assert(0) behavior

[Dicebot via Digitalmars-d]

On Tuesday, 4 August 2015 at 14:40:16 UTC, Nick Sabalausky wrote:
> On 08/03/2015 11:59 AM, Dicebot wrote:
>> General advice  - simply don't ever use -release unless you 
>> are _very_
>> sure about program correctness (to the point of 100% test 
>> coverage and
>> previous successful debug runs)
>
> This is very true. I never disable asserts or bounds checking 
> for exactly that reason - you can NEVER conclusively determine 
> through prerelease testing that none of those conditions are 
> going to get tripped in real-world usage. ANY developer who 
> thinks they can is absolutely fooling themself. And what 
> happens for the end user WHEN one of those conditions does 
> occur? Memory corruption or otherwise invalid state. Things go 
> boom. Whee. BAD idea.
>
> There is only ONE time when asserts or bounds checking should 
> EVER be disabled and that's on a per-function basis (split it 
> out into a separate module if you need to) AFTER profiling has 
> determined that specific location to be a significant 
> bottleneck, and the code in question has been (and will 
> continue to be during all future maintenance) VERY carefully 
> combed-over and peer-reviewed to ensure (as much as possible) 
> that disabling asserts/bounds checks on that localized function 
> cannot lead to corruption, exploits or invalid state.

Recently we had quite a lengthy discussion at work regarding 
possible guidelines for using asserts, contracts and enforce (we 
have similar own implementation) that would actually allow using 
-release flag for release builds. And got to certain principles 
that I believe may work in practice (even though they violate DbC 
ideology). I will check if I can publish those here.