[Chatter] security guarantee level for error handling

When writing a program, error handling is very important. In the 71st terms of the "C ++ programming specification" book, three levels of "security assurance" are defined based on different error handling results: no-fail guarantees, strong guarantees, and basic guarantees. The three security levels are classified based on whether the data or status is affected when an error occurs in the execution method and is processed. Before writing each method, developers determine the level of error handling for the method, which can reduce the scope of thinking and avoid unnecessary over-design.

 

No-fail guarantee

The so-called "no-fail guarantee" means that the execution method is successful without exceptions. In the system, some methods must be designed to provide no-fail assurance level, such as deconstruct sub-, resource release, and log record... And so on. These methods are usually used for error handling. If an error occurs again during error handling, it should be a developer's disaster.

 

From the developer's point of view, it is expected that all methods are of no-fail guarantee level. However, the cruel reality is that most methods will encounter exceptions and require error handling.

 

Strong guarantee

The so-called strong guarantee means that the execution method is not necessarily successful, but the status or data remains unchanged after Exception Processing. The most common design in the system is to provide the strong guarantee level, that is, the database operation method using the "transaction function. When an exception occurs when you execute database operations, the system will roll back the database to maintain the status before the call method.

 

From the developer's point of view, we should try our best to design methods to reach the strong guarantee level. The result of the method execution, that is, the normal execution is completed, or an exception occurs, but the data or status remains unchanged.

 

Basic Guarantee

The "Basic Guarantee" means that the execution method is not necessarily successful, but the status or data after Exception Processing is in the "acceptable range. The acceptable range here is the correctness of the index data or status. For example, a car can only take up to five people. After an exception occurs in the result execution method, there are six records in the database, which means the data is not in the acceptable range.

 

From the developer's point of view, basic ensures that the level is the lowest level that the method must meet. When a method execution exception occurs, but the status or data after Exception Processing is not in the acceptable range, such execution results should be classified as program bugs and must be redesigned. If the data or status cannot be guaranteed to be within the acceptable range after an exception occurs in method execution, the butterfly effect will only cause more errors.