Wednesday, 28 December 2011

A Case For Non-Fatal Assertions

Jeff Walden is doing awesome work on the foundations of Gecko to unify the lowest-level infrastructure used by JS and the rest of Gecko and to rebase it on modern C/C++ standards. But there is a controversy about whether non-fatal assertions should be part of that infrastructure. This issue came up before, not long ago.

I strongly believe that non-fatal assertions are valuable when used to report the presence of a bug that is not as severe as a browser crash. An example I just pulled out of nsBlockFrame::Reflow:

    ReflowBullet(state, metrics, lineTop);
    NS_ASSERTION(!BulletIsEmpty() || metrics.height == 0,
                 "empty bullet took up space");

If this assertion fails, then we have detected a Gecko bug which should be reported and eventually fixed. If the assertion failure is a regression, and we detect it in time, we will try very hard to fix it before the patch ships in a browser release. (If the regression is triggered by our layout reftest test suite, we will almost certainly detect it on checkin since reftests go orange on new non-fatal assertion failures.) However, if this assertion failure is the only thing that goes wrong, there will almost certainly be no ill-effects beyond the page having a slightly incorrect layout --- maybe. Some pages might trigger the assertion but appear to render correctly. Even if the bug causes a detectable test failure, the assertion helps to narrow down the cause and understand the code.

Using a fatal assertion here would have the same benefits but additional costs. A test run hitting the assertion would abort the suite, meaning we lose the results for the rest of the tests in the suite. This makes fixing test failures slower and more painful than necessary since more runs of the suite will often be required. (It's similar to a compiler always aborting after the first syntax error in a compilation unit.) Another cost is that if you are using a debug build for some reason and you hit this bug while trying to work on something else, your work will be unnecessarily blocked.

At this point some will say "Ah! But assertion failures should always just be fixed. Since non-fatal assertions are more ignorable, they encourage you to leave bugs unfixed."

That statement ignores the reality of bug priorities. An assertion failure is just a bug and needs to be prioritized along with other bugs. If our assertion infrastructure and associated project rules forced us to always prioritize some rare list bullet spacing bug above all bugs that don't trigger assertions, then that infrastructure would be actively damaging our project. We would have to respond by simply removing a lot of our assertions and losing their benefits. It is crucial to be able to ignore unimportant bugs.

Having said all that, fatal assertions certainly have their place. I imagine that in the JS engine almost any bug will lead to a crash sooner or later, so it makes sense for fatal assertions to prevail there because the downside is minimal; you were going to crash anyway, and crashing later might just be confusing.

Addendum: an objection to non-fatal assertions is that libc "assert" and some other assertion mechanisms are fatal, so to call something non-fatal an "assertion" is confusing. That may be true for some people, but it's cultural. The culture in Gecko is that NS_ASSERTION is non-fatal. Maybe renaming our non-fatal assertion mechanism would end up being a net win by some point in the future, but I'm dubious. Although I wouldn't actually mind too much; I just want non-fatal assertions, whatever we call them.

Tuesday, 27 December 2011


Saw this Penn Jillette quote:

There is no god and that’s the simple truth. If every trace of any single religion died out and nothing were passed on, it would never be created exactly that way again. There might be some other nonsense in its place, but not that exact nonsense. If all of science were wiped out, it would still be true and someone would find a way to figure it all out again.

Well, yeah. Christianity (and some other major religions) unabashedly depend on revelation, the idea that God is so transcendent that humans can't figure out much about him on their own, so he has to tell us. And most of that telling doesn't come to us individually, it has to be passed on to us. Annihilate the revelation and we're in the dark again. So ignoring the pejorative language, and apart from the first sentence, there isn't much for a Christian to disagree with in that quote.

Sunday, 11 December 2011


I haven't watched much broadcast television since I started graduate school. In the first few years in Pittsburgh we didn't have a TV in the house and I fell out of the habit. About ten years ago my wife and I started buying or borrowing DVDs and working through particular shows that I'd heard were good. The first was Mad About You, followed by Buffy The Vampire Slayer, 24 (season 1 only; my wife found the cliffhanger endings intolerable), Fawlty Towers, Band Of Brothers, Angel, new Doctor Who, new Battlestar Galactica, The Wire, and a couple of Hong Kong kung-fu shows that I can't explain. We started a few other shows and then abandoned them after discovering that my wife or I didn't like them.

Most of those shows are very good. The Wire is exceptional. Lots of other people have written about it more eloquently than I can. I can understand why the mayor of Reykjavik semi-seriously demanded his allies watch all five seasons. Anyone interested in politics or social institutions should watch it.

However, the best of the lot is Buffy The Vampire Slayer. It starts as silly fun --- and remains so --- but as it progresses, it constantly reveals new levels of creative genius. The imagination, writing, execution are staggering. It's not flawless, but it's the only show I seriously consider watching again. It's not for everyone, but it is undoubtedly great art.


Our family went to "Christmas In The Park" tonight at the Auckland Domain. Overall it was pretty fun but the choices of songs to cover were not entirely to my taste. There were too many insipid pop songs about "love", a genre I detest. Who writes this stuff? I appreciate the need to sell music to teenagers, who may think "love" is a fleeting obsession with another person, but celebrating that is just dumb. What is that compared to real, long-lasting love, that is based on self-sacrifice, not just in moments but over the long haul? Down with angsty superficial "love" songs!

Wednesday, 7 December 2011


Forbes has an interesting article:

The one absolutely solid place to store your capital today — if you know how to do it – is in software developers’ wallets. If the world survives looming financial apocalypse dangers at all, this is the one investment that will weather the storms. It doesn’t matter whether you are an individual or a corporation, or what corner of the world you inhabit. You need to find a way to invest in software developers.

The whole article is rather over-the-top, in my opinion, but its points are mostly good and it's thought-provoking. It's also probably useful to point people at when they're considering career choices ... such as the parent I met who was worried that if her Linux-loving daughter became a developer, all those jobs might disappear in the recession. (Her daughter ended up not going into computer science; university counsellors steered her away from it, apparently :-(.)