- Basic Terminology
- Defects and Faults that Lead to Failure
- Defect Removal Versus Defect Survival
- Deriving New Exception Classes
- Protecting the Exception Classes from Exceptions
- Conclusion
Like this article? We recommend
Like this article? We recommend
Like this article? We recommend
Defect Removal Versus Defect Survival
As the types of tests in Table 2 are performed on a piece of software, defects are found and removed from the software. The more defects found and removed during testing, the fewer defects encountered by the software during runtime. Defects encountered during runtime lead to failures in the software. Failures in the software produce exceptional conditions for the software to operate under. Exceptional conditions require exception handlers. So the balancing act is between defect removal during the testing stages versus defect survival during exception handling. Figure 1 shows the transformation from programmer error to exceptional condition in software requiring an exception handler.
)
Figure 1 Transformation from programmer error to exceptional condition in software requiring an exception handler.
Although we could favor defect survival over defect removal, the problem is that exception handling code can become so complex that it introduces defects into the software. Instead of providing a mechanism to help achieve fault tolerance, the exception handler becomes a source of failure. Choosing defect survival over defect removal reduces the software’s chances of operating properly. Extensive and thorough testing removes defects, thereby reducing the strain on the exception handlers. It’s also important to note that exception handlers don’t occur as freestanding pieces of code. They occur within the context of the overall software architecture. The journey toward fault tolerance in our software begins by recognizing the following facts:
- No amount of exception handling can rescue a flawed or inappropriate software architecture.
- The fault tolerance of a piece of software is directly related to the quality of its architecture.
- The exception handling architecture cannot replace the testing stages described in Table 2.
To make our discussion about exception handling clear and meaningful, it’s important to understand that the exception handling architecture occurs within the context of the software architecture as a whole. If the software architecture is inappropriate, incomplete, or poorly thought out, any attempt at after-the-fact exception handling is highly questionable. Further, if shortcuts have been taken during the testing stages—incomplete stress testing, integration testing, glass box testing, and so on—the exception handling code will have to be added to perpetually and will become increasingly complex, ultimately detracting from the software’s fault tolerance.
On the other hand, if the software architecture is sound and the exception handling architecture is compatible and consistent with the software architecture, a high degree of fault tolerance can be achieved. If we approach our goal of context failure resilience with an understanding of the roles that software architecture and testing play, we can move forward with determining how to take advantage of exception handling facilities in C++ . Table 3 list the primary components of the C++ exception handling facility.
Table 3 Primary components of the exception handling facility in C++.
|
Component |
Description |
|
try |
Keyword used to identify a block of code that the program is attempting to execute. |
|
catch |
Keyword used to identify handlers designed to catch exception objects. |
|
throw |
Keyword used to throw an object of some type when control is transferred to an exception handler coded to deal with the type of object thrown. |
|
Exception classes |
Runtime error classes:
Logic error classes:
|
The C++ Termination Model
The C++ exception handling facility supports the termination model. In the termination model, when a function encounters an exception, further processing in that function is terminated and control is transferred to the nearest exception handler that can handle the type of exception encountered. It’s important to note that this doesn’t necessarily mean the entire program is terminated. It depends on what action the exception handler performs and where the exception handler is in the call chain. For example, the program in Listing 1 continues even after an exception has been thrown.
Listing 1 Sample exception processing in which part of the program continues to execute.
...
bool a(void)
throw(simple_exception)
{
...
if(exceptional_condition){
throw simple_exception
}
...
}
void b(void)
{
bool Result;
try{
Result = a();
// more processing
...
}
catch( simple_exception &X)
{
// execute exception handling strategy
}
}
void c()
{
// some processing
...
}
int main(int argc, char * argv[])
{
...
b();
c();
...
}
In the program in Listing 1, a() encountered an exceptional condition and was unable to continue its processing. The function b() called a(). Because a() threw an exception, b() was also unable to finish its processing. However, b() contains an exception handler that knows how to deal with simple_exception objects. So when a() throws the exception, b()’s handler is activated. b()’s exception handler uses some strategy to cause the program to be stabilized. Ideally, b()’s exception handler will bring the software back into a consistent state. Notice in Listing 1 that main() calls b() and then calls c(). Although b() couldn’t complete its processing (it was terminated), c() still executes. Although Listing 1 contains an oversimplification of exception handling, it demonstrates that the termination model doesn’t necessarily result in termination of the entire program.
The program in Listing 1 demonstrates some of the basics of the C++ exception handling facility:
- Functions can throw exceptions, as is the case with a() in Listing 1.
- Functions can contain exception handler(s), as is the case with b() in Listing 1.
- When a function throws an exception, the flow of control is transferred to the nearest function that can handle the type of exception that was thrown.
- Exceptions have types.
How you use the basics of the C++ exception handling facility implies at least two important implications for the software architecture:
- The flow of control in the software architecture can be altered by the throw mechanism.
- The exception classes used introduce new types, and each type has its own semantics.
The transfer of control from the problem area to someplace that knows how to bring the system into a consistent state, and the semantics of the exception thrown, together allow us to start to reach for the goal of fault tolerance. The semantics of the exception thrown describe what the exceptional condition is and suggest what should be done. The transfer of control takes us to code that implements our exception strategy. The exception strategy is designed to make the software resilient to defects and system failures. In C++, the catch() mechanism either implements the exception strategy directly or creates objects and calls functions that implement the exception strategy:
catch(some_exception){
//Execute exception strategy
}
The Exception Handler
The catch{} block is called the exception handler. A C++ program can contain multiple exception handlers. Each exception handler is associated with one or more types, depending on the class hierarchy of the exception. Three of the basic functions of an exception handler are as follows:
- Register the type of exception(s) that it can handle.
- Record or in some way log what exception has occurred (sometimes this requires notification).
- Execute an appropriate exception handling strategy..
Exception handling strategies come in many shapes and sizes. The primary purpose of the exception handling strategy in the termination model is to bring the software back to a consistent state so that the software can continue to function at some acceptable level. Table 4 describes some common exception strategies.
Table 4 Commonly used exception strategies.
|
Exception Strategy |
Description |
|
Resource reallocation and deallocation |
Attempts to do the following:
|
|
Transaction or data rollback |
Undoes steps of an incomplete transaction, rolling the data back to a checkpoint where the data was valid. |
|
Operation retry |
Retries an operation: With original resources With alternate resources After a certain interval of time has passed After additional conditions have been met |
|
Redundancy and failover |
Turns over processing to other threads or processes that are operating in parallel with the current process. |
|
Notification for outside assistance |
Requests assistance from other software agents, human users, or other systems. |
The exception handling strategies that are used greatly impact the software architecture. This means that the exception handling strategy has to be included in the software design phase; it’s a fundamental part of the software architecture. If the overall software architecture is "brittle," the exception handling strategy is doomed. The semantics of the exception thrown are tied to the exception strategy implemented. Defining and understanding the semantics of an exception in the context of the software architecture is as important as deciding where to transfer control during the exception handling process. The C++ standard defines several built-in exception classes with their own semantics. Figure 2 shows the class relationship diagram for the C++ exception classes.
)
Figure 2 Class relationship diagram of the C++ family of exception classes.
These exception classes can be extended through inheritance. C++ also supports user-defined exception classes.
The standard C++ class library has nine exception classes divided into two basic groups: the runtime error group and the logic error group. The runtime error group represents errors that are somewhat difficult to prevent. The logic error group represents errors that are "theoretically preventable."
The runtime_error family of classes is derived from the exception class. Three classes are derived from runtime_error:
- range_error
- overflow_error
- underflow_error
The runtime_error classes report internal computation or arithmetic errors. These classes get their primary functionality from the exception class ancestor. The what() method, assignment operator (=), and the constructors for the exception handling class provide the capability of the runtime_error classes. The runtime_error classes provide an exception framework and architectural blueprint on which to build.
Let’s look at how the basic exception classes work with no specialization. Listing 2 shows how an exception object and a logic_error object can be thrown.
Listing 2 Throwing an exception object and a logic_error object.
try{
exception X;
throw(X);
}
catch(const exception &X)
{
cout << X.what() << endl;
}
try{
logic_error Logic("Logic Mistake");
throw(Logic);
}
catch(const exception &X)
{
cout << X.what() << endl;
}
The basic exception classes have only construction, destruction, assignment, copy, and simple reporting capabilities. They don’t contain the capability to correct a fault that has occurred. The error message returned by the what() method of the exception classes will be determined by the string passed to the constructor for the logic_error object. In Listing 2, the string "Logic Mistake" passed to the constructor will be returned by the what() message in the catch block.
The logic_error Classes
The logic_error family of classes is derived from the exception class. In fact, most of the logic_error family of classes’ functionality is also inherited from the exception class. The exception class contains the what() method, used to report to the user a description for the error being thrown. Each class in the logic_error family contains a constructor used to tailor a message specific to that class. Like the runtime_error classes, these classes are really designed to be specialized. Unless the user adds some functionality to these classes, they cannot do anything other than report the error and the type. The nine generic exception classes provide no corrective action or error handling.