Wednesday, September 21, 2005

Levels of exception-safety

There can be levels of exception safety requirements from a class/component/method:

* The basic exception guarantee: The invariants of the component are preserved, and no resources are leaked in the face of an exception.

* The strong exception guarantee: The operation has either completed successfully or thrown an exception, leaving the program state exactly as it was before the operation started. (commit-or-rollback semantics.)

* The no-throw exception guarantee: The operation will not throw an exception.

* The exception-neutrality: In a generic component, we usually have an additional expectation of exception-neutrality, which means that exceptions thrown by a component's type parameters (template parameter) should be propagated, unchanged, to the component's caller.


Tuesday, September 20, 2005

destructors and exceptions

This is a small part of the discussion going on writing exception safe code in C++ especially for large C++ programs such as ACE/TAO library/frameworks. This snippet is extracted from tens of emails on the topic on the devo-group mailing list of DOC (Distributed Object Computing) group. A major part of this reply was given by Carlos O'Ryan, former student of Dr. Doug Schmidt, a famous CORBA expert.

>> Either use C++ exceptions to propagate errors from constructors

I agree with that.

>> or don't do anything in constructors that can fail and put all such
>> activities in an open() method.

Unfortunately that does not jive well with RAII, a very important C++

>> "Swallow errors in destructors".

This is something I always feel queasy about. Yes, I understand why
destructors should not fail (which is a stronger requirement than not
raising exceptions.) However, destructors can and will fail when
dealing with OS resources (or even worse, distributed resources.) What
is one to do?

I think it is a case where a blanket statement is inappropriate. The
developer must choose between equally bad alternatives, and pick the
right one in the context. We all understand that it is impossible to
provide the strong exception guarantee (or the weak one for that matter)
if some destructors can fail. However, in long running systems, errors
can and do happen. At the very least one should provide enough logging
for post-mortem analysis. If you blindly swallow the errors in the
destructor your application will not be supportable in the field. If
you let the exceptions propagate then you cannot offer the strong
exception guarantee. Logging the problems is tempting, but logging is
not always available or appropriate (what if the error was detected
while disconnecting from your logging service or closing the logging

One should remember why the exception guarantees are desirable. They
simplify the analysis of the program. It is easier to convince oneself
that the system will remain in a consistent state if the transitions
either succeed or fail. One can, however, perform more detailed
analysis when an exception is raised and still argue that the system is

The trick is for libraries like ACE or TAO. In such libraries it is
impossible to know what the right action is, because it depends on the
context. I would suggest that using hooks is the only viable
alternative in such cases.

Sunday, September 18, 2005

Pattern "View" of good old things

This time I am trying to define my understanding of some non-GOF patterns in as few words as possible. You can read <===> mapping as "more or less similar to"

Wrapper Facade <===> Data abstraction and encapsulation
Leader/Follower pattern <===> Thread pool
Evictor pattern <===> Object pool (object cache with a replacement strategy)
Component Configurator pattern <===> dlopen/dlsym dynamic link library API

Friday, September 16, 2005

C++ Standard Library Extensions

C++0x standard will expand the C++ standard library in various ways. The C++ Standardization Committee has identified 14 new sets of library functionality
almost certain to be included in the next standard for C++. (C++0x could be
as far as 2009 in the future)

Soon after these are formally included in standard C++, we shall see a slew
of (good) books published by several big names in C++ community.

* Reference Wrappers
* Smart Pointers
* Function Return Types
* Member Pointer Adapters
* Function Object Binders
* Polymorphic Function Wrappers
* Metaprogramming and Type Traits
* Random Number Generation
* Mathematical Special Functions
* Tuple Types
* Fixed Size Array
* Unordered Associative Containers (Hash Tables)
* Regular expressions
* C Compatibility

Detailed description can be found here:
SRC: Scott Meyer

Thursday, September 15, 2005

Factory Method and Automatic Pointers

In general when a factory method returns an instance of the created object, in C++, it is a pointer to a dynamically created memory or a resource.

Resource* factory(); // allocates dynamically

Factory method pattern does not talk about the lifetime of the object it creates. It depends upon the caller of the factory to release the resource. It can do better here. A factory method can act smarter by returing the dynamically allocated pointer by wrapping it in an automatic pointer (auto_ptr).

auto_ptr <Resource> factory(); // allocates dynamically

Returning an automatic pointer strongly indicates ownership transfer as well as
takes care of releasing the resource.

auto_ptr <Resource> rtemp;
rtemp = factory();
} // rtemp freed here automatically even in the face of exceptions!!
SRC: Scott Meyers