Jonathan Nieder <jrnieder@xxxxxxxxx> writes:
> FWIW I think we've done fine at using assert so far. But if I
> understand correctly, the point of this series is to stop having to
> worry about it.
I recalled that there was at least one, and "log -Sassert" piped to
"less" that looks for "/^[ ^I]*assert\(" caught me one recent one.
08414938 ("mailinfo.c: move side-effects outside of assert", 2016-12-19)
Even though I do not personally mind
assert(flags & EXPECTED_BIT);
assert(remaining_doshes == 0);
left as a reminder primarily for coders, we can do just as well do
so with
if (remaining_doshes != 0)
BUG("the gostak did not distim all doshes???");
So I am fine if we want to move to reduce the use of assert()s or
get rid of them. I personally prefer (like Peff, if I am not
mistaken) an explicit use of the usual control structure, as it is
easy to follow. BUG_ON() would become another thing readers need to
get used to, if we were to use it, and my gut feeling is that it may
not be worth it.
A few more random things related to this topic that comes to my
mind:
- If we had a good set of tools to tell us if an expression is free
of side-effects, then assert(<expression>) would be less
problematic---we could mechanically check if an assert() that is
left as a reminder for coders/readers is safe.
- Even if we had such a check, using the check only on new changes
when a patch is accepted is not good enough. An assert(distim())
may have been safe back when it was added because distim() used
to be free of side-effects, but a later update to it may add side
effects to it.
- The issue that is caused by "this function used to be pure but
lately it gained side-effects" is not limited to assert(). Using
it in "if (condition) BUG(...)" or "BUG_ON(condition,...)" will
not sidestep the fact that such a change will alter behaviour of
callers of the function. It's just that assert(condition) is
conditionally compiled, which makes the issue a worse one.
