Assert is your friend

Introduction

It's not uncommon to see postings on the C++ message board asking for programming help where the problem is stated as being an unwanted assert error. Usually it's a request for help to get rid of the assert error but it's almost invariably framed as though the assert itself is evil.

I can quite understand the dismay that an assert error can cause to the new programmer. Here's your program doing, mostly, what you want, and then bang! an assert.

So let's examine asserts and why they're there and what we can learn from them. I should stress that this article discusses how MFC handles asserts.

Linguistics

From a google search ('define assert') and clicking on the web definition.

The verb "assert" has 4 senses in WordNet.

1. assert, asseverate, maintain -- (state categorically)
2. affirm, verify, assert, avow, aver, swan, swear -- (to declare or affirm solemnly 
                                                       and formally as true; "Before 
                                                       God I swear I am innocent")
3. assert, put forward -- (insist on having one's opinions and rights recognized; 
                           "Women should assert themselves more!")
4. insist, assert -- (assert to be true; "The letter asserts a free society")

All of the above meanings apply in this instance but meaning 4 is the most literally accurate in the context of asserts. An assert states that the condition being asserted is true. If it isn't true the program is in serious trouble and you, the programmer, should be warned of this.

What assert means in code

When a programmer writes an assert statement he's saying, 'this condition must be true or we have an error'. Suppose you're writing a function that expects to recieve a string pointer.

void CMyClass::MyFunc(LPCTSTR szStringPtr)
{
    if (*szStringPtr == '7')
        DoSomething();
}

The function reads the memory the pointer points to so it had better be pointing at valid memory. Otherwise you're going to crash! One of the many things that can go wrong when calling the function is if you were to pass it a NULL pointer. Now if it happens that the pointer is in fact NULL and your program crashes you don't have a lot of information to work with. Just a message box with a code address and the information that you tried to read memory at location 0x00000000. Relating the code address to the actual line in your code isn't a trivial task, especially if you're new to the game.

So let's rewrite the function a little.

void CMyClass::MyFunc(LPCTSTR szStringPtr)
{
    ASSERT(szStringPtr);

    if (*szStringPtr == '7')
        DoSomething();
}

What this does is test szStringPtr. If it's NULL it crashes right away. Hmmm... it crashes? Yes, that's right. But it crashes in a controlled way if you're running a debug build of your program. MFC has some built-in plumbing to take a controlled crash and connect it to a copy of the debugger. If you were running a debug build of this program and the assert failed you'll see a messagebox similar to this one.

This shows you which file and which line triggered the assertion. You can abort, which stops the program, or you can try to ignore the error, which sometimes works, or you can retry, which invokes the debugger and takes you right to the line that failed. This works even if you're running the program stand-alone provided there's a debugger installed on the computer.

Differences between release and debug builds

I used the phrase 'debug build' quite a few times in the preceding paragraphs. It's important to understand that asserts are a debug helper. If you're building a debug version of your program the compiler includes all the code inside the ASSERT(...). If you're building a release version the ASSERT itself and all the code inside the parentheses disappears. The assumption is that you've tested your debug builds and caught all likely errors. If you're unlucky and missed an error and release a buggy version of your program the hope is that it'll limp along even though it failed a test that an assert would have caught. Sometimes optimism is a good thing!

It might happen that you want, in a debug build, to assert that something is true and the something you're asserting is code that must be compiled into your program whether it's a debug build or a release build. That's where the VERIFY(...) macro comes to the rescue. VERIFY in a debug build includes the extra plumbing MFC provides to let you jump into the debugger in the event that the condition isn't satisfied. In a release build the extra plumbing is omitted from your program but the code inside the VERIFY(...) statement is still included in your executable. For example.

VERIFY(MoveFile(szOriginalFilename, szNewFileName));

will cause a debug assert if, for whatever reason, the MoveFile() function fails in debug builds. Regardless of what kind of build the MoveFile() call will be included in your program. But in a release build the failure of the call is simply ignored. Contrast this with

ASSERT(MoveFile(szOriginalFilename, szNewFileName));

In debug builds the MoveFile() will be compiled and executed. In release builds the line completely disappears and no file move is attempted. This can lead to some puzzled head-scratching.

Tracking down asserts in MFC

Now if you're reading this in the hopes of understanding assert errors the odds are that the assert you're debugging didn't come from your code. If you're lucky it came from MFC, for which you have the source code.

The first thing to remember is that it's not very likely to be caused by a bug in MFC. I don't deny the existence of bugs in MFC but in the dozen years I've been using MFC I've never had an ASSERT happen due to a bug in MFC.

The second thing to remember is that the ASSERT is there for a reason. You need to examine the line of code that triggered the assert, and understand what it was testing.

For example, quite a few classes in MFC are wrappers around Windows controls. In many cases the wrapper function simplifies your code by converting a SendMessage call into something that looks like a function. For example, the CTreeCtrl::SortChildren() function takes a handle to a tree item and sorts the children of that handle within the control. In your code it might look like this.

m_myTreeCtrl.SortChildren(hMyNode);

That's what you write. Internally the class really sends a message to the tree control. You get to call a nice easy function based interface and MFC takes care of moving the parameters around in the way the message requires. Here's the reformatted function from MFC source code.

_AFXCMN_INLINE BOOL CTreeCtrl::SortChildren(HTREEITEM hItem)
{
    ASSERT(::IsWindow(m_hWnd));
    return (BOOL)::SendMessage(m_hWnd, TVM_SORTCHILDREN, 0, (LPARAM)hItem);
}

The first thing it does is assert that the underlying window handle in your CTreeCtrl object is a valid window! Now I really don't know if bad things will happen to your system if you try and send the TVM_SORTCHILDREN message to a non-existent window. What I do know is that I want to be told if I'm trying to do it! The assert here alerts me immediately if I'm doing something that has no chance of succeeding.

So if you were calling such a function and got an assert error you'd look at the failed line and see that it's asserting that the window handle is an existing window. That's the only thing it's asserting. If it fails the only thing that can be wrong is that the window with that handle doesn't exist. That's your clue to tracking down the bug. From there you would look at the function calling this one and try to determine why the window that you thought existed no longer exists.

So that's a very very brief overview of how MFC uses asserts and how you go about determing why MFC asserted in your project. Now let's look at how we can use assert in our own code.

void CMyClass::MyFunc(LPCTSTR szStringPtr) revisited

Earlier I alluded to a simple check which simply asserts that the pointer passed to a function isn't NULL. We can actually do a good deal better than that. Both MFC and Windows itself provide us with a bunch of functions we can use to determine if a pointer is pointing at valid memory. To refresh your memory here's the original function again, and our first draft at improving it.

void CMyClass::MyFunc(LPCTSTR szStringPtr)
{
    if (*szStringPtr == '7')
        DoSomething();
}

and the first draft of improvements...

void CMyClass::MyFunc(LPCTSTR szStringPtr)
{
    ASSERT(szStringPtr);

    if (*szStringPtr == '7')
        DoSomething();
}

This will alert you to just one kind of error, passing a NULL pointer. It'd be nice if we could also test that the pointer is pointing at valid memory instead of just being a non NULL garbage value. We can do it like this.

void CMyClass::MyFunc(LPCTSTR szStringPtr)
{
    ASSERT(szStringPtr);
    ASSERT(AfxIsValidString(szStringPtr));

    if (*szStringPtr == '7')
        DoSomething();
}

This adds a check that szStringPtr is pointing at valid memory. The test checks that you have read access to the memory and that the memory includes the string terminator. A related function is AfxIsValidAddress that lets you check if you have access to a memory block of a particular size as specified in the call. You can also check if you have read access to the block, or if you have write access to it.

Other kinds of ASSERT checks

In addition to checks that use Windows system calls such as IsWindow() and memory validation checks it's possible to assert that an object passed to a function is of a particular type. If you're writing a program that deals with both CEmployee objects and CProduct objects it's not terribly likely that those objects will be interchangeable. So it makes sense to verify that functions which work on CEmployee objects are passed only those types of objects. In MFC you do it like this.

void CMyClass::AnotherFunc(CEmployee *pObj)
{
    ASSERT(pObj);    //  Our old friend, it can't be a NULL

    ASSERT_KINDOF(CEmployee, pObj);
}

As before, we first assert that the pointer isn't NULL. Then we assert that it's an object pointer of type CEmployee. You can only do this with classes that are derived from CObject and you need to add some runtime support. Fortunately the runtime support is really trivial.

You must have declared the object as being at least dynamic. Let me explain. In MFC you can declare that a class contains runtime class information. You do this by including the DECLARE_DYNAMIC(ClassName) macro in the class declaration and including the IMPLEMENT_DYNAMIC(ClassName, BaseClassName) somewhere in the implementation.

The class definition.

class CMyReallyTrivialClass : public CObject
{
    DECLARE_DYNAMIC(CMyReallyTrivialClass)
public:

    //  Various class members and functions...

};

and the implementation file

IMPLEMENT_DYNAMIC(CMyReallyTrivialClass, CObject);

.
.
.
// Other class functions...

If all you want to do is use the ASSERT_KINDOF macro those two lines are all that's needed. Now, when you write your program, you use the ASSERT_KINDOF macro anywhere that an object pointer is passed to you and it will be tested to see if it does indeed point to an object of that kind. If it doesn't your program crashes in the controlled way mentioned before and up comes the debugger pointing at the failed assertion. From there... well we've already covered that ground.

If your object already contains the DECLARE_DYNCREATE macro or the DECLARE_SERIAL macro you don't need to use DECLARE_DYNAMIC because both those macros include the runtime class information required by ASSERT_KINDOF.

Conclusion

I've tried to illustrate how assert can be used to catch runtime errors and drop you into the debugger at the line of code that caused the assert. We looked at how you can work backwards from the assert to determing the reason the assert failed. Along the way we briefly looked at how you can test in your own software the validity of pointers to memory and how you can check that you were passed a pointer to an object of the kind your code is expecting.

In recent years I've been using (perhaps overusing) asserts as runtime checks in my code. It's become automatic to pepper my code with assertions that pointers are valid and point to the kind of object my code is expecting. I find it pays off. It's a rare occurence these days that I have to cope with a crash caused by a NULL pointer or a pointer to the wrong kind of object.

History

12 Mar, 2004 - Initial version

You must Sign In to use this message board.

FAQ    Noise Tolerance Very HighHighMediumLowVery Low   Layout Expand Posts & RepliesThread ViewNo JavascriptNo JS + Preview   Per page 102550

Msgs 1 to 25 of 37 (Total in Forum: 37) (Refresh) FirstPrevNext

Write your own help-linux 4:30 6 Sep '08   The default assert isn't really that good. It just displays the line and file of the code it was called. Now, if you have a storage class and a duff parameter is invoking assert, how are you going to know what part of the code is calling it? You could create 2 macros. One for your assert, "myassert()" should do. One to log function calls, "FLOG" should do. FLOG will store the last 3 functions called, myassert will write them to a file if passed 0. You should use a different instance of the logger for different threads. i am the one, obay me! Sign In·View Thread·PermaLink a question Huaifeng Zhang 17:08 31 Mar '04   Nice to read your article. May I ask a question about "assert" here? Occasionally, I found a function in "atlctrlw.h" BOOL SetMDIClient(HWND /*hWndMDIClient*/) { // Use CMDICommandBarCtrl for MDI support ATLASSERT(FALSE); return FALSE; } In my mind, there will be assert error whenever the function SetMDIClient() is called. So, could you please explain to me what's purpose of this function? Thank you very much! Sign In·View Thread·PermaLink ASSERT is your friend - or Assert is your friend? andreask 4:00 23 Mar '04   Hi! Isn't ASSERT (...) a BillGates macro? It's not C++. The "normal" assert (...) is not in capital letters, isn't it? So you shouldn't name your article like that. Perhaps you can also write us an article about the ANSI C++ assert(...) statement. Because portable code is much more useful than proprietary code. Probably, your/MS ASSERT() usage can be "repaired" into assert() by defining a macro ASSERT() in case of non windows systems? thanks for the article, anyway Andreas --------------- think twice now what happens ? Sign In·View Thread·PermaLink Nice and Simple mailMonty 19:54 22 Mar '04   Very nice, ratings should be higher for this. you got my 5 C makes it easy to shoot yourself in the foot; C++ makes it harder, but when you do, it blows away your whole leg Sign In·View Thread·PermaLink Re: Nice and Simple Rob Manderson 0:10 23 Mar '04   Thank you Rob Manderson Colin Davies wrote: I'm sure Americans could use more of it, and thus reduce the world supply faster. This of course would be good, because the faster we run out globally, the less chance of pollution there will be. (Talking about the price of petrol) The Soapbox, March 5 2004 Sign In·View Thread·PermaLink 3.00/5 (1 vote) woah, Mr.Prakash 2:36 22 Mar '04   You have way too many time writing articles, They are all good ones.. Even though i know about asserts and how effectivly it can be used.. This article was a good reading and refreshing of my knowledge. Thanx. MSN Messenger. prakashnadar@msn.com Sign In·View Thread·PermaLink Very well done! John R. Shaw 9:20 21 Mar '04   This is a 5! Heck, the number and quality of the comments you received get my 5 too! Thanks! INTP Sign In·View Thread·PermaLink And now, a dissenting view John Miller 4:40 20 Mar '04   I too have been programming for more years than I care to mention and the only thing I dislike about ASSERT and all of its relatives is that, as you stated, it is only valid in Debug code. It is good defensive programming to make tests of this kind also work for Release code so that people don’t get a Message Box popped up with mostly cryptic information from the system. Instead of ASSERT, I use a debug log file, or alternatively the System Log (Event Viewer). That way, if something happens in Release mode, I can have a time-stamped record of where the bug is. Something like: if (ptr == null) { LogToFile("Null pointer in MethodA"); return; } This has also been invaluable when a customer calls and says "Hey, yesterday I did a stupid thing and this is what happened ….." I can simply view the log file and make the necessary corrections. There is a drawback to using the System Log. If you use the Application Log and don't create your own, the chances are fairly good that an event that is even a few hours old may have scrolled off the end. Now of course, nobody here has ever released code with any bugs in it, we all are just too good of programmers to do that so the LogToFile statement never gets hit and the cost, in machine cycles, for the if is fairly negligible. If you try to idiot-proof code, they just build better idiots. Sign In·View Thread·PermaLink Re: And now, a dissenting view Jeff Varszegi 5:31 20 Mar '04   I agree completely. Null-pointer tests, especially, are a necessity for any code that has to stay in place for a long time. It's often the case that code isn't completely tested; the bigger and more important the code, the less likely it will be completely tested. Add the possibility that someone could add code to call your stuff in new and inventive ways after you've left your current job, and it becomes almost a citizenship responsibility to correctly protect your code this way. Thank you. Jeff Varszegi Sign In·View Thread·PermaLink Re: And now, a dissenting view Rob Manderson 16:06 20 Mar '04   Uh huh - agreed - especially with the NULL pointer tests. Perhaps I should add a section about them. Lemme think it over Rob Manderson Colin Davies wrote: I'm sure Americans could use more of it, and thus reduce the world supply faster. This of course would be good, because the faster we run out globally, the less chance of pollution there will be. (Talking about the price of petrol) The Soapbox, March 5 2004 Sign In·View Thread·PermaLink Re: And now, a dissenting view Jeff Varszegi 17:38 20 Mar '04   Rob, please understand that I'm not slamming your article. I mean, I'm sure you're a programming god compared to me, and I've enjoyed every one of your articles that I've read. I gave this one a five. I have to employ defensive programming and even deployment every day because of my situation at work. However, if I were doing something where I had complete control and speed was of the utmost importance, I'd use debug assertions and compile them out for release. Actually, if I did commercial software where I had complete control, I'd do the same thing-- I have enough confidence in my own ability for that. So after I've thought it over, I've decided to amend my statement: I always use assertions, whether it's done via "assert" statements or not. I would compile them out for release, and I have on occasion in the past, if I feel/felt that the code was really tight. It's been my unfortunate lot at work to have to be paranoid a lot of the time, though, which is why I often just roll my own pre- and post-condition checks and leave them in for posterity, which among other things does allow for things like logging verbose messages for the poor saps who have to debug in production... Regards, Jeff Varszegi Sign In·View Thread·PermaLink Re: And now, a dissenting view Rob Manderson 19:28 20 Mar '04   Jeff, I didn't read your comments as in any way slamming my article From what you've written here I'd say you might have the basis for a tutorial covering the subject. If you don't write it I just might Yeah, I get paranoid too. Colleagues at my last job used to complain that they could always tell at a glance if I was the author of a particular module simply by the number of ASSERT's and NULL tests in the code. We even had one programmer who'd go through my modules and comment out most of the paranoia and then wonder why subtle bugs would propogate. A recipe for circular finger pointing! Rob Manderson Colin Davies wrote: I'm sure Americans could use more of it, and thus reduce the world supply faster. This of course would be good, because the faster we run out globally, the less chance of pollution there will be. (Talking about the price of petrol) The Soapbox, March 5 2004 Sign In·View Thread·PermaLink 5.00/5 (1 vote) Re: And now, a dissenting view Kevin McFarlane 2:13 27 Mar '04   This is not much of a dissent as what you really want is assert-like functionality in production as well as in debug, rather than not wanting assertions at all! An alternative is to have an assertion scheme that throws exceptions rather than use the assert macro. The exception handler of course could also write to a log. Though with C++ the problem is that you'd have to make sure that all exceptions are caught somewhere. In any case there's always a trade-off between performance and robustness in that maximum performamnce dictates that you will disable checking in production. You can't have your cake and eat it. The best solution is to have a fine-grained scheme where you can selectively disable preconditions, postconditions, invariants and generic assertions and on a module by module basis, as confidence in their reliability increases. Kevin Sign In·View Thread·PermaLink Re: And now, a dissenting view lano1106 14:45 15 Nov '05   I totally agree with your view. Even with the perfect code and with perfect users, it is not because some function calls didn't fail during development and debugging that these function will never fail. The only way to build robust code is to envisage the impossible. Besides, in most cases, performance is not an issue. Sign In·View Thread·PermaLink Bugs in MFC Don Clugston 17:00 15 Mar '04   "I don't deny the existence of bugs in MFC but in the dozen years I've been using MFC I've never had an ASSERT happen due to a bug in MFC." There's one very common, albeit trivial, one: when you use the wizard to add a splash screen to an app, when you compile in debug mode you'll get an assert if you click on the splash screen. (They probably fixed this in later compiler releases -- I don't use MFC much any more). OK, perhaps that's not really part of MFC, but it's a very common assert that novice programmers are going to experience that isn't their fault. Perhaps you should add a line saying that if you really think you've found a bug, you should check the knowledge base. -Don. Sign In·View Thread·PermaLink Nicely done! Tom Archer 5:30 15 Mar '04   A very informative and good read. Great job, Rob! Cheers, Tom Archer "Use what talents you possess. The woods would be very silent if no birds sang there except those that sang best." - William Blake * Inside C# -Second Edition * Visual C++.NET Bible * Extending MFC Applications with the .NET Framework Sign In·View Thread·PermaLink Re: Nicely done! Rob Manderson 0:10 23 Mar '04   Thanks Tom. A high compliment indeed from Mr Inside C# Rob Manderson Colin Davies wrote: I'm sure Americans could use more of it, and thus reduce the world supply faster. This of course would be good, because the faster we run out globally, the less chance of pollution there will be. (Talking about the price of petrol) The Soapbox, March 5 2004 Sign In·View Thread·PermaLink Design by Contract Kevin McFarlane 5:06 13 Mar '04   Roger, nice article. Have you also seen my article and framework here at Code Project? http://www.codeproject.com/cpp/designbycontractcpp.asp[^] Design by Contract may be viewed as a superset of the assertion approach. Kevin Sign In·View Thread·PermaLink 5.00/5 (1 vote) Very nice! Hans Dietrich 16:09 12 Mar '04   5 for you. Don't understand why the rating is not higher. Best wishes, Hans Sign In·View Thread·PermaLink Re: Very nice! Rob Manderson 16:58 12 Mar '04   Thanks! Rob Manderson Colin Davies wrote: I'm sure Americans could use more of it, and thus reduce the world supply faster. This of course would be good, because the faster we run out globally, the less chance of pollution there will be. (Talking about the price of petrol) The Soapbox, March 5 2004 Sign In·View Thread·PermaLink 5.00/5 (1 vote) Great explanation! Michael Dunn 13:18 12 Mar '04   Good job Rob, I'll put a link to this article in the FAQ. BTW, ATL has its own assert macro called ATLASSERT. There is no ATLVERIFY but it's simple to define one yourself. --Mike-- Personal stuff:: Ericahist | Homepage Shareware stuff:: 1ClickPicGrabber | RightClick-Encrypt CP stuff:: CP SearchBar v2.0.2 | C++ Forum FAQ ---- Kosh reminded me of some of the prima-donna programmers I've worked with. Knew everything but when you asked them a question; never gave you a straight answer.   -- Michael P. Butler in the Lounge Sign In·View Thread·PermaLink Re: Great explanation! Rob Manderson 13:30 12 Mar '04   Thank you! Rob Manderson Colin Davies wrote: I'm sure Americans could use more of it, and thus reduce the world supply faster. This of course would be good, because the faster we run out globally, the less chance of pollution there will be. (Talking about the price of petrol) The Soapbox, March 5 2004 Sign In·View Thread·PermaLink Superassert Patje 8:23 12 Mar '04   Of course Assert is your friend, but since a few months I found a better friend (well, er, besides my dog): it's called SuperAssert. It's an assert that can make minidumps, send e-mail, ... It's from the excellent book "Debugging Applications for .Net and Windows" by John Robbins. http://images.amazon.com/images/P/0735615365.01.LZZZZZZZ.jpg[^]. Enjoy life, this is not a rehearsal !!! Sign In·View Thread·PermaLink Re: Superassert alexquisi 5:22 16 Mar '04   here is a link about it: http://www.microsoft.com/msj/0299/bugslayer/bugslayer0299.aspx I do not know if the version in the new book has some improvements BTW these articles: http://www.cuj.com/documents/s=8248/cujcexp2104alexandr/alexandr.htm http://www.cuj.com/documents/s=8250/cujcexp2106alexandr/alexandr.htm and http://www.cuj.com/documents/s=8464/cujcexp0308alexandr/cujcexp0308alexandr.html from guru Alexandrescu can be useful. Maybe someone could write a Supermegahyperassert Sign In·View Thread·PermaLink Re: Superassert JasonReese 1:41 18 May '06   I would call ModAssert a supermegaassert. Actually, it's 24 different assertion macros, that allow you to do a lot. It just doesn't display the stack trace, but you could write a little plugin for it, so it would display that as well (ModAssert is very extensible), by deriving a class from InfoProvider. ModAssert is at http://www.codeproject.com/library/ModAssert.asp[^] Sign In·View Thread·PermaLink

Last Visit: 20:38 8 Nov '09     Last Update: 20:38 8 Nov '09 12 Next »