« New security features in IE8
Transparent text is transparent »

The return of NS_ABORT_IF_FALSE

After five years in hiding, NS_ABORT_IF_FALSE has returned. Please use it instead of NS_ASSERTION in situations where failure is likely to lead to memory corruption. By aborting rather than asserting, you ensure that debug-build users focus on the cause of the corruption rather than whatever random crash results from the corruption. This leads to happier debugging and better bug reports.

Of course, sometimes it's better to prevent the memory corruption entirely, e.g. by adding a run-time check or by making all builds abort (not just debug builds).

This entry was posted on Thursday, July 17th, 2008 at 6:43 pm and is filed under Mozilla, Security. You can follow any responses to this entry through the RSS 2.0 feed. Both comments and pings are currently closed.

2 Responses to “The return of NS_ABORT_IF_FALSE”

  1. Jesse Ruderman Says:
    July 18th, 2008 at 1:26 am

    As a bonus, you’re guaranteed to have a stack trace: https://bugzilla.mozilla.org/show_bug.cgi?id=434076. On Leopard, you can also get a stack trace from the system crash reporter.

  2. Jeff Walden Says:
    July 19th, 2008 at 12:54 am

    Hrm, not sure how I forgot to close the bug. Anyway, reviews really should just require N_A_I_F unless the assert’s being hit in known circumstances that are hard to fix quickly, not just in superbad cases.