|
|
Boost : |
From: Greg Colvin (gcolvin_at_[hidden])
Date: 2001-03-19 11:42:20
> From: "Greg Colvin" <gcolvin_at_[hidden]>
>
>
> > Except that, as I recall it, William's thread code is designed
> > such that CloseHandle cannot fail. If it does fail it is a bug,
> > but not in the clients code. And furthermore, the whole point
> > of the thread code is for the client not to have to know or care
> > about handles at all. It is an artifact of the implementation
> > on a particular system that there is a handle at all, that it
> > needs closing, that it gets closed when it does, and that the
> > call to close can fail.
>
> Correct. So when the assert fires, this indicates a library bug or that
> something unanticipated by the library designer happened.
>
> What does the user gain? Library bugs should be caught by unit tests, not by
> users-turned-beta-testers, at least in a perfect world.
>
> It may be a good idea to output a warning using some kind of logging
> mechanism, but the code should not "fail", whatever your definition of
> "fail" is. Give the user the option to ignore the error - it's not his/her
> fault. Cope with the error in the best way possible.
>
> > So I have no trouble with an assert in this case, as it seems
> > wrong to throw an exception that means "Something that was
> > supposed to be impossible has happened, so all bets are off.
> > Proceed at your own risk."
>
> I agree that an exception is not appropriate. I'm arguing that (1)
> undocumented "assert" uses are bad, and (2) the proper way to document an
> "assert" is by using the term "undefined behavior."
So the documentation is this? "If there is an error in my code,
or the compiler that compiled it, or the system code that it depends
on, or the hardware that the system code depends on, or any other
unforseen circumstance, then undefined behavior might occur. Use at
your own risk."
> > > Don't underestimate the rule "assert() only when the docs say 'undefined
> > > behavior'". It only _looks_ like it's a no-brainer, but has deep
> > > implications.
> >
> > Yes it does, but I'm not sure I like them. I generally follow
> > the rule "assert the invariant".
>
> See above - the user gets an "Assertion failed - invariant()" message. So
> what?
>
> Of course, if the invariant is "p != 0", where p is a pointer, and the
> method uses *p, there's nothing wrong with assert'ing that p != 0. We're in
> undefined behavior land anyway, assert or not.
WARNING: This product warps space and time in its vicinity.
WARNING: This product attracts every other piece of matter in the universe, including the
products of other manufacturers, with a force proportional to the product of the masses and
inversely proportional to the distance between them.
CAUTION: The mass of this product contains the energy equivalent of 85 million tons of TNT
per net ounce of weight.
HANDLE WITH EXTREME CARE: This product contains minute electrically charged particles
moving at velocities in excess of five hundred million miles per hour.
CONSUMER NOTICE: Because of the "uncertainty principle," it is impossible for the
consumer to find out at the same time both precisely where this product is and how fast it is
moving.
ADVISORY: There is an extremely small but nonzero chance that, through a process known
as "tunneling," this product may spontaneously disappear from its present location and
reappear at any random place in the universe, including your neighbor's domicile. The
manufacturer will not be responsible for any damages or inconveniences that may result.
READ THIS BEFORE OPENING PACKAGE: According to certain suggested versions of the
Grand Unified Theory, the primary particles constituting this product may decay to
nothingness within the next four hundred million years.
THIS IS A 100% MATTER PRODUCT: In the unlikely event that this merchandise should
contact antimatter in any form, a catastrophic explosion will result.
PUBLIC NOTICE AS REQUIRED BY LAW: Any use of this product, in any manner
whatsoever, will increase the amount of disorder in the universe. Although no liability is
implied herein, the consumer is warned that this process will ultimately lead to the heat
death of the universe.
NOTE: The most fundamental particles in this product are held together by a "gluing" force
about which little is currently known and whose adhesive power can therefore not be
permanently guaranteed.
ATTENTION: Despite any other listing of product contents found hereon, the consumer is
advised that, in actuality, this product consists of 99.9999999999% empty space.
NEW GRAND UNIFIED THEORY DISCLAIMER: The manufacturer may technically be
entitled to claim that this product is ten-dimensional. However, the consumer is reminded
that this confers no legal rights above and beyond those applicable to three-dimensional
objects, since the seven new dimensions are "rolled up" into such a small "area" that they
cannot be detected.
PLEASE NOTE: Some quantum physics theories suggest that when the consumer is not
directly observing this product, it may cease to exist or will exist only in a vague and
undetermined state.
COMPONENT EQUIVALENCY NOTICE: The subatomic particles (electrons, protons, etc.)
comprising this product are exactly the same in every measurable respect as those used in
the products of other manufacturers, and no claim to the contrary may legitimately be
expressed or implied.
HEALTH WARNING: Care should be taken when lifting this product, since its mass, and
thus its weight, is dependent on its velocity relative to the user.
IMPORTANT NOTICE TO PURCHASERS: The entire physical universe, including this
product, may one day collapse back into an infinitesimally small space. Should another
universe subsequently re-emerge, the existence of this product in that universe cannot be
guaranteed.
Boost list run by bdawes at acm.org, gregod at cs.rpi.edu, cpdaniel at pacbell.net, john at johnmaddock.co.uk