svn commit: r358248 - head/sys/vm

[Dimitry Andric]

On 22 Feb 2020, at 20:13, Ian Lepore <ian at freebsd.org> wrote:
> 
> On Sat, 2020-02-22 at 20:01 +0100, Dimitry Andric wrote:
...
>> E.g. this is *not* meant as a way to enforce the program to abort at
>> runtime, if the supposedly unreachable part is actually reached.
>> 
>> For this purpose, one should use an abort() or panic() function call,
>> with such functions being annotated to never return.
>> 
>> -Dimitry
>> 
> 
> The problem is, people will see usages such as what Kyle did, where the
> code truly is unreachable (due to -Werror=switch), and not realizing
> that's why it's valid there, they'll assume it's a type of assert-
> unreachable and copy it/use it in other places as if that's what it was
> for.
> 
> So, IMO, using it should be exceedingly rare and there should be a
> comment nearby about why it's valid in that context, or our
> __unreachable cover for it should panic on INVARIANTS, as Kyle proposed
> in an earlier reply.

It might be better to define our own UNREACHABLE macro, similar to what
llvm itself does, roughly something like:

__noreturn void internal_unreachable(const char *, const char *, int);
#define UNREACHABLE(msg) internal_unreachable(msg, __FILE__, __LINE__)

And have the implementation of internal_unreachable() log the file,
line and message, then abort or panic in some appropriate way.

-Dimitry

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 223 bytes
Desc: Message signed with OpenPGP
URL: <http://lists.freebsd.org/pipermail/svn-src-all/attachments/20200222/c9e1d733/attachment.sig>