Asp Forum - throwing dtors...

Chris M. Thomasson

10/2/2008 3:25:00 AM

Is it every appropriate to throw in a dtor? I am thinking about a simple
example of a wrapper around a POSIX file...
________________________________________________________________________
class file {
FILE* m_handle;

public:
// [...];

~file() /* throw() */ {
int const status fclose(m_handle);
if (status) {
/* shi% hit the fan:
http://www.opengroup.org/onlinepubs/007908775/xsh/f...
/*

// [what now?]
}
}
};
________________________________________________________________________

How to properly handle `EAGAIN' in dtor? Well, what about any error for that
matter? I am a C programmer and only code C++ for fun, and some in-house
projects. If I were really going to create C++ application and release it
into the wild, well, how would you advise me to handle the case above? I am
interested in how throwing in a dtor effects dynamic destruction... Would
something like the following be legal?

<pseudo code!!!!>
_______________________________________________________________
struct throw_from_dtor {
int const m_status;

public:
throw_from_dtor(int const status)
m_status(status) {}

int get_status() const { return m_status; }
};

class file {
FILE* m_handle;

public:
// [ctor];

~file() {
int const status = fclose(m_handle);
if (status) {
throw throw_from_dtor(status);
}
}
};

int main() {
file* f = new file();
try {
delete f;
} catch(throw_from_dtor const& e) {
// handle error from `e.get_status()'
delete f;
}
return 0;
}
_______________________________________________________________

?

or what about using smart pointer...

int main() {
std::auto_ptr<file> f;
try {
f.reset(new file());
} catch(throw_from_dtor const& e) {
// handle error from `e.get_status()'
}
}

?

Please keep in mind that refusing to not handle an error from `fclose' could
resule is HORRIBLE things down the road... Think massive data lost...
Perhaps __permanent__ data-! OUCH!!!

;^/

22 Answers

Chris M. Thomasson

10/2/2008 3:28:00 AM

Chris M. Thomasson

10/2/2008 3:47:00 AM

"Chris M. Thomasson" <no@spam.invalid> wrote in message
news:k4XEk.16199$hX5.2021@newsfe06.iad...
> Is it every appropriate to throw in a dtor? I am thinking about a simple
> example of a wrapper around a POSIX file...
> ________________________________________________________________________
[...]
> ________________________________________________________________________
[...]

> how would you advise me to handle the case above? I am interested in how
> throwing in a dtor effects dynamic destruction... Would something like the
> following be legal?
>
[...]

I am doing some experimenting, and found that throwing from a dtor
apparently leaves the object fully intact wrt the memory that makes it up so
that proper disaster cleanup can indeed be performed... For example, the
following program goes into infinite loop:
______________________________________________________________________
#include <cstdio>

struct throw_on_dtor {};

class foo {
public:
~foo() {
throw throw_on_dtor();
}
};

int main(void) {
foo* f = new foo();
retry:
try {
delete f;
} catch (throw_on_dtor const& e) {
std::puts("throw_on_dtor caught!");
goto retry;
}
return 0;
}

______________________________________________________________________

So, AFAICT, throwing from a dtor will complicate some odd complications.
However, they can be worked out for sure. This fact that a dtor can throw
will need to be CLEARY documented indeed. The above highly crude technique
can be used to solve the fact when a file close is interrupted by a signal
(e.g., `EINTR'). It can also be used to handle `EAGAIN'... Although, it
seems eaiser to use placement new when your dealing with a class that can
throw from its dtor, so that the catch block can actually free memory
without running the dtor again like delete does... Something like:

______________________________________________________________________
#include <cstdio>
#include <cstdlib>
#include <new>

struct throw_on_dtor {};

class foo {
public:
~foo() {
throw throw_on_dtor();
}
};

int main(void) {
foo* f = new (std::malloc(sizeof(*f))) foo();
if (f) {
retry:
try {
f->~foo();
std::free(f);
} catch (throw_on_dtor const& e) {
std::puts("throw_on_dtor caught! Handling Error...");
std::free(f);
}
}
return 0;
}
______________________________________________________________________

Humm... The placement new soultion looks like a good match for throwing
dtors indeed!

Also, a class which throws from dtors could contain a dtor counter and/or
flag to detect how many times, if any, the dtor has been invoked; something
like:

class foo {
unsigned m_dtor_invoke; // = 0
bool m_dtor_throw; // = false;
public:
~foo() {
++m_dtor_invoke;
if (! m_dtor_throw) {
m_dtor_throw = true;
throw throw_on_dtor();
}
}
};

Any thoughts? BTW, try not to flame me too harshly! I am trying to avoid the
user explicitly calling a close function... Or, is that a great idea wrt
dealing with any class that has a dtor which calls an API that can fail
_AND_ such failure indicates something important?

;^(...

Chris M. Thomasson

10/2/2008 3:52:00 AM

"Chris M. Thomasson" <no@spam.invalid> wrote in message
news:aoXEk.16204$hX5.2055@newsfe06.iad...
> "Chris M. Thomasson" <no@spam.invalid> wrote in message
> news:k4XEk.16199$hX5.2021@newsfe06.iad...
>> Is it every appropriate to throw in a dtor? I am thinking about a simple
>> example of a wrapper around a POSIX file...
>> ________________________________________________________________________
> [...]
>> ________________________________________________________________________
> [...]
>
>> how would you advise me to handle the case above? I am interested in how
>> throwing in a dtor effects dynamic destruction... Would something like
>> the following be legal?
>>
> [...]
>
> I am doing some experimenting, and found that throwing from a dtor
> apparently leaves the object fully intact wrt the memory that makes it up
> so that proper disaster cleanup can indeed be performed... For example,
> the following program goes into infinite loop:
> ______________________________________________________________________
> #include <cstdio>
>
> struct throw_on_dtor {};
>
> class foo {
> public:
> ~foo() {
> throw throw_on_dtor();
> }
> };
>
> int main(void) {
> foo* f = new foo();
> retry:
> try {
> delete f;
> } catch (throw_on_dtor const& e) {
> std::puts("throw_on_dtor caught!");
> goto retry;
> }
> return 0;
> }
>
> ______________________________________________________________________
>
>
>
>
> So, AFAICT, throwing from a dtor will complicate some odd complications.
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^

let me rephrase:

So, AFAICT, throwing from a dtor will _create_ some odd complications...

Humm... I am now thinking that instead of throwing from dtor, all error
handling should be preformed within dtor... However, what if user wants to
be informed of any failure case within dtor? Should I provide a simple
callback function to inform user of such condition? Something like:
___________________________________________________________
class file {
FILE* m_handle;
bool (*m_fp_on_dtor_error) (file&, int);

public:
foo(fp_on_dtor_error fp = NULL)
: m_fp_on_dtor_error(fp) {
[...]
};

~foo() {
retry:
if (! fclose(m_handle)) {
if (m_fp_on_dtor_error) {
if (m_fp_on_dtor_error(*this, errno)) {
goto retry;
}
}
}
}
};
___________________________________________________________

Humm... I need ADVISE!

;^o

anon

10/2/2008 5:47:00 AM

Chris M. Thomasson wrote:
> Is it every appropriate to throw in a dtor? I am thinking about a simple
> example of a wrapper around a POSIX file...

Take a look here:
http://www.parashift.com/c++-faq-lite/dtors.html...

> ________________________________________________________________________
> class file {
> FILE* m_handle;
>
> public:
> // [...];
>
> ~file() /* throw() */ {
> int const status fclose(m_handle);
> if (status) {
> /* shi% hit the fan:
> http://www.opengroup.org/onlinepubs/007908775/xsh/f...
> /*
>
> // [what now?]
> }
> }
> };
> ________________________________________________________________________
>
>
> How to properly handle `EAGAIN' in dtor? Well, what about any error for
> that matter? I am a C programmer and only code C++ for fun, and some
> in-house projects. If I were really going to create C++ application and
> release it into the wild, well, how would you advise me to handle the
> case above? I am interested in how throwing in a dtor effects dynamic
> destruction... Would something like the following be legal?
>

How would you handle it in C?

>
>
> <pseudo code!!!!>
> _______________________________________________________________
> struct throw_from_dtor {
> int const m_status;
>
> public:
> throw_from_dtor(int const status)
> m_status(status) {}
>
> int get_status() const { return m_status; }
> };
>
> class file {
> FILE* m_handle;
>
> public:
> // [ctor];
>
> ~file() {
> int const status = fclose(m_handle);
> if (status) {
> throw throw_from_dtor(status);
> }
> }
> };
>
>
> int main() {
> file* f = new file();
> try {
> delete f;
> } catch(throw_from_dtor const& e) {
> // handle error from `e.get_status()'
> delete f;
> }
> return 0;
> }
> _______________________________________________________________
>
>
> ?
>
>
> or what about using smart pointer...
>
>
>
> int main() {
> std::auto_ptr<file> f;
> try {
> f.reset(new file());
> } catch(throw_from_dtor const& e) {
> // handle error from `e.get_status()'
> }
> }
>
>
>
> ?
>

These two mains are almost the same (at least they are doing the same thing.

>
>
>
> Please keep in mind that refusing to not handle an error from `fclose'
> could resule is HORRIBLE things down the road... Think massive data
> lost... Perhaps __permanent__ data-! OUCH!!!
>

What can you do when fclose fails?

Chris M. Thomasson

10/2/2008 6:52:00 AM

"anon" <anon@no.invalid> wrote in message
news:gc1n78$kks$1@news01.versatel.de...
> Chris M. Thomasson wrote:
>> Is it every appropriate to throw in a dtor? I am thinking about a simple
>> example of a wrapper around a POSIX file...
>
> Take a look here:
> http://www.parashift.com/c++-faq-lite/dtors.html...

Okay; I will give it a look.

[...]

> How would you handle it in C?
[...]

> What can you do when fclose fails?

Well, it depends on the error:

http://www.opengroup.org/onlinepubs/007908775/xsh/f...

For instance, fclose can get interrupted by a signal. In this case, you need
to reissue the operation; e.g:
______________________________________________________________
struct file {
FILE* handle;
};

int file_close(
struct file* const this
) {
int status;
do {
status = fclose(this->handle);
} while (status == EOF && errno == EINTR);
return status;
}
______________________________________________________________

Or, what if it returns `EAGAIN', well, this certainly needs to be handled.
However, it would be better to let the application to handle this, not do it
implicitly within the `file_close()' function. There are many ways to handle
this. That's not the problem. The problem is when a retarded program does
not handle it! IHO, any program that does not explicitly handle errors from
`fclose()' is severely broken and VERY dangerous. Let me give you a
example... Imagine a C++ wrapper around a C FILE... Fine. Imagine the dtor
looks like this:

class file {
FILE* m_handle;

public:
~file() throw() {
fclose(m_handle);
}
};

Fine... Now, a user needs to copy a file to a disk, and destroy the
original. Okay. It creates two file objects (e.g., src and dest:)

{
file src(...);
file dest(...);

// Then it performs the copy operation:

[copy src to dest]
}

Now the code-block goes out of scope, and no exceptions were thrown during
the copy process, HOWEVER, the call to `fclose()' in the dest object
failed!!!! Well, the user thinks everything is fine because the completely
retarded ignorant moron file object did not report the fuc%ing error! So the
user operates in ignorance and happily destroys the original file thinking
that the file was COMPLETELY copied onto the disk! WRONG! The file was
partially copied because `fclose()' failed to do its thing and properly
flush the buffers, or whatever... Now, the missing file data is LOST
__forever__! OUCH!!!

This is why its ESSENTIAL to report and handle errors from `fclose()'... If
`fclose()' fails, you can't be so sure that the file is 100% coherent...

Any thoughts?

Paavo Helde

10/2/2008 7:01:00 AM

"Chris M. Thomasson" <no@spam.invalid> kirjutas:

> Is it every appropriate to throw in a dtor? I am thinking about a
> simple example of a wrapper around a POSIX file...
> _______________________________________________________________________
> _ class file {
> FILE* m_handle;
>
> public:
> // [...];
>
> ~file() /* throw() */ {
> int const status fclose(m_handle);
> if (status) {
> /* shi% hit the fan:
> http://www.opengroup.org/onlinepubs/007908775/xsh/f...
> /*
>
> // [what now?]
> }
> }
> };
> _______________________________________________________________________
> _
>
>
> How to properly handle `EAGAIN' in dtor? Well, what about any error
> for that matter? I am a C programmer and only code C++ for fun, and
> some in-house projects. If I were really going to create C++
> application and release it into the wild, well, how would you advise
> me to handle the case above? I am interested in how throwing in a dtor
> effects dynamic destruction... Would something like the following be
> legal?

Throwing from a dtor is not really advisable in C++. It can easily lead
to duplicate throws during stack unwinding, and calling terminate() as
the result.

The C++ RAII model is built up on the assumption that releasing the
resource always succeeds (or its failure can be ignored by upper levels).
If this is not the case, then the application logic becomes very complex
immediately, essentially you are back in C again.

In any case, I would suggest to move any activity which can fail out of
the destructor, into a separate member function which has to be called
explicitly before destroying of the object, possibly from inside a try-
catch block dealing with errors.

In regard of this example, for most applications, fclose() failing
indicates that the disk is full. What can you do about this? Try to
delete some random other files from the disk? For most applications I
believe a proper behavior would be to try to log the error somewhere,
then either continue or abort, depending on the application type.

If the file integrity is of the most importance, e.g. in case of a
database program, this has to be managed explicitly anyway by storing
something like transaction completion markers in the file itself, or
whatever. I bet this is not trivial.

hth
Paavo

Chris M. Thomasson

10/2/2008 7:04:00 AM

Chris M. Thomasson

10/2/2008 7:21:00 AM

"Paavo Helde" <nobody@ebi.ee> wrote in message
news:Xns9B2B65D8AFDA9nobodyebiee@216.196.97.131...
> "Chris M. Thomasson" <no@spam.invalid> kirjutas:
>
>> Is it every appropriate to throw in a dtor? I am thinking about a
>> simple example of a wrapper around a POSIX file...
>> _______________________________________________________________________
[...]
>
> Throwing from a dtor is not really advisable in C++. It can easily lead
> to duplicate throws during stack unwinding, and calling terminate() as
> the result.
>
> The C++ RAII model is built up on the assumption that releasing the
> resource always succeeds (or its failure can be ignored by upper levels).
> If this is not the case, then the application logic becomes very complex
> immediately, essentially you are back in C again.
>
> In any case, I would suggest to move any activity which can fail out of
> the destructor, into a separate member function which has to be called
> explicitly before destroying of the object, possibly from inside a try-
> catch block dealing with errors.

I think I agree here. Since, IMVHO, at least attempting to gracefully handle
`fclose()', such as deferred retrying in the case of `EINTR' or `EAGAIN', is
extremely important. Therefore, it sure seems to make sense to force the
used to explicitly call a member function which invokes `fclose()' and
throws when a very bad error its encountered (e.g., something other than
EINTR or EAGAIN).

> In regard of this example, for most applications, fclose() failing
> indicates that the disk is full.

What if the calling thread simply gets interrupted by a signal? What if the
file is non-blocking and the close operation would block? Those errors can
be handled in a straight forward manner. The former can even be handled
within the dtor itself:

class file {
FILE* m_handle;

public:
~file() throw() {
while (fclose(m_handle) == EOF && errno == EINTR);
}
};

> What can you do about this? Try to
> delete some random other files from the disk?

The application does what it has to do in order to prevent data corruption
and/or loss.

> For most applications I
> believe a proper behavior would be to try to log the error somewhere,
> then either continue or abort, depending on the application type.

What if the application needs to copy a file to disk and destroy the
original? If `fclose()' fails on the destination file, well, the application
won't know about it and will continue on and destroy the source file. Well,
the destination file is by definition in a non-coherent state because
`fclose()' failed to "do its thing". Well, the lost data is gone forever. A
log file will only show why the data was lost, it does not prevent it. In
this case I bet the user wished the application just terminated when the
`fclose()' failed. Or better, I bet the user would like to be able to catch
and explicitly handle this case...

> If the file integrity is of the most importance, e.g. in case of a
> database program, this has to be managed explicitly anyway by storing
> something like transaction completion markers in the file itself, or
> whatever. I bet this is not trivial.

Not trivial at all!

;^0

anon

10/2/2008 8:22:00 AM

Chris M. Thomasson wrote:
> "anon" <anon@no.invalid> wrote in message
> news:gc1n78$kks$1@news01.versatel.de...
>> Chris M. Thomasson wrote:
>>> Is it every appropriate to throw in a dtor? I am thinking about a
>>> simple example of a wrapper around a POSIX file...
>>
>> Take a look here:
>> http://www.parashift.com/c++-faq-lite/dtors.html...
> [...]
>
> Well, AFAICT, it seems like C++ destructors are really not all that good
> for gracefully handling critical shutdown operations in dtors, such as
> `fclose()'. Where am I going wrong? It seems like the only way to avoid
> throwing from a dtor would be doing something along the lines of:
>

Destructors have to cleanup its objects, and they should (must) not fail.

>
> // example on how to handle EINTR or perhaps even EAGAIN
> ______________________________________________________________________
> class file {
> FILE* m_handle;
>
> // returns true to retry; or false to continue...
> bool (*m_fp_on_fclose_dtor) (int);
>
> public:
> file(bool (*fp_on_fclose_dtor) (int) = NULL, ...)
> : m_fp_on_fclose_dtor(fp_on_fclose_dtor) {
> // [...];
> }
>
> ~file() throw() {
> while (fclose(m_handle) == EOF) {
> if (m_fp_on_fclose_dtor && !
> m_fp_on_fclose_dtor(errno)) {
> break;
> }
> }
> }
> };
>
>

IMO This would be better:

class file {
FILE* m_handle;

public:
file()
{
// [...];
}

~file()
{
try
{
close_file();
}
// catch other exceptions
catch(...)
{
// log the error
}
}

void close_file()
{
// do whatever you can to close the file
// throw an exception in a case of an error
}

};

int main()
{
try
{
file obj;
// do stuff
obj.close_file();
}
catch(...)
{
// log error
// try to repair the damage
}
}

>
> Now, if a signal is thrown, or if the operation would block, the
> operation will at least try to gracefully complete. All other errors
> KILL the program dead... Sounds good to me.
>
>

With all other errors, your file will not be closed, and you have a
terminated program. Not very elegant solution ;)

James Kanze

10/2/2008 8:28:00 AM

On Oct 2, 5:25 am, "Chris M. Thomasson" <n...@spam.invalid> wrote:
> Is it every appropriate to throw in a dtor?

Sure. There are special cases where the only reason to have a
destructor is for it to throw.

All such cases are, however, special cases, and objects of those
types should only exist in special contexts (typically, as
temporaries in a single expression).

> I am thinking about a simple example of a wrapper around a
> POSIX file...

That one definitly shouldn't throw.

> ________________________________________________________________________
> class file {
> FILE* m_handle;

> public:
> // [...];

> ~file() /* throw() */ {
> int const status fclose(m_handle);
> if (status) {
> /* shi% hit the fan:
> http://www.opengroup.org/onlinepubs/007908775/xsh/f...
> /*
> // [what now?]
> }
> }
> };
> ________________________________________________________________________

If you get to the destructor and the file hasn't been closed,
it's an error. It should only happen in two cases: your
unwinding the stack as a result of another error (which will
result in the generated file being deleted, or at least marked
as invalid), or there is an error elsewhere in the code (which
should result in an assertion failure).

> How to properly handle `EAGAIN' in dtor? Well, what about any
> error for that matter? I am a C programmer and only code C++
> for fun, and some in-house projects. If I were really going to
> create C++ application and release it into the wild, well, how
> would you advise me to handle the case above?

Require an explicit close by the user, before the object is
destructed, and return a return code from that function.

FWIW: most of my file output is through a file wrapper class
whose destructor deletes the file if it is called before the
file is "committed"; it also has an option for linking several
such wrappers, so that all of the files will be deleted unless
all have been successfully "committed". (Also, my shutdown
routines flush cout, and generate an error if that fails.)

[...]
> Please keep in mind that refusing to not handle an error from
> `fclose' could resule is HORRIBLE things down the road...

Obviously. And since the error must be handled, you never count
on the destructor for the close. (In the normal case---it's
fine if you're cleaning up after another error, and are going to
delete the file anyway as a result of the other error.)

--
James Kanze (GABI Software) email:james.kanze@gmail.com
Conseils en informatique orientée objet/
Beratung in objektorientierter Datenverarbeitung
9 place Sémard, 78210 St.-Cyr-l'École, France, +33 (0)1 30 23 00 34

comp.lang.c++

throwing dtors...

Chris M. Thomasson

Chris M. Thomasson

Chris M. Thomasson

Chris M. Thomasson

anon

Chris M. Thomasson

Paavo Helde

Chris M. Thomasson

Chris M. Thomasson

anon

James Kanze

x Login to ForumsZone