Received: from sog-mx-3.v43.ch3.sourceforge.com ([172.29.43.193] helo=mx.sourceforge.net) by sfs-ml-2.v29.ch3.sourceforge.com with esmtp (Exim 4.76) (envelope-from ) id 1Ws8mw-0008GG-J9 for bitcoin-development@lists.sourceforge.net; Wed, 04 Jun 2014 10:51:22 +0000 Received-SPF: pass (sog-mx-3.v43.ch3.sourceforge.com: domain of gmail.com designates 209.85.214.169 as permitted sender) client-ip=209.85.214.169; envelope-from=mh.in.england@gmail.com; helo=mail-ob0-f169.google.com; Received: from mail-ob0-f169.google.com ([209.85.214.169]) by sog-mx-3.v43.ch3.sourceforge.com with esmtps (TLSv1:RC4-SHA:128) (Exim 4.76) id 1Ws8mu-0007JK-OG for bitcoin-development@lists.sourceforge.net; Wed, 04 Jun 2014 10:51:22 +0000 Received: by mail-ob0-f169.google.com with SMTP id vb8so7591539obc.0 for ; Wed, 04 Jun 2014 03:51:15 -0700 (PDT) MIME-Version: 1.0 X-Received: by 10.60.83.232 with SMTP id t8mr55761551oey.16.1401879075077; Wed, 04 Jun 2014 03:51:15 -0700 (PDT) Sender: mh.in.england@gmail.com Received: by 10.76.71.162 with HTTP; Wed, 4 Jun 2014 03:51:15 -0700 (PDT) In-Reply-To: <538EF81D.9060301@stud.uni-saarland.de> References: <1401822421.27942.YahooMailNeo@web124505.mail.ne1.yahoo.com> <538EF81D.9060301@stud.uni-saarland.de> Date: Wed, 4 Jun 2014 18:51:15 +0800 X-Google-Sender-Auth: A3RWR_sDcBR7x-l1yNLE-HPOsks Message-ID: From: Mike Hearn To: Jannis Froese Content-Type: multipart/alternative; boundary=089e01182c8a49d6ea04fb0068d4 X-Spam-Score: -0.5 (/) X-Spam-Report: Spam Filtering performed by mx.sourceforge.net. See http://spamassassin.org/tag/ for more details. -1.5 SPF_CHECK_PASS SPF reports sender host as permitted sender for sender-domain 0.0 FREEMAIL_FROM Sender email is commonly abused enduser mail provider (mh.in.england[at]gmail.com) -0.0 SPF_PASS SPF: sender matches SPF record 1.0 HTML_MESSAGE BODY: HTML included in message 0.1 DKIM_SIGNED Message has a DKIM or DK signature, not necessarily valid -0.1 DKIM_VALID Message has at least one valid DKIM or DK signature X-Headers-End: 1Ws8mu-0007JK-OG Cc: Bitcoin Dev Subject: Re: [Bitcoin-development] # error "Bitcoin cannot be compiled without assertions." <<< List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 04 Jun 2014 10:51:22 -0000 --089e01182c8a49d6ea04fb0068d4 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: quoted-printable Currently expensive checks are guarded with command line flags. It'd be nice if there could be one unified command line flag -expensivechecks that subsumes -checkmempool and so on. On Wed, Jun 4, 2014 at 6:42 PM, Jannis Froese wrote: > There are reasons to have assertions enabled by default in software like > Bitcoin Core, where incorrect behaviour can be costly. But this comes at = a > prize: our assertions have to satisfy certain performance requirements. > It's no longer possible to do expensive, redundant checks in performance > critical code, which is one of the main advantages of asserts. Imho, > asserts are not intended for small range checks etc, but are meant for > checks that a hash hasn't changed, that a tree structure is still a tree, > that data is still sorted, or that data structures are in sync. > > I think most concerns about the current use of asserts would be resolved > if the currently used asserts would be changed to a nicer definition whic= h > is independent of NDEBUG, and a second class of debugging asserts would b= e > introduced, which is exclusively for expensive, redundant checks and is > disabled by NDEBUG. > > > > Am 2014-06-04 12:15, schrieb Gregory Maxwell: > > On Wed, Jun 4, 2014 at 2:51 AM, Mike Hearn wrote: > >> Hi Ron, >> >> FYI your mail is being spamfoldered due to Yahoo's DMARC policy and the >> brokenness of the SF.net mailing list software. I would not expect to ge= t >> replies reliably whilst this is the case. I think we should move away fr= om >> SF.net for hosting mailing lists personally, because it's this list that= 's >> at fault not Yahoo, but until then you may wish to send to the list with= a >> different email address. >> >> As to your question, >> >> assert() should have *no* side effects, that is the problem. >>> >>> See >>> >>> http://books.google.com/books?id=3DL5ZbzVnpkXAC&pg=3DPA72&lpg=3DPA72&dq= =3DGotcha+%2328+Side+Effects&source=3Dbl&ots=3DRn15TlPmje&sig=3DtymHqta0aSA= NwaM2GaXC-1Di_tk&hl=3Den&sa=3DX&ei=3DuVKNU47fCcvTsAT6goHIBA&ved=3D0CCAQ6AEw= AA#v=3Donepage&q=3DGotcha%20%2328%20Side%20Effects&f=3Dfalse >>> >>> a great book, BTW. Everyone who thinks they know what they are doing >>> when they write C++ should read this book! They will realize that they >>> don't know Jack [image: Roll Eyes] >>> >>> Why weren't these and all the other examples of amateur, i.e., >>> non-professional, software fixed way back in version 0.3.0 in 2010, bef= ore >>> any more releases were done? And why were these and other sub-standard >>> coding practices continued and expanded in later releases, right up unt= il >>> the present? >>> >> >> Back in 2010 most code was still being written by Satoshi so perhaps >> you should ask him. Regardless, it's very common for professional codeba= ses >> to require assertions be enabled. For example the entire Google C++ >> codebase uses always-on assertions that have side effects liberally: it'= s >> convenient and safe, when you have the guarantee the code will always ru= n, >> and the performance benefits of compiling out assertions are usually >> non-existent. >> >> So for this reason I think Bitcoin Core currently will fail to build if >> assertions are disabled, and that seems OK to me. >> > > As a matter of procedure we do not use assertions with side effects=E2= =80=94 the > codebase did at one point, but have cleaned them up. In an abundance of > caution we also made it refuse to compile without assertions enabled: A > decision who's wisdom was clearly demonstrated when not long after, some > additional side-effect having assert was contributed. In the real world > errors happen here and there, and making robust software involves defense > in depth. > > Considering the normal criticality of the software it should always be > with the assertions. Without them is an untested configuration. It would > probably be superior to use our own assertion macros (for one, they can > give some better reporting=E2=80=A6) that don't have the baggage ordinary > assertions have, but as a the codebase is a production thing, making larg= er > changes all at once to satisfy aesthetics would be unwise... simply > refusing to compile in that untested, unsupported configuration is pruden= t, > for the time being. > > > > -------------------------------------------------------------------------= ----- > Learn Graph Databases - Download FREE O'Reilly Book > "Graph Databases" is the definitive new guide to graph databases and thei= r > applications. Written by three acclaimed leaders in the field, > this first edition is now available. Download your free book today!http:/= /p.sf.net/sfu/NeoTech > > > > _______________________________________________ > Bitcoin-development mailing listBitcoin-development@lists.sourceforge.net= https://lists.sourceforge.net/lists/listinfo/bitcoin-development > > > > > -------------------------------------------------------------------------= ----- > Learn Graph Databases - Download FREE O'Reilly Book > "Graph Databases" is the definitive new guide to graph databases and thei= r > applications. Written by three acclaimed leaders in the field, > this first edition is now available. Download your free book today! > http://p.sf.net/sfu/NeoTech > _______________________________________________ > Bitcoin-development mailing list > Bitcoin-development@lists.sourceforge.net > https://lists.sourceforge.net/lists/listinfo/bitcoin-development > > --089e01182c8a49d6ea04fb0068d4 Content-Type: text/html; charset=UTF-8 Content-Transfer-Encoding: quoted-printable
Currently expensive checks are guarded with command line f= lags. It'd be nice if there could be one unified command line flag -exp= ensivechecks that subsumes -checkmempool and so on.


On Wed, Jun 4, 2014 at 6:42 PM, Jannis F= roese <s9jafroe@stud.uni-saarland.de> wrote:
=
=20 =20 =20
There are reasons to have assertions enabled by default in software like Bitcoin Core, where incorrect behaviour can be costly. But this comes at a prize: our assertions have to satisfy certain performance requirements. It's no longer possible to do expensive, redundant checks in performance critical code, which is one of the main advantages of asserts. Imho, asserts are not intended for small range checks etc, but are meant for checks that a hash hasn't changed, that a tree structure is still a tree, that data is still sorted, or that data structures are in sync.

I think most concerns about the current use of asserts would be resolved if the currently used asserts would be changed to a nicer definition which is independent of NDEBUG, and a second class of debugging asserts would be introduced, which is exclusively for expensive, redundant checks and is disabled by NDEBUG.



Am 2014-06-04 12:15, schrieb Gregory Maxwell:
On Wed, Jun 4, 2014 at 2:51 AM, Mike Hearn <mike@plan= 99.net> wrote:
Hi Ron,

FYI your mail is being spamfoldered due to Yahoo's DMARC policy and the brokenness of the SF.net mailing list software. I would not expect to get replies reliably whilst this is the case. I think we should move away from SF.net for hosting mailing lists personally, because it's this list that's at faul= t not Yahoo, but until then you may wish to send to the list with a different email address.

As to your question,

assert() should have no side effects, that is the problem.

See
http://books.google.com/books?id=3DL5Zb= zVnpkXAC&pg=3DPA72&lpg=3DPA72&dq=3DGotcha+%2328+Side+Effects&am= p;source=3Dbl&ots=3DRn15TlPmje&sig=3DtymHqta0aSANwaM2GaXC-1Di_tk&am= p;hl=3Den&sa=3DX&ei=3DuVKNU47fCcvTsAT6goHIBA&ved=3D0CCAQ6AEwAA#= v=3Donepage&q=3DGotcha%20%2328%20Side%20Effects&f=3Dfalse

a great book, BTW.=C2=A0 Everyone who thinks they know what they are doing when they write C++ should read this book!=C2=A0 They will realize that they don't know Jack 3D"Roll

Why weren't these and all the other examples of amateur, i.e., non-professional, software fixed way back in version 0.3.0 in 2010, before any more releases were done?=C2=A0 And wh= y were these and other sub-standard coding practices continued and expanded in later releases, right up until the present?

Back in 2010 most code was still being written by Satoshi so perhaps you should ask him. Regardless, it's very common for professional codebases to require assertions be enabled. For example the entire Google C++ codebase uses always-on assertions that have side effects liberally: it's convenient and safe, when you hav= e the guarantee the code will always run, and the performance benefits of compiling out assertions are usually non-existent.

So for this reason I think Bitcoin Core currently will fail to build if assertions are disabled, and that seems OK to me.

As a matter of procedure we do not use assertions with side effects=E2=80=94 the codebase did at one point, but have cleaned them up.=C2=A0 In an abundance of caution we also mad= e it refuse to compile without assertions enabled: A decision who's wisdom was clearly demonstrated when not long after, some additional side-effect having assert was contributed. In the real world errors happen here and there, and making robust software involves defense in depth.

Considering the normal criticality of the software it should always be with the assertions. Without them is an untested configuration.=C2=A0 It would probably be superior t= o use our own assertion macros (for one, they can give some better reporting=E2=80=A6) that don't have the baggage or= dinary assertions have, but as a the codebase is a production thing, making larger changes all at once to satisfy aesthetics would be unwise... simply refusing to compile in that untested, unsupported configuration is prudent, for the time being.



----------------------------------------------------=
--------------------------
Learn Graph Databases - Download FREE O'Reilly Book
"Graph Databases" is the definitive new guide to graph databases =
and their=20
applications. Written by three acclaimed leaders in the field,=20
this first edition is now available. Download your free book today!
http://p.sf.net/s=
fu/NeoTech


_______________________________________________
Bitcoin-development mailing list
Bitcoin-development@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/bitcoin-de=
velopment


-----------------------------------------------------------------------= -------
Learn Graph Databases - Download FREE O'Reilly Book
"Graph Databases" is the definitive new guide to graph databases = and their
applications. Written by three acclaimed leaders in the field,
this first edition is now available. Download your free book today!
http://p.sf.net/s= fu/NeoTech
_______________________________________________
Bitcoin-development mailing list
Bitcoin-develo= pment@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/bitcoin-de= velopment


--089e01182c8a49d6ea04fb0068d4--