Assertions are a valuable diagnostic tool for finding and eliminating software defects that may result in vulnerabilities (see MSC11-C. Incorporate diagnostic tests using assertions). The runtime assert() macro has some limitations, however, in that it incurs a runtime overhead and, because it calls abort(). Consequently, the runtime assert() macro is only useful for identifying incorrect assumptions and is not intended for runtime error checking. ConsequentlyAs a result, runtime assertions are generally unsuitable for server programs or embedded systems.
...
While the use of the runtime assertion is better than nothing, it needs to be placed in a function and executed, typically removed from the actual structure to which it refers. The diagnostic occurs only occurs at runtime , and only if the code path containing the assertion is executed.
...