From mboxrd@z Thu Jan 1 00:00:00 1970 X-Spam-Checker-Version: SpamAssassin 3.4.4 (2020-01-24) on polar.synack.me X-Spam-Level: X-Spam-Status: No, score=-1.3 required=5.0 tests=BAYES_00,INVALID_MSGID autolearn=no autolearn_force=no version=3.4.4 X-Google-Language: ENGLISH,ASCII-7-bit X-Google-Thread: 109fba,8acd4291c317f897 X-Google-Attributes: gid109fba,public X-Google-Thread: 103376,8acd4291c317f897 X-Google-Attributes: gid103376,public From: herwin@gmu.edu (Harry Erwin) Subject: Re: Safety of the Booch Ada 95 Components Date: 1999/12/12 Message-ID: <1e2pka4.nppns21okbh5cN%herwin@gmu.edu>#1/1 X-Deja-AN: 559836707 References: <1e2lds4.7trgj21rgj9i0N%herwin@gmu.edu> <38512921_3@news1.prserv.net> <1e2lkpj.jfhkndlca1p6N%herwin@gmu.edu> Organization: HDE Associates X-Server-Date: 12 Dec 1999 21:57:08 GMT User-Agent: MacSOUP/2.4.1 Newsgroups: comp.lang.ada,comp.lang.c++ Date: 1999-12-12T21:57:08+00:00 List-Id: Simon Wright wrote: > herwin@gmu.edu (Harry Erwin) writes: > > > Matthew Heaney wrote: > > > > > procedure Copy > > > (From : in Source_Type; > > > To : in out Target_Type) is > > > begin > > > if From'Address = To'Address then > > > return; -- do nothing, because From is same object as To > > > end if; > > > > That's missing from the code I've been looking at. > > Yes, a clear defect, logged. That's the feedback I needed. Thanks. > > > Strong exception-safety == supports commit/rollback semantics. > > Is that a standard definition? Herb Sutter, Exceptional C++, Addison-Wesley, 2000, page 38. "2. Strong guarantee: If an operation terminates because of an exception, program state will remain unchanged. This always implies commit-or-rollback semantics, including that no references or iterators into the container be invalidated if an operation fails. . . ." Also see > > > Apparently in the Booch components, if the copy goes bad, the To > > container has been cleared and is partially written. Basic exception > > safety (== the container is still useable) is probably supported. > > Yes, this is the case for the Copy operation (which is *not* the > standard assignment operation!). What is the standard assignment operation, then? I'm new to Ada 95. In C++ 99, we rarely trust the compiler-defined default versions of copy constructors and assignment operations, because they do bit-by-bit copies. > > In a previous reply, I quoted the ALRM [7.6(17)] on controlled > assignment. I must say I don't fully understand from that what is > expected. At first (& nth) sight I don't see how one could achieve > your idea of strong exception safety. > > I wonder what happens in C++ STL-based programming if operator new > fails in the middle of things? The constructor is rolled back, with destructors applied in reverse order to all the data members that were successfully constructed, and then the memory is returned to the free store. Finally, the bad_alloc exception is thrown. Eventually a catch block for bad_alloc is encountered as the function calls are unwound on the stack, and the processing is done there. Or, eventually, the main function is unwound, and the program is terminated. -- Harry Erwin, PhD,