Mission Impossible / How to create datatypes which cannot contain invalid state

adrianimboden

11.1K views

01 Introduction

Introduction

02 Enums

Enums - Overview Enums - Hands On Enums - Example Solution

03 Optional

Optional - Overview Optional - Hands On Optional - Example Solution

04 Variant

Variant - Overview Variant - Hands On Variant - Example Solution

05 Final

Final - Hands On Final - Example Solution

Previous: Enums - Overview Next: Enums - Example Solution

This example implements a serial port protocol which is request/response based. It assumes a that:

the send and receive is long running
the current status can be obtained for debugging reasons
calls to send_request are synchronized by the caller

Example

// {
#include <boost/assert.hpp>
#include <iostream>
#include <mutex>
#include <thread>
 
void long_running_task() {
    std::this_thread::sleep_for(std::chrono::milliseconds(100));
}
// }
 
class SerialPort {
public:
    void        connect();
    std::string send_request(const std::string& request);
    void        print_state(std::ostream& os) const;
 
private:
    mutable std::mutex guard_;
    bool               is_connected_ = false;
    bool               is_sending_   = false;
    bool               is_receiving_ = false;
};
 
void SerialPort::connect() {
    long_running_task();
 
    std::scoped_lock lock{guard_};
    BOOST_ASSERT_MSG(not is_connected_, "port already connected yet");
    is_connected_ = true;
}
 
std::string SerialPort::send_request(const std::string& request) {
    {
        std::scoped_lock lock{guard_};
        BOOST_ASSERT_MSG(is_connected_, "port not connected yet");
        BOOST_ASSERT_MSG(not is_sending_, "detected race");
        BOOST_ASSERT_MSG(not is_receiving_, "detected race");
        is_sending_ = true;
    }
    long_running_task();
    {
        std::scoped_lock lock{guard_};
        BOOST_ASSERT_MSG(is_connected_, "detected race");
        BOOST_ASSERT_MSG(is_sending_, "detected race");
        BOOST_ASSERT_MSG(not is_receiving_, "detected race");
        is_sending_   = false;
        is_receiving_ = true;
    }
    long_running_task();
    {

The problem here is, that we have three bool variables which would result in possible state combinations, of which only are used:

is_connected	is_sending	is_receiving
false	ignored	ignored
true	false	false
true	false	true
true	true	false

This leads to the following results:

A person which reads the code has to look up all the various asserts in order to understand the existing invariants
A person which debuggs the code has to keep values of supposedly relevant variables in his head, which are actually not used
It is very easy for a different programmer to change the code in such a way that the previous invariant is no longer given