Abstract
It is difficult to write programs that behave correctly in the presence of run-time errors. Proper behavior in the face of exceptional situations is important to the reliability of long-running programs. Existing programming language features often provide poor support for executing clean-up code and for restoring invariants.
We present a data-flow analysis for finding a certain class of exception-handling defects: those related to a failure to release resources or to clean up properly along all paths. Many real-world programs violate such resource usage rules because of incorrect exception handling. Our flow-sensitive analysis keeps track of outstanding obligations along program paths and does a precise modeling of control flow in the presence of exceptions. Using it, we have found over 1,300 exception handling defects in over 5 million lines of Java code.
Based on those defects we propose a programming language feature, the compensation stack, that keeps track of obligations at run time and ensures that they are discharged. We present a type system for compensation stacks that tracks collections of obligations. Finally, we present case studies to demonstrate that this feature is natural, efficient, and can improve reliability.
- Abrial, J.-R., Schuman, S. A., and Meyer, B. 1980. Specification language. In On the Construction of Programs. 343--410.Google Scholar
- Aho, A., Sethi, R., and Ullman, J. 1986. Compilers: Principles, Techniques and Tools. Addison-Wesley, Reading, MA. Google Scholar
Digital Library
- Alonso, G., Hagen, C., Agrawal, D., Abbadi, A. E., and Mohan, C. 2000. Enhancing the fault tolerance of workflow management systems. IEEE Concurr. 8, 3 (July), 74--81. Google Scholar
Digital Library
- Alonso, G., Kamath, M., Agrawal, D., Abbadi, A. E., Gunthor, R., and Mohan, C. 1994. Failure handling in large-scale workflow management systems. Tech. Rep. RJ9913, IBM Almaden Research Center, San Jose, CA. Nov.Google Scholar
- Ball, T. and Rajamani, S. K. 2001a. Automatically validating temporal safety properties of interfaces. In SPIN 2001, Workshop on Model Checking of Software. Lecture Notes in Computer Science, vol. 2057. Springer-Verlag, New York. 103--122. Google Scholar
Digital Library
- Ball, T. and Rajamani, S. K. 2001b. SLIC: A specification language for interface checking (of C). Tech. Rep. MSR-TR-2001-21, Microsoft Research.Google Scholar
- Boehm, H.-J. 2003. Destructors, finalizers and synchronization. In Proceedings of the Symposium on Principles of Programming Languages. ACM, New York. Google Scholar
Digital Library
- Borg, A., Blau, W., Graetsch, W., Herrmann, F., and Oberle, W. 1989. Fault tolerance under UNIX. ACM Trans. Comput. Syst. 7, 1 (Feb.). Google Scholar
Digital Library
- Brown, A. and Patterson, D. 2003. Undo for operators: Building an undoable e-mail store. In USENIX Annual Technical Conference. Google Scholar
Digital Library
- Bruntink, M., van Deursen, A., and Tourwé, T. 2006. Discovering faults in idiom-based exception handling. In ICSE '06: Proceeding of the 28th International Conference on Software Engineering. ACM, New York. 242--251. Google Scholar
Digital Library
- Burke, M., Choi, J., Fink, S., Grove, D., Hind, M., Sarkar, V., Serrano, M., Sreedhar, V., Srinivasan, H., and Whaley, J. 1999. The jalapeno dynamic optimizing compiler for Java. In Proceedings of the ACM 1999 Java Grande Conference (San Francisco, CA). ACM, New York. 129--141. Google Scholar
Digital Library
- Campione, M., Walrath, K., and Huml, A. 2000. The Java Tutorial. Addison-Wesley, Reading, MA.Google Scholar
- Candea, G., Delgado, M., Chen, M., and Fox, A. 2003. Automatic failure-path inference: A generic introspection technique for internet applications. In Proceedings of the IEEE Workshop on Internet Applications (San Jose, CA). IEEE Computer Society Press, Los Alamitos, CA. Google Scholar
Digital Library
- Cardelli, L. and Davies, R. 1999. Service combinators for web computing. Softw. Eng. 25, 3, 309--316. Google Scholar
Digital Library
- Cargill, T. 1994. Exception handling: A false sense of security. C++ Report 6, 9.Google Scholar
- Chang, B.-M., Jo, J.-W., Yi, K., and Choe, K.-M. 2001. Interprocedural exception analysis for Java. In SAC '01: Proceedings of the 2001 ACM Symposium on Applied Computing. ACM Press, New York. 620--625. Google Scholar
Digital Library
- Chatterjee, R., Ryder, B. G., and Landi, W. 2001. Complexity of points-to analysis of Java in the presence of exceptions. IEEE Trans. Software Eng. 27, 6, 481--512. Google Scholar
Digital Library
- Chen, M. Y., Kiciman, E., Fratkin, E., Fox, A., and Brewer, E. 2002. Pinpoint: Problem determination in large, dynamic Internet services. In Proceedings of the International Conference on Dependable Systems and Networks. IEEE Computer Society, Press, Los Alamitos, CA. 595--604. Google Scholar
Digital Library
- Choi, J.-D., Grove, D., Hind, M., and Sarkar, V. 1999. Efficient and precise modeling of exceptions for the analysis of Java programs. In PASTE '99: Proceedings of the 1999 ACM SIGPLAN-SIGSOFT Workshop on Program Analysis for Software Tools and Engineering. ACM, New York. 21--31. Google Scholar
Digital Library
- Cristian, F. 1982. Exception handling and software fault tolerance. IEEE Trans. Comput. 31, 6, 531--540. Google Scholar
Digital Library
- Cristian, F. 1987. Exception handling. Tech. Rep. RJ5724, IBM Research.Google Scholar
- Dan, A., Dias, D. M., Nguyen, T., Sachs, M., Shaikh, H., King, R., and Duri, S. 1998. The Coyote project: Framework for multi-party e-commerce. In Proceedings of ECDL. Lecture Notes in Computer Science, vol. 1513. Springer-Verlag, New York. 873--889. Google Scholar
Digital Library
- Das, M., Lerner, S., and Seigle, M. 2002. ESP: Path-sensitive program verification in polynomial time. SIGPLAN Notices 37, 5, 57--68. Google Scholar
Digital Library
- Dayal, U., Hsu, M., and Ladin, R. 1990. Organizing long-running activities with triggers and transactions. In Proceedings of ACM SIGMOD (Atlantic City, NJ). ACM, New York. 204--214. Google Scholar
Digital Library
- DeLine, R. and Fähndrich, M. 2001. Enforcing high-level protocols in low-level software. In Programming Language Design and Implementation. 59--69. Google Scholar
Digital Library
- Demsky, B. and Rinard, M. C. 2003. Automatic data structure repair for self-healing systems. In Proceedings of the ACM Conference on Object-Oriented Programming, Systems, Languages, and Applications. ACM, New York.Google Scholar
- Dony, C. 2001. A fully object-oriented exception handling system. In Advances in Exception Handling Techniques. Lecture Notes in Computer Science, vol. 2022. Springer-Verlag, New York. 18--38. Google Scholar
Digital Library
- Engler, D., Chelf, B., Chou, A., and Hallem, S. 2000. Checking system rules using system-specific, programmer-written compiler extensions. In Proceedings of the Symposium on Operating Systems Design and Implementation. Google Scholar
Digital Library
- Fähndrich, M. and DeLine, R. 2002. Adoption and focus: Practical linear types for imperative programming. In Proceedings of the ACM Conference on Programming Language Design and Implementation. ACM, New York. Google Scholar
Digital Library
- Fink, S., Yahav, E., Dor, N., Ramalingam, G., and Geay, E. 2006. Effective typestate verification in the presence of aliasing. In ISSTA '06: Proceedings of the 2006 International Symposium on Software Testing and Analysis. ACM, New York. 133--144. Google Scholar
Digital Library
- Fu, C., Milanova, A., Ryder, B. G., and Wonnacott, D. 2005. Robustness testing of Java server applications. IEEE Trans. Softw. Eng. 31, 4, 292--311. Google Scholar
Digital Library
- Fu, C., Ryder, B., Milanova, A., and Wannacott, D. 2004. Testing of Java web services for robustness. In Proceedings of the International Symposium on Software Testing and Analysis (ISSTA). Google Scholar
Digital Library
- Garcia-Molina, H. and Salem, K. 1987. Sagas. In Proceedings of the ACM Conference on Management of Data. ACM, New York. 249--259. Google Scholar
Digital Library
- Gay, D. and Aiken, A. 1998. Memory management with explicit regions. In Prog. Lang. Des. Implement. 313--323. Google Scholar
Digital Library
- General Services Administration. 1996. Telecommunications: Glossary of Telecommunication terms. Tech. Rep. Federal Standard 1037C, National Communications System Technology & Standards Division. Aug.Google Scholar
- Goodenough, J. B. 1975. Exception handling: issues and a proposed notation. Commun. ACM 18, 12, 683--696. Google Scholar
Digital Library
- Gosling, J., Joy, B., and Steele, G. L. 1996. The Java Language Specification. The Java Series. Addison-Wesley, Reading, MA. Google Scholar
Digital Library
- Gray, J. 1981. The transaction concept: virtues and limitations. In Proceedings of the International Conference on Very Large Data Bases (Cannes, France). ACM, New York. 144--154. Google Scholar
Digital Library
- Gupta, M., Choi, J.-D., and Hind, M. 2000. Optimizing Java programs in the presence of exceptions. In ECOOP '00: Proceedings of the 14th European Conference on Object-Oriented Programming (London, UK). 422--446. Google Scholar
Digital Library
- Hagen, C. and Alonso, G. 2000. Exception handling in workflow management systems. IEEE Trans. Software Engineering 26, 9 (Sept.), 943--959. Google Scholar
Digital Library
- Hauswirth, M. and Chilimbi, T. 2004. Low-overhead memory leak detection using adaptive statistical profiling. In Proceedings of the Symposium on Architectural Support for Programming Languages and Operating Systems (ASPLOS). Google Scholar
Digital Library
- Hejlsberg, A., Wilamuth, S., and Golde, P. 2003. The C# Programming Language. Addison-Wesley, Reading, MA. Google Scholar
Digital Library
- Hibernate. 2004. Object/relational mapping and transparent object persistence for Java and SQL databases. In http://www.hibernate.org/.Google Scholar
- Hopcroft, J. E., Motwani, R., and Ullman, J. D. 2000. Introduction to Automata Theory, Languages, and Computation (2nd Edition). Addison-Wesley. Google Scholar
Digital Library
- Hovemeyer, D. and Pugh, W. 2004. Finding bugs is easy. In OOPSLA '04: Companion to the 19th Annual ACM SIGPLAN Conference on Object-Oriented Programming Systems, Languages, and applications. ACM, New York. 132--136. Google Scholar
Digital Library
- Kildall, G. A. 1973. A unified approach to global program optimization. In Proceedings of the 1st Annual ACM SIGACT-SIGPLAN Symposium on Principles of Programming Languages. ACM, New York. 194--206. Google Scholar
Digital Library
- Korth, H. F., Levy, E., and Silberschatz, A. 1990. A formal approach to recovery by compensating transactions. VLDB J. 95--106. Google Scholar
Digital Library
- Liblit, B., Aiken, A., Zheng, A. X., and Jordan, M. I. 2003. Bug isolation via remote program sampling. In Programming Language Design and Implementation (San Diego, CA). Google Scholar
Digital Library
- Lindholm, T. and Yellin, F. 1997. The Java Virtual Machine Specification. The Java Series. Addison-Wesley, Reading, MA. Google Scholar
Digital Library
- Liskov, B. and Scheifler, R. 1983. Guardians and actions: Linguistic support for robust, distributed programs. ACM Trans. Prog. Lang. Syst. 5, 3 (July), 381--404. Google Scholar
Digital Library
- Liu, C., Orlowska, M. E., Lin, X., and Zhou, X. 2001. Improving backward recovery in workflow systems. In Proceedings of the Conference on Database Systems for Advanced Applications. Google Scholar
Digital Library
- Lowell, D. E., Chandra, S., and Chen, P. M. 2000. Exploring failure transparency and the limits of generic recovery. In Proceedings of the USENIX Symposium on Operating Systems Design and Implementation. Google Scholar
Digital Library
- Lowell, D. E. and Chen, P. M. 1998. Discount checking: transparent, low-overhead recovery for general applications. Tech. Rep. CSE-TR-410-99, University of Michigan. Nov.Google Scholar
- Malayeri, D. and Aldrich, J. 2006. Practical exception specifications. In Advanced Topics in Exception Handling Techniques, C. Dony, J. L. Knudsen, A. B. Romanovsky, and A. Tripathi, Eds. Lecture Notes in Computer Science, vol. 4119. Springer-Verlag, New York. 200--220. Google Scholar
Digital Library
- Miller, R. and Tripathi, A. 1997. Issues with exception handling in object-oriented systems. In Proceedings of the 11th European Conference on Object-Oriented Programming (ECOOP). 85--103.Google Scholar
- Necula, G. C., McPeak, S., Rahul, S. P., and Weimer, W. 2002. Cil: An infrastructure for C program analysis and transformation. In Proceedings of the International Conference on Compiler Construction. 213--228. Google Scholar
Digital Library
- Necula, G. C., McPeak, S., and Weimer, W. 2002. CCured: Type-safe retrofitting of legacy code. In Proceedings of the ACM Symposium on Principles of Programming Languages. ACM, New York. 128--139. Google Scholar
Digital Library
- Odersky, M. and Wadler, P. 1997. Pizza into Java: Translating theory into practice. In Proceedings of the ACM Symposium on Principles of Programming Languages. ACM, New York. 146-- 159. Google Scholar
Digital Library
- O'Hanley, J. 2005. Always close streams. In http://www.javapractices.com/.Google Scholar
- Perry, E. H., Sanko, M., Wright, B., and Pfaeffle, T. 2002. Oracle9i JDBC developer's guide and reference. Tech. Rep. A96654-01 (Release 2 (9.2)), http://www.oracle.com. Mar.Google Scholar
- Reimer, D., Schonberg, E., Srinivas, K., Srinivasan, H., Alpern, B., Johnson, R. D., Kershenbaum, A., and Koved, L. 2004. Saber: Smart analysis based error reduction. SIGSOFT Softw. Eng. Notes 29, 4, 243--251. Google Scholar
Digital Library
- Reps, T., Horwitz, S., and Sagiv, M. 1995. Precise interprocedural dataflow analysis via graph reachability. In Conference Record of POPL '95: 22nd ACM SIGPLAN-SIGACT Symposium on Principles of Programming Languages (San Francisco, CA). ACM, New York. 49--61. Google Scholar
Digital Library
- Robillard, M. P. and Murphy, G. C. 2003. Static analysis to support the evolution of exception structure in object-oriented systems. ACM Trans. Softw. Eng. Methodol. 12, 2, 191--221. Google Scholar
Digital Library
- Ryder, B. G., Smith, D., Kremer, U., Gordon, M., and Shah, N. 2000. A static study of Java exceptions using jesp. In CC '00: Proceedings of the 9th International Conference on Compiler Construction (London, UK). Springer-Verlag, New York. 67--81. Google Scholar
Digital Library
- Savage, S., Burrows, M., Nelson, G., Sobalvarro, P., and Anderson, T. 1997. Eraser: A dynamic data race detector for multithreaded programs. ACM Trans. Comput. Syst. 15, 4, 391--411. Google Scholar
Digital Library
- Schmuck, F. and Wyllie, J. 1991. Experience with transactions in QuickSilver. In Proceedings of the 13th ACM SIGOPS Symposium on Operating Systems Principles. ACM, New York. 239-- 253. Google Scholar
Digital Library
- Seltzer, M. I., Endo, Y., Small, C., and Smith, K. A. 1996. Dealing with disaster: Surviving misbehaved kernel extensions. In Proceedings of the Symposium on Operating Systems Design and Implementation (Seattle, WA). 213--227. Google Scholar
Digital Library
- Shapiro, J. S., Smith, J. M., and Farber, D. J. 1999. EROS: A fast capability system. In Proceedings of the Symposium on Operating Systems Principles. 170--185. Google Scholar
Digital Library
- Sinha, S. and Harrold, M. J. 1999. Criteria for testing exception-handling constructs in Java programs. In Proceedings of the International Conference on Software Maintenance (ICSM'99) (Oxford, England, UK, August 30--September 3). IEEE Computer Society, Online publication: http://computer.org/proceedings/icsm/0016/0016toc.htm, 265--276. Google Scholar
Digital Library
- Sinha, S. and Harrold, M. J. 2000. Analysis and testing of programs with exception handling constructs. IEEE Trans. Softw. Eng. 26, 9, 849--871. Google Scholar
Digital Library
- Sinha, S., Orso, A., and Harrold, M. J. 2004. Automated support for development, maintenance, and testing in the presence of implicit control flow. In Proceedings of the 27th International Conference on Software Engineering (ICSE 2005) (St. Louis, MO, May 15--21). ACM, New York. 336--345. Google Scholar
Digital Library
- SourceForge.net. 2003. About SourceForge.net (document A1). http://sourceforge.net. Tech. rep.Google Scholar
- Stallman, R., Pesch, R., and Shebs, S. 2002. Debugging with GDB. Free Software Foundation.Google Scholar
- Stroustrup, B. 1991. The C++ Programming Language (second edition). Addison-Wesley, Reading, MA. Google Scholar
Digital Library
- Sun Microsystems. 2001. Java pet store 1.1.2 blueprint application. http://java.sun.com/blueprints/code/. Tech. rep.Google Scholar
- Tofte, M. and Talpin, J.-P. 1997. Region-based memory management. Inf. Comput. Google Scholar
Digital Library
- Valetto, G. and Kaiser, G. 2002. A case study in software adaptation. In Proceedings of the ACM Workshop on Self-Healing Systems (WOSS '02). 73--78. Google Scholar
Digital Library
- van der Wal, S. 2002. Creating the C++ auto_ptr<> utility for Symbian OS. Tech. rep., http://www.symbian.com/developer/techlib/. Aug.Google Scholar
- Wagner, D., Foster, J. S., Brewer, E. A., and Aiken, A. 2000. A first step towards automated detection of buffer overrun vulnerabilities. In Proceedings of the Networking and Distributed System Security Symposium 2000 (San Diego, CA).Google Scholar
- Weimer, W. and Necula, G. C. 2004. Finding and preventing run-time error handling mistakes. In OOPSLA '04: Proceedings of the 19th Annual ACM SIGPLAN Conference on Object-Oriented Programming, Systems, Languages, and Applications. ACM, New York. 419--431. Google Scholar
Digital Library
- Weimer, W. and Necula, G. C. 2005. Mining temporal specifications for error detection. Lecture Notes in Computer Science, vol. 3440. Springer-Verlag, New York. 461--476. Google Scholar
Digital Library
Index Terms
Exceptional situations and program reliability
Recommendations
Static analysis to support the evolution of exception structure in object-oriented systems
Exception-handling mechanisms in modern programming languages provide a means to help software developers build robust applications by separating the normal control flow of a program from the control flow of the program under exceptional situations. ...
Low-cost deterministic C++ exceptions for embedded systems
CC 2019: Proceedings of the 28th International Conference on Compiler ConstructionThe C++ programming language offers a strong exception mechanism for error handling at the language level, improving code readability, safety, and maintainability. However, current C++ implementations are targeted at general-purpose systems, often ...






Comments