- ASSERT fault?

From: [at]} <Wojtek>
Date: Mon, 12 Jun 2006 12:02:43 -0400 (EDT)

----boundary-LibPST-iamunique-442727410_-_-
Content-type: text/plain

On Mon, 12 Jun 2006, Marco Ciot wrote:

> The intention of the programmer when placing an ASSERT should never be to
> halt the program at that point but to assert some important condition for
> the subsequent program code.

What do you mean by "assert some important condition"? What should a
program do when the assertion fails? Right now it halts. If this is not
what you want, then what action are you proposing instead?

> AND it is a wise thing to place ASSERTs whenever one is aware of such an
> important condition. This not only helps to detect programming mistakes more
> easily but also enforces code readability.

This is precisely the intention of ASSERT.

> And finally the checks (almost) never cause any relevant performance loss.

Here again it would be good to define "almost" and "relevant". Without
hard numbers the discussion becomes ill-defined. You will agree that
any check will cause some performance loss. Is "some" acceptable to you?
If not, then is "one half of some" acceptable? How much is "some"?

> In other words: if a program is correct no ASSERT in it will ever fail

> (and neither will any type guard).

As I already said, this statement is a definition of the term "correct".
It is a tautology. If you have an absolute certainty that your program
is "correct", then by the same token you know that it will never fail.
In such a situation you can turn off the checks. Have you ever seen this
kind of a situation in case of a substantial program?

It is well known and generally agreed that certain inner-most sections
of the code can be compiled without checks. An example might be a FOR loop
of the sort FOR i := 0 TO LEN (array) - 1 DO INC (array[i]) END;
Here you know that the index will never spill beyond the end of the array.
However, I doubt whether the compiler inserts any checks into the body
of the loop (but I did not look at the generated assembly, so I am just
guessing). Any code which is even slightly more complex should have checks
enabled and never turned off.

Even the above example is debatable, because one should think what happens
when the INC overflows the range of the argument. Should it quietly roll
over from MAX(INTEGER) to MIN(INTEGER)? Or should it halt? Or should it
ring a bell? Or should it turn off power to the entire building? There is
no universal answer to this question. It depends on the situation. There
might be a situation when the appropriate action is to turn off the power.

> This is why it is possible to drop the time consuming checks with a
> compiler option.

"Time consuming" is not an issue. If "some" is not acceptable to you,
but "one half of some" is acceptable, then do not turn off the checks
but rather buy a faster computer.

The issue is "what happens if a problem does occur". See the above
example which, at a first glance, seems non-problematic. But, in case
the values of your array are controlling a nuclear power station,
you definitely want to sweep "time consuming" aside from considerations
and seriously analyze the consequences of a possible exception.


> If a program WAS correct then no ASSERT in it would ever fail.
> Hence one could think of turning off the "time consuming" checks by a
> compiler option in order to increase performance for code portions that are
> assumed to be correct.

"Assumed to be correct" is a good statement. In reality one should not
assume anything even in a seemingly simplest case. It all depends on
the situation. To make it more clear, in the example above, is it your
goal to exercise the INC and print out the result? Then you can assume
it is correct. Or perhaps, are the values of the array controlling a
launch of ballistic missiles, which will be fired when the value changes
its sign from "+" to "-"? In such a case you cannot assume the code is
correct. You better exercise a check that such a change does not happen
automatically due to a pecularity of the INC instruction.

> Or again in other words: Turning off ASSERTs (and maybe even TYPE guards)
> would have no effect on correct programs, BUT could be FATAL for incorrect
> ones!

Again a tautology.

> (My opinion of course is to NEVER turn off such checks!)

Then why are discussing all this?


> > The conclusion is that if you place debugging statements in the code to

> cause halts you should always use HALT and not ASSERT.
> E.g.:
> IF a = 10 THEN HALT(99) END;
> and not:
> ASSERT(a # 10, 99);

>
> This is barely for the sake of readability and NOT bizzare at all!

Readability is in the eyes of the reader. To me it looks bizzare.


> Debugging statements more over should be RED and BOLD type faced.

Are we discussing the language or the features of the editor?

W.

--- BlackBox
--- send subject HELP or UNSUBSCRIBE to blackbox{([at]})nowhere.xy



----boundary-LibPST-iamunique-442727410_-_-
Content-type: application/rtf
Content-transfer-encoding: base64
Content-Disposition: attachment; filename="rtf-body.rtf"

e1xydGYxXGFuc2lcYW5zaWNwZzEyNTJcZnJvbXRleHQgXGRlZmYwe1xmb250dGJsDQp7XGYwXGZz
d2lzcyBBcmlhbDt9DQp7XGYxXGZtb2Rlcm4gQ291cmllciBOZXc7fQ0Ke1xmMlxmbmlsXGZjaGFy
c2V0MiBTeW1ib2w7fQ0Ke1xmM1xmbW9kZXJuXGZjaGFyc2V0MCBDb3VyaWVyIE5ldzt9fQ0Ke1xj
b2xvcnRibFxyZWQwXGdyZWVuMFxibHVlMDtccmVkMFxncmVlbjBcYmx1ZTI1NTt9DQpcdWMxXHBh
cmRccGxhaW5cZGVmdGFiMzYwIFxmMFxmczIwIE9uIE1vbiwgMTIgSnVuIDIwMDYsIE1hcmNvIENp
b3Qgd3JvdGU6XHBhcg0KXHBhcg0KPiBUaGUgaW50ZW50aW9uIG9mIHRoZSBwcm9ncmFtbWVyIHdo
ZW4gcGxhY2luZyBhbiBBU1NFUlQgc2hvdWxkIG5ldmVyIGJlIHRvXHBhcg0KPiBoYWx0IHRoZSBw
cm9ncmFtIGF0IHRoYXQgcG9pbnQgYnV0IHRvIGFzc2VydCBzb21lIGltcG9ydGFudCBjb25kaXRp
b24gZm9yXHBhcg0KPiB0aGUgc3Vic2VxdWVudCBwcm9ncmFtIGNvZGUuXHBhcg0KXHBhcg0KV2hh
dCBkbyB5b3UgbWVhbiBieSAiYXNzZXJ0IHNvbWUgaW1wb3J0YW50IGNvbmRpdGlvbiI/IFdoYXQg
c2hvdWxkIGFccGFyDQpwcm9ncmFtIGRvIHdoZW4gdGhlIGFzc2VydGlvbiBmYWlscz8gUmlnaHQg
bm93IGl0IGhhbHRzLiBJZiB0aGlzIGlzIG5vdFxwYXINCndoYXQgeW91IHdhbnQsIHRoZW4gd2hh
dCBhY3Rpb24gYXJlIHlvdSBwcm9wb3NpbmcgaW5zdGVhZD9ccGFyDQpccGFyDQo+IEFORCBpdCBp
cyBhIHdpc2UgdGhpbmcgdG8gcGxhY2UgQVNTRVJUcyB3aGVuZXZlciBvbmUgaXMgYXdhcmUgb2Yg
c3VjaCBhblxwYXINCj4gaW1wb3J0YW50IGNvbmRpdGlvbi4gVGhpcyBub3Qgb25seSBoZWxwcyB0
byBkZXRlY3QgcHJvZ3JhbW1pbmcgbWlzdGFrZXMgbW9yZVxwYXINCj4gZWFzaWx5IGJ1dCBhbHNv
IGVuZm9yY2VzIGNvZGUgcmVhZGFiaWxpdHkuXHBhcg0KXHBhcg0KVGhpcyBpcyBwcmVjaXNlbHkg
dGhlIGludGVudGlvbiBvZiBBU1NFUlQuXHBhcg0KXHBhcg0KPiBBbmQgZmluYWxseSB0aGUgY2hl
Y2tzIChhbG1vc3QpIG5ldmVyIGNhdXNlIGFueSByZWxldmFudCBwZXJmb3JtYW5jZSBsb3NzLlxw
YXINClxwYXINCkhlcmUgYWdhaW4gaXQgd291bGQgYmUgZ29vZCB0byBkZWZpbmUgImFsbW9zdCIg
YW5kICJyZWxldmFudCIuIFdpdGhvdXRccGFyDQpoYXJkIG51bWJlcnMgdGhlIGRpc2N1c3Npb24g
YmVjb21lcyBpbGwtZGVmaW5lZC4gWW91IHdpbGwgYWdyZWUgdGhhdFxwYXINCmFueSBjaGVjayB3
aWxsIGNhdXNlIHNvbWUgcGVyZm9ybWFuY2UgbG9zcy4gSXMgInNvbWUiIGFjY2VwdGFibGUgdG8g
eW91P1xwYXINCklmIG5vdCwgdGhlbiBpcyAib25lIGhhbGYgb2Ygc29tZSIgYWNjZXB0YWJsZT8g
SG93IG11Y2ggaXMgInNvbWUiP1xwYXINClxwYXINCj4gSW4gb3RoZXIgd29yZHM6IGlmIGEgcHJv
Z3JhbSBpcyBjb3JyZWN0IG5vIEFTU0VSVCBpbiBpdCB3aWxsIGV2ZXIgZmFpbFxwYXINCj4gKGFu
ZCBuZWl0aGVyIHdpbGwgYW55IHR5cGUgZ3VhcmQpLlxwYXINClxwYXINCkFzIEkgYWxyZWFkeSBz
YWlkLCB0aGlzIHN0YXRlbWVudCBpcyBhIGRlZmluaXRpb24gb2YgdGhlIHRlcm0gImNvcnJlY3Qi
LlxwYXINCkl0IGlzIGEgdGF1dG9sb2d5LiBJZiB5b3UgaGF2ZSBhbiBhYnNvbHV0ZSBjZXJ0YWlu
dHkgdGhhdCB5b3VyIHByb2dyYW1ccGFyDQppcyAiY29ycmVjdCIsIHRoZW4gYnkgdGhlIHNhbWUg
dG9rZW4geW91IGtub3cgdGhhdCBpdCB3aWxsIG5ldmVyIGZhaWwuXHBhcg0KSW4gc3VjaCBhIHNp
dHVhdGlvbiB5b3UgY2FuIHR1cm4gb2ZmIHRoZSBjaGVja3MuIEhhdmUgeW91IGV2ZXIgc2VlbiB0
aGlzXHBhcg0Ka2luZCBvZiBhIHNpdHVhdGlvbiBpbiBjYXNlIG9mIGEgc3Vic3RhbnRpYWwgcHJv
Z3JhbT9ccGFyDQpccGFyDQpJdCBpcyB3ZWxsIGtub3duIGFuZCBnZW5lcmFsbHkgYWdyZWVkIHRo
YXQgY2VydGFpbiBpbm5lci1tb3N0IHNlY3Rpb25zXHBhcg0Kb2YgdGhlIGNvZGUgY2FuIGJlIGNv
bXBpbGVkIHdpdGhvdXQgY2hlY2tzLiBBbiBleGFtcGxlIG1pZ2h0IGJlIGEgRk9SIGxvb3BccGFy
DQpvZiB0aGUgc29ydCBGT1IgaSA6PSAwIFRPIExFTiAoYXJyYXkpIC0gMSBETyBJTkMgKGFycmF5
W2ldKSBFTkQ7XHBhcg0KSGVyZSB5b3Uga25vdyB0aGF0IHRoZSBpbmRleCB3aWxsIG5ldmVyIHNw
aWxsIGJleW9uZCB0aGUgZW5kIG9mIHRoZSBhcnJheS5ccGFyDQpIb3dldmVyLCBJIGRvdWJ0IHdo
ZXRoZXIgdGhlIGNvbXBpbGVyIGluc2VydHMgYW55IGNoZWNrcyBpbnRvIHRoZSBib2R5XHBhcg0K
b2YgdGhlIGxvb3AgKGJ1dCBJIGRpZCBub3QgbG9vayBhdCB0aGUgZ2VuZXJhdGVkIGFzc2VtYmx5
LCBzbyBJIGFtIGp1c3RccGFyDQpndWVzc2luZykuIEFueSBjb2RlIHdoaWNoIGlzIGV2ZW4gc2xp
Z2h0bHkgbW9yZSBjb21wbGV4IHNob3VsZCBoYXZlIGNoZWNrc1xwYXINCmVuYWJsZWQgYW5kIG5l
dmVyIHR1cm5lZCBvZmYuXHBhcg0KXHBhcg0KRXZlbiB0aGUgYWJvdmUgZXhhbXBsZSBpcyBkZWJh
dGFibGUsIGJlY2F1c2Ugb25lIHNob3VsZCB0aGluayB3aGF0IGhhcHBlbnNccGFyDQp3aGVuIHRo
ZSBJTkMgb3ZlcmZsb3dzIHRoZSByYW5nZSBvZiB0aGUgYXJndW1lbnQuIFNob3VsZCBpdCBxdWll
dGx5IHJvbGxccGFyDQpvdmVyIGZyb20gTUFYKElOVEVHRVIpIHRvIE1JTihJTlRFR0VSKT8gT3Ig
c2hvdWxkIGl0IGhhbHQ/IE9yIHNob3VsZCBpdFxwYXINCnJpbmcgYSBiZWxsPyBPciBzaG91bGQg
aXQgdHVybiBvZmYgcG93ZXIgdG8gdGhlIGVudGlyZSBidWlsZGluZz8gVGhlcmUgaXNccGFyDQpu
byB1bml2ZXJzYWwgYW5zd2VyIHRvIHRoaXMgcXVlc3Rpb24uIEl0IGRlcGVuZHMgb24gdGhlIHNp
dHVhdGlvbi4gVGhlcmVccGFyDQptaWdodCBiZSBhIHNpdHVhdGlvbiB3aGVuIHRoZSBhcHByb3By
aWF0ZSBhY3Rpb24gaXMgdG8gdHVybiBvZmYgdGhlIHBvd2VyLlxwYXINClxwYXINCj4gVGhpcyBp
cyB3aHkgaXQgaXMgcG9zc2libGUgdG8gZHJvcCB0aGUgdGltZSBjb25zdW1pbmcgY2hlY2tzIHdp
dGggYVxwYXINCj4gY29tcGlsZXIgb3B0aW9uLlxwYXINClxwYXINCiJUaW1lIGNvbnN1bWluZyIg
aXMgbm90IGFuIGlzc3VlLiBJZiAic29tZSIgaXMgbm90IGFjY2VwdGFibGUgdG8geW91LFxwYXIN
CmJ1dCAib25lIGhhbGYgb2Ygc29tZSIgaXMgYWNjZXB0YWJsZSwgdGhlbiBkbyBub3QgdHVybiBv
ZmYgdGhlIGNoZWNrc1xwYXINCmJ1dCByYXRoZXIgYnV5IGEgZmFzdGVyIGNvbXB1dGVyLlxwYXIN
ClxwYXINClRoZSBpc3N1ZSBpcyAid2hhdCBoYXBwZW5zIGlmIGEgcHJvYmxlbSBkb2VzIG9jY3Vy
Ii4gU2VlIHRoZSBhYm92ZVxwYXINCmV4YW1wbGUgd2hpY2gsIGF0IGEgZmlyc3QgZ2xhbmNlLCBz
ZWVtcyBub24tcHJvYmxlbWF0aWMuIEJ1dCwgaW4gY2FzZVxwYXINCnRoZSB2YWx1ZXMgb2YgeW91
ciBhcnJheSBhcmUgY29udHJvbGxpbmcgYSBudWNsZWFyIHBvd2VyIHN0YXRpb24sXHBhcg0KeW91
IGRlZmluaXRlbHkgd2FudCB0byBzd2VlcCAidGltZSBjb25zdW1pbmciIGFzaWRlIGZyb20gY29u
c2lkZXJhdGlvbnNccGFyDQphbmQgc2VyaW91c2x5IGFuYWx5emUgdGhlIGNvbnNlcXVlbmNlcyBv
ZiBhIHBvc3NpYmxlIGV4Y2VwdGlvbi5ccGFyDQpccGFyDQpccGFyDQo+IElmIGEgcHJvZ3JhbSBX
QVMgY29ycmVjdCB0aGVuIG5vIEFTU0VSVCBpbiBpdCB3b3VsZCBldmVyIGZhaWwuXHBhcg0KPiBI
ZW5jZSBvbmUgY291bGQgdGhpbmsgb2YgdHVybmluZyBvZmYgdGhlICJ0aW1lIGNvbnN1bWluZyIg
Y2hlY2tzIGJ5IGFccGFyDQo+IGNvbXBpbGVyIG9wdGlvbiBpbiBvcmRlciB0byBpbmNyZWFzZSBw
ZXJmb3JtYW5jZSBmb3IgY29kZSBwb3J0aW9ucyB0aGF0IGFyZVxwYXINCj4gYXNzdW1lZCB0byBi
ZSBjb3JyZWN0LlxwYXINClxwYXINCiJBc3N1bWVkIHRvIGJlIGNvcnJlY3QiIGlzIGEgZ29vZCBz
dGF0ZW1lbnQuIEluIHJlYWxpdHkgb25lIHNob3VsZCBub3RccGFyDQphc3N1bWUgYW55dGhpbmcg
ZXZlbiBpbiBhIHNlZW1pbmdseSBzaW1wbGVzdCBjYXNlLiBJdCBhbGwgZGVwZW5kcyBvblxwYXIN
CnRoZSBzaXR1YXRpb24uIFRvIG1ha2UgaXQgbW9yZSBjbGVhciwgaW4gdGhlIGV4YW1wbGUgYWJv
dmUsIGlzIGl0IHlvdXJccGFyDQpnb2FsIHRvIGV4ZXJjaXNlIHRoZSBJTkMgYW5kIHByaW50IG91
dCB0aGUgcmVzdWx0PyBUaGVuIHlvdSBjYW4gYXNzdW1lXHBhcg0KaXQgaXMgY29ycmVjdC4gT3Ig
cGVyaGFwcywgYXJlIHRoZSB2YWx1ZXMgb2YgdGhlIGFycmF5IGNvbnRyb2xsaW5nIGFccGFyDQps
YXVuY2ggb2YgYmFsbGlzdGljIG1pc3NpbGVzLCB3aGljaCB3aWxsIGJlIGZpcmVkIHdoZW4gdGhl
IHZhbHVlIGNoYW5nZXNccGFyDQppdHMgc2lnbiBmcm9tICIrIiB0byAiLSI/IEluIHN1Y2ggYSBj
YXNlIHlvdSBjYW5ub3QgYXNzdW1lIHRoZSBjb2RlIGlzXHBhcg0KY29ycmVjdC4gWW91IGJldHRl
ciBleGVyY2lzZSBhIGNoZWNrIHRoYXQgc3VjaCBhIGNoYW5nZSBkb2VzIG5vdCBoYXBwZW5ccGFy
DQphdXRvbWF0aWNhbGx5IGR1ZSB0byBhIHBlY3VsYXJpdHkgb2YgdGhlIElOQyBpbnN0cnVjdGlv
bi5ccGFyDQpccGFyDQo+IE9yIGFnYWluIGluIG90aGVyIHdvcmRzOiBUdXJuaW5nIG9mZiBBU1NF
UlRzIChhbmQgbWF5YmUgZXZlbiBUWVBFIGd1YXJkcylccGFyDQo+IHdvdWxkIGhhdmUgbm8gZWZm
ZWN0IG9uIGNvcnJlY3QgcHJvZ3JhbXMsIEJVVCBjb3VsZCBiZSBGQVRBTCBmb3IgaW5jb3JyZWN0
XHBhcg0KPiBvbmVzIVxwYXINClxwYXINCkFnYWluIGEgdGF1dG9sb2d5LlxwYXINClxwYXINCj4g
KE15IG9waW5pb24gb2YgY291cnNlIGlzIHRvIE5FVkVSIHR1cm4gb2ZmIHN1Y2ggY2hlY2tzISlc
cGFyDQpccGFyDQpUaGVuIHdoeSBhcmUgZGlzY3Vzc2luZyBhbGwgdGhpcz9ccGFyDQpccGFyDQpc
cGFyDQo+ID4gVGhlIGNvbmNsdXNpb24gaXMgdGhhdCBpZiB5b3UgcGxhY2UgZGVidWdnaW5nIHN0
YXRlbWVudHMgaW4gdGhlIGNvZGUgdG9ccGFyDQo+IGNhdXNlIGhhbHRzIHlvdSBzaG91bGQgYWx3
YXlzIHVzZSBIQUxUIGFuZCBub3QgQVNTRVJULlxwYXINCj4gRS5nLjpccGFyDQo+IFx0YWIgSUYg
YSA9IDEwIFRIRU4gSEFMVCg5OSkgRU5EO1xwYXINCj4gYW5kIG5vdDpccGFyDQo+IFx0YWIgQVNT
RVJUKGEgIyAxMCwgOTkpO1xwYXINCj5ccGFyDQo+IFRoaXMgaXMgYmFyZWx5IGZvciB0aGUgc2Fr
ZSBvZiByZWFkYWJpbGl0eSBhbmQgTk9UIGJpenphcmUgYXQgYWxsIVxwYXINClxwYXINClJlYWRh
YmlsaXR5IGlzIGluIHRoZSBleWVzIG9mIHRoZSByZWFkZXIuIFRvIG1lIGl0IGxvb2tzIGJpenph
cmUuXHBhcg0KXHBhcg0KXHBhcg0KPiBEZWJ1Z2dpbmcgc3RhdGVtZW50cyBtb3JlIG92ZXIgc2hv
dWxkIGJlIFJFRCBhbmQgQk9MRCB0eXBlIGZhY2VkLlxwYXINClxwYXINCkFyZSB3ZSBkaXNjdXNz
aW5nIHRoZSBsYW5ndWFnZSBvciB0aGUgZmVhdHVyZXMgb2YgdGhlIGVkaXRvcj9ccGFyDQpccGFy
DQpXLlxwYXINClxwYXINCi0tLSBCbGFja0JveFxwYXINCi0tLSBzZW5kIHN1YmplY3QgSEVMUCBv
ciBVTlNVQlNDUklCRSB0byBibGFja2JveEBvYmVyb24uY2h9fQAt8BggbCQgKMJw


----boundary-LibPST-iamunique-442727410_-_---
Received on Mon Jun 12 2006 - 18:02:43 UTC

This archive was generated by hypermail 2.3.0 : Thu Sep 26 2013 - 06:27:51 UTC