assert semantic change proposal

John Carter via Digitalmars-d digitalmars-d at puremagic.com
Sun Aug 3 18:17:22 PDT 2014 

On Sunday, 3 August 2014 at 19:47:27 UTC, David Bregman wrote:

> 2. Semantic change.
> The proposal changes the meaning of assert(), which will result 
> in breaking existing code. Regardless of philosophizing about 
> whether or not the code was "already broken" according to some 
> definition of assert, the fact is that shipping programs that 
> worked perfectly well before may no longer work after this 
> change.

Subject to the caveat suggesting having two assert's with 
different names and different meanings, I am in the position to 
comment on this one from experience.

So assuming we do have a "hard assert" that is used within the 
standard libraries and a "soft assert" in user code (unless they 
explicitly choose to use the "hard assert"....)

What happens?

Well, I'm the dogsbody who has the job of upgrading the toolchain 
and handling the fallout of doing so.

So I have been walking multimegaline code bases through every gcc 
version in the last 15 years.

This is relevant because on every new version they have added 
stricter warnings, and more importantly, deeper optimizations.

It's especially the deeper optimizations that are interesting 
here.

They are often better data flow analysis which result in more 
"insightful" warnings.

So given I'm taking megalines of C/C++ code from a warnings free 
state on gcc version N to warnings free on version N+1, I'll make 
some empirical observations.

* They have _always_ highlighted dodgy / non-portable / 
non-standard compliant code.
* They have quite often highlighted existing defects in the code.
* They have quite often highlighted error handling code as 
"unreachable", because it is... and the only sane thing to do is 
delete it.
* They have often highlighted the error handling code of 
"defensive programmers" as opposed to DbC programmers.

Why? Because around 30% of the code of a defensive programmer is 
error handling crud that has never been executed, not even in 
development and hence is untested and unmaintained.

The clean up effort was often fairly largish, maybe a week or 
two, but always resulted in better code.

Customer impacting defects introduced by the new optimizations 
have been....

a) Very very rare.
b) Invariably from really bad code that was blatantly defective, 
non-standard compliant and non-portable.

So what do I expect, from experience from Walter's proposed 
change?


Another guy in this thread complained about the compiler suddenly 
relying on thousands of global axioms from the core and standard 
libraries.

Yup.

Exactly what is going to happen.

As you get...

* more and more optimization passes that rely on asserts,
* in particular pre and post condition asserts within the 
standard libraries,
* you are going to have flocks of user code that used to compile 
without warning
* and ran without any known defect...

...suddenly spewing error messages and warnings.

But that's OK.

Because I bet 99.999% of those warnings will be pointing straight 
at bone fide defects.

And yes, this will be a regular feature of life.

New version of compiler, new optimization passes, new warnings... 
That's OK, clean 'em up, and a bunch of latent defects won't come 
back as customer complaints.

More information about the Digitalmars-d mailing list