runtime hook for Crash on Error

Walter Bright newshound2 at digitalmars.com
Thu May 31 18:16:22 PDT 2012


On 5/31/2012 3:22 AM, Dmitry Olshansky wrote:
> On 31.05.2012 13:06, deadalnix wrote:
>> This is called failing gracefully. And this highly recommended, and you
>> KNOW that the system will fail at some point.
>
> Exactly. + The point I tried to argue but it was apparently lost:
> doing stack unwinding and cleanup on most Errors (some Errors like stack
> overflow might not recoverable) is the best thing to do.

This is all based on the assumption that the program is still in a valid state 
after an assert fail, and so any code executed after that and the data it relies 
on is in a workable state.

This is a completely wrong assumption.

It might be ok if the program is not critical and has no control over important 
things like delivering insulin, executing million dollar trades, or adjusting 
the coolant levels in a nuclear reactor.

If the code controls anything that matters, then it is not the best thing to do, 
not at all.

The right thing to do is to take the shortest path to stopping the program. A 
critical system would be monitoring those programs, and will restart them if 
they so fail, or will engage the backup system.

[When I worked on flight critical airplane systems, the only acceptable response 
for a self-detected fault was to IMMEDIATELY stop the system, physically 
DISENGAGE it from the flight controls, and inform the pilot.]


More information about the Digitalmars-d mailing list