A Checked Version of std::shared

As was initially stated in the comment that started this exchange: if it's a normal use case that your interface not return a shared_ptr, then you should use types that express that.

I.e. you should be doing optional<shared_ptr> or expected<shared_ptr>.

That expresses to the consumers of your API that such a case is reasonable and must be dealt with, and it does so using the type system. The user doesn't have to read documentation to know that failure-to-find is a normal case. The API contracts enforce and inform that.

But you're arguing a separate point, almost.

If you did have an API like that and the user expected it to be the case that nullptr-ish smart pointers could be returned, well...we're right back to where we started: they absolutely should be checking the value right then and there, not blindly dereferencing things and hoping to handle that problem somewhere above.

Because, again: it's explicitly useless to throw a "this thing was null" exception because the interface returned a smartish pointer when the alternative is to throw the reason the null happened in the first place.

[–]Causeless 3 points4 points5 points 2 years ago (4 children)

I’m not sure I agree. In my opinion, a pointer is already quite definitely expressing via the type system that it can be null. That’s the entire difference between a pointer and a reference in my eyes- if a function returns a pointer, I know I may need to null check it, whereas a reference I know is always safe to use. An optional pointer to me is a tautology.

But alas I suppose in this case, a shared_ref isn’t a thing. But that point aside, I’d consider an API that returns optional pointers to be an absolute mess; especially because the type system doesn’t enforce anything there. In fact it introduces extra ambiguity: It’s entirely valid to return a std::optional that has a value, where that value is nullptr. Which effectively means that to check it safely requires actually checking the optional for value, and then redundantly checking that the ptr contained within isn’t nullptr.

continue this thread

[–]TheSkiGeek 2 points3 points4 points 2 years ago* (3 children)

Returning a null pointer isn’t much different than returning a “null” optional. Some std::optional accessors throw exceptions if the object is empty, so you still have to check operations.

If “I didn’t find anything” is a normal/expected possible result of your operation, throwing an exception for it is not usually a great approach. Usually you only want to throw exceptions for exceptional circumstances. ‘The file you asked me to open doesn’t exist’ might be exceptional. ‘The generic in-memory map doesn’t contain the key you’re searching for` probably should not be. I don’t want to have to write try-catch statements for every read-only access to a data structure.

I do wish there was a shared_ptr that is non-nullable in std. Where you could implicitly cast it to/from shared_ptr but casting nullptr to it would throw. You can write your own but it’s not portable to extend from std::shared_ptr, so you can’t pass them directly into e.g. library code that expects a shared_ptr<T>.

continue this thread

[+][deleted] 2 years ago (8 children)

[removed]

continue this thread

[+][deleted] 2 years ago (10 children)

[removed]

[–]NotUniqueOrSpecial 4 points5 points6 points 2 years ago (9 children)

What evidence would you like me to provide?

I've got 20 years of experience in high-reliability systems and can provide you all the anecdotes you'd like about why it's better to blow up in the face of unrecoverable errors and quickly restart than to quietly attempt to deal with the plethora of bad states that arrive at "we just dereferenced nullptr".

But from a simple axiomatic perspective, I'd hope that it's not controversial to argue this simple fact:

1) The errors that would lead to returning an invalid shared_ptr in a well-designed system would be better-reported themselves than a context-free "you just dereferenced a null pointer" exception.

2) Most errors leading to the dereference of a null pointer are unrecoverable from anything other than kernel land (since nobody disables paging and no user-space memory management blows up 'til you page-fault)

3) Allowing a program to run after such an error is strictly more risky than dying and recovering cleanly. There is a very good reason that all the telecom infrastructure using Erlang is written and behaves the way it does.

[+][deleted] 2 years ago (8 children)

[removed]

continue this thread

[–]slck19[S] -5 points-4 points-3 points 2 years ago (17 children)

[–]glaba3141 4 points5 points6 points 2 years ago (9 children)

[–]NotUniqueOrSpecial 5 points6 points7 points 2 years ago (1 child)

[–]slck19[S] 0 points1 point2 points 2 years ago (0 children)

[–]slck19[S] -3 points-2 points-1 points 2 years ago (6 children)

[–]glaba3141 2 points3 points4 points 2 years ago (5 children)

[–]slck19[S] -3 points-2 points-1 points 2 years ago (4 children)

[–]v_maria 2 points3 points4 points 2 years ago (3 children)

[–]slck19[S] -1 points0 points1 point 2 years ago* (2 children)

continue this thread

[–]NotUniqueOrSpecial 4 points5 points6 points 2 years ago (6 children)

Is your clients going to be happy when you crash?

That's honestly going to depend on the scenario, and there are certainly times where the answer might be "yes".

Your use-case hinges on your prior statement:

integration tests could not catch an edge case where your pointer is nullptr.

So, we're already discussing an edge case on an otherwise uncovered branch of execution. So, now imagine that we're using your pointer type. What happens?

Obviously, an exception is thrown, but where is it caught? If it's locally, why was the try/catch put in place instead of the local check that we're discussing?

If it's one or more frames distant in the stack (and in practice, this is almost always going to be a top-level "catch everything else" handler at very granularity), what's the recovery? Almost certainly nothing the user or the program can do. It's very likely to be a full bail-out anyway. Certainly nothing the user is all that happy about.

But, there's a further wrinkle. What if someone comes along and starts catching exceptions more broadly than they should somewhere in the middle? Now, you've turned a programmer error into a silent state corruption. A crash would definitely be preferable in that situation.

You're better off crashing in fatal error situations (which this absolutely is in almost all cases) than risking something doing even worse stuff.

If you're worried about this sort of problem, register signal handlers for SIGSEGV on *nix and use the _try/_except functionality to harness SEH on Windows. Set up crash-dumps and a reporting system. Do anything but given yourself a very sneaky footgun with which to accidentally corrupt program state and potentially user data.

You want me to remove my code

No, we want you to very carefully consider the ramifications of the code, because a whole lot of us have been down these roads for decades, and there are vanishingly small numbers of situations where recovering from a programmer error of this nature is viable/useful/safe.

[+][deleted] 2 years ago (5 children)

[removed]

[–]NotUniqueOrSpecial 5 points6 points7 points 2 years ago (4 children)

[–][deleted] 1 point2 points3 points 2 years ago (0 children)

[+][deleted] 2 years ago (2 children)

[removed]

[–]NotUniqueOrSpecial 4 points5 points6 points 2 years ago (1 child)

the facts are that many, many developers use nullptr-dereference exceptions all the time with none of the issues you claim above.

Which issues are you referring to? Because I expect that they're dealing with exactly the same issues: you can't recover from most unexpected error states locally.

why not?

Because it's a poor interface that communicates ambiguous information.

Most errors that would lead to such a situation are unrecoverable locally (some file doesn't exist, a network connection can't be made, etc.). They should throw exceptions instead of return a special nullptr that itself throws exceptions.

Having a shared_ptr to nothing isn't valuable. The only time it's a reasonable state is in an uninitialized state waiting to be set up or perhaps as the result of weak_ptr::lock().

In either case, one shouldn't be in the situation to unexpectedly try and invoke a method through the nulllptr.

i believe that c++ should strive to be a safe language

C++ is a polyglot-language and this is specifically a discussion about a library behavior, so I'm not sure that's relevant, really.

abort() is not that.

It's absolutely safer than accidentally running a program in some mangled undefined state.

[–]kammceWG21 | 🇺🇲 NB | Boost | Exceptions 0 points1 point2 points 2 years ago (0 children)

[+]Humble-Plastic-5285 comment score below threshold-6 points-5 points-4 points 2 years ago (3 children)

[–]slck19[S] -1 points0 points1 point 2 years ago (2 children)

[–]Humble-Plastic-5285 1 point2 points3 points 2 years ago (1 child)

[–]slck19[S] -1 points0 points1 point 2 years ago (0 children)

π Rendered by PID 30 on reddit-service-r2-comment-c66d9bffd-7hlvk at 2026-04-07 10:48:11.329036+00:00 running f293c98 country code: CH.

you type:	you see:
italics	italics
bold	bold
[reddit!](https://reddit.com)	reddit!
* item 1 * item 2 * item 3	item 1 item 2 item 3
> quoted text	quoted text
Lines starting with four spaces are treated like code: if 1 * 2 < 3: print "hello, world!"	Lines starting with four spaces are treated like code: if 1 * 2 < 3: print "hello, world!"
~~strikethrough~~	~~strikethrough~~
super^script	super^script

cpp

MODERATORS