|
Boost : |
Subject: Re: [boost] [outcome] Review of Outcome
From: Niall Douglas (s_sourceforge_at_[hidden])
Date: 2017-05-29 15:51:18
>> We are in agreement that narrow observers are probably daft in an object
>> mostly used for returning surprise. Vicente in the other thread appears
>> to be unwilling to accept my request that good API design should always
>> follow the principle of "less safety requires more programmer typing"
>> which in my mind means operator*() needs to be wide, as does .value()
>> and .error(). Let .unsafe_value() etc be the narrow editions. So I don't
>> think I can reconcile Outcome with Expected now.
>>
>
> I must protest. "less safety requires more programmer typing"-- I agree
> with this view. But artificially widening the contract doesn't make
> anything safer. If a programmer commits a bug, which is extracting the
> value without having verified that the value actually exists, it odes not
> make the program safe that you conceal this fact and instead apply *some*
> semantics to it: likely not the one that the programmer intended.
>
> If you have a narrow contract you leave a chance for static analyzers and
> UB-sanitizers to detect the bug. Widening contracts prevents such bug
> detection and is *unsafe*. You may still choose to go with wide contracts
> everywhere (and it might turn out to be the best choice), but accept that
> this is not a widely held view of safety. Don't call it "safety". Call it
> "wide contract".
Darn. You now have me back on to thinking checked and unchecked typedefs
are best. No v2 high level review of agreed changes after all.
Niall
-- ned Productions Limited Consulting http://www.nedproductions.biz/ http://ie.linkedin.com/in/nialldouglas/
Boost list run by bdawes at acm.org, gregod at cs.rpi.edu, cpdaniel at pacbell.net, john at johnmaddock.co.uk