|
Boost : |
From: David B. Held (dheld_at_[hidden])
Date: 2004-07-17 02:35:41
David Abrahams wrote:
> Pavol Droba <droba_at_[hidden]> writes:
>[...]
>>"
>>Exception Safety
>>
>>The library requires that all operations on types used as template
>>or function arguments provide the basic exception guarantee.
>>In turn, all functions and algorithms in this library, except where
>>stated otherwise, will provide the basic exceptions guarantee.
>
> I hope not. There should be no instance in which you don't provide
> the basic guarantee.
The idea is that the library may offer some other guarantee instead
of the basic guarantee.
> Fundamentally you don't have to say any of what's in that paragraph,
> though I don't mind it in principle. By definition, you *can't* break
> invariants. Unless you explicitly say you're going to leak resources,
> the client has a right to expect you won't, even in the face of
> exceptions. Nothing gives the client license to break imposed
> requirements, even in the face of exceptions.
Well, considering that many programmers don't even know how to talk
about exception safety, I don't think it hurts to have a reminder
that if the library behaves in an exception-unsafe way, it's the
user's fault.
> [...]
> I would either throw out this whole thing or rewrite it as follows:
>
> The library maintains its invariants and does not leak resources in
> the face of exceptions. Some library operations give stronger
> guarantees, which are documented on an individual basis.
Ah, but you yourself have said that the guarantees do not form a
hierarchy, so there is no proper notion of "stronger" with respect to
them. ;) Pretty easy to say it that way though, huh? Anyway, I would
say that many libraries do *not* offer the basic guarantee, and that
the value in saying so is that it indicates the author has considered
the issue and certifies that the library is minimally exception-safe.
Saying that it maintains its invariants instead of saying that it
gives the basic guarantee does not convey the right message, in my
opinion, because many programmers obviously do not feel a need to
maintain invariants in the presence of exceptions (or they would write
more exception-safe code).
Dave
Boost list run by bdawes at acm.org, gregod at cs.rpi.edu, cpdaniel at pacbell.net, john at johnmaddock.co.uk