Chris Blaicher wrote: <begin extract> Rather than rely on task structure to limit failure damage, each task should establish its own recovery environment and pass back a return code via some non-destructive way. </end extract>
and I suspect that we disagree sharply about this. That tasks should establish their own recovery machinery is certainly correct. Recovery is not, however, always possible; there are indeed situations in which it is seldom or never possible; and in my experience too much use of recovery machinery often muddies the waters, making diagnosis of the underlying problem or problems more difficult than it would have been if the at-failure-time environment had been better preserved. We are not, of course, dealing with an either/or situation here, but segregating operations that can fail in their own subtasks remains a very valuable device. In this sense "relying upon task structure to limit failure damage" is wholly appropriate. John Gilmore, Ashland, MA 01721 - USA ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to [email protected] with the message: INFO IBM-MAIN
