+
+
+Testing
+-------
+
+The tests work by mocking out parts of Dinit, and some system calls, in order to isolate
+functional units. In the src/tests/test-includes directory are three mock headers. When compiling
+tests, the src/tests/includes directory is populated with (linked) copies of the standard headers
+from src/include, but with mocked headers taken from src/tests/test-includes instead.
+
+Note that systems calls are not mocked directly, instead:
+
+ - system calls are wrapped in the bp_sys namespace, as defined in the baseproc-sys.h header;
+ - for testing, the header is replaced with a mock header.
+
+(This avoids problems that might arise from replacing important system calls, and in
+particular avoids interfering with the test harness itself).
+
+It is important when writing new code in Dinit to avoid calling system calls directly, and to
+instead call the wrapper in bp_sys.
+
+
+Exception safety, error handling
+--------------------------------
+
+In general operation Dinit methods should avoid throwing exceptions and be declared as 'noexcept',
+or otherwise be clearly documented as throwing exceptions. Errors should always be handled as
+gracefully as possible and should not prevent Dinit's continued operation. Particular care is
+needed for dynamic allocations: C++ style allocations (including adding elements to C++
+containers) will raise 'std::bad_alloc' if they cannot allocate memory, and this must be handled
+appropriately. Once it has started regular operation, Dinit must not terminate due to an error
+condition, even if the error is an allocation failure.