Changes between Initial Version and Version 2 of Ticket #602


Ignore:
Timestamp:
07/04/13 21:49:54 (7 years ago)
Author:
usul
Comment:

This is slightly related to #313 (gdb crash dump). I agree that we need to improve code quality in general, but we currently lack of ressources to do big steps:

  • establish testing procedures
  • establish auto testing (CUnit etc).

I have no idea, how exception handling currently works, as Navit is a mix between C and C++ and sometimes even other code (e.g. Java for Android).

BTW: Currently we save your old destinations etc.

I will assign this ticket to the next minor release, that focus stability.

Legend:

Unmodified
Added
Removed
Modified
  • Ticket #602

    • Property Keywords logging testing added
    • Property Milestone changed from to version 0.5.1
  • Ticket #602 – Description

    initial v2  
    33That being said, Navit needs some generic improvements in this field. Besides the most obvious step of writing resilient-per-se code, the two key ingredients are crash prevention and graceful reaction where the crash is inevitable. I will list two good examples for either.
    44
    5 First, crash prevention. It boils down to exception handling, and the good example here is Delphi: The window message loop is enclosed in a try block; if an exception occurs in the code for handling a particular message, the exception handling code is executed and then execution continues with the next message. (Since almost all code in a Delphi app typically goes inside some event handlers called from inside the message loop, it is hard to get a Delphi app to crash - the only remaining risk is that some data may be botched internally due to the exception and further errors result from this.)
     5First,''' crash prevention'''. It boils down to exception handling, and the good example here is Delphi: The window message loop is enclosed in a try block; if an exception occurs in the code for handling a particular message, the exception handling code is executed and then execution continues with the next message. (Since almost all code in a Delphi app typically goes inside some event handlers called from inside the message loop, it is hard to get a Delphi app to crash - the only remaining risk is that some data may be botched internally due to the exception and further errors result from this.)
    66
    7 Applied to Navit, this would mean a "global" exception handler around the central point at which Navit processes all input from the user or the GPS receiver. When an exception occurs during the handling of some event, this would abort the handling procedures for that event and trigger a default action. (For example, playing a sound, displaying a message on the screen which disappears after a few seconds - remember that the attention of the driver is on the road and not on Navit, hence we need a compromise which does inform the user of the fault but does not require any interaction on his part). Also, do any cleanup that may need to be done - such as committing any unwritten data to file (losing a GPX log to a crash can be^W^W IS annoying when tracking).
     7Applied to Navit, this would mean a '''"global" exception handler''' around the central point at which Navit processes all input from the user or the GPS receiver. When an exception occurs during the handling of some event, this would abort the handling procedures for that event and trigger a default action. (For example, playing a sound, displaying a message on the screen which disappears after a few seconds - remember that the attention of the driver is on the road and not on Navit, hence we need a compromise which does inform the user of the fault but does not require any interaction on his part). Also, do any cleanup that may need to be done - such as committing any unwritten data to file (losing a GPX log to a crash can be^W^W IS annoying when tracking).
    88
    99That way even the most careless code would be unlikely to bring Navit down altogether. (Unless it were to mess with some data structures that get processed outside the global exception handler.)
     
    1313A side effect would be that, if some central data structures were to get corrupted, even the menu command to exit Navit would be unreachable. We need to take care to avoid the dependencies of all code necessary for calling exit (maybe implement the exit command itself as an exception?), else the user will never be able to leave Navit when they need to most urgently.
    1414
    15 Second, crash recovery. Sometimes, as a result of a previous exception or other fault, internal data may be corrupted and Navit may be unable to continue. As mentioned before, this may (and according to Murphy WILL) happen at a point when the driver has other things to worry about than restarting Navit and re-entering all navigation data.
     15Second,''' crash recovery'''. Sometimes, as a result of a previous exception or other fault, internal data may be corrupted and Navit may be unable to continue. As mentioned before, this may (and according to Murphy WILL) happen at a point when the driver has other things to worry about than restarting Navit and re-entering all navigation data.
    1616
    1717How about letting the global exception handler take care of that? It does require some work in advance, though: