From: herwin@gmu.edu (Harry Erwin)
Subject: Re: Safety of the Booch Ada 95 Components
Date: 1999/12/12
Date: 1999-12-12T21:57:08+00:00 [thread overview]
Message-ID: <1e2pka4.nppns21okbh5cN%herwin@gmu.edu> (raw)
In-Reply-To: x7vr9gswe7o.fsf@pogner.demon.co.uk
Simon Wright <simon@pogner.demon.co.uk> wrote:
> herwin@gmu.edu (Harry Erwin) writes:
>
> > Matthew Heaney <matthew_heaney@acm.org> wrote:
> >
> > > procedure Copy
> > > (From : in Source_Type;
> > > To : in out Target_Type) is
> > > begin
> > > if From'Address = To'Address then
> > > return; -- do nothing, because From is same object as To
> > > end if;
> >
> > That's missing from the code I've been looking at.
>
> Yes, a clear defect, logged.
That's the feedback I needed. Thanks.
>
> > Strong exception-safety == supports commit/rollback semantics.
>
> Is that a standard definition?
Herb Sutter, Exceptional C++, Addison-Wesley, 2000, page 38.
"2. Strong guarantee: If an operation terminates because of an
exception, program state will remain unchanged. This always implies
commit-or-rollback semantics, including that no references or iterators
into the container be invalidated if an operation fails. . . ."
Also see <http://www.metabyte.com/~fbp/stl/eh_contract.html>
>
> > Apparently in the Booch components, if the copy goes bad, the To
> > container has been cleared and is partially written. Basic exception
> > safety (== the container is still useable) is probably supported.
>
> Yes, this is the case for the Copy operation (which is *not* the
> standard assignment operation!).
What is the standard assignment operation, then? I'm new to Ada 95. In
C++ 99, we rarely trust the compiler-defined default versions of copy
constructors and assignment operations, because they do bit-by-bit
copies.
>
> In a previous reply, I quoted the ALRM [7.6(17)] on controlled
> assignment. I must say I don't fully understand from that what is
> expected. At first (& nth) sight I don't see how one could achieve
> your idea of strong exception safety.
>
> I wonder what happens in C++ STL-based programming if operator new
> fails in the middle of things?
The constructor is rolled back, with destructors applied in reverse
order to all the data members that were successfully constructed, and
then the memory is returned to the free store. Finally, the bad_alloc
exception is thrown. Eventually a catch block for bad_alloc is
encountered as the function calls are unwound on the stack, and the
processing is done there. Or, eventually, the main function is unwound,
and the program is terminated.
--
Harry Erwin, PhD, <http://mason.gmu.edu/~herwin>
next prev parent reply other threads:[~1999-12-12 0:00 UTC|newest]
Thread overview: 29+ messages / expand[flat|nested] mbox.gz Atom feed top
1999-12-10 0:00 Safety of the Booch Ada 95 Components Harry Erwin
1999-12-10 0:00 ` Simon Wright
1999-12-12 0:00 ` Simon Wright
1999-12-12 0:00 ` Matthew Heaney
1999-12-12 0:00 ` Harry Erwin
1999-12-13 0:00 ` Simon Wright
1999-12-10 0:00 ` Matthew Heaney
1999-12-10 0:00 ` Harry Erwin
1999-12-12 0:00 ` Simon Wright
1999-12-12 0:00 ` Harry Erwin [this message]
1999-12-13 0:00 ` Simon Wright
1999-12-10 0:00 ` Hyman Rosen
1999-12-10 0:00 ` Harry Erwin
1999-12-10 0:00 ` Matthew Heaney
1999-12-11 0:00 ` Harry Erwin
1999-12-12 0:00 ` Robert Dewar
1999-12-12 0:00 ` Harry Erwin
1999-12-13 0:00 ` Kent Paul Dolan
1999-12-13 0:00 ` Robert I. Eachus
1999-12-13 0:00 ` Simon Wright
1999-12-13 0:00 ` Ted Dennison
1999-12-13 0:00 ` Hyman Rosen
1999-12-13 0:00 ` Robert I. Eachus
1999-12-14 0:00 ` Simon Wright
1999-12-15 0:00 ` Harry Erwin
1999-12-15 0:00 ` Mats Weber
1999-12-17 0:00 ` Simon Wright
1999-12-14 0:00 ` Matthew Heaney
1999-12-13 0:00 ` Tucker Taft
replies disabled
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox