On 22 Feb 2020, at 20:13, Ian Lepore <i...@freebsd.org> wrote: > > On Sat, 2020-02-22 at 20:01 +0100, Dimitry Andric wrote: ... >> E.g. this is *not* meant as a way to enforce the program to abort at >> runtime, if the supposedly unreachable part is actually reached. >> >> For this purpose, one should use an abort() or panic() function call, >> with such functions being annotated to never return. >> >> -Dimitry >> > > The problem is, people will see usages such as what Kyle did, where the > code truly is unreachable (due to -Werror=switch), and not realizing > that's why it's valid there, they'll assume it's a type of assert- > unreachable and copy it/use it in other places as if that's what it was > for. > > So, IMO, using it should be exceedingly rare and there should be a > comment nearby about why it's valid in that context, or our > __unreachable cover for it should panic on INVARIANTS, as Kyle proposed > in an earlier reply.
It might be better to define our own UNREACHABLE macro, similar to what llvm itself does, roughly something like: __noreturn void internal_unreachable(const char *, const char *, int); #define UNREACHABLE(msg) internal_unreachable(msg, __FILE__, __LINE__) And have the implementation of internal_unreachable() log the file, line and message, then abort or panic in some appropriate way. -Dimitry
signature.asc
Description: Message signed with OpenPGP