Am 24.12.2017 um 15:54 schrieb Jeff King:
On Sat, Nov 18, 2017 at 10:01:45AM +0100, Johannes Sixt wrote:
Yeah, I have mixed feelings on that. I think it does make the control
flow less clear. At the same time, what I found was that handlers like
die/ignore/warn were the thing that gave the most reduction in
complexity in the callers.
Would you not consider switching over to C++? With exceptions, you get the
error context without cluttering the API. (Did I mention that
librarification would become a breeze? Do not die in library routines: not a
problem anymore, just catch the exception. die_on_error parameters? Not
needed anymore. Not to mention that resource leaks would be much, MUCH
simpler to treat.)
I threw this email on my todo pile since I was traveling when it came,
but I think it deserves a response (albeit quite late).
It's been a long while since I've done any serious C++, but I did really
like the RAII pattern coupled with exceptions. That said, I think it's
dangerous to do it half-way, and especially to retrofit an existing code
base. It introduces a whole new control-flow pattern that is invisible
to the existing code, so you're going to get leaks and variables in
unexpected states whenever you see an exception.
I also suspect there'd be a fair bit of in converting the existing code
to something that actually compiles as C++.
I think I mentioned that I had a version that passed the test suite.
It's not pure C++ as it required -fpermissive due to the many implicit
void*-to-pointer-to-object conversions (which are disallowed in C++).
And, yes, a fair bit of conversion was required on top of that. ;)
So if we were starting the project from scratch and thinking about using
C++ with RAII and exceptions, sure, that's something I'd entertain[1]
(and maybe even Linus has softened on his opinion of C++ these days ;) ).
But at this point, it doesn't seem like the tradeoff for switching is
there.
Fair enough. I do agree that the tradeoff is not there, in particular,
when the major players are more fluent in C than in modern C++.
There is just my usual rant: Why do we have look for resource leaks
during review when we could have leak-free code by design? (But Dscho
scored a point[*] some time ago: "For every fool-proof system invented,
somebody invents a better fool.")
[*]
https://public-inbox.org/git/alpine.DEB.2.20.1704281334060.3480@virtualbox/
