Use debug_assert! instead of assert! where possible

[ljedrz]

We are using a lot of assert!ions in the compiler. I propose using debug_assert!s where possible instead, for the following reasons:

1. assert!s are not free - they incur both compilation and runtime performance penalties
2. test builds should be run with debug assertions on; debug_assert!s should suffice to notify us when something is wrong
3. the compiler code (besides core/std etc.) is not user-facing, so we don't have to be prepared e.g. for invalid arguments coming from runtime input
4. regular assert!s panic during runtime, so it's not like we can allow such behavior anyway - we need to ensure it doesn't happen before we ship

I didn't alter tests (no runtime penalty), user-facing code (it requires a more thorough analysis; I might do it if this proposal passes) and a few modules I am unfamiliar with.

[rust-highfive]

r? @petrochenkov

(rust_highfive has picked a reviewer for you, use r? to override)

[ChrisJefferson]

Some of these asserts are inside unsafe code and my initial (uninformed) glance is they are guarding against undefined behaviour occuring.

[Mark-Simulacrum]

I don't think this is the correct approach to doing something like this. We have hundreds of issues that report the compiler ICE-ing today -- that means that panics and asserts do in fact catch bugs in shipped versions of the compiler. Furthermore, it's unclear whether a thorough review of each assert was done to determine whether it is valid to turn it into a debug_assert (read: can't cause misbehavior of the compiler, including not failing to compile invalid programs).

I do think that if you're interested a PR that is more limited in scope and perhaps with documentation (in commit messages, ideally) as to why a certain group of changes is reasonable would be better received (at least by me).

[ljedrz]

@Mark-Simulacrum sounds reasonable; I picked a pretty broad scope to gather opinions (e.g. if it is a plain bad idea for some modules) and ideally to do a perf run of a try build to know if this makes a big performance impact, i.e. that it is worthwhile to investigate this further and where (mir? nll?).

[Mark-Simulacrum]

Ideally perf runs should be done locally for investigative work (perf.rlo doesn't really present fine enough granularity).

We can try, though.

@bors try

[bors]

⌛ Trying commit c3386db with merge 6798574...

[bors]

☀️ Test successful - status-travis
State: approved= try=True

[ljedrz]

The build was successful, but I can't seem to be able to do a comparison of 6798574 against its parent in the perf page; do perf runs of try builds need to be scheduled manually?

[kennytm]

@rust-timer build 6798574

[rust-timer]

Success: Queued 6798574 with parent 11f812a, comparison URL.

[ljedrz]

Looks like there are some pretty nice wins, especially for issue #46449, regression #31157 and #38528.

Maybe those can point to a more specific direction where auditing assert!s would be a good idea?

[varkor]

Worth mentioning here that #53025 has been opened with some specific cases. Personally, I would prefer some justification other than simply performance for why these changes are unlikely to cause regressions in errors, but I'd welcome other opinions.

[petrochenkov]

I think this should be done on case by case basis when profiling shows there's a problem
I've been personally adding asserts with trivially calculated conditions for suspicious cases I wasn't sure of and for cases that could be broken due to changes in other parts of code, I wouldn't want them to be turned into debug-only.

So my disposition so far is to close this PR and send PRs like #53025 for non-trivial conditions or asserts showing up on profiles.

[ljedrz]

@petrochenkov Agreed - trivial assertions should be perfectly fine, even in hot spots.

I'm happy that the perf run was able to indicate which assertions are complex; it would be much more difficult to determine it by just browsing the code. This PR has served its purpose.