appellations's comments

appellations · 2025-11-10T04:42:59 1762749779

Thanks for all your hard work!

appellations · 2025-10-20T18:05:19 1760983519

Founding engineer is the worst role in tech

koakuma-chan · 2025-10-20T18:22:19 1760984539

Which role do you prefer and why?

ibejoeb · 2025-10-20T18:17:52 1760984272

Meh. I like it. The key is to not get emotionally invested and help make that transition to a bigger operation if things go well.

appellations · 2025-10-12T22:24:52 1760307892

    Add(x,y):
       Assert( x >= 0 && y>= 0 )
        z = x + y
        Assert( z >= x && z >= y )
        return z

There’s definitely smarter ways to do this, but in practice there is always some way to encode the properties you care about in ways that your assertions will be violated. If you can’t observe a violation, it’s not a violation https://en.wikipedia.org/wiki/Identity_of_indiscernibles

bluGill · 2025-10-12T23:52:56 1760313176

In some languages overflow is asserted as a can't happen and so the optimizer will remove your checks

appellations · 2025-10-13T01:29:21 1760318961

Best I can tell is that overflow is undefined behavior for signed ints in C/C++ so -O3 with gcc might remove a check that could only be true if UB occurred.

The compound predicate in my example above coupled with the fact that the compiler doesn’t reason about the precondition in the prior assert (y is non-negative) means this specific example wouldn’t be optimized away, but bluGill does have a point.

An example of an assert that might be optimized away:

    int addFive(int x) {
        int y = x + 5;
        assert(y >= x);
        return y;
    }

uecker · 2025-10-13T05:38:49 1760333929

Yes, you can not meaningfully assert anything after UB in C/C++. But you can let the compiler add the trap for overflow -fsanitize=signed-integer-overflow -sanitize-trap=all, or you could also write your assertion in a way where it does not rely on the result (e.g. ckd_add), or you use "volatile" to write in a way the compiler is not allowed to assume anything.

comex · 2025-10-13T03:57:12 1760327832

Clang is a bit smarter than GCC here (for some definition of 'smart') and does optimize the original version:

https://gcc.godbolt.org/z/3Y4aheG6x

appellations · 2025-10-13T01:07:40 1760317660

Care to share a language where the compiler infers the semantic meaning of asserts and optimizes them away? I’ve never heard of this optimization.

MindSpunk · 2025-10-13T03:59:58 1760327998

Signed overflow is UB in C/C++ and several compilers will skip explicit overflow checks as a result. See: https://godbolt.org/z/WehcWj3G5

mrkeen · 2025-10-13T06:39:22 1760337562

C. This is a great thread: https://mastodon.social/@regehr/113821964763012870

(That was one of my texts at uni)

Maxatar · 2025-10-13T15:40:12 1760370012

C and C++

appellations · 2025-09-08T04:35:46 1757306146

I forget there are people who don’t configure softwrap in their text editor.

Some languages (java) really need the extra horizontal space if you can afford it and aren’t too hard to read when softwrapped.

appellations · 2025-09-07T20:04:09 1757275449

Apple has a history of adding sensors, security chips, etc. a few revisions before the feature they support launches. It’s a really good idea because it helps them sort out the supply chain, reliability, drivers, etc. without any customer impact. It decouples the risks of the hardware project from the risks of the software project.

If things go particularly well you get to launch the feature on multiple hardware revisions at once because the first deployment of the component worked great, which is a neat trick.

Hamuko · 2025-09-08T11:08:58 1757329738

Yeah, my iPhone 11 Pro came with the ultra-wideband chip in late 2019, and before the AirTags were released in early 2021, I believe the only thing it was used was for ordering AirDrop targets by proximity. It was clearly intended for the AirTags from the beginning, but it took about 1.5 years before it actually mattered.