2014-03-31 15:22 GMT-04:00 Chris Peterson <cpeter...@mozilla.com>: > On 3/28/14, 7:03 PM, Joshua Cranmer 🐧 wrote: > >> I included MOZ_ASSUME_UNREACHABLE_MARKER because that macro is the >>> compiler-specific "optimize me" intrinsic, which I believe was the >>> whole point of the original MOZ_ASSUME_UNREACHABLE. >>> >>> AFAIU, MOZ_ASSUME_UNREACHABLE_MARKER crashes on all Gecko platforms, >>> but I included MOZ_CRASH to ensure the behavior was consistent for all >>> platforms. >>> >> >> No, MOZ_ASSUME_UNREACHABLE_MARKER tells the compiler that this code and >> everything after it can't be reached, so it need do anything. Clang will >> delete the code after this branch and decide to not emit any control >> flow. It may crash, but this is in the same vein that reading an >> uninitialized variable may crash: it can certainly do a lot of wrong and >> potentially exploitable things first. >> > > So what is an example of an appropriate use of MOZ_ASSUME_UNREACHABLE in > Gecko today?
That's a very good question to ask at this point! Good examples are examples where 1) it is totally guaranteed that the location is unreachable, and 2) the surrounding code is performance-critical for at least some caller. Example 1: Right *after* (not *before* !) a guaranteed crash in generic code, like this one: http://hg.mozilla.org/mozilla-central/file/df7b26e90378/build/annotationProcessors/CodeGenerator.java#l329 I'm not familiar with this code, but, being in a code generator, I can trust that this might be performance critical, and is really unreachable. Example 2: In the default case of a performance-critical switch statement that we have an excellent reason of thinking is completely unreachable. Example: http://hg.mozilla.org/mozilla-central/file/df7b26e90378/js/src/gc/RootMarking.cpp#l42 Again I'm not familiar with this code, but I can trust that it's performance-critical, and since that function is static to this cpp file, I can trust that the callers of this function are only a few local functions that are aware of the fact that it would be very dangerous to call this function with a bad 'kind' (though I wish that were said in a big scary warning). The UNREACHABLE here would typically allow the compiler to skip checking that 'kind' is in range before implementing this switch statement with a jump-table, so, if this code is performance-critical to the point that the cost of checking that 'kind' is in range is significant, then the UNREACHABLE here is useful. Benoit _______________________________________________ dev-platform mailing list dev-platform@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-platform
