Boost logo

Boost :

Subject: Re: [boost] Looking for thoughts on a new smart pointer: shared_ptr_nonnull
From: Thorsten Ottosen (thorsten.ottosen_at_[hidden])
Date: 2013-10-09 02:31:56


On 08-10-2013 21:22, Nevin Liber wrote:
> On 8 October 2013 13:17, Thorsten Ottosen <thorsten.ottosen_at_[hidden]>wrote:
>
>>
>> We are indeed going in circles. I can respect that some people don't want
>> the overhead of the runtime check. I can also respect that people don't
>> want to take down the whole server because of a bug in some subsystem.
>
>
> Except you can't know if it is a bug in a subsystem or somewhere else. If
> you know the bug is from the subsystem, why did you put the bug in? And if
> you don't know the root cause of the bug, how can you possibly know the
> effect? All you've detected is a symptom. The rest of the "analysis" is
> nothing more than wishful thinking.

There are many types of bugs, some are severe and some are less severe.
It's not exactly hard to put a catch around a call into a sub-system, in
which case you know for a fact that the exception exposes itself in this
sub-system. Could the bug be because of some other problem, working in
conjunction with the sub-system to induce the bug? Sure. Does it matter?
Nope. The bug is exposed in that particular subsystem.

I don't see how you can pretend what the right behavior is to such an
error is in other people's software. Killing a server application used
by hundreds of people is just not an option for some people. Talk about
wishful thinking.

You seem to be completely obsessed by the point that a precondition or
invariant violation must always be checked by compiled-away assertions.
Your argument is that there is a bug in the program and that you should
terminate anyway. Sadly, must programs have bugs, but we use them
anyway. In practice it matters for some to avoid UB. It's a major
benefit of using Java or C#.

-Thorsten


Boost list run by bdawes at acm.org, gregod at cs.rpi.edu, cpdaniel at pacbell.net, john at johnmaddock.co.uk