Assert and undefined behavior
John Burton
john.burton at jbmail.com
Wed Oct 11 09:27:49 UTC 2017
The spec says this :-
"As a contract, an assert represents a guarantee that the code
must uphold. Any failure of this expression represents a logic
error in the code that must be fixed in the source code. A
program for which the assert contract is false is, by definition,
invalid, and therefore has undefined behaviour."
Now I worry about the words "undefined behavior" because in C++
compiler writers seem to have decided that these words mean that
it's ok for the compiler to generate code to do whatever it feels
like even in unconnected code and even before the undefined
behavior is invoked because some subsequent code has undefined
behavior.
From my C++ experience this paragraph tells me that if I use
"assert" to check my assumptions, and the assertion is false,
then this could lead to my program failing in unpredictable ways
unconnected with the actual assertion.
I therefore feel like I ought to not use assert and should
instead validate my assumptions with an if statement and a throw
or exit or something.
I feel like a failing assertion should not cause "undefined
behavior" in the sense it is commonly used in C++ programming
these days but should have exactly defined behavior that it will
do nothing if the assert passes and throw the specified exception
if it fails. Can I safely assume this despite the wording?
I know this might seem like a small or pedantic point, but C++
compilers can and do use invoking undefined behavior as an excuse
to do all kinds of unexpected things in generated code these days
and I want to write safe code :) I feel that if D is specified in
the same way then assert is not safe for me to use in a real
program.
More information about the Digitalmars-d-learn
mailing list