/core/lib/security/credentials/iam/iam_credentials.cc
@ -23,6 +23,7 @@
 #include <memory>
 #include <utility>

+#include "absl/log/check.h"
 #include "absl/strings/str_format.h"
 #include "absl/strings/string_view.h"

@ -73,9 +74,9 @@ grpc_call_credentials* grpc_google_iam_credentials_create(
      "grpc_iam_credentials_create(token=%s, authority_selector=%s, "
      "reserved=%p)",
      3, (token, authority_selector, reserved));
-  GPR_ASSERT(reserved == nullptr);
-  GPR_ASSERT(token != nullptr);
-  GPR_ASSERT(authority_selector != nullptr);
+  CHECK_EQ(reserved, nullptr);
+  CHECK_NE(token, nullptr);
+  CHECK_NE(authority_selector, nullptr);
  return grpc_core::MakeRefCounted<grpc_google_iam_credentials>(
             token, authority_selector)
      .release();
--- a/src/core/lib/security/credentials/jwt/json_token.cc
+++ b/src/core/lib/security/credentials/jwt/json_token.cc
@ -29,6 +29,7 @@
 #include <openssl/pem.h>
 #include <openssl/rsa.h>

+#include "absl/log/check.h"
 #include "absl/status/status.h"
 #include "absl/status/statusor.h"
 #include "absl/strings/escaping.h"
@ -224,8 +225,8 @@ static char* dot_concat_and_free_strings(char* str1, char* str2) {
  *(current++) = '.';
  memcpy(current, str2, str2_len);
  current += str2_len;
-  GPR_ASSERT(current >= result);
-  GPR_ASSERT((uintptr_t)(current - result) == result_len);
+  CHECK(current >= result);
+  CHECK((uintptr_t)(current - result) == result_len);
  *current = '\0';
  gpr_free(str1);
  gpr_free(str2);
--- a/src/core/lib/security/credentials/jwt/jwt_credentials.cc
+++ b/src/core/lib/security/credentials/jwt/jwt_credentials.cc
@ -24,6 +24,7 @@
 #include <string>
 #include <utility>

+#include "absl/log/check.h"
 #include "absl/status/status.h"
 #include "absl/strings/str_cat.h"

@ -167,7 +168,7 @@ grpc_call_credentials* grpc_service_account_jwt_access_credentials_create(
            static_cast<int>(token_lifetime.clock_type), reserved);
    gpr_free(clean_json);
  }
-  GPR_ASSERT(reserved == nullptr);
+  CHECK_EQ(reserved, nullptr);
  grpc_core::ApplicationCallbackExecCtx callback_exec_ctx;
  grpc_core::ExecCtx exec_ctx;
  return grpc_service_account_jwt_access_credentials_create_from_auth_json_key(
--- a/src/core/lib/security/credentials/jwt/jwt_verifier.cc
+++ b/src/core/lib/security/credentials/jwt/jwt_verifier.cc
@ -41,6 +41,7 @@
 #include <openssl/param_build.h>
 #endif

+#include "absl/log/check.h"
 #include "absl/status/status.h"
 #include "absl/status/statusor.h"
 #include "absl/strings/escaping.h"
@ -313,7 +314,7 @@ grpc_jwt_verifier_status grpc_jwt_claims_check(const grpc_jwt_claims* claims,
  gpr_timespec skewed_now;
  int audience_ok;

-  GPR_ASSERT(claims != nullptr);
+  CHECK_NE(claims, nullptr);

  skewed_now =
      gpr_time_add(gpr_now(GPR_CLOCK_REALTIME), grpc_jwt_verifier_clock_skew);
@ -459,7 +460,7 @@ static EVP_PKEY* extract_pkey_from_x509(const char* x509_str) {
  EVP_PKEY* result = nullptr;
  BIO* bio = BIO_new(BIO_s_mem());
  size_t len = strlen(x509_str);
-  GPR_ASSERT(len < INT_MAX);
+  CHECK_LT(len, static_cast<size_t>(INT_MAX));
  BIO_write(bio, x509_str, static_cast<int>(len));
  x509 = PEM_read_bio_X509(bio, nullptr, nullptr, nullptr);
  if (x509 == nullptr) {
@ -530,8 +531,8 @@ static EVP_PKEY* pkey_from_jwk(const Json& json, const char* kty) {
  BIGNUM* tmp_e = nullptr;
  Json::Object::const_iterator it;

-  GPR_ASSERT(json.type() == Json::Type::kObject);
-  GPR_ASSERT(kty != nullptr);
+  CHECK(json.type() == Json::Type::kObject);
+  CHECK_NE(kty, nullptr);
  if (strcmp(kty, "RSA") != 0) {
    gpr_log(GPR_ERROR, "Unsupported key type %s.", kty);
    goto end;
@ -658,7 +659,7 @@ static int verify_jwt_signature(EVP_PKEY* key, const char* alg,
  const EVP_MD* md = evp_md_from_alg(alg);
  int result = 0;

-  GPR_ASSERT(md != nullptr);  // Checked before.
+  CHECK_NE(md, nullptr);  // Checked before.
  if (md_ctx == nullptr) {
    gpr_log(GPR_ERROR, "Could not create EVP_MD_CTX.");
    goto end;
@ -797,7 +798,7 @@ static email_key_mapping* verifier_get_mapping(grpc_jwt_verifier* v,
 static void verifier_put_mapping(grpc_jwt_verifier* v, const char* email_domain,
                                 const char* key_url_prefix) {
  email_key_mapping* mapping = verifier_get_mapping(v, email_domain);
-  GPR_ASSERT(v->num_mappings < v->allocated_mappings);
+  CHECK(v->num_mappings < v->allocated_mappings);
  if (mapping != nullptr) {
    gpr_free(mapping->key_url_prefix);
    mapping->key_url_prefix = gpr_strdup(key_url_prefix);
@ -806,7 +807,7 @@ static void verifier_put_mapping(grpc_jwt_verifier* v, const char* email_domain,
  v->mappings[v->num_mappings].email_domain = gpr_strdup(email_domain);
  v->mappings[v->num_mappings].key_url_prefix = gpr_strdup(key_url_prefix);
  v->num_mappings++;
-  GPR_ASSERT(v->num_mappings <= v->allocated_mappings);
+  CHECK(v->num_mappings <= v->allocated_mappings);
 }

 // Very non-sophisticated way to detect an email address. Should be good
@ -818,7 +819,7 @@ const char* grpc_jwt_issuer_email_domain(const char* issuer) {
  if (*email_domain == '\0') return nullptr;
  const char* dot = strrchr(email_domain, '.');
  if (dot == nullptr || dot == email_domain) return email_domain;
-  GPR_ASSERT(dot > email_domain);
+  CHECK(dot > email_domain);
  // There may be a subdomain, we just want the domain.
  dot = static_cast<const char*>(
      gpr_memrchr(email_domain, '.', static_cast<size_t>(dot - email_domain)));
@ -839,8 +840,7 @@ static void retrieve_key_and_verify(verifier_cb_ctx* ctx) {
  char* path;
  absl::StatusOr<grpc_core::URI> uri;

-  GPR_ASSERT(ctx != nullptr && ctx->header != nullptr &&
-             ctx->claims != nullptr);
+  CHECK(ctx != nullptr && ctx->header != nullptr && ctx->claims != nullptr);
  iss = ctx->claims->iss;
  if (ctx->header->kid == nullptr) {
    gpr_log(GPR_ERROR, "Missing kid in jose header.");
@ -859,7 +859,7 @@ static void retrieve_key_and_verify(verifier_cb_ctx* ctx) {
  email_domain = grpc_jwt_issuer_email_domain(iss);
  if (email_domain != nullptr) {
    email_key_mapping* mapping;
-    GPR_ASSERT(ctx->verifier != nullptr);
+    CHECK_NE(ctx->verifier, nullptr);
    mapping = verifier_get_mapping(ctx->verifier, email_domain);
    if (mapping == nullptr) {
      gpr_log(GPR_ERROR, "Missing mapping for issuer email.");
@ -926,8 +926,8 @@ void grpc_jwt_verifier_verify(grpc_jwt_verifier* verifier,
  Json json;
  std::string signature_str;

-  GPR_ASSERT(verifier != nullptr && jwt != nullptr && audience != nullptr &&
-             cb != nullptr);
+  CHECK(verifier != nullptr && jwt != nullptr && audience != nullptr &&
+        cb != nullptr);
  dot = strchr(cur, '.');
  if (dot == nullptr) goto error;
  json = parse_json_part_from_jwt(cur, static_cast<size_t>(dot - cur));
--- a/src/core/lib/security/credentials/oauth2/oauth2_credentials.cc
+++ b/src/core/lib/security/credentials/oauth2/oauth2_credentials.cc
@ -27,6 +27,7 @@
 #include <memory>
 #include <vector>

+#include "absl/log/check.h"
 #include "absl/status/status.h"
 #include "absl/strings/str_cat.h"
 #include "absl/strings/str_format.h"
@ -395,7 +396,7 @@ class grpc_compute_engine_token_fetcher_credentials
    auto uri = grpc_core::URI::Create("http", GRPC_COMPUTE_ENGINE_METADATA_HOST,
                                      GRPC_COMPUTE_ENGINE_METADATA_TOKEN_PATH,
                                      {} /* query params */, "" /* fragment */);
-    GPR_ASSERT(uri.ok());  // params are hardcoded
+    CHECK(uri.ok());  // params are hardcoded
    http_request_ = grpc_core::HttpRequest::Get(
        std::move(*uri), nullptr /* channel args */, pollent, &request,
        deadline,
@ -424,7 +425,7 @@ grpc_call_credentials* grpc_google_compute_engine_credentials_create(
    void* reserved) {
  GRPC_API_TRACE("grpc_compute_engine_credentials_create(reserved=%p)", 1,
                 (reserved));
-  GPR_ASSERT(reserved == nullptr);
+  CHECK_EQ(reserved, nullptr);
  return grpc_core::MakeRefCounted<
             grpc_compute_engine_token_fetcher_credentials>()
      .release();
@ -461,7 +462,7 @@ void grpc_google_refresh_token_credentials::fetch_oauth2(
  auto uri = grpc_core::URI::Create("https", GRPC_GOOGLE_OAUTH2_SERVICE_HOST,
                                    GRPC_GOOGLE_OAUTH2_SERVICE_TOKEN_PATH,
                                    {} /* query params */, "" /* fragment */);
-  GPR_ASSERT(uri.ok());  // params are hardcoded
+  CHECK(uri.ok());  // params are hardcoded
  http_request_ = grpc_core::HttpRequest::Post(
      std::move(*uri), nullptr /* channel args */, pollent, &request, deadline,
      GRPC_CLOSURE_INIT(&http_post_cb_closure_, response_cb, metadata_req,
@ -517,7 +518,7 @@ grpc_call_credentials* grpc_google_refresh_token_credentials_create(
            "reserved=%p)",
            create_loggable_refresh_token(&token).c_str(), reserved);
  }
-  GPR_ASSERT(reserved == nullptr);
+  CHECK_EQ(reserved, nullptr);
  return grpc_refresh_token_credentials_create_from_auth_refresh_token(token)
      .release();
 }
@ -700,7 +701,7 @@ absl::StatusOr<URI> ValidateStsCredentialsOptions(

 grpc_call_credentials* grpc_sts_credentials_create(
    const grpc_sts_credentials_options* options, void* reserved) {
-  GPR_ASSERT(reserved == nullptr);
+  CHECK_EQ(reserved, nullptr);
  absl::StatusOr<grpc_core::URI> sts_url =
      grpc_core::ValidateStsCredentialsOptions(options);
  if (!sts_url.ok()) {
@ -747,7 +748,7 @@ grpc_call_credentials* grpc_access_token_credentials_create(
      "grpc_access_token_credentials_create(access_token=<redacted>, "
      "reserved=%p)",
      1, (reserved));
-  GPR_ASSERT(reserved == nullptr);
+  CHECK_EQ(reserved, nullptr);
  return grpc_core::MakeRefCounted<grpc_access_token_credentials>(access_token)
      .release();
 }
--- a/src/core/lib/security/credentials/plugin/plugin_credentials.cc
+++ b/src/core/lib/security/credentials/plugin/plugin_credentials.cc
@ -21,6 +21,7 @@
 #include <atomic>
 #include <memory>

+#include "absl/log/check.h"
 #include "absl/status/status.h"
 #include "absl/strings/str_cat.h"
 #include "absl/strings/string_view.h"
@ -209,6 +210,6 @@ grpc_call_credentials* grpc_metadata_credentials_create_from_plugin(
    grpc_security_level min_security_level, void* reserved) {
  GRPC_API_TRACE("grpc_metadata_credentials_create_from_plugin(reserved=%p)", 1,
                 (reserved));
-  GPR_ASSERT(reserved == nullptr);
+  CHECK_EQ(reserved, nullptr);
  return new grpc_plugin_credentials(plugin, min_security_level);
 }
--- a/src/core/lib/security/credentials/ssl/ssl_credentials.cc
+++ b/src/core/lib/security/credentials/ssl/ssl_credentials.cc
@ -23,6 +23,7 @@
 #include <string>
 #include <utility>

+#include "absl/log/check.h"
 #include "absl/types/optional.h"

 #include <grpc/impl/channel_arg_names.h>
@ -149,8 +150,8 @@ void grpc_ssl_credentials::build_config(
    const grpc_ssl_verify_peer_options* verify_options) {
  config_.pem_root_certs = gpr_strdup(pem_root_certs);
  if (pem_key_cert_pair != nullptr) {
-    GPR_ASSERT(pem_key_cert_pair->private_key != nullptr);
-    GPR_ASSERT(pem_key_cert_pair->cert_chain != nullptr);
+    CHECK_NE(pem_key_cert_pair->private_key, nullptr);
+    CHECK_NE(pem_key_cert_pair->cert_chain, nullptr);
    config_.pem_key_cert_pair = static_cast<tsi_ssl_pem_key_cert_pair*>(
        gpr_zalloc(sizeof(tsi_ssl_pem_key_cert_pair)));
    config_.pem_key_cert_pair->cert_chain =
@ -234,7 +235,7 @@ grpc_channel_credentials* grpc_ssl_credentials_create(
      "verify_options=%p, "
      "reserved=%p)",
      4, (pem_root_certs, pem_key_cert_pair, verify_options, reserved));
-  GPR_ASSERT(reserved == nullptr);
+  CHECK_EQ(reserved, nullptr);

  return new grpc_ssl_credentials(
      pem_root_certs, pem_key_cert_pair,
@ -250,7 +251,7 @@ grpc_channel_credentials* grpc_ssl_credentials_create_ex(
      "verify_options=%p, "
      "reserved=%p)",
      4, (pem_root_certs, pem_key_cert_pair, verify_options, reserved));
-  GPR_ASSERT(reserved == nullptr);
+  CHECK_EQ(reserved, nullptr);

  return new grpc_ssl_credentials(pem_root_certs, pem_key_cert_pair,
                                  verify_options);
@ -300,13 +301,13 @@ tsi_ssl_pem_key_cert_pair* grpc_convert_grpc_to_tsi_cert_pairs(
    size_t num_key_cert_pairs) {
  tsi_ssl_pem_key_cert_pair* tsi_pairs = nullptr;
  if (num_key_cert_pairs > 0) {
-    GPR_ASSERT(pem_key_cert_pairs != nullptr);
+    CHECK_NE(pem_key_cert_pairs, nullptr);
    tsi_pairs = static_cast<tsi_ssl_pem_key_cert_pair*>(
        gpr_zalloc(num_key_cert_pairs * sizeof(tsi_ssl_pem_key_cert_pair)));
  }
  for (size_t i = 0; i < num_key_cert_pairs; i++) {
-    GPR_ASSERT(pem_key_cert_pairs[i].private_key != nullptr);
-    GPR_ASSERT(pem_key_cert_pairs[i].cert_chain != nullptr);
+    CHECK_NE(pem_key_cert_pairs[i].private_key, nullptr);
+    CHECK_NE(pem_key_cert_pairs[i].cert_chain, nullptr);
    tsi_pairs[i].cert_chain = gpr_strdup(pem_key_cert_pairs[i].cert_chain);
    tsi_pairs[i].private_key = gpr_strdup(pem_key_cert_pairs[i].private_key);
  }
@ -343,14 +344,14 @@ grpc_ssl_server_certificate_config* grpc_ssl_server_certificate_config_create(
          gpr_zalloc(sizeof(grpc_ssl_server_certificate_config)));
  config->pem_root_certs = gpr_strdup(pem_root_certs);
  if (num_key_cert_pairs > 0) {
-    GPR_ASSERT(pem_key_cert_pairs != nullptr);
+    CHECK_NE(pem_key_cert_pairs, nullptr);
    config->pem_key_cert_pairs = static_cast<grpc_ssl_pem_key_cert_pair*>(
        gpr_zalloc(num_key_cert_pairs * sizeof(grpc_ssl_pem_key_cert_pair)));
  }
  config->num_key_cert_pairs = num_key_cert_pairs;
  for (size_t i = 0; i < num_key_cert_pairs; i++) {
-    GPR_ASSERT(pem_key_cert_pairs[i].private_key != nullptr);
-    GPR_ASSERT(pem_key_cert_pairs[i].cert_chain != nullptr);
+    CHECK_NE(pem_key_cert_pairs[i].private_key, nullptr);
+    CHECK_NE(pem_key_cert_pairs[i].cert_chain, nullptr);
    config->pem_key_cert_pairs[i].cert_chain =
        gpr_strdup(pem_key_cert_pairs[i].cert_chain);
    config->pem_key_cert_pairs[i].private_key =
@ -435,7 +436,7 @@ grpc_server_credentials* grpc_ssl_server_credentials_create_ex(
      5,
      (pem_root_certs, pem_key_cert_pairs, (unsigned long)num_key_cert_pairs,
       client_certificate_request, reserved));
-  GPR_ASSERT(reserved == nullptr);
+  CHECK_EQ(reserved, nullptr);

  grpc_ssl_server_certificate_config* cert_config =
      grpc_ssl_server_certificate_config_create(
--- a/src/core/lib/security/credentials/ssl/ssl_credentials.h
+++ b/src/core/lib/security/credentials/ssl/ssl_credentials.h
@ -20,6 +20,8 @@

 #include <stddef.h>

+#include "absl/log/check.h"
+
 #include <grpc/credentials.h>
 #include <grpc/grpc.h>
 #include <grpc/grpc_security.h>
@ -116,7 +118,7 @@ class grpc_ssl_server_credentials final : public grpc_server_credentials {

  grpc_ssl_certificate_config_reload_status FetchCertConfig(
      grpc_ssl_server_certificate_config** config) {
-    GPR_DEBUG_ASSERT(has_cert_config_fetcher());
+    DCHECK(has_cert_config_fetcher());
    return certificate_config_fetcher_.cb(certificate_config_fetcher_.user_data,
                                          config);
  }
--- a/src/core/lib/security/credentials/tls/grpc_tls_certificate_distributor.cc
+++ b/src/core/lib/security/credentials/tls/grpc_tls_certificate_distributor.cc
@ -16,6 +16,7 @@

 #include "src/core/lib/security/credentials/tls/grpc_tls_certificate_distributor.h"

+#include "absl/log/check.h"
 #include "absl/status/status.h"

 #include <grpc/credentials.h>
@ -26,17 +27,17 @@
 void grpc_tls_certificate_distributor::SetKeyMaterials(
    const std::string& cert_name, absl::optional<std::string> pem_root_certs,
    absl::optional<grpc_core::PemKeyCertPairList> pem_key_cert_pairs) {
-  GPR_ASSERT(pem_root_certs.has_value() || pem_key_cert_pairs.has_value());
+  CHECK(pem_root_certs.has_value() || pem_key_cert_pairs.has_value());
  grpc_core::MutexLock lock(&mu_);
  auto& cert_info = certificate_info_map_[cert_name];
  if (pem_root_certs.has_value()) {
    // Successful credential updates will clear any pre-existing error.
    cert_info.SetRootError(absl::OkStatus());
    for (auto* watcher_ptr : cert_info.root_cert_watchers) {
-      GPR_ASSERT(watcher_ptr != nullptr);
+      CHECK_NE(watcher_ptr, nullptr);
      const auto watcher_it = watchers_.find(watcher_ptr);
-      GPR_ASSERT(watcher_it != watchers_.end());
-      GPR_ASSERT(watcher_it->second.root_cert_name.has_value());
+      CHECK(watcher_it != watchers_.end());
+      CHECK(watcher_it->second.root_cert_name.has_value());
      absl::optional<grpc_core::PemKeyCertPairList>
          pem_key_cert_pairs_to_report;
      if (pem_key_cert_pairs.has_value() &&
@ -58,10 +59,10 @@ void grpc_tls_certificate_distributor::SetKeyMaterials(
    // Successful credential updates will clear any pre-existing error.
    cert_info.SetIdentityError(absl::OkStatus());
    for (const auto watcher_ptr : cert_info.identity_cert_watchers) {
-      GPR_ASSERT(watcher_ptr != nullptr);
+      CHECK_NE(watcher_ptr, nullptr);
      const auto watcher_it = watchers_.find(watcher_ptr);
-      GPR_ASSERT(watcher_it != watchers_.end());
-      GPR_ASSERT(watcher_it->second.identity_cert_name.has_value());
+      CHECK(watcher_it != watchers_.end());
+      CHECK(watcher_it->second.identity_cert_name.has_value());
      absl::optional<absl::string_view> pem_root_certs_to_report;
      if (pem_root_certs.has_value() &&
          watcher_it->second.root_cert_name == cert_name) {
@ -102,14 +103,14 @@ void grpc_tls_certificate_distributor::SetErrorForCert(
    const std::string& cert_name,
    absl::optional<grpc_error_handle> root_cert_error,
    absl::optional<grpc_error_handle> identity_cert_error) {
-  GPR_ASSERT(root_cert_error.has_value() || identity_cert_error.has_value());
+  CHECK(root_cert_error.has_value() || identity_cert_error.has_value());
  grpc_core::MutexLock lock(&mu_);
  CertificateInfo& cert_info = certificate_info_map_[cert_name];
  if (root_cert_error.has_value()) {
    for (auto* watcher_ptr : cert_info.root_cert_watchers) {
-      GPR_ASSERT(watcher_ptr != nullptr);
+      CHECK_NE(watcher_ptr, nullptr);
      const auto watcher_it = watchers_.find(watcher_ptr);
-      GPR_ASSERT(watcher_it != watchers_.end());
+      CHECK(watcher_it != watchers_.end());
      // identity_cert_error_to_report is the error of the identity cert this
      // watcher is watching, if there is any.
      grpc_error_handle identity_cert_error_to_report;
@ -127,9 +128,9 @@ void grpc_tls_certificate_distributor::SetErrorForCert(
  }
  if (identity_cert_error.has_value()) {
    for (auto* watcher_ptr : cert_info.identity_cert_watchers) {
-      GPR_ASSERT(watcher_ptr != nullptr);
+      CHECK_NE(watcher_ptr, nullptr);
      const auto watcher_it = watchers_.find(watcher_ptr);
-      GPR_ASSERT(watcher_it != watchers_.end());
+      CHECK(watcher_it != watchers_.end());
      // root_cert_error_to_report is the error of the root cert this watcher is
      // watching, if there is any.
      grpc_error_handle root_cert_error_to_report;
@ -150,11 +151,11 @@ void grpc_tls_certificate_distributor::SetErrorForCert(
 };

 void grpc_tls_certificate_distributor::SetError(grpc_error_handle error) {
-  GPR_ASSERT(!error.ok());
+  CHECK(!error.ok());
  grpc_core::MutexLock lock(&mu_);
  for (const auto& watcher : watchers_) {
    const auto watcher_ptr = watcher.first;
-    GPR_ASSERT(watcher_ptr != nullptr);
+    CHECK_NE(watcher_ptr, nullptr);
    const auto& watcher_info = watcher.second;
    watcher_ptr->OnError(
        watcher_info.root_cert_name.has_value() ? error : absl::OkStatus(),
@ -175,16 +176,16 @@ void grpc_tls_certificate_distributor::WatchTlsCertificates(
  bool already_watching_identity_for_root_cert = false;
  bool start_watching_identity_cert = false;
  bool already_watching_root_for_identity_cert = false;
-  GPR_ASSERT(root_cert_name.has_value() || identity_cert_name.has_value());
+  CHECK(root_cert_name.has_value() || identity_cert_name.has_value());
  TlsCertificatesWatcherInterface* watcher_ptr = watcher.get();
-  GPR_ASSERT(watcher_ptr != nullptr);
+  CHECK_NE(watcher_ptr, nullptr);
  // Update watchers_ and certificate_info_map_.
  {
    grpc_core::MutexLock lock(&mu_);
    const auto watcher_it = watchers_.find(watcher_ptr);
    // The caller needs to cancel the watcher first if it wants to re-register
    // the watcher.
-    GPR_ASSERT(watcher_it == watchers_.end());
+    CHECK(watcher_it == watchers_.end());
    watchers_[watcher_ptr] = {std::move(watcher), root_cert_name,
                              identity_cert_name};
    absl::optional<absl::string_view> updated_root_certs;
@ -270,7 +271,7 @@ void grpc_tls_certificate_distributor::CancelTlsCertificatesWatch(
    watchers_.erase(it);
    if (root_cert_name.has_value()) {
      auto it = certificate_info_map_.find(*root_cert_name);
-      GPR_ASSERT(it != certificate_info_map_.end());
+      CHECK(it != certificate_info_map_.end());
      CertificateInfo& cert_info = it->second;
      cert_info.root_cert_watchers.erase(watcher);
      stop_watching_root_cert = cert_info.root_cert_watchers.empty();
@ -282,7 +283,7 @@ void grpc_tls_certificate_distributor::CancelTlsCertificatesWatch(
    }
    if (identity_cert_name.has_value()) {
      auto it = certificate_info_map_.find(*identity_cert_name);
-      GPR_ASSERT(it != certificate_info_map_.end());
+      CHECK(it != certificate_info_map_.end());
      CertificateInfo& cert_info = it->second;
      cert_info.identity_cert_watchers.erase(watcher);
      stop_watching_identity_cert = cert_info.identity_cert_watchers.empty();
@ -326,13 +327,13 @@ grpc_tls_identity_pairs* grpc_tls_identity_pairs_create() {
 void grpc_tls_identity_pairs_add_pair(grpc_tls_identity_pairs* pairs,
                                      const char* private_key,
                                      const char* cert_chain) {
-  GPR_ASSERT(pairs != nullptr);
-  GPR_ASSERT(private_key != nullptr);
-  GPR_ASSERT(cert_chain != nullptr);
+  CHECK_NE(pairs, nullptr);
+  CHECK_NE(private_key, nullptr);
+  CHECK_NE(cert_chain, nullptr);
  pairs->pem_key_cert_pairs.emplace_back(private_key, cert_chain);
 }

 void grpc_tls_identity_pairs_destroy(grpc_tls_identity_pairs* pairs) {
-  GPR_ASSERT(pairs != nullptr);
+  CHECK_NE(pairs, nullptr);
  delete pairs;
 }
--- a/src/core/lib/security/credentials/tls/grpc_tls_certificate_provider.cc
+++ b/src/core/lib/security/credentials/tls/grpc_tls_certificate_provider.cc
@ -23,6 +23,7 @@
 #include <utility>
 #include <vector>

+#include "absl/log/check.h"
 #include "absl/status/status.h"

 #include <grpc/credentials.h>
@ -128,15 +129,15 @@ FileWatcherCertificateProvider::FileWatcherCertificateProvider(
    refresh_interval_sec_ = kMinimumFileWatcherRefreshIntervalSeconds;
  }
  // Private key and identity cert files must be both set or both unset.
-  GPR_ASSERT(private_key_path_.empty() == identity_certificate_path_.empty());
+  CHECK(private_key_path_.empty() == identity_certificate_path_.empty());
  // Must be watching either root or identity certs.
-  GPR_ASSERT(!private_key_path_.empty() || !root_cert_path_.empty());
+  CHECK(!private_key_path_.empty() || !root_cert_path_.empty());
  gpr_event_init(&shutdown_event_);
  ForceUpdate();
  auto thread_lambda = [](void* arg) {
    FileWatcherCertificateProvider* provider =
        static_cast<FileWatcherCertificateProvider*>(arg);
-    GPR_ASSERT(provider != nullptr);
+    CHECK_NE(provider, nullptr);
    while (true) {
      void* value = gpr_event_wait(
          &provider->shutdown_event_,
@ -386,7 +387,7 @@ int64_t FileWatcherCertificateProvider::TestOnlyGetRefreshIntervalSecond()

 grpc_tls_certificate_provider* grpc_tls_certificate_provider_static_data_create(
    const char* root_certificate, grpc_tls_identity_pairs* pem_key_cert_pairs) {
-  GPR_ASSERT(root_certificate != nullptr || pem_key_cert_pairs != nullptr);
+  CHECK(root_certificate != nullptr || pem_key_cert_pairs != nullptr);
  grpc_core::ExecCtx exec_ctx;
  grpc_core::PemKeyCertPairList identity_pairs_core;
  if (pem_key_cert_pairs != nullptr) {
--- a/src/core/lib/security/credentials/tls/grpc_tls_certificate_provider.h
+++ b/src/core/lib/security/credentials/tls/grpc_tls_certificate_provider.h
@ -23,6 +23,7 @@
 #include <string>

 #include "absl/base/thread_annotations.h"
+#include "absl/log/check.h"
 #include "absl/status/statusor.h"
 #include "absl/strings/string_view.h"
 #include "absl/types/optional.h"
@ -65,7 +66,7 @@ struct grpc_tls_certificate_provider
  // be reused when two different `grpc_tls_certificate_provider` objects are
  // used but they compare as equal (assuming other channel args match).
  int Compare(const grpc_tls_certificate_provider* other) const {
-    GPR_ASSERT(other != nullptr);
+    CHECK_NE(other, nullptr);
    int r = type().Compare(other->type());
    if (r != 0) return r;
    return CompareImpl(other);
--- a/src/core/lib/security/credentials/tls/grpc_tls_certificate_verifier.cc
+++ b/src/core/lib/security/credentials/tls/grpc_tls_certificate_verifier.cc
@ -21,6 +21,7 @@
 #include <string>
 #include <utility>

+#include "absl/log/check.h"
 #include "absl/strings/string_view.h"

 #include <grpc/support/alloc.h>
@ -111,7 +112,7 @@ UniqueTypeName NoOpCertificateVerifier::type() const {
 bool HostNameCertificateVerifier::Verify(
    grpc_tls_custom_verification_check_request* request,
    std::function<void(absl::Status)>, absl::Status* sync_status) {
-  GPR_ASSERT(request != nullptr);
+  CHECK_NE(request, nullptr);
  // Extract the target name, and remove its port.
  const char* target_name = request->target_name;
  if (target_name == nullptr) {
--- a/src/core/lib/security/credentials/tls/grpc_tls_certificate_verifier.h
+++ b/src/core/lib/security/credentials/tls/grpc_tls_certificate_verifier.h
@ -21,6 +21,7 @@
 #include <map>

 #include "absl/base/thread_annotations.h"
+#include "absl/log/check.h"
 #include "absl/status/status.h"

 #include <grpc/credentials.h>
@ -58,7 +59,7 @@ struct grpc_tls_certificate_verifier
  // If this method returns 0, it means that gRPC can treat the two certificate
  // verifiers as effectively the same.
  int Compare(const grpc_tls_certificate_verifier* other) const {
-    GPR_ASSERT(other != nullptr);
+    CHECK_NE(other, nullptr);
    int r = type().Compare(other->type());
    if (r != 0) return r;
    return CompareImpl(other);
--- a/src/core/lib/security/credentials/tls/grpc_tls_credentials_options.cc
+++ b/src/core/lib/security/credentials/tls/grpc_tls_credentials_options.cc
@ -20,6 +20,8 @@

 #include <memory>

+#include "absl/log/check.h"
+
 #include <grpc/grpc_crl_provider.h>
 #include <grpc/support/log.h>
 #include <grpc/support/port_platform.h>
@ -39,7 +41,7 @@ grpc_tls_credentials_options* grpc_tls_credentials_options_create() {

 grpc_tls_credentials_options* grpc_tls_credentials_options_copy(
    grpc_tls_credentials_options* options) {
-  GPR_ASSERT(options != nullptr);
+  CHECK_NE(options, nullptr);
  return new grpc_tls_credentials_options(*options);
 }

@ -51,21 +53,21 @@ void grpc_tls_credentials_options_destroy(
 void grpc_tls_credentials_options_set_cert_request_type(
    grpc_tls_credentials_options* options,
    grpc_ssl_client_certificate_request_type type) {
-  GPR_ASSERT(options != nullptr);
+  CHECK_NE(options, nullptr);
  options->set_cert_request_type(type);
 }

 void grpc_tls_credentials_options_set_verify_server_cert(
    grpc_tls_credentials_options* options, int verify_server_cert) {
-  GPR_ASSERT(options != nullptr);
+  CHECK_NE(options, nullptr);
  options->set_verify_server_cert(verify_server_cert);
 }

 void grpc_tls_credentials_options_set_certificate_provider(
    grpc_tls_credentials_options* options,
    grpc_tls_certificate_provider* provider) {
-  GPR_ASSERT(options != nullptr);
-  GPR_ASSERT(provider != nullptr);
+  CHECK_NE(options, nullptr);
+  CHECK_NE(provider, nullptr);
  grpc_core::ExecCtx exec_ctx;
  options->set_certificate_provider(
      provider->Ref(DEBUG_LOCATION, "set_certificate_provider"));
@ -73,45 +75,45 @@ void grpc_tls_credentials_options_set_certificate_provider(

 void grpc_tls_credentials_options_watch_root_certs(
    grpc_tls_credentials_options* options) {
-  GPR_ASSERT(options != nullptr);
+  CHECK_NE(options, nullptr);
  options->set_watch_root_cert(true);
 }

 void grpc_tls_credentials_options_set_root_cert_name(
    grpc_tls_credentials_options* options, const char* root_cert_name) {
-  GPR_ASSERT(options != nullptr);
+  CHECK_NE(options, nullptr);
  options->set_root_cert_name(root_cert_name);
 }

 void grpc_tls_credentials_options_watch_identity_key_cert_pairs(
    grpc_tls_credentials_options* options) {
-  GPR_ASSERT(options != nullptr);
+  CHECK_NE(options, nullptr);
  options->set_watch_identity_pair(true);
 }

 void grpc_tls_credentials_options_set_identity_cert_name(
    grpc_tls_credentials_options* options, const char* identity_cert_name) {
-  GPR_ASSERT(options != nullptr);
+  CHECK_NE(options, nullptr);
  options->set_identity_cert_name(identity_cert_name);
 }

 void grpc_tls_credentials_options_set_certificate_verifier(
    grpc_tls_credentials_options* options,
    grpc_tls_certificate_verifier* verifier) {
-  GPR_ASSERT(options != nullptr);
-  GPR_ASSERT(verifier != nullptr);
+  CHECK_NE(options, nullptr);
+  CHECK_NE(verifier, nullptr);
  options->set_certificate_verifier(verifier->Ref());
 }

 void grpc_tls_credentials_options_set_crl_directory(
    grpc_tls_credentials_options* options, const char* crl_directory) {
-  GPR_ASSERT(options != nullptr);
+  CHECK_NE(options, nullptr);
  options->set_crl_directory(crl_directory);
 }

 void grpc_tls_credentials_options_set_check_call_host(
    grpc_tls_credentials_options* options, int check_call_host) {
-  GPR_ASSERT(options != nullptr);
+  CHECK_NE(options, nullptr);
  options->set_check_call_host(check_call_host);
 }

@ -145,18 +147,18 @@ void grpc_tls_credentials_options_set_send_client_ca_list(
 void grpc_tls_credentials_options_set_crl_provider(
    grpc_tls_credentials_options* options,
    std::shared_ptr<grpc_core::experimental::CrlProvider> provider) {
-  GPR_ASSERT(options != nullptr);
+  CHECK_NE(options, nullptr);
  options->set_crl_provider(provider);
 }

 void grpc_tls_credentials_options_set_min_tls_version(
    grpc_tls_credentials_options* options, grpc_tls_version min_tls_version) {
-  GPR_ASSERT(options != nullptr);
+  CHECK_NE(options, nullptr);
  options->set_min_tls_version(min_tls_version);
 }

 void grpc_tls_credentials_options_set_max_tls_version(
    grpc_tls_credentials_options* options, grpc_tls_version max_tls_version) {
-  GPR_ASSERT(options != nullptr);
+  CHECK_NE(options, nullptr);
  options->set_max_tls_version(max_tls_version);
 }
--- a/src/core/lib/security/credentials/xds/xds_credentials.cc
+++ b/src/core/lib/security/credentials/xds/xds_credentials.cc
@ -18,6 +18,7 @@

 #include "src/core/lib/security/credentials/xds/xds_credentials.h"

+#include "absl/log/check.h"
 #include "absl/types/optional.h"

 #include <grpc/grpc_security_constants.h>
@ -79,7 +80,7 @@ XdsCertificateVerifier::XdsCertificateVerifier(
 bool XdsCertificateVerifier::Verify(
    grpc_tls_custom_verification_check_request* request,
    std::function<void(absl::Status)>, absl::Status* sync_status) {
-  GPR_ASSERT(request != nullptr);
+  CHECK_NE(request, nullptr);
  if (!XdsVerifySubjectAlternativeNames(
          request->peer_info.san_names.uri_names,
          request->peer_info.san_names.uri_names_size,
@ -165,7 +166,7 @@ XdsCredentials::create_security_connector(
                                                        target_name, args);
    }
  }
-  GPR_ASSERT(fallback_credentials_ != nullptr);
+  CHECK(fallback_credentials_ != nullptr);
  return fallback_credentials_->create_security_connector(std::move(call_creds),
                                                          target_name, args);
 }
@ -216,12 +217,12 @@ UniqueTypeName XdsServerCredentials::Type() {

 grpc_channel_credentials* grpc_xds_credentials_create(
    grpc_channel_credentials* fallback_credentials) {
-  GPR_ASSERT(fallback_credentials != nullptr);
+  CHECK_NE(fallback_credentials, nullptr);
  return new grpc_core::XdsCredentials(fallback_credentials->Ref());
 }

 grpc_server_credentials* grpc_xds_server_credentials_create(
    grpc_server_credentials* fallback_credentials) {
-  GPR_ASSERT(fallback_credentials != nullptr);
+  CHECK_NE(fallback_credentials, nullptr);
  return new grpc_core::XdsServerCredentials(fallback_credentials->Ref());
 }