Boost :

Date view	Thread view	Subject view	Author view

From: David Abrahams (dave_at_[hidden])
Date: 2003-11-01 16:38:27

Next message: David Abrahams: "[boost] Re: In-place construction for variant"
Previous message: David Abrahams: "[boost] Re: In-place construction for variant"
In reply to: E. Gladyshev: "Re: [boost] Re: In-place construction for variant"
Next in thread: E. Gladyshev: "Re: [boost] Re: In-place construction for variant"
Reply: E. Gladyshev: "Re: [boost] Re: In-place construction for variant"

"E. Gladyshev" <egladysh_at_[hidden]> writes:

> --- Brian McNamara <lorgon_at_[hidden]> wrote:
>
>> > > Everyone "needs" the basic guarantee; without it you're sunk.
>> >
>> > What I mean is this.
>> > Typically when I call a function f(),
>> > I expect only two results.
>> > 1. Everything went as expected (if there is an error code, it is fine).
>> > 2. There was an exception.
>> >
>> > Now if there is an exception, as a rule of thumb
>> > I assume that nothing is safe anymore.
>> > Your best chance is that there is seprate
>> > watchdog process or hardware interlock
>> > that can shut everything down safely,
>> > if not, you are hosed... there
>> > could a physical RAM fault after all.
>> >
>> > I dont' understand how can I fit basic guarantees
>> > into this picture.
>> >
>> > Don't get me wrong, I am not against guarantees,
>> > I just don't know how to use them in practice.
>>
>> I think maybe I understand you now. In that case, the way I see the
>> basic guarantee is this:
>>
>> If we take away the computer (hardware, RAM, etc.) and are just left
>> with the "C++ abstract machine" as defined by the language standard
>> document, then...the basic guarantee says that, when an exception occurs during a call
>> to f(), things are still "safe". For example, objects are still in
>> "safe" states
>
> I don't think that it is a true statement. In general
> you cannot make this assumption.
> Basic guarantees allow you to break invariants,

No. The *definition* of "invariant" as used in stateful programming
allows invariants to be temporarily broken, because it's basically
impossible to write stateful software of any interesting complexity
that doesn't break them temporarily. As soon as you build a class
whose invariant requires keeping two different things in synch, you
have to be able to break the invariant to modify the class.

This has *nothing* whatsoever to do with the basic guarantee, other
than that the basic guarantee is phrased in terms of invariants. Any
condition arising from this fact that you can conjure up with
exceptions can also be created without them. I suggest you drop
discussion of the basic guarantee and exceptions for the time being and
just look at invariants in stateful programming.

-- 
Dave Abrahams
Boost Consulting
www.boost-consulting.com

Next message: David Abrahams: "[boost] Re: In-place construction for variant"
Previous message: David Abrahams: "[boost] Re: In-place construction for variant"
In reply to: E. Gladyshev: "Re: [boost] Re: In-place construction for variant"
Next in thread: E. Gladyshev: "Re: [boost] Re: In-place construction for variant"
Reply: E. Gladyshev: "Re: [boost] Re: In-place construction for variant"

Date view	Thread view	Subject view	Author view

Boost list run by bdawes at acm.org, gregod at cs.rpi.edu, cpdaniel at pacbell.net, john at johnmaddock.co.uk