On Monday, 6 June 2022 at 06:14:59 UTC, Sebastiaan Koppe wrote:
Those are not places where you would put an assert.
The only place to put an assert is when *you* know there is no
recovery.
No, asserts are orthogonal to recovery. They just specify the
assumed constraints in the implementation of the algorithm. You
can view them as comments that can be read by a computer and
checked for that specific function.
For instance you can have a formally proven reference
implementation full of asserts, then one optimized version where
you keep critical asserts or just the post condition. If the
optimized version fails, then you can revert to the reference
(with no or few asserts, because it is already formally verified).
There is nothing wrong with having many asserts or asserts you
«know» to hold. They are helpful when you modify code and
datastructures.
Maybe one could have more selective ways to leave out asserts
(e.g. based on revision) so that you remove most asserts in
actors that has not changed since version 1.0 and retain more
asserts in new actors.
Also, if you fully check the full post condition (in @safe code)
then you can remove all asserts in release as they are
inconsequential.
So the picture is more nuanced and it should be up to the
programmer to decide, but maybe a more expressive and selective
regime is useful.