Defensive Programming

Design by contract

A compromise of the functionalities and behavior of a module;

Use assert()

pros:

  • improve testing
  • detect bugs
  • behaves like executable comments
  • improve code quality
  • can be turned on and off

cons:

  • slowdown execution
  • commonly misunderstood
  • some times used improperly for error handling

 

Static Code Analysis

Excelent tool for detecting errors that the compiler won’t detect.

Other techniques

Data hiding (encapsulation)

exposes only necessary functions;

Robust watchdogs

  • should have separated clock sources;
  • fast detection of failures
  • ability to accuse what went wrong

Stack monitor

easily implemented in RTOS, but hard to implement in baremetal;

Error handling

 

References

Benigno Defensive Programming

Advertisements