On 13/04/2019 16:33, Peter Dimov via Boost wrote:
Niall Douglas wrote:
I just do not understand the antipathy here to a double-buffered-by-default design, and thus the strong guarantee can be easily made, rather than a worse-than-useless basic guarantee which is only technically valid, but is certainly surprising.
First off, the basic guarantee isn't worse than useless, it's the minimum standard that every non-broken component must meet, and everyone who argues otherwise isn't worth listening to.
Sorry, that's the wrong bunching of my words (my fault). What I specifically meant was "worse-than-useless choice of implementation by variant2 of the basic guarantee which is only technically valid, but is certainly surprising". So, to be clear here, my issue is with *your* choice of how to meet the basic guarantee. I think you're ticking the box technically, breaking the guarantee in spirit.
What happens here is that on the last line, `v` on the left owns the `X` value on the right. So when the implementation first destroys the old contents of `v` to make room for the new `X`, the right hand side is destroyed, and then undefined behavior occurs when we try to copy it into `v`.
I'd re-recommend my original advice that you ship a double buffer variant, and a single buffer variant, and let the user choose when they want to use which. The documentation ought to recommend to the double buffer variant as the correct default choice. And document the many tradeoffs, including far-too-easy-to-do-UB, randomly permuting state (another source of bugs), etc in the single buffer variant. In other words, single buffer variant is a power users choice, not to be chosen without caution. Niall