[Effective-cpp] Item 1: Uses and Abuses of vector

[Balog Pal]

From: "Herb Sutter" <hsutter at microsoft.com>

> Re range checking: I think it's likely that the C++0x standard library
> will include range checking on by default, in some form (e.g., saying
> that vector's [] is range-checked, or providing alternative containers
> that are range-checked by default). On modern architectures the cost is
> often negligible to unmeasurable for real-world applications

It may be low, but that still breaks the 'not pay for what you not use'
rule.
But the real problem is not the cost of the check, but the action if the
range problem is discovered.

Leaving it undefined gives way to do anything *good* for a quality
implementation, like asserting in debug, and no check in release build, or
terminate() in release build, or make it tunable by switch, then still
remain conforming.

Defining the behavior would take that freedom away.   And force something
possibly good for one group and bad for others.

That could be covered by an installable strategy, like the new_handler --
introducing an out_of_range() function that can be set to the desired thing.

Also the UB could be changed to an 'implementation defined', or
unspecified -- pick one of {list of allowed behaviors}. With a good list a
balance could be created between security, flexibility and performance.

> and
> continues to drop; predict the branch the right way and the cost can be
> near-zero even in the increasingly rare truly CPU-bound code where it
> could matter. At the same time, safety and security are increasingly
> important. Having range checking off by default is therefore
> increasingly difficult to defend. It has to be easy to write safe code,
> and code that is safe by default.

Sure. Just we must first agree what is 'safe code'. Then look how the check
really grants security and is not just another pack of snake oil.

Paul