468,107 Members | 1,469 Online
Bytes | Developer Community
New Post

Home Posts Topics Members FAQ

Post your question to a community of 468,107 developers. It's quick & easy.

Bjarne's exception safe sample

Hello everyone,
Here is Bjarne's exception safe sample,

http://www.research.att.com/~bs/3rd_safe.pdf

Expand|Select|Wrap|Line Numbers
  1. template <class Tclass Safe {
  2.  
  3. T* p ; // p points to a T allocated using new
  4. public :
  5. Safe () :p (new T ) { }
  6. ~Safe () { delete p ; }
  7. Safe & operator =(const Safe & a) { *p = *a .p ; return *this; }
  8. / / ...
  9. };
  10. template <class Tclass Unsafe { // sloppy and dangerous code
  11. T* p ; // p points to a T
  12. public :
  13. Unsafe (T* pp ) :p (pp ) { }
  14. ~Unsafe () { if (!p ->destructible ()) throw E(); delete p; }
  15. Unsafe & operator =(const Unsafe & a)
  16. {
  17. p ->~T (); // destroy old value (§10.4.11)
  18. new (p) T (a .p ); // construct copy of a.p in *p (§10.4.11)
  19. return *this;
  20. }
  21. / / ...
  22. };
  23.  
What makes me confused is, the description about why it is not
exception safe,

--------------------
The assignment operator may fail by throwing an exception from T 's
copy constructor. This would
leave a T in an undefined state because the old value of *p was
destroyed and no new value
replaced it.
--------------------

In my study, I can not find a case why there is exception thrown from
Unsafe's copy constructor. Any ideas?

BTW: it is also appreciated if you could share some experiences about
what in your minds does invariant status mean

(in Bjarne's minds, exception safety means making the object into
invariant status). I find the word *invariant* is

somethings hard to understand. :-)
thanks in advance,
George
Dec 23 '07 #1
4 1615
George2 wrote:
: Hello everyone,
:
:
: Here is Bjarne's exception safe sample,
:
: http://www.research.att.com/~bs/3rd_safe.pdf
:
:
Expand|Select|Wrap|Line Numbers
  1. : template <class Tclass Safe {
  2. :
  3. : T* p ; // p points to a T allocated using new
  4. : public :
  5. : Safe () :p (new T ) { }
  6. : ~Safe () { delete p ; }
  7. : Safe & operator =(const Safe & a) { *p = *a .p ; return *this; }
  8. : / / ...
  9. : };
  10. : template <class Tclass Unsafe { // sloppy and dangerous code
  11. : T* p ; // p points to a T
  12. : public :
  13. : Unsafe (T* pp ) :p (pp ) { }
  14. : ~Unsafe () { if (!p ->destructible ()) throw E(); delete p; }
  15. : Unsafe & operator =(const Unsafe & a)
  16. : {
  17. : p ->~T (); // destroy old value (§10.4.11)
  18. : new (p) T (a .p ); // construct copy of a.p in *p (§10.4.11)
  19. : return *this;
  20. : }
  21. : / / ...
  22. : };
:
: What makes me confused is, the description about why it is not
: exception safe,
:
: --------------------
: The assignment operator may fail by throwing an exception from T 's
: copy constructor. This would
: leave a T in an undefined state because the old value of *p was
: destroyed and no new value
: replaced it.
: --------------------
:
: In my study, I can not find a case why there is exception thrown
: from Unsafe's copy constructor. Any ideas?

I think Bjarne says it all in the above paragraph. :-)

If you destroy a T (p->~T()), and the fail to construct a new T, the
Unsafe object is in an invalid state. Later, when trying to destroy
Unsafe, you will be in real trouble!

:
: BTW: it is also appreciated if you could share some experiences
: about what in your minds does invariant status mean
:
: (in Bjarne's minds, exception safety means making the object into
: invariant status). I find the word *invariant* is
: somethings hard to understand. :-)

In invariant is something that doesn't vary, something that is always
true, like an object being in a valid state.

Having an object that cannot be used, and that cannot be safely
destroyed, is just Not Good(tm).
Bo Persson
Dec 23 '07 #2
On 2007-12-23 13:07, George2 wrote:
Hello everyone,
Here is Bjarne's exception safe sample,

http://www.research.att.com/~bs/3rd_safe.pdf

Expand|Select|Wrap|Line Numbers
  1. template <class Tclass Safe {
  2. T* p ; // p points to a T allocated using new
  3. public :
  4. Safe () :p (new T ) { }
  5. ~Safe () { delete p ; }
  6. Safe & operator =(const Safe & a) { *p = *a .p ; return *this; }
  7. / / ...
  8. };
  9. template <class Tclass Unsafe { // sloppy and dangerous code
  10. T* p ; // p points to a T
  11. public :
  12. Unsafe (T* pp ) :p (pp ) { }
  13. ~Unsafe () { if (!p ->destructible ()) throw E(); delete p; }
  14. Unsafe & operator =(const Unsafe & a)
  15. {
  16. p ->~T (); // destroy old value (§10.4.11)
  17. new (p) T (a .p ); // construct copy of a.p in *p (§10.4.11)
  18. return *this;
  19. }
  20. / / ...
  21. };
  22.  

What makes me confused is, the description about why it is not
exception safe,

--------------------
The assignment operator may fail by throwing an exception from T 's
copy constructor. This would
leave a T in an undefined state because the old value of *p was
destroyed and no new value
replaced it.
--------------------

In my study, I can not find a case why there is exception thrown from
Unsafe's copy constructor. Any ideas?
The critical part is "new (p) T (a .p );" since we do not know what T is
we can not guarantee that constructing an object of type T will succeed
(the most trivial example would be a failure to allocate memory for it).
If that happens the Unsafe object is left in a bad state since we have
already deleted the pointer to the old T object.
BTW: it is also appreciated if you could share some experiences about
what in your minds does invariant status mean

(in Bjarne's minds, exception safety means making the object into
invariant status). I find the word *invariant* is somethings hard to
understand. :-)
Invariants are some conditions that always have to be true for an
object. So if we have an object and performs some kind of operation on
it, then those conditions have to be true after the operations were
performed if they also were true before.

In the case above an invariant might be that p must always be a valid
pointer to an object of type T.

--
Erik Wikström
Dec 23 '07 #3
In article
<9f**********************************@s19g2000prg. googlegroups.com>,
George2 <ge*************@yahoo.comwrote:
Hello everyone,
Here is Bjarne's exception safe sample,

http://www.research.att.com/~bs/3rd_safe.pdf

Expand|Select|Wrap|Line Numbers
  1. template <class Tclass Safe {
  2. T* p ; // p points to a T allocated using new
  3. public :
  4. Safe () :p (new T ) { }
  5. ~Safe () { delete p ; }
  6. Safe & operator =(const Safe & a) { *p = *a .p ; return *this; }
  7. / / ...
  8. };
  9. template <class Tclass Unsafe { // sloppy and dangerous code
  10. T* p ; // p points to a T
  11. public :
  12. Unsafe (T* pp ) :p (pp ) { }
  13. ~Unsafe () { if (!p ->destructible ()) throw E(); delete p; }
  14. Unsafe & operator =(const Unsafe & a)
  15. {
  16. p ->~T (); // destroy old value (§10.4.11)
  17. new (p) T (a .p ); // construct copy of a.p in *p (§10.4.11)
  18. return *this;
  19. }
  20. / / ...
  21. };
  22.  

What makes me confused is, the description about why it is not
exception safe,

--------------------
The assignment operator may fail by throwing an exception from T 's
copy constructor. This would
leave a T in an undefined state because the old value of *p was
destroyed and no new value
replaced it.
--------------------

In my study, I can not find a case why there is exception thrown from
Unsafe's copy constructor. Any ideas?
Not Unsafe's copy constructor, but T's copy constructor. If during the
call to Unsafe's op=, T's copy constructor throws an exception, the
object that Unsafe points to will be in an indeterminate state.

(Just as a BTW, neither class above is really safe because they are both
missing appropriate copy constructors.)
BTW: it is also appreciated if you could share some experiences about
what in your minds does invariant status mean

(in Bjarne's minds, exception safety means making the object into
invariant status). I find the word *invariant* is
somethings hard to understand. :-)
An invariant of a class is something that is always true about all
objects of that class. One of Safe's invariants is that it always points
to a valid T. Unsafe can't make that claim.

You might want to read (http://citeseer.ist.psu.edu/227598.html) as well.
Dec 23 '07 #4
: BTW: it is also appreciated if you could share some experiences
: about what in your minds does invariant status mean
:
: (in Bjarne's minds, exception safety means making the object into
: invariant status). I find the word *invariant* is
: somethings hard to understand. :-)

In invariant is something that doesn't vary, something that is always
true, like an object being in a valid state.
The JSF-AV coding standard
(http://www.research.att.com/~bs/JSF-AV-rules.pdf) has a good
formalization of what an invariant is:

"A class invariant is a statement-of-fact about a class that must be
true for all stable instances of the class. A class is considered to be
in a stable state immediately after construction, immediately before
destruction, and immediately before and after any remote public method
invocation."

-dr
Dec 24 '07 #5

This discussion thread is closed

Replies have been disabled for this discussion.

Similar topics

3 posts views Thread by Scott Brady Drummonds | last post: by
2 posts views Thread by Joseph S. | last post: by
8 posts views Thread by Hayato Iriumi | last post: by
2 posts views Thread by Kuba_O | last post: by
132 posts views Thread by Zorro | last post: by
By using this site, you agree to our Privacy Policy and Terms of Use.