Jeff King wrote: > On Wed, Nov 22, 2017 at 03:45:32PM -0800, Jonathan Nieder wrote: >> It lets you build with NDEBUG. > > But why do you want to build with NDEBUG if nothing uses assert()? ;) No idea, but some distros (not Debian) have done it before and I don't want to be burned again. > I'm being a little glib, but I think there really is a chicken-and-egg > question here. Why are people building with NDEBUG if they don't want to > disable asserts? It's because they want to disable asserts. The semantics of assert is that they're allowed to be compiled out. A person setting NDEBUG is perfectly within their rights to assume that the author of a program has followed those semantics. Of course this makes assert a terrible API from the point of view of Rusty Russel's API rating scheme <http://sweng.the-davies.net/Home/rustys-api-design-manifesto> but it's what C gives us. FWIW I think we've done fine at using assert so far. But if I understand correctly, the point of this series is to stop having to worry about it. [...] >> It also goes through our own die() >> handler, which means that e.g. the error message gets propagated over >> remote transports. > > BUG() doesn't go through our die handler. It hits vreportf(), which does > do some minor munging, but it always goes to stderr. Error message > propagation over the remote protocol happens either: > > 1. From a parent process muxing our stderr onto the sideband. > > 2. Via special wrappers like receive-pack's rp_error(). > > The only program I know that sets a custom die handler to change the > reporting is git-http-backend (and there it only applies to die("BUG"), > not BUG(), so with the latter you'd get a hard hangup instead of an > attempt at an http 500). Ah, interesting. That could be worth changing, though I don't think it's too important. [...] > Yes, obviously side effects in an assert() are horrible. But I haven't > noticed that being a problem in our code base. > > For the record, I'm totally fine with banning assert() in favor of a > custom equivalent. I just don't think we've seen any real problems with > assert in our codebase so far. It sounds like we basically agree, then. :) Jonathan
