Which kind of code is considered exception safe?

Question

A code which handles the exceptions well is called an exception safe code? Is this correct?

From here: https://codereview.stackexchange.com/a/9759/11619

You use lock/unlock pairs for the mutex. This is not exception safe. So I would create an object that will do the lock in the constructor and unlock in the destructor then use this to lock your mutexs. This will make your code more exception safe.

class MutexLocker
{
    pthread_mutex_t&  mutex;
    MutextLocker(pthread_mutex_t& mutex)
        : mutex(mutex)
    {
        pthread_mutex_lock(&mutex);
    }
    ~MutexLocker()
    {
        pthread_mutex_unlock(&mutex);
    }
};

In which way is the above shown code exception safe? I don't see any exception handling over there.

Or does exception safe code mean where we can "add" the exception handling? So, the above shown code can be made exception safe by adding exception handling, but it isn't now?

Answer 1

Exception Safety is not about handling exceptions, it is about guaranteeing a number of properties about the program even in the presence of exceptions.

You can usually speak about the exception safety level of a given method:

• No Guarantee: this method is exception unsafe, that is no guarantee is made, at all.
• Basic Exception Guarantee: in case of exception no resource is leaked and the classes involved are still usable (but their state is unspecified), that is no memory leak, no file handle leak, no mutex leak and the invariants of the instances involved are still verified.
• Strong Exception Guarantee: in case of exception, all state is reversed to what it was prior to beginning. This is a transaction like semantic.
• NoThrow Guarantee: this method does not throw, it always succeeds.

In general, the NoThrow Guarantee only applies to the simplest methods (ie .size() on a vector for example) and the Strong Exception Guarantee may be costly to implement (being able to revert the effect or operating on a copy of the state may not be cheap).

On the other hand, the Basic Exception Guarantee is just that: Basic. Without it, safely operating a program is just impossible, so this is the least guarantee that is acceptable. If you leak resources or leave classes in an unusable state, the program may not be able to operate further.

This is why there is such an emphasis on RAII whenever exceptions are mentionned. Because RAII guarantees automatic cleanup of resources (memory, mutexes, files) whatever the path execution (regular return or exception) it is particularly desirable. However, RAII itself is not sufficient.

Related: Herb Sutter's GotW entry about Exception Safety and Exception Specifications.

Answer 2

the MutexLocker destructor is always called, also when an exception was raised in the block where it was constructed.

that is what makes a construct using your MutexLocker exception safe.