|
|
Boost : |
Subject: Re: [boost] [contract] oldof failure not in N1962?
From: Andrzej Krzemienski (akrzemi1_at_[hidden])
Date: 2011-07-18 16:21:22
> As far as I can see, N1962 does not say what to do in case of a failure
> while evaluating and copying an oldof expression. For example, what shall
> Contract Programming do if there is a memory error while taking a copy of
> size() to later check the following postcondition?
Hi Lorenzo,
If we could agree that throwing an exception indicates that the system that
hosts the program is in the state where it cannot execute our program
anymore
(lack of memory, threads), you could just let the thrown exception fly out
of
your function, as though it was the function that threw it. The function
leaves objectsin the correct state: precondition was checked and held,
function execution has not yet started. The downside of this solution is
that
it throws something that the caller might not haave expected.
Another valid solution would be "if you cannot check the correctness, at
least let the function work". That is, you swallow the exception and abandon
checking the postcondition.
On the other hand, one may want something opposite: do not let my program
run unless you are absolutely sure all checks have succeeded. In this case
you might want to signal it, but since it is neither precondition nor
postcondition violation, perhaps you need an another callback:
"on_inability_to_validate". Then anyone could do what they think is best:
1. Pass the exception
2. Skip postcondition
3. terminate
Regards,
&rzej
Boost list run by bdawes at acm.org, gregod at cs.rpi.edu, cpdaniel at pacbell.net, john at johnmaddock.co.uk