On 07-10-2013 08:49, Gavin Lambert wrote:
On 10/7/2013 6:56 PM, Quoth Matt Calabrese:
Again, if you can keep the system running in the case where you would be passing the null pointer, then it is your responsibility to do that.
I'm not disputing that.
The problem here is that to that in a world were the invariant is verified with an assertion will require every use of non_null_shared_ptr to be guarded by an if-statement explicitly checking for non-null. The whole point was to avoid that.
An exception does not "avoid" anything. The mistake is still made and it is still a bug.
[snip]
Again, in a perfect world these sorts of bugs will be caught in the debug build by the assert. But we do not live in a perfect world, and test coverage is rarely 100%.
Well, that is one of my points: even with 100% test coverage, you can't tell if UB arises at runtime when the code is running with different inputs than when you tested. This is a basic fact: 100% test coverage doesn't prove much about correctness. -Thorsten