Right. Perhaps they should have done (and in my view there's no perhaps
about it), but they didn't. Er... so?
I was assuming (perhaps optimisically!) that the writers of the C
library were smart people. The usual argument (I thought you'd made it
in fact...) was that for primitives like strcpy() you want an
unchecked version and the caller makes damn sure he doesn't pass a
NULL (or otherwise invalid) pointer to strcpy(). Um. I suppose that's
an argument for taking the asserts out in the production code.
Obviously we are going round and round here. I like asserting simple
preconditions. And I like to leave such checks in because I'm not
perfect. My tests don't cover every real world case and I'd rather my
programs bailed out than struggle on in an undefined state.
> If I
And so we learn (slowly) not to strcpy null pointers.
by this time we all know we shouldn't strcpy() null pointers. But it
soemtimes happens anyway. Actually I seem to printf() them more often.
But, from a
programmer's perspective, I would rather have the user send me an error
log that showed me the call stack and therefore the context of the
screw-up rather than, on the other hand, a message just saying "foo.c,
42: assertion (p != NULL) failed".
on many systems abort() triggers a core dump. Ok I don't really use
assert() I use an assert like macro that writes stuff into a log file.
If you call that "error handling" then I handle errors. the code looks
more like this though:-
int process_doggle (Doggle* doggle, int n)
{
ASSERT (doggle_is_valid (doggle));
ASSERT (n != 0);
/* do stuff */
}
that sounds a different strategy from generating a call stack...
Sure. I'd expect the building to be capable of supporting the roof.
fond though I am of civil engineering analogies I think this one is
structurally unsound. We aren't building a building we're writing
software.
If your house is correctly wired you don't need on earth on your plug
(many countries don't have one- where I come from electrical plugs
have three pins).
You shouldn't need fuses or earth leakage detectors but many homes
have one or both of these.
It's
a precondition for the roof that something has to be able to hold it up.
But I'm not going to leave the scaffolding there on the off-chance that
the building suddenly loses structural integrity. In fact, if the
building does lose structural integrity, a falling roof is the last of
your problems. (Literally!) And yes, some buildings /do/ lose structural
integrity, and without scaffolding to hold it up the roof /does/ fall.
But to blame the absence of scaffolding is ridiculous. Buildings are
supposed to be able to stand without scaffolding. And programs are
supposed to be able to stand without assertions. If you daren't take the
assertion out, it's really an error-check.
you should have seen the amount of stuff a customer added under the
false floor to support a cabinet. THEY didn't assume the floor wasn't
going to move about very rapidly at some point.