Exceptions - comp.lang.c++.moderated

Message from discussion Exceptions

David Abrahams

View profile

More options Aug 31 2005, 5:05 pm

Newsgroups: comp.lang.c++.moderated

From: David Abrahams <d...@boost-consulting.com>

Date: 31 Aug 2005 17:05:05 -0400

Local: Wed, Aug 31 2005 5:05 pm

Subject: Re: Exceptions

  Reply to author
  |
  Forward
  | Print
  | View thread
  | Show original
  | Report this message
  | Find messages by this author
  

"Nicola Musatti" <nicola.musa...@gmail.com> writes:
> Bob Bell wrote:
>> Gerhard Menzl wrote:
>> > Bob Bell wrote:

>> > > I should be more specific. I interpret "the function cannot continue"
>> > > to mean that the function shouldn't be allowed to execute a single
>> > > instruction more, not even to throw an exception.

>> > Not even log and assert?

>> If I said "it's OK to log and assert", would that invalidate my point
>> or support yours? The point is to make as few assumptions about the
>> state of the system as possible, which leads to executing as little
>> code as possible. The problem with throwing is that it assumes that the
>> entire state of the system is still good, and that any and all code can
>> still run.

> Excuse me, but don't you risk assuming too much in the other direction?
> Consider for example a function as the following:

> double safeSqrt(double arg) {
> if ( arg < 0 )
> // what goes here?
> return std::sqrt(arg);
> }

> Wouldn't it be a bit extreme to assume the world has ended just because
> this function was passed a negative number?

Sure. If you want to throw an exception there, just document it and
don't call arg >= 0 a precondition.

If you call it a precondition, invoking safeSqrt with a negative
number becomes a bug. Then what's "safe" about that function? All
the caller knows when an exception emanates from it is that he's got a
bug somewhere in his code.

If it's a precondition, and you want to write code that tries to take
the safeSqrt of a million numbers, you have to check each one first to
make sure it's non-negative, or you have a bug in your code. If it's
not a precondition, wrap the whole thing in a try/catch block. "It's
easier to ask forgiveness than permission" ;-)

> On the other hand I agree that if the world has actually ended, we
> wouldn't want to add damage to it. So what can we do about it? You are
> probably right that exception handling is not to be trusted

That's not Bob's point at all.

> and it seems to me that the least action you can take is to return a
> conventional value.

> Should we reach the conclusion that returning error codes is better
> than exceptions for writing really robust code? ;-)

No. If you want your code to be robust, be clear about the difference
between preconditions and the conditions that generate error codes and
exceptions.

Some people like to avoid the word "error" in connection with the
latter category, so

_Programmer errors_ lead to precondition failures which invoke
undefined behavior

_Exceptional conditions_, such as resource allocation failures
and negative arguments to a safeSqrt that throws, are expected,
and generate exceptions or abnormal return values or
...whatever other mechanism you choose to report the condition.

Is that clearer?
--
Dave Abrahams
Boost Consulting
www.boost-consulting.com

[ See http://www.gotw.ca/resources/clcm.htm for info about ]
[ comp.lang.c++.moderated. First time posters: Do this! ]

Reply to author Forward