Crash protection
-=-=-=-=-=-=-=-=

From the moment a program starts up under tornado, it comes under the
protective wing of Tornado. From now on, there are very few ways programs can
lock up the machine [1].

Tornado monitors all filing system operations done by the app/program, and
closes any files that are still open when an app/program terminates (unless
vetoed by a service call or wimp service message broadcast). Also, it
installs handlers to deal with Undefined instructions, Prefetch aborts, Data
aborts, Address exceptions, Branch through zeros, CAO exiting errors, normal
errors and when OS_Exit is called.
   For Undefined instructions, Prefetch aborts, Data aborts, Address
exceptions, Branch through zeros and CAO exiting errors, preemption is halted
on that task, control removed and a window is displayed telling the user that
this fatal error has occurred, and asking what should be done about it. The
user then has the option to save out any files currently loaded into that
app, or to save them into a temporary space and restart the app, which will
then reload in those files, or to ignore the error and continue (in which
case you'll get the usual error box, and lose your files). For normal errors,
usually the task has its own error handler installed to deal with these
errors, but it may request that this operation be automated.
   For OS_Exit being called before Tornado_Closedown, tornado cleans up,
again by asking the user about any unsaved files etc. etc.

There is also another level of protection: If the task goes into a
never-ending loop, and if the messages waiting for it exceed a certain value,
a message pops up to the user indicating that it is most likely that the task
has crashed, and does the user wish to terminate the task.

This leaves only a few ways left of locking up the machine, ie; the ones
which would usually cause a full reset to get out of them. Due to the
structure of the RISC-OS kernel, it's _very_ difficult to get around these,
but I'm sure you'll agree that the proposals above with certainly help no
end.
