śr., 4 gru 2019 o 23:13 Emil Dotchevski via Boost
On Wed, Dec 4, 2019 at 6:14 AM Andrzej Krzemienski via Boost < boost@lists.boost.org> wrote:
These goal 3 is in clear conflict with either 1 or 2. This becomes clear when we consider what should be the response to doing a resize() over capacity(): a precondition violation or a normal course of action signaled by an exception.
The severity of buffer overrun bugs should be considered in this case, as well as the overhead of checking and calling boost::throw_exception. Under -fno-exceptions, this is literally a single cmp instruction. I can't imagine a C++ program where this would matter, but if one exists, I can't imagine it would be using a universal fixed_string type. The correct design is to check and call boost::throw_exception, rather than assert.
I tend to agree; especially that the library originated from Beast where it may be even facing the outside world directly. What I would expect of documentation to state it clearly in the design goals section: 1. Overrunning capacity() is not a bug but a normal usage of the library. In this case we guarantee that an exception is thrown, much like std::string does. 2. This design decision is opposite of what `static_vector` chose, so do not be misled by an apparent similarity. Note that the motivation -- in the alternate design (which neither of us wants for fixed_string) -- for having a precondition violation rather than guaranteed throw is safety: not performance. Regards, &rzej;
_______________________________________________ Unsubscribe & other changes: http://lists.boost.org/mailman/listinfo.cgi/boost