《Design by Contract for Embedded Software》翻译 _生活百科

原文： Design by Contract for Embedded Software (state-machine.com)
Design by Contract is the single most effective programming technique for delivering high-quality code. Here you can learn what the Design by Contract programming philosophy is, what can it do for you, and why should all embedded software developers care.

契约式设计是交付高质量代码的一种有效的编程技术。在这里，你可以了解到什么是契约式设计的编程理念，它能为你做什么，以及为什么所有的嵌入式软件开发者都应该关注它。

Errors versus Exceptional Conditions错误 VS 异常
【《Design by Contract for Embedded Software》翻译】While embedded systems come with their own set of complexities, they also offer many opportunities for simplifications compared to general-purpose computers. Dealing with errors and exceptional conditions provides perhaps the best case in point. Just think, how many times have you seen embedded software terribly convoluted by attempts to painstakingly propagate an error through many layers of code, just to end up doing something trivial with it, such as performing a system reset?

虽然嵌入式系统有其自身的复杂性，但与通用计算机相比，它们也提供了许多简化的机会。处理错误（error）和异常情况（exception）可能是最好的例子。试想一下，你有多少次看到嵌入式软件试图通过分析一层层的代码艰难的把一个层层传播下来的错误捕获，然而由于系统的复杂性，最终只能做一些微不足道的事情去应对，比如执行系统复位？

By error (known otherwise as a “bug”), I mean a persistent defect due to a design or implementation mistake (e.g., overrunning an array index or writing to a file before opening it). When your software has a bug, typically, you cannot reasonably “handle” the situation. You should rather concentrate on detecting (and ultimately fixing) the root cause of the problem. This situation is in contrast to the exceptional condition, which is a specific circumstance that can legitimately arise during the system lifetime but is relatively rare and lies off the main execution path of your software. In contrast to an error, you need to design and implement a recovery strategy that handles the exceptional condition.

所谓错误（以其他方式称为 "bug"），我指的是由于设计或实现上的错误（例如，数组越界或在打开文件之前写入文件）导致的持续缺陷。当你的软件有一个 bug 时，通常，你不能合理地 "处理 "这种情况。你应该专注于检测（并最终修复）问题的根源。这种情况与异常 (特殊情况)相反，异常是指在系统生命周期内可以合法地出现的特定情况，但相对罕见，并且不在你软件的主要执行路径上。与错误相比，你需要设计和实施一个处理异常的恢复策略。

As an example, consider dynamic memory allocation. In any type of system, memory allocation with malloc() (or the C++ new operator) can fail. In a general-purpose computer, a failed malloc() merely indicates that, at this instant the operating system cannot supply the requested memory. This can happen easily in a highly dynamic, general-purpose computing environment. When it happens, you have options to recover from the situation. One option might be for the application to free up some memory that it allocated and then retry the allocation. Another choice could be to prompt the user that the problem exists and encourage them to exit other applications so that the current application can gather more memory. Yet another option is to save data to the disk and exit. Whatever the choice, handling this situation requires some drastic actions, which are clearly off the mainstream behavior of your application. Nevertheless, you should design and implement such actions because in a desktop environment, a failed malloc() must be considered an exceptional condition.