[webkit-dev] How to use ASSERT_NO_EXCEPTION

Thu Dec 15 09:00:35 PST 2011

> -----Original Message-----
> From: webkit-dev-bounces at lists.webkit.org [mailto:webkit-dev-
> bounces at lists.webkit.org] On Behalf Of Darin Adler
> Sent: Thursday, December 15, 2011 11:37 AM
> To: WebKit Development
> Subject: [webkit-dev] How to use ASSERT_NO_EXCEPTION
> 
> Those same functions are often used to implement the internals of the
> web engine. In those cases, they are called by callers who can
> guarantee none of the exceptional cases exist. Before
> ASSERT_NO_EXCEPTION, here's how you would write a call like that:
> 
>     ExceptionCode ec;
>     appendChild(newChild, ec);
>     ASSERT(!ec);
> 
> That's pretty ugly, and we can do better. ASSERT_NO_EXCEPTION lets us
> do these two things:
> 
>     #include "ExceptionCodePlaceholder.h"
> 
>     appendChild(newChild, ASSERT_NO_EXCEPTION);
> 
> That's pretty good, but this is even better:
> 
>     appendChild(newChild);

I disagree that the last style is better.  Having the text "ASSERT_NO_EXCEPTION" in every function call makes it clear to all readers that there's a theoretical possibility of an exception here, and the author has made sure that it can't happen.  If the assertion is hidden in the default parameter, people who come to the code without reading this note (which will be very common) won't know the rules.

> Here are some rules of thumb for using this:
> 
>     1) If there's a DOM function where callers inside WebCore can
> easily guarantee that no exception will be raised, it's recommended to
> add ASSERT_NO_EXCEPTION as a default value for the ExceptionCode&
> argument.
> 
>     2) If you need to call a function like this, first double check
> that you can indeed guarantee that no exception will occur, then either
> use ASSERT_NO_EXCEPTION directly and
> 
>     3) Do not use ASSERT_NO_EXCEPTION if the exception is possible. Be
> sure that you know why there is no exception possible before using this
> technique. In some cases, you may even need to add a comment to the
> source code explaining why no exception is possible.

Whenever there are rules of thumb like this, we need constant vigilance by the reviewers to make sure they're followed.  This is made easier if the coding style enforces the rules, so that places where they're ignored stand out.  Having "ASSERT_NO_EXCEPTION" appearing in the code is a valuable reminder to authors and reviewers that they should be checking for exception-safety.  Without it, I suspect we will often forget to check for this.

I think the first rule of thumb should be reversed, and explicit ASSERT_NO_EXCEPTION should be the norm.

Joe

---------------------------------------------------------------------
This transmission (including any attachments) may contain confidential information, privileged material (including material protected by the solicitor-client or other applicable privileges), or constitute non-public information. Any use of this information by anyone other than the intended recipient is prohibited. If you have received this transmission in error, please immediately reply to the sender and delete this information from your system. Use, dissemination, distribution, or reproduction of this transmission by unintended recipients is not authorized and may be unlawful.