|
|
Boost : |
From: Peter Dimov (pdimov_at_[hidden])
Date: 2002-08-20 05:55:34
From: "Andreas Huber" <spam2002_at_[hidden]>
> Alexander,
>
> > Transactional stuff like ATM cards, etc. should be released/rollbacked
> > by some isolated external watcher/observer/manager or just on the next
> > automatic restart after abnormal termination with "uncommitted" stuff.
> >
> > Or am I just missing something?
>
> Not likely. I agree that using an external watchdog is probably the most
> secure solution but at the same time also more complicated than the one I
> described.
> We considered returning the card after/during automatic restart but as
that
> takes about 2 minutes it's likely that someone else will get the card
(you'd
> rather retain the card than allowing that to happen). It takes that long
> because we also shutdown and restart Windows for safety reasons
> (unfortunately 3rd party drivers get into an invalid state quite often).
You could make an attempt to return the card in the terminate handler, too.
The main problem with the "exceptions for programming errors" approach is
that the error recovery code is never tested. If you encounter a programming
error during testing, you fix it; therefore, the programming errors that
remain are unknown, and so is the reaction of the recovery code. :-)
Boost list run by bdawes at acm.org, gregod at cs.rpi.edu, cpdaniel at pacbell.net, john at johnmaddock.co.uk