Boost logo

Boost :

From: Dave Abrahams (abrahams_at_[hidden])
Date: 2000-04-15 17:32:02


on 4/15/00 3:34 PM, Nathan Myers at ncm_at_[hidden] wrote:

>>> Can somebody point out any exception-unsafety in libsigc++?
>>
>> Can you guarantee exception-safety of libsigc++ ? If no, then it has
>> serious implications for all programs using that library.
>
> Exception safety is critically important. If the interface doesn't
> interfere, then it's a matter of auditing. (To guarantee exception
> safety is nice, but it's not the same as having it.) Before I'll
> use libsigc++ or your library I'll inspect them myself -- unless
> Dave Abrahams announces he's satisfied.

For the record, a neccessary first step goes well beyond saying "this
library is exception-safe". The notion "exception-safe" has meaning for a
whole program but usually not for a library or set of components. The
important question is whether the components can be used to build a program
which is usefully exception-safe.

To answer that, each function in the library must be analyzed to determine
its exception-safety characteristics. I recommend classifying functions
according to whether they provide the basic, strong, or no-throw guarantees.

basic - all invariants are preserved; no resources leak
strong - the program state is unchanged if an exception is thrown
no-throw - never throws an exception

As a rule, a good library will need to provide many strong guarantees and
usually some no-throw guarantees. Sometimes the basic guarantee is
unavoidable for efficiency or other reasons. Such functions can still be
useful.

Anyone who has done the work to determine which exception guarantees are
provided by each function has a leg to stand on when claiming his library is
exception-safe. Anyone else, well... I'll assume the claims are false ;)

analysis:-not-just-for-the-anal-ly y'rs,
Dave


Boost list run by bdawes at acm.org, gregod at cs.rpi.edu, cpdaniel at pacbell.net, john at johnmaddock.co.uk