On the D Blog--Symphony of Destruction: Structs, Classes, and the GC
Mike Parker
aldacron at gmail.com
Fri Mar 5 03:27:29 UTC 2021
On Thursday, 4 March 2021 at 23:42:58 UTC, Dukc wrote:
>
> I don't understand this part. If an assert was failing, the
> program is going to terminate anyway, so
> InvalidMemoryOperationError is no problem. Well, it might
> obfuscate the underlying error if there is no stack trace, but
> banning `assert`ing in anything that could be called by a
> destructor sounds too drastic to me. Even the lowest level
> system code tends to contain asserts in D, at least in my
> codebase. If asserting is banned, destructors can do faily much
> nothing. I'd think it's much more practical to redefine the
> assert failure handler if InvalidMemoryOperationError due to a
> failed assert is a problem.
Yes, this can be worked around. Passing -checkaction=C to the
compiler will use the C assert handler and no exception will be
thrown (which, IMO, should be the default behavior of asserts
anyway). But even then, I believe as a general rule that any code
which touches an assert has no place in a finalizer. And that's
because asserts are inherently deterministic.
A properly-written assert is used to verify an expectation that
the program is in a specific state at a specific point in its
execution. If the program is not in that state at that point,
then we know we've got an error in our code. It's because of this
determinism that we can remove asserts from released code and
expect that nothing will break, and it's why we don't assert on
conditions that are beyond our control (like user input).
Because finalizers are non-deterministic, they kill that "at a
specific point in the program's execution" part, rendering any
asserts they touch unreliable. It is realistically possible that
an assert invoked in a finalizer never triggers during
development, then the program is released with asserts removed,
and then it breaks out in the wild because a finalizer is invoked
at a point when the program isn't in the expected state.
This doesn't make *destructors* useless, but *finalizers* really
are mostly useless most of the time, IMO. As D programmers, we
need to consciously be aware of the distinction since the
language isn't.
More information about the Digitalmars-d-announce
mailing list