When to disable software assertions

I’m currently taking the Software Testing class on Udacity. The instructor spent a couple of videos discussing the pros and cons of leaving software assertions turned on in your production systems. Here is my interpretation:

When to disable assertions

Posted on April 7, 2014 at 10:08 am by David Lindelöf · Permalink
In: Uncategorized

2 Responses

Subscribe to comments via RSS

  1. Written by jean
    on May 8, 2014 at 8:06 am
    Permalink

    Maybe I should have had a look at the class before posting, but due to certain time constraints I don’t have this luxury.

    The above decision seems to be only hardware related, which would sound too restrictive. I use assertions mainly like guardians, for software quality and to test software corner case that should never happen.
    These corner cases are generally hit by the software being used in a different way than originally designed for. So when the execution path changes so dramatically, I want to see an assertion fail, no matter what the reason is – and there are many (out of test boundary, different environment, software evolution, …).

    Therefore I would always keep assertions in the code, catch them, and at least log them when they fail.

    The only reason I’ve seen assertion removed in production code was for optimization reasons (under very high constraints of speed and/or size limits). But I would avoid that as far as possible, because it might be very difficult to reproduce a problem in debug mode. This is particularly true with a multitasking software (race conditions).

    my 2 cents

  2. Written by David Lindelöf
    on May 9, 2014 at 10:32 am
    Permalink

    I agree with what you are saying. The Udacity instructor was saying that under certain specific conditions, for example a NASA probe to Mars, the engineers made the conscious choice of disabling software assertions. The reason is that this is a single-shot program execution: even if an assertion doesn’t hold, there is a probability that the craft will make it intact to the surface of the planet. But allowing the program to abort is not an option in this case.

    The same argument holds for any avionics system in general, where aborting the program will almost certainly lead to loss of life.

Subscribe to comments via RSS

Leave a Reply