On Fri, Jun 28, 2013 at 7:04 PM, Justin Lebar <justin.le...@gmail.com>wrote:
> tl;dr - Changes from bug 820686: > > 1. We renamed MOZ_NOT_REACHED to MOZ_ASSUME_UNREACHABLE. > 2. In Gecko, please use MOZ_CRASH instead of MOZ_NOT_REACHED unless you > care > about code size or perf. > 3. In JS, we removed JS_NOT_REACHED in favor of MOZ_ASSUME_UNREACHABLE. > 4. Don't put code after MOZ_CRASH() or MOZ_ASSUME_UNREACHABLE(); it just > gives > a false sense of security. > > Dear all, > > Assuming bug 820686 sticks, we've made the following changes to the > MOZ_NOT_REACHED macro. > > 1) MOZ_NOT_REACHED is now called MOZ_ASSUME_UNREACHABLE. It still does the > same thing it used to: It informs the compiler that the given line cannot > be > reached. If execution does reach that line, the program's behavior is > undefined. (The program will likely crash, but maybe not.) > > 2) JS_NOT_REACHED is now replaced by MOZ_NOT_REACHED. There's no change in > behavior. > > 3) In Gecko, we replaced all MOZ_NOT_REACHED's with MOZ_CRASH. This /is/ a > change in behavior: We replaced undefined behavior (whatever the compiler > felt > like doing) with defined behavior (a crash). > > I hope this change sets a precedent that Gecko hackers should use > MOZ_ASSUME_UNREACHABLE() only where they care about code size or > performance. > In general, I think it's better to have defined behavior, which you can get > with MOZ_CRASH() (crash in all builds) or MOZ_ASSERT(false) (crash in debug > builds only). > > For example, the new precedent I hope to set is that we should use > MOZ_CRASH() > or MOZ_ASSERT(false) in the default branch of a switch statement, except > where > we care about size or perf. Adding in even a small chance of undefined > behavior when we don't care about size or perf is just a premature > optimization, IMO. > > JS hackers can continue using MOZ_ASSUME_UNREACHABLE as they have been. > > 4) We removed code which comes after MOZ_CRASH() AND > MOZ_ASSUME_UNREACHABLE(). > Code like > > MOZ_ASSUME_UNREACHABLE(); > return false; > > just gives us a false sense of security; there is no guarantee that the > |return > false| will be hit. It's not necessary to add a return statement to > placate > the compiler; all of the compilers we care about understand that > MOZ_ASSUME_UNREACHABLE() and MOZ_CRASH() are noreturn. > > Happy hacking, > -Justin > _______________________________________________ > dev-platform mailing list > dev-platform@lists.mozilla.org > https://lists.mozilla.org/listinfo/dev-platform > #3 from the tldr and #2 from the main post contradict each other, no? - Kyle _______________________________________________ dev-platform mailing list dev-platform@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-platform
