On 04/01/2013 12:44 PM, Dmitry Olshansky wrote:> 01-Apr-2013 20:00, John
Colvin пишет:
>> Therefore, you're better off not trying to cleanup if program state
>> could be invalid.
>
> Data is corrupted no matter if you just fail to write it in a consistent
> state (sudden assertion in some 3-rd party library) or corrupt
> accidentally by bad write (during cleanup on corrupted RAM).
The failed assertion may be the moment when the program detects that
something is wrong. A safe program should stop doing anything else.
> Therefore you should always try to orderly cleanup but do not rely on it
> to actually work at all circumstances (thus backups, commits/save
> points, watchdogs and whatnot).
A safe program must first guarantee that that cleanup is harmless, which
is not possible when the program is in an invalid state. Imagine sending
almost infinite number of "cleanup" commands to a device that can harm
people who are around it.
Ali
