MFBT's MOZ_ASSUME_UNREACHABLE macro has been removed. People mistakenly
used it as a debug assertion, but it was actually a compiler
optimization hint that invoked possibly dangerous undefined behavior if
actually hit. For example, Benoit Jacob's detailed tests [1] show that
gcc 4.6 can generate unsafe code such as jump tables without range
checks. See bug 990764 for discussion.
What should I use in place of MOZ_ASSUME_UNREACHABLE?
* Use MOZ_ASSERT_UNREACHABLE for code that can safely recover in release
builds. This debug-only macro is simply a more descriptive name for
MOZ_ASSERT(false).
* Use MOZ_CRASH for code that can't recover or indicates a major bug. If
you would be surprised if a code path was taken, you probably want to
use MOZ_CRASH to learn about it. Be bold! :)
* Use MOZ_MAKE_COMPILER_BELIEVE_IS_UNREACHABLE for (possibly unsafe)
optimization hints to the compiler. If this code is executed, the
program might not crash in testing or the field. You should confirm that
this macro actually improves performance compared to MOZ_CRASH.
chris
[1] https://raw.githubusercontent.com/bjacob/builtin-unreachable-study
_______________________________________________
dev-platform mailing list
dev-platform@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-platform
