On 5/12/2019 03:14, Andrzej Krzemienski wrote:
Making a resize() over capacity() a precondition violation is a *feature* useful for bug detection and I do not consider it a valid argument that "library will throw exceptions and if you never resize() over capacity() you will never see exceptions or std::abort()". If this is a precondition, then I expect of a library to put some BOOST_ASSERT() or _builtin_unreachable() in those paths to enable better bug detection.
I see this argument a lot, and it confuses me. Perhaps this is my Windows dev background talking (since the analysis tools seem more lacking on Windows, despite having a better debugger), but in my experience it is vastly easier to find a thrown exception than to find "deliberate" UB (including asserts). And vastly easier to log that it unexpectedly occurred in production code in the field, so that you can detect and fix it without a debugger attached to the process. Asserts and unreachables both disappear in release builds, so the process ends up continuing to run in some subtly corrupted way -- if you're lucky it crashes soon after in an unrelated location that takes you weeks to track down the true cause. If you're unlucky, it runs longer, and corrupted some customer data along the way. Please enlighten me.