Thread: Exception-Safe Copy Assignment

Assume a class named MySTring, with a member named data, that represents a C-style string, enforces conditions that data cannot be NULL (i.e. MyString never contains a NULL pointer), and the data member is guaranteed to be non-NULL.

Code:

MyString &operator=(const MyString &c)
{
       temp = new char[strlen(c.data) + 1];
       strcpy(temp, c.data);
       delete [] data;
       data = temp;
       return *this;
}

This assignment operator implements the strong exception safety guarantee. The reasoning for that statement;
1) The only line of code that can throw an exception is the first line, as strcpy() does not throw, operator delete does not throw, and simple pointer assignment does not throw. If the allocation in the first line fails, an exception is thrown, and the object (the left hand side of the assignment) is unchanged.
2) The data member is not deleted unless a new buffer has been successfully allocated and copied to.
3) Returning a reference to an existing object does not throw.
4) This operator does not attempt to change the right hand side of the assignment (i.e. argument c).

The key in doing this is to define an invariant (a set of pre-conditions that are always satisfied on calling any public member function, and which are not violated when that function returns) for the class. Hence the assumptions I gave before presenting the example.

And, yes, this example could be implemented using a temporary MyString and a swap() function. Different techniques are not necessarily mutually exclusive.

Thanks grumpy,


1.

Originally Posted by grumpy

1) The only line of code that can throw an exception is the first line, as strcpy() does not throw

Because strcpy is C function so it never throws?

2.

Originally Posted by grumpy

The key in doing this is to define an invariant (a set of pre-conditions that are always satisfied on calling any public member function, and which are not violated when that function returns) for the class. Hence the assumptions I gave before presenting the example.

Pre-condition you mean assumptions? I do not see any special assumptions in your sample which impacts exception safety. Could you point out what are your assumptions (pre-conditions) which impacts exception safety please?


regards,
George

Thanks grumpy,

Originally Posted by grumpy

1. Yes, strcpy() is a C function that is guaranteed not to throw exceptions (undefined behaviour is another concern: by definition, any form of undefined behaviour means no exception safety guarantee is possible).

Could you let me know what is the undefined bahavior please? From MSDN, if NULL is returned, means error, or else it is ok. I think everything is defined. :-)

http://msdn2.microsoft.com/en-us/library/kk6xf663.aspx

--------------------
Each of these functions returns the destination string. No return value is reserved to indicate an error.
--------------------

2.

Originally Posted by grumpy

2. An English-language definition of precondition is "Something that must come before or is necessary to ensure a subsequent result". A precondition is not an assumption: it is a condition that must be explicitly ensured to be true. In the example I gave, I assumed that the class implementation (i.e. all member functions, including the assignment operator) enforce a set of invariants, and those invariants are therefore preconditions when calling any public member function of the class. The assumptions I made were not specifically related to exception safety, but were introduced to simplify the example (i.e. I don't want to provide a complete class with every member function). In practice, however, it is more difficult to implement exception safety guarantees unless invariants are explicitly defined and enforced [I do not intend to provide an example to illustrate that observation].

Can you give me a sample please what do you mean in your previous sample the pre-condition and the invariants please? Sample is better than pure description. :-)


regards,
George

Originally Posted by George2

Could you let me know what is the undefined bahavior please? From MSDN, if NULL is returned, means error, or else it is ok. I think everything is defined. :-)

MSDN does not definitively define standard C functions. The C standard does. For example, ISO/IEC9899 2nd Edition 1999-12-01 aka "1999 C standard", Section 7.21.2.3, para 2 states ....

The strcpy function copies the string pointed to by s2 (including the terminating null character) into the array pointed to by s1. If copying takes place between objects that overlap, the behavior is undefined.

Undefined behaviour will also occur if the strcpy() function is passed uninitialised or NULL pointers for either argument.

Originally Posted by George2

Can you give me a sample please what do you mean in your previous sample the pre-condition and the invariants please? Sample is better than pure description. :-)

Refer the discussion in Post 16 of this thread. The assumptions I stated to set the scene for the implementation of "MyString::operator=()" are samples of some preconditions and invariants.

Thanks grumpy,


I read it, are the below quoted statements your pre-conditions?

--------------------
conditions that data cannot be NULL (i.e. MyString never contains a NULL pointer), and the data member is guaranteed to be non-NULL.
--------------------

Originally Posted by grumpy

Refer the discussion in Post 16 of this thread. The assumptions I stated to set the scene for the implementation of "MyString:perator=()" are samples of some preconditions and invariants.

regards,
George

For purposes of the example I gave, they are both preconditions (conditions that are true when operator=() is called) and invariants (they are still true when the function returns).

Thanks grumpy,


Question answered.

Originally Posted by grumpy

For purposes of the example I gave, they are both preconditions (conditions that are true when operator=() is called) and invariants (they are still true when the function returns).

regards,
George