summaryrefslogtreecommitdiffstats
path: root/mfbt/Assertions.h
diff options
context:
space:
mode:
authorMatt A. Tobin <mattatobin@localhost.localdomain>2018-02-02 04:16:08 -0500
committerMatt A. Tobin <mattatobin@localhost.localdomain>2018-02-02 04:16:08 -0500
commit5f8de423f190bbb79a62f804151bc24824fa32d8 (patch)
tree10027f336435511475e392454359edea8e25895d /mfbt/Assertions.h
parent49ee0794b5d912db1f95dce6eb52d781dc210db5 (diff)
downloadUXP-5f8de423f190bbb79a62f804151bc24824fa32d8.tar
UXP-5f8de423f190bbb79a62f804151bc24824fa32d8.tar.gz
UXP-5f8de423f190bbb79a62f804151bc24824fa32d8.tar.lz
UXP-5f8de423f190bbb79a62f804151bc24824fa32d8.tar.xz
UXP-5f8de423f190bbb79a62f804151bc24824fa32d8.zip
Add m-esr52 at 52.6.0
Diffstat (limited to 'mfbt/Assertions.h')
-rw-r--r--mfbt/Assertions.h637
1 files changed, 637 insertions, 0 deletions
diff --git a/mfbt/Assertions.h b/mfbt/Assertions.h
new file mode 100644
index 000000000..e7b010b7f
--- /dev/null
+++ b/mfbt/Assertions.h
@@ -0,0 +1,637 @@
+/* -*- Mode: C++; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 2 -*- */
+/* vim: set ts=8 sts=2 et sw=2 tw=80: */
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+/* Implementations of runtime and static assertion macros for C and C++. */
+
+#ifndef mozilla_Assertions_h
+#define mozilla_Assertions_h
+
+#if defined(MOZILLA_INTERNAL_API) && defined(__cplusplus)
+#define MOZ_DUMP_ASSERTION_STACK
+#endif
+
+#include "mozilla/Attributes.h"
+#include "mozilla/Compiler.h"
+#include "mozilla/Likely.h"
+#include "mozilla/MacroArgs.h"
+#include "mozilla/StaticAnalysisFunctions.h"
+#include "mozilla/Types.h"
+#ifdef MOZ_DUMP_ASSERTION_STACK
+#include "nsTraceRefcnt.h"
+#endif
+
+#if defined(MOZ_HAS_MOZGLUE) || defined(MOZILLA_INTERNAL_API)
+/*
+ * The crash reason set by MOZ_CRASH_ANNOTATE is consumed by the crash reporter
+ * if present. It is declared here (and defined in Assertions.cpp) to make it
+ * available to all code, even libraries that don't link with the crash reporter
+ * directly.
+ */
+MOZ_BEGIN_EXTERN_C
+extern MFBT_DATA const char* gMozCrashReason;
+MOZ_END_EXTERN_C
+
+static inline void
+AnnotateMozCrashReason(const char* reason)
+{
+ gMozCrashReason = reason;
+}
+# define MOZ_CRASH_ANNOTATE(...) AnnotateMozCrashReason(__VA_ARGS__)
+#else
+# define MOZ_CRASH_ANNOTATE(...) do { /* nothing */ } while (0)
+#endif
+
+#include <stddef.h>
+#include <stdio.h>
+#include <stdlib.h>
+#ifdef WIN32
+ /*
+ * TerminateProcess and GetCurrentProcess are defined in <winbase.h>, which
+ * further depends on <windef.h>. We hardcode these few definitions manually
+ * because those headers clutter the global namespace with a significant
+ * number of undesired macros and symbols.
+ */
+# ifdef __cplusplus
+extern "C" {
+# endif
+__declspec(dllimport) int __stdcall
+TerminateProcess(void* hProcess, unsigned int uExitCode);
+__declspec(dllimport) void* __stdcall GetCurrentProcess(void);
+# ifdef __cplusplus
+}
+# endif
+#else
+# include <signal.h>
+#endif
+#ifdef ANDROID
+# include <android/log.h>
+#endif
+
+/*
+ * MOZ_STATIC_ASSERT may be used to assert a condition *at compile time* in C.
+ * In C++11, static_assert is provided by the compiler to the same effect.
+ * This can be useful when you make certain assumptions about what must hold for
+ * optimal, or even correct, behavior. For example, you might assert that the
+ * size of a struct is a multiple of the target architecture's word size:
+ *
+ * struct S { ... };
+ * // C
+ * MOZ_STATIC_ASSERT(sizeof(S) % sizeof(size_t) == 0,
+ * "S should be a multiple of word size for efficiency");
+ * // C++11
+ * static_assert(sizeof(S) % sizeof(size_t) == 0,
+ * "S should be a multiple of word size for efficiency");
+ *
+ * This macro can be used in any location where both an extern declaration and a
+ * typedef could be used.
+ */
+#ifndef __cplusplus
+ /*
+ * Some of the definitions below create an otherwise-unused typedef. This
+ * triggers compiler warnings with some versions of gcc, so mark the typedefs
+ * as permissibly-unused to disable the warnings.
+ */
+# if defined(__GNUC__)
+# define MOZ_STATIC_ASSERT_UNUSED_ATTRIBUTE __attribute__((unused))
+# else
+# define MOZ_STATIC_ASSERT_UNUSED_ATTRIBUTE /* nothing */
+# endif
+# define MOZ_STATIC_ASSERT_GLUE1(x, y) x##y
+# define MOZ_STATIC_ASSERT_GLUE(x, y) MOZ_STATIC_ASSERT_GLUE1(x, y)
+# if defined(__SUNPRO_CC)
+ /*
+ * The Sun Studio C++ compiler is buggy when declaring, inside a function,
+ * another extern'd function with an array argument whose length contains a
+ * sizeof, triggering the error message "sizeof expression not accepted as
+ * size of array parameter". This bug (6688515, not public yet) would hit
+ * defining moz_static_assert as a function, so we always define an extern
+ * array for Sun Studio.
+ *
+ * We include the line number in the symbol name in a best-effort attempt
+ * to avoid conflicts (see below).
+ */
+# define MOZ_STATIC_ASSERT(cond, reason) \
+ extern char MOZ_STATIC_ASSERT_GLUE(moz_static_assert, __LINE__)[(cond) ? 1 : -1]
+# elif defined(__COUNTER__)
+ /*
+ * If there was no preferred alternative, use a compiler-agnostic version.
+ *
+ * Note that the non-__COUNTER__ version has a bug in C++: it can't be used
+ * in both |extern "C"| and normal C++ in the same translation unit. (Alas
+ * |extern "C"| isn't allowed in a function.) The only affected compiler
+ * we really care about is gcc 4.2. For that compiler and others like it,
+ * we include the line number in the function name to do the best we can to
+ * avoid conflicts. These should be rare: a conflict would require use of
+ * MOZ_STATIC_ASSERT on the same line in separate files in the same
+ * translation unit, *and* the uses would have to be in code with
+ * different linkage, *and* the first observed use must be in C++-linkage
+ * code.
+ */
+# define MOZ_STATIC_ASSERT(cond, reason) \
+ typedef int MOZ_STATIC_ASSERT_GLUE(moz_static_assert, __COUNTER__)[(cond) ? 1 : -1] MOZ_STATIC_ASSERT_UNUSED_ATTRIBUTE
+# else
+# define MOZ_STATIC_ASSERT(cond, reason) \
+ extern void MOZ_STATIC_ASSERT_GLUE(moz_static_assert, __LINE__)(int arg[(cond) ? 1 : -1]) MOZ_STATIC_ASSERT_UNUSED_ATTRIBUTE
+# endif
+
+#define MOZ_STATIC_ASSERT_IF(cond, expr, reason) MOZ_STATIC_ASSERT(!(cond) || (expr), reason)
+#else
+#define MOZ_STATIC_ASSERT_IF(cond, expr, reason) static_assert(!(cond) || (expr), reason)
+#endif
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+/*
+ * Prints |aStr| as an assertion failure (using aFilename and aLine as the
+ * location of the assertion) to the standard debug-output channel.
+ *
+ * Usually you should use MOZ_ASSERT or MOZ_CRASH instead of this method. This
+ * method is primarily for internal use in this header, and only secondarily
+ * for use in implementing release-build assertions.
+ */
+static MOZ_COLD MOZ_ALWAYS_INLINE void
+MOZ_ReportAssertionFailure(const char* aStr, const char* aFilename, int aLine)
+ MOZ_PRETEND_NORETURN_FOR_STATIC_ANALYSIS
+{
+#ifdef ANDROID
+ __android_log_print(ANDROID_LOG_FATAL, "MOZ_Assert",
+ "Assertion failure: %s, at %s:%d\n",
+ aStr, aFilename, aLine);
+#else
+ fprintf(stderr, "Assertion failure: %s, at %s:%d\n", aStr, aFilename, aLine);
+#if defined (MOZ_DUMP_ASSERTION_STACK)
+ nsTraceRefcnt::WalkTheStack(stderr);
+#endif
+ fflush(stderr);
+#endif
+}
+
+static MOZ_COLD MOZ_ALWAYS_INLINE void
+MOZ_ReportCrash(const char* aStr, const char* aFilename, int aLine)
+ MOZ_PRETEND_NORETURN_FOR_STATIC_ANALYSIS
+{
+#ifdef ANDROID
+ __android_log_print(ANDROID_LOG_FATAL, "MOZ_CRASH",
+ "Hit MOZ_CRASH(%s) at %s:%d\n", aStr, aFilename, aLine);
+#else
+ fprintf(stderr, "Hit MOZ_CRASH(%s) at %s:%d\n", aStr, aFilename, aLine);
+#if defined(MOZ_DUMP_ASSERTION_STACK)
+ nsTraceRefcnt::WalkTheStack(stderr);
+#endif
+ fflush(stderr);
+#endif
+}
+
+/**
+ * MOZ_REALLY_CRASH is used in the implementation of MOZ_CRASH(). You should
+ * call MOZ_CRASH instead.
+ */
+#if defined(_MSC_VER)
+ /*
+ * On MSVC use the __debugbreak compiler intrinsic, which produces an inline
+ * (not nested in a system function) breakpoint. This distinctively invokes
+ * Breakpad without requiring system library symbols on all stack-processing
+ * machines, as a nested breakpoint would require.
+ *
+ * We use TerminateProcess with the exit code aborting would generate
+ * because we don't want to invoke atexit handlers, destructors, library
+ * unload handlers, and so on when our process might be in a compromised
+ * state.
+ *
+ * We don't use abort() because it'd cause Windows to annoyingly pop up the
+ * process error dialog multiple times. See bug 345118 and bug 426163.
+ *
+ * We follow TerminateProcess() with a call to MOZ_NoReturn() so that the
+ * compiler doesn't hassle us to provide a return statement after a
+ * MOZ_REALLY_CRASH() call.
+ *
+ * (Technically these are Windows requirements, not MSVC requirements. But
+ * practically you need MSVC for debugging, and we only ship builds created
+ * by MSVC, so doing it this way reduces complexity.)
+ */
+
+__declspec(noreturn) __inline void MOZ_NoReturn() {}
+
+# ifdef __cplusplus
+# define MOZ_REALLY_CRASH(line) \
+ do { \
+ ::__debugbreak(); \
+ *((volatile int*) NULL) = line; \
+ ::TerminateProcess(::GetCurrentProcess(), 3); \
+ ::MOZ_NoReturn(); \
+ } while (0)
+# else
+# define MOZ_REALLY_CRASH(line) \
+ do { \
+ __debugbreak(); \
+ *((volatile int*) NULL) = line; \
+ TerminateProcess(GetCurrentProcess(), 3); \
+ MOZ_NoReturn(); \
+ } while (0)
+# endif
+#else
+# ifdef __cplusplus
+# define MOZ_REALLY_CRASH(line) \
+ do { \
+ *((volatile int*) NULL) = line; \
+ ::abort(); \
+ } while (0)
+# else
+# define MOZ_REALLY_CRASH(line) \
+ do { \
+ *((volatile int*) NULL) = line; \
+ abort(); \
+ } while (0)
+# endif
+#endif
+
+/*
+ * MOZ_CRASH([explanation-string]) crashes the program, plain and simple, in a
+ * Breakpad-compatible way, in both debug and release builds.
+ *
+ * MOZ_CRASH is a good solution for "handling" failure cases when you're
+ * unwilling or unable to handle them more cleanly -- for OOM, for likely memory
+ * corruption, and so on. It's also a good solution if you need safe behavior
+ * in release builds as well as debug builds. But if the failure is one that
+ * should be debugged and fixed, MOZ_ASSERT is generally preferable.
+ *
+ * The optional explanation-string, if provided, must be a string literal
+ * explaining why we're crashing. This argument is intended for use with
+ * MOZ_CRASH() calls whose rationale is non-obvious; don't use it if it's
+ * obvious why we're crashing.
+ *
+ * If we're a DEBUG build and we crash at a MOZ_CRASH which provides an
+ * explanation-string, we print the string to stderr. Otherwise, we don't
+ * print anything; this is because we want MOZ_CRASH to be 100% safe in release
+ * builds, and it's hard to print to stderr safely when memory might have been
+ * corrupted.
+ */
+#ifndef DEBUG
+# define MOZ_CRASH(...) \
+ do { \
+ MOZ_CRASH_ANNOTATE("MOZ_CRASH(" __VA_ARGS__ ")"); \
+ MOZ_REALLY_CRASH(__LINE__); \
+ } while (0)
+#else
+# define MOZ_CRASH(...) \
+ do { \
+ MOZ_ReportCrash("" __VA_ARGS__, __FILE__, __LINE__); \
+ MOZ_CRASH_ANNOTATE("MOZ_CRASH(" __VA_ARGS__ ")"); \
+ MOZ_REALLY_CRASH(__LINE__); \
+ } while (0)
+#endif
+
+/*
+ * MOZ_CRASH_UNSAFE_OOL(explanation-string) can be used if the explanation
+ * string cannot be a string literal (but no other processing needs to be done
+ * on it). A regular MOZ_CRASH() is preferred wherever possible, as passing
+ * arbitrary strings from a potentially compromised process is not without risk.
+ * If the string being passed is the result of a printf-style function,
+ * consider using MOZ_CRASH_UNSAFE_PRINTF instead.
+ */
+#ifndef DEBUG
+MFBT_API MOZ_COLD MOZ_NORETURN MOZ_NEVER_INLINE void
+MOZ_CrashOOL(int aLine, const char* aReason);
+# define MOZ_CRASH_UNSAFE_OOL(reason) MOZ_CrashOOL(__LINE__, reason)
+#else
+MFBT_API MOZ_COLD MOZ_NORETURN MOZ_NEVER_INLINE void
+MOZ_CrashOOL(const char* aFilename, int aLine, const char* aReason);
+# define MOZ_CRASH_UNSAFE_OOL(reason) MOZ_CrashOOL(__FILE__, __LINE__, reason)
+#endif
+
+static const size_t sPrintfMaxArgs = 4;
+static const size_t sPrintfCrashReasonSize = 1024;
+
+#ifndef DEBUG
+MFBT_API MOZ_COLD MOZ_NORETURN MOZ_NEVER_INLINE MOZ_FORMAT_PRINTF(2, 3) void
+MOZ_CrashPrintf(int aLine, const char* aFormat, ...);
+# define MOZ_CALL_CRASH_PRINTF(format, ...) \
+ MOZ_CrashPrintf(__LINE__, format, __VA_ARGS__)
+#else
+MFBT_API MOZ_COLD MOZ_NORETURN MOZ_NEVER_INLINE MOZ_FORMAT_PRINTF(3, 4) void
+MOZ_CrashPrintf(const char* aFilename, int aLine, const char* aFormat, ...);
+# define MOZ_CALL_CRASH_PRINTF(format, ...) \
+ MOZ_CrashPrintf(__FILE__, __LINE__, format, __VA_ARGS__)
+#endif
+
+/*
+ * MOZ_CRASH_UNSAFE_PRINTF(format, arg1 [, args]) can be used when more
+ * information is desired than a string literal can supply. The caller provides
+ * a printf-style format string, which must be a string literal and between
+ * 1 and 4 additional arguments. A regular MOZ_CRASH() is preferred wherever
+ * possible, as passing arbitrary strings to printf from a potentially
+ * compromised process is not without risk.
+ */
+#define MOZ_CRASH_UNSAFE_PRINTF(format, ...) \
+ do { \
+ MOZ_STATIC_ASSERT_VALID_ARG_COUNT(__VA_ARGS__); \
+ static_assert( \
+ MOZ_PASTE_PREFIX_AND_ARG_COUNT(, __VA_ARGS__) <= sPrintfMaxArgs, \
+ "Only up to 4 additional arguments are allowed!"); \
+ static_assert(sizeof(format) <= sPrintfCrashReasonSize, \
+ "The supplied format string is too long!"); \
+ MOZ_CALL_CRASH_PRINTF("" format, __VA_ARGS__); \
+ } while (0)
+
+#ifdef __cplusplus
+} /* extern "C" */
+#endif
+
+/*
+ * MOZ_ASSERT(expr [, explanation-string]) asserts that |expr| must be truthy in
+ * debug builds. If it is, execution continues. Otherwise, an error message
+ * including the expression and the explanation-string (if provided) is printed,
+ * an attempt is made to invoke any existing debugger, and execution halts.
+ * MOZ_ASSERT is fatal: no recovery is possible. Do not assert a condition
+ * which can correctly be falsy.
+ *
+ * The optional explanation-string, if provided, must be a string literal
+ * explaining the assertion. It is intended for use with assertions whose
+ * correctness or rationale is non-obvious, and for assertions where the "real"
+ * condition being tested is best described prosaically. Don't provide an
+ * explanation if it's not actually helpful.
+ *
+ * // No explanation needed: pointer arguments often must not be NULL.
+ * MOZ_ASSERT(arg);
+ *
+ * // An explanation can be helpful to explain exactly how we know an
+ * // assertion is valid.
+ * MOZ_ASSERT(state == WAITING_FOR_RESPONSE,
+ * "given that <thingA> and <thingB>, we must have...");
+ *
+ * // Or it might disambiguate multiple identical (save for their location)
+ * // assertions of the same expression.
+ * MOZ_ASSERT(getSlot(PRIMITIVE_THIS_SLOT).isUndefined(),
+ * "we already set [[PrimitiveThis]] for this Boolean object");
+ * MOZ_ASSERT(getSlot(PRIMITIVE_THIS_SLOT).isUndefined(),
+ * "we already set [[PrimitiveThis]] for this String object");
+ *
+ * MOZ_ASSERT has no effect in non-debug builds. It is designed to catch bugs
+ * *only* during debugging, not "in the field". If you want the latter, use
+ * MOZ_RELEASE_ASSERT, which applies to non-debug builds as well.
+ *
+ * MOZ_DIAGNOSTIC_ASSERT works like MOZ_RELEASE_ASSERT in Nightly/Aurora and
+ * MOZ_ASSERT in Beta/Release - use this when a condition is potentially rare
+ * enough to require real user testing to hit, but is not security-sensitive.
+ * This can cause user pain, so use it sparingly. If a MOZ_DIAGNOSTIC_ASSERT
+ * is firing, it should promptly be converted to a MOZ_ASSERT while the failure
+ * is being investigated, rather than letting users suffer.
+ */
+
+/*
+ * Implement MOZ_VALIDATE_ASSERT_CONDITION_TYPE, which is used to guard against
+ * accidentally passing something unintended in lieu of an assertion condition.
+ */
+
+#ifdef __cplusplus
+# include "mozilla/TypeTraits.h"
+namespace mozilla {
+namespace detail {
+
+template<typename T>
+struct AssertionConditionType
+{
+ typedef typename RemoveReference<T>::Type ValueT;
+ static_assert(!IsArray<ValueT>::value,
+ "Expected boolean assertion condition, got an array or a "
+ "string!");
+ static_assert(!IsFunction<ValueT>::value,
+ "Expected boolean assertion condition, got a function! Did "
+ "you intend to call that function?");
+ static_assert(!IsFloatingPoint<ValueT>::value,
+ "It's often a bad idea to assert that a floating-point number "
+ "is nonzero, because such assertions tend to intermittently "
+ "fail. Shouldn't your code gracefully handle this case instead "
+ "of asserting? Anyway, if you really want to do that, write an "
+ "explicit boolean condition, like !!x or x!=0.");
+
+ static const bool isValid = true;
+};
+
+} // namespace detail
+} // namespace mozilla
+# define MOZ_VALIDATE_ASSERT_CONDITION_TYPE(x) \
+ static_assert(mozilla::detail::AssertionConditionType<decltype(x)>::isValid, \
+ "invalid assertion condition")
+#else
+# define MOZ_VALIDATE_ASSERT_CONDITION_TYPE(x)
+#endif
+
+/* First the single-argument form. */
+#define MOZ_ASSERT_HELPER1(expr) \
+ do { \
+ MOZ_VALIDATE_ASSERT_CONDITION_TYPE(expr); \
+ if (MOZ_UNLIKELY(!MOZ_CHECK_ASSERT_ASSIGNMENT(expr))) { \
+ MOZ_ReportAssertionFailure(#expr, __FILE__, __LINE__); \
+ MOZ_CRASH_ANNOTATE("MOZ_RELEASE_ASSERT(" #expr ")"); \
+ MOZ_REALLY_CRASH(__LINE__); \
+ } \
+ } while (0)
+/* Now the two-argument form. */
+#define MOZ_ASSERT_HELPER2(expr, explain) \
+ do { \
+ MOZ_VALIDATE_ASSERT_CONDITION_TYPE(expr); \
+ if (MOZ_UNLIKELY(!MOZ_CHECK_ASSERT_ASSIGNMENT(expr))) { \
+ MOZ_ReportAssertionFailure(#expr " (" explain ")", __FILE__, __LINE__); \
+ MOZ_CRASH_ANNOTATE("MOZ_RELEASE_ASSERT(" #expr ") (" explain ")"); \
+ MOZ_REALLY_CRASH(__LINE__); \
+ } \
+ } while (0)
+
+#define MOZ_RELEASE_ASSERT_GLUE(a, b) a b
+#define MOZ_RELEASE_ASSERT(...) \
+ MOZ_RELEASE_ASSERT_GLUE( \
+ MOZ_PASTE_PREFIX_AND_ARG_COUNT(MOZ_ASSERT_HELPER, __VA_ARGS__), \
+ (__VA_ARGS__))
+
+#ifdef DEBUG
+# define MOZ_ASSERT(...) MOZ_RELEASE_ASSERT(__VA_ARGS__)
+#else
+# define MOZ_ASSERT(...) do { } while (0)
+#endif /* DEBUG */
+
+#ifdef RELEASE_OR_BETA
+# define MOZ_DIAGNOSTIC_ASSERT MOZ_ASSERT
+#else
+# define MOZ_DIAGNOSTIC_ASSERT MOZ_RELEASE_ASSERT
+#endif
+
+/*
+ * MOZ_ASSERT_IF(cond1, cond2) is equivalent to MOZ_ASSERT(cond2) if cond1 is
+ * true.
+ *
+ * MOZ_ASSERT_IF(isPrime(num), num == 2 || isOdd(num));
+ *
+ * As with MOZ_ASSERT, MOZ_ASSERT_IF has effect only in debug builds. It is
+ * designed to catch bugs during debugging, not "in the field".
+ */
+#ifdef DEBUG
+# define MOZ_ASSERT_IF(cond, expr) \
+ do { \
+ if (cond) { \
+ MOZ_ASSERT(expr); \
+ } \
+ } while (0)
+#else
+# define MOZ_ASSERT_IF(cond, expr) do { } while (0)
+#endif
+
+/*
+ * MOZ_ASSUME_UNREACHABLE_MARKER() expands to an expression which states that
+ * it is undefined behavior for execution to reach this point. No guarantees
+ * are made about what will happen if this is reached at runtime. Most code
+ * should use MOZ_MAKE_COMPILER_ASSUME_IS_UNREACHABLE because it has extra
+ * asserts.
+ */
+#if defined(__clang__) || defined(__GNUC__)
+# define MOZ_ASSUME_UNREACHABLE_MARKER() __builtin_unreachable()
+#elif defined(_MSC_VER)
+# define MOZ_ASSUME_UNREACHABLE_MARKER() __assume(0)
+#else
+# ifdef __cplusplus
+# define MOZ_ASSUME_UNREACHABLE_MARKER() ::abort()
+# else
+# define MOZ_ASSUME_UNREACHABLE_MARKER() abort()
+# endif
+#endif
+
+/*
+ * MOZ_MAKE_COMPILER_ASSUME_IS_UNREACHABLE([reason]) tells the compiler that it
+ * can assume that the macro call cannot be reached during execution. This lets
+ * the compiler generate better-optimized code under some circumstances, at the
+ * expense of the program's behavior being undefined if control reaches the
+ * MOZ_MAKE_COMPILER_ASSUME_IS_UNREACHABLE.
+ *
+ * In Gecko, you probably should not use this macro outside of performance- or
+ * size-critical code, because it's unsafe. If you don't care about code size
+ * or performance, you should probably use MOZ_ASSERT or MOZ_CRASH.
+ *
+ * SpiderMonkey is a different beast, and there it's acceptable to use
+ * MOZ_MAKE_COMPILER_ASSUME_IS_UNREACHABLE more widely.
+ *
+ * Note that MOZ_MAKE_COMPILER_ASSUME_IS_UNREACHABLE is noreturn, so it's valid
+ * not to return a value following a MOZ_MAKE_COMPILER_ASSUME_IS_UNREACHABLE
+ * call.
+ *
+ * Example usage:
+ *
+ * enum ValueType {
+ * VALUE_STRING,
+ * VALUE_INT,
+ * VALUE_FLOAT
+ * };
+ *
+ * int ptrToInt(ValueType type, void* value) {
+ * {
+ * // We know for sure that type is either INT or FLOAT, and we want this
+ * // code to run as quickly as possible.
+ * switch (type) {
+ * case VALUE_INT:
+ * return *(int*) value;
+ * case VALUE_FLOAT:
+ * return (int) *(float*) value;
+ * default:
+ * MOZ_MAKE_COMPILER_ASSUME_IS_UNREACHABLE("Unexpected ValueType");
+ * }
+ * }
+ */
+
+/*
+ * Unconditional assert in debug builds for (assumed) unreachable code paths
+ * that have a safe return without crashing in release builds.
+ */
+#define MOZ_ASSERT_UNREACHABLE(reason) \
+ MOZ_ASSERT(false, "MOZ_ASSERT_UNREACHABLE: " reason)
+
+#define MOZ_MAKE_COMPILER_ASSUME_IS_UNREACHABLE(reason) \
+ do { \
+ MOZ_ASSERT_UNREACHABLE(reason); \
+ MOZ_ASSUME_UNREACHABLE_MARKER(); \
+ } while (0)
+
+/**
+ * MOZ_FALLTHROUGH_ASSERT is an annotation to suppress compiler warnings about
+ * switch cases that MOZ_ASSERT(false) (or its alias MOZ_ASSERT_UNREACHABLE) in
+ * debug builds, but intentionally fall through in release builds to handle
+ * unexpected values.
+ *
+ * Why do we need MOZ_FALLTHROUGH_ASSERT in addition to MOZ_FALLTHROUGH? In
+ * release builds, the MOZ_ASSERT(false) will expand to `do { } while (0)`,
+ * requiring a MOZ_FALLTHROUGH annotation to suppress a -Wimplicit-fallthrough
+ * warning. In debug builds, the MOZ_ASSERT(false) will expand to something like
+ * `if (true) { MOZ_CRASH(); }` and the MOZ_FALLTHROUGH annotation will cause
+ * a -Wunreachable-code warning. The MOZ_FALLTHROUGH_ASSERT macro breaks this
+ * warning stalemate.
+ *
+ * // Example before MOZ_FALLTHROUGH_ASSERT:
+ * switch (foo) {
+ * default:
+ * // This case wants to assert in debug builds, fall through in release.
+ * MOZ_ASSERT(false); // -Wimplicit-fallthrough warning in release builds!
+ * MOZ_FALLTHROUGH; // but -Wunreachable-code warning in debug builds!
+ * case 5:
+ * return 5;
+ * }
+ *
+ * // Example with MOZ_FALLTHROUGH_ASSERT:
+ * switch (foo) {
+ * default:
+ * // This case asserts in debug builds, falls through in release.
+ * MOZ_FALLTHROUGH_ASSERT("Unexpected foo value?!");
+ * case 5:
+ * return 5;
+ * }
+ */
+#ifdef DEBUG
+# define MOZ_FALLTHROUGH_ASSERT(reason) MOZ_CRASH("MOZ_FALLTHROUGH_ASSERT: " reason)
+#else
+# define MOZ_FALLTHROUGH_ASSERT(...) MOZ_FALLTHROUGH
+#endif
+
+/*
+ * MOZ_ALWAYS_TRUE(expr) and MOZ_ALWAYS_FALSE(expr) always evaluate the provided
+ * expression, in debug builds and in release builds both. Then, in debug
+ * builds only, the value of the expression is asserted either true or false
+ * using MOZ_ASSERT.
+ */
+#ifdef DEBUG
+# define MOZ_ALWAYS_TRUE(expr) \
+ do { \
+ if ((expr)) { \
+ /* Do nothing. */ \
+ } else { \
+ MOZ_ASSERT(false, #expr); \
+ } \
+ } while (0)
+# define MOZ_ALWAYS_FALSE(expr) \
+ do { \
+ if ((expr)) { \
+ MOZ_ASSERT(false, #expr); \
+ } else { \
+ /* Do nothing. */ \
+ } \
+ } while (0)
+#else
+# define MOZ_ALWAYS_TRUE(expr) \
+ do { \
+ if ((expr)) { \
+ /* Silence MOZ_MUST_USE. */ \
+ } \
+ } while (0)
+# define MOZ_ALWAYS_FALSE(expr) \
+ do { \
+ if ((expr)) { \
+ /* Silence MOZ_MUST_USE. */ \
+ } \
+ } while (0)
+#endif
+
+#undef MOZ_DUMP_ASSERTION_STACK
+#undef MOZ_CRASH_CRASHREPORT
+
+#endif /* mozilla_Assertions_h */