| ▲ | vlovich123 3 days ago | ||||||||||||||||
That is not the same thing at all. Unreachable means that entire branch cannot be taken and the compiler is free to inject optimizations assuming that’s the case. It doesn’t need to crash if the violation isn’t met - indeed it probably won’t. It’s the equivalent of having something like I would say that using unreachable() in mission critical software is super dangerous, moreso than an allocation failing. You want to remove all potential for UB (ie safe rust with no or minimal unsafe, not sprinkling in UB as a form of documentation). | |||||||||||||||||
| ▲ | creato 2 days ago | parent | next [-] | ||||||||||||||||
You're right, the thing I linked to do does exactly that. I should have read it more closely. The projects that I've worked on, unconditionally define it as a thing that crashes (e.g. `std::abort` with a message). They don't actually use that C/C++ thing (because C23 is too new), and apparently it would be wrong to do so. | |||||||||||||||||
| |||||||||||||||||
| ▲ | skepti 2 days ago | parent | prev [-] | ||||||||||||||||
For many types of projects and approaches, avoiding UB is necessary but not at all sufficient. It's perfectly possible to have critical bugs that can cause loss of health or life or loss of millions of dollars, without any undefined behavior being involved. Funnily enough, Rust's pattern matching, an innovation among systems languages without GCs (a small space inhabited by languages like C, C++ and Ada), may matter more regarding correctness and reliability than its famous borrow checker. | |||||||||||||||||
| |||||||||||||||||