Re: Using ASSUME in place of ASSERT in non-assert builds - Mailing list pgsql-hackers

From Andres Freund
Subject Re: Using ASSUME in place of ASSERT in non-assert builds
Date
Msg-id ez5yf6yrix7okqo3kwluvgv6lxfnvmyv7op2op3kl5exeibcnd@spsc256nn4no
Whole thread Raw
In response to Using ASSUME in place of ASSERT in non-assert builds  (Benjamin Coutu <ben.coutu@zeyos.com>)
List pgsql-hackers
Hi,

On 2025-07-10 16:24:08 +0200, Benjamin Coutu wrote:
> I noticed that Andres recently introduced pg_assume into the codebase -
> great addition!
>
> That got me thinking: some projects (like PHP) map the ASSERT macro to
> ASSUME in non-assert builds. The rationale is that ASSERT typically
> expresses a tautology, something the programmer believes to be always
> true. So in builds where assertions are compiled out, we can still pass that
> information to the optimizer via ASSUME.

I don't think that is a good idea to do in general:

- plenty asserts have costs associated with them and something like
  pg_assume() shouldn't be used if the evaluation isn't obviously trivial

- we do sometimes want to continue on in release builds, even if we would have
  triggered an assert failure. You can't do that if you map all asserts to
  assumes, since it'll often lead the compiler to generate bogus code for that
  case.


> This approach has the advantage of keeping the semantics consistent:
> developers write ASSERT(...) as usual, and the compiler either enforces it
> at runtime (assert builds) or uses it as a hint (non-assert builds). There's
> no need to write separate logic or macros depending on build type. And we
> get the benefits of both safety and optimization.

Note that pg_assume() does turn into an Assert in an assertion enabled build,
so if you add an assert you now can choose to use pg_assume() if the release
build should be influenced.


> Was this strategy considered before introducing pg_assume, or did I miss
> that part of the discussion?

No, it wasn't. It seemed like a rather obviously bad idea to me, and the
primary motivation in this case really was to get rid of warnings like the one
addressed in te subsequent commit.

Greetings,

Andres Freund



pgsql-hackers by date:

Previous
From: Nathan Bossart
Date:
Subject: Re: pg_dump sort priority mismatch for large objects
Next
From: Sami Imseih
Date:
Subject: Re: Improve LWLock tranche name visibility across backends