Received: from magnesium.8pit.net (magnesium.8pit.net [45.76.88.171]) by nld3-dev1.alpinelinux.org (Postfix) with ESMTPS id C0DC9781D76 for <~alpine/devel@lists.alpinelinux.org>; Mon, 18 May 2020 13:56:50 +0000 (UTC) Received: from magnesium.8pit.net (localhost [127.0.0.1]) by magnesium.8pit.net (OpenSMTPD) with ESMTP id babbe6ff for <~alpine/devel@lists.alpinelinux.org>; Mon, 18 May 2020 15:56:50 +0200 (CEST) DKIM-Signature: v=1; a=rsa-sha1; c=relaxed; d=soeren-tempel.net; h=date :to:subject:from:message-id:mime-version:content-type :content-transfer-encoding; s=opensmtpd; bh=AgLgrAq4EmNg3emspB9z xDmKoVc=; b=I9qVyo8bFkZw5QGGHfuwtnPcZCGr8qsQeHrUUttkXam/XjXnK6v+ jojn27rpeKwZlM3EU0vK5wKqakpbajcjR3t93vLODN/jA31yvk3NwtNJaeHz3nmv 9ewFAqZ3Bg6pc+57f+AYZxf9+SS9FMIUysB2JpPd0d0ALEQiiT24ZoI= DomainKey-Signature: a=rsa-sha1; c=nofws; d=soeren-tempel.net; h=date:to :subject:from:message-id:mime-version:content-type :content-transfer-encoding; q=dns; s=opensmtpd; b=Tb81qCN0Za+WLS 7Kfi2dUBIpDWE+Z4ahExkV4tAQP4Tfr4Gh9HYBZD9xsjgIYtxEvGLmTTJ8G84Ec6 m/aj3KLGa7o1k8NX8gs37FgTcJmYSz1uxAb+aiU5qgYo3oFVRGDfk2gU4ZhVH6Tm +L5zNJ7IUOim1PcLwoSKSQtDmQ1r0= Received: from localhost (ip4d17229f.dynamic.kabel-deutschland.de [77.23.34.159]) by magnesium.8pit.net (OpenSMTPD) with ESMTPSA id ce98bb93 (TLSv1.2:ECDHE-RSA-AES256-GCM-SHA384:256:YES) for <~alpine/devel@lists.alpinelinux.org>; Mon, 18 May 2020 15:56:50 +0200 (CEST) Date: Mon, 18 May 2020 15:56:45 +0200 To: ~alpine/devel@lists.alpinelinux.org Subject: Disable assert statements by default? From: =?UTF-8?Q?S=C3=B6ren?= Tempel Message-Id: <1ZU8S8ERRPKR9.35CUIBSS8QET7@8pit.net> User-Agent: NeoMutt/20190121 MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: quoted-printable Hi, This is a follow-up discussion from !7970 [0], the question that was raised in this MR is whether or not assert statements should be disabled by default. The recently added meson helper script (abuild-meson) previously included the `-Db_ndebug=3Dtrue` flag to disable asserts by default. I removed this flag for two reasons: (a) I believe further discussion is needed and (b) if we come to consensus that this is a good idea we should enable it for all aports through /etc/abuild.conf. That is, to make sure that all aports get the potential benefits. A bit of background information, the C standard library includes an assert(3) function which aborts the program if the given assertion is false. If the preprocessor macro NDEBUG is defined (which meson defines if the aforementioned flag is true [1]), the assert(3) function does not generate any code. Meson itself seems to also support disabling assert statements in other languages, e.g. D [2]. The benefits of disabling asserts by default would be: * Users would not run into program crashes triggered by development assert statements. * Would probably cause a minor size reduction. The major drawback imho is that (at least in my experience) programmers assume that these assert statements are always true, but never formally proof that they are. If there exists a path which causes an assert to be false this is a bug which should be fixed. If assert(3) doesn't generate any code (i.e. NDEBUG is defined) this causes bugs to go unnoticed. Depending on the specific assert statement, this may also lead to undefined behaviour (e.g. integer overflows or memory corruptions). Undefined behaviour should obviously be avoided and falling asserts are much easier to debug than undefined behaviour. For software which uses assert statements that are intentionally reachable we can still disable them by selectively passing NDEBUG but I wouldn't enable it unconditionally by default (not even just for meson packages). Thoughts? Greetings, S=C3=B6ren [0]: https://gitlab.alpinelinux.org/alpine/aports/-/merge_requests/7970 [1]: https://github.com/mesonbuild/meson/blob/ab6a410426d614f95b779797f3dfb= 289eb3672d9/mesonbuild/compilers/compilers.py#L320-L323 [2]: https://gitlab.alpinelinux.org/alpine/aports/-/merge_requests/7970#not= e_88839