pt., 29 lis 2019 o 10:10 Peter Dimov via Boost
Andrzej Krzemienski wrote:
I suspect (I am not programming in an embedded system) that rather than relying on __builtin_trap() or std::abort(), what you do is start treating a `resize()` over `capacity()` as a precondition violation (a bug). And this causes a different programming model and the organization of your code.
That was exactly why I wrote
There's no need to afford exceptions, you just need to be able to afford the potential loss in performance, basically one branch per append if not heroically optimized away.
That is: in order to use the library as presented, you don't need to afford exceptions, but you will need to basically duplicate the same check op+= does, in user code; this may decrease performance, but will not allow a buffer overflow in case you either forgot the check or got it wrong.
This is just performance aspect. Another one is correctness checking. If a library adapted the model where over-resize is a bug, it can plant sufficient platform-specific precondition annotations for the tools to be able to detect user bugs. (e.g., when I put __builtin_unreachable() and compile with UB-sanitizer). Regards, &rzej;