skip to main content
research-article
Free Access

Exceptional situations and program reliability

Published:14 March 2008Publication History
Skip Abstract Section

Abstract

It is difficult to write programs that behave correctly in the presence of run-time errors. Proper behavior in the face of exceptional situations is important to the reliability of long-running programs. Existing programming language features often provide poor support for executing clean-up code and for restoring invariants.

We present a data-flow analysis for finding a certain class of exception-handling defects: those related to a failure to release resources or to clean up properly along all paths. Many real-world programs violate such resource usage rules because of incorrect exception handling. Our flow-sensitive analysis keeps track of outstanding obligations along program paths and does a precise modeling of control flow in the presence of exceptions. Using it, we have found over 1,300 exception handling defects in over 5 million lines of Java code.

Based on those defects we propose a programming language feature, the compensation stack, that keeps track of obligations at run time and ensures that they are discharged. We present a type system for compensation stacks that tracks collections of obligations. Finally, we present case studies to demonstrate that this feature is natural, efficient, and can improve reliability.

References

  1. Abrial, J.-R., Schuman, S. A., and Meyer, B. 1980. Specification language. In On the Construction of Programs. 343--410.Google ScholarGoogle Scholar
  2. Aho, A., Sethi, R., and Ullman, J. 1986. Compilers: Principles, Techniques and Tools. Addison-Wesley, Reading, MA. Google ScholarGoogle ScholarDigital LibraryDigital Library
  3. Alonso, G., Hagen, C., Agrawal, D., Abbadi, A. E., and Mohan, C. 2000. Enhancing the fault tolerance of workflow management systems. IEEE Concurr. 8, 3 (July), 74--81. Google ScholarGoogle ScholarDigital LibraryDigital Library
  4. Alonso, G., Kamath, M., Agrawal, D., Abbadi, A. E., Gunthor, R., and Mohan, C. 1994. Failure handling in large-scale workflow management systems. Tech. Rep. RJ9913, IBM Almaden Research Center, San Jose, CA. Nov.Google ScholarGoogle Scholar
  5. Ball, T. and Rajamani, S. K. 2001a. Automatically validating temporal safety properties of interfaces. In SPIN 2001, Workshop on Model Checking of Software. Lecture Notes in Computer Science, vol. 2057. Springer-Verlag, New York. 103--122. Google ScholarGoogle ScholarDigital LibraryDigital Library
  6. Ball, T. and Rajamani, S. K. 2001b. SLIC: A specification language for interface checking (of C). Tech. Rep. MSR-TR-2001-21, Microsoft Research.Google ScholarGoogle Scholar
  7. Boehm, H.-J. 2003. Destructors, finalizers and synchronization. In Proceedings of the Symposium on Principles of Programming Languages. ACM, New York. Google ScholarGoogle ScholarDigital LibraryDigital Library
  8. Borg, A., Blau, W., Graetsch, W., Herrmann, F., and Oberle, W. 1989. Fault tolerance under UNIX. ACM Trans. Comput. Syst. 7, 1 (Feb.). Google ScholarGoogle ScholarDigital LibraryDigital Library
  9. Brown, A. and Patterson, D. 2003. Undo for operators: Building an undoable e-mail store. In USENIX Annual Technical Conference. Google ScholarGoogle ScholarDigital LibraryDigital Library
  10. Bruntink, M., van Deursen, A., and Tourwé, T. 2006. Discovering faults in idiom-based exception handling. In ICSE '06: Proceeding of the 28th International Conference on Software Engineering. ACM, New York. 242--251. Google ScholarGoogle ScholarDigital LibraryDigital Library
  11. Burke, M., Choi, J., Fink, S., Grove, D., Hind, M., Sarkar, V., Serrano, M., Sreedhar, V., Srinivasan, H., and Whaley, J. 1999. The jalapeno dynamic optimizing compiler for Java. In Proceedings of the ACM 1999 Java Grande Conference (San Francisco, CA). ACM, New York. 129--141. Google ScholarGoogle ScholarDigital LibraryDigital Library
  12. Campione, M., Walrath, K., and Huml, A. 2000. The Java Tutorial. Addison-Wesley, Reading, MA.Google ScholarGoogle Scholar
  13. Candea, G., Delgado, M., Chen, M., and Fox, A. 2003. Automatic failure-path inference: A generic introspection technique for internet applications. In Proceedings of the IEEE Workshop on Internet Applications (San Jose, CA). IEEE Computer Society Press, Los Alamitos, CA. Google ScholarGoogle ScholarDigital LibraryDigital Library
  14. Cardelli, L. and Davies, R. 1999. Service combinators for web computing. Softw. Eng. 25, 3, 309--316. Google ScholarGoogle ScholarDigital LibraryDigital Library
  15. Cargill, T. 1994. Exception handling: A false sense of security. C++ Report 6, 9.Google ScholarGoogle Scholar
  16. Chang, B.-M., Jo, J.-W., Yi, K., and Choe, K.-M. 2001. Interprocedural exception analysis for Java. In SAC '01: Proceedings of the 2001 ACM Symposium on Applied Computing. ACM Press, New York. 620--625. Google ScholarGoogle ScholarDigital LibraryDigital Library
  17. Chatterjee, R., Ryder, B. G., and Landi, W. 2001. Complexity of points-to analysis of Java in the presence of exceptions. IEEE Trans. Software Eng. 27, 6, 481--512. Google ScholarGoogle ScholarDigital LibraryDigital Library
  18. Chen, M. Y., Kiciman, E., Fratkin, E., Fox, A., and Brewer, E. 2002. Pinpoint: Problem determination in large, dynamic Internet services. In Proceedings of the International Conference on Dependable Systems and Networks. IEEE Computer Society, Press, Los Alamitos, CA. 595--604. Google ScholarGoogle ScholarDigital LibraryDigital Library
  19. Choi, J.-D., Grove, D., Hind, M., and Sarkar, V. 1999. Efficient and precise modeling of exceptions for the analysis of Java programs. In PASTE '99: Proceedings of the 1999 ACM SIGPLAN-SIGSOFT Workshop on Program Analysis for Software Tools and Engineering. ACM, New York. 21--31. Google ScholarGoogle ScholarDigital LibraryDigital Library
  20. Cristian, F. 1982. Exception handling and software fault tolerance. IEEE Trans. Comput. 31, 6, 531--540. Google ScholarGoogle ScholarDigital LibraryDigital Library
  21. Cristian, F. 1987. Exception handling. Tech. Rep. RJ5724, IBM Research.Google ScholarGoogle Scholar
  22. Dan, A., Dias, D. M., Nguyen, T., Sachs, M., Shaikh, H., King, R., and Duri, S. 1998. The Coyote project: Framework for multi-party e-commerce. In Proceedings of ECDL. Lecture Notes in Computer Science, vol. 1513. Springer-Verlag, New York. 873--889. Google ScholarGoogle ScholarDigital LibraryDigital Library
  23. Das, M., Lerner, S., and Seigle, M. 2002. ESP: Path-sensitive program verification in polynomial time. SIGPLAN Notices 37, 5, 57--68. Google ScholarGoogle ScholarDigital LibraryDigital Library
  24. Dayal, U., Hsu, M., and Ladin, R. 1990. Organizing long-running activities with triggers and transactions. In Proceedings of ACM SIGMOD (Atlantic City, NJ). ACM, New York. 204--214. Google ScholarGoogle ScholarDigital LibraryDigital Library
  25. DeLine, R. and Fähndrich, M. 2001. Enforcing high-level protocols in low-level software. In Programming Language Design and Implementation. 59--69. Google ScholarGoogle ScholarDigital LibraryDigital Library
  26. Demsky, B. and Rinard, M. C. 2003. Automatic data structure repair for self-healing systems. In Proceedings of the ACM Conference on Object-Oriented Programming, Systems, Languages, and Applications. ACM, New York.Google ScholarGoogle Scholar
  27. Dony, C. 2001. A fully object-oriented exception handling system. In Advances in Exception Handling Techniques. Lecture Notes in Computer Science, vol. 2022. Springer-Verlag, New York. 18--38. Google ScholarGoogle ScholarDigital LibraryDigital Library
  28. Engler, D., Chelf, B., Chou, A., and Hallem, S. 2000. Checking system rules using system-specific, programmer-written compiler extensions. In Proceedings of the Symposium on Operating Systems Design and Implementation. Google ScholarGoogle ScholarDigital LibraryDigital Library
  29. Fähndrich, M. and DeLine, R. 2002. Adoption and focus: Practical linear types for imperative programming. In Proceedings of the ACM Conference on Programming Language Design and Implementation. ACM, New York. Google ScholarGoogle ScholarDigital LibraryDigital Library
  30. Fink, S., Yahav, E., Dor, N., Ramalingam, G., and Geay, E. 2006. Effective typestate verification in the presence of aliasing. In ISSTA '06: Proceedings of the 2006 International Symposium on Software Testing and Analysis. ACM, New York. 133--144. Google ScholarGoogle ScholarDigital LibraryDigital Library
  31. Fu, C., Milanova, A., Ryder, B. G., and Wonnacott, D. 2005. Robustness testing of Java server applications. IEEE Trans. Softw. Eng. 31, 4, 292--311. Google ScholarGoogle ScholarDigital LibraryDigital Library
  32. Fu, C., Ryder, B., Milanova, A., and Wannacott, D. 2004. Testing of Java web services for robustness. In Proceedings of the International Symposium on Software Testing and Analysis (ISSTA). Google ScholarGoogle ScholarDigital LibraryDigital Library
  33. Garcia-Molina, H. and Salem, K. 1987. Sagas. In Proceedings of the ACM Conference on Management of Data. ACM, New York. 249--259. Google ScholarGoogle ScholarDigital LibraryDigital Library
  34. Gay, D. and Aiken, A. 1998. Memory management with explicit regions. In Prog. Lang. Des. Implement. 313--323. Google ScholarGoogle ScholarDigital LibraryDigital Library
  35. General Services Administration. 1996. Telecommunications: Glossary of Telecommunication terms. Tech. Rep. Federal Standard 1037C, National Communications System Technology & Standards Division. Aug.Google ScholarGoogle Scholar
  36. Goodenough, J. B. 1975. Exception handling: issues and a proposed notation. Commun. ACM 18, 12, 683--696. Google ScholarGoogle ScholarDigital LibraryDigital Library
  37. Gosling, J., Joy, B., and Steele, G. L. 1996. The Java Language Specification. The Java Series. Addison-Wesley, Reading, MA. Google ScholarGoogle ScholarDigital LibraryDigital Library
  38. Gray, J. 1981. The transaction concept: virtues and limitations. In Proceedings of the International Conference on Very Large Data Bases (Cannes, France). ACM, New York. 144--154. Google ScholarGoogle ScholarDigital LibraryDigital Library
  39. Gupta, M., Choi, J.-D., and Hind, M. 2000. Optimizing Java programs in the presence of exceptions. In ECOOP '00: Proceedings of the 14th European Conference on Object-Oriented Programming (London, UK). 422--446. Google ScholarGoogle ScholarDigital LibraryDigital Library
  40. Hagen, C. and Alonso, G. 2000. Exception handling in workflow management systems. IEEE Trans. Software Engineering 26, 9 (Sept.), 943--959. Google ScholarGoogle ScholarDigital LibraryDigital Library
  41. Hauswirth, M. and Chilimbi, T. 2004. Low-overhead memory leak detection using adaptive statistical profiling. In Proceedings of the Symposium on Architectural Support for Programming Languages and Operating Systems (ASPLOS). Google ScholarGoogle ScholarDigital LibraryDigital Library
  42. Hejlsberg, A., Wilamuth, S., and Golde, P. 2003. The C# Programming Language. Addison-Wesley, Reading, MA. Google ScholarGoogle ScholarDigital LibraryDigital Library
  43. Hibernate. 2004. Object/relational mapping and transparent object persistence for Java and SQL databases. In http://www.hibernate.org/.Google ScholarGoogle Scholar
  44. Hopcroft, J. E., Motwani, R., and Ullman, J. D. 2000. Introduction to Automata Theory, Languages, and Computation (2nd Edition). Addison-Wesley. Google ScholarGoogle ScholarDigital LibraryDigital Library
  45. Hovemeyer, D. and Pugh, W. 2004. Finding bugs is easy. In OOPSLA '04: Companion to the 19th Annual ACM SIGPLAN Conference on Object-Oriented Programming Systems, Languages, and applications. ACM, New York. 132--136. Google ScholarGoogle ScholarDigital LibraryDigital Library
  46. Kildall, G. A. 1973. A unified approach to global program optimization. In Proceedings of the 1st Annual ACM SIGACT-SIGPLAN Symposium on Principles of Programming Languages. ACM, New York. 194--206. Google ScholarGoogle ScholarDigital LibraryDigital Library
  47. Korth, H. F., Levy, E., and Silberschatz, A. 1990. A formal approach to recovery by compensating transactions. VLDB J. 95--106. Google ScholarGoogle ScholarDigital LibraryDigital Library
  48. Liblit, B., Aiken, A., Zheng, A. X., and Jordan, M. I. 2003. Bug isolation via remote program sampling. In Programming Language Design and Implementation (San Diego, CA). Google ScholarGoogle ScholarDigital LibraryDigital Library
  49. Lindholm, T. and Yellin, F. 1997. The Java Virtual Machine Specification. The Java Series. Addison-Wesley, Reading, MA. Google ScholarGoogle ScholarDigital LibraryDigital Library
  50. Liskov, B. and Scheifler, R. 1983. Guardians and actions: Linguistic support for robust, distributed programs. ACM Trans. Prog. Lang. Syst. 5, 3 (July), 381--404. Google ScholarGoogle ScholarDigital LibraryDigital Library
  51. Liu, C., Orlowska, M. E., Lin, X., and Zhou, X. 2001. Improving backward recovery in workflow systems. In Proceedings of the Conference on Database Systems for Advanced Applications. Google ScholarGoogle ScholarDigital LibraryDigital Library
  52. Lowell, D. E., Chandra, S., and Chen, P. M. 2000. Exploring failure transparency and the limits of generic recovery. In Proceedings of the USENIX Symposium on Operating Systems Design and Implementation. Google ScholarGoogle ScholarDigital LibraryDigital Library
  53. Lowell, D. E. and Chen, P. M. 1998. Discount checking: transparent, low-overhead recovery for general applications. Tech. Rep. CSE-TR-410-99, University of Michigan. Nov.Google ScholarGoogle Scholar
  54. Malayeri, D. and Aldrich, J. 2006. Practical exception specifications. In Advanced Topics in Exception Handling Techniques, C. Dony, J. L. Knudsen, A. B. Romanovsky, and A. Tripathi, Eds. Lecture Notes in Computer Science, vol. 4119. Springer-Verlag, New York. 200--220. Google ScholarGoogle ScholarDigital LibraryDigital Library
  55. Miller, R. and Tripathi, A. 1997. Issues with exception handling in object-oriented systems. In Proceedings of the 11th European Conference on Object-Oriented Programming (ECOOP). 85--103.Google ScholarGoogle Scholar
  56. Necula, G. C., McPeak, S., Rahul, S. P., and Weimer, W. 2002. Cil: An infrastructure for C program analysis and transformation. In Proceedings of the International Conference on Compiler Construction. 213--228. Google ScholarGoogle ScholarDigital LibraryDigital Library
  57. Necula, G. C., McPeak, S., and Weimer, W. 2002. CCured: Type-safe retrofitting of legacy code. In Proceedings of the ACM Symposium on Principles of Programming Languages. ACM, New York. 128--139. Google ScholarGoogle ScholarDigital LibraryDigital Library
  58. Odersky, M. and Wadler, P. 1997. Pizza into Java: Translating theory into practice. In Proceedings of the ACM Symposium on Principles of Programming Languages. ACM, New York. 146-- 159. Google ScholarGoogle ScholarDigital LibraryDigital Library
  59. O'Hanley, J. 2005. Always close streams. In http://www.javapractices.com/.Google ScholarGoogle Scholar
  60. Perry, E. H., Sanko, M., Wright, B., and Pfaeffle, T. 2002. Oracle9i JDBC developer's guide and reference. Tech. Rep. A96654-01 (Release 2 (9.2)), http://www.oracle.com. Mar.Google ScholarGoogle Scholar
  61. Reimer, D., Schonberg, E., Srinivas, K., Srinivasan, H., Alpern, B., Johnson, R. D., Kershenbaum, A., and Koved, L. 2004. Saber: Smart analysis based error reduction. SIGSOFT Softw. Eng. Notes 29, 4, 243--251. Google ScholarGoogle ScholarDigital LibraryDigital Library
  62. Reps, T., Horwitz, S., and Sagiv, M. 1995. Precise interprocedural dataflow analysis via graph reachability. In Conference Record of POPL '95: 22nd ACM SIGPLAN-SIGACT Symposium on Principles of Programming Languages (San Francisco, CA). ACM, New York. 49--61. Google ScholarGoogle ScholarDigital LibraryDigital Library
  63. Robillard, M. P. and Murphy, G. C. 2003. Static analysis to support the evolution of exception structure in object-oriented systems. ACM Trans. Softw. Eng. Methodol. 12, 2, 191--221. Google ScholarGoogle ScholarDigital LibraryDigital Library
  64. Ryder, B. G., Smith, D., Kremer, U., Gordon, M., and Shah, N. 2000. A static study of Java exceptions using jesp. In CC '00: Proceedings of the 9th International Conference on Compiler Construction (London, UK). Springer-Verlag, New York. 67--81. Google ScholarGoogle ScholarDigital LibraryDigital Library
  65. Savage, S., Burrows, M., Nelson, G., Sobalvarro, P., and Anderson, T. 1997. Eraser: A dynamic data race detector for multithreaded programs. ACM Trans. Comput. Syst. 15, 4, 391--411. Google ScholarGoogle ScholarDigital LibraryDigital Library
  66. Schmuck, F. and Wyllie, J. 1991. Experience with transactions in QuickSilver. In Proceedings of the 13th ACM SIGOPS Symposium on Operating Systems Principles. ACM, New York. 239-- 253. Google ScholarGoogle ScholarDigital LibraryDigital Library
  67. Seltzer, M. I., Endo, Y., Small, C., and Smith, K. A. 1996. Dealing with disaster: Surviving misbehaved kernel extensions. In Proceedings of the Symposium on Operating Systems Design and Implementation (Seattle, WA). 213--227. Google ScholarGoogle ScholarDigital LibraryDigital Library
  68. Shapiro, J. S., Smith, J. M., and Farber, D. J. 1999. EROS: A fast capability system. In Proceedings of the Symposium on Operating Systems Principles. 170--185. Google ScholarGoogle ScholarDigital LibraryDigital Library
  69. Sinha, S. and Harrold, M. J. 1999. Criteria for testing exception-handling constructs in Java programs. In Proceedings of the International Conference on Software Maintenance (ICSM'99) (Oxford, England, UK, August 30--September 3). IEEE Computer Society, Online publication: http://computer.org/proceedings/icsm/0016/0016toc.htm, 265--276. Google ScholarGoogle ScholarDigital LibraryDigital Library
  70. Sinha, S. and Harrold, M. J. 2000. Analysis and testing of programs with exception handling constructs. IEEE Trans. Softw. Eng. 26, 9, 849--871. Google ScholarGoogle ScholarDigital LibraryDigital Library
  71. Sinha, S., Orso, A., and Harrold, M. J. 2004. Automated support for development, maintenance, and testing in the presence of implicit control flow. In Proceedings of the 27th International Conference on Software Engineering (ICSE 2005) (St. Louis, MO, May 15--21). ACM, New York. 336--345. Google ScholarGoogle ScholarDigital LibraryDigital Library
  72. SourceForge.net. 2003. About SourceForge.net (document A1). http://sourceforge.net. Tech. rep.Google ScholarGoogle Scholar
  73. Stallman, R., Pesch, R., and Shebs, S. 2002. Debugging with GDB. Free Software Foundation.Google ScholarGoogle Scholar
  74. Stroustrup, B. 1991. The C++ Programming Language (second edition). Addison-Wesley, Reading, MA. Google ScholarGoogle ScholarDigital LibraryDigital Library
  75. Sun Microsystems. 2001. Java pet store 1.1.2 blueprint application. http://java.sun.com/blueprints/code/. Tech. rep.Google ScholarGoogle Scholar
  76. Tofte, M. and Talpin, J.-P. 1997. Region-based memory management. Inf. Comput. Google ScholarGoogle ScholarDigital LibraryDigital Library
  77. Valetto, G. and Kaiser, G. 2002. A case study in software adaptation. In Proceedings of the ACM Workshop on Self-Healing Systems (WOSS '02). 73--78. Google ScholarGoogle ScholarDigital LibraryDigital Library
  78. van der Wal, S. 2002. Creating the C++ auto_ptr<> utility for Symbian OS. Tech. rep., http://www.symbian.com/developer/techlib/. Aug.Google ScholarGoogle Scholar
  79. Wagner, D., Foster, J. S., Brewer, E. A., and Aiken, A. 2000. A first step towards automated detection of buffer overrun vulnerabilities. In Proceedings of the Networking and Distributed System Security Symposium 2000 (San Diego, CA).Google ScholarGoogle Scholar
  80. Weimer, W. and Necula, G. C. 2004. Finding and preventing run-time error handling mistakes. In OOPSLA '04: Proceedings of the 19th Annual ACM SIGPLAN Conference on Object-Oriented Programming, Systems, Languages, and Applications. ACM, New York. 419--431. Google ScholarGoogle ScholarDigital LibraryDigital Library
  81. Weimer, W. and Necula, G. C. 2005. Mining temporal specifications for error detection. Lecture Notes in Computer Science, vol. 3440. Springer-Verlag, New York. 461--476. Google ScholarGoogle ScholarDigital LibraryDigital Library

Index Terms

  1. Exceptional situations and program reliability

                      Recommendations

                      Comments

                      Login options

                      Check if you have access through your login credentials or your institution to get full access on this article.

                      Sign in

                      Full Access

                      PDF Format

                      View or Download as a PDF file.

                      PDF

                      eReader

                      View online with eReader.

                      eReader
                      About Cookies On This Site

                      We use cookies to ensure that we give you the best experience on our website.

                      Learn more

                      Got it!