Error control in constructors

Question

There is such class:

class Circle{ int x; int y; int radius; public: Circle(int x_, int y_, int radius_){ x = x_; y = y_; if(radius < 0) signal error; radius = radius_; } };

It is not possible to create circle with radius less than zero. What is a good method to signal error in constructor? I know that there are exceptions, but are there any other methods?

How about making the radius an unsigned integer so this cannot happen? — Kerrek SB
– Kerrek SB, Commented Jul 28, 2011 at 12:01
@Kerrek, that will worsen the situation. If warning is ignored from signed to unsigned then, a huge address circle will be created. — iammilind
– iammilind, Commented Jul 28, 2011 at 12:05
@iammilind: If you ignore warnings, it's your own dumb fault. — Puppy
– Puppy, Commented Jul 28, 2011 at 12:07
Is it a circle valid with radius exactly zero? Would it be reasonable to simply take the absolute value of a negative radius? — Potatoswatter
– Potatoswatter, Commented Jul 28, 2011 at 12:13

animuson · Accepted Answer · 2014-05-23 23:06:30Z

A good method is not to allow the error to compile!

Unfortunately, merely using unsigned will not prevent a negative value from being passed to the constructor – it will just be converted implicitly to an unsigned value, thus hiding the error (as Alf pointed out in a comment).

The “proper” solution would be to write a custom nonnegative (or more generally, constrained_value) type to make the compiler catch this error – but for some projects this may be too much overhead, since it can easily lead to a proliferation of types. Since it improves (compile-time) type safety, I still think that this is fundamentally the right approach.

A simple implementation of such a constrained type would look as follows:

struct nonnegative { nonnegative() = default; template <typename T, typename = typename std::enable_if<std::is_unsigned<T>::value>::type> nonnegative(T value) : value{value} {} operator unsigned () const { return value; } private: unsigned value; };

See it in action

This prevents construction from anything but an unsigned type. In other words, it simply disables the usual implicit, lossy conversion from signed to unsigned numbers.

If the error cannot be caught at compile time (because the value is received from the user), something like exceptions are the next best solution in most cases (although an alternative is to use an option type or something similar).

Often you would encapsulate this throwing of an exception in some kind of ASSERT macro. In any case, user input validation should not happen inside a class’ constructor but immediately after the value has been read from the outside world. In C++, the most common strategy is to rely on formatted input:

unsigned value; if (! (std::cin >> value)) // handle user input error, e.g. throw an exception.

Worth noting that this strategy requires warning on implicit signed-to-unsigned conversion, and likely making warnings errors too. This may be worthwhile, or might be impossible due to codebase cruft.
@iammilind: Also, the radius property should be unsigned as well.
-1 for advice about using unsigned. that will tend to hide the error rather than catch it. c++ guarantees that negative actual arguments will compile and will not cause any trap. that said, the other answers about using exception are not much better. the proper thing to do here is to use an assert, not exceptions.
@Alf That’s your fault for not using warnings. A modern C++ compiler with the warning level cranked up will not allow such code. And plain C asserts are good for debugging (I almost mentioned that in my answer) but not for production code. Production-code asserts must ultimately be implemented via exceptions.
@6502 100k+ is no protection against ignorance. And in particular since I don’t know C (I’m assuming that unsigned behaviour is due to backwards compatibility) – and have never pretended to – I clearly still don’t know all nooks and crannies of C++. (Also, notice how the answer doesn’t suggest using unsigned any more.)

Cat Plus Plus · Accepted Answer · 2011-07-28 11:58:59Z

7

No. Throw an exception — that is the standard way to bail out from the ctor.

answered Jul 28, 2011 at 11:58

Cat Plus Plus

131k27 gold badges205 silver badges226 bronze badges

3 Comments

Owen Over a year ago

Yes, throwing an exception is best, but the question is "are there other methods". I think Luchian pointed out a decent one.

KillianDS Over a year ago

And you should always be suspicious for such questions Owen, because often they root in the ridiculous "exceptions are too slow" reason ...

Puppy Over a year ago

@Owen: That method does not signal an error in a constructor, it just delays the problem until it's not in a constructor.

pmr · Accepted Answer · 2011-07-28 11:59:28Z

4

Throw an exception. That's what RAII is all about.

answered Jul 28, 2011 at 11:59

pmr

60k11 gold badges120 silver badges162 bronze badges

Comments

iammilind · Accepted Answer · 2011-07-28 12:10:24Z

Exception is the correct way to signal the error. Because, passing a negative value as a radius is a logical mistake. It's safe to throw from constructor.

As other option, you can print an error message into a log file.

Third option is somewhat suggested by @Luchian; I am rephrasing it.

Don't call the constructor, if the radius it < 0. You should have a check outside the object creation.

Edit: there is a logical error in your code:

if(radius < 0) // should be 'radius_'

ks1322 · Accepted Answer · 2011-07-28 12:36:18Z

Exception is the best method to report an error from constructor in C++. It is much safe and clear than all others methods. If an error occures in constructor, the object should not be created. Throwing exception is the way to achieve this.

Sebastian Mach · Accepted Answer · 2011-07-28 18:18:03Z

My personal opinion is that you should use throw std::runtime_error in the general case, and as UncleBens points out in comments, invalid_argument in this case.

In some circumstances, like when it is guaranteed that the radius can't be negative by means of unpredictable input, you should use assert instead, because then it is a programmer error (== bug):

#include <cassert> ... assert (radius >= 0);

This disables the check for release builds.

A third alternative would be to use your own datatype that guarantees as a post-condition that it's never less than 0; though one has to be careful not to invent too many micro-types:

template <typename Scalar, bool ThrowRuntimeError> class Radius { public: Radius (Scalar const &radius) : radius_(radius) { assert (radius>=Scalar(0)); if (ThrowRuntimeError) { if (Scalar(0) >= radius) throw std::runtime_error("can't be negative"); } } ... private: Radius(); // = delete; Scalar radius_; };

Note that in such general implementations, one must be careful to avoid compiler warnings that warn about unneeded comparisons against zero (e.g. when Scalar = unsigned int).

Anyways, I'd go without the Radius class, and use assertations (if negative radius can only be a bug) or exceptions (if negative radius can be the result of bad input).

I'd throw std::invalid_argument (derived from std::logic_error) which seems to be more likely the correct category for the problem :)
@Raedwald: Why not invalid_argument, which is a specialisation of logic_error?

6502 · Accepted Answer · 2011-07-28 12:56:46Z

The standard approach for error in constructors is using an exception.

However an alternative that is sometime useful is the "zombie" approach. In other words if you cannot construct a working object properly then create an object that is non-functional but that can be tested for this and that can be destroyed safely. All the methods should also fail gracefully and become NOPs.

Most of the times this approach is just an annoyance because you will delay the discovery of a problem to when the object is actually used... but it is a viable path if you have serious reasons for avoiding exceptions.

Roman Pietrzak · Accepted Answer · 2011-07-28 12:05:52Z

0

Strictly to C++ - no... Exceptions are the only one 'good' way...

However there are many other 'less-standard' approaches, I recommend two-phase constructors(used in symbian).

answered Jul 28, 2011 at 12:05

Roman Pietrzak

6153 silver badges16 bronze badges

3 Comments

Sebastian Mach Over a year ago

Can you elaborate on two-phase constructors?

Roman Pietrzak Over a year ago

There is a lot of info about this in the net. The general idea is to contruct the object (by using new), and then call init() on this object... The constructor itself only "starts" the object, in a "zero" state, then the call to init() do the real allocation/initiation job. Please google for "two phase constructor"

Sebastian Mach Over a year ago

Usually, answers on StackOverflow should be self-contained to a sane degree, which is why your answer is not as good as it could/should be. The googling itself is really not the problem, I did already.

Owen · Accepted Answer · 2011-07-28 12:08:30Z

Just another possibility to add to what's already here: you could mimic what people do in ML-ish languages and make a "smart constructor":

Circle* makeCircle(...) { ... }

that may return NULL.

Though I agree throwing an exception is probably want you want here.

While this is indeed another possibility, I just want to add to this that this would play against "hard to use wrong, easy to use right" -> client may forget to delete, client may dereference an invalid address, client may accidentally assign to the pointer.

Luchian Grigore · Accepted Answer · 2011-07-28 12:28:24Z

0

Consider setting the radius in a init() method which you call after the constructor.

edited Jul 28, 2011 at 12:28

answered Jul 28, 2011 at 11:58

Luchian Grigore

260k68 gold badges465 silver badges634 bronze badges

21 Comments

Puppy Over a year ago

No, that's a terrible idea, and I downvoted. A constructed object is expected to be done and ready to use.

Cat Plus Plus Over a year ago

@LuchianGrigore: You can't forget to call ctor, or call it twice on the same object. You can forget to call init, or whatever. Not to mention the object is in undefined state between construction and init. Object construction should be done entirely in the ctor — that's the whole point of them.

Puppy Over a year ago

@Luchian: Always validate your input. Always release your resources. Never access memory you don't own. Never attempt to free memory twice. Need I go on?

Stack Overflow is garbage Over a year ago

@Luchian: intentionally making your code more fragile, and making it harder to use your class correctly for no reason? Yeah, I'd say so. In so far as C++ has rules, "don't be stupid", and "don't write bad code" should be considered to be among them.

Stack Overflow is garbage Over a year ago

@Luchian: a class that can be brought into an inconsistent state is broken. ALWAYS. No exceptions. A circle which doesn't have a radius is broken. ALWAYS. And a Circle class which allows you to define a circle with no radius is broken. ALWAYS. The language tries to protect you from creating such classes (by forcing you to throw an exception if an error is discovered during construction), and circumventing it by creating a secondary init() function doesn't solve the problem, it just works around the checks built into the language to enforce sane class design.

|

Collectives™ on Stack Overflow

Error control in constructors

10 Answers 10

25 Comments

3 Comments

Comments

Comments

Comments

2 Comments

Comments

3 Comments

1 Comment

21 Comments

Linked

Hot Network Questions

Collectives™ on Stack Overflow

10 Answers 10

25 Comments

3 Comments

Comments

Comments

Comments

2 Comments

Comments

3 Comments

1 Comment

21 Comments

Linked

Related