> We have asserts throughout the server these days. Do we want to remove > them all?
I want to remove them all, but won't do so until I've done all of the other things I want to do. The problem with asserts is that causing the server process to core dump is never a good idea, even when a person is in debug mode, unless the condition being checked would result in a fatal error in any case (like a later pointer de-ref or divide-by-zero). Expected run-time errors should just be logged and handled. In all other cases it is better to bullet-proof the code or simply ignore that condition as a possibility. Cosmic rays and memory errors do occur, so an assert should not be used unless it is a truly fatal condition. The problem with conditionally-compiled debug switches is they change the code such that the stuff we test isn't the same as gets deployed, which can mask race conditions. However, the main reason that I don't like asserts is that they lead to programmer mistakes -- people assuming that a condition will never occur in all environments simply because none of their own debug tests in their own environment triggered the assert. I think the code should either be logically complete (handle all cases) or fail-soft. ....Roy
