Skip to main content

destructors and exceptions

This is a small part of the discussion going on writing exception safe code in C++ especially for large C++ programs such as ACE/TAO library/frameworks. This snippet is extracted from tens of emails on the topic on the devo-group mailing list of DOC (Distributed Object Computing) group. A major part of this reply was given by Carlos O'Ryan, former student of Dr. Doug Schmidt, a famous CORBA expert.

>> Either use C++ exceptions to propagate errors from constructors

I agree with that.

>> or don't do anything in constructors that can fail and put all such
>> activities in an open() method.


Unfortunately that does not jive well with RAII, a very important C++
idiom.


>> "Swallow errors in destructors".
>>


This is something I always feel queasy about. Yes, I understand why
destructors should not fail (which is a stronger requirement than not
raising exceptions.) However, destructors can and will fail when
dealing with OS resources (or even worse, distributed resources.) What
is one to do?

I think it is a case where a blanket statement is inappropriate. The
developer must choose between equally bad alternatives, and pick the
right one in the context. We all understand that it is impossible to
provide the strong exception guarantee (or the weak one for that matter)
if some destructors can fail. However, in long running systems, errors
can and do happen. At the very least one should provide enough logging
for post-mortem analysis. If you blindly swallow the errors in the
destructor your application will not be supportable in the field. If
you let the exceptions propagate then you cannot offer the strong
exception guarantee. Logging the problems is tempting, but logging is
not always available or appropriate (what if the error was detected
while disconnecting from your logging service or closing the logging
file?)

One should remember why the exception guarantees are desirable. They
simplify the analysis of the program. It is easier to convince oneself
that the system will remain in a consistent state if the transitions
either succeed or fail. One can, however, perform more detailed
analysis when an exception is raised and still argue that the system is
safe.

The trick is for libraries like ACE or TAO. In such libraries it is
impossible to know what the right action is, because it depends on the
context. I would suggest that using hooks is the only viable
alternative in such cases.

Comments

Anonymous said…
What do you mean by "strong exception guarantee"?
Anonymous said…
Exciting blog. Your site was amazing and will be
back again! I never get tired of looking for blogs
just like this one.
Check out my blog, please!
thanks you!
gclub

Popular Content

Unit Testing C++ Templates and Mock Injection Using Traits

Unit testing your template code comes up from time to time. (You test your templates, right?) Some templates are easy to test. No others. Sometimes it's not clear how to about injecting mock code into the template code that's under test. I've seen several reasons why code injection becomes challenging. Here I've outlined some examples below with roughly increasing code injection difficulty. Template accepts a type argument and an object of the same type by reference in constructor Template accepts a type argument. Makes a copy of the constructor argument or simply does not take one Template accepts a type argument and instantiates multiple interrelated templates without virtual functions Lets start with the easy ones. Template accepts a type argument and an object of the same type by reference in constructor This one appears straight-forward because the unit test simply instantiates the template under test with a mock type. Some assertion might be tested in

Covariance and Contravariance in C++ Standard Library

Covariance and Contravariance are concepts that come up often as you go deeper into generic programming. While designing a language that supports parametric polymorphism (e.g., templates in C++, generics in Java, C#), the language designer has a choice between Invariance, Covariance, and Contravariance when dealing with generic types. C++'s choice is "invariance". Let's look at an example. struct Vehicle {}; struct Car : Vehicle {}; std::vector<Vehicle *> vehicles; std::vector<Car *> cars; vehicles = cars; // Does not compile The above program does not compile because C++ templates are invariant. Of course, each time a C++ template is instantiated, the compiler creates a brand new type that uniquely represents that instantiation. Any other type to the same template creates another unique type that has nothing to do with the earlier one. Any two unrelated user-defined types in C++ can't be assigned to each-other by default. You have to provide a

Multi-dimensional arrays in C++11

What new can be said about multi-dimensional arrays in C++? As it turns out, quite a bit! With the advent of C++11, we get new standard library class std::array. We also get new language features, such as template aliases and variadic templates. So I'll talk about interesting ways in which they come together. It all started with a simple question of how to define a multi-dimensional std::array. It is a great example of deceptively simple things. Are the following the two arrays identical except that one is native and the other one is std::array? int native[3][4]; std::array<std::array<int, 3>, 4> arr; No! They are not. In fact, arr is more like an int[4][3]. Note the difference in the array subscripts. The native array is an array of 3 elements where every element is itself an array of 4 integers. 3 rows and 4 columns. If you want a std::array with the same layout, what you really need is: std::array<std::array<int, 4>, 3> arr; That's quite annoying for