Boost logo

Boost :

Subject: Re: [boost] [outcome] Review of Outcome
From: Niall Douglas (s_sourceforge_at_[hidden])
Date: 2017-05-29 15:51:18

>> We are in agreement that narrow observers are probably daft in an object
>> mostly used for returning surprise. Vicente in the other thread appears
>> to be unwilling to accept my request that good API design should always
>> follow the principle of "less safety requires more programmer typing"
>> which in my mind means operator*() needs to be wide, as does .value()
>> and .error(). Let .unsafe_value() etc be the narrow editions. So I don't
>> think I can reconcile Outcome with Expected now.
> I must protest. "less safety requires more programmer typing"-- I agree
> with this view. But artificially widening the contract doesn't make
> anything safer. If a programmer commits a bug, which is extracting the
> value without having verified that the value actually exists, it odes not
> make the program safe that you conceal this fact and instead apply *some*
> semantics to it: likely not the one that the programmer intended.
> If you have a narrow contract you leave a chance for static analyzers and
> UB-sanitizers to detect the bug. Widening contracts prevents such bug
> detection and is *unsafe*. You may still choose to go with wide contracts
> everywhere (and it might turn out to be the best choice), but accept that
> this is not a widely held view of safety. Don't call it "safety". Call it
> "wide contract".

Darn. You now have me back on to thinking checked and unchecked typedefs
are best. No v2 high level review of agreed changes after all.


ned Productions Limited Consulting

Boost list run by bdawes at, gregod at, cpdaniel at, john at