How to handle failure in constructor in C++?

I want to open a file in a class constructor. It is possible that the opening could fail, then the object construction could not be completed. How to handle this failure? Throw exception out? If this is possible, how to handle it in a non-throw constructor?

If an object construction fails, throw an exception.

The alternative is awful. You would have to create a flag if the construction succeeded, and check it in every method.

> I want to open a file in a class constructor. It is possible that the opening could fail, then the object construction could not be completed. How to handle this failure? Throw exception out?

Yes.

> If this is possible, how to handle it in a non-throw constructor?

Your options are:

• redesign the app so it doesn't need constructors to be non-throwing - really, do it if possible
• add a flag and test for successful construction
  • you could have each member function that might legitimately be called immediately after the constructor test the flag, ideally throwing if it's set, but otherwise returning an error code
    • This is ugly, and difficult to keep right if you have a volatile group of developers working on the code.
    • You can get some compile-time checking of this by having the object polymorphically defer to either of two implementations: a successfully constructed one and an always-error version, but that introduces heap usage and performance costs.
  • You can move the burden of checking the flag from the called code to the callee by documenting a requirement that they call some "is_valid()" or similar function before using the object: again error prone and ugly, but even more distributed, unenforcable and out of control.
    • You can make this a little easier and more localised for the caller if you support something like: if (X x) ... (i.e. the object can be evaluated in a boolean context, normally by providing operator bool() const or similar integral conversion), but then you don't have x in scope to query for details of the error. This may be familiar from e.g. if (std::ifstream f(filename)) { ... } else ...;
• have the caller provide a stream they're responsible for having opened... (known as Dependency Injection or DI)... in some cases, this doesn't work that well:
  • you can still have errors when you go to use the stream inside your constructor, what then?
  • the file itself might be an implementation detail that should be private to your class rather than exposed to the caller: what if you want to remove that requirement later? For example: you might have been reading a lookup table of precalculated results from a file, but have made your calculations so fast there's no need to precalculate - it's painful (sometimes even impractical in an enterprise environment) to remove the file at every point of client usage, and forces a lot more recompilation rather than potentially simply relinking.
• force the caller to provide a buffer to a success/failure/error-condition variable which the constructor sets: e.g. bool worked; X x(&worked); if (worked) ...
  • this burden and verbosity draws attention and hopefully makes the caller much more conscious of the need to consult the variable after constructing the object
• force the caller to construct the object via some other function that can use return codes and/or exceptions:
  • if (X* p = x_factory()) ...
  • Smart_Ptr_Throws_On_Null_Deref p_x = x_factory();`
  • X x; // never usable; if (init_x(&x)) ...
  • etc...

In short, C++ is designed to provide elegant solutions to these sorts of issues: in this case exceptions. If you artificially restrict yourself from using them, then don't expect there to be something else that does half as good a job.

(P.S. I like passing variables that will be modified by pointer - as per worked above - I know the FAQ lite discourages it but disagree with the reasoning. Not particularly interested in discussion thereon unless you've something not covered by the FAQ.)

New C++ standard redefines this in so many ways that it's time to revisit this question.

Best choices:

• Named optional: Have a minimal private constructor and a named constructor: static std::experimental::optional<T> construct(...). The latter tries to set up member fields, ensures invariant and only calls the private constructor if it'll surely succeed. Private constructor only populates member fields. It's easy to test the optional and it's inexpensive (even the copy can be spared in a good implementation).

• Functional style: The good news is, (non-named) constructors are never virtual. Therefore, you can replace them with a static template member function that, apart from the constructor parameters, takes two (or more) lambdas: one if it was successful, one if it failed. The 'real' constructor is still private and cannot fail. This might sound an overkill, but lambdas are optimized wonderfully by compilers. You might even spare the if of the optional this way.

Good choices:

• Exception: If all else fails, use an exception - but note that you can't catch an exception during static initialization. A possible workaround is to have a function's return value initialize the object in this case.

• Builder class: If construction is complicated, have a class that does validation and possibly some preprocessing to the point that the operation cannot fail. Let it have a way to return status (yep, error function). I'd personally make it stack-only, so people won't pass it around; then let it have a .build() method that constructs the other class. If builder is friend, constructor can be private. It might even take something only builder can construct so that it's documented that this constructor is only to be called by builder.

Bad choices: (but seen many times)

• Flag: Don't mess up your class invariant by having an 'invalid' state. This is exactly why we have optional<>. Think of optional<T> that can be invalid, T that can't. A (member or global) function that works only on valid objects works on T. One that surely returns valid works on T. One that might return an invalid object return optional<T>. One that might invalidate an object take non-const optional<T>& or optional<T>*. This way, you won't need to check in each and every function that your object is valid (and those ifs might become a bit expensive), but then don't fail at the constructor, either.

• Default construct and setters: This is basically the same as Flag, only that this time you're forced to have a mutable pattern. Forget setters, they unnecessarily complicate your class invariant. Remember to keep your class simple, not construction simple.

• Default construct and init() that takes a ctor parameters: This is nothing better than a function that returns an optional<>, but requires two constructions and messes up your invariant.

• Take bool& succeed: This was what we were doing before optional<>. The reason optional<> is superior, you cannot mistakenly (or carelessly!) ignore the succeed flag and continue using the partially constructed object.

• Factory that returns a pointer: This is less general as it forces the object to be dynamically allocated. Either you return a given type of managed pointer (and therefore restrict allocation/scoping schema) or return naked ptr and risk clients leaking. Also, with move schematics performance-wise this might become less desirable (locals, when kept on stack, are very fast and cache-friendly).

Example:

#include <iostream>
#include <experimental/optional>
#include <cmath>

class C
{
public:
	friend std::ostream& operator<<(std::ostream& os, const C& c)
	{
		return os << c.m_d << " " << c.m_sqrtd;
	}
	
	static std::experimental::optional<C> construct(const double d)
	{
		if (d>=0)
			return C(d, sqrt(d));
			
		return std::experimental::nullopt;
	}
	
	template<typename Success, typename Failed>
	static auto if_construct(const double d, Success success, Failed failed = []{})
	{
		return d>=0? success( C(d, sqrt(d)) ): failed();
	}

	/*C(const double d)
	: m_d(d), m_sqrtd(d>=0? sqrt(d): throw std::logic_error("C: Negative d"))
	{
	}*/
private:
	C(const double d, const double sqrtd)
	: m_d(d), m_sqrtd(sqrtd)
	{
	}

	double m_d;
	double m_sqrtd;
};

int main()
{
	const double d = 2.0; // -1.0
	
	// method 1. Named optional
	if (auto&& COpt = C::construct(d))
	{
		C& c = *COpt;
		std::cout << c << std::endl;
	}
	else
	{
		std::cout << "Error in 1." << std::endl;
	}
	
	// method 2. Functional style
	C::if_construct(d, [&](C c)
	{
		std::cout << c << std::endl;
	},
	[]
	{
		std::cout << "Error in 2." << std::endl;
	});
}

My suggestion for this specific situation is that if you don't want a constuctor to fail because if can't open a file, then avoid that situation. Pass in an already open file to the constructor if that's what you want, then it can't fail...

One way is to throw an exception. Another is to have a 'bool is_open()' or 'bool is_valid()' functuon that returns false if something went wrong in the constructor.

Some comments here say it's wrong to open a file in the constructor. I'll point out that ifstream is part of the C++ standard it has the following constructor:

explicit ifstream ( const char * filename, ios_base::openmode mode = ios_base::in );

It doesn't throw an exception, but it has an is_open function:

bool is_open ( );

I want to open a file in a class constructor.

Almost certainly a bad idea. Very few cases when opening a file during construction is appropriate.

It is possible that the opening could fail, then the object construction could not be completed. How to handle this failure? Throw exception out?

Yep, that'd be the way.

If this is possible, how to handle it in a non-throw constructor?

Make it possible that a fully constructed object of your class can be invalid. This means providing validation routines, using them, etc...ick

A constructor may well open a file (not necessarily a bad idea) and may throw if the file-open fails, or if the input file does not contain compatible data.

It is reasonable behaviour for a constructor to throw an exception, however you will then be limited as to its use.

• You will not be able to create static (compilation unit file-level) instances of this class that are constructed before "main()", as a constructor should only ever be thrown in the regular flow.

• This can extend to later "first-time" lazy evaluation, where something is loaded the first time it is required, for example in a boost::once construct the call_once function should never throw.

• You may use it in an IOC (Inversion of Control / Dependency Injection) environment. This is why IOC environments are advantageous.

• Be certain that if your constructor throws then your destructor will not be called. So anything you initialised in the constructor prior to this point must be contained in an RAII object.

• More dangerous by the way can be closing the file in the destructor if this flushes the write buffer. No way at all to handle any error that may occur at this point properly.

You can handle it without an exception by leaving the object in a "failed" state. This is the way you must do it in cases where throwing is not permitted, but of course your code must check for the error.

Use a factory.

A factory can be either an entire factory class "Factory<T>" for building your "T" objects (it doesn't have to be a template) or a static public method of "T". You then make the constructor protected and leave the destructor public. That ensures new classes can still derive from "T" but no external code other than them can call the constructor directly.

With factory methods (C++17)

class Foo {
protected:            
   Foo() noexcept;                 // Default ctor that can't fail 
   virtual bool Initialize(..); // Parts of ctor that CAN fail 
public: 
   static std::optional<Foo>   Create(...) // 'Stack' or value-semantics version (no 'new')
   {
      Foo out();
      if(foo.Initialize(..)) return {out};
      return {};
   }
   static Foo* /*OR smart ptr*/ Create(...) // Heap version.
   {
      Foo* out = new Foo();
      if(foo->Initialize(...) return out;
      delete out;
      return nullptr;
   }
   virtual ~Foo() noexcept; // Keep public to allow normal inheritance
 };

Unlike setting 'valid' bits or other hacks, this is relatively clean and extensible. Done right it guarantees no invalid objects ever escape into the wild, and writing derived 'Foo's is still straightforward. And since factory functions are normal functions, you can do a lot of other things with them that constructors can't.

In my humble opinion you should never put any code that can realistically fail into a constructor. That pretty much means anything that does I/O or other 'real work'. Constructors are a special corner case of the language, and they basically lack the ability to do error handling.