| blob | 53b2930bf765d36bb4ed06a58a636ac5afb69392 |
1 /* -*- Mode: C++; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 2 -*- */
2 /* vim: set ts=8 sts=2 et sw=2 tw=80: */
3 /* This Source Code Form is subject to the terms of the Mozilla Public
4 * License, v. 2.0. If a copy of the MPL was not distributed with this
5 * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
7 /* Implementations of runtime and static assertion macros for C and C++. */
9 #ifndef mozilla_Assertions_h
10 #define mozilla_Assertions_h
12 #if (defined(MOZ_HAS_MOZGLUE) || defined(MOZILLA_INTERNAL_API)) && \
13 !defined(__wasi__)
14 # define MOZ_DUMP_ASSERTION_STACK
15 #endif
16 #if defined(XP_WIN) && (defined(DEBUG) || defined(FUZZING))
17 # define MOZ_BUFFER_STDERR
18 #endif
20 // It appears that this is sometimes compiled without XP_WIN
21 #if defined(_WIN32)
22 # include <process.h>
23 # define MOZ_GET_PID() _getpid()
24 #elif !defined(__wasi__)
25 # include <unistd.h>
26 # define MOZ_GET_PID() getpid()
27 #else
28 // Prevent compiler warning
29 # define MOZ_GET_PID() -1
30 #endif
39 #ifdef MOZ_DUMP_ASSERTION_STACK
41 #endif
43 /*
44 * The crash reason set by MOZ_CRASH_ANNOTATE is consumed by the crash reporter
45 * if present. It is declared here (and defined in Assertions.cpp) to make it
46 * available to all code, even libraries that don't link with the crash reporter
47 * directly.
48 */
49 MOZ_BEGIN_EXTERN_C
51 MOZ_END_EXTERN_C
53 #if defined(MOZ_HAS_MOZGLUE) || defined(MOZILLA_INTERNAL_API)
56 // See bug 1681846, on 32-bit Android ARM the compiler removes the store to
57 // gMozCrashReason if this barrier is not present.
59 }
60 # define MOZ_CRASH_ANNOTATE(...) AnnotateMozCrashReason(__VA_ARGS__)
61 #else
62 # define MOZ_CRASH_ANNOTATE(...) \
64 } while (false)
65 #endif
67 #include <stddef.h>
68 #include <stdio.h>
69 #include <stdlib.h>
70 #ifdef _MSC_VER
71 /*
72 * TerminateProcess and GetCurrentProcess are defined in <winbase.h>, which
73 * further depends on <windef.h>. We hardcode these few definitions manually
74 * because those headers clutter the global namespace with a significant
75 * number of undesired macros and symbols.
76 */
77 MOZ_BEGIN_EXTERN_C
81 MOZ_END_EXTERN_C
82 #elif defined(__wasi__)
83 /*
84 * On Wasm/WASI platforms, we just call __builtin_trap().
85 */
86 #else
87 # include <signal.h>
88 #endif
89 #ifdef ANDROID
90 # include <android/log.h>
91 #endif
93 MOZ_BEGIN_EXTERN_C
95 #if defined(ANDROID) && defined(MOZ_DUMP_ASSERTION_STACK)
99 }
100 #endif
102 /*
103 * Prints |aStr| as an assertion failure (using aFilename and aLine as the
104 * location of the assertion) to the standard debug-output channel.
105 *
106 * Usually you should use MOZ_ASSERT or MOZ_CRASH instead of this method. This
107 * method is primarily for internal use in this header, and only secondarily
108 * for use in implementing release-build assertions.
109 */
115 #ifdef ANDROID
119 # if defined(MOZ_DUMP_ASSERTION_STACK)
122 # endif
123 #else
124 # if defined(MOZ_BUFFER_STDERR)
129 # else
132 # endif
133 # if defined(MOZ_DUMP_ASSERTION_STACK)
135 # endif
137 #endif
138 }
143 #ifdef ANDROID
147 #else
148 # if defined(MOZ_BUFFER_STDERR)
153 # else
156 # endif
157 # if defined(MOZ_DUMP_ASSERTION_STACK)
159 # endif
161 #endif
162 }
164 /*
165 * MOZ_ASSUME_UNREACHABLE_MARKER() expands to an expression which states that
166 * it is undefined behavior for execution to reach this point. No guarantees
167 * are made about what will happen if this is reached at runtime. Most code
168 * should use MOZ_MAKE_COMPILER_ASSUME_IS_UNREACHABLE because it has extra
169 * asserts.
170 */
171 #if defined(__clang__) || defined(__GNUC__)
172 # define MOZ_ASSUME_UNREACHABLE_MARKER() __builtin_unreachable()
173 #elif defined(_MSC_VER)
174 # define MOZ_ASSUME_UNREACHABLE_MARKER() __assume(0)
175 #else
176 # ifdef __cplusplus
177 # define MOZ_ASSUME_UNREACHABLE_MARKER() ::abort()
178 # else
179 # define MOZ_ASSUME_UNREACHABLE_MARKER() abort()
180 # endif
181 #endif
183 /**
184 * MOZ_REALLY_CRASH is used in the implementation of MOZ_CRASH(). You should
185 * call MOZ_CRASH instead.
186 */
187 #if defined(_MSC_VER)
188 /*
189 * On MSVC use the __debugbreak compiler intrinsic, which produces an inline
190 * (not nested in a system function) breakpoint. This distinctively invokes
191 * Breakpad without requiring system library symbols on all stack-processing
192 * machines, as a nested breakpoint would require.
193 *
194 * We use __LINE__ to prevent the compiler from folding multiple crash sites
195 * together, which would make crash reports hard to understand.
196 *
197 * We use TerminateProcess with the exit code aborting would generate
198 * because we don't want to invoke atexit handlers, destructors, library
199 * unload handlers, and so on when our process might be in a compromised
200 * state.
201 *
202 * We don't use abort() because it'd cause Windows to annoyingly pop up the
203 * process error dialog multiple times. See bug 345118 and bug 426163.
204 *
205 * (Technically these are Windows requirements, not MSVC requirements. But
206 * practically you need MSVC for debugging, and we only ship builds created
207 * by MSVC, so doing it this way reduces complexity.)
208 */
215 }
217 # define MOZ_REALLY_CRASH(line) \
218 do { \
219 __debugbreak(); \
220 MOZ_NoReturn(line); \
221 } while (false)
223 #elif __wasi__
225 # define MOZ_REALLY_CRASH(line) __builtin_trap()
227 #else
229 /*
230 * MOZ_CRASH_WRITE_ADDR is the address to be used when performing a forced
231 * crash. NULL is preferred however if for some reason NULL cannot be used
232 * this makes choosing another value possible.
233 *
234 * In the case of UBSan certain checks, bounds specifically, cause the compiler
235 * to emit the 'ud2' instruction when storing to 0x0. This causes forced
236 * crashes to manifest as ILL (at an arbitrary address) instead of the expected
237 * SEGV at 0x0.
238 */
239 # ifdef MOZ_UBSAN
240 # define MOZ_CRASH_WRITE_ADDR 0x1
241 # else
242 # define MOZ_CRASH_WRITE_ADDR NULL
243 # endif
245 # ifdef __cplusplus
246 # define MOZ_REALLY_CRASH(line) \
247 do { \
249 MOZ_NOMERGE ::abort(); \
250 } while (false)
251 # else
252 # define MOZ_REALLY_CRASH(line) \
253 do { \
255 MOZ_NOMERGE abort(); \
256 } while (false)
257 # endif
258 #endif
260 /*
261 * MOZ_CRASH([explanation-string]) crashes the program, plain and simple, in a
262 * Breakpad-compatible way, in both debug and release builds.
263 *
264 * MOZ_CRASH is a good solution for "handling" failure cases when you're
265 * unwilling or unable to handle them more cleanly -- for OOM, for likely memory
266 * corruption, and so on. It's also a good solution if you need safe behavior
267 * in release builds as well as debug builds. But if the failure is one that
268 * should be debugged and fixed, MOZ_ASSERT is generally preferable.
269 *
270 * The optional explanation-string, if provided, must be a string literal
271 * explaining why we're crashing. This argument is intended for use with
272 * MOZ_CRASH() calls whose rationale is non-obvious; don't use it if it's
273 * obvious why we're crashing.
274 *
275 * If we're a DEBUG build and we crash at a MOZ_CRASH which provides an
276 * explanation-string, we print the string to stderr. Otherwise, we don't
277 * print anything; this is because we want MOZ_CRASH to be 100% safe in release
278 * builds, and it's hard to print to stderr safely when memory might have been
279 * corrupted.
280 */
281 #if !(defined(DEBUG) || defined(FUZZING))
282 # define MOZ_CRASH(...) \
283 do { \
286 MOZ_REALLY_CRASH(__LINE__); \
287 } while (false)
288 #else
289 # define MOZ_CRASH(...) \
290 do { \
294 MOZ_REALLY_CRASH(__LINE__); \
295 } while (false)
296 #endif
298 /*
299 * MOZ_CRASH_UNSAFE(explanation-string) can be used if the explanation string
300 * cannot be a string literal (but no other processing needs to be done on it).
301 * A regular MOZ_CRASH() is preferred wherever possible, as passing arbitrary
302 * strings from a potentially compromised process is not without risk. If the
303 * string being passed is the result of a printf-style function, consider using
304 * MOZ_CRASH_UNSAFE_PRINTF instead.
305 *
306 * @note This macro causes data collection because crash strings are annotated
307 * to crash-stats and are publicly visible. Firefox data stewards must do data
308 * review on usages of this macro.
309 */
313 #if defined(DEBUG) || defined(FUZZING)
315 #endif
318 }
319 #define MOZ_CRASH_UNSAFE(reason) MOZ_Crash(__FILE__, __LINE__, reason)
327 /*
328 * MOZ_CRASH_UNSAFE_PRINTF(format, arg1 [, args]) can be used when more
329 * information is desired than a string literal can supply. The caller provides
330 * a printf-style format string, which must be a string literal and between
331 * 1 and 4 additional arguments. A regular MOZ_CRASH() is preferred wherever
332 * possible, as passing arbitrary strings to printf from a potentially
333 * compromised process is not without risk.
334 *
335 * @note This macro causes data collection because crash strings are annotated
336 * to crash-stats and are publicly visible. Firefox data stewards must do data
337 * review on usages of this macro.
338 */
339 #define MOZ_CRASH_UNSAFE_PRINTF(format, ...) \
340 do { \
341 static_assert(MOZ_ARG_COUNT(__VA_ARGS__) > 0, \
344 static_assert(MOZ_ARG_COUNT(__VA_ARGS__) <= sPrintfMaxArgs, \
346 static_assert(sizeof(format) <= sPrintfCrashReasonSize, \
349 } while (false)
351 MOZ_END_EXTERN_C
353 /*
354 * MOZ_ASSERT(expr [, explanation-string]) asserts that |expr| must be truthy in
355 * debug builds. If it is, execution continues. Otherwise, an error message
356 * including the expression and the explanation-string (if provided) is printed,
357 * an attempt is made to invoke any existing debugger, and execution halts.
358 * MOZ_ASSERT is fatal: no recovery is possible. Do not assert a condition
359 * which can correctly be falsy.
360 *
361 * The optional explanation-string, if provided, must be a string literal
362 * explaining the assertion. It is intended for use with assertions whose
363 * correctness or rationale is non-obvious, and for assertions where the "real"
364 * condition being tested is best described prosaically. Don't provide an
365 * explanation if it's not actually helpful.
366 *
367 * // No explanation needed: pointer arguments often must not be NULL.
368 * MOZ_ASSERT(arg);
369 *
370 * // An explanation can be helpful to explain exactly how we know an
371 * // assertion is valid.
372 * MOZ_ASSERT(state == WAITING_FOR_RESPONSE,
373 * "given that <thingA> and <thingB>, we must have...");
374 *
375 * // Or it might disambiguate multiple identical (save for their location)
376 * // assertions of the same expression.
377 * MOZ_ASSERT(getSlot(PRIMITIVE_THIS_SLOT).isUndefined(),
378 * "we already set [[PrimitiveThis]] for this Boolean object");
379 * MOZ_ASSERT(getSlot(PRIMITIVE_THIS_SLOT).isUndefined(),
380 * "we already set [[PrimitiveThis]] for this String object");
381 *
382 * MOZ_ASSERT has no effect in non-debug builds. It is designed to catch bugs
383 * *only* during debugging, not "in the field". If you want the latter, use
384 * MOZ_RELEASE_ASSERT, which applies to non-debug builds as well.
385 *
386 * MOZ_DIAGNOSTIC_ASSERT works like MOZ_RELEASE_ASSERT in Nightly and early beta
387 * and MOZ_ASSERT in late Beta and Release - use this when a condition is
388 * potentially rare enough to require real user testing to hit, but is not
389 * security-sensitive. This can cause user pain, so use it sparingly. If a
390 * MOZ_DIAGNOSTIC_ASSERT is firing, it should promptly be converted to a
391 * MOZ_ASSERT while the failure is being investigated, rather than letting users
392 * suffer.
393 *
394 * MOZ_DIAGNOSTIC_ASSERT_ENABLED is defined when MOZ_DIAGNOSTIC_ASSERT is like
395 * MOZ_RELEASE_ASSERT rather than MOZ_ASSERT.
396 */
398 /*
399 * Implement MOZ_VALIDATE_ASSERT_CONDITION_TYPE, which is used to guard against
400 * accidentally passing something unintended in lieu of an assertion condition.
401 */
403 #ifdef __cplusplus
404 # include <type_traits>
412 "Expected boolean assertion condition, got an array or a "
415 "Expected boolean assertion condition, got a function! Did "
418 "It's often a bad idea to assert that a floating-point number "
419 "is nonzero, because such assertions tend to intermittently "
420 "fail. Shouldn't your code gracefully handle this case instead "
421 "of asserting? Anyway, if you really want to do that, write an "
425 };
429 # define MOZ_VALIDATE_ASSERT_CONDITION_TYPE(x) \
430 static_assert( \
431 mozilla::detail::AssertionConditionType<decltype(x)>::isValid, \
433 #else
434 # define MOZ_VALIDATE_ASSERT_CONDITION_TYPE(x)
435 #endif
437 #if defined(DEBUG) || defined(MOZ_ASAN)
438 # define MOZ_REPORT_ASSERTION_FAILURE(...) \
439 MOZ_ReportAssertionFailure(__VA_ARGS__)
440 #else
441 # define MOZ_REPORT_ASSERTION_FAILURE(...) \
443 } while (false)
444 #endif
446 /* First the single-argument form. */
447 #define MOZ_ASSERT_HELPER1(kind, expr) \
448 do { \
449 MOZ_VALIDATE_ASSERT_CONDITION_TYPE(expr); \
450 if (MOZ_UNLIKELY(!MOZ_CHECK_ASSERT_ASSIGNMENT(expr))) { \
451 MOZ_FUZZING_HANDLE_CRASH_EVENT2(kind, #expr); \
452 MOZ_REPORT_ASSERTION_FAILURE(#expr, __FILE__, __LINE__); \
454 MOZ_REALLY_CRASH(__LINE__); \
455 } \
456 } while (false)
457 /* Now the two-argument form. */
458 #define MOZ_ASSERT_HELPER2(kind, expr, explain) \
459 do { \
460 MOZ_VALIDATE_ASSERT_CONDITION_TYPE(expr); \
461 if (MOZ_UNLIKELY(!MOZ_CHECK_ASSERT_ASSIGNMENT(expr))) { \
462 MOZ_FUZZING_HANDLE_CRASH_EVENT2(kind, #expr); \
464 __LINE__); \
466 MOZ_REALLY_CRASH(__LINE__); \
467 } \
468 } while (false)
470 #define MOZ_ASSERT_GLUE(a, b) a b
471 #define MOZ_RELEASE_ASSERT(...) \
472 MOZ_ASSERT_GLUE( \
473 MOZ_PASTE_PREFIX_AND_ARG_COUNT(MOZ_ASSERT_HELPER, __VA_ARGS__), \
476 #ifdef DEBUG
477 # define MOZ_ASSERT(...) \
478 MOZ_ASSERT_GLUE( \
479 MOZ_PASTE_PREFIX_AND_ARG_COUNT(MOZ_ASSERT_HELPER, __VA_ARGS__), \
481 #else
482 # define MOZ_ASSERT(...) \
483 do { \
484 } while (false)
487 #if defined(MOZ_DIAGNOSTIC_ASSERT_ENABLED)
488 # define MOZ_DIAGNOSTIC_ASSERT(...) \
489 MOZ_ASSERT_GLUE( \
490 MOZ_PASTE_PREFIX_AND_ARG_COUNT(MOZ_ASSERT_HELPER, __VA_ARGS__), \
492 #else
493 # define MOZ_DIAGNOSTIC_ASSERT(...) \
494 do { \
495 } while (false)
496 #endif
498 /*
499 * MOZ_ASSERT_DEBUG_OR_FUZZING is like a MOZ_ASSERT but also enabled in builds
500 * that are non-DEBUG but FUZZING. This is useful for checks that are too
501 * expensive for Nightly in general but are still indicating potentially
502 * critical bugs.
503 * In fuzzing builds, the assert is rewritten to be a diagnostic assert because
504 * we already use this in other sensitive places and fuzzing automation is
505 * set to act on these under all circumstances.
506 */
507 #ifdef FUZZING
508 # define MOZ_ASSERT_DEBUG_OR_FUZZING(...) MOZ_DIAGNOSTIC_ASSERT(__VA_ARGS__)
509 #else
510 # define MOZ_ASSERT_DEBUG_OR_FUZZING(...) MOZ_ASSERT(__VA_ARGS__)
511 #endif
513 /*
514 * MOZ_ASSERT_IF(cond1, cond2) is equivalent to MOZ_ASSERT(cond2) if cond1 is
515 * true.
516 *
517 * MOZ_ASSERT_IF(isPrime(num), num == 2 || isOdd(num));
518 *
519 * As with MOZ_ASSERT, MOZ_ASSERT_IF has effect only in debug builds. It is
520 * designed to catch bugs during debugging, not "in the field".
521 */
522 #ifdef DEBUG
523 # define MOZ_ASSERT_IF(cond, expr) \
524 do { \
525 if (cond) { \
526 MOZ_ASSERT(expr); \
527 } \
528 } while (false)
529 #else
530 # define MOZ_ASSERT_IF(cond, expr) \
531 do { \
532 } while (false)
533 #endif
535 /*
536 * MOZ_DIAGNOSTIC_ASSERT_IF is like MOZ_ASSERT_IF, but using
537 * MOZ_DIAGNOSTIC_ASSERT as the underlying assert.
538 *
539 * See the block comment for MOZ_DIAGNOSTIC_ASSERT above for more details on how
540 * diagnostic assertions work and how to use them.
541 */
542 #ifdef MOZ_DIAGNOSTIC_ASSERT_ENABLED
543 # define MOZ_DIAGNOSTIC_ASSERT_IF(cond, expr) \
544 do { \
545 if (cond) { \
546 MOZ_DIAGNOSTIC_ASSERT(expr); \
547 } \
548 } while (false)
549 #else
550 # define MOZ_DIAGNOSTIC_ASSERT_IF(cond, expr) \
551 do { \
552 } while (false)
553 #endif
555 /*
556 * MOZ_MAKE_COMPILER_ASSUME_IS_UNREACHABLE([reason]) tells the compiler that it
557 * can assume that the macro call cannot be reached during execution. This lets
558 * the compiler generate better-optimized code under some circumstances, at the
559 * expense of the program's behavior being undefined if control reaches the
560 * MOZ_MAKE_COMPILER_ASSUME_IS_UNREACHABLE.
561 *
562 * In Gecko, you probably should not use this macro outside of performance- or
563 * size-critical code, because it's unsafe. If you don't care about code size
564 * or performance, you should probably use MOZ_ASSERT or MOZ_CRASH.
565 *
566 * SpiderMonkey is a different beast, and there it's acceptable to use
567 * MOZ_MAKE_COMPILER_ASSUME_IS_UNREACHABLE more widely.
568 *
569 * Note that MOZ_MAKE_COMPILER_ASSUME_IS_UNREACHABLE is noreturn, so it's valid
570 * not to return a value following a MOZ_MAKE_COMPILER_ASSUME_IS_UNREACHABLE
571 * call.
572 *
573 * Example usage:
574 *
575 * enum ValueType {
576 * VALUE_STRING,
577 * VALUE_INT,
578 * VALUE_FLOAT
579 * };
580 *
581 * int ptrToInt(ValueType type, void* value) {
582 * {
583 * // We know for sure that type is either INT or FLOAT, and we want this
584 * // code to run as quickly as possible.
585 * switch (type) {
586 * case VALUE_INT:
587 * return *(int*) value;
588 * case VALUE_FLOAT:
589 * return (int) *(float*) value;
590 * default:
591 * MOZ_MAKE_COMPILER_ASSUME_IS_UNREACHABLE("Unexpected ValueType");
592 * }
593 * }
594 */
596 /*
597 * Unconditional assert in debug builds for (assumed) unreachable code paths
598 * that have a safe return without crashing in release builds.
599 */
600 #define MOZ_ASSERT_UNREACHABLE(reason) \
603 #define MOZ_MAKE_COMPILER_ASSUME_IS_UNREACHABLE(reason) \
604 do { \
605 MOZ_ASSERT_UNREACHABLE(reason); \
606 MOZ_ASSUME_UNREACHABLE_MARKER(); \
607 } while (false)
609 /**
610 * MOZ_FALLTHROUGH_ASSERT is an annotation to suppress compiler warnings about
611 * switch cases that MOZ_ASSERT(false) (or its alias MOZ_ASSERT_UNREACHABLE) in
612 * debug builds, but intentionally fall through in release builds to handle
613 * unexpected values.
614 *
615 * Why do we need MOZ_FALLTHROUGH_ASSERT in addition to [[fallthrough]]? In
616 * release builds, the MOZ_ASSERT(false) will expand to `do { } while (false)`,
617 * requiring a [[fallthrough]] annotation to suppress a -Wimplicit-fallthrough
618 * warning. In debug builds, the MOZ_ASSERT(false) will expand to something like
619 * `if (true) { MOZ_CRASH(); }` and the [[fallthrough]] annotation will cause
620 * a -Wunreachable-code warning. The MOZ_FALLTHROUGH_ASSERT macro breaks this
621 * warning stalemate.
622 *
623 * // Example before MOZ_FALLTHROUGH_ASSERT:
624 * switch (foo) {
625 * default:
626 * // This case wants to assert in debug builds, fall through in release.
627 * MOZ_ASSERT(false); // -Wimplicit-fallthrough warning in release builds!
628 * [[fallthrough]]; // but -Wunreachable-code warning in debug builds!
629 * case 5:
630 * return 5;
631 * }
632 *
633 * // Example with MOZ_FALLTHROUGH_ASSERT:
634 * switch (foo) {
635 * default:
636 * // This case asserts in debug builds, falls through in release.
637 * MOZ_FALLTHROUGH_ASSERT("Unexpected foo value?!");
638 * case 5:
639 * return 5;
640 * }
641 */
642 #ifdef DEBUG
643 # define MOZ_FALLTHROUGH_ASSERT(...) \
645 #else
646 # define MOZ_FALLTHROUGH_ASSERT(...) [[fallthrough]]
647 #endif
649 /*
650 * MOZ_ALWAYS_TRUE(expr) and friends always evaluate the provided expression,
651 * in debug builds and in release builds both. Then, in debug builds and
652 * Nightly and early beta builds, the value of the expression is
653 * asserted either true or false using MOZ_DIAGNOSTIC_ASSERT.
654 */
655 #define MOZ_ALWAYS_TRUE(expr) \
656 do { \
657 if (MOZ_LIKELY(expr)) { \
659 } else { \
660 MOZ_DIAGNOSTIC_ASSERT(false, #expr); \
661 } \
662 } while (false)
664 #define MOZ_ALWAYS_FALSE(expr) MOZ_ALWAYS_TRUE(!(expr))
665 #define MOZ_ALWAYS_OK(expr) MOZ_ALWAYS_TRUE((expr).isOk())
666 #define MOZ_ALWAYS_ERR(expr) MOZ_ALWAYS_TRUE((expr).isErr())
668 /*
669 * These are disabled when fuzzing
670 */
671 #ifdef FUZZING
672 # define MOZ_CRASH_UNLESS_FUZZING(...) \
673 do { \
674 } while (0)
675 # define MOZ_ASSERT_UNLESS_FUZZING(...) \
676 do { \
677 } while (0)
678 #else
679 # define MOZ_CRASH_UNLESS_FUZZING(...) MOZ_CRASH(__VA_ARGS__)
680 # define MOZ_ASSERT_UNLESS_FUZZING(...) MOZ_ASSERT(__VA_ARGS__)
681 #endif
683 #undef MOZ_BUFFER_STDERR
684 #undef MOZ_CRASH_CRASHREPORT
685 #undef MOZ_DUMP_ASSERTION_STACK
687 /*
688 * This is only used by Array and nsTArray classes, therefore it is not
689 * required when included from C code.
690 */
691 #ifdef __cplusplus
698 /*
699 * Provide a fake default value to be used when a value is required but none can
700 * sensibily be provided without adding undefined behavior or security issues.
701 *
702 * This function asserts and aborts if it ever executed.
703 *
704 * Example usage:
705 *
706 * class Trooper {
707 * const Droid& lookFor;
708 * Trooper() : lookFor(MakeCompilerAssumeUnreachableFakeValue<
709 const Droid&>()) {
710 * // The class might be instantiated due to existing caller
711 * // but this never happens in practice.
712 * }
713 * };
714 *
715 */
716 #ifdef __cplusplus
721 }