[Mesa-dev] [PATCH] mesa: Define helper function to get the number of texture layers.

Francisco Jerez currojerez at riseup.net
Tue Dec 10 14:27:45 PST 2013 

Brian Paul <brianp at vmware.com> writes:

> On 12/10/2013 11:06 AM, Francisco Jerez wrote:
>> Paul Berry <stereotype441 at gmail.com> writes:
>>
>>> On 10 December 2013 08:42, Francisco Jerez <currojerez at riseup.net> wrote:
>>>
>>>> Brian Paul <brianp at vmware.com> writes:
>>>>
>>>>> On 12/07/2013 06:17 PM, Francisco Jerez wrote:
>>>>>> [...]
>>>>>> +   default:
>>>>>> +      unreachable();
>>>>>
>>>>> I think I'd like to see an assertion or _mesa_problem() call to catch
>>>>> unhandled cases if new texture targets are added in the future.
>>>>>
>>>>>
>>>> How about having the unreachable() macro print out an error and abort if
>>>> it's ever reached?  See the attached patch.
>>>>
>>>
>>> I would prefer for us to simply do this:
>>>
>>> assert(!"Unexpected texture target");
>>> unreachable();
>>>
>>> That would have the exact same semantics as your proposed patch (assert in
>>> debug builds, allow compiler optimizations in release builds), and it would
>>> have the added advantage that it's obvious what's going on to someone
>>> reading the code.  With your proposed patch it's not obvious--the reader
>>> has to be aware that Mesa has a non-standard meaning for unreachable().
>>
>> The message adds no additional useful information IMHO, and it's already
>> obvious for anyone reading the code that something marked with
>> unreachable() shouldn't ever be reached -- What else do we have to say?
>> I have the impression that using the assert(!"") idiom before every
>> occurrence of unreachable() just increases the amount of noise in the
>> code and the likelihood of making mistakes.
>>
>> Regardless of what we do in this specific case, I believe that making
>> the unreachable() macro abort is a good thing because it will catch
>> cases where we have forgotten to pair it with an assert call [I have
>> already, a few times], and mistakes like writing 'assert("!...' [see
>> 61143b87c16231a2df0d69324d531503027f9aca].
>>
>> If you would like to include some additional explanation in an
>> unreachable block you can just write a comment, or make unreachable() a
>> variadic macro that prints its (optionally passed) argument to stderr
>> when the unreachable block is executed.
>
>
> I just did a test.  I put unreachable() in a conspicuous place in Mesa 
> and ran glxinfo.  I got a segfault.  And in gdb the stack trace wasn't 
> even correct.
>
That's precisely what I'm attempting to fix with the change I proposed.

> An assert would be much more useful since it tells us the location and 
> we can get a good stack trace in gdb.
>
The unreachable() macro could too.

> The gcc docs for __builtin_unreachable say it's about expressing your 
> intent when doing unconventional flow-control, and possibly suppressing 
> compiler warnings.  It doesn't sounds like a debug check to report when 
> there's unexpected control flow.
>
Yes, it's mainly useful as a way to suppress warnings and allow the
optimizer make assumptions it wouldn't otherwise make because the
program has invariants beyond the inference capabilities of the compiler
[e.g. that the texObj->Target GLenum is one of the texture target
enums].  Say that we want to express one of these invariants using
unreachable(), an invariant which turns out to be wrong, wouldn't it be
a useful debugging aid to have the program print out an error and abort
rather than having undefined behavior?

> I'm more convinced now that we should simply have an assert there rather 
> than unreachable().
>
> Finally, in release builds we generally don't want to crash in these 
> situations.  So IMHO, it's preferable to do something like:
>
I have the feeling that this is an orthogonal question to unreachable()
aborting or not.  I'm not convinced that there's a "sensible" default in
this case, and setting one seems like trying to delay the inevitable to
me.  An invariant of the program has been broken and it's likely that
something will go very wrong sooner or later.  The question boils down
to: do we want undefined behavior now, or later?  I'd rather have it
now, but it seems like a moot question to me...

> switch () {
> case:
>     ...
> default:
>     assert(!"Unexpected switch value");
>     return SENSIBLE_DEFAULT;
> }
>
> -Brian
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 229 bytes
Desc: not available
URL: <http://lists.freedesktop.org/archives/mesa-dev/attachments/20131210/f0607596/attachment-0001.pgp>

More information about the mesa-dev mailing list