|
Boost : |
From: Andrzej Krzemienski (akrzemi1_at_[hidden])
Date: 2019-11-29 12:20:57
pt., 29 lis 2019 o 10:10 Peter Dimov via Boost <boost_at_[hidden]>
napisaÅ(a):
> Andrzej Krzemienski wrote:
>
> > I suspect (I am not programming in an embedded system) that rather than
> > relying on __builtin_trap() or std::abort(), what you do is start
> treating
> > a `resize()` over `capacity()` as a precondition violation (a bug). And
> > this causes a different programming model and the organization of your
> > code.
>
> That was exactly why I wrote
>
> > > There's no need to afford exceptions, you just need to be able to
> afford
> > > the potential loss in performance, basically one branch per append if
> > > not heroically optimized away.
>
> That is: in order to use the library as presented, you don't need to
> afford
> exceptions, but you will need to basically duplicate the same check op+=
> does, in user code; this may decrease performance, but will not allow a
> buffer overflow in case you either forgot the check or got it wrong.
>
This is just performance aspect. Another one is correctness checking. If a
library adapted the model where over-resize is a bug, it can plant
sufficient platform-specific precondition annotations for the tools to be
able to detect user bugs. (e.g., when I put __builtin_unreachable() and
compile with UB-sanitizer).
Regards,
&rzej;
Boost list run by bdawes at acm.org, gregod at cs.rpi.edu, cpdaniel at pacbell.net, john at johnmaddock.co.uk