在开发模块化应用程序时使用故障快速方法 [英] using Fail-fast approach when developing modular applications

问题描述

开发模块化应用程序时，显而易见的是，我们需要使用 Fail-fast 系统？

When developing modular applications is it quiet obvious that we need to use Fail-fast systems?

当创建模块时，如果模块无法处理的错误条件，它应该报告错误（如抛出异常..），而不用担心谁处理它。在开发模块时，它可以用作指导。是否有任何问题？

When creating modules if there is an error condition the module cannot handle, it should report the error(like throw an exception..)without worrying who will handle it. It looks like this can be used as a guideline when developing modules. Is there any issues with this?

修改：示例

在module.dll中

public class SomeClass:ISomeInterface
{

    public void CreateFile(string filename)
    {
       //The module have no idea who calls this. But there is something wrong        
       //somewhere so  throw an exception early. The module writer has no control over 
       //how the exception is handled. So if this exception is not handled by the 
       //Client Application the application can potentially crash.Do he need to worry 
       //about that?
       if(filename == null)
       {
          throw new ArgumentNullException("Filename is null");
       }

       //I think the following is bad. This code is making sure that a module 
       //exception wont crash the application.Is it good?
       //if(filename ==null)
       //{
       //Logger.log("filename is null");
       //return;
       //}
    }
 }

推荐答案

我可以看到有两类关键的例外：整个系统可能已经被破坏，并没有太多的可以放心地假设不是，而那些在其中有重要的方面该代码将期望正常工作的系统不会，但是没有理由相信系统的其他部分被破坏。在前一种情况下，除了死亡之外，程序还没有太多的工作，可能会尝试记录发生的情况，如果可以这样做，而不会破坏任何主线数据。在后一种情况下，尽管如此，杀死申请将会过于粗鲁。一个更好的方法将是设计子系统，以便代码可以拉插头，以防止它导致数据损坏，结果是进一步尝试使用它（除了还在工作查询，其返回值应该指示问题）可能会引发即时异常，但允许程序的不需要故障子系统的那些部分继续运行，除非或直到它们决定它们没有太多没有它。

There are two categories of critical exceptions I can see: those in which the entire system may have been compromised, and there's not really much that one can safely assume wasn't, and those in which a significant aspect of the system which code is going to expect to "just work", won't, but there's no reason to believe other parts of the system are compromised. In the former case, there's not really much the program can do except die, possibly trying to log what happened if it can do so without corrupting any "main-line" data. In the latter case, though, killing the application would be unduly "rude". A better approach would IMHO be to design the subsystem so that code can "pull the plug" on it to prevent it from causing data corruption, with the consequence that any further attempt to use it (other than an "are you still working" query, whose return value should indicate the problem) will likely throw an immediate exception, but allow those parts of the program that don't need the troubled subsystem to keep running as they were unless or until they decide that there isn't much for them to do without it.

这篇关于在开发模块化应用程序时使用故障快速方法的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！