Implementation of blocking coordinated atomic actions based on forward error recovery

The coordinated atomic action concept was proposed as a means for providing fault tolerance in complex objectoriented systems that incorporate both cooperative and competitive concurrency. This paper has two purposes: to discuss a particular implementation of this concept and to address a number of the implementation issues that are common to any experiments with this concept. Our implementation relies on a detailed set of programming conventions for the standard Ada 95 language and uses a scheme of forward error recovery incorporating concurrent exception handling and resolution. Ada 95 has a number of unique features which make it a particularly good choice for our experiments. We believe that our approach is practical and useful for many critical applications with high dependability requirements.     

The guardian model and primitives for exception handling in distributed systems

This work presents an abstraction called guardian for exception handling in distributed and concurrent systems that use coordinated exception handling. This model addresses two fundamental problems with distributed exception handling in a group of asynchronous processes. The first is to perform recovery when multiple exceptions are concurrently signaled. The second is to determine the correct context in which a process should execute its exception handling actions. Several schemes have been proposed in the past to address these problems. These are based on structuring a distributed program as atomic actions based on conversations or transactions and resolving multiple concurrent exceptions into a single one. The guardian in a distributed program represents the abstraction of a global exception handler, which encapsulates rules for handling concurrent exceptions and directing each process to the semantically correct context for executing its recovery actions. Its programming primitives and the underlying distributed execution model are presented here. In contrast to the existing approaches, this model is more basic and can be used to implement or enhance the existing schemes. Using several examples we illustrate the capabilities of this model. Finally, its advantages and limitations are discussed in contrast to existing approaches.     

Static analysis of exception handling in Ada

Since the signature of an Ada subprogram does not specify the set of exceptions that the subprogram can propagate, computing the set of exceptions that a subprogram may encounter is not a trivial task. This is a source of error in large Ada systems: for example, a subprogram may not be prepared to handle an exception propagated from another subprogram several layers lower in the call-tree. In a large system, the number of paths in exceptional processing is so great that it is unlikely that testing will uncover all errors in inter-procedural exception handling. Nor are compilers or code inspections likely to locate all such errors. Exception handling is an area where static analysis has a high potential payoff for systems with high reliability requirements. We discuss fundamental notions in computing exception propagation and describe an analysis tool that has proved to be effective in detecting inconsistencies in the exception-handling code of Ada applications.     

Implementing atomic actions in Ada 95

Atomic actions are an important dynamic structuring technique that aid the construction of fault-tolerant concurrent systems. Although they were developed some years ago, none of the well-known commercially-available programming languages directly support their use. This paper summarizes software fault tolerance techniques for concurrent systems, evaluates the Ada 95 programming language from the perspective of its support for software fault tolerance, and shows how Ada 95 can be used to implement software fault tolerance techniques. In particular, it shows how packages, protected objects, requeue, exceptions, asynchronous transfer of control, tagged types, and controlled types can be used as building blocks from which to construct atomic actions with forward and backward error recovery, which are resilient to deserter tasks and task abortion     

Formalization of an architectural model for exception handling coordination based on CA action concepts

Architectures based on Coordinated Atomic action (CA action) concepts have been used to build concurrent fault-tolerant systems. This conceptual model combines concurrent exception handling with action nesting to provide a general mechanism for both enclosing interactions among system components and coordinating forward error recovery measures. This article presents an architectural model to guide the formal specification of concurrent fault-tolerant systems. This architecture provides built-inCommunicating Sequential Processes (CSPs) and predefined channels to coordinate exception handling of the user-defined components. Hence some safety properties concerning action scoping and concurrent exception handling can be proved by using the FDR (Failure Divergence Refinement) verification tool. As a result, a formal and general architecture supporting software fault tolerance is ready to be used and proved as users define components with normal and exceptional behaviors.     

Data-oriented exception handling

Exception handling mechanisms were added to programming languages to segregate normal algorithmic processing from error processing. However, handlers which are typically associated with exceptions through a program's control features, clutter source text when features are nested or when different objects require different responses to exceptions. The authors describe a method for associating handlers with data objects in declarations that better segregates algorithmic and error processing. They call their notion data-oriented exception handling to distinguish it from more conventional, control-oriented mechanisms. Empirical studies of Ada programs indicate that conventional exception handling mechanisms are more complex than necessary and that data-oriented exception handling can be used to produce programs that are smaller, better structured, and easier to understand and modify     

Improving reliability of cooperative concurrent systems with exception flow analysis

Developers of fault-tolerant distributed systems need to guarantee that fault tolerance mechanisms they build are in themselves reliable. Otherwise, these mechanisms might in the end negatively affect overall system dependability, thus defeating the purpose of introducing fault tolerance into the system. To achieve the desired levels of reliability, mechanisms for detecting and handling errors should be developed rigorously or formally. We present an approach to modeling and verifying fault-tolerant distributed systems that use exception handling as the main fault tolerance mechanism. In the proposed approach, a formal model is employed to specify the structure of a system in terms of cooperating participants that handle exceptions in a coordinated manner, and coordinated atomic actions serve as representatives of mechanisms for exception handling in concurrent systems. We validate the approach through two case studies: (i) a system responsible for managing a production cell, and (ii) a medical control system. In both systems, the proposed approach has helped us to uncover design faults in the form of implicit assumptions and omissions in the original specifications.     

Web interface-driven cooperative exception handling in ADOME workflow management system

Exception handling in workflow management systems (WFMSs) is a very important problem since it is not possible to specify all possible outcomes and alternatives. Effective reuse of existing exception handlers can greatly help in dealing with workflow exceptions. On the other hand, cooperative support for user-driven computer supported resolution of unexpected exceptions and workflow evolution at run-time is vital for an adaptive WFMS. We have been developing ADOME-WFMS as a comprehensive framework in which the problem of workflow exception handling can be adequately addressed. In this article, we present an adaptive exception manager and its web-based interface for ADOME-WFMS with procedures for supporting the following: reuse of exception handlers, thorough and automated resolution of expected exceptions, effective management of Problem Solving Agents, cooperative exception handling, user-driven computer supported resolution of unexpected exceptions, and workflow evolution.     

Exception handling in robotics

The construction of robust and reliable robot systems able to handle errors arising from abnormal operating conditions is addressed. It is assumed that the robot program is logically correct but fails due to hardware or external state errors. The error-handling technique called exception handling is treated. The type of errors that can occur in a robot system and their error-handling requirements are described, and approaches to error handling and recovery are reviewed. Exception-handling facilities in Ada and AML/X are mentioned, and Exceptional C, the language chosen for exposition, is described. The use of exception-handling facilities is illustrated with two examples     

Exception handling in workflow management systems

Fault tolerance is a key requirement in process support systems (PSS), a class of distributed computing middleware encompassing applications such as workflow management systems and process centered software engineering environments. A PSS controls the flow of work between programs and users in networked environments based on a “metaprogram” (the process). The resulting applications are characterized by a high degree of distribution and a high degree of heterogeneity (properties that make fault tolerance both highly desirable and difficult to achieve). We present a solution for implementing more reliable processes by using exception handling, as it is used in programming languages, and atomicity, as it is known from the transaction concept in database management systems. We describe the mechanism incorporating both transactions and exceptions and present a validation technique allowing to assess the correctness of process specifications     

Automatic detection and masking of nonatomic exception handling

The development of robust software is a difficult undertaking and is becoming increasingly more important as applications grow larger and more complex. Although modern programming languages such as C++ and Java provide sophisticated exception handling mechanisms to detect and correct runtime error conditions, exception handling code must still be programmed with care to preserve application consistency. In particular, exception handling is only effective if the premature termination of a method due to an exception does not leave an object in an inconsistent state. We address this issue by introducing the notion of failure atomicity in the context of exceptions. We propose practical techniques to automatically detect and mask the nonatomic exception handling situations encountered during program execution. These techniques can be applied to applications written in various programming languages that support exceptions. We perform experimental evaluation on both C++ and Java applications to demonstrate the effectiveness of our techniques and measure the overhead that they introduce.     

一种新的并行Java程序的监护模型

提出了一种新的并行Java程序异常处理的监护模型。该模型针对并行Java程序异步信息传递方式进行异常处理。当并行Java程序的某个线程出现异常时,该线程的监护模块把检测到的异常情况的信息传递到其它线程的监护模块,每个线程根据当前事项与异常事项的向量时钟关系,对当前事项进行回滚或停止操作,以达到对并行Java程序的保护。过去一些并行程序的监护方案是在信息交换的基础上把并行程序结构化为许多原子行为,把多个并行异常当作单个异常进行处理,具有较大的局限性。提出的监护模型是从全局上对并行Java程序的异常情况进行处理,并指导每个线程根据自身情况作出相应反映。实验证明提出的新的并行Java程序监护模型具有较强的实际操作性,并能有效地保护并行Java程序。     

Evaluating the Expressive Power of the Real-Time Specification for Java*

The goal of this paper is to evaluate the real-time specification for Java proposal by performing several case studies. These case studies include: an extensible general resource controller; atomic action support infrastructure; unbounded and imprecise computations. They have been used previously by the Ada community to evaluate the efficacy of the Ada concurrency and real-time models. Our results indicate that the Real-Time Specification for Java is expressive enough to cope with the demands of real-time concurrent programming. If it can be implemented efficiently, it will provide an alternative to Ada 95 for programming real-time systems.     

A rule-based approach to proactive exception handling in business processes

Effectively handling exceptions in business process is an important capability of enterprises in the current global market environment, since their business processes are becoming more complex. Effective exception handling requires systematic support for the entire scope of exception handling: from exception prediction to exception prevention, and from exception detection to exception resolution. Most existing research approaches to exception handling in business process management and workflow areas have focused on reactive exception handling which resolves exceptions only after their occurrences. Therefore, a proactive exception handling approach is required to predict and prevent business process exceptions as early as possible before they occur, and detect and resolve exceptions as soon as possible after they occur. This paper presents comprehensive behavioral, functional, and informational requirements for proactive exception handling from the lifecycle perspective. Then, it proposes a rule language for proactive exception handling based on the requirements. The proposed rule language will enable effective and flexible exception handling by providing the information required for the entire scope of exception handling, especially, for exception prediction and prevention. Finally, the paper illustrates and validates the rule language with an example of exception prevention and a prototype system.     

Exception handling—A static approach

This paper presents a static approach to exception handling. The static approach is proposed as a consequence of an examination of existing language constructs for exception handling in which several trouble spots have been revealed. The static approach consists basically of one concept, namely the sequel concept. Although the sequel concept is sufficient to specify exception handling within a program, one additional concept is introduced, namely the derived definition concept that is introduced as a generalization of the derived type and generic concepts from Ada. The main advantages of the static approach are first that it is truly static as opposed to the existing language constructs in which dynamic association is used in some way or another; and, secondly, the language constructs for exception handling are simple, easy to implement and based on familiar concepts.     

Unveiling and taming liabilities of aspects in the presence of exceptions: A static analysis based approach

As aspects extend or replace existing functionality at specific join points in the code, their behavior may raise new exceptions, which can flow through the program execution in unexpected ways. Assuring the reliability of exception handling code in aspect-oriented (AO) systems is a challenging task. Testing the exception handling code is inherently difficult, since it is tricky to provoke all exceptions during tests, and the large number of different exceptions that can happen in a system may lead to the test-case explosion problem. Moreover, we have observed that some properties of AO programming (e.g., quantification, obliviousness) may conflict with characteristics of exception handling mechanisms, exacerbating existing problems (e.g., uncaught exceptions). The lack of verification approaches for exception handling code in AO systems stimulated the present work. This work presents a verification approach based on a static analysis tool, called SAFE, to check the reliability of exception handling code in AspectJ programs. We evaluated the effectiveness and feasibility of our approach in two complementary ways (i) by investigating if the SAFE tool is precise enough to uncover exception flow information and (ii) by applying the approach to three medium-sized ApectJ systems from different application domains.     

As-if-serial exception handling semantics for Java futures

Exception handling enables programmers to specify the behavior of a program when an exceptional event occurs at runtime. Exception handling, thus, facilitates software fault tolerance and the production of reliable and robust software systems. With the recent emergence of multi-processor systems and parallel programming constructs, techniques are needed that provide exception handling support in these environments that are intuitive and easy to use. Unfortunately, extant semantics of exception handling for concurrent settings is significantly more complex to reason about than their serial counterparts.In this paper, we investigate a similarly intuitive semantics for exception handling for the future parallel programming construct in Java. Futures are used by programmers to identify potentially asynchronous computations and to introduce parallelism into sequential programs. The intent of futures is to provide some performance benefits through the use of method-level concurrency while maintaining as-if-serial semantics that novice programmers can easily understand — the semantics of a program with futures is the same as that for an equivalent serial version of the program. We extend this model to provide as-if-serial exception handling semantics. Using this model our runtime delivers exceptions to the same point it would deliver them if the program was executed sequentially. We present the design and implementation of our approach and evaluate its efficiency using an open source Java virtual machine.     

浮点数学函数异常处理方法

异常会造成程序错误,实现完全没有异常的浮点计算软件也很艰难,因此,实现有效的异常处理方法很重要.但现有的异常处理并不针对浮点运算,并且研究重点都集中在整数溢出错误上,而浮点类型运算降低了整数溢出存在的可能.针对上述现象,面向基于汇编实现的数学函数,提出了一种针对浮点运算的分段式异常处理方法.通过将异常类型映射为64位浮点数,以核心运算为中心,将异常处理过程分为3个阶段:输入参数检测(处理INV异常)、特定代码检测(处理DZE异常和INF异常)以及输出结果检测(处理FPF异常和DNO异常),并从数学运算的角度对该方法采用分段式处理的原因进行了证明.实验将该方法应用于Mlib浮点函数库,对库中600多个面向不同平台的浮点函数进行了测试.测试结果表明:该方法能够将出现浮点异常即中断的函数个数从90%降到0%.同时,实验结果验证了该方法的高效性.     

关于Ada并发可重用软件包的设计

文中首先分析了一般Ａｄａ顺序可重用软件包在用于开发Ａｄａ并发软件时所存在的问题，然后给出了几种可以支持并发软件开发的Ａｄａ可重用软件包的实现方案，并同时指出了各种方案的不足及可取之处。