John Regehr on "Use of Assertions"

[Timon Gehr]

On 06.09.2018 23:47, Walter Bright wrote:
> On 9/5/2018 4:55 PM, Timon Gehr wrote:
>> John rather explicitly states the opposite in the article.
> 
> I believe that his statement:
> 
> "it’s not an interpretation that is universally useful"
> 
> is much weaker than saying "the opposite". He did not say it was "never 
> useful".
> ...

Wait, what?

 From this it would follow that "UB on failing assert is never useful" 
is the opposite of your stance. Therefore you would think that "UB on 
failing assert is _sometimes_ useful". (I don't have any qualm with 
this, but I would note that this will not be very common, and that a per 
compilation unit switch is a too coarse-grained way to select asserts 
you want to use for optimization, and it also affects @safe-ty therefore 
there should just be a @system __assume primitive _instead_.)

However, not allowing to _disable_ asserts instead of turning them into 
UB is only a good idea if "UB on failing assert is always useful". (I 
totally, utterly disagree with this and we have filled pages of 
newsgroup posts where you were championing this claim.)

So, which is it?

> For example, it is not universally true that airplanes never crash. But  > it is rare enough that we can usefully assume the next one we get on
> won't crash.

So if your stance was: "Airplanes don't crash", and John were to come 
and write an article that said:

"There are two ways to think about airplanes:

1. If they crash, you die. This is the best way to think about airplanes.

2. Another popular way to think about airplanes is that they don't 
crash. However, this interpretation is not universally useful. In fact, 
it can be dangerous if adopted by pilots or engineers."

Then you would conclude: "I am very happy that John agrees with me that 
airplanes don't crash." ?