J
James Kuyper
Hallvard said:What? My assumption is that one alternative is to not crash, but
instead let worse damage happen.
What you mean by "let worse damage happen" is what I mean by "crash". I
refer to what assert() does as aborting, not crashing. It's just a
difference in terminology.
....
Yes, code should of course test for bugs in itself and nearby code, and
try to deal gracefully with them. And asserts should of course be
limited to tests where you could be bothered to write the test but not
with coming up with and coding a graceful exit strategy, or where a
"graceful exit strategy" has no or negative value since what you want is
a crash during testing.
Even so, real life doesn't measure up to your ideal of production code,
or any reasonable person's ideal for that matter.
Large portions of real life pay no attention to my ideals, and I don't
have the power to change that. However, it is entirely in my powers to
ensure that the production code I deliver lives up to the ideal
described above, and I have in fact done so, when I could. A large
portion of the code I'm currently responsible for is code that I neither
designed nor wrote - the "real life" you refer to has prevented me from
re-writing all of that code. However, all of my new code, and all of my
modifications to existing code are consistent with that ideal. If that
ideal seems unachievable, then you may have understood it in a more
extreme fashion than I intended when I described it.