Quote:Original post by Jan Wassenberg Frankly I have little interest debating the use of exceptions, especially when you only partially read what is presented and then scoff at it without understanding. But hey, let's give it a shot.

Quote:Switching this to using RAII and exceptions would look something like this:

Since you clearly haven't read the comments, let this reply address what you proposed: In your C++ version you're conveniently glossing over the complexity of, for example, making sure the file map is destroyed after the view (because the view relies on the file map). Are you going to use reference counting? [edit: code tag removed]

Quote:Actually I'm glad you brought this up, because it illustrates perfectly the point being made: it is much easier to fall flat on your ass with exception cleverness, as opposed to error codes (which may be bulky but get the job done and *are in plain sight*).

  HANDLE hfm = CreateFileMapping(h, NULL, PAGE_READ, 0, 0, NULL);
  void *pv = MapViewOfFile(hfm, FILE_MAP_READ, 0, 0, 0);

file hfm = CreateFileMapping( h , .... );
mapping pv = MapViewOfFile( hfm , .... );

boost::shared_ptr< mapping > pv = new mapping( ... );

Quote:

Quote:(ignoring the fact that I can't return an error code and an icon, another problem of error-code returns):

Easy solution: either multiplex them (e.g. if 0 is returned, call GetLastError) or return data in an OUT parameter.

Quote:

Quote:I laughed when I read this: "It's really hard to write good exception-based code since you have to check every single line of code (indeed, every sub-expression) and think about what exceptions it might raise and how your code will react to it. (In C++ it's not quite so bad because C++ exceptions are raised only at specific points during execution. In C#, exceptions can be raised at any time.)" The entire point of exceptions is that you don't have to check every single line of code's return, and deal with it by hand, as you would without.

If you don't know of Raymond Chen, that says more about you than him.

Quote:If you do and are still laughing, then you probably haven't understood what's been said. So let's have another look: with return codes, you have to make sure each function call is wrapped in a CHECK_ERR macro (discussed by Alexandrescu under another name) or similar. Compare this with exceptions, where analysis is practically impossible because even trivial code sequences have an astounding number of paths through them. In particular, construction of [temp] variables may fail, throw, and leave your calculation in limbo.

Quote:So instead of just looking for function calls and seeing that there's error handling code (direct or via CHECK_ERR), you have to think through every part of your code.

Quote:Clearly RAII alone isn't enough to save you, as shown above.

Quote:And when you revisit code, who knows if anyone even gave a thought to error handling? After all, in exception-based code, that need not be apparent.

Quote:Now where does that leave us? Exceptions are surely good in some contexts (e.g. checking if object construction went OK), but this is much more limited than their actual use (c.f. the disgrace that is Xerces' end_of_entity "exception").

Quote:I like the exception use guide presented in one of the last mails in the current thread:

Quote:

Quote:It's very easy to write good exception-based code once you know how to.

Looks like that's only true if using the Ostrich algorithm: stick_head_in_sand(). Unfortunately it really isn't that simple, or there wouldn't be entire books on the topic ;p

Quote:Original post by Jan Wassenberg
Thanks for the fork :)

Quote:

Quote:How about just having the mapping class destroy it in it's destructor?

Of course. You still haven't read all comments there; the simple RAII solution has been found lacking.

Quote:

Quote:have a hard time remembering (and correctly attributing) names.

Alrighty. Just pointing out that this blog is not a "hoax" ;)

Quote:

Quote:One can also make the guarantee not to throw. It is the fault of your library if 2 + 2 can thrown an exception, not the fault of exceptions.

This is actually one thing that sucks about C++: due to implicit conversions, that may very well be UDTs that are allocating memory/performing complex calculations, which may end up throwing. So my point is, you cannot see in this code that it's safe. Even if the requisite ops give a guarantee, you first have to navigate there and see. Now in C, 2+2 just won't blow up in your face.
yesyes, "explicit" and all, but exceptions are still a prime case of something that may blow up without being visible in the source.

Quote:

Quote:And how does directly doing it by hand, or via macro, save you from this task? For every point an exception could be thrown, there should be a corresponding error code to be checked.

Right, but those failure points are limited to function calls, as opposed to anywhere (including 2+2) when using exceptions.

Quote:

Quote://This code makes a Strong Exception guarantee.
//TODO: Check that code makes a Nothrow guarantee (e.g. add throw() to the
//function and recurse into the subfunctions until all potential throwing
//points have been verified to not throw.

That's more like it. Rather than a utopic five-liner, we now have documentation to add, RAII classes to write, and painstaking verification to do. If you end up thinking that's still better than writing straightforward macro definition+usage code, fine, but let's not misrepresent the effort involved.

template < typename value_type >class raii_scope{    value_type value;    boost::function< void ( value_type ) > cleaner;public:    raii_scope( value_type value )        : value( value )    {    }    raii_scope( value_type initial_value , boost::function< void ( value_type ) > cleaner )        : value( initial_value )        , cleaner( cleaner )    {    }    ~raii_scope( void )    {         if ( cleaner ) cleaner( value );    }    value_type & operator*( void )    {        return value;    }    const value_type & operator*( void ) const    {        return value;    }    value_type * operator->( void )    {        return &value;    }    const value_type * operator->( void ) const    {        return &value;    }};

BOOL ComputeChecksum(LPCTSTR pszFile, DWORD* pdwResult){    raii_scope< HANDLE > h( CreateFile(pszFile, GENERIC_READ, FILE_SHARE_READ, NULL, OPEN_EXISTING, FILE_ATTRIBUTE_NORMAL, NULL) , & CloseHandle );    if (*h == INVALID_HANDLE_VALUE) throw exception();    raii_scope< HANDLE > hfm( CreateFileMapping(*h, NULL, PAGE_READ, 0, 0, NULL), & CloseHandle );    if (! *hfm) throw exception();    raii_scope< void * > pv( MapViewOfFile(*hfm, FILE_MAP_READ, 0, 0, 0) , & UnmapViewOfFile );    if (! *pv) throw exception();    DWORD dwHeaderSum;    if ( CheckSumMappedFile( *pv , GetFileSize(h, NULL), &dwHeaderSum, pdwResult)) return true;}

Quote:This is exactly what I am trying to dispel. Advocates of exceptions immediately think of long if(err == ENOMEN); else if(err == ENOENT) chains when considering "manual" error handling, but really for equivalent functionality you need even uglier catch(BadAlloc) {} catch(whatever).

Quote:Rather than what you call "really easy to write" exception code (RAII, ok, but exchange-with-temp is ugly to me), really all that is needed is a simple macro around each function call.
And thereby everyone sees: this code has been checked; it handles errors; it cannot blow up in unexpected ways.

Quote:

Quote:There are entire picturebooks on the ABCs, that dosn't mean they're not simple. Less silly would be pre-algebra books. If duly motivated, I could probably write an entire book on rootbeer. Just because there's entire books on a subject, does not mean that it's not necessarily simple. Besides, you've missed that I've taken the assumption that we allready KNOW how to do it (see newly added emphisis).

Oh come on. There is a difference between picturebooks/mass-produced "literature" and technical books that are widely recognized as useful.

Quote:And the assumption that you know exception safety cold is quite a large one;

Quote:imagine the vast majority of coders and tell me you'd trust them to do that ;)

Quote:Original post by Jan Wassenberg

Quote:I read a lot of them, and used keyword search for RAII, and didn't find anyplace in the comments section where it was found lacking that appeared to have merit."

*sigh* You really could have read the whole thing, rather than skimming over it with the "exceptions are great" mind-filter in place.

Quote:With RAII you lose control over destruction order(*) and the possibility of catching errors while freeing the object.

void example_using_ifstream( void ){    std::ifstream file1( "file1.txt" );    std::ifstream file2( "file2.txt" );    file1.close(); //manually destroy the file handle} //let file2's file handle be destroyed automatically.void example_using_auto_ptr( void ){    std::auto_ptr< int > int1( new int );    std::auto_ptr< int > int2( new int );    delete int1.release(); //manually destroy int1} //let int2 be destroyed automatically.

Quote:In a dtor, there's no way you can pass on e.g. 'handle has already been freed by other buggy code'. Oops.

std::deque< std::pair< bool , const std::exception * > > unhandled_exceptions;template < typename exception_t >void my_throw( exception_t e ){    if ( std::uncaught_exception() ) unhandled_exceptions.push_back( make_pair( false , new exception_t( e ) ) );    else throw e;}my_throw( easy_to_deal_with_exception() );void handle_exception_in_example( const std::exception & e ){    try    {        throw;    }    catch( easy_to_deal_with_exception )    {        //...deal with it...    }    catch( unable_to_deal_with_exception )    {        throw; //let the higher ups deal with it    }    catch( omg_were_going_to_die_exception )    {        std::terminate();    }    try    {        std::deque< std::pair< bool , const std::exception * > >::iterator i            = std::find_if( unhandled_exceptions.begin() , unhandled_exceptions.end() ,                std::compose1(                    std::bind2nd(                        std::equal_to< bool >() ,                        false )                    } ,                    std::select1st< std::pair< bool , const std::exception * > >()                )            );        if ( i == unhandled_exceptions.end() )        {            std::for_each( unhandled_exceptions.begin() , unhandled_exceptions.end() , deletor );        }        else        {            i->first = true;            throw *(i->second);        }    }    catch( const std::exception & e )    {        handle_exception_in_example( e );    }}void example_function( void ){    try    {        ....    }    catch( std::exception & e )    {        handle_exception_in_example( e );    }}

Quote:* although in-reverse-order works in this case.

Quote:But in C, you'd simply be calling a function to get the same effect, which would blow up all the same.

Exactly, but the failure point is marked and much easier to see (no extra "can this blow up?" analysis necessary).

Quote:Behind the hood, if 2+2 is throwing an exception, it's because it's a function, and it's getting called. The only difference is the method the error is transmitted (to catching point rather than by return code) and the semantic food coloring.

Of course. Actually, the explicit syntax of checked functions is what I'm all about here.

int a = b + c;if ( LibraryGetError( LIBRARY_IMPLEMENTOR_FAILED_ELEMENTARY_SCHOOL_MATH ) ){    TauntLibraryProgrammer();}

Quote:

Quote:It's still a utopic five-liner, in usage :-).

Well, no. With RAII built in, you add the complexity and ugliness of registering cleanup functions. No more is the utopic code that didn't appear to have any error handling code at all.

raii_scope< HANDLE > h(    CreateFile(pszFile, GENERIC_READ, FILE_SHARE_READ, NULL, OPEN_EXISTING, FILE_ATTRIBUTE_NORMAL, NULL) ,    & CloseHandle );

HANDLE h ( CreateFile(pszFile, GENERIC_READ, FILE_SHARE_READ, NULL, OPEN_EXISTING, FILE_ATTRIBUTE_NORMAL, NULL) );CloseHandle( h );

Quote:

Quote:All the detail is right there, which seems to be what you want. This code is safe wheither or not any of those WinAPI functions throw, and things are cleaned up. Personally, I'd wrap it up in seperate wrappers, but this should do what you want.

Looks ok. I have no idea though why you insist on throwing in the failure cases where you could just return an error code.

Quote:Making your users catch exceptions for normal usage is just contorted and inefficient; better to provide an error code version and piggyback a throw version on top.

void VerifyChecksum( LPCTSTR pszFile, DWORD someChecksum ){    DWORD computedChecksum;    ComputeChecksum( pszFile , &computedChecksum );    if ( computedChecksum != someChecksum ) throw ChecksumsDontMatch();}void VerifyChecksumIfFileExists( LPCTSTR pszFile, DWORD someChecksum ){    if ( FileExists( pszFile ) )    {        VerifyChecksum( pszFile , someChecksum );    }}

Quote:

Quote:Only if you're actually planning on dealing with it there, and I strongly disagree that those if statements are any prettier than the catch statements. The nice thing about exceptions is that you can choose to let someone higher up the food chain of the call stack deal with them.

heh, of course you're going to have to deal with the error *somewhere*, so the ugly catch will appear. I'm surprised someone finds such syntax and the associated overhead (we're talking kernel entry, stack unwinding, lots of crap going on) prettier, but de gustibus non est disputandum.

Quote:As to letting "someone higher" deal with it, I invite you to consider how often specific error codes (beyond a general 'it failed') are actually examined by callers. Exception zealots seem to assume it happens all the time, from really deep call stacks. If that turns out to be the case, CHECK_ERR macros propagate the error with no further intervention necessary (and probably faster, too), so I don't see the advantage there.
Oh, and catch(...) in a mid-level handler prevents important hardware exceptions ("computer on fire") from reaching higher level code and the user. Hope nobody uses those.. oh wait, I see it all the time. *sigh*

Quote:

Quote:At least, it won't blow up until a single line of code that can throw is inserted into the code - which will probably eventually happen. Then you'll be stuck with the leaks of many handles.

If someone is throwing something that isn't caught, it's a bug, terminates the program immediately, and is therefore switftly corrected. Not a problem.

Quote:

Quote:As for exchange-with-temp - it's only helpful if you're going for the strong exception guarantee, really, and is much messier if you try and do without. The exact same would apply to error-code based code.

Disagree. Transactional operation is easier when you cannot be interrupted at any time.

Quote:

Quote:So's the "assumption" that I'm a 19 year old caucasian male. The only thing is, I'm not making assumptions, I know these to be true :-).

Ýou're missing the point here. You can write how you like, but I'm concerned that the vast majority of coders won't write exception-safe code.

Quote:

Quote:To what, PRACTICE exception safety? No, all I have to do is look at the ratio of bad programming books, articles, and tutorials to good, and the number of security patches Microsoft is releasing on any given day to assure myself that half the world can't program worth a ****, and they probably know it. Why should they bother with RAII and fixing memory leaks when there's more important things to focus on - like using more std::string and less of the bounds-checking-less string manipulation functions inherited from C, in an effort to reduce the number of buffer overflows introduced?

Thank you, my thoughts exactly. Since that's the case, why force a more complicated methodology on them?!

Quote:

Quote:When I say we know RAII, I mean I know RAII, and that some of the people here know RAII, and that everyone else should strive to learn RAII. If you don't know RAII, then you're going to be writing leaky code, exceptions or not.
Take the time to learn and understand RAII, it will be made worthwhile in the time saved by not having to think of every possible case that your code could prematurely exit and free every so far allocated resource in that scope.

I'm pointing out problems with RAII and you tell me to 'learn and understand it'? hm. BTW, RAII is not The One True Path. People have been writing exception (signal, interrupt, or other form) safe code for decades.

1) "Can't control destruction order" - showed example that controled destruction   order.2) "Documentation overhead is higher" - showed you an ugly RAII example.3) "Now it's ugly" - pointed out that it was only 10 characters or so longer,   and was really just as ugly as the posted code.4) "not The One True Path" - subject to opinion ;-).5) "People have been writing ___ safe code for decades" - by using RAII or being   anal-retentive, yes ;-). Out of the two, I choose the former, as it simply   takes less time.

Quote:Original post by Jan Wassenberg

Quote:The first article alone, including comments, is 32 pages long on my 1600x1200 monitor with fairly small text sizes. Reading the whole thing would entail reading every little off topic veer the commentators seem to like making, and every repeat of what's allready been said. Could you try pointing out some of the posts that underscore your point prehaps?

Ooh, that long? I read it during downtime, went fairly quickly. I've summarized the points referred to.

Quote:Lies, lies and deceptions my friend :-) (No, I'm not accusing you of lying, I just like using that phrase - but you are wrong). For a few examples against this, I give you:

My my, by now you are bending backwards pretty far. I wouldn't call that RAII anymore; closer to ScopeGuard (do something, report as finished or automatically clean up at exit). Oh BTW, raii_scope object didn't support that, did it? See how this is ballooning?

void release( void ) {    if ( cleaner ) {        cleaner( value );        cleaner = 0;    }}

Quote:

Quote:There's no way you can directly return an error code. It's valid C++, although considered bad practice by many, to throw during a destructor*.

Bad practice is mildly put. And the contortions you are going to to rescue the 'return error from dtor' thing are just amazing.

Quote:

Quote:

Quote:Well, no. With RAII built in, you add the complexity and ugliness of registering cleanup functions. No more is the utopic code that didn't appear to have any error handling code at all.

And how is this different from the ugliness of manually cleaning up yourself?

Congratulations, I am exasperated. I myself am saying that error code-style code is visible, while you are claiming "prettiness". Therefore, interesting to see you saying their ugliness is comparable :)

Quote:

Quote:

Quote:Looks ok. I have no idea though why you insist on throwing in the failure cases where you could just return an error code.

For consistancy. It's the choice between consitantly using error codes or consitantly using exceptions.

Oh saints preserve. Consistency is good, but you violate the very meaning of the word "exceptions" by treating all it-did-not-succeed conditions as such.

Quote:And let me tell you: once you actually understand how exceptions are implemented (starting with compiler tracking current objects, up to kernel SEH), you will probably have an entirely different opinion of what it means to throw one.

Quote:

Quote:<sarcasm>Because normal usage of a checksum checking function is using it on a non existant file</sarcasm>

You'd be surprised. In my current work (100 KLOC, 30 hands on deck), it is commonplace for maps etc. to refer to not-yet-created objects.

Quote:If you then crap out completely, you are wasting everyone's time until the issue is fixed (there is some question whether this approach or break-immediately is better, but that's beyond our scope here).

Quote:I'd say anything that refers to IO must be treated as likely to fail; therefore, exceptions are by definition not warranted unless it's somehow more convenient there.

Quote:The try-it-first version (VerifyChecksumIfFileExists) would work, but now we are actually running into performance problems: seeking and opening files is *slow*. Therefore, there is no way around a try-it-and-report-status version, giving the caller the freedom to decide what to do on error.

industry:/home/panda# ls -R -l / > all_files 2>/dev/null... [3 seconds pass]panda@industry:~$ wc -l all_files118040 all_filespanda@industry:~$ _

Quote:

Quote:Right, because WinAmp needs to know wheither or not my computer is on fire.

Indeed. (oh goody, sarcasm as a hedge bet, eh? ;p) When you get a bus error (memory defect), I'd want WinAmp to close gracefully and save my carefully constructed playlist, instead of having the OS nuke everything.

Quote:Now picture this: the error happens while loading an mp3, and some idiot wrapped that in a catch(...), thus preventing the SIGBUS or whatnot from reaching the top-level handler. The error is ignored, a later error probably takes down the system, my data is lost and the coder should be run of of town on a rail.

Quote:

Quote:

Quote:Not when you have to check every new block of memory you allocate to make sure you actually got it.

Disagree. Transactional operation is easier when you cannot be interrupted at any time.

*snort* You're making this out to be a problem? Disagree.
But what does it have to do with transactional programming? Just how often do you hammer your heap, anyway? (side note: thanks to my nemesis Xerces, the game does about 200k allocs during startup. When running BoundsChecker or similar, I spend 30 minutes cursing them).

void transfer( int ammount , const std::string & source_name , const std::string & destination_name ){    account & source = lookup_account( source_name );    source.cash -= ammount;    account & destination = lookup_account( destination_name );    destination.cash += ammount;}

struct transfer_failed : public std::exception {    transfer_failed( void ) throw() {}    ~transfer_failed( void ) throw() {}    const char * what( void ) const throw() { return "Transfer failure" ; }};void example_transfer( int transfer , const std::string & source_name , const std::string & destination_name ) throw( transfer_failed )

void transfer( int ammount , const std::string & source_name , const std::string & destination_name ) throw( transfer_failed ){    account * source;    account * destination;    try    {        //Do stuff that dosn't actually modify the values:        source = & lookup_account( source_name );        destination = & lookup_account( destination_name );    }    catch( account_does_not_exist )    {        throw transfer_failed();    }    source->cash -= ammount ;    destination->cash += ammount ;}

void do_actual_transfer( int ammount , account & source , account & destination ) throw(){    source.cash -= ammount ;    destination.cash += ammount ;}void transfer( int ammount , const std::string & source_name , const std::string & destination_name ){    account & source = lookup_account( source_name );    account & destination = lookup_account( destination_name );    do_actual_transfer( ammount , source , destination );}

Quote:

Quote:So far, I've seen these arguments on your part against RAII:

Correct, not sure if that's exhaustive. But ya know what? This really has been done to death (cf. another thread). If you want to use exceptions everywhere, fine. My comments on their pitfalls and when it makes sense to use error codes are apparently spoken into the wind. I only pray I don't have to use your APIs ;p

opening tags.

[Edited by - MaulingMonkey on May 18, 2005 2:07:15 AM]

Quote:Original post by daerid
This degenerated into quite possibly the most professional and polite flamewar I've ever read.