undefined | Better HN

0 pointsJohnFen2mo ago0 comments

> A comment "this CANNOT happen" has no value on itself.

I think it does have some value: it makes clear an assumption the programmer made. I always appreciate it when I encounter comments that clarify assumptions made.

0 comments

addaon2mo ago

But if you spell that `assert(false)` instead of as a comment, the intent is equally clear, but the behavior when you're wrong is well-defined.

JohnFenOP2mo ago

I agree that including that assert along with the comment is much better. But the comment alone is better than nothing, so isn't without value.

eterm2mo ago

Better yet, `assert(false, message)`, with the message what you would have written in the comment.

addaon2mo ago

`assert(false)` is pronounced "this can never happen." It's reasonable to add a comment with /why/ this can never happen, but if that's all the comment would have said, a message adds no value.

2 more replies

andrewf2mo ago

Swap the parameters around for C++ and similar langs where `assert(a, b)` evaluates the same as `(void) a; assert(b)`.

fwip2mo ago

I think you might have missed that they threw an exception right under the comment.

zffr2mo ago

At least on iOS, asserts become no-ops on release builds

josephg2mo ago

It really depends on the language you use. Personally I like the way rust does this:

- assert!() (always checked),

- debug_assert!() (only run in debug builds)

- unreachable!() (panics)

- unsafe unreachable_unchecked() (tells the compiler it can optimise assuming this is actually unreachable)

- if cfg!(debug_assertions) { … } (Turns into if(0){…} in release mode. There’s also a macro variant if you need debug code to be compiled out.)

This way you can decide on a case by case basis when your asserts are worth keeping in release mode.

And it’s worth noting, sometimes a well placed assert before the start of a loop can improve performance thanks to llvm.

1 more reply

addaon2mo ago

You can (and probably should) undef NDEBUG even for release builds.

AdieuToLogic2mo ago

>> A comment "this CANNOT happen" has no value on itself.

> I think it does have some value: it makes clear an assumption the programmer made.

To me, a comment such as the above is about the only acceptable time to either throw an exception (in languages which support that construct) or otherwise terminate execution (such as exiting the process). If further understanding of the problem domain identifies what was thought impossible to be rare or unlikely instead, then introducing use of a disjoint union type capable of producing either an error or the expected result is in order.

Most of the time, "this CANNOT happen" falls into the category of "it happens, but rarely" and is best addressed with types and verified by the compiler.

dllthomas2mo ago

Importantly, specifying reasoning can have communicative value while falling very far short of formal verification. Personally, I also try to include a cross reference to the things that could allow "this" to happen were they to change.

skydhash2mo ago

Such comments rot so rapidly that they're an antipattern. Such assumptions are dangerous and I would point it out in a PR.

LegionMammal9782mo ago

Do you not make such a tacit assumption every time you index into an array (which in almost all languages throws an exception on bounds failure)? You always have to make assumptions that things stay consistent from one statement to the next, at least locally. Unless you use formal verification, but hardly anyone has the time and resources for that.

lmm2mo ago

> Do you not make such a tacit assumption every time you index into an array (which in almost all languages throws an exception on bounds failure)?

Yes, which is one reason why decent code generally avoids doing that.

1 more reply

skydhash2mo ago

If such an error happens, that would be a compiler bug. Why? Because I usually do checks against the length of the array or have it done as part of the standard functions like `map`. I don't write such assumptions unless I'm really sure about the statements, and even then I don't.

3 more replies

j / k navigate · click thread line to collapse

0 comments

addaon2mo ago

But if you spell that `assert(false)` instead of as a comment, the intent is equally clear, but the behavior when you're wrong is well-defined.

JohnFenOP2mo ago

I agree that including that assert along with the comment is much better. But the comment alone is better than nothing, so isn't without value.

eterm2mo ago

Better yet, `assert(false, message)`, with the message what you would have written in the comment.

addaon2mo ago

`assert(false)` is pronounced "this can never happen." It's reasonable to add a comment with /why/ this can never happen, but if that's all the comment would have said, a message adds no value.

2 more replies

andrewf2mo ago

Swap the parameters around for C++ and similar langs where `assert(a, b)` evaluates the same as `(void) a; assert(b)`.

fwip2mo ago

I think you might have missed that they threw an exception right under the comment.

zffr2mo ago

At least on iOS, asserts become no-ops on release builds

josephg2mo ago

It really depends on the language you use. Personally I like the way rust does this:

- assert!() (always checked),

- debug_assert!() (only run in debug builds)

- unreachable!() (panics)

- unsafe unreachable_unchecked() (tells the compiler it can optimise assuming this is actually unreachable)

- if cfg!(debug_assertions) { … } (Turns into if(0){…} in release mode. There’s also a macro variant if you need debug code to be compiled out.)

This way you can decide on a case by case basis when your asserts are worth keeping in release mode.

And it’s worth noting, sometimes a well placed assert before the start of a loop can improve performance thanks to llvm.

1 more reply

addaon2mo ago

You can (and probably should) undef NDEBUG even for release builds.

AdieuToLogic2mo ago

>> A comment "this CANNOT happen" has no value on itself.

> I think it does have some value: it makes clear an assumption the programmer made.

Most of the time, "this CANNOT happen" falls into the category of "it happens, but rarely" and is best addressed with types and verified by the compiler.

dllthomas2mo ago

skydhash2mo ago

Such comments rot so rapidly that they're an antipattern. Such assumptions are dangerous and I would point it out in a PR.

LegionMammal9782mo ago

lmm2mo ago

> Do you not make such a tacit assumption every time you index into an array (which in almost all languages throws an exception on bounds failure)?

Yes, which is one reason why decent code generally avoids doing that.

1 more reply

skydhash2mo ago

3 more replies

j / k navigate · click thread line to collapse