原文: Design by Contract for Embedded Software (state-machine.com)
Design by Contract is the single most effective programming technique for delivering high-quality code. Here you can learn what the Design by Contract programming philosophy is, what can it do for you, and why should all embedded software developers care.
契约式设计是交付高质量代码的一种有效的编程技术 。在这里,你可以了解到什么是契约式设计的编程理念,它能为你做什么,以及为什么所有的嵌入式软件开发者都应该关注它 。Errors versus Exceptional Conditions错误 VS 异常
While embedded systems come with their own set of complexities, they also offer many opportunities for simplifications compared to general-purpose computers. Dealing with errors and exceptional conditions provides perhaps the best case in point. Just think, how many times have you seen embedded software terribly convoluted by attempts to painstakingly propagate an error through many layers of code, just to end up doing something trivial with it, such as performing a system reset?
虽然嵌入式系统有其自身的复杂性,但与通用计算机相比 , 它们也提供了许多简化的机会 。处理错误(error)和异常情况(exception)可能是最好的例子 。试想一下,你有多少次看到嵌入式软件试图通过分析一层层的代码艰难的把一个层层传播下来的错误捕获 , 然而由于系统的复杂性 , 最终只能做一些微不足道的事情去应对,比如执行系统复位?By error (known otherwise as a “bug”), I mean a persistent defect due to a design or implementation mistake (e.g., overrunning an array index or writing to a file before opening it). When your software has a bug, typically, you cannot reasonably “handle” the situation. You should rather concentrate on detecting (and ultimately fixing) the root cause of the problem. This situation is in contrast to the exceptional condition, which is a specific circumstance that can legitimately arise during the system lifetime but is relatively rare and lies off the main execution path of your software. In contrast to an error, you need to design and implement a recovery strategy that handles the exceptional condition.
所谓错误(以其他方式称为 "bug"),我指的是由于设计或实现上的错误(例如,数组越界或在打开文件之前写入文件)导致的持续缺陷 。当你的软件有一个 bug 时,通常,你不能合理地 "处理 "这种情况 。你应该专注于检测(并最终修复)问题的根源 。这种情况与异常 (特殊情况)相反 , 异常是指在系统生命周期内可以合法地出现的特定情况,但相对罕见,并且不在你软件的主要执行路径上 。与错误相比,你需要设计和实施一个处理异常的恢复策略 。As an example, consider dynamic memory allocation. In any type of system, memory allocation with
malloc()
(or the C++ new
operator) can fail. In a general-purpose computer, a failed malloc()
merely indicates that, at this instant the operating system cannot supply the requested memory. This can happen easily in a highly dynamic, general-purpose computing environment. When it happens, you have options to recover from the situation. One option might be for the application to free up some memory that it allocated and then retry the allocation. Another choice could be to prompt the user that the problem exists and encourage them to exit other applications so that the current application can gather more memory. Yet another option is to save data to the disk and exit. Whatever the choice, handling this situation requires some drastic actions, which are clearly off the mainstream behavior of your application. Nevertheless, you should design and implement such actions because in a desktop environment, a failed malloc() must be considered an exceptional condition.我们以动态内存分配作为一个例子 。在任何类型的系统中 , 用malloc()
(或 C++的new
操作符)分配内存都可能失败 。在通用计算机中,一个失败的malloc()
仅仅表明,在这一时刻,操作系统不能提供所要求的内存 。在一个高度动态的通用计算环境中,这种情况很容易发生 。当它发生时,你可以选择从这种情况下恢复 。一个选择可能是让应用程序释放它所分配的一些内存,然后重新尝试分配 。另一个选择可能是提示用户问题的存在,并鼓励他们退出其他应用程序,以便当前的应用程序可以收集更多的内存 。然而,另一个选择是将数据保存到磁盘并退出 。不管是什么选择 , 处理这种情况需要一些激烈的行动 , 这显然是不符合你的应用程序的主流行为 。然而,你应该设计并实现这样的动作,因为在桌面环境中,malloc () 失败必须被视为一种异常 。推荐阅读
- 《英雄联盟》英雄亚索怎么玩(各个英雄如何评价亚索)
- MySQL数据库的性能分析 ---图书《软件性能测试分析与调优实践之路》-手稿节选
- 《新录用公务员任职定级规定》咨询 新录用公务员任职定级规定2019
- 《正义联盟》中超人是怎么死的
- 《正义联盟》超人那么厉害,是怎么死的(正义联盟超人实力怎样)
- 《三国演义》中曹操的大将许褚是怎么死的(三国许褚做了哪些大事)
- 33 《吐血整理》高级系列教程-吃透Fiddler抓包教程-Fiddler如何抓取WebSocket数据包
- 《火影忍者》:二代火影真正的死因是什么为什么说是不会解开的迷题
- JVM运行时数据区域详解
- 《火影忍者》里,二代火影是怎么死的(二代火影为什么打不过金银角)