Loading ...
Sorry, an error occurred while loading the content.

145787Re: [XP] [OT] Questions about enabling or disabling asserts in production runs

Expand Messages
  • Nancy Van Schooenderwoert
    Oct 24, 2008
    • 0 Attachment
      Jeff Grigg wrote:
      > --- John Carter <john.carter@...> wrote:
      >> What should an assert statement do on failure?

      In my work with embedded software, including safety critical systems, I
      found that I wanted 2 modes of behavior on an assert failure:

      1. In development
      It was appropriate to have the system just halt so we could look at
      the call stack to see which of our assumptions failed and why.

      2. In production
      Here, we had to be certain that a system halt would not be worse than
      trying to continue despite the failed assertion. So the team defined
      severity levels and associated one with each assertion in the code. Then
      a wrapper around the assert function would check its severity code and
      decide whether to really halt, whether to issue a warning, or just push
      on silently.

      This worked beautifully for us and we achieved one of the lowest bug
      rates I have ever seen - 0.2 bugs per function point.

      In addition we had a very simple trouble log always enabled. When any
      assert fired - whether there was a halt or not - we dropped a short
      diagnostic text message into a buffer, and this gave us a clue to what
      was happening if we had to diagnose strange behavior. Conceptually, it
      was very much like the "black box" recorder used in airplanes that just
      records the most recent 30 minutes or so of activity.

      - njv

      Nancy Van Schooenderwoert Leading edge Agile coaching
      Specialties: Embedded systems and Enterprise-wide lean agile methods
    • Show all 49 messages in this topic