Re: [boost] [review] Review of Outcome v2 (Fri-19-Jan to Sun-28-Jan, 2018)

2018-01-31 18:21 GMT-03:00 Emil Dotchevski via Boost :

- Making some or all control paths explicitly detailed to aid code correctness auditing, as opposed to having hidden control paths caused by exceptions potentially thrown from any place.

This is one of these axiomatic beliefs that need to be substantiated instead. It is simply not true that code that uses exception handling ("hidden control paths") is more difficult to audit or more prone to errors. In my experience it's the other way around: people who don't use exceptions are not serious about error handling; they're the ones who also need advanced logging libraries to help them figure out what went wrong _this_ time around.

It's like arguing that RAII doesn't help with resource freeing and this is just axiomatic belief. How pushing a "I forgot to do proper error handling" to compile time errors becomes "this is just axiomatic belief and helps no-one"? During this same review, Andrzej Krzemienski noted an improper exceptions handling of exceptions in the swap function: Also, it is possible that while reswapping, another exception will be

thrown. In general, you cannot guarantee the roll-back, so maybe it would be cleaner for everyone if you just declared that upon throw from swap, one cannot rely on the state of `result`: it should be reset or destroyed.

Should we remember the variant saga maybe[1][2]? These are not isolated cases. They keep happening. How do you see that? The people who made these mistakes or took years to solve some of them are too dumb and can't use exceptions? What about every beginner C++ programmer? You'll push all these cases to compile-time errors. Even expert C++ programmers will make mistakes one time or another. Meanwhile, I haven't seen any error remotely similar to these ones in Rust. Is this information incorrect? If this information is true, how is this axiomatic belief? I see a few concrete cases, one of them happened right in these last days on the Boost mailing list review. All hidden paths and a mistake was made. No amount of testing in Boost.Outcome has detected them. But then it is you who is arguing: It is simply not true that code that uses exception handling ("hidden

control paths") is more difficult to audit

Can you show me _any_ code using Result-like error handling that had problems that made people as smart as the C++ committee take so much time just to design a variant? Because any Rust programmer will design a variant like this: enum Either { Left(A), Right(B) } What happened here? I designed a variant in less than 10 seconds as robust as the C++ variant which required effort by many people and wasn't designed nearly as fast as this one. Could you go into these concrete cases and tell me what I'm not seeing? The only mistake you can do is forget to check if a value is contained before accessing such value. I'll find this easier to audit anytime. And the operator TRY will make it even easier. In Rust, it is not even possible to make this mistake. Most of the possibly dangerous behaviour became compile time errors. The rest may be subjective, but we have plenty of clues that exception handling is not that great to say the least. My axiomatic belief here: compile time errors are easier to manage. [1] http://davidsankel.com/c/a-variant-for-the-everyday-joe/ [2] https://isocpp.org/blog/2015/11/the-variant-saga-a-happy-ending -- Vinícius dos Santos Oliveira https://vinipsmaker.github.io/