From: Michael Kilburn on
Hi,

I have checked C++ standard and did not find requirements imposed on
library implementation with respect to exception safety. But this is
as important of other parts of contract between library and client set
in standard. E.g. if program relies on strong guarantee provided by
some operation and another STL implementation provides only basic --
this program is not C++ program (in a sense that compiled in different
standard-compliant environment it will behave differently).
Did I miss some standard addendum or followup papers? Can someone
point me to right direction, please?

Thanks.
Michael.

--
[ See http://www.gotw.ca/resources/clcm.htm for info about ]
[ comp.lang.c++.moderated. First time posters: Do this! ]

From: Michael Kilburn on
On Jul 19, 2:51 pm, Daniel Kr�gler <daniel.krueg...(a)googlemail.com>
wrote:
> > > There exist some very general statements and guarantees, see below.
>
> > Yes, I saw them... the problem is that quite often they are not "very
> > general" -- they are incomplete!
>
> If they are incomplete in the sense that the standard is ambiguous
> or contradictory in this regard this would be an issue, yes.

Well, probably my frustration found it's way to the surface -- few
days ago I've spent considerable time trying to figure out what
guarantees vector<string>::resize(10, "AAAA") gives me -- i.e. should
I structure my logic for basic guarantee or strong one (as provided by
my gcc version).
I googled a bit too hoping to find simple and clear list of functions
lined against conditions and guarantees attached to them, but could
not find any :-\

I'll skip most of the quoting and will try to summarize all these
postings -- so you are saying that:
1) unless explicitly specified otherwise any STL operation provides
basic exception guarantee
2) there are no cases on unspecified behaviour other than 3 you
mentioned (exception from dtor, replacement and handler functions)
3) there are places where strong guarantee is guaranteed and mentioned
explicitly

Are those point correct?
What are the "replacement and handler functions" -- functors I pass
into std::transform/etc?

Would be really nice to have a shortlist of cases where STL gives
strong guarantee. Plus readable explanation for undefined behaviour
cases. It is quite painful to extract this infromation from standard
right now. And this, of course, contributes to current state of things
in industry, where 80% of senior level developers do not know what is
going to happen if while throwing exception another exception gets
produced (I did a lot of interviews lately (not as a candidate :-)))
and host of apps that goes bananaz when something goes wrong (like out
of memory).


> Note that clear() now guarantees that it does not throw for any container anyway

Woo-hoo! :-) we definitely need a tight list with explicit description
of exception-related behaviours on a per-function basis in C++
standard. This would serve two important purposes -- library will
become solid and programmers can actually use it as reference.

Thank you.
Michael.


--
[ See http://www.gotw.ca/resources/clcm.htm for info about ]
[ comp.lang.c++.moderated. First time posters: Do this! ]

From: Mathias Gaunard on
On Jul 21, 1:47 am, Thomas Richter <t...(a)math.tu-berlin.de> wrote:
> Francis Glassborow wrote:
> >> ??? How should I know how many resources are available? The lack of any
> >> strong guarantee more or less means that proper handling of resource
> >> exhaustion is impossible if you insert more than one element at once.
> >> IOW, all I can do then is to terminate the program? Now, for *that* I
> >> don't need exceptions, do I?
>
> > You are exaggerating. The STL guarantees exception safety. What it does
> > not do is to guarantee the strong version under all circumstances.
>
> Certainly I am, and it was certainly provocative (but for a reason); I
> understand that the STL doesn't provide such a strong guarantee, but
> while I understand some of the reasoning behind, I somehow see that in
> conflict with the principles of the language. I'll come to that later on.
>
> > For example suppose that you try to insert a block of ten elements into
> > a container and that an exception is thrown during this process. You
> > will still have a stable container in a destructable state. However the
> > Standard does not guarantee that it is in the same state that it was
> > prior to your attempt to insert elements.
>
> Certainly, that is understood. But assume that the copy constructors of
> my classes cannot throw (otherwise, of course, I agree that all bets are
> off, and my code is to blame, and not the STL).

Then the only reason the container can throw is because it is out of
memory, which doesn't work reliably on modern operating systems anyway
due to memory overcommit.

Realistically speaking, though, one would expect a good quality
implementation of insert to allocate all the memory needed beforehand
when passed a pair or random access iterators, making the primitive
strongly exception-safe in the lack of user exceptions.


--
[ See http://www.gotw.ca/resources/clcm.htm for info about ]
[ comp.lang.c++.moderated. First time posters: Do this! ]

From: Goran Pusic on
On Jul 23, 1:55 am, Thomas Richter <t...(a)math.tu-berlin.de> wrote:
> Mathias Gaunard wrote:
> > Then the only reason the container can throw is because it is out of
> > memory, which doesn't work reliably on modern operating systems anyway
> > due to memory overcommit.
>
> IOW, I cannot use the STL in embedded applications? Or memory
> constrained applications? Not everything is a windows or a Linux.
> Doesn't that conflict with the design principles of C++?

+1 for this.

Also... To my mind, Mathias is wrong from the get-go.

First off, Windows does not overcommit at all. Overcommit is also
optional (albeit prevalent and a default option) on Linux and Unix.

IMO, overcommit should not even be considered as a factor here. To a C+
+ code, it's theoretically equivalent to a power loss. Failures due to
overcommit are (a potential) issue for code running on systems with
overcommit.

Goran.


--
[ See http://www.gotw.ca/resources/clcm.htm for info about ]
[ comp.lang.c++.moderated. First time posters: Do this! ]

From: Kenneth 'Bessarion' Boyd on
On Jul 21, 7:47 pm, "Bo Persson" <b...(a)gmb.dk> wrote:

> You DO get an assurance that if anything else throws, like a
> std::bad_alloc, a std::vector will be unchanged.
>
> If your copy constructor or assignment throws, the container will
> fail, but how the heck would you "fix up" the elements that couldn't
> be assigned? How are you going to assign them valid values, when
> assignment throws?

Well, since this is the STL the absence of a strong exception
guarantee for the assignment operator (conditional on strong exception
guarantee, ...) is a noticeable annoyance.

For user containers, that's what would be pragmatic for exception-safe
programming.


--
[ See http://www.gotw.ca/resources/clcm.htm for info about ]
[ comp.lang.c++.moderated. First time posters: Do this! ]