Bound Checking Cross Platform
Immortal Nephi
_SCL_SECURE and _SCL_SECURE_VALIDATE macros. They are Microsoft
specification. What about other platforms such as Mac OS X and Linux?
If your source code uses Microsoft Visual C++, it uses Win32 API to
call MessageBoxW(…) if assertion or exception is triggered. How can
source code have portability? If port to Mac OS X or Linux, which API
function can be used to trigger assertion or exception? It would be
either iostream or X Windows.
Ian Collins
I'm not really sure what you are asking, but I'll have a go...
> at() function of vector has bound checking. It does include
> _SCL_SECURE and _SCL_SECURE_VALIDATE macros.
Does it?
> They are Microsoft
> specification. What about other platforms such as Mac OS X and Linux?
The behaviour of at() is defined by the standard.
> If your source code uses Microsoft Visual C++, it uses Win32 API to
> call MessageBoxW(…) if assertion or exception is triggered. How can
> source code have portability? If port to Mac OS X or Linux, which API
> function can be used to trigger assertion or exception? It would be
> either iostream or X Windows.
assert or throw? There aren't any standard GUI versions.
--
Ian Collins
James Kanze
> On 09/22/10 03:25 PM, Immortal Nephi wrote:
> I'm not really sure what you are asking, but I'll have a go...
> > at() function of vector has bound checking. It does include
> > _SCL_SECURE and _SCL_SECURE_VALIDATE macros.
> Does it?
What does it mean for a function to include a macro? (I don't
think English is the original poster's native language. And I'm
not sure at all what he meant.)
> > They are Microsoft specification. What about other
> > platforms such as Mac OS X and Linux?
> The behaviour of at() is defined by the standard.
The behavior of all of the functions in the standard library is
defined by the standard. Perhaps you mean that there is no
undefined behavior for at() in the standard library (except for
the global undefined behaviors, like exceeding resource limits).
> > If your source code uses Microsoft Visual C++, it uses Win32
> > API to call MessageBoxW(…) if assertion or exception is
> > triggered. How can source code have portability? If port
> > to Mac OS X or Linux, which API function can be used to
> > trigger assertion or exception? It would be either iostream
> > or X Windows.
> assert or throw? There aren't any standard GUI versions.
If your source code has calls to MessageBoxW in it, it isn't
portable. If you need to make your source code portable to Mac
OS or Linux, don't call MessageBoxW.
But I'm confused by his second question. MessageBoxW doesn't
trigger an assertion or an exception (unless you give it bad
arguments). It might be triggered by an assertion with some
options of VC++, I don't know. If that's the case, we don't use
those options; in our Windows software, assert behaves exactly
like under Unix. And of course, an exception must behave as the
standard says exceptions behavior; it can't (legally, at least)
pop up message boxes on the screen.
--
James Kanze
Goran
> at() function of vector has bound checking. It does include
> _SCL_SECURE and _SCL_SECURE_VALIDATE macros. They are Microsoft
> specification. What about other platforms such as Mac OS X and Linux?
On other platforms, you could use STLPort, which has support for
bounds checking (look for _STLP_DEBUG), and with gcc, you could use
_GLIBCXX_DEBUG.
I'd be wary of using bounds (and iterator) checking in general in
NDEBUG, though. I personally try to crash my code as fast as possible
upon range and iterator errors in it ;-).
Goran.
Immortal Nephi
static void _Xran()
{ // report an out_of_range error
_THROW(out_of_range, "invalid vector<T> subscript");
}
I copied some functions from vector header. Is this function above
the Standard C++ Library to trigger an exception? If _Xran function
is called, it uses MessageBoxW(…) in Microsoft specification to
trigger an exception. Mac OS X and Linux may use different API
function rather than MessageBoxW(…).
reference at(size_type _Pos)
{ // subscript mutable sequence with checking
if (size() <= _Pos)
_Xran();
return (*(begin() + _Pos));
}
at() function does bound checking and throws an exception.
reference operator[](size_type _Pos)
{ // subscript mutable sequence
#if _HAS_ITERATOR_DEBUGGING
if (size() <= _Pos)
{
_DEBUG_ERROR("vector subscript out of range");
_SCL_SECURE_OUT_OF_RANGE;
}
#endif /* _HAS_ITERATOR_DEBUGGING */
_SCL_SECURE_VALIDATE_RANGE(_Pos < size());
return (*(_Myfirst + _Pos));
}
Notice _HAS_ITERATOR_DEBUGGING symbol. It is Microsoft
Specification. Do Mac OS X and Linux have different symbol name?
If I want to create my own operator[], it needs to be portable across
platforms. If Win32 macro is tested, then _HAS_ITERATOR_DEBUGGING
symbol is chosen, or Mac OS X or Linux is tested, then different
symbol name will be given.
Goran
> Notice _HAS_ITERATOR_DEBUGGING symbol. It is Microsoft
> Specification. Do Mac OS X and Linux have different symbol name?
> If I want to create my own operator[], it needs to be portable across
> platforms. If Win32 macro is tested, then _HAS_ITERATOR_DEBUGGING
> symbol is chosen, or Mac OS X or Linux is tested, then different
> symbol name will be given.
Look in the C++ standard. You will not find _HAS_ITERATOR_DEBUGGING.
Look at specification for e.g. vector::operator[]. You will not find
anything about conditional compilation (to include/exclude) bounds
checking).
Standard has nothing to say about these things. Any implementation is
free to do whatever it wants (e.g. for debugging purposes).
If you want portable bound-checked operator[] for some class of your
own, you have to write your own bounds checking. Macros that you speak
of are then irrelevant, unless you can require your users to compile
with them (which you might, or might not be able to mandate). If I
were you, I'd go for a vector implementation of my own, and that would
either throw an exception of my own (most likely derived from
range_error, and containing index value, vector size, perhaps vector
object address), either just crash, to get crash dump.
If you want portable bounds-checked operator[] for standard vector,
then I think you are out of luck (apart writing your own STL). This is
because, since standard does not require bounds-checking,
implementations have it only as an option. And that's good. Checks
have run-time and code-size impact, which is not in line with
performance tenets of C++.
Goran.
Öö Tiib
> I copied some functions from vector header.
You copied code from platform-specific implementation internals of
std::vector. That is sure way how to get non-portable source code.
vector is there for using it. When used it works as standard did
specify with extensions that implementation did specify. If you copy-
paste its code then you get something that makes everybody confused
and/or angry, because in next version of very same compiler the vector
internals may be refactored and the code may not work anymore.
Pete Becker
> On Sep 22, 5:45 am, Goran <goran.pu...@gmail.com> wrote:
>> On Sep 22, 5:25 am, Immortal Nephi <Immortal_Ne...@hotmail.com> wrote:
>>
>>> at() function of vector has bound checking. It does include
>>> _SCL_SECURE and _SCL_SECURE_VALIDATE macros. They are Microsoft
>>> specification. What about other platforms such as Mac OS X and Linux?
>>
>> On other platforms, you could use STLPort, which has support for
>> bounds checking (look for _STLP_DEBUG), and with gcc, you could use
>> _GLIBCXX_DEBUG.
>>
>> I'd be wary of using bounds (and iterator) checking in general in
>> NDEBUG, though. I personally try to crash my code as fast as possible
>> upon range and iterator errors in it ;-).
>
> static void _Xran()
> { // report an out_of_range error
> _THROW(out_of_range, "invalid vector<T> subscript");
> }
The name _Xran begins with an underscore followed by a capital letter.
That means it's a name that's reserved for use by the implementation.
Yes, it throws an exception, unless exceptions are turned off, in which
case it aborts execution. But that latter is implementation-specific.
>
> I copied some functions from vector header. Is this function above
> the Standard C++ Library to trigger an exception? If _Xran function
> is called, it uses MessageBoxW(…) in Microsoft specification to
> trigger an exception. Mac OS X and Linux may use different API
> function rather than MessageBoxW(…).
Whoa, you're muddling terms. _Xran throws an exception. It doesn't do
anything with MessageBoxW. It may be that the standard code generated
by Microsoft's IDE for your application catches exceptions and puts up
a message box. But that code isn't in _Xran, and it's not part of the
C++ specification.
--
Pete
Roundhouse Consulting, Ltd. (www.versatilecoding.com) Author of "The
Standard C++ Library Extensions: a Tutorial and Reference
(www.petebecker.com/tr1book)
James Kanze
> On Sep 22, 5:45 am, Goran <goran.pu...@gmail.com> wrote:
> > On Sep 22, 5:25 am, Immortal Nephi <Immortal_Ne...@hotmail.com> wrote:
> > > at() function of vector has bound checking. It does
> > > include _SCL_SECURE and _SCL_SECURE_VALIDATE macros. They
> > > are Microsoft specification. What about other platforms
> > > such as Mac OS X and Linux?
> > On other platforms, you could use STLPort, which has support
> > for bounds checking (look for _STLP_DEBUG), and with gcc,
> > you could use _GLIBCXX_DEBUG.
> > I'd be wary of using bounds (and iterator) checking in
> > general in NDEBUG, though. I personally try to crash my code
> > as fast as possible upon range and iterator errors in it
> > ;-).
> static void _Xran()
> { // report an out_of_range error
> _THROW(out_of_range, "invalid vector<T> subscript");
> }
> I copied some functions from vector header.
I wouldn't even look at the <vector> header if I were you. It's
part of the implementation, and can do all sorts of things that
you can't, or shouldn't, because it collaborates with the
compiler.
> Is this function above
> the Standard C++ Library to trigger an exception?
Certainly not. The very name says that it's something internal
to the implementation, neither standard nor, unless it is
explicitly documented by the implementation, for your use.
> If _Xran function is called, it uses MessageBoxW(…) in
> Microsoft specification to trigger an exception. Mac OS X and
> Linux may use different API function rather than
> MessageBoxW(…).
Except that there almost certainly isn't an _Xran function
anywhere to be found in Mac OS or Linux. For that matter,
I can't find it in Windows, either, if I only look in the places
I'm suppsed to be looking in (the library documentation).
> reference at(size_type _Pos)
> { // subscript mutable sequence with checking
> if (size() <= _Pos)
> _Xran();
> return (*(begin() + _Pos));
> }
> at() function does bound checking and throws an exception.
> reference operator[](size_type _Pos)
> { // subscript mutable sequence
>
> #if _HAS_ITERATOR_DEBUGGING
> if (size() <= _Pos)
> {
> _DEBUG_ERROR("vector subscript out of range");
> _SCL_SECURE_OUT_OF_RANGE;
> }
> #endif /* _HAS_ITERATOR_DEBUGGING */
>
> _SCL_SECURE_VALIDATE_RANGE(_Pos < size());
>
> return (*(_Myfirst + _Pos));
> }
The above is all part of the implementation. It's totally
irrelevant to using or understanding the function. When using
a library function, you don't read the code, you read the
documentation.
> Notice _HAS_ITERATOR_DEBUGGING symbol. It is Microsoft
> Specification. Do Mac OS X and Linux have different symbol
> name?
Do they even have a symbol which does the same thing?
> If I want to create my own operator[], it needs to be portable across
> platforms. If Win32 macro is tested, then _HAS_ITERATOR_DEBUGGING
> symbol is chosen, or Mac OS X or Linux is tested, then different
> symbol name will be given.
You can't create your own operator[] for vector. For your own
classes, you shouldn't use anything in the implementation (which
might change from one version to the next).
--
James Kanze
Geoff
<Immorta...@hotmail.com> wrote:
> at() function of vector has bound checking. It does include
>_SCL_SECURE and _SCL_SECURE_VALIDATE macros. They are Microsoft
>specification. What about other platforms such as Mac OS X and Linux?
These are implementation specific macros. They are not supported on
Mac OS or Linux. Your classes should ignore and never use those
macros, they are internal to the Microsoft implementation.
> If your source code uses Microsoft Visual C++, it uses Win32 API to
>call MessageBoxW(…) if assertion or exception is triggered. How can
>source code have portability? If port to Mac OS X or Linux, which API
>function can be used to trigger assertion or exception? It would be
>either iostream or X Windows.
The response to an exception is implementation and OS defined. Whether
or not the system pops a dialog or not is specific to the system. The
system's response to an out of bounds condition can even change with
the type of build you are doing. For example:
# include <vector>
int main()
{
std::vector<int> v;
std::vector<int>::iterator i = v.begin();
v.push_back(1); // to bad invalidates all iterators including i
--i; // error - iterator no longer valid
}
This code pops a message box with the message "vector iterator not
decrementable" in Debug mode but the same project doesn't pop anything
in Release mode. The bounds checking is implemented in the debug
libraries but not in the release version.
This same code doesn't pop any dialogs in Xcode 2.5 debugger in debug
mode.
James Kanze
> On Tue, 21 Sep 2010 20:25:35 -0700 (PDT), Immortal Nephi
[...]
> The response to an exception is implementation and OS defined.
The response to an exception is not implementation defined. The
C++ standard clearly says what should occur.
--
James Kanze
Geoff
What happens to the program is clearly defined but what the "system"
does with it is implementation defined.
Do you mean to say the standard says a GUI dialog box is supposed to
pop up and tell the user an exception has occurred?
Ian Collins
> On Thu, 23 Sep 2010 01:28:12 -0700 (PDT), James Kanze
> <james...@gmail.com> wrote:
>
>> On Sep 22, 8:35 pm, Geoff<ge...@invalid.invalid> wrote:
>>> On Tue, 21 Sep 2010 20:25:35 -0700 (PDT), Immortal Nephi
>>
>> [...]
>>> The response to an exception is implementation and OS defined.
>>
>> The response to an exception is not implementation defined. The
>> C++ standard clearly says what should occur.
>
> What happens to the program is clearly defined but what the "system"
> does with it is implementation defined.
The program aborts. How the systems handle abnormal program termination
is implementation defined.
> Do you mean to say the standard says a GUI dialog box is supposed to
> pop up and tell the user an exception has occurred?
Once the program aborts, it is no more and the standard no longer applies.
--
Ian Collins
Kai-Uwe Bux
> On 09/23/10 09:14 PM, Geoff wrote:
>> On Thu, 23 Sep 2010 01:28:12 -0700 (PDT), James Kanze
>> <james...@gmail.com> wrote:
>>
>>> On Sep 22, 8:35 pm, Geoff<ge...@invalid.invalid> wrote:
>>>> On Tue, 21 Sep 2010 20:25:35 -0700 (PDT), Immortal Nephi
>>>
>>> [...]
>>>> The response to an exception is implementation and OS defined.
>>>
>>> The response to an exception is not implementation defined. The
>>> C++ standard clearly says what should occur.
>>
>> What happens to the program is clearly defined but what the "system"
>> does with it is implementation defined.
>
> The program aborts. How the systems handle abnormal program termination
> is implementation defined.
Really? According to [1.3.5], the implementation shall document
implementation defined behavior. I would not think, that a compiler vendor
has to consult with the OS vendor to write the compiler manual just to
include a section on how the OS responds to abnormally terminating programs.
I think, whatever happens after termination is simply beyond the scope of
the standard.
But maybe, "system" in the above exchange does not refer to the OS. In that
case, I would be curious to know what you guys mean (in fact, I am not even
sure, you two are referring to the same).
>> Do you mean to say the standard says a GUI dialog box is supposed to
>> pop up and tell the user an exception has occurred?
>
> Once the program aborts, it is no more and the standard no longer applies.
That would be my interpretation, too.
Best
Kai-Uwe Bux
Geoff
wrote:
>Ian Collins wrote:
>
>> On 09/23/10 09:14 PM, Geoff wrote:
>>> On Thu, 23 Sep 2010 01:28:12 -0700 (PDT), James Kanze
>>> <james...@gmail.com> wrote:
>>>
>>>> On Sep 22, 8:35 pm, Geoff<ge...@invalid.invalid> wrote:
>>>>> On Tue, 21 Sep 2010 20:25:35 -0700 (PDT), Immortal Nephi
>>>>
>>>> [...]
>>>>> The response to an exception is implementation and OS defined.
>>>>
>>>> The response to an exception is not implementation defined. The
>>>> C++ standard clearly says what should occur.
>>>
>>> What happens to the program is clearly defined but what the "system"
>>> does with it is implementation defined.
>>
>> The program aborts. How the systems handle abnormal program termination
>> is implementation defined.
>
>Really? According to [1.3.5], the implementation shall document
>implementation defined behavior. I would not think, that a compiler vendor
>has to consult with the OS vendor to write the compiler manual just to
>include a section on how the OS responds to abnormally terminating programs.
>I think, whatever happens after termination is simply beyond the scope of
>the standard.
>
>But maybe, "system" in the above exchange does not refer to the OS. In that
>case, I would be curious to know what you guys mean (in fact, I am not even
>sure, you two are referring to the same).
Not exclusively to the OS but to the compiler, debugger and OS
operating as a system in support of the OP's program. The OP is
looking for a platform independent method of getting the same
"response" from three different implementations on three different OS.
While I concede the goal is not possible under the standard, I think
your explanations were not directly to this point.
The direct answer is no, there is no platform-independent way to get
the same or similar notification of program exceptions. The standard
only says the program must abort. Secondly, one cannot get that kind
of notification by copying implementation-specific code into your
program.
>
>
>>> Do you mean to say the standard says a GUI dialog box is supposed to
>>> pop up and tell the user an exception has occurred?
>>
>> Once the program aborts, it is no more and the standard no longer applies.
>
>That would be my interpretation, too.
>
The point is that the OP is trying to get the same systemic response
from different systems based on his observation of a single
implementation who's templates and classes in debug mode are showing
him their internals which he is mistaking for the standard behavior of
all C++ implementations.
James Kanze
> On Thu, 23 Sep 2010 14:19:13 +0200, Kai-Uwe Bux <jkherci...@gmx.net>
> wrote:
[...]
> The direct answer is no, there is no platform-independent way to get
> the same or similar notification of program exceptions. The standard
> only says the program must abort.
Only if the exception is not caught, and the user has not
replaced terminate. The standard very definitely says that you
can, for example, catch all exceptions in main, or anywhere else
you choose, and do what you want in the code afterwards.
--
James Kanze
Ian Collins
> Ian Collins wrote:
>
>> On 09/23/10 09:14 PM, Geoff wrote:
>>> On Thu, 23 Sep 2010 01:28:12 -0700 (PDT), James Kanze
>>> <james...@gmail.com> wrote:
>>>
>>>> On Sep 22, 8:35 pm, Geoff<ge...@invalid.invalid> wrote:
>>>>> On Tue, 21 Sep 2010 20:25:35 -0700 (PDT), Immortal Nephi
>>>>
>>>> [...]
>>>>> The response to an exception is implementation and OS defined.
>>>>
>>>> The response to an exception is not implementation defined. The
>>>> C++ standard clearly says what should occur.
>>>
>>> What happens to the program is clearly defined but what the "system"
>>> does with it is implementation defined.
>>
>> The program aborts. How the systems handle abnormal program termination
>> is implementation defined.
>
> Really? According to [1.3.5], the implementation shall document
> implementation defined behavior. I would not think, that a compiler vendor
> has to consult with the OS vendor to write the compiler manual just to
> include a section on how the OS responds to abnormally terminating programs.
> I think, whatever happens after termination is simply beyond the scope of
> the standard.
I should have written "Operating system".
--
Ian Collins