From: Keith.S.Thompson+u@gmail.com
David Brown writes:
> On 22/10/2025 15:56, Janis Papanagnou wrote:
[...]
>> switch (cmd) {
>> case 'C': ...;
>> case 'M': ...;
>> default: printf ("Error: uncaught cmd '%c'\n", cmd);
>> }
>> It's good to take precautions and define the 'default' case. YMMV.
>
> That's not "taking precautions". If the "...optionally verify cmd"
> part does a good job, then the default line is worse than useless
> because it is code that never runs. If that part doesn't exist (since
> it is "optional"), then the default line is not "taking precautions",
> it is normal handling of a realistic situation.
Error handling can be complicated.
You're right that code that prints a message for a condition that
should never happen (equivalently, that can only happen as a result
of a programming error) is difficult to test. (I suppose you could
tweak the code to introduce an error so the message is triggered,
but that's ugly and difficult to automate.)
For example, the failure of the first Ariane 5 launch involved
an unexpected error diagnostic message being interpreted as data.
If the error had been quietly ignored, the rocket might have survived.
If a condition is really expected never to happen, something
like gcc's _builtin_unreachable might be useful, or more portably
an assert.
If you want to test for a condition that should never happen, you
need to think about how you would want to handle it. If the best
way to handle it is to abort the application, that's easy enough.
If it's a safety critical system, though, it might be better to
attempt to log an error message (in a way that won't itself cause
a problem) and try to continue running.
And yes, handling a condition that can actually happen (say, in the
presence of bad input) is quite different.
--
Keith Thompson (The_Other_Keith) Keith.S.Thompson+u@gmail.com
void Void(void) { Void(); } /* The recursive call of the void */
--- SoupGate-Win32 v1.05
* Origin: you cannot sedate... all the things you hate (1:229/2)
|
