Jeffrey Walton noloader@gmail.com writes:
No asserts, period. They should not get through an audit.
I see that you have a strong opinion on the subject. I'll state my opinion, but I don't want to get into a heated debate.
When the condition in an assert is fails, that's evidence of a software bug. In my experience, it's usually prefable to crash immediately and in a controlled manner, to reduce risk of silent data corruption, exploitable buffer overruns, and the like. I guess there are a few applications where it might be better for the program to continua running and hope for the best, but those are exceptions.
What happens when the abort happens?
That depends on various per-process and system-level settings.
Thaere are lots of possibly software bugs that can lead to a crash of the process, not all involving any asserts. I think it's common practice in security critical applications to disable core dumps using the standard ulimit facility. I can't see asserts as a problem at all in this context.
Regards, /Niels