Assertion (software development)

No warranty, guarantee or assertion (Latin / English for statement, assertion ) is a statement about the state of a computer program or an electronic circuit. With the help of assertions in the program logic errors or defects can be detected in the surrounding hardware or software and the program checks are completed. With the development of electronic circuits can be checked by means of assertions compliance with the specification in the verification phase. Furthermore Assertions provide information about the degree of test coverage for the verification.


By formulating an assurance of the developer of a program expresses its conviction on certain conditions during the lifetime of a program expression and let them be part of the program. It separates those beliefs from the normal run-time circumstances and accepts these conditions as always true to. Deviations from this are not handled regularly, so that the number of possible cases is not frustrates the solution of the problem, because of course it can come during the lifetime of a program to the fact that 2 2 = 4 does not apply once, for example, because variables by program errors in operating system have been overwritten.

Thus representations of the classical error control differ by control structures or exceptions (exceptions) that include a fault as a possible result. In some programming assurances have been installed at the language level, often they can be realized as a special form of exceptions.

Error handling should be written for error conditions, which is expected; Assurances for error conditions that should never occur.


Introduced the term assertion of Robert Floyd in his 1967 article Assigning Meanings to Programs. He suggested a method by which one could prove the correctness of flowcharts by providing each element of the flowchart with a warranty. Floyd stated rules by which the representations could be determined. Tony Hoare developed this method to Hoare calculus for procedural programming languages ​​on. In Hoare calculus is an assurance that precedes an instruction precondition (English precondition ), an assurance by an instruction postcondition (English postcondition ) called. An assurance that must be met in each loop is called invariant.

Niklaus Wirth assurances used to define the semantics of Pascal and suggested that programmers should write comments with assurances in their programs. For this reason, comments are in Pascal surrounded with curly braces { ...}, a syntax that Hoare had used in his calculations for assurances.

In Borland Delphi, the idea was adopted and is assert as a system function built-in. In the Java language since version 1.4 can use the keyword assert available.

The hardware description languages ​​used for the development of electronic circuits VHDL and SystemVerilog support assertions. PSL is a self- description language for assertions that supports models in VHDL, Verilog and SystemC. During the verification is detected by the simulation tool, how often the assertion was triggered and how often fulfills the promise or injured. If the assertion is triggered and the assurance never violated, the circuit is considered verified to be successful. However, the assertion was never raised during the simulation, there is a lack of test coverage and the verification environment must be extended.

Programming practice

In the C programming language an assurance could be used like this:

# include / / / This function returns the length of a null-terminated strings / / / If the references passed to the address of NULL, the / / / Program controlled canceled. ( strlen will not do it themselves) strlenChecked int (char * s) {    assert ( s = NULL! );    return strlen ( s ); } In this example, via the integration of the header file assert.h the assert macro used. This macro provides in the event of failure of the output of a standard message in which the unfulfilled condition is quoted and file name and line number are added. Such a message might look like this:

Assertion " s = NULL " failed in file " C: \ Projects \ Sudoku \ utils.c ", line 9

Java has no concept of assurances from version 1.4. Here, however, the program is not necessarily complete, but a so-called exception (English exception) thrown that can be further processed within the program.

A simple example of an assertion (here in Java syntax )

Int n = read input (); n = n * n; / / Squaring assert n> = 0; With this assertion, the programmer says "I 'm sure that after this point, n greater than or equal to zero ".

Bertrand Meyer has the idea of representation in the programming paradigm of design by contract processed and implemented in the programming language Eiffel. Preconditions are described by require clauses, postconditions by ensure clauses. For classes invariants can be specified. Also in Eiffel exceptions are thrown when an assertion is not met.

Related Techniques

Assertions detect program errors at runtime by the user, so only when it is too late. In order to avoid messages about " Internal error " as possible, we try to ensure, through appropriate formulation of the source code logic errors on compile discover ( by the compiler ) in the form of errors and warnings. Logical errors that can not be found in this way, can be revealed by means of unit tests frequently.

Rephrasing of the source code

By case distinctions are reduced to a minimum, some errors can not be expressed. Then he is a logic error not possible.

/ / Direction of the curve public enum { TURN LEFT_TURN, RIGHT_TURN }   / / Method returns the text to a curve direction public String getTurnText ( TURN turn) {    switch ( turn) {      case LEFT_TURN: return " left turn ";      case RIGHT_TURN: return " right turn ";      default: assert false: "There is only left or right turns "; / / Can not occur    } } Suppose there were only two cases (which is in fact often the case ), then we could use a simple truth value, rather than a more specific code:

/ / Method returns the text to a curve direction public String getTurnText (boolean isLeftTurn ) {    if ( isLeftTurn ) return " left turn ";    return " right turn "; } In many cases, as in this example by the code less explicit and therefore incomprehensible.

Assurances at compile time

While the assertions described above are checked at run time of the program, there is the possibility to also check conditions even when the program is compiled by the compiler in C . It can be verified only conditions which are known at compile time, for example, sizeof (int ) == 4 fails a test, the program can not translate:

# if sizeof ( int)! = 4    # error " unexpected int size " # endif Earlier that hung heavily on the functionality of the particular compiler and some formulations were used to:

/ / / The accuracy of our implementation depends on / / / That an int is 4 bytes in size. If this does not apply / / / Breaks the compiler with the message that / / / Array must have at least one element: validIntSize void (void ) {    int valid [ sizeof (int ) == 4]; } Since C 11 there static_assert (), which no longer has these problems:

ValidIntSize void (void ) {    static_assert ( sizeof (int ) == 4,      " implementation of validIntSize does not work with the int size of your compiler" ); } Assurances in module tests

One area in which assurances also play a role, are unit tests ( and others key component of the Extreme programmings ). Whenever one changes to the source code (eg refactoring ) performs, for example, to integrate more functions, leads to tests for partial functions ( modules, eg functions and procedures, classes) out to the well-known ( desired ) to evaluate functionality.

In contrast to assert is not terminated with a failure the whole program, but only regarded as having failed the test and run more tests to find as many errors. Running all tests without error, should it can be assumed that the desired functionality is.

Of particular importance is the fact that unit tests are usually not performed in production code, but at development time. This means that assertions in the finished program should be regarded as a counterpart.

Special Techniques for Microsoft compilers

In addition to Assert Verify also used. Verify executes all instructions that are included in the calculation of the condition, no matter was compiled with or without debug purpose. However, the review will take place only in the debug version, that is here may fail in obscure ways, if the promise is not fulfilled a program.

/ / The variable number is always increased Verify ( number > 2); ASSERT_VALID is used to test objects for validity. There are in the base class of the object hierarchy, the virtual method AssertValid (). The method should be overridden for each concrete class to test the internal fields of the class for validity.

/ / Example for CObject :: AssertValid. void Cage :: AssertValid () const {    CObject :: AssertValid ();    ASSERT ( m_years > 0);    ASSERT ( m_years < 105); } literature

  • Robert W. Floyd: Assigning meanings to programs. In: Proceedings of Symposia in Applied Mathematics, Volume 19, 1967, pp. 19-32.