MOZ_NOT_REACHED and JS_NOT_REACHED are now MOZ_ASSUME_UNREACHABLE, and other changes.

Fri, 28 Jun 2013 19:06:06 -0700 

tl;dr - Changes from bug 820686:

 1. We renamed MOZ_NOT_REACHED to MOZ_ASSUME_UNREACHABLE.
 2. In Gecko, please use MOZ_CRASH instead of MOZ_NOT_REACHED unless you care
    about code size or perf.
 3. In JS, we removed JS_NOT_REACHED in favor of MOZ_ASSUME_UNREACHABLE.
 4. Don't put code after MOZ_CRASH() or MOZ_ASSUME_UNREACHABLE(); it just gives
    a false sense of security.

Dear all,

Assuming bug 820686 sticks, we've made the following changes to the
MOZ_NOT_REACHED macro.

1) MOZ_NOT_REACHED is now called MOZ_ASSUME_UNREACHABLE.  It still does the
same thing it used to: It informs the compiler that the given line cannot be
reached.  If execution does reach that line, the program's behavior is
undefined.  (The program will likely crash, but maybe not.)

2) JS_NOT_REACHED is now replaced by MOZ_NOT_REACHED.  There's no change in
behavior.

3) In Gecko, we replaced all MOZ_NOT_REACHED's with MOZ_CRASH.  This /is/ a
change in behavior: We replaced undefined behavior (whatever the compiler felt
like doing) with defined behavior (a crash).

I hope this change sets a precedent that Gecko hackers should use
MOZ_ASSUME_UNREACHABLE() only where they care about code size or performance.
In general, I think it's better to have defined behavior, which you can get
with MOZ_CRASH() (crash in all builds) or MOZ_ASSERT(false) (crash in debug
builds only).

For example, the new precedent I hope to set is that we should use MOZ_CRASH()
or MOZ_ASSERT(false) in the default branch of a switch statement, except where
we care about size or perf.  Adding in even a small chance of undefined
behavior when we don't care about size or perf is just a premature
optimization, IMO.

JS hackers can continue using MOZ_ASSUME_UNREACHABLE as they have been.

4) We removed code which comes after MOZ_CRASH() AND MOZ_ASSUME_UNREACHABLE().
Code like

  MOZ_ASSUME_UNREACHABLE();
  return false;

just gives us a false sense of security; there is no guarantee that the |return
false| will be hit.  It's not necessary to add a return statement to placate
the compiler; all of the compilers we care about understand that
MOZ_ASSUME_UNREACHABLE() and MOZ_CRASH() are noreturn.

Happy hacking,
-Justin
_______________________________________________
dev-platform mailing list
dev-platform@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-platform

Reply via email to