Having all the assertions turned on in production code? (Part I)
Let’s start with the fact that I have forgotten most of the mathematics I learnt in university and therefore before going to sleep I’m able to read only non-mathematical books about cryptography like for example "Practical Cryptography" by Niels Ferguson and Bruce Schneier. The book has one chapter called "Implementation Issues (I)" with section "Quality of Code" and subsection named "Assertions" (page 148). It starts with a very pleasant quote:
"When implementing cryptographic code, adopt an attitude of professional paranoia."
As I’ve spent some years before joining the Microsoft on writing some crypto related code for financial institutions I of course wholeheartedly agree with this idea. Later the particular subsection gets even more interesting. Here’s another set of quotes:
"... There are some programmers who implement assertion checking in development, but switch it off when they ship the product. Who thought that up? ...
... Why would anyone ever switch off the assertion checking on production code? That is the only place where you really need it! If an assertion fails in production code, then you have just encountered a programming error. Ignoring the error will most likely result in some kind of wrong answer, because at least one assumption the code makes is wrong. ..."
People who professionally know me are familiar with the fact that my middle name is "Mr. Assertions" ;-) That’s right, G "Mr. Assertions" K. This specific subject is so provoking for me that if I wouldn’t be so wiped out from last couple of days (shipping server software is hard) I would write a long essay based on these quotes, but I have to get some sleep first and wait till tomorrow ;-)