> #3 from the tldr and #2 from the main post contradict each other, no? I was out to lunch and didn't realize that I was tossing around two macro names. There's only one.
The name we liked was MOZ_ASSUME_UNREACHABLE; MOZ_ASSUME_NOT_REACHED won't exist in a minute, after I push. There's no difference between them. Sorry for the confusion! On Fri, Jun 28, 2013 at 7:07 PM, Kyle Huey <m...@kylehuey.com> wrote: > On Fri, Jun 28, 2013 at 7:04 PM, Justin Lebar <justin.le...@gmail.com> > wrote: >> >> tl;dr - Changes from bug 820686: >> >> 1. We renamed MOZ_NOT_REACHED to MOZ_ASSUME_UNREACHABLE. >> 2. In Gecko, please use MOZ_CRASH instead of MOZ_NOT_REACHED unless you >> care >> about code size or perf. >> 3. In JS, we removed JS_NOT_REACHED in favor of MOZ_ASSUME_UNREACHABLE. >> 4. Don't put code after MOZ_CRASH() or MOZ_ASSUME_UNREACHABLE(); it just >> gives >> a false sense of security. >> >> Dear all, >> >> Assuming bug 820686 sticks, we've made the following changes to the >> MOZ_NOT_REACHED macro. >> >> 1) MOZ_NOT_REACHED is now called MOZ_ASSUME_UNREACHABLE. It still does >> the >> same thing it used to: It informs the compiler that the given line cannot >> be >> reached. If execution does reach that line, the program's behavior is >> undefined. (The program will likely crash, but maybe not.) >> >> 2) JS_NOT_REACHED is now replaced by MOZ_NOT_REACHED. There's no change >> in >> behavior. >> >> 3) In Gecko, we replaced all MOZ_NOT_REACHED's with MOZ_CRASH. This /is/ >> a >> change in behavior: We replaced undefined behavior (whatever the compiler >> felt >> like doing) with defined behavior (a crash). >> >> I hope this change sets a precedent that Gecko hackers should use >> MOZ_ASSUME_UNREACHABLE() only where they care about code size or >> performance. >> In general, I think it's better to have defined behavior, which you can >> get >> with MOZ_CRASH() (crash in all builds) or MOZ_ASSERT(false) (crash in >> debug >> builds only). >> >> For example, the new precedent I hope to set is that we should use >> MOZ_CRASH() >> or MOZ_ASSERT(false) in the default branch of a switch statement, except >> where >> we care about size or perf. Adding in even a small chance of undefined >> behavior when we don't care about size or perf is just a premature >> optimization, IMO. >> >> JS hackers can continue using MOZ_ASSUME_UNREACHABLE as they have been. >> >> 4) We removed code which comes after MOZ_CRASH() AND >> MOZ_ASSUME_UNREACHABLE(). >> Code like >> >> MOZ_ASSUME_UNREACHABLE(); >> return false; >> >> just gives us a false sense of security; there is no guarantee that the >> |return >> false| will be hit. It's not necessary to add a return statement to >> placate >> the compiler; all of the compilers we care about understand that >> MOZ_ASSUME_UNREACHABLE() and MOZ_CRASH() are noreturn. >> >> Happy hacking, >> -Justin >> _______________________________________________ >> dev-platform mailing list >> dev-platform@lists.mozilla.org >> https://lists.mozilla.org/listinfo/dev-platform > > > #3 from the tldr and #2 from the main post contradict each other, no? > > - Kyle _______________________________________________ dev-platform mailing list dev-platform@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-platform
