[ntp:questions] Date Jumped
Richard B. Gilbert
rgilbert88 at comcast.net
Tue Jan 26 14:14:01 UTC 2010
Rob wrote:
> David Woolley <david at ex.djwhome.demon.invalid> wrote:
>> Richard B. Gilbert wrote:
>>
>>> If I see a notation in code saying, in effect, "can't get here" I add
>>> whatever call means "suicide with crash dump" if it's not already
>>> present. I don't get many crash dumps but if the impossible happens I
>>> like to have it documented.
>> In the environment in which I work, that strategy would be totally
>> uncacceptable to Marketing, as it essential that customer systems do not
>> stop dead. I suspect that applies to many politically critical uses of
>> NTP. Logging is desirable, but stopping is not.
>
> Note it also was the way in which the first Ariane 5 launch failed.
> The control system stopped dead because it encountered an overflow
> in an unimportant calculation. The backup system ran the same code
> and stopped dead the same way.
>
> Sometimes it is simply not clever to handle errors that way.
But then the question becomes how DO you handle errors? A "Drop dead
halt" is not a good way to handle errors if you have some other way.
Writing code that can continue following any conceivable error is not a
job for the faint hearted!
More information about the questions
mailing list