On Wednesday, 5 September 2018 at 10:30:46 UTC, Ola Fosheim
Grøstad wrote:
On Monday, 3 September 2018 at 16:53:35 UTC, Meta wrote:
This battle has been fought over and over, with no movement on
either side, so I'll just comment that nobody what John Nails
or anyone else says, my personal opinion is that you're 100%
wrong on that point :-)
Well, John Regehr seems to argue that you shouldn't use asserts
for optimization even if they are turned on as the runtime
might override a failed assert.
«As developers, we might want to count on a certain kind of
behavior when an assertion fails. For example, Linux’s BUG_ON()
is defined to trigger a kernel panic. If we weaken Linux’s
behavior, for example by logging an error message and
continuing to execute, we could easily end up adding
exploitable vulnerabilities.»
So…
I don't disagree. I think the only sane way to use asserts as an
optimization guide is when the program will abort if the
condition does not hold. That, to me, makes perfect sense, since
you're basically telling the compiler "This condition must be
true past this assertion point, because otherwise program
execution will not continue past this point". You're ensuring
that the condition specified in the assert is true by definition.
Not having that hard guarantee but still using asserts as an
optimization guide is absolutely insane, IMO.
