-
Notifications
You must be signed in to change notification settings - Fork 43
New issue
Have a question about this project? # for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “#”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? # to your account
Surprising Unitialized Variable detection #90
Comments
Using the default EP would give you the behavior you expect/desire. To get the behavior you have above you would well use a "strict" exception policy. So, I've left it to the user to decide what he wants to do: a) detect errors in his current code without changing his coding practices. One can't have it both ways - the user has to choose his way. "My natural expectation would be that the my safe int will want me when I try to read the indeterminate value (rather than when one is produced)." I considered that - but it adds overhead on every usage of safe type. Currently the library zero overhead for many safe types and I want to preserve that. "I would expect the documentation to warn me about the current, somewhat surprising behavior." The default exception policy gives you the behavior you expect. So I don't know that it needs to be explained any more. But I'm happy to consider documentation enhancements! One can never have to much documentation? LOL. The safe numerics library has been roundly ridiculed for having too much documentation! Of course this doesn't bother me as I thrive on ridicule! Interesting posts. Feel free to suggest enhancements to the documentation which link to your posts. For what it's worth, I'm firmly in the camp of considering uninitialized variables as "code smell". So if I had nothing else to do I'd promote the idea of doing something like the following. template safe cin(){ or template<class safe> safe cin(){ or // or something like that Anyway - I think the current implementation is what you want. Perhaps the documentation could be enhanced to make that more obvious. |
What I was expecting is the following behavior: int main()
{
boost::safe_numerics::safe<int> i; // ok
std::cout << i << std::endl; // throw: reading the indeterninate value
} The default policy does not give me the throw in the second line. I think it is implementable without any overhead the same way as the default deleter in It is fine if the library does not implement that. But because it is an expectation that a fairly broad group of users might had, I believe it should be indicated in the docs. |
I know. I would like to - but it's way too expensive to implement
That would be very interesting. If you want to expand upon that I'd be interested. If it were possible, i'd prefer that to enhancing the documentation. Right now I'm sort of bogged down in other stuff.
|
EBO = "Empty Base Optimization". struct StatelessPolicy
{
bool operator()(int) const { return true; }
};
struct StatefulPolicy
{
int state;
bool operator()(int i) const { return i == state; }
};
template <typename Policy>
struct MyType : private Policy
{
int i;
};
static_assert(sizeof(MyType<StatelessPolicy>) == sizeof(int));
static_assert(sizeof(MyType<StatefulPolicy>) == 2 * sizeof(int)); |
I'm begging to see how this might work. We'll leave this open until more work is done on this. |
Hey!! |
new contributors are always welcome (so far). No one needs to be "accepted" - just contribute a PR. Of course since there's no concept of "acceptance", there's not guarantee that a contribution will be accepted by the principal maintainer - that is me. Note that it's not a "democratic" system. It's not a consensus. For better or worse it's my decision. I never actually thought about it, but when I do, it's amazing that I have found almost all contributions acceptable and merged them into the libraries I maintain. There is almost no "snark", stupid arguments, impolite/personal discussions. It's generally been a pleasure to review and accept submissions from "random". When there is a problem, it's usually about issues like "conflicts with the library's stated purpose". That is - a submission that is not necessarily of poor quality, but likely belongs in some other library. When you submit a PR, you should:
So the goal is to prepare and submit a PR that I can review and if I find it acceptable can do a squash/merge into the develop branch. If all is well (which it will be if you've done the above), I will leave it as part of the develop branch and it will be merged along with any other pending changes into the release branch before the next boost release. Some miscellaneous points
|
" if you could explain a bit more this feature request, it would be great." It would be kind of hard to surpass Andresj's explanation. But I'll take a shot: int main()
{
boost::safe_numerics::safe<int> i; // ok
std::cout << i << std::endl; // throw: reading the indeterninate value
} Any uninitialized variable (i above) can create UB when used. So we should have NO undefined variables in our programs. But
|
Will you guide me more deeper?? |
I can't add much more regarding this task without actually doing the task myself - which is what I don't want to do as its quite a difficult task. Actually it's not really that the task is difficult - though it is - it's that one has to know a lot before he can even understand what the task is! This means that that one has to know more about C++, Boost C++ Libraries, Building and linking libraries and tests, Tools like b2, Make, Git(Hub), and some other stuff. That's why working with Boost is considered advanced work. It's not impossible, it's not even hard, it just takes quite an investment of effort to learn all one needs to know. So this can be quite frustrating. On the other hand, lots of people are willing to help: stack overflow, boost slack channel, boost mailing list etc. There are good examples of usage of all these tools within the boost libraries. There are lots of videos related to arcane aspects of C++ and Boost. These help keeping one from getting stuck at a dead end. But there's also an upside. Completing a difficult task that adds real value is tremendously rewarding personally. And it's done in full view of the best C++ programmers around. It's a huge confidence builder. It can also be very helpful on one's resume when it comes time to look for a job. (though I don't think it's ever done me any good in this area. But that might be due to my particular circumstances) At Boost, we don't much go in for great ideas unless they are backed up with real, working solutions. Anyone can start a project or task - it's fun and quick to do. But very few people can actually complete these kinds of tasks and projects. So to address your question, I'd say get more familiar with the development workflow of a boost library.
I see by looking at your profile, you're well on your way down this path. I didn't look at it until now so some of the above advice isn't applicable to you. I'm leaving it in for other interested parties. As to the specific task referred to Adrejz(?) above, familiarity with the following topics will be at least helpful and likely necessary.
Hope you've found this helpful. Good luck with your quest. Looking forward seeing what you (or anyone else) does with this. |
The following code has UB due to reading a variable with indeterminate value:
However, the following code is perfectly correct:
For this reason, I would expect the following code not to throw exceptions:
This is unfortunate, because the library throws for a perfectly valid code. My natural expectation would be that the my safe int will want me when I try to read the indeterminate value (rather than when one is produced).
With the current behavior, I am forced to put some starting value that will be discarded the moment after. I consider it a bad programming practice, despite what many teachers say, as explained in these blog posts:
I imagine that detecting the read of indeterminate value is more difficult to implement, because you have to keep the track of the variable initialization state in a separate variable. If this is unimplementable, at mnimum, I would expect the documentation to warn me about the current, somewhat surprising behavior.
The text was updated successfully, but these errors were encountered: