Next: , Up: Definition and usage of armouring   [Contents]


7.1.1 Pattern of error handling behaviour

If the Armour detects a violation it sends an event RaiseError to the Dezyne component. The Dezyne component must go to a controlled state and will eventually send a Reset event to the Foreign component (the Armour will pass this on). As a consequence the Foreign component will go to a known state. The Foreign component is expected to send an output event Recovered as result. As a consequence the Armour and Dezyne components will move to normal mode of operation again.

image

The overall state behaviour related to this pattern is a state machine with 3 states: {noError, raisedError, resetError}. Often it will be possible to reduce this to 2 error states only. The Robust interface supports the same events as the Strict interface without its limitations. The Armour maps the Robust interface to the Strict interface. It passes on all events in normal operation. It triggers on deviations of the allowed behaviour and then enters an error state. It logs the error using a Log interface via an injected port. Also it raises the error with the Dezyne component and prevents any further regular interaction with the Foreign component until the error is handled as described above.