On 16/01/2017 10:47, Gonzalo BG wrote:

Hi Niall,

I wanted to invest 5-10 minutes into learning the library and this is my feedback about the tutorial. The tutorial is too long, and it goes too deep into unnecessary details, and it does not teach me properly how to do the basic things with the library (in the default configuration). The reasons are the following:

That's really great and detailed feedback. I also got some good feedback from SG14. I'll take a third attempt at rewriting the documentation. It's lucky I'm currently out of contract, phew ... Regarding specific points of yours:

- Examples that show how to use the whole API of result/outcome, composition (error values, functions chaining errors, ...), ... for dealing with optional values and doing error handling! (which is the raison-d'etre of the library)

I had one of these in the first write of the tutorial where I had taken a real world actual use case of Outcome and reduced it to a minimum standalone snippet. Feedback from here said it was too complicated, too long and needed to be removed, so I deleted it. I think what you're asking for is cookbook of common use case sequences? I'll see what I can do on that.

- Remove any mention of optional since it raises too many questions (another optional type in Boost? why can't Boost.Optional be improved? ...)

Given feedback from elsewhere, I think sadly I'm going to have to drop the monadic programming support too. Too many people want a Hana style monad, and I have no personal need for one of those especially when said people should just go use Hana. I'll leave the implementation in the code which can be enabled with a macro, but drop any mention of monads completely from the docs. It's a shame though. The monadic programming API is way better than Expected's. Much nicer to write against. But it's hard on the compiler, and its limitations will disappoint many keen on monadic programming. As with Expected, it probably needs to disappear entirely to pass a peer review here.

I hope the feedback helps, and sorry if it sounds harsh. As an error handling solution, how to use the library to do error handling can probably be explained in full with examples in 1-2 pages, mainly because the API is both simple and nice. The current tutorial does not reflect this but with more time you can probably make it do so.

Thank you so much for the feedback. I'll try a third rewrite. Please God let the third time be lucky, writing documentation seems to never end ... Niall -- ned Productions Limited Consulting http://www.nedproductions.biz/ http://ie.linkedin.com/in/nialldouglas/

...

Many thanks in advance for any feedback received.

I intend to review the docs again. So far I had only a glimpse at the initial page, and it really looks good. I was now able to grasp the idea of the library in less than a minute.

Cool. The simplest primitives are often the hardest to convey the use case for.

One thing I wanted to bring up immediately, is not really related to your library but to a detail in the example. It uses `noexcept` to illustrate that the function does not throw itself:

``` bo::outcome<int> getConfigParam(std::string name) noexcept; ```

I strongly believe that this is the wrong thing to do (or at least controversial) to annotate a function that can fail-but-not-throw as noexcept. It is more in the spirit of noexcept intentions to indicate a no-fail guarantee rather than the no-throw guarantee.

I have provided the justification for this claim in the following post: https://akrzemi1.wordpress.com/2014/04/24/noexcept-what-for/

And conversely, only because you guarantee that a given function never throws, it does not immediately imply that a function should be declared as noexcept.

I think that your example would not suffer if the noexcept is removed. It still does the good job of illustrating the intent. But you would avoid certain controversies that might divert the reader's attention from the main point.

Most of what you write in your blog I would generally agree with and you saved Outcome from a design mistake in https://akrzemi1.wordpress.com/2014/12/02/a-gotcha-with-optional/. But regarding https://akrzemi1.wordpress.com/2014/04/24/noexcept-what-for/ I think you're wide of the mark, and actually because I recognise that your opinion is not uncommon, it's one of the reasons why the tutorial bangs on about error handling in C++ in such lengthy detail plus presenting the error handling design patterns in does in such hand wavy and superlative language terms. Indeed I *am* trying to sell something, and it is the enormous value of making all your extern APIs noexcept which I call "sea of noexcept, islands of throwing" in the tutorial. Quoting your blog post:

Why do you need to know?

Is this an important information for you if a given function may throw or not? If so, why? Some possible answers include the following:

1. Because if it throws and I do not catch it, std::terminate will be called and I do not want this to happen.

2. Because I need this function to provide no-throw exception safety guarantee.

3. Because this may allow certain compiler optimizations.

I agree with you that answers 1 and 3 ought to be discounted for the large majority of C++ programmers. If you are using noexcept for those reasons, then don't because it's a lousy solution to not the problem you think you have. About answer 2 you say:

If your motivation is (2), noexcept will also not help you much. Suppose you detect that the function is not declared as noexcept, what do you do? Don’t use it? It may still not throw exceptions. A function can throw nothing and still be declared noexcept(false). This is the case for the std::swap specialization for STL containers: following the recommendation from N3248 it is guaranteed not to throw, but is declared noexcept(false). For this reason, the example I gave in my other post with function nofail_swap is wrong. It doesn’t take into account that swap on STL containers is no-fail. You cannot check the no-fail or no-throw guarantee with a compile-time expression, because in some cases it is just announced informally in the documentation.

Also, if a function is declared noexcept it can’t throw, but it can call std::terminate. Do you consider this behaviour suitable for a component that is supposed to be “exception safe”?

Here is where I think you've missed the beat. In everything you say above you are 100% correct. noexcept has a lousy, poorly thought through implementation in C++ and it shows every bit of having been tacked on at the last minute in the C++ 11 standard, and I said so at the time to anyone who would listen in 2010. But do you see that the lousy implementation has nothing to do with this:

2. Because I need this function to provide no-throw exception safety guarantee.

Your argument against using noexcept to make a function provide a no-throw exception safety guarantee was all about the lousy implementation of noexcept, and nothing about whether explicitly guaranteeing that calling some function will not invert control flow is a good or bad thing. You are absolutely right that marking a function with noexcept means it simply adds a call to std::terminate which is usually not what the programmer intended. That's that lousy implementation again, not least that this stupid piece of code: void somehow_this_is_not_a_compile_failure() noexcept { throw "foo"; // i.e. std::terminate() } ... is legal, and worse, many compilers don't even warn, you need to run clang-tidy on it to get any indication of this being very unlikely to be what the programmer intended. But that's a problem for the library implementor, and a very different viewpoint arrives at the library *user*. One of the main reasons you'd want to use Outcome is because *you really don't want control flow to invert most of the time*. There is a lot of buy in for this amongst SG14 members and others with really big C++ codebases, but for STL maintainers and Boost devs it is not as widely appreciated how much more costly debugging and maintaining multi translation unit code which can invert control flow is. That said, there is recognition even amongst the hardcore of SG14 members that being able to use the standard STL rather than the EA custom STL more frequently would be useful, so if one could create small, localised islands where exception throws can happen just within that translation-unit-local island then one could use the STL just within that island. The island is then guarded by a catch all try catch because you can't safely have anything else in a noexcept function. This leads to the "sea of noexcept" design pattern described in the Outcome tutorial which is: extern outcome<void> some_public_api() noexcept; ... outcome<void> some_public_api() noexcept { try { ... STL using code ... return {}; // return empty outcome } catch(...) { // return exceptioned outcome, defaults to using std::current_exception() return make_exceptional_outcome<>(); } } All the above requires some programmer discipline, but I would argue much less programmer discipline than writing exception safe code which is correct and bugfree. Also, the tooling will catch up. clang-tidy is getting better at warning you when you forget the catch all try catch wrapping a noexcept function. I also intend, at some point, to add Outcome-awareness to clang-tidy so you'll get a much harder error if you leak exceptions out of an outcome returning noexcept function. Or, in other words, by returning outcomes the programmer really does not intend exception throws to be aliased into std::terminate() for them by the compiler. Finally back this statement of yours:

I strongly believe that this is the wrong thing to do (or at least controversial) to annotate a function that can fail-but-not-throw as noexcept. It is more in the spirit of noexcept intentions to indicate a no-fail guarantee rather than the no-throw guarantee.

On this I think you're just plain wrong. noexcept has a very specific meaning on an API for the *users* of that API: calling this API will not invert control flow. Not EVER. And you can write code calling it assuming that in the strongest sense possible. It does NOT mean that the function cannot fail. The reason why is the heritage from C. Any C function does not throw exceptions, yet they definitely can fail. I would say most C++ programmers would agree therefore that marking a function with noexcept means "no exceptions", not "no failures". So, tl;dr and all that, I agree with your opinion if I'm wearing my library developer's hat. I disagree with you if I'm wearing my library user's hat. Hopefully all that above actually made some sense. Niall -- ned Productions Limited Consulting http://www.nedproductions.biz/ http://ie.linkedin.com/in/nialldouglas/

...

Finally back this statement of yours:

...

I strongly believe that this is the wrong thing to do (or at least controversial) to annotate a function that can fail-but-not-throw as noexcept. It is more in the spirit of noexcept intentions to indicate a no-fail guarantee rather than the no-throw guarantee.

On this I think you're just plain wrong. noexcept has a very specific meaning on an API for the *users* of that API: calling this API will not invert control flow. Not EVER. And you can write code calling it assuming that in the strongest sense possible. It does NOT mean that the function cannot fail.

The reason why is the heritage from C. Any C function does not throw exceptions, yet they definitely can fail. I would say most C++ programmers would agree therefore that marking a function with noexcept means "no exceptions", not "no failures".

So, tl;dr and all that, I agree with your opinion if I'm wearing my library developer's hat. I disagree with you if I'm wearing my library user's hat. Hopefully all that above actually made some sense.

I am confused about the usage of term "inversion of control" in the context of throwing exceptions. Maybe I am missing something obvious; but what do you mean when you say that "calling noexcept never causes an unexpected inversion of control"?

"control flow" not control. So, for example, if I call a noexcept function, I am *guaranteed* that the statement after the function call will be executed [1] (or the program is no longer running). That means I can dispense with using RAII to trap control flow inversion etc. That means fewer execution paths to check for validity and to rationalise during maintenance and peer review. Niall [1]: Actually there is a subtle trap in noexcept functions which return types without noexcept move constructors because while the function may not invert control flow, the _statement_ may invert control flow. And programmers tend to think in terms of statements, not the branch points which make up each statement. Again, only if the damn ISO standard required compilers to refuse to compile functions which could throw exceptions inside a noexcept execution context ... -- ned Productions Limited Consulting http://www.nedproductions.biz/ http://ie.linkedin.com/in/nialldouglas/

...

Again, only if the damn ISO standard required compilers to refuse to compile functions which could throw exceptions inside a noexcept execution context ...

I disagree here. In many applications I would consider functions noexcept even when they can, in theory, throw. Best example is "out of memory" aka "pc lit on fire". Exception handling of rare exceptions is probably among the least tested control paths, so I would often rather terminate in the case of an "unexpected exception" than go on and gamble whether my exception handling is going to die trying to overwrite my last good program state on disk.

Therefore, compiler noise like that would probably lead to random

try{...}catch(...){}

inside all noexcept functions rather quickly.

An absolutely valid point. One of the big reasons for using something like Outcome is so one can segment really serious "this is totally unexpected" type errors like bad_alloc from the routine errors. However the point was about the quality of implementation of noexcept in C++ 11. Most on the C++ committee did (and do) not see the inversion of execution flow as anything special. They consider it as just another execution path, and hence noexcept got the unhelpful spec it did. One thing I felt noexcept really lacked was defaulting to noexcept(auto) which means "this function gets noexcept from the things it could potentially call" i.e. if everything it could call is noexcept, it too becomes noexcept and all extern "C" functions automatically get noexcept(true) applied to them. Then the compiler could examine all functions called from a noexcept(true) function and error out if you ever call anything which deduces to noexcept(false) or is noexcept(false). This behaviour would be much more useful than the present situation in persuading people to write their code correctly. I did raise this proposal with a senior committee member once and I was told that the showstopper to that idea was the STL which would have needed many breaking changes. And now C++ 17 has resurrected dynamic exception modifiers i.e. throws(int) is back, I guess the ship has sailed and we're stuck with what we've got. Niall -- ned Productions Limited Consulting http://www.nedproductions.biz/ http://ie.linkedin.com/in/nialldouglas/

2017-01-25 14:56 GMT+01:00 Niall Douglas :

If your irritation is now improved, what do you think of the new and completely rewritten for a third time tutorial part A at https://ned14.github.io/boost.outcome/md_doc_md_02-tutorial_a.html. Part A is 100% a tutorial on LEWG Expected and has nothing to do with Outcome at all. Part B will be on why you shouldn't do all the things you think you should do with expected, and why to use Outcome instead. Part B is still a work in progress.

Ok, so I had a short glimpse at Part A. Actually, the first thing I did was to scroll down to the example showing how I will be using this library. Again, I feel uncomfortable about the choice of the example (so I changed the irritation into non-comfort). The situations that are tested, I would classify them as precondition violations, and I wouldn't think of checking them in return value. If this was a real program, and I didn't trust the values of x and y, I can check the preconditions prior to invoking functions: ``` double op(double x, double y) { if (y == 0.0) // or "close { std::cerr << "PANIC: MatchResult::DivisionByZero" << std::endl; std::terminate(); } double ratio = unchecked::div(x, y); if (ratio < 0.0) { std::cerr << "PANIC: MatchResult::NegativeLogarithm" << std::endl; std::terminate(); } double ln = unchecked::ln(ratio); if (ln < 0.0) { std::cerr << "PANIC: MatchResult::NegativeSquareRoot" << std::endl; std::terminate(); } return checked::sqrt(ln); } ``` I mean, if it is equally easy to check the condition before and after the function, it is better to do it before, and I do not have to "pollute" the return value with potential error conditions. I think the value of these expected<> types becomes clear, when we cannot see the erroneous situation from the arguments. Maybe a better illustration of expected<> with a code would the following situation: Upon closing the application, I store its state in a text file. When I reopen the application the next time, I load the state from the file. Here is the function: expected state = load_state(); And now, the error conditions are: * file missing * file is not a text file * file contains erroneous contents And I might want to respond to each of these conditions in a different way. Regards, &rzej;

2017-01-26 12:15 GMT+01:00 Niall Douglas :

On 25/01/2017 16:22, Andrzej Krzemienski wrote:

...

Ok, so I had a short glimpse at Part A. Actually, the first thing I did was to scroll down to the example showing how I will be using this library. Again, I feel uncomfortable about the choice of the example (so I changed the irritation into non-comfort). The situations that are tested, I would classify them as precondition violations, and I wouldn't think of checking them in return value. If this was a real program, and I didn't trust the values of x and y, I can check the preconditions prior to invoking functions:

I couldn't agree more. It's an example of bad design and programming. But I had at least five people email me saying "please put the Rust example of use of Result side by side with an example of C++ Expected".

Wow. Indeed Rust docs do it. This is what you are referring to: http://rustbyexample.com/std/result.html This example doesn't do good service to Rust, does it?

...

I mean, if it is equally easy to check the condition before and after the function, it is better to do it before, and I do not have to "pollute" the return value with potential error conditions. I think the value of these expected<> types becomes clear, when we cannot see the erroneous situation from the arguments. Maybe a better illustration of expected<> with a code would the following situation:

Upon closing the application, I store its state in a text file. When I reopen the application the next time, I load the state from the file. Here is the function:

expected state = load_state();

And now, the error conditions are: * file missing * file is not a text file * file contains erroneous contents

And I might want to respond to each of these conditions in a different way.

The first version of the tutorial had a reduced real world use example from AFIO's implementation of opening a file where we perform a series of syscalls and do different stuff depending on the result<T>'s returned. Everybody hated it, they said it was too confusing. Yet in fact the use of result<T> has *greatly* simplified that code. In AFIO v2 it's merely dozens of lines, in AFIO v1 it was approaching a thousand lines so the use of Outcome has been a big improvement in readability and maintainability.

I suspect people want contrived toy examples rather than examples of what you'd actually write. I remember thinking the same about the ASIO tutorial, and I personally speaking found the ASIO tutorial so reduced in real world detail as to be confusing at best, productivity damaging at worst. You end up having to grok through the ASIO source code to figure out answers to stuff. Not a good tutorial.

I think, what other libraries do is to put real-life practical examples as source code in `examples` folder. You can compile and run them to verify if they are really correct, and you can also see how to get headers and namespaces right.

So I'm really not sure what to do. I've slowed down the pace of the tutorial several fold over the original now to the point where it's become anodyne. I've reduced the length of the code examples so they always fit onto a screen because according to feedback anything longer than a single screen is "too long". I've also ramped up the frequency of code examples because my prose is "too confusing" and "you need lots more C++ code examples". But all this hand holding comes with the cost that the code examples become really contrived, and the tutorial has become so long it needs three parts, which is frankly ridiculous for something so simple as a slightly enhanced std::optional<T> with a bit of std::variant<...> muxed in. I really don't get what's so hard here, just throw std::optional and std::variant into a bowl and apply a blender. All the APIs and semantics stay the same and there are no surprises in behaviour, it's all STL idiomatic. You're done.

LOL. This indeed must be very frustrating. The expectations of different people are just contradictory. The way you put it now, "a slightly enhanced std::optional<T> with a bit of std::variant<...> muxed in", is in fact a quite simple and illustrative description of the library. Maybe the problem here was with how this library was initially introduced: as "monads" and "transports".

I'm still aiming to end Tutorial part C with a real world code example that is actually realistic and taken from actual use case. It will, necessarily, span multiple screens. But I suspect I won't be allowed anything but daft examples in the middle. Sorry.

When I first learned about Boost. I was amazed by the documentation the libraries offer. Quite a number of the libraries has a very nice documentation, which describe not only the library, but also the problem domain the library addresses, why the alternatives are inferior. I learned quite a lot about type safety, generic programming, exception safety, and C++ in general only from reading Boost docs. I have also learned a number good idioms and programming practices. It would be a shame if the library shows in the tutorial page (one of the first we read) an example of a bad programming practice. Some people my get the message that this is how we encourage you to write your code. If someone wants to have a comparison with a poor but popular Rust example, I do see value in it, but maybe not as the flag example of your library. Maybe put it somewhere further, in section dedicated to Rust users. I know people come from different backgrounds and with different preferences. Mine is: show me first a trivial example, than a couple of medium-sized example, finally, show me a real-life example and reference. I know, I am complaining a lot. But all-in-all, I find the current iteration of the docs acceptable: they provide initial motivation that is sufficient to dig further. Regards, &rzej;

2017-01-26 16:18 GMT+01:00 Olaf van der Spek :

On Thu, Jan 26, 2017 at 4:03 PM, Andrzej Krzemienski wrote:

...

Wow. Indeed Rust docs do it. This is what you are referring to: http://rustbyexample.com/std/result.html This example doesn't do good service to Rust, does it?

The implementation might be bad but I don't think the interface is bad, assuming you want to handle the errors as runtime errors.

If you want to report overflow or precision errors, then this `MathResult` makes sense. But this example illustrates some bad practice of artificially widening the contract only to report the breakage in the return value. It is as though it were saying "here is how you can use Rust's Result to write poor code". Ok, but does it help me write good code? Regards, &rzej;

...

This is a nice description. Thank you. But as you'll see in v3 of the docs, I've completely rearchitected the message. Now Outcome looks like it's primarily an implementation of LEWG Expected, and it provides a few refinements of Expected which most users won't care about or will refuse to use.

Well, how about just calling it "expected" and "selling" it as an alternative to std::expected? There's lot's of precedent for this. We have boost::shared_ptr, boost::enable_if, etc. These have features that the std versions don't have and sometimes are indispensable for this reason.

I would think doing that unwise: i) I'm not on the LEWG (can't justify the expense). ii) Mine is not the reference implementation of Expected which ought to take primacy. iii) I am going to explicitly promise that my Expected WILL change to match the LEWG propsal as it evolves, breaking the code of anyone who uses it. If people don't like that, use outcome<T> or result<T>, those won't change. iv) I believe Vicente still intends to bring the reference Expected to Boost at a later date. All his efforts are currently being expended on WG21 work. But I could see a Google Summer of Code this summer being just that for example. I personally speaking believe anyone using unrestricted Expected directly needs their head examined, but there are an awful lot of people who think unrestricted Expected usage is an amazing thing. They need to be convinced they are wrong. Hence Outcome is really a "please don't use Expected directly, use these instead" library but also one handing them the noose of unrestricted Expected usage if they really, really want it.

...

Not only has your feedback and discussion been very valuable, I don't think the v3 tutorial would look like it does now without you.

make sure that your documentation has an acknowledgements section so you can mention this.

Good point.

...

Do let me know if the v3 tutorial now makes sense to you. I even dove into "noexcept as can't fail" vs "noexcept can fail" as a nod to you :)

I'm gratified that you've taken the task of documentation as an integral part of developing the library. I've been flogging this idea in the boost incubator. I've got a lot to say about this there.

I would more describe it as a cross to carry whilst being whipped on the road to Golgotha. Lucky I'm Catholic. I'm reaching the point where I'd prefer a broken arm to rewriting the damn tutorial yet again, the fact people need stuff spelled out to them in such incremental and precise detail and can't just mentally fill in the very obvious small gaps I find extremely frustrating. Still, as you would say Robert, that's the price of good documentation. Niall -- ned Productions Limited Consulting http://www.nedproductions.biz/ http://ie.linkedin.com/in/nialldouglas/

On 1/26/17 2:05 AM, Niall Douglas wrote:

...

I would more describe it as a cross to carry whilst being whipped on the road to Golgotha. Lucky I'm Catholic. I'm reaching the point where I'd prefer a broken arm to rewriting the damn tutorial yet again, the fact people need stuff spelled out to them in such incremental and precise detail and can't just mentally fill in the very obvious small gaps I find extremely frustrating.

:) I think we can all feel with you. Nevertheless, I think writing tutorials is a useful way to get into the user's head. For some reason, it is very hard to put yourself in the shoe of the novice once you understood something. That's universally true for everyone. We also need to accept that some people pick up things up faster and others slower. There are simply vastly different levels of experience out there. Everything is easy once you mentally embraced it, but we need to remember how we felt when we tried to learn a new library and what helped us most. It can also help with realising flaws in the design of the user interface, as Robert pointed out. I like what the Zen of Python has to say about this: "If the implementation is hard to explain, it's a bad idea." "If the implementation is easy to explain, it may be a good idea." I would replace "implementation" with "interface", because we usually allow the implementation to be more messy and complicated, but the user-visible part at least should be intuitive and consistent. Hans