Re: Infering that the condition of a for loop is initially true?

[Vincent Lefevre <vincent+gcc at vinc17 dot org>]

On 2017-09-18 19:20:33 +0200, Niels Möller wrote:
> Joseph Myers <joseph@codesourcery.com> writes:
> 
> > On Mon, 18 Sep 2017, Niels Möller wrote:
> 
> >> I'm suggesting that with -DNDEBUG, assert(x) should let the compiler
> >> assume that x is true, but without producing any code to evaluate it at
> >> runtime.
> >
> > There's no requirement that x is even a valid expression with -DNDEBUG.  
> > Consider code that does
> >
> >   int x;
> > #ifndef NDEBUG
> >   int other_variable_used_in_assertion = something ();
> > #endif
> >   /* ... */
> >   assert (other_variable_used_in_assertion == x);
> 
> Ouch, didn't think about that case. And I'd expect there's a lot of real
> code like that out there.
> 
> That makes extending the standard assert facility more difficult.

Anyway, one may want both assert and assume features, depending
on the context, such as in MPFR, which has MPFR_ASSERTN(), which
are assertions that are normally always checked (though it is also
possible to disable them), and MPFR_ASSERTD(), which can either
be the assume feature (normal mode) or assertions (debug mode).

And if the user chooses not to check assertions, this does not
mean that he would want the assume on these expressions, as it
could break things even more. Some assertions could be security
ones (e.g. for detection of potential issues), but the code may
work even if the assertions are not satisfied.

-- 
Vincent Lefèvre <vincent@vinc17.net> - Web: <https://www.vinc17.net/>
100% accessible validated (X)HTML - Blog: <https://www.vinc17.net/blog/>
Work: CR INRIA - computer arithmetic / AriC project (LIP, ENS-Lyon)