The example is applications passing invalid arguments to a socket option
and then failing to check the return code. The results can be very hard
to diagnose. Here are some threads that show the pain this causes:

* https://github.com/zeromq/zyre/issues/179
* http://lists.zeromq.org/pipermail/zeromq-dev/2014-June/026388.html

One common argument is that a library should never assert, and should
pass errors back to the calling application. The counter argument is
that when an application is broken enough to pass garbage to libzmq,
it cannot be trusted to handle the resulting errors properly. Empirical
evidence from CZMQ, where we systematically assert on bad arguments, is
that this militant approach makes applications more, not less, robust.

I don't see any valid use cases for returning errors on bad arguments,
with one exception: zmq_setsockopt can be used to probe whether libzmq
was e.g. built with CURVE security. I'd argue that it's nasty to use a
side effect like this. If apps need to probe how libzmq was built, this
should be done explicitly, and for ALL build options, not just CURVE.

There are/were no libzmq test cases that check the return code for an
invalid option.

For now I've enabled militant assertions using --with-militant at
configure time. However I'd like to make this the default setting.