Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

CGAL: Deal with CGAL_assertion(false) #8496

Open
wants to merge 24 commits into
base: master
Choose a base branch
from

Conversation

afabri
Copy link
Member

@afabri afabri commented Sep 25, 2024

Summary of Changes

Replace or remove some CGAL_assertion(false) where it is sure that the code is unreachable, regardless the input. This is typically a switch for three enum values with 3 case statements that all return and where we have verified.

Release Management

@afabri afabri added this to the 6.1-beta milestone Sep 25, 2024
@afabri afabri self-assigned this Sep 25, 2024
Copy link
Member

@lrineau lrineau left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Looks good, so far, except for one case.

Actually, I am not so sure with should replace CGAL_assertion(false) with CGAL_unreachable() everywhere. For users activating the CGAL assertions even in production, the code will behave differently.

@mglisse
Copy link
Member

mglisse commented Sep 25, 2024

Actually, I am not so sure with should replace CGAL_assertion(false) with CGAL_unreachable() everywhere. For users activating the CGAL assertions even in production, the code will behave differently.

Oh, I always assumed that CGAL_unreachable() was the same as CGAL_assume(0), i.e. that when assertions are enabled it would error out, but I now see this isn't the case. Was this a deliberate choice, or an accident?

@lrineau
Copy link
Member

lrineau commented Sep 25, 2024

Actually, I am not so sure with should replace CGAL_assertion(false) with CGAL_unreachable() everywhere. For users activating the CGAL assertions even in production, the code will behave differently.

Oh, I always assumed that CGAL_unreachable() was the same as CGAL_assume(0), i.e. that when assertions are enabled it would error out, but I now see this isn't the case. Was this a deliberate choice, or an accident?

I am not sure it was intended. The commit that introduced that behavior is 604d2fd. Actually, I think it was intentional. The goal was to convince the compiler that the branch was dead, to remove warnings.

That means CGAL_unreachable() no longer triggers the CGAL::Assertion_exception exception, if CGAL assertion are enabled. And CGAL_assertion(false) is not equivalent to CGAL_unreachable().

CGAL_unreachable() should be restricted to cases where it is impossible the branch can be reached. Or if invalid user-inputs are already checked by other assertions. Otherwise, in Debug mode, users might get segfaults instead of CGAL assertion failures.

@mglisse
Copy link
Member

mglisse commented Sep 26, 2024

Does that mean we should use CGAL_assume(false) by default, and only use CGAL_unreachable() in a few "safe" cases?

@afabri
Copy link
Member Author

afabri commented Sep 27, 2024

Concerning CGAL::assume() it is unlucky that it has not the same semantics as [[ assume ]].
We have probably not many users of CGAL::assume() so do we want to break it or do we want to a add a CGAL::cpp23::assume()? Or simply not use something like [[ assume ]]`?

@lrineau
Copy link
Member

lrineau commented Sep 27, 2024

Concerning CGAL::assume() it is unlucky that it has not the same semantics as [[ assume ]]. We have probably not many users of CGAL::assume() so do we want to break it or do we want to a add a CGAL::cpp23::assume()? Or simply not use something like [[ assume ]]`?

Note

The name is CGAL_assume, because it has to be a preprocessor macro.

@afabri afabri force-pushed the CGAL-unreachable-GF branch from 8bf9639 to 071a9c2 Compare September 30, 2024 10:27
@afabri
Copy link
Member Author

afabri commented Sep 30, 2024

@sloriot this is no longer WIP.

@sloriot sloriot added Not yet approved The feature or pull-request has not yet been approved. Tested and removed Ready to be tested Under Testing labels Oct 14, 2024
@sloriot
Copy link
Member

sloriot commented Oct 14, 2024

Successfully tested in CGAL-6.0.1-Ic-345

@afabri
Copy link
Member Author

afabri commented Oct 14, 2024

@sloriot what has to be approved?

Copy link
Member

@sloriot sloriot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

What I don't like with CGAL_unreachable() replacement is that if there is a bug in CGAL code and that we reach a place marked as unreachable no assertion will be thrown. Maybe we should modify the macro to also raise CGAL_assertion(false).

@@ -780,7 +780,7 @@ class Vertex_conflict_C2

// philaris: execution should never reach here
// philaris: code added to avoid warnings on some compilers
CGAL_assertion( false );
CGAL_assertion(false);
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

no change in this file?

@afabri
Copy link
Member Author

afabri commented Oct 14, 2024

What I don't like with CGAL_unreachable() replacement is that if there is a bug in CGAL code and that we reach a place marked as unreachable no assertion will be thrown. Maybe we should modify the macro to also raise CGAL_assertion(false).

The whole point is to tell the compiler that it can go ahead and optimize things. For example for the three orientation switch.

@sloriot
Copy link
Member

sloriot commented Oct 14, 2024

What I don't like with CGAL_unreachable() replacement is that if there is a bug in CGAL code and that we reach a place marked as unreachable no assertion will be thrown. Maybe we should modify the macro to also raise CGAL_assertion(false).

The whole point is to tell the compiler that it can go ahead and optimize things. For example for the three orientation switch.

I know, what I'm saying is that the doc of _builtin_unreachable says that it's undefined behavior if the program "reaches" it. So without an assertion, we can't detect it.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
Cleaning Not yet approved The feature or pull-request has not yet been approved. Tested
Projects
None yet
Development

Successfully merging this pull request may close these issues.

CGAL_assertion(false)/CGAL_error() replace by CGAL_unreachable()?
4 participants