Required error recovery mechanisms

[rcseacord]

Safety-related systems use a variety of recovery techniques, all of which should be allowed by these guidelines. Expressed another way, there shouldn't be any rules which prohibit any of the following approaches

     * Be able to recover by detecting and reporting the error, e.g. via panic.  This panic may be caught by a process monitor. 
    * Substitute an in range value for an out-of-range value (e.g., saturation semantics).
    * To terminate an optional operation that would result in an error: e.g., if (divisor != 0) { dividend / divisor }

[felix91gr]

I think I understand about 50% of what that means.

What I think I understand is that:

1. Rules should always allow all the 3 mentioned approaches for error recovery

   I hope I got this one right.

2. First approach: to be able to detect and report the error.
   This can be done in a number of ways.
   One of those is to panic and catching said panic with a process monitor.

   Meaning that, if the user could be panicking, means to handle a panic and respond to it must always be in place. Correct? @rcseacord

---

The other two approaches, I'm not sure I understand.

1. Substitute an in-range value for an out-of-range value (e.g., saturation semantics).

   What do you mean by this?

2. To terminate an optional operation that would result in an error: e.g., if (divisor != 0) { dividend / divisor }

   I don't understand what do you mean by this either.

Please use as many words as you'd like. I want to understand precisely what these lines mean.