Re: Combined usage of exception handling

On Thu, 31 Mar 2005 02:48:46 -0800, "Eugene Gershnik"
<gershnik@xxxxxxxxxxx> wrote:

>Severian wrote:
>> int LogExcept(ULONG ecode, BOOL fatal, VOID **exp, LPCTSTR fmt, ...)
>> {
>> static volatile _declspec(thread) BOOL in_exception;
>
>
>First problem: How do you know that in_exception is not corrupted? It is
>just a location in memory after all

Of course I don't know that. but if either is corrupted, the exception
handler will let the exception go to the defaul SEH, and a "normal"
crash will occur.

>>
>> if (in_exception || fastcrash) /* Oops, things are really bad */
>
>
>Same thing about fastcrash
>
>> return EXCEPTION_CONTINUE_SEARCH;
>> in_exception = TRUE;
>> ...
>
>And here is the biggest problem. How do you know that whatever is behind
>"..." can actually run? Your stack, heap and static variables are all just
>locations in memory that can contain garbage at this point. This isn't
>theoretical. I have atually seen system fail horribly (no log, no debugger,
>nothing) on a customer site because somebody thought it was a good idea to
>do something like the code above.
>
>The *only* way to do post-mortem examination is from the safety of another
>process like Dr. Watson or a custom substitute that knows more about your
>app.

For the crashes we see in the real world (after alpha and beta
testing), with hundreds of thousands of users, 99% or more of them
produce valid, usable logs with stack traces (the most important
part). We also provide a command-line option to create a log while
running, which usually is able to pinpoint the other <1% of problems
(hangs, silent crashes).

In my main product, most crashes are read access violations in ODBC or
JET, due to misconfiguration on the client machine. The problems are
sometimes in TWAIN data sources and other things beyond our control,
such as missing or invalid DLLs, viruses, injected code from
poorly-written system utilities, or global hooks. Others are of course
due to our own bugs, and the exception logs are invaluable for all of
these.

Aside from producing a useful log, we present a more useful (and
truthful) error message:

A fatal exception error (%08x at %04x:%08x) has occurred in
<Program> or a Windows system component. Details have been
written to the log file:
%s.

(Since so many crashes are caused by ODCB/JET misconfiguration due to
terrible design by Microsoft, we like to share the blame!)

As for causing the system to fail, a real operating system has
separate processes that run in protected memory and a process failure
does not cause a system failure. System failures are generally caused
by operating system and driver bugs themselves. (Yes, it's possible to
crash or make the system unusable from user mode, but it's not likely
in an application that sticks to itself and leaves the system and
other processes alone.)

A Windows 9x/ME user, running in a half-protected environment, is
surely used to system crashes anyway!

Even Dr. Watson has to run code in the context of the failing process;
it is by no means failsafe.

>Having said that __try/__except/__finally has its uses usually around some
>low level "testing" code or to filter very specific, "safe" things like
>division by zero.

Yes, we use it for such very specific cases also; both directly and
indirectly for parameter validation in debug mode (IsBadReadPtr,
etc.).

--
Sev
.

Relevant Pages

  • Re: crash when run out of memory
    ... > when run out of memory on linux 2.4.27. ... From the core file, the crashes ... I think it is new that throws the exception, ...
    (comp.lang.cpp)
  • Re: Application Errors - Tried EVERYTHING - PLEASE HELP!!!!
    ... The memory in this case passed Memtest-like diagnostics ... The only other hardware causes of tis sort of behaviour which spring ... >I DESPERATELY NEED HELP WITH THESE CONSTANT CRASHES I HAVE ... >Any Multimedia program used for ENCODING or RENDERING ...
    (microsoft.public.windowsxp.hardware)
  • Re: How to troubleshoot bugchecks on my own?
    ... not a memory problem. ... From that exception record and context, ... execute the instruction - without a problem. ...
    (microsoft.public.win32.programmer.kernel)
  • Re: Bsod irql_not_less_or_equal
    ... *** Memory manager detected 2 instanceof page corruption, ... likely to have memory corruption. ... the driver/function that caused the problem. ... The exception code that was not handled ...
    (microsoft.public.windows.vista.performance_maintenance)
  • Re: Strange sudden shutdown issue with CF app
    ... Phone devices are notoriously low on virtual memory right out of the box because the OEMs decide to put every little thing into its own DLL and then have 25 processes launched at boot. ... Chris Tacke, Embedded MVP ... We have created an app that basically connects to a web service gets data, then stores it locally on the device, and when a record needs to be modified/added the system first tries to connect the web server sees if its availible, if not then it stores in locally on the device until the connection comes back, now I noticed that if the device does not mess around with the data connection then the application sits nicely as long as its open, and never gets shut down. ... But again most of the time I get no exception at all but just simply disappears. ...
    (microsoft.public.dotnet.framework.compactframework)