25-06-2007, 11:15 AM
There is a typical paradign where each routine returns a status, and on every call that status is checked. If the status is not \"OK\" then the function call stops, and returns to the calling function. There too, the functions checks the status and returns to it's caller and so on till as some point some function (the exception handler) checks the status and does something about it.
In this way when a error (exception) happens execution stops at that point and the stack is \"unwound\" till the point that it is handled.
In the \"new\" languages this is achieved using exceptions.
In C there are two typical ways of doing this - the \"return\" method and the \"if\" method;
Or this
A much cleaner method that I've been using for many years is as follows:
ER_CHK is a macro that is defined as follows: (simplified)
However the use of the \"goto\" makes people shudder and point to appropriate section in MISRA - though shall not GOTO
My question
Is such a use of GOTO allowed ?
Justification:
1. The GOTO is hidden in a macro and execution proceeds to a well defined point - this is as structured as the the jump commands behind the f,while, switch - and yes - break statements. It is better than the break since the destination is well known
2. The ER_CHK macro can be viewed as an extension of C
3. It provides a single exit point. This is a major problem in the \"return\" method since if there is a resource to release it needs to be done before each return.
4. The code is MUCH cleaner and robust
5. The actual goto was outlawed because it's use lead to a mess - this use prevents the mess - and is more robust since the programmer does not deal with the \"ifs\" and \"returns\" - so can't introduce bugs by doing it wrongly ( \"=\" vs \"==\" bugs, no bug fogetting the \"return\" or doing cleanup before the return etc.)
6. ER_CHK is actully defined as
So the log contains something like
foo1.c (23) status = 3;
foo2.c (125) status = 3;
foo3.c (13) status = 3;
Where a function in foo3.c on line 13 calls a function in foo2.c on line 125 etc.
Even C++, Jave exceptions don't do that !!
The attatched article provides more details and shows an implementation that is CPU and Memory efficient.
Again - the quesion I'm asking is that the use of this mechanism illegal in MISRA ?
In this way when a error (exception) happens execution stops at that point and the stack is \"unwound\" till the point that it is handled.
In the \"new\" languages this is achieved using exceptions.
In C there are two typical ways of doing this - the \"return\" method and the \"if\" method;
Code:
status foo( )
{
status st = OK;
st = bar_aaa( );
if (st == OK) {
st = bar_bbb( ); }
if (st == OK) {
st = bar_ccc( ); }
return st;
}
Or this
Code:
status foo( )
{
status st = OK;
st = bar_aaa( );
if (st != OK) {
return st;
}
st = bar_bbb( );
if (st != OK) {
return st;
}
st = bar_ccc( );
if (st != OK) {
return st;
}
return st;
}
A much cleaner method that I've been using for many years is as follows:
Code:
status foo( )
{
status st = OK;
st = bar_aaa( ); ER_CHK(st);
st = bar_bbb( ); ER_CHK(st);
st = bar_ccc( ); ER_CHK(st);
ER_EXIT:
return st;
}
ER_CHK is a macro that is defined as follows: (simplified)
Code:
#define ER_CHK(st) if (st != OK) goto ER_EXIT; else ;
However the use of the \"goto\" makes people shudder and point to appropriate section in MISRA - though shall not GOTO
My question
Is such a use of GOTO allowed ?
Justification:
1. The GOTO is hidden in a macro and execution proceeds to a well defined point - this is as structured as the the jump commands behind the f,while, switch - and yes - break statements. It is better than the break since the destination is well known
2. The ER_CHK macro can be viewed as an extension of C
3. It provides a single exit point. This is a major problem in the \"return\" method since if there is a resource to release it needs to be done before each return.
4. The code is MUCH cleaner and robust
5. The actual goto was outlawed because it's use lead to a mess - this use prevents the mess - and is more robust since the programmer does not deal with the \"ifs\" and \"returns\" - so can't introduce bugs by doing it wrongly ( \"=\" vs \"==\" bugs, no bug fogetting the \"return\" or doing cleanup before the return etc.)
6. ER_CHK is actully defined as
Code:
#define ER_CHK(st) if (st != OK) {write_to_log(__LINE__, __FILE__); goto ER_EXIT; else ;
So the log contains something like
foo1.c (23) status = 3;
foo2.c (125) status = 3;
foo3.c (13) status = 3;
Where a function in foo3.c on line 13 calls a function in foo2.c on line 125 etc.
Even C++, Jave exceptions don't do that !!
The attatched article provides more details and shows an implementation that is CPU and Memory efficient.
Again - the quesion I'm asking is that the use of this mechanism illegal in MISRA ?