Using C++ Exceptions in C

Avi Rappoport

Exception handling in C++ offers many advantages over error handling in C. Using the
techniques outlined here, you can implement C++ exceptions in your C code without a
lot of effort. The payback is streamlined debugging that can result in more error-free
code. When your program encounters errors, it jumps to the appropriate
error-handling section, rather than dealing with the error locally. This simplifies
your design and helps you concentrate on the normal flow of control. Centralized error
handling also makes it easier to improve your reporting and feedback mechanisms
incrementally.

I wrote a few little XCMDs in C and after the fifteenth crash of the day, I decided that I'd
better add some error handling. So I looked at Dartmouth XCMDs, but I wasn't
impressed. Each check for an error meant another indentation in the code, and I was
worried about disposing of handles correctly as I passed errors up the call chain. Since
I'd been looking at a lot of C++ lately, I wondered whether I couldn't use part of the
C++ exception-handling mechanism to avoid problems in my code. It worked pretty
well, so I thought I'd share my results.

For part of my solution, I used some Metrowerks macros. Metrowerks has graciously
allowed these helpful exception and debugging source, header, and resource files to be
included on this issue's CD, so you can use them without purchasing its CodeWarrior
CD. The files contain macros that provide convenient tools for implementing exceptions
and debugging signals, as well as an alert resource that can provide information during
debugging.

Although I've used C++ exception handling in my C code with great results, I'd like to
offer you one word of caution before you use them. Realize that C++ is not strictly an
extension of C; as a result, in some cases it's possible that the program may not behave
as you think it should.

BASIC ERROR-HANDLING REQUIREMENTS

All programs must respond to system and subroutine failures somehow. For example,
many Macintosh Toolbox routines return a variable of type OSErr, while others
require that you call Toolbox routines (such as MemError and ResError) to retrieve
the error. If you ignore system and subroutine failures, your program is practically
guaranteed to crash.

Good error handling allows you to cope with many kinds of problems. Your checks can
trigger other code that deals with the problem (for example, by freeing memory).
During debugging, error checking should notify you that something has gone wrong.
And since you can't, unfortunately, catch all the bugs during testing, you must also set
up an error-reporting mechanism to notify your users when something has gone
wrong. In the worst case, your error handling should at least ensure that your
program exits gracefully, without losing or corrupting user data.

THROWING EXCEPTIONS

The American National Standards Institute (ANSI) has defined a mechanism for C++
compilers that allows code to "throw" exceptions. When the compiler encounters a
throw statement, it jumps to the nearest catch statement. (The "nearest" catch
statement is the one associated with the current try statement, whether it's in the
current routine or farther up the call chain.) The catchstatement can deal with the
error, pass it up the call chain, or both. A throwstatement should appear only within
a try or catch statement or in code called from within a try statement. Listing 1
shows these basic components.

Listing 1. Throwing exceptions

OSErr theErr = noErr;

// Try block.
try {
   // Do something.
   ...
   // If error, throw an exception.
   if (theErr != noErr)
      throw (theErr);
}
// Catch blocks.
catch (OSErr theErr) {
   // Do something with the error.
   ...
}
catch (...) {
   // Catch anything else.
   ...
}

As shown in Listing 1, exceptions are dealt with in catch blocks, which take an
appropriate action depending on the error. For serious errors, this means cleaning up
and terminating the program. For less serious errors, the catch block could continue
without making a fuss, or make changes based on the error and again call the routine
that threw the error; sometimes you might want to throw a more generic error, which
is caught and interpreted in a higher-level catch block. I also recommend using the
Metrowerks signal macros (described later) within your catch blocks to help you
locate errors during debugging.

The three dots in catch (...) are actually in the code; the other such dots
that appear in these listings are ellipses representing code that isn't shown.*

When carefully designed, C++ exception handling in your program can deal with
problems at an appropriate level. As you may already have guessed, this feature is
both powerful and dangerous. The advantage is that you don't have to mess around with
returning errors for every routine or indenting deeply. However, if you allocate
memory, you must be careful to dispose of it at the right time or it will cause a leak.

ADDING C++ EXCEPTIONS TO YOUR CODE

To add C++ exceptions to your code, you must do the following:

Force the use of the C++ compiler.
Create a top-level exception handler in your main routine.
Define try blocks and catch blocks, and call throw at appropriate times.
Add the C++ library (CPlusPlus.lib, CPlusPlusA4.lib, or
MWCRuntime.Lib) to your project.

The Metrowerks macros that you'll see in the code that follows make implementing
exception handling much easier than it would be otherwise. I'll talk about them later.

USING C++

To use C++ exceptions, you have to force the use of the C++ compiler. In Metrowerks
CodeWarrior, the easiest way is to select the Activate C++ Compiler checkbox in the
C/C++ Language panel. You should also make sure that the Enable C++ Exceptions
checkbox is selected, because it enables throwing exceptions rather than direct
destruction (one of those weird C++ things). An alternative way to invoke the
compiler is to change the extension on your source code files to ".cp" or by changing
the Target panel preferences; however, the checkbox method is the easiest.

C++ is stricter about automatic parameter conversion than C, so selecting the MPW
Pointer Type Rules checkbox in the C/C++ Language panel avoids a bunch of errors (it
forces the compiler to allow some implicit char* casts). But you'll get errors for
other parameters and return values, so you have to clean them up as indicated by the
compiler. For example, the following is an error message returned by a C++
compiler:

HC2RTF.c line 224  textLen = strlen(textString);
Error   : cannot convert
'unsigned char *' to
'char *'

To fix this problem, you can change the code to

textLen = strlen((char *) textString)

The CodeWarrior C++ compiler puts special C++ information into function names
(this is called name mangling). C doesn't do this, so header files for C functions should
be surrounded by #extern "C" statements to tell the compiler not to mangle these
names (see Listing 2). The Macintosh Toolbox header files take care of this already.

Listing 2. Preventing name mangling

#ifdef __cplusplus
extern "C" {
#endif

long   FindBreak(char* buffer, short len);
// More declarations here
...

#ifdef __cplusplus
}
#endif

CREATING A TOP-LEVEL EXCEPTION HANDLER IN MAIN

In your main loop or function, you should specify the top-level exception handler. This
should catch serious errors, report them, and exit gracefully. Listing 3 shows the
simplest possible exception handler (which you'll understand better as you read on).

Listing 3. Simple top-level exception handler

pascal void main(XCmdPtr paramPtr)
{
   long   oldA4 = SetCurrentA4();

   try {
      CreateFile(paramPtr);
      WriteFile(paramPtr);
   }
   catch (...) {
      ReportError("\pSerious error occurred.")
      // XCMDs do not have to use ExitToShell.
   }
   SetA4(oldA4);
}

DEFINING TRY BLOCKS

When you use a try statement, it tells the compiler that the following code might have
exceptions thrown in it. All functions that throw exceptions must be within a try
block, either in the current function or in a calling function. It's pretty easy to set up
try blocks before catch blocks. This is good, because you do have to do it: any throws
that aren't caught will automatically abort the program.

DEFINING CATCH BLOCKS

You should have catch blocks for each error type. So, for example, you might define
catch (OSErr theErr), catch (errStruct errRecord), and catch (Str255
theErr). You should also have a generic catch, catch (...), which doesn't have any
parameters, to catch exceptions of all other types. Although it's better to use typed
catches that handle specific errors, always add at least one generic catch and have it
signal an error with an alert or break to the debugger. This will help you catch
exception mistakes during your debugging and testing phase. Listing 4 shows examples
of these types of catch blocks.

Listing 4. Specific and generic catch blocks

catch (StringPtr errString) {
   // If HandleError throws, it will be caught above this catch.
   HandleError(errString);
}
catch (OSErr theErr) {
   Str255 errString;
   ConvertErrToString(theErr, errString);
   ReportError(errString);
   throw (theErr);   // Rethrow to handle error.
}
// Forces the application to quit after the message.
catch (...) {
   SignalPStr_("\pUntyped error occurred in prefs.")
   ExitToShell();
}

The compiler automatically routes the error to the appropriate catch statement,
depending on the parameter passed to the throw statement. In Listing 4, both the
StringPtr and OSErr types are caught specifically, after which they're reported. The
OSErr catch rethrows the error as well. Any other types of errors are caught by the
generic catch, which calls a signal macro to display a message and then exits the
program.

You can, and often should, continue after catching an error. For example, after a disk
full error, you should allow the user to choose a different volume. Note that the
program will continue after the catch block, rather than in the location where the
exception was thrown.

MOVING DEEPER -- HANDLING EXCEPTIONS IN THE CALL
CHAIN

Many of your low-level routines may call the Macintosh Toolbox or otherwise interact
with the Mac OS. They should throw an exception if there's an error, as shown in
Listing 5.

Listing 5. Throwing exceptions for Macintosh Toolbox errors

void MakeMyResFile(Str32 fileName)
{
   CreateResFile(fileName);
   // Could also use the Metrowerks ThrowIfResError_ macro.
   err = ResError();
   if (err <> noErr)
      throw (err);
   // Continue with execution.
   ...
}

// Call the function.
MakeThisFile()
{
   ...
   try {
      MakeMyResFile(thisFile);
   }
   catch (OSErr theErr) {
      if (theErr == dupFNErr) {
         // Do something; file already exists.
         ...
      }
      else
         throw (theErr);   // Rethrow the error.
   }   // End catch statement.
   ...
}

So where do you catch these exceptions? Remember, they percolate up the call chain
until they find a catch statement, so you don't have to take care of them in the
immediate calling function (unless you've allocated memory or done other things that
need undoing). When you catch them, you can, and sometimes should, throw the error
again. You can either report errors in mid-level routines or rethrow them up to a
higher-level error reporting mechanism.

In addition to these catch statements, be sure to add a catch statement in circumstances
where you need to do any of the following:

Dispose of handles and otherwise deallocate memory.
Shut down something you started in the try block, such as opening a file.
Change the error thrown.

For your own functions, you should throw errors in situations that can cause serious
problems or crash the machine. For instance, if you're providing a function that
accesses a variable-length array that contains 16 members and the caller asks for the
17th member, you can throw a range error. There's no hard-and-fast rule about when
to put the error checking into a function and when to require it before calling -- it
depends on the situation. For example, if you're calling a function inside a tight
graphics loop only and you want speed, you can probably check the parameters
sufficiently in the calling function. However, if you have a utility routine that's called
from several sections of your code, adding error checking will help you remember its
requirements, such as parameters, memory, and other system states, to avoid
problems later on.

Handling exceptions in libraries is tricky because you don't know much about the
calling program. Think carefully about what you should report to the user and what
you should simply return to calling functions.

As your programs become more sophisticated, you can start working around certain
errors -- for example, by using temporary memory when the application's heap is
full. You'll also need to design interactive error reporting, allowing your users to take
action (such as unlocking a locked disk) when they can. Then your application can
continue properly.

EXCEPTIONS AND DEBUGGING WITH THE METROWERKS
MACROS

The Metrowerks PowerPlant UDebugging and UException files, included on this issue's
CD, provide convenient tools for throwing common exceptions and alerting you during
debugging. To use them, put the folder in your project folder, add the sources and the
"PP DebugAlerts.rsrc" resource file to your project, and include the headers in your
source files.

The UException.h file includes macros that automate common exception conditions.
The UException.cp file includes an abort function. The UDebugging.h file defines some
macros that make locating problems easier by allowing you to specify a signal, a
debugging string displayed when the macro is invoked.

If your project includes an ANSI library you don't need to add
UException.cp. The abort function will conflict.*

SETTING GLOBAL VARIABLES FOR DEBUGGING

You need to set the global variables gDebugThrow and gDebugSignal in UDebugging.h to
specify the debugging actions for throws and signals. By default, they're set to do
nothing at all. Other options include displaying a dialog, dropping into the source-level
debugger, or dropping into the low-level debugger. To activate the macros, be sure to
define Debug_Signal in your precompiled header or UDebugging.h.

The following are the global variable options:

debugAction_Nothing -- Do nothing.
debugAction_Alert -- Display an alert box with an exception code
(described later), filename, and line number where the throw or signal was
made. For this to work, you must include the file "PP DebugAlerts.rsrc" in
your project.
debugAction_SourceDebugger -- Break into the source-level debugger.
For the Metrowerks source-level debugger, execution will stop with the
arrow pointing to the line containing the throw statement. The exception code
isn't displayed. You can check the display of variable values in the
source-level debugger for that information. (I've tested this with the
Metrowerks debugger only.) If you aren't running under the source-level
debugger, debugAction_SourceDebugger will break into the low-level
debugger on PowerPC processor-based machines, but might crash on 680x0
systems.
debugAction_LowLevelDebugger -- Break into MacsBug and display the
exception code as a string. In MacsBug, the console will display two lines:

User Break at routine + offset
exception code

Note that if you don't have a low-level debugger installed, your program
will crash with an unimplemented trap error if it tries to break into the
low-level debugger.

THE THROW MACROS

UException.h defines several useful macros that automatically perform tests and throw
exceptions if a test failed. It also defines a type, ExceptionCode (a long), and two
standard exceptions, err_AssertFailed ('asrt') and err_NilPointer ('nilP'), which are
treated as type ExceptionCode. Here are the throw macros:

ThrowIf_(test) -- Throws an exception if test is true, where test is a
Boolean or the result of a Boolean condition. The exception code will be
err_AssertFailed.
ThrowIfNot_(test) -- Throws an exception if test is false. The exception
code will be err_AssertFailed.
ThrowIfOSErr_(err) -- Throws an exception if err isn't equal to noErr.
ThrowOSErr_ (err), FailOSErr_ (err) -- Throws an exception with err
as the exception code.
ThrowIfNULL_(ptr), ThrowIfNil_(ptr), FailNil_(ptr) -- If ptr is NULL
(or nil), throws an exception with err_NilPointer as the exception code.
ThrowIfMemError_() -- Calls the Toolbox routine MemError and
throws an exception if it returns a result that's not equal to noErr; the
MemError return becomes the exception code.
ThrowIfMemFail_(p) -- Throws an exception if p (a pointer or a handle)
is nil. The MemError routine is used to check the success or failure of the last
Memory Manager call. If MemError returns a result that's not equal to noErr,
the exception code is set to the return value of the MemError call. If
MemError returns noErr, the exception code is set to memFullErr, a constant
defined by Apple.
ThrowIfResError_() -- Calls the Toolbox routine ResError and throws
an exception if it returns a result that's not equal to noErr; the result becomes
the exception code. ResError is used to check the success or failure of the last
Resource Manager call.
ThrowIfResFail_(h) -- Throws an exception if h (a handle to a resource)
is nil. If ResError returns a result that's not equal to noErr, the exception
code is set to that result. If ResError returns noErr, the exception code is set
to resNotFound, a constant defined by Apple.

You can use all of the macros within if-else clauses, as they're designed to be
self-contained. For example:

if (err != fnfErr)
   ThrowIfOSErr_(err);

THE SIGNAL MACROS

UDebugging.h defines macros for raising signals, also known as asserts. These will
stop the execution of the program and report errors. You can use them to check for nil
pointers, out-of-range offsets, excess length, division by zero, and other problems. If
you remove the definition of Debug_Signal, the entire set of macros is converted to
white space and takes no runtime overhead whatsoever.

The macros are defined to check gDebugSignal for the action to take on execution, as
described previously.

The following are the signal macros:

SignalPStr_(pstr) takes a Pascal string argument. The string can be a
literal Pascal string (in double quotes beginning with \p) or a StringPtr
variable (and its variants, such as Str255).
SignalCStr_(cstr) takes a literal C string argument. The string must be a
literal (text within double quotes) and can't be a char*. Because the
underlying Toolbox routines take Pascal strings, the SignalPStr_ macro is
more efficient.
SignalIf_(test), SignalIfNot_(test) each take a Boolean condition as an
argument and raise a signal depending on whether the condition is true or
false.
Assert_(test) is a synonym for SignalIfNot_(test).

STRESS REDUCTION WITH EXCEPTION HANDLING

C++ exceptions and these Metrowerks macros make error handling reasonably easy to
add to most programs. With a little thought, you can design a clean structure for
dealing with Mac OS errors and internal errors -- a structure that's easily extensible
to new code. You can avoid stress during testing by adding signal macro calls for
common errors throughout your code. They're much easier to debug than system
crashes. And yes, thank you, my XCMDs are much better now!

RELATED READING

For a more in-depth examination of exceptions in C++, consult
the article "Try C++ Exception Handling" by Kent Sandvik (MacTech
Magazine, October 1995). For another view of C exceptions, see
"Living in an Exceptional World" by Sean Parent in develop Issue 11.
For information on the return values of Macintosh Toolbox
routines and the error codes, see the Inside Macintosh series,
Macintosh Programmer's Toolbox Assistant, and THINK Reference. You
can also look at the header file Errors.h.

Because C has no objects, when you read these publications, you can ignore all
discussions of object throwing, exception objects, construction, and
destruction.

AVI RAPPOPORT has degrees in medieval studies and library/information studies, so
she feels well qualified to work in the Macintosh software industry. In her job as user
advocate and publications coordinator at Metrowerks, she spent her time documenting
PowerPlant, making conference calls, and frantically trying to check CodeWarrior CDs
before they were burned. Avi now works at StarNine as product manager for messaging
products. She lives in Berkeley, California, with her Mac/Web scripter husband and
their four-year-old son -- all BMUG members.*

Thanks to Greg Dow, Pete Gontier, Tom Lippincott, and Jon Wätte for their C++
wizardry and personal patience, and to Pete and Tom for reviewing this article.*