On 17/05/2021 21.12, Miguel Ojeda via Liaison wrote:
> On Mon, May 17, 2021 at 7:16 PM Jens Gustedt <jens.gustedt@inria.fr> wrote:
>>
>> I am not sure that `abort` tells anything else than this path of control flow is catastrophic. So yes, for tiny bit of additional sugar with the possible message, but that's it, I think.
>
> It tells the reason why the path is not supposed to be reached.
> Standardizing the most common reasons is a good thing in my view, and
> I appreciate that Rust has things like `unreachable!`,
> `unimplemented!`, `todo!`, `panic!`. All of those end up as a panic,
> but the reason for panicking is different.
This feels like an additional layer on top of a basic abort().
That additional layer might not be provided by the C standard
itself, but by some user library, if so desired.
> Sure, but in terms of the spec it is not the same, and as a user I
> would expect different codegen from an optimizer. That is why I would
> be using an unsafe `unreachable()`, after all.
>
>> But what I meant, was that having a feature that behaves fundamentally different under debugging makes it impossible to debug the feature when it is applied with all of its strength. For me that has much resemblance with a nightmare.
>
> I agree differing behavior is best avoided in general, but having an
> easy way to debug all `unreachable()`s in a program (e.g. running the
> test suite to check nothing hits one of them) seems like a good idea.
That also feels like an additional layer. Maybe
#ifdef NDEBUG
#define assume(b) if (!b) unreachable();
#else
#define assume(b) assert(b)
#endif
would help here, but the basic facility "unreachable" should
still be available regardless.
This approach does not make for a good, portable 'assume' implementation. At least some optimizing compilers will transform
f();
if (!b) unreachable();
g();
... into ...
f();
g();
... without retaining any knowledge that 'b' was assumed to be true. If we want the functionality of assume(b), we shouldn't assume we get it as a side-effect of adding unreachable().
> IIRC, some people argued to have this kind of thing within the C++
> contracts discussions too.
The C++ contracts discussion got reset after C++20.
Jens
_______________________________________________
Liaison mailing list
Liaison@lists.isocpp.org
Subscription: https://lists.isocpp.org/mailman/listinfo.cgi/liaison
Link to this post: http://lists.isocpp.org/liaison/2021/05/0570.php