>With all respect, Mark, I think you're mixing up to concepts here. :)

No, I don't think so. I've been using ASSERTs for 15 years. However, one day someone asked why we would check for certain errors during development but ignore those errors in the release version, and I couldn't think of an answer.

>>ASSERT is a debugging and a testing tool. What it traps should never occur during execution (in theory). ASSERT is used during development to find these impossible situations

It's the "in theory" part that troubles me. :)

>In other words, ASSERT reduces bugs, defensive programming increases stability. ASSERT is used during development, defensive programming during runtime. Of course this requires that often a condition is checked twice, but with different intentions.

OK, I can see that. During development, you just want the program to die in its tracks (or patch it up interactively). On release, you'll try to recover more gracefully. However, I doubt most users of ASSERT do this double checking. And it seems to me that you could do better by having one error routine that does different things in development and release, rather than checking every condition twice.