On 3/28/2014 4:10 PM, Chris Peterson wrote:
On 3/28/14, 4:05 PM, Benoit Jacob wrote:
>#define MOZ_CRASH_UNREACHABLE() \
> do { \
> MOZ_ASSUME_UNREACHABLE_MARKER(); \
> MOZ_CRASH("MOZ_CRASH_UNREACHABLE"); \
> } while (0)
>
MOZ_ASSUME_UNREACHABLE_MARKER tells the compiler "feel free to
arbitrarily
miscompile this, and anything from that point on in this branch, as
you may
assume that this code is unreachable". So it doesn't really serve any
purpose to add a MOZ_CRASH after a MOZ_ASSUME_UNREACHABLE_MARKER.
I included MOZ_ASSUME_UNREACHABLE_MARKER because that macro is the
compiler-specific "optimize me" intrinsic, which I believe was the
whole point of the original MOZ_ASSUME_UNREACHABLE.
AFAIU, MOZ_ASSUME_UNREACHABLE_MARKER crashes on all Gecko platforms,
but I included MOZ_CRASH to ensure the behavior was consistent for all
platforms.
No, MOZ_ASSUME_UNREACHABLE_MARKER tells the compiler that this code and
everything after it can't be reached, so it need do anything. Clang will
delete the code after this branch and decide to not emit any control
flow. It may crash, but this is in the same vein that reading an
uninitialized variable may crash: it can certainly do a lot of wrong and
potentially exploitable things first.
--
Joshua Cranmer
Thunderbird and DXR developer
Source code archæologist
_______________________________________________
dev-platform mailing list
dev-platform@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-platform
