Open Bug 1046800 Opened 7 years ago Updated 7 years ago
Unreachability macro documentation is confusing (MOZ
_ASSERT _UNREACHABLE and MOZ _MAKE _COMPILER _BELIEVE _IS _UNREACHABLE)
We have: /* * MOZ_ASSUME_UNREACHABLE_MARKER() expands to an expression which states that * it is undefined behavior for execution to reach this point. No guarantees * are made about what will happen if this is reached at runtime. Most code * should use MOZ_MAKE_COMPILER_ASSUME_IS_UNREACHABLE because it has extra * asserts. */ I don't think people should really be using MOZ_ASSUME_UNREACHABLE_MARKER; they probably want MOZ_ASSERT_UNREACHABLE. But if we assume that we were supposed to s/MOZ_ASSUME_UNREACHABLE_MARKER/MOZ_ASSERT_UNREACHABLE/ in the above, then we are led to think that we should be using MOZ_MAKE_COMPILER_ASSUME_IS_UNREACHABLE, whose documentation states: * In Gecko, you probably should not use this macro outside of performance- or * size-critical code, because it's unsafe. If you don't care about code size * or performance, you should probably use MOZ_ASSERT or MOZ_CRASH. From a Gecko hacker's perspective, this documentation is weird, because I was informed MOZ_MAKE_COMPILER_ASSUME_IS_UNREACHABLE had extra asserts. But the documentation explicitly says it's unsafe! And then it points me to MOZ_ASSERT/MOZ_CRASH, which presumably aren't explicit enough for what I want to do. Something needs to be straightened out here.
MOZ_ASSUME_UNREACHABLE_MARKER is an implementation detail of MOZ_MAKE_COMPILER_BELIEVE_IS_UNREACHABLE and should not be called outside of mfbt/Assertions.h. MOZ_MAKE_COMPILER_BELIEVE_IS_UNREACHABLE includes extra asserts in debug builds, but this macro is intended to be an compiler-specific optimization hint. New code should use: * MOZ_ASSERT_UNREACHABLE for code that can safely recover in release builds * MOZ_CRASH for code that can't recover or indicates a major bug * MOZ_MAKE_COMPILER_BELIEVE_IS_UNREACHABLE to invoke compiler-specific optimizations with undefined behavior
Depends on: 990764
Summary: unreachability macro documentation is confusing → Unreachability macro documentation is confusing (MOZ_ASSERT_UNREACHABLE and MOZ_MAKE_COMPILER_BELIEVE_IS_UNREACHABLE)
You need to log in before you can comment on or make changes to this bug.