P
Phil Carmody
Richard Heathfield said:In the real world, users tend not to enjoy broken code very much,
True.
and will try to avoid vendors who ship it to them.
Unproven, and suspected false.
Phil
Richard Heathfield said:In the real world, users tend not to enjoy broken code very much,
True.
and will try to avoid vendors who ship it to them.
Richard Heathfield said:I have just completed a statistical study in which 100% of users said
they no longer buy products from companies from whom they have bought
buggy products in the past. (Sample size: 1!)
Richard Heathfield said:I have just completed a statistical study in which 100% of users said
they no longer buy products from companies from whom they have bought
buggy products in the past. (Sample size: 1!)
Eric said:The general idea is that assert() should check for logic errors in
the program. If you find that you need to store N things, malloc() an
N-place array to hold them, and start filling array[j] in a loop that
increments j, you might assert(j < N) before trying to use the index,
and you might assert(j == N) at the end -- both would amount to checks
that you calculated N correctly to begin with.
Phil Carmody said:Phase 1 of defensive programming is knowing when to insert assert()s.
Phase 2 of defensive programming is knowing when to not insert them.
Use asserts only for situations which show a logical inconsistency,
not things that you don't want to happen, or things that mustn't happen,
but things that cannot, with working code, ever logically happen.
Phil Carmody said:Unproven, and suspected false.
Could you guys explain me *when* one should use 'assert'. I do understand
what it does and I have read c-FAQ 20.24b, but consider the code proposed by
user923005 earlier:
Herbert Rosenau said:assert() uis there for brainless programmers to save theyr brain. In
more than 25years programming I found no sense for assert.
assert evaluates to a NOOP when compiling NOT in debug mode, so it
does nothing in produnction code.
assert in debug mode makes no sense because when you as writer of the
code does a check against your dumbness you have found the bug already
but too dumb to resolve it.
So assert is at least completely useless.
Herbert Rosenau said:assert() uis there for brainless programmers to save theyr brain. In
more than 25years programming I found no sense for assert.
assert evaluates to a NOOP when compiling NOT in debug mode, so it
does nothing in produnction code.
assert in debug mode makes no sense because when you as writer of the
code does a check against your dumbness you have found the bug already
but too dumb to resolve it.
assert is not designed to make a test against data - it can only
defend against the dumbness of the programmer that writes the assert,
it can't defend against dumbness the user using the program.
So assert is at least completely useless.
Herbert Rosenau said:assert in debug mode makes no sense because when you as writer of the
code does a check against your dumbness you have found the bug already
but too dumb to resolve it.
Many programmers find assert to be quite useful. It's sometimes much
easier to define a condition that must be true if the code is correct
than to prove that the code actually satisfies the condition.
It does not (necessarily) defend against the "dumbness" of the
programmer. It defends against mistakes by the programmer.
Perhaps you never make mistakes, but most of us do.
I suggest you try to understand it before you claim that it, and
programmers who use it, are stupid.
I use them all the time, so Herbert's assertion may have serious
merit.
They have great value for me and have probably saved me a thousand
hours of debugging time.
But smarter programmers probably don't need them.
P.S.
For a masterful use of assertions (IMO) examine this code:http://arctrix.com/nas/chess/fruit/
P.P.S.
Fabian is a really nice guy.
[skip]Richard said:Well, I don't think it's a good example. Here's a better one (I
hope!). Consider a function whose documentation says something like:
/* function: si_digital_root
library: libstrint.a
purpose: returns the digital root of a specified number of
digits in a given string
'start' is not being advanced towards the end. Is it a copy-paste typo?while(start <= end)
{
assert(isdigit(s[start])); /* D */
root += s[start] - '0';
root %= 10;
}
assert() uis there for brainless programmers to save theyr brain.
In
more than 25years programming I found no sense for assert.
assert evaluates to a NOOP when compiling NOT in debug mode, so it
does nothing in produnction code.
assert in debug mode makes no sense because when you as writer of the
code does a check against your dumbness you have found the bug already
but too dumb to resolve it.
assert is not designed to make a test against data - it can only
defend against the dumbness of the programmer that writes the assert,
it can't defend against dumbness the user using the program.
So assert is at least completely useless.
Right. (Well, nearly. The Standard doesn't actually define a "debug
mode", but I think we all know what you mean!)
Richard said:In the real world, users tend not to enjoy broken code very much, and
will try to avoid vendors who ship it to them.
I said:(...)
That claim made such a perfect hook for a small rant on absolute
statements, so (...)
I've had an email program delete random messages - or attach
messages to each other so when I e.g. deleted a spam I might also
delete next message. Dunno why, maybe a corrupted data structure.
One typical suspect was an American program using 'char' values as
indexes which could thus be negative when they met my 8-bit
charset. An entirely different part of the program, e.g. fopen(),
might have noticed that. If so I'd really, really have liked some
module - any module - to assert() before I lost more mail.
James said:Hallvard B Furuseth wrote:
...
Your assumption seems to be that the alternative to an assert() is a
crash.
The things that you would use assert() for during debugging fall
into two categories:
(...)
B) Possibilities that, despite your testing, you are not completely
certain will never turn up. If you're paying proper attention to
reality, these will be the overwhelming majority of the
possibilities. For production code, assert() is usually the wrong way to
deal with these possibilities. What should happen instead is that the
program should continue to test for these possibilities, and if they
come up, deal with them gracefully, and not simply by aborting.
Richard said:Whilst that is a true statement, it is not a good argument, at least
not from where I'm sitting. One of my uses for assertions is runtime
checking of the structural integrity of (sometimes very large)
dynamic data structures. This imposes an overhead that I am happy to
accept during debugging, but not in production code. The assertions
are there to help me discover bugs.
As Richard Bos pointed out,
assertions are a terrible way to report bugs to users - but they are
a great way to report bugs to programmers.
Inadequate testing on target platform. Assertions are not a substitute
for testing.
It /can/ do whatever it likes if the behaviour is undefined. What it
/should/ do depends on your priorities. These differ amongst
programmers.
Want to reply to this thread or ask your own question?
You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.