[ntp:questions] Date Jumped

Richard B. Gilbert rgilbert88 at comcast.net
Tue Jan 26 14:14:01 UTC 2010


Rob wrote:
> David Woolley <david at ex.djwhome.demon.invalid> wrote:
>> Richard B. Gilbert wrote:
>>
>>> If I see a notation in code saying, in effect, "can't get here" I add 
>>> whatever call means "suicide with crash dump" if it's not already 
>>> present.  I don't get many crash dumps but if the impossible happens I 
>>> like to have it documented.
>> In the environment in which I work, that strategy would be totally 
>> uncacceptable to Marketing, as it essential that customer systems do not 
>> stop dead.  I suspect that applies to many politically critical uses of 
>> NTP.  Logging is desirable, but stopping is not.
> 
> Note it also was the way in which the first Ariane 5 launch failed.
> The control system stopped dead because it encountered an overflow
> in an unimportant calculation.  The backup system ran the same code
> and stopped dead the same way.
> 
> Sometimes it is simply not clever to handle errors that way.

But then the question becomes how DO you handle errors?  A "Drop dead 
halt" is not a good way to handle errors if you have some other way.
Writing code that can continue following any conceivable error is not a 
job for the faint hearted!




More information about the questions mailing list