On 01/23/2017 10:37 PM, Caolán McNamara wrote:
On Mon, 2017-01-23 at 11:40 +0100, Stephan Bergmann wrote:
I don't think adding noexcept(false) to such dtors would be
good. They are surely not meant to throw.
Well, take 1399220 as a common enough pattern, an OUString +=
"something" and OUString::operator+= calls rtl_uString_newConcatAsciiL
and that has a throw std::length_error. If it makes sense to claim this
dtor won't throw cause that's just not going to happen in the real
world, then it might make as much sense to remove the throw from +=
instead.
I think the
if (left->length > std::numeric_limits<sal_Int32>::max() - rightLength) {
throw std::length_error("rtl_uString_newConcatAsciiL");
}
in rtl_uString_newConcatAsciiL (sal/rtl/ustring.cxx), can, for most
practical purposes, be considered about equivalent to
if (left->length > std::numeric_limits<sal_Int32>::max() - rightLength) {
std::abort();
}
---the program will terminate abruptly when that condition is met, as
there is usually no code written to handle that unanticipated condition.
However, this is obviously better than silently doing nothing or
sticking a (debug-builds--only) assert there (not to mention that an
assert would feel logically wrong, given rtl_uString_newConcatAsciiL's
preconditions). For a poorly written import filter, e.g., it may make
much of a security difference (modulo poorly handled stack-unwinding
effects, in the case of throw).
(And it probably wouldn't really help the Coverity case to replace such
throw expressions with calls to std::abort or assert, anyway. There's
also calls to std library functions that may throw, and even if Coverity
might not today use such to construct its warnings from, who knows it
won't after the next update.)
So, what does that mean for dtors? I think the most obvious take-away
(and the best place where to spend energy) is to do as little as
possible in dtors. There's still some violations of that across the
code base, and they keep biting us every now and then (e.g., when the
dtor of a UNO object is only triggered by JVM GC, at unpredictable times).
Apart from that, if a dtor calls code that can throw, but the dtor's
author doesn't reason whether or not such an exceptional condition can
actually happen (which probably covers the vast majority of dtors ever
written), I think the throw-is-moral-equivalent-of-std::abort failure
handling covers this case best. (Which implies that the dtor should not
be marked noexcept(false), in the spirit of catching errors early.)
If, on the other hand, a dtor is carefully proven to never cause an
exception to be thrown (from within a call it makes to a function that
can potentially throw), the "Java-style" solution could be to rewrite
that call as
try {
call();
} catch (whatever::ex &) {
assert(false); // cannot happen
}
But do we want to pepper our code base with such clutter?
Anyhow, if any member of a class or base-class has a dtor thats
nothrow(false) that'll poison the whole hierarchy so they are
implicitly nothrow(false) too, right ? So, in your dynamic exception
specification changes mail you mentioned "For dtors, the dynamic
exception specification would be replaced with an explicit
nothrow(false)." so it might end up that lots of these warning melt
away again if that affects something sufficiently lowlevel ? Maybe
worry about these again after those changes land.
Dtors with a dynamic exception specification ("throw (foo)", /not/
merely a throw-nothing "throw ()") are exceedingly rare. I haven't come
across one in our code base yet, and the only existing noexcept(false)
dtor is ~GErrorWrapper in
shell/source/sessioninstall/SyncDbusSessionHelper.cxx (from
<https://cgit.freedesktop.org/libreoffice/core/commit/?id=21f98618d8cd7562d423e94db988126d662165c9>
"-Werror=terminate (GCC 6)").
Context
Privacy Policy |
Impressum (Legal Info) |
Copyright information: Unless otherwise specified, all text and images
on this website are licensed under the
Creative Commons Attribution-Share Alike 3.0 License.
This does not include the source code of LibreOffice, which is
licensed under the Mozilla Public License (
MPLv2).
"LibreOffice" and "The Document Foundation" are
registered trademarks of their corresponding registered owners or are
in actual use as trademarks in one or more countries. Their respective
logos and icons are also subject to international copyright laws. Use
thereof is explained in our
trademark policy.