Boost logo

Boost :

Subject: Re: [boost] [contract] oldof failure not in N1962?
From: Dave Abrahams (dave_at_[hidden])
Date: 2011-07-19 17:41:20


on Tue Jul 19 2011, lcaminiti <lorcaminiti-AT-gmail.com> wrote:

> Dave Abrahams wrote:
>>
>> on Tue Jul 19 2011, Lorenzo Caminiti <lorcaminiti-AT-gmail.com> wrote:
>>
>>>
>>> I'm sorry I managed to confuse everyone with this post
>>> because I meant to ask something different...
>>>
>>> My question instead, is: What shall I do if I fail to copy an oldof
>>> value?
>>
>> I don't think I misunderstood your question, although I don't happen to
>> know what "oldof" means here...
>>
>>> Specifically, what shall I do if an oldof copy throws an
>>> exception? This is not specified by N1962 (as far as I can see). I
>>> decided that if I fail to copy and olfof value then I call the
>>> postcondition_broken handler but only after executing the body (even
>>> if oldof values are internally copied before the body is executed).
>>
>> As I said, that doesn't make any sense to me, for the reasons I already
>> gave, and because failure to allocate memory in precondition checking
>> does not amount to a broken postcondition.
>>
>
> But in this case the failure is in allocating memory to copy an old value
> and NOT in checking preconditions.
>
> Failing to copy an old value (e.g., for an alloc failure) will indeed not
> allow to check postconditions because the postconditions use the old value.
> Therefore, the postconditions should be considered failed because they
> cannot be checked and postcondition_broken should be called.

No (IMO). postcondition_broken indicates a program bug. As I mentioned
in my guidelines, anticipated failure to satisfy a postcondition is a
recoverable condition and should normally result in an exception.

Of course, if that would change the contract of the function, it's
unacceptable ;-)

-- 
Dave Abrahams
BoostPro Computing
http://www.boostpro.com

Boost list run by bdawes at acm.org, gregod at cs.rpi.edu, cpdaniel at pacbell.net, john at johnmaddock.co.uk