473,326 Members | 2,126 Online
Bytes | Software Development & Data Engineering Community
Post Job

Home Posts Topics Members FAQ

Join Bytes to post your question to a community of 473,326 software developers and data experts.

Bjarne's exception safe sample

Hello everyone,
Here is Bjarne's exception safe sample,

http://www.research.att.com/~bs/3rd_safe.pdf

Expand|Select|Wrap|Line Numbers
  1. template <class Tclass Safe {
  2.  
  3. T* p ; // p points to a T allocated using new
  4. public :
  5. Safe () :p (new T ) { }
  6. ~Safe () { delete p ; }
  7. Safe & operator =(const Safe & a) { *p = *a .p ; return *this; }
  8. / / ...
  9. };
  10. template <class Tclass Unsafe { // sloppy and dangerous code
  11. T* p ; // p points to a T
  12. public :
  13. Unsafe (T* pp ) :p (pp ) { }
  14. ~Unsafe () { if (!p ->destructible ()) throw E(); delete p; }
  15. Unsafe & operator =(const Unsafe & a)
  16. {
  17. p ->~T (); // destroy old value (§10.4.11)
  18. new (p) T (a .p ); // construct copy of a.p in *p (§10.4.11)
  19. return *this;
  20. }
  21. / / ...
  22. };
  23.  
What makes me confused is, the description about why it is not
exception safe,

--------------------
The assignment operator may fail by throwing an exception from T 's
copy constructor. This would
leave a T in an undefined state because the old value of *p was
destroyed and no new value
replaced it.
--------------------

In my study, I can not find a case why there is exception thrown from
Unsafe's copy constructor. Any ideas?

BTW: it is also appreciated if you could share some experiences about
what in your minds does invariant status mean

(in Bjarne's minds, exception safety means making the object into
invariant status). I find the word *invariant* is

somethings hard to understand. :-)
thanks in advance,
George
Dec 23 '07 #1
4 1891
George2 wrote:
: Hello everyone,
:
:
: Here is Bjarne's exception safe sample,
:
: http://www.research.att.com/~bs/3rd_safe.pdf
:
:
Expand|Select|Wrap|Line Numbers
  1. : template <class Tclass Safe {
  2. :
  3. : T* p ; // p points to a T allocated using new
  4. : public :
  5. : Safe () :p (new T ) { }
  6. : ~Safe () { delete p ; }
  7. : Safe & operator =(const Safe & a) { *p = *a .p ; return *this; }
  8. : / / ...
  9. : };
  10. : template <class Tclass Unsafe { // sloppy and dangerous code
  11. : T* p ; // p points to a T
  12. : public :
  13. : Unsafe (T* pp ) :p (pp ) { }
  14. : ~Unsafe () { if (!p ->destructible ()) throw E(); delete p; }
  15. : Unsafe & operator =(const Unsafe & a)
  16. : {
  17. : p ->~T (); // destroy old value (§10.4.11)
  18. : new (p) T (a .p ); // construct copy of a.p in *p (§10.4.11)
  19. : return *this;
  20. : }
  21. : / / ...
  22. : };
:
: What makes me confused is, the description about why it is not
: exception safe,
:
: --------------------
: The assignment operator may fail by throwing an exception from T 's
: copy constructor. This would
: leave a T in an undefined state because the old value of *p was
: destroyed and no new value
: replaced it.
: --------------------
:
: In my study, I can not find a case why there is exception thrown
: from Unsafe's copy constructor. Any ideas?

I think Bjarne says it all in the above paragraph. :-)

If you destroy a T (p->~T()), and the fail to construct a new T, the
Unsafe object is in an invalid state. Later, when trying to destroy
Unsafe, you will be in real trouble!

:
: BTW: it is also appreciated if you could share some experiences
: about what in your minds does invariant status mean
:
: (in Bjarne's minds, exception safety means making the object into
: invariant status). I find the word *invariant* is
: somethings hard to understand. :-)

In invariant is something that doesn't vary, something that is always
true, like an object being in a valid state.

Having an object that cannot be used, and that cannot be safely
destroyed, is just Not Good(tm).
Bo Persson
Dec 23 '07 #2
On 2007-12-23 13:07, George2 wrote:
Hello everyone,
Here is Bjarne's exception safe sample,

http://www.research.att.com/~bs/3rd_safe.pdf

Expand|Select|Wrap|Line Numbers
  1. template <class Tclass Safe {
  2. T* p ; // p points to a T allocated using new
  3. public :
  4. Safe () :p (new T ) { }
  5. ~Safe () { delete p ; }
  6. Safe & operator =(const Safe & a) { *p = *a .p ; return *this; }
  7. / / ...
  8. };
  9. template <class Tclass Unsafe { // sloppy and dangerous code
  10. T* p ; // p points to a T
  11. public :
  12. Unsafe (T* pp ) :p (pp ) { }
  13. ~Unsafe () { if (!p ->destructible ()) throw E(); delete p; }
  14. Unsafe & operator =(const Unsafe & a)
  15. {
  16. p ->~T (); // destroy old value (§10.4.11)
  17. new (p) T (a .p ); // construct copy of a.p in *p (§10.4.11)
  18. return *this;
  19. }
  20. / / ...
  21. };
  22.  

What makes me confused is, the description about why it is not
exception safe,

--------------------
The assignment operator may fail by throwing an exception from T 's
copy constructor. This would
leave a T in an undefined state because the old value of *p was
destroyed and no new value
replaced it.
--------------------

In my study, I can not find a case why there is exception thrown from
Unsafe's copy constructor. Any ideas?
The critical part is "new (p) T (a .p );" since we do not know what T is
we can not guarantee that constructing an object of type T will succeed
(the most trivial example would be a failure to allocate memory for it).
If that happens the Unsafe object is left in a bad state since we have
already deleted the pointer to the old T object.
BTW: it is also appreciated if you could share some experiences about
what in your minds does invariant status mean

(in Bjarne's minds, exception safety means making the object into
invariant status). I find the word *invariant* is somethings hard to
understand. :-)
Invariants are some conditions that always have to be true for an
object. So if we have an object and performs some kind of operation on
it, then those conditions have to be true after the operations were
performed if they also were true before.

In the case above an invariant might be that p must always be a valid
pointer to an object of type T.

--
Erik Wikström
Dec 23 '07 #3
In article
<9f**********************************@s19g2000prg. googlegroups.com>,
George2 <ge*************@yahoo.comwrote:
Hello everyone,
Here is Bjarne's exception safe sample,

http://www.research.att.com/~bs/3rd_safe.pdf

Expand|Select|Wrap|Line Numbers
  1. template <class Tclass Safe {
  2. T* p ; // p points to a T allocated using new
  3. public :
  4. Safe () :p (new T ) { }
  5. ~Safe () { delete p ; }
  6. Safe & operator =(const Safe & a) { *p = *a .p ; return *this; }
  7. / / ...
  8. };
  9. template <class Tclass Unsafe { // sloppy and dangerous code
  10. T* p ; // p points to a T
  11. public :
  12. Unsafe (T* pp ) :p (pp ) { }
  13. ~Unsafe () { if (!p ->destructible ()) throw E(); delete p; }
  14. Unsafe & operator =(const Unsafe & a)
  15. {
  16. p ->~T (); // destroy old value (§10.4.11)
  17. new (p) T (a .p ); // construct copy of a.p in *p (§10.4.11)
  18. return *this;
  19. }
  20. / / ...
  21. };
  22.  

What makes me confused is, the description about why it is not
exception safe,

--------------------
The assignment operator may fail by throwing an exception from T 's
copy constructor. This would
leave a T in an undefined state because the old value of *p was
destroyed and no new value
replaced it.
--------------------

In my study, I can not find a case why there is exception thrown from
Unsafe's copy constructor. Any ideas?
Not Unsafe's copy constructor, but T's copy constructor. If during the
call to Unsafe's op=, T's copy constructor throws an exception, the
object that Unsafe points to will be in an indeterminate state.

(Just as a BTW, neither class above is really safe because they are both
missing appropriate copy constructors.)
BTW: it is also appreciated if you could share some experiences about
what in your minds does invariant status mean

(in Bjarne's minds, exception safety means making the object into
invariant status). I find the word *invariant* is
somethings hard to understand. :-)
An invariant of a class is something that is always true about all
objects of that class. One of Safe's invariants is that it always points
to a valid T. Unsafe can't make that claim.

You might want to read (http://citeseer.ist.psu.edu/227598.html) as well.
Dec 23 '07 #4
: BTW: it is also appreciated if you could share some experiences
: about what in your minds does invariant status mean
:
: (in Bjarne's minds, exception safety means making the object into
: invariant status). I find the word *invariant* is
: somethings hard to understand. :-)

In invariant is something that doesn't vary, something that is always
true, like an object being in a valid state.
The JSF-AV coding standard
(http://www.research.att.com/~bs/JSF-AV-rules.pdf) has a good
formalization of what an invariant is:

"A class invariant is a statement-of-fact about a class that must be
true for all stable instances of the class. A class is considered to be
in a stable state immediately after construction, immediately before
destruction, and immediately before and after any remote public method
invocation."

-dr
Dec 24 '07 #5

This thread has been closed and replies have been disabled. Please start a new discussion.

Similar topics

3
by: Scott Brady Drummonds | last post by:
Hello, all, My most recent assignment has me working on a medium- to large-sized Windows-based C++ software project. My background is entirely on UNIX systems, where it appears that most of my...
2
by: Joseph S. | last post by:
Hi all, Consider this case: I have a free php hosting account (a LAMP host) with an account name (also the name of my directory) 'sample'. Under 'sample', I have php scripts which can create...
8
by: Hayato Iriumi | last post by:
It's a big taboo to manipulate Windows Form directly from another thread and I did come across the issue in my actual development. My colleague and I were talking about it this morning and we...
2
by: Kuba_O | last post by:
Hello, i've got simple question about std::auto_ptr: what makes it is exceptions safe? Lets say i have class "int_smart_ptr" implemented like this: class int_smart_ptr { private: int...
1
by: Mike | last post by:
Hi, I'm auctioning the book "The C++ Programming Language" 3rd Ed. by Bjarne Stroustrup on ebay, details as follows or see eBay item number 250030480853. Softback. Condition : Good. Pub....
132
by: Zorro | last post by:
The simplicity of stack unraveling of C++ is not without defective consequences. The following article points to C++ examples showing the defects. An engineer aware of defects can avoid...
4
by: George2 | last post by:
Hello everyone, Here is Bjarne's exception safe sample, http://www.research.att.com/~bs/3rd_safe.pdf template <class T> class Safe {
16
by: George2 | last post by:
Hello everyone, The following swap technique is used to make assignment operator exception safe (means even if there is exception, the current object instance's state is invariant). It used a...
11
by: George2 | last post by:
Hello everyone, How do you understand the Bjarne's comments about exception specification? Especially, "not required to be checked across compilation-unit" and "violations will not be caught...
0
by: DolphinDB | last post by:
Tired of spending countless mintues downsampling your data? Look no further! In this article, you’ll learn how to efficiently downsample 6.48 billion high-frequency records to 61 million...
1
isladogs
by: isladogs | last post by:
The next Access Europe meeting will be on Wednesday 6 Mar 2024 starting at 18:00 UK time (6PM UTC) and finishing at about 19:15 (7.15PM). In this month's session, we are pleased to welcome back...
0
by: Vimpel783 | last post by:
Hello! Guys, I found this code on the Internet, but I need to modify it a little. It works well, the problem is this: Data is sent from only one cell, in this case B5, but it is necessary that data...
0
by: jfyes | last post by:
As a hardware engineer, after seeing that CEIWEI recently released a new tool for Modbus RTU Over TCP/UDP filtering and monitoring, I actively went to its official website to take a look. It turned...
0
by: ArrayDB | last post by:
The error message I've encountered is; ERROR:root:Error generating model response: exception: access violation writing 0x0000000000005140, which seems to be indicative of an access violation...
1
by: Defcon1945 | last post by:
I'm trying to learn Python using Pycharm but import shutil doesn't work
1
by: Shællîpôpï 09 | last post by:
If u are using a keypad phone, how do u turn on JavaScript, to access features like WhatsApp, Facebook, Instagram....
0
by: Faith0G | last post by:
I am starting a new it consulting business and it's been a while since I setup a new website. Is wordpress still the best web based software for hosting a 5 page website? The webpages will be...
0
isladogs
by: isladogs | last post by:
The next Access Europe User Group meeting will be on Wednesday 3 Apr 2024 starting at 18:00 UK time (6PM UTC+1) and finishing by 19:30 (7.30PM). In this session, we are pleased to welcome former...

By using Bytes.com and it's services, you agree to our Privacy Policy and Terms of Use.

To disable or enable advertisements and analytics tracking please visit the manage ads & tracking page.