search

abseil / abseil-cpp

Abseil Common Libraries (C++)
https://abseil.io
Apache License 2.0
14.9k stars 2.6k forks source link

Abseil types are untested for exception-safety #37

Open JonathanDCohen opened 7 years ago

JonathanDCohen commented 7 years ago

Google internally doesn't use exceptions in our C++ code. Thus, our claim that Abseil types are battle-tested comes with an asterisk that they haven't been so thoroughly tested in the face of exceptions.

We are working internally on a framework to thoroughly test the exception-safety of our types which care about it, and as it is finished we will begin rolling out exception-safety bugfixes. We are currently aiming for basic exception safety everywhere, and strong exception safety only where reasonable and where it won't affect performance.

This Issue is a catch-all for reports of exception-unsafety of Abseil types.

JonathanDCohen commented 6 years ago

An update: in today's daily release there was the addition of absl/base/internal/exception_safety_testing.{h,cc}

This is an exception-safety test framework loosely based off of Dave Abraham's article _Exception-Safety in Generic Components_

The framework will evolve slightly as we test-drive it with our own types. The first up to test will be absl::any because it is simple, has a small interface, and is most likely already correct as far as we can tell. After that the first priority is InlinedVector, which is the most difficult to get right, followed by the rest of Abseil.

JonathanDCohen commented 6 years ago

Another update: working on any has exposed that our framework needs to gracefully be able to deal with the Strong guarantee for types which do't have operator== and the need to deal with post-conditions on constructors, including lack of resource leaks.

So upcoming will be an update that will let us test constructors and an enhancement which removes the need for any T to be copy-constructible or equality-comparable in order to test the Strong Guarantee. I suspect this will be the last major overhaul of this framework, but who knows?

JonathanDCohen commented 6 years ago

Turns out any is much harder than it seems! After finding a bug in the standard (http://cplusplus.github.io/LWG/lwg-defects.html#2162) and a bug in libstdc++ std::any (https://gcc.gnu.org/bugzilla/show_bug.cgi?id=83658) we've gotten through the exception safety test for absl::any. See absl/types/any_exception_safety_test.cc

The good news is finding an exception-safety bug in a library like libstdc++ gives me really high confidence that the exception-safety test suite is working well, and we should see significant improvements to the exception safety of Abseil in the near future.

J-Richter commented 3 years ago

I've noticed an exception-safety problem with flat_hash_map. Is this issue still being worked on? Should I file a bug report or just wait for the fixes? But after 4 years its perhaps not going anywhere soon? Perhaps this problems with exception safety should be placed more prominently on the website.

derekmauro commented 3 years ago

Please file a report so we know what the issue is.