David Abrahams wrote:
"Peter Dimov" <pdimov@mmltd.net> writes:
David Abrahams wrote:
[...]
Then it's almost impossible to write a reliable save function.
It's impossible to write a reliable save function regardless of that.
This just seems cryptic. What do you mean?
A save function can always fail; you can't write a reliable save function if you use "reliable" as "will succeed". If you use "reliable" as "will not invoke undefined behavior", then the exception version is reliable, the precondition version is not. I'm very surprised by this suggestion to throw on undefined behavior coming from you. You can't have it both ways. Either the behavior is defined for the problematic cases, or it isn't. If it isn't, you can't expect an exception. You can't expect anything. Corrupting the archive beyond redemption with no warning is perfectly within the specification.
How is the exception going to help?
By detecting that this particular sequence of saves (which in general depends on the structure being saved and is a runtime property) would have produced an unreadable archive.
An assertion can detect that, too.
No, an assertion does not detect anything. An assertion is an implementation detail, one particular manifestation of undefined behavior. You can't use "reliable" and "assertion" in the same sentence.