|
Boost : |
From: Gavin Lambert (boost_at_[hidden])
Date: 2019-12-04 22:46:48
On 5/12/2019 03:14, Andrzej Krzemienski wrote:
> Making a resize() over capacity() a precondition violation is a *feature*
> useful for bug detection and I do not consider it a valid argument that
> "library will throw exceptions and if you never resize() over capacity()
> you will never see exceptions or std::abort()". If this is a precondition,
> then I expect of a library to put some BOOST_ASSERT() or
> _builtin_unreachable() in those paths to enable better bug detection.
I see this argument a lot, and it confuses me.
Perhaps this is my Windows dev background talking (since the analysis
tools seem more lacking on Windows, despite having a better debugger),
but in my experience it is vastly easier to find a thrown exception than
to find "deliberate" UB (including asserts). And vastly easier to log
that it unexpectedly occurred in production code in the field, so that
you can detect and fix it without a debugger attached to the process.
Asserts and unreachables both disappear in release builds, so the
process ends up continuing to run in some subtly corrupted way -- if
you're lucky it crashes soon after in an unrelated location that takes
you weeks to track down the true cause. If you're unlucky, it runs
longer, and corrupted some customer data along the way.
Please enlighten me.
Boost list run by bdawes at acm.org, gregod at cs.rpi.edu, cpdaniel at pacbell.net, john at johnmaddock.co.uk