7.5 Software Reliability: A Simple Plan

Keep in mind that we distinguish between error conditions and inconvenient/unwanted conditions. Inconvenient or unwanted conditions should be handled by the normal program logic. Errors (defects) require special processing. C++ Programming Language (Stroustrup, 1997) lists four basic alternative actions that a program can take when it encounters an error. According to Stroustrup, upon detecting a problem that cannot be handled locally, the program could:

Option 1. Terminate the program.

Option 2. Return a value representing an "error."

Option 3. Return a legal value and leave the program in an illegal state.

Option 4. Call a function supplied to be called in case of error.

These four alternatives are generally seen in producer-consumer relationships of all sizes. The producer is typically a piece of code that implements a library function, class, class library, or application framework. The consumer is typically a piece of code that calls a library function, class, class library, or application framework. The consumer makes a request. The producer encounters an error in attempting to fulfill the request, and the four alternatives immediately become applicable. The problem with these four alternatives is that none of them is applicable in every situation.

Obviously terminating the program every time an error occurs is simply not acceptable. We agree with Stroustrup. We can and must do better than program termination upon encountering an error. With option 2, simply returning an error value may help in some situations but not in others. Not every return value can be interpreted as success or failure. For example, if a function has a return value of floats and the range of the function includes both negative and positive values, then which value of the function can be used to represent error? This is not always possible. As far as we are concerned , option 3 is also unacceptable. The assumption will be if the value is legal, then the operation worked. This will cause problems. Option 4 is where most of the effort should be spent whether we are discussing error or exception handling.

7.5.1 Plan A: The Resumption Model, Plan B: The Termination Model

Once an error or exception is encountered, there are two basic plans of attack for implementing option 4. The first plan of attack is to attempt to correct the condition or adjust for the condition that caused the failure, then resume execution at the point where the error or exception was encountered . This approach is called resumption . The second approach is to acknowledge the error or exception and perform a graceful exit of the subsystem or subroutine that caused the problem. The graceful exit is accomplished by closing the appropriate files, destroying the appropriate objects, logging the error (if possible), deallocating the appropriate memory, and handling any devices that need to be dealt with. This approach is called termination , not to be confused with the notion of just abruptly exiting the program. Both plans are valid and are useful in different situations. Before we discuss how to implement resumption or termination, lets look at the support C++ has for error handling and exception handling.