Re: assert vs. abort [Was: Abortions]

[John Darrington]

I rather agree with Stroustrup when he says that the stdc assert() is
anachronistic and too inflexible.

If redefining assert() is not acceptable, then let's just write our
own macro pspp_assert(cond) to call request_bug_report_and_abort() and
not use <assert.h> (except perhaps in lib/* and q2c.c). 

The notion (implied by the NDBUG mechanism) that assertions are
something to be disabled in production code is a common one, but one
that I think is misguided.  I would only set NDEBUG in code where
speed is absolutely critical, and pspp doesn't have that criteria.

A pspp_assert_not_reached() macro is a good idea.

Whilst were talking about these things, I'm not too happy with the
current implementation of request_bug_report_and_abort().  One of the
reasons it could get called is heap exhaustion.  Any implementation of
printf is free to use the heap, so we could end up with an infinite
loop.  I think the strings should be statically allocated on startup,
and just shipped to stderr using fputs.

J'



On Thu, Mar 30, 2006 at 10:41:47AM -0800, Ben Pfaff wrote:
     
     I don't like the idea of trying to replace the standard assert
     macro with our own implementation, even I know we've been doing
     so for quite a while.  First, it's surprising to type "assert"
     and not get the standard assert macro.  Second, the standard
     strongly discourages trying to define reserved names such as
     assert.  Third, code that looks correct (that #includes
     <assert.h>) isn't.  Fourth, message.h doesn't honor NDEBUG
     (although that's of course fixable).
     
     Let me propose a change.  Instead of introducing our own assert
     macro, let's use the standard one.  The standard guarantees that
     an assertion failure prints a message on stderr that includes all
     the info we want and then calls abort().  So we can just catch
     SIGABRT and write out a message like "You've found a bug in PSPP,
     please report the assertion failure message above, if present,
     plus the other info below to bug-pspp".  This would be cleaner,
     in my opinion.
     
     assert(false) is a separate issue.  It doesn't do exactly what
     abort() does--when you compile with NDEBUG, it doesn't do
     anything.  That means that GCC will start warning if you were
     using it to mark code that should never be reached, such as a
     "default" case in a switch statement, and that now looks like it
     fails to initialize some variable that all the other cases do
     initialize.  message.h doesn't honor NDEBUG, so this behavior
     probably doesn't show up much in PSPP.
     
     I'd actually prefer to do for assert(false)/abort() what I've
     done in some other projects: add a new macro NOT_REACHED() that
     expands to
             assert (false), abort ()
     This has the desired effect whether NDEBUG is enabled or not.
     
     What do you think?

-- 
PGP Public key ID: 1024D/2DE827B3 
fingerprint = 8797 A26D 0854 2EAB 0285  A290 8A67 719C 2DE8 27B3
See http://pgp.mit.edu or any PGP keyserver for public key.

signature.asc
Description: Digital signature