From 70c8718258b0c700c69471fbf63f26aaeae1e948 Mon Sep 17 00:00:00 2001
From: Ichthyostega <prg@ichthyostega.de>
Date: Mon, 1 Oct 2018 03:49:54 +0200
Subject: [PATCH] FailureHandling: rectify shortcomings in Proc-Command error
 handling

and especially our provisional dummy code to execute some commands "right here"
should also check and raise captured exceptions from command invocation
---
 src/common/subsystem-runner.hpp       |  3 ++-
 src/proc/control/handling-pattern.cpp |  8 ++++--
 src/proc/control/proc-dispatcher.cpp  |  7 +++---
 wiki/thinkPad.ichthyo.mm              | 36 +++++++++++++++++++++++++--
 4 files changed, 46 insertions(+), 8 deletions(-)

diff --git a/src/common/subsystem-runner.hpp b/src/common/subsystem-runner.hpp
index e933737f2..fe9808d1d 100644
--- a/src/common/subsystem-runner.hpp
+++ b/src/common/subsystem-runner.hpp
@@ -22,12 +22,13 @@
 
 
 /** @file subsystem-runner.hpp
- ** Manage execution of the independend [Subsystems](\ref subsys.hpp)
+ ** Manage execution of the independent [Subsystems](\ref subsys.hpp)
  ** of the Lumiera application. The SubsystemRunner is used by
  ** lumiera::AppState::init() for actually "performing" the various subsystems,
  ** as defined by their [Subsystem descriptors](\ref lumiera::Subsys). Together
  ** these parts define the lifecycle protocol.
  ** 
+ ** @todo   as of 2018, a design rework seems indicated eventually                  /////////////////////////TICKET #1177
  ** @remark While this facility is still pretty much the first implementation draft
  **         from 2008, it fulfilled our needs to express simple dependencies and to
  **         conduct a controlled shutdown in case of fatal problems. The operations
diff --git a/src/proc/control/handling-pattern.cpp b/src/proc/control/handling-pattern.cpp
index da1188175..043a25306 100644
--- a/src/proc/control/handling-pattern.cpp
+++ b/src/proc/control/handling-pattern.cpp
@@ -104,10 +104,14 @@ namespace control {
   /* ====== execution result state object ======= */
   
   
-  /** @note we just grab and retain the error message. */
+  /** @note just grab and retain the error message, but _clear_ the error flag.
+   *        Rationale: by packaging into the ExecResult, the excepton counts as treated.
+   */
   ExecResult::ExecResult (lumiera::Error const& problem)
     : log_(problem.what())
-  { }
+    {
+      lumiera_error(); // ensure error flag is cleared
+    }
   
   
   bool
diff --git a/src/proc/control/proc-dispatcher.cpp b/src/proc/control/proc-dispatcher.cpp
index 8098da914..c15ec1ce2 100644
--- a/src/proc/control/proc-dispatcher.cpp
+++ b/src/proc/control/proc-dispatcher.cpp
@@ -247,8 +247,8 @@ namespace control {
                   updateState();
                 }
             }
-          catch (lumiera::Error& problem)
-            {
+          catch (std::exception& problem)
+            {  // could also be lumiera::Error
               errorMsg = problem.what();
               lumiera_error();        // clear error flag
             }
@@ -304,7 +304,8 @@ namespace control {
               if (util::startsWith (string(cmd.getID()), "test"))
                 {
                   INFO (command, "+++ -------->>> bang!");
-                  cmd();
+                  auto resultState = cmd();
+                  resultState.maybeThrow();
                 }
               //////////////////////////////////////////////////////TODO : magic to invoke commands from unit tests
             }
diff --git a/wiki/thinkPad.ichthyo.mm b/wiki/thinkPad.ichthyo.mm
index 1354dab03..9940b6772 100644
--- a/wiki/thinkPad.ichthyo.mm
+++ b/wiki/thinkPad.ichthyo.mm
@@ -3194,8 +3194,8 @@
 </node>
 </node>
 </node>
-<node BACKGROUND_COLOR="#eee5c3" COLOR="#990000" CREATED="1538322674991" ID="ID_371763142" MODIFIED="1538357494258" TEXT="Problem: triggerShutdown nicht wasserdicht">
-<icon BUILTIN="pencil"/>
+<node CREATED="1538322674991" ID="ID_371763142" MODIFIED="1538359354152" TEXT="Problem: triggerShutdown nicht wasserdicht">
+<icon BUILTIN="button_cancel"/>
 <node CREATED="1538322708227" ID="ID_1994833744" MODIFIED="1538322772297" TEXT="kann sterben">
 <icon BUILTIN="messagebox_warning"/>
 <node CREATED="1538322737871" ID="ID_513027050" MODIFIED="1538322769742" TEXT="wenn Exceptions auftreten">
@@ -3208,6 +3208,38 @@
 <node CREATED="1538322721289" ID="ID_156783463" MODIFIED="1538322775541" TEXT="dann l&#xe4;uft das aufrufende sigTerm nicht zuende">
 <icon BUILTIN="broken-line"/>
 </node>
+<node CREATED="1538359359513" ID="ID_874296398" MODIFIED="1538359369128" TEXT="Nein kein Problem">
+<icon BUILTIN="forward"/>
+<node CREATED="1538359370815" ID="ID_104358783" MODIFIED="1538359518690" TEXT="das Subsystem-Protokoll verlangt noexcept">
+<icon BUILTIN="info"/>
+</node>
+<node CREATED="1538359382397" ID="ID_1054464710" MODIFIED="1538359515533" TEXT="alle bekannten triggerShutdown sind so gekennzeichnet">
+<icon BUILTIN="button_ok"/>
+</node>
+<node CREATED="1538359397915" ID="ID_446614054" MODIFIED="1538359507892" TEXT="und wenn trotzdem eine Exception fliegt...">
+<richcontent TYPE="NOTE"><html>
+  <head>
+    
+  </head>
+  <body>
+    <p>
+      ...dann sind wir sofort tot und das wird billigend in Kauf genommen.
+    </p>
+    <p>
+      So ist das tats&#228;chlich implementiert im Falle vom OutputDirector.
+    </p>
+    <p>
+      Der startet n&#228;mlich einen Thread erst als Supervisor f&#252;r den Shutdown.
+    </p>
+    <p>
+      Wenn das nun <i>wirklich</i>&#160;fehlschl&#228;gt, bleibt uns sinnvollerweise nur noch die Selbstmord-Option
+    </p>
+  </body>
+</html>
+</richcontent>
+<icon BUILTIN="ksmiletris"/>
+</node>
+</node>
 </node>
 </node>
 <node CREATED="1538357436900" ID="ID_1015844071" MODIFIED="1538357455069" TEXT="der ganze Subsystem-Runner sollte &#xfc;berarbeitet werden">