Boost logo

Boost :

From: Alexander Nasonov (alnsn_at_[hidden])
Date: 2006-09-11 08:45:02


>You might want to take a look at SafeInt:
>http://msdn.microsoft.com/library/default.asp?url=/library/en-us/dncod
>e/html/secure01142004.asp
>It takes a different approach, which IMO is more convenient in most
>situations than the free functions, it defines a wrapper class
>template which controls all the arithmetic operations of the
>underlying type. The code is copyrighted and highly
>platform-dependent, but I think that if Boost is going to have any
>arithmetic operations checking mechanism, then it should rather look
>like this.

I agree that C++ lacks of safe integers types but I disagree that throwing an exception is a good idea:
- Overflows tend to happen under rare circumstances and tests usually don't cover all of them (or even don't cover at all)
- It's hard to view an innocent i = i + j as an expression that may throw
- Throwing an exception from a place where it's not expected often breaks invariants (in C++, broken invariants are often subtle and dangerous)
- No way to grep overflow checks
- Unlike ignored return types, compilers don't print any warning on ignored throw clause
- I can hardly imagine that I change some int members of popular classes in a hope that it would magically work when I resolve hundreds of compiler erros

>Also, I think the interface containing a bunch of C-style set of
>functions with arguments' types pushed into the functions' names is a
>bit inadequate for a modern C++ library - it makes it very difficult
>to use your library in a generic code, and it makes it easy to perform
>unwanted argument conversions.

Don't say "generic" to people who care about security. It's hard to check even ordinary code. I don't know what they would do if you send them a generic code, especially if it's look very much like basic integer operations but may throw ;-)
I don't know what they think about Boost.Lambda either.
It can be generic to a certain extent if coded carefully but that's definitely too much for Average Joe.

--
Alexander Nasonov

Boost list run by bdawes at acm.org, gregod at cs.rpi.edu, cpdaniel at pacbell.net, john at johnmaddock.co.uk