atom feed3 messages in org.webkit.lists.webkit-devRe: [webkit-dev] How to use ASSERT_NO...
FromSent OnAttachments
Darin AdlerDec 15, 2011 8:36 am 
Joe MasonDec 15, 2011 9:00 am 
Antti KoivistoDec 15, 2011 11:23 am 
Subject:Re: [webkit-dev] How to use ASSERT_NO_EXCEPTION
From:Joe Mason (jma@rim.com)
Date:Dec 15, 2011 9:00:27 am
List:org.webkit.lists.webkit-dev

-----Original Message----- From: webk@lists.webkit.org [mailto:webkit-dev- boun@lists.webkit.org] On Behalf Of Darin Adler Sent: Thursday, December 15, 2011 11:37 AM To: WebKit Development Subject: [webkit-dev] How to use ASSERT_NO_EXCEPTION

Those same functions are often used to implement the internals of the web engine. In those cases, they are called by callers who can guarantee none of the exceptional cases exist. Before ASSERT_NO_EXCEPTION, here's how you would write a call like that:

ExceptionCode ec; appendChild(newChild, ec); ASSERT(!ec);

That's pretty ugly, and we can do better. ASSERT_NO_EXCEPTION lets us do these two things:

#include "ExceptionCodePlaceholder.h"

appendChild(newChild, ASSERT_NO_EXCEPTION);

That's pretty good, but this is even better:

appendChild(newChild);

I disagree that the last style is better. Having the text "ASSERT_NO_EXCEPTION"
in every function call makes it clear to all readers that there's a theoretical
possibility of an exception here, and the author has made sure that it can't
happen. If the assertion is hidden in the default parameter, people who come to
the code without reading this note (which will be very common) won't know the
rules.

Here are some rules of thumb for using this:

1) If there's a DOM function where callers inside WebCore can easily guarantee that no exception will be raised, it's recommended to add ASSERT_NO_EXCEPTION as a default value for the ExceptionCode& argument.

2) If you need to call a function like this, first double check that you can indeed guarantee that no exception will occur, then either use ASSERT_NO_EXCEPTION directly and

3) Do not use ASSERT_NO_EXCEPTION if the exception is possible. Be sure that you know why there is no exception possible before using this technique. In some cases, you may even need to add a comment to the source code explaining why no exception is possible.

Whenever there are rules of thumb like this, we need constant vigilance by the
reviewers to make sure they're followed. This is made easier if the coding
style enforces the rules, so that places where they're ignored stand out.
Having "ASSERT_NO_EXCEPTION" appearing in the code is a valuable reminder to
authors and reviewers that they should be checking for exception-safety.
Without it, I suspect we will often forget to check for this.

I think the first rule of thumb should be reversed, and explicit
ASSERT_NO_EXCEPTION should be the norm.

Joe