On Wed, Jun 4, 2014 at 2:51 AM, Mike Hearn <mike@plan99.net> wrote:
Hi Ron,

FYI your mail is being spamfoldered due to Yahoo's DMARC policy and the brokenness of the SF.net mailing list software. I would not expect to get replies reliably whilst this is the case. I think we should move away from SF.net for hosting mailing lists personally, because it's this list that's at fault not Yahoo, but until then you may wish to send to the list with a different email address.

As to your question,

assert() should have no side effects, that is the problem.

See
http://books.google.com/books?id=L5ZbzVnpkXAC&pg=PA72&lpg=PA72&dq=Gotcha+%2328+Side+Effects&source=bl&ots=Rn15TlPmje&sig=tymHqta0aSANwaM2GaXC-1Di_tk&hl=en&sa=X&ei=uVKNU47fCcvTsAT6goHIBA&ved=0CCAQ6AEwAA#v=onepage&q=Gotcha%20%2328%20Side%20Effects&f=false

a great book, BTW.  Everyone who thinks they know what they are doing when they write C++ should read this book!  They will realize that they don't know Jack Roll Eyes

Why weren't these and all the other examples of amateur, i.e., non-professional, software fixed way back in version 0.3.0 in 2010, before any more releases were done?  And why were these and other sub-standard coding practices continued and expanded in later releases, right up until the present?

Back in 2010 most code was still being written by Satoshi so perhaps you should ask him. Regardless, it's very common for professional codebases to require assertions be enabled. For example the entire Google C++ codebase uses always-on assertions that have side effects liberally: it's convenient and safe, when you have the guarantee the code will always run, and the performance benefits of compiling out assertions are usually non-existent.

So for this reason I think Bitcoin Core currently will fail to build if assertions are disabled, and that seems OK to me.

As a matter of procedure we do not use assertions with side effects— the codebase did at one point, but have cleaned them up.  In an abundance of caution we also made it refuse to compile without assertions enabled: A decision who's wisdom was clearly demonstrated when not long after, some additional side-effect having assert was contributed. In the real world errors happen here and there, and making robust software involves defense in depth.

Considering the normal criticality of the software it should always be with the assertions. Without them is an untested configuration.  It would probably be superior to use our own assertion macros (for one, they can give some better reporting…) that don't have the baggage ordinary assertions have, but as a the codebase is a production thing, making larger changes all at once to satisfy aesthetics would be unwise... simply refusing to compile in that untested, unsupported configuration is prudent, for the time being.