What is the performance cost?
When you're debugging the error handlers, the performance cost is probably irrelevant, since the program will soon enter an error handler. In the release version, there is no performance cost. I've inspected the disassembled output of the Visual C++ optimizing compiler, and it generates no code for the null templates.
Isn't it enough to test failures at the low-level functions?
Error handlers are all over a program, but only a few low-level functions originate most errors.
Isn't it enough to simulate errors in these functions?
No. In addition to testing error detection, you need to test error propagation and recovery. That means testing all paths for all errors, not just all errors. The safest way is to simulate an error in every place that you test for an error.
You used templates and classes. How can I implement this in C?
I used templates to make the simulation functions typesafe and to allow default parameters. Instead, I could have used macros such as:
// Simulate failed C allocation
#define SimErrMalloc(pVoid) \
{ \
if ((pVoid) && \
SimError(__FILE__, \
__LINE__, \
MEMORY_ERROR, \
1, 1.0)) \
{ \
free(pVoid); \
pVoid = 0; \
} \
}
#define SimFailMallocRandom(pVoid,\
nCount,\
nProb) \
{ \
if ((pVoid) && \
SimError(__FILE__, \
__LINE__, \
MEMORY_ERROR, \
nCount, \
nProb)) \
{ \
free(pVoid); \
pVoid = 0; \
} \
}
Instead of the one template, I had to define two macros: one for systematic errors and one for random errors. Macros have the advantage of letting you hide the __FILE__ and __LINE__ parameters directly in the macro.
I used object-oriented programming because I find it makes the code easier to develop and debug. In C, the same result could be accomplished with a module, static data, and static functions.
Aren't there any commercial tools that simulate errors?
The only tool I could find that claimed to support error simulation was Panorama by International Software Automation (www.softwareautomation.com). They discuss automatic error simulation on their website, but when I contacted the company, they recommended manual error simulation much like the material I've presented here. I also contacted NuMega Technologies, developers of BoundsChecker, but they do not have an error simulation tool for C++.
I think this is an excellent area for companies like ISA and NuMega to pursue. More sophisticated tools that use preprocessors can invisibly insert the simulation code during compilation and solve many of the problems associated with my very simple approach. o