This might be less of a design issue than a C++ language issue per se,
but I have a problem with assertions. I mean, they work, of course.
But there's something I'm uncomfortable with that's never been
explained to my satisfaction.
I recently read this explanation. "There is an effective litmus test
to differentiate the cases in which you need to use assert and when
you need to use genuine error checking: you use error checking for
things that could happen, even very improbably. You use assert only
for things that you truly believe cannot possibly happen under any
circumstances. An assertion that fails always signals a design or a
programmer error - not a user error."
OK I can buy that. But what keeps going unmentioned is that
assertions are debug-mode only. Well, it's mentioned, but usually in
the context of increased efficiency at runtime since they're compiled
out.
I understand the idea that even the things you take for granted as
being true might not be true. Software has bugs, and today almost
every decent sized application uses third party supplements and
interfaces. Interfaces change, code versions change, versions of code
get mismatched. New permutations of hardware and software mixes are
constantly occurring.
And where does all this manifest itself? At the developer's box?
Sometimes. But the majority of time in a modern large application
with many users, it's very likely for a bug to show itself in the
field. And that is exactly where the assertion does not exist. Even
most test departments use release code, not debug code. What exactly
is the point of checking for "impossible " error situations only at the
developer's desk? That just doesn't make sense to me. The code gets
executed far too much outside of that environment, in ways the
original developer might not even have imagined, for that to be good
enough.
I would go so far as to say the original developer's box is precisely
where assertions are NOT needed, because that's the only place where a
debugger is available. (I see how they can come in handy, and force
you to resist making assumptions.) But you really need assertions (or
something) in environments where the debugger isn't available.
Mar 2 '07
58 3142
Roland Pibinger wrote:
On Sun, 04 Mar 2007 23:14:14 +1300, Ian Collins rote:
>>I am describing using asserts to enforce the contract between the application and its operating environment. If a device or library specificati on specifies a valid set of output values, assert is a good sanity check.
Is a contract violation a bug or an expected runtime scenario? IMO,
the latter.
Well it's certainly a bug in the provider.
A piece of hardware saying data is ready in one register while saying
there isn't any data to read most definitely isn't an expected runtime
scenario. Nor is it a bug in the application. It is something that
should never happen.
--
Ian Collins.
On 4 Mar, 10:29, rpbg...@yahoo.c om (Roland Pibinger) wrote:
On Sun, 04 Mar 2007 23:14:14 +1300, Ian Collins rote:
I am describing using asserts to enforce the contract between the
application and its operating environment. If a device or library
specification specifies a valid set of output values, assert is a good
sanity check.
Is a contract violation a bug or an expected runtime scenario? IMO,
the latter.
How do you engineer a reliable product if you expect third party
components (software or hardware) not to adhere to their interface
specifications? If you expect them to do that you need to change
supplier.
Gavin Deane
On 4 Mar 2007 03:36:41 -0800, "Gavin Deane" wrote:
>On 4 Mar, 10:29, rpbg...@yahoo.c om (Roland Pibinger) wrote:
>Is a contract violation a bug or an expected runtime scenario? IMO, the latter.
How do you engineer a reliable product if you expect third party components (software or hardware) not to adhere to their interface specifications ? If you expect them to do that you need to change supplier.
You are right. The caller must rely on the contracts (specifications )
of third party components. I misinterpreted Ian Collins' remark that
he's "using asserts to enforce the contract between the application
and its operating environment". asserts may check some aspects of
contracts in non-release settings but are not appropriate to 'enforce'
them in release mode.
Best regards,
Roland Pibinger
Roland Pibinger wrote:
On 4 Mar 2007 03:36:41 -0800, "Gavin Deane" wrote:
>>On 4 Mar, 10:29, rpbg...@yahoo.c om (Roland Pibinger) wrote:
>>>Is a contract violation a bug or an expected runtime scenario? IMO, the latter.
How do you engineer a reliable product if you expect third party components (software or hardware) not to adhere to their interface specification s? If you expect them to do that you need to change supplier.
You are right. The caller must rely on the contracts (specifications )
of third party components. I misinterpreted Ian Collins' remark that
he's "using asserts to enforce the contract between the application
and its operating environment". asserts may check some aspects of
contracts in non-release settings but are not appropriate to 'enforce'
them in release mode.
Why are they not appropriate to 'enforce' them in release mode? If
something you trust breaks that trust, would you rather experience a
random, possibly damaging, failure or a controlled one?
--
Ian Collins.
On Mon, 05 Mar 2007 07:44:00 +1300, Ian Collins wrote:
>Roland Pibinger wrote:
>asserts may check some aspects of contracts in non-release settings but are not appropriate to 'enforce' them in release mode.
Why are they not appropriate to 'enforce' them in release mode? If something you trust breaks that trust, would you rather experience a random, possibly damaging, failure or a controlled one?
assert is a means of finding bugs in your code. What you check at
runtime in your released program is something different (though
necessary and useful).
Best regards,
Roland Pibinger
Roland Pibinger wrote:
On Mon, 05 Mar 2007 07:44:00 +1300, Ian Collins wrote:
>>Roland Pibinger wrote:
>>asserts may check some aspects of contracts in non-release settings but are not appropriate to 'enforce' them in release mode.
Why are they not appropriate to 'enforce' them in release mode? If something you trust breaks that trust, would you rather experience a random, possibly damaging, failure or a controlled one?
assert is a means of finding bugs in your code. What you check at
runtime in your released program is something different (though
necessary and useful).
I feel this is going around in circles. As for a concrete example, I find
that g++ sometimes crashes upon me. Usually, it dies with a friendly
invitation to send in a bug report. It even gives some file and line number
info. I am pretty certain that the developers left some sanity check
assertions in g++. I highly appreciate that for the following reasons:
a) I prefer g++ crashing over generating faulty code. If I had no indication
that there was a problem with the compiler and the generated program
behaves not as expected, I would start searching for a bug in my code. That
could be a tremendous waste of time.
b) I can use the file and line number info to check the bugzilla database
and see whether the bug has already been reported.
Do you think, the compiler would be a better program with those assertions
turned off?
Best
Kai-Uwe Bux
On Mar 3, 9:40 pm, Alan Johnson <a...@yahoo.com wrote:
I'm not sure I like Hoare's analogy. Consider this one: When you are
learning to ride a bicycle you attach training wheels to catch you when
you make a mistake. When you are competing in the Tour de France you no
longer use the training wheels. Analogously, when you are writing code
you use asserts to catch when your invariants stop being invariant.
After you are satisfied the code is correct you disable them for
performance.
If it is really an invariant then you could do a compile-time check.
I hate it when people assert that one constant is bigger than another.
That said, I do find the rest of the arguments compelling.
I never use assert(), mostly for the reasons already listed. In C++ I
throw a logic_error exception and in C I call an error function that
prints out what happened and suspends the program. There have been
one or two instances over the years where one of the supposed
'impossible asserts' has happened in the field and I am very glad I
had the printout of what happened, instead of a vague report of a
malfunctioning device.
Old Wolf wrote:
>
I never use assert(), mostly for the reasons already listed. In C++ I
throw a logic_error exception and in C I call an error function that
prints out what happened and suspends the program. There have been
one or two instances over the years where one of the supposed
'impossible asserts' has happened in the field and I am very glad I
had the printout of what happened, instead of a vague report of a
malfunctioning device.
So you do use asserts, you just give them a different name!
--
Ian Collins.
Roland Pibinger wrote:
On Mon, 05 Mar 2007 07:44:00 +1300, Ian Collins wrote:
>>Roland Pibinger wrote:
>>>asserts may check some aspects of contracts in non-release settings but are not appropriate to 'enforce' them in release mode. Why are they not appropriate to 'enforce' them in release mode? If something you trust breaks that trust, would you rather experience a random, possibly damaging, failure or a controlled one?
assert is a means of finding bugs in your code.
Says who? All the standard has to say is "The assert macro puts
diagnostic tests into programs".
What you check at
runtime in your released program is something different (though
necessary and useful).
Are we arguing over a name, or a technique? Do you include any
diagnostic tests for internal (rather user generated) state in your
released code?
--
Ian Collins.
On Mar 5, 11:27 am, Ian Collins <ian-n...@hotmail.co mwrote:
Old Wolf wrote:
I never use assert(), mostly for the reasons already listed. In C++ I
throw a logic_error exception and in C I call an error function that
prints out what happened and suspends the program. There have been
one or two instances over the years where one of the supposed
'impossible asserts' has happened in the field and I am very glad I
had the printout of what happened, instead of a vague report of a
malfunctioning device.
So you do use asserts, you just give them a different name!
Please learn to read. I said "I never use assert()". assert() is
a C++ (and C) feature that aborts the program at runtime when its
argument is false , unless the macro NDEBUG is defined, in which
case it is a no-op. You can look it up in the C standard or in
various other references. This thread has been closed and replies have been disabled. Please start a new discussion. Similar topics |
by: P. Chalin |
last post by:
If you make use of assertions (e.g. assert statements) in your code, I
would like to invite you to participate in a 15 min survey on program
assertions. In this survey we seek your opinion concerning the issue
of errors/exceptions raised during assertion evaluation. The
questionnaire is available here:
https://www.dsrg.org/ASN_Survey/wnd.html
Thank-you in advance,
P.Chalin
|
by: Angel Tsankov |
last post by:
I need to make verifications in release builds. If a verification
fails, an error message should be displayed and the program should be
aborted. I need this solution to be portable. Then I thought of the
assert macro - it provides the desired functionality but only if
NDEBUG is not defined. So, I could write smth like this:
#if defined NDEBUG
#undef NDEBUG
#include <cassert>
#define NDEBUG
|
by: Divick |
last post by:
Hi,
is it a nice idea to do assetion checks for method arguments ? I
am currently redesigning a piece of code. Now the problem is that there
are some assumptions for the method arguments that the code makes. It
is not checking the validity of the arguments everywhere because that
would lead to performance penalty. So I am think that at least
assertions will be able check the arguments at least for debug version
to verify the design. But...
|
by: Jefffff |
last post by:
Regarding the use of assertions:
According to Juval Lowy's excellent coding standards document (PDF download
available at www.idesign.net), every assumption in your code should have an
assertion... and on average, every 5th line is an assertion.
My question:
Do any of you include that many assertions? I agree in principle that we
should code defensively, but his recommendation just seems to go "overboard"
and would result in a lot of...
|
by: douglass_davis |
last post by:
Say I would like to use assertions to make sure correct inputs are
given to a procedure. But, I want to do this in testing only, not in
production.
I saw Debug.Assert, which is nice, but does VB.NET have a feature where
you can turn off assertions on production code?
--
http://www.douglass.com
| |
by: Matthew Wilson |
last post by:
Lately, I've been writing functions like this:
def f(a, b):
assert a in
assert b in
The point is that I'm checking the type and the values of the
parameters.
|
by: Hugh Oxford |
last post by:
I am told that I should use assertions in my testing. The problem is,
because I test using a cut of live data, the data always changes. Has
anyone come up against this or have they abandoned assertions generally?
On a more general note, how does one reconcile a changing data set with
testing driven development?
|
by: Oralloy |
last post by:
Hello folks,
I am unable to find appropriate documentation on the type promotion of bit-fields when using the generalised comparison operator "<=>".
The problem is that using the GNU compilers, it seems that the internal comparison operator "<=>" tries to promote arguments from unsigned to signed.
This is as boiled down as I can make it.
Here is my compilation command:
g++-12 -std=c++20 -Wnarrowing bit_field.cpp
Here is the code in...
|
by: jinu1996 |
last post by:
In today's digital age, having a compelling online presence is paramount for businesses aiming to thrive in a competitive landscape. At the heart of this digital strategy lies an intricately woven tapestry of website design and digital marketing. It's not merely about having a website; it's about crafting an immersive digital experience that captivates audiences and drives business growth.
The Art of Business Website Design
Your website is...
|
by: Hystou |
last post by:
Overview:
Windows 11 and 10 have less user interface control over operating system update behaviour than previous versions of Windows. In Windows 11 and 10, there is no way to turn off the Windows Update option using the Control Panel or Settings app; it automatically checks for updates and installs any it finds, whether you like it or not. For most users, this new feature is actually very convenient. If you want to control the update process,...
|
by: tracyyun |
last post by:
Dear forum friends,
With the development of smart home technology, a variety of wireless communication protocols have appeared on the market, such as Zigbee, Z-Wave, Wi-Fi, Bluetooth, etc. Each protocol has its own unique characteristics and advantages, but as a user who is planning to build a smart home system, I am a bit confused by the choice of these technologies. I'm particularly interested in Zigbee because I've heard it does some...
| |
by: agi2029 |
last post by:
Let's talk about the concept of autonomous AI software engineers and no-code agents. These AIs are designed to manage the entire lifecycle of a software development project—planning, coding, testing, and deployment—without human intervention. Imagine an AI that can take a project description, break it down, write the code, debug it, and then launch it, all on its own....
Now, this would greatly impact the work of software developers. The idea...
|
by: isladogs |
last post by:
The next Access Europe User Group meeting will be on Wednesday 1 May 2024 starting at 18:00 UK time (6PM UTC+1) and finishing by 19:30 (7.30PM).
In this session, we are pleased to welcome a new presenter, Adolph Dupré who will be discussing some powerful techniques for using class modules.
He will explain when you may want to use classes instead of User Defined Types (UDT). For example, to manage the data in unbound forms.
Adolph will...
|
by: TSSRALBI |
last post by:
Hello
I'm a network technician in training and I need your help.
I am currently learning how to create and manage the different types of VPNs and I have a question about LAN-to-LAN VPNs.
The last exercise I practiced was to create a LAN-to-LAN VPN between two Pfsense firewalls, by using IPSEC protocols.
I succeeded, with both firewalls in the same network. But I'm wondering if it's possible to do the same thing, with 2 Pfsense firewalls...
|
by: muto222 |
last post by:
How can i add a mobile payment intergratation into php mysql website.
|
by: bsmnconsultancy |
last post by:
In today's digital era, a well-designed website is crucial for businesses looking to succeed. Whether you're a small business owner or a large corporation in Toronto, having a strong online presence can significantly impact your brand's success. BSMN Consultancy, a leader in Website Development in Toronto offers valuable insights into creating effective websites that not only look great but also perform exceptionally well. In this comprehensive...
| |