David Abrahams wrote:
Pavol Droba <droba@topmail.sk> writes: [...]
" Exception Safety
The library requires that all operations on types used as template or function arguments provide the basic exception guarantee. In turn, all functions and algorithms in this library, except where stated otherwise, will provide the basic exceptions guarantee.
I hope not. There should be no instance in which you don't provide the basic guarantee.
The idea is that the library may offer some other guarantee instead of the basic guarantee.
Fundamentally you don't have to say any of what's in that paragraph, though I don't mind it in principle. By definition, you *can't* break invariants. Unless you explicitly say you're going to leak resources, the client has a right to expect you won't, even in the face of exceptions. Nothing gives the client license to break imposed requirements, even in the face of exceptions.
Well, considering that many programmers don't even know how to talk about exception safety, I don't think it hurts to have a reminder that if the library behaves in an exception-unsafe way, it's the user's fault.
[...] I would either throw out this whole thing or rewrite it as follows:
The library maintains its invariants and does not leak resources in the face of exceptions. Some library operations give stronger guarantees, which are documented on an individual basis.
Ah, but you yourself have said that the guarantees do not form a hierarchy, so there is no proper notion of "stronger" with respect to them. ;) Pretty easy to say it that way though, huh? Anyway, I would say that many libraries do *not* offer the basic guarantee, and that the value in saying so is that it indicates the author has considered the issue and certifies that the library is minimally exception-safe. Saying that it maintains its invariants instead of saying that it gives the basic guarantee does not convey the right message, in my opinion, because many programmers obviously do not feel a need to maintain invariants in the presence of exceptions (or they would write more exception-safe code). Dave