Boost logo

Boost :

Subject: Re: [boost] [outcome] Review of Outcome
From: Andrzej Krzemienski (akrzemi1_at_[hidden])
Date: 2017-05-29 15:13:50


2017-05-29 16:38 GMT+02:00 Niall Douglas via Boost <boost_at_[hidden]>:

>
> We are in agreement that narrow observers are probably daft in an object
> mostly used for returning surprise. Vicente in the other thread appears
> to be unwilling to accept my request that good API design should always
> follow the principle of "less safety requires more programmer typing"
> which in my mind means operator*() needs to be wide, as does .value()
> and .error(). Let .unsafe_value() etc be the narrow editions. So I don't
> think I can reconcile Outcome with Expected now.
>

I must protest. "less safety requires more programmer typing"-- I agree
with this view. But artificially widening the contract doesn't make
anything safer. If a programmer commits a bug, which is extracting the
value without having verified that the value actually exists, it odes not
make the program safe that you conceal this fact and instead apply *some*
semantics to it: likely not the one that the programmer intended.

If you have a narrow contract you leave a chance for static analyzers and
UB-sanitizers to detect the bug. Widening contracts prevents such bug
detection and is *unsafe*. You may still choose to go with wide contracts
everywhere (and it might turn out to be the best choice), but accept that
this is not a widely held view of safety. Don't call it "safety". Call it
"wide contract".

Regards,
&rzej;


Boost list run by bdawes at acm.org, gregod at cs.rpi.edu, cpdaniel at pacbell.net, john at johnmaddock.co.uk