search

KhronosGroup / KSCAF_DocGuidelines

Khronos Safety Critical Advisory Forum’s guidelines for developing a safety critical technology specification.
1 stars 2 forks source link

An SC API should not allow/encourage use of C++ exception handling (Bug 16057) #10

Open DeOrellana opened 7 years ago

DeOrellana commented 7 years ago

illya@codeplay.com 2016-10-10 01:20:51 PDT

C++ exception handling in todays compilers is not fully defined, behaviour between compilers is not the same. An API should not encourage exception handling to cross the API line.

Bjarne Stroustrup would not fly a plane if it had exception handling implemented.

Discuss.

Comment 1 illya@codeplay.com 2016-10-10 01:22:40 PDT

I´d like to add throwing exceptions is ok according to most code standards I´ve been through, while catching them is not. Maybe that is what you mean by ”exception handling”. We´d put ourselves in an unholy mess if an API may never throw FPE or bad_alloc, right?!

I also think ”positive” wording is better suited for any requirement/guideline, i.e. specify allowable behavior as opposed to specifying prohibited behavior. Maybe that should be a guideline in itself…

Regards Andreas Urbán

Comment 2 illya@codeplay.com 2016-10-10 01:23:42 PDT

Right. It’s Real Difficult to create a test which shows that a negative statement is true.

Robert Schulman

Comment 3 Erik Noreke 2016-10-10 07:49:55 PDT

Reference the industry standards that mentions this.

Accepted 2016-10-10.

Cary to make a list.

irudkin commented 7 years ago

Cary has not made a list.

irudkin commented 7 years ago

New text for new chapter

Exception handling

In real-time systems, timing and meeting deadlines are the first priority, especially for safety critical systems. However, if exceptional conditions occur, there must be some detection and recovery mechanisms in place to prevent error propagation. The extent and complexity of the exception handling mechanisms will make it difficult to calculate and meet timing constraints. It is therefore generally discouraged to use C++ exception handling in the SC domain. Another contributor to this concern is because there is no standard defined on how exception handling should be implemented across compilers. The variety in different approaches, the methods for transferring execution from the throw site to the catch site means critically the time taken can vary. It is this lack of certainty that the SC domain wants to avoid.

It is for this reason that a SC API should discourage exception handling and the act of error propagation across the API boundary.