Response to Undesired Events in Software Systems Kimberly Hanks and Phil Varner A Presentation brought to you by David Parnas.

Slides:

Advertisements

Similar presentations

Exceptions CSE301 University of Sunderland Harry Erwin, PhD.

Advertisements

Lecture 13 Page 1 CS 111 Online File Systems: Introduction CS 111 On-Line MS Program Operating Systems Peter Reiher.

Exception Handling Chapter 15 2 What You Will Learn Use try, throw, catch to watch for indicate exceptions handle How to process exceptions and failures.

Exception Handling Xiaoliang Wang, Darren Freeman, George Blank.

Exceptions and Exception Handling Carl Alphonce CSE116.

API Design CPSC 315 – Programming Studio Fall 2008 Follows Kernighan and Pike, The Practice of Programming and Joshua Bloch’s Library-Centric Software.

Exceptions and Exception Handling (1) Carl Alphonce CSE116.

1 CSSE 377 – Intro to Availability & Reliability Part 2 Steve Chenoweth Tuesday, 9/13/11 Week 2, Day 2 Right – Pictorial view of how to achieve high availability.

Architectural Support for Operating Systems. Announcements Most office hours are finalized Assignments up every Wednesday, due next week CS 415 section.

Exceptions in Java Fawzi Emad Chau-Wen Tseng Department of Computer Science University of Maryland, College Park.

Exceptions. Errors and Exceptions An error is a bug in your program –dividing by zero –going outside the bounds of an array –trying to use a null reference.

© Copyright Eliyahu Brutman Exceptions. © Copyright Eliyahu Brutman Exceptions and Design Patterns - 2 Introduction to Exception Handling Definition:

© 2006 Pearson Addison-Wesley. All rights reserved4-1 Chapter 4 Data Abstraction: The Walls.

Exceptions David Rabinowitz. March 3rd, 2004 Object Oriented Design Course 2 The Role of Exceptions Definition: a method succeeds if it terminates in.

Karlstad University Computer Science Design Contracts and Error Management Design Contracts and Errors A Software Development Strategy (anpassad för PUMA)

7. Fault Tolerance Through Dynamic or Standby Redundancy 7.5 Forward Recovery Systems Upon the detection of a failure, the system discards the current.

Design of SCS Architecture, Control and Fault Handling.

Exceptions. Many problems in code are handled when the code is compiled, but not all Some are impossible to catch before the program is run  Must run.

Software Reliability Categorising and specifying the reliability of software systems.

Language Evaluation Criteria

Chapter 8 Hypothesis testing 1. ▪Along with estimation, hypothesis testing is one of the major fields of statistical inference ▪In estimation, we: –don’t.

Lecture 18 Page 1 CS 111 Online Design Principles for Secure Systems Economy Complete mediation Open design Separation of privileges Least privilege Least.

PRAGMATIC PARANOIA Steven Hadfield & Anthony Rice.

1 Exceptions and error handling. 2 Java exception mechanism when an error or exceptional condition occurs, you throw an exception which is caught by an.

CPSC 252 Exception Handling Page 1 Exceptions and exception handling Client programmers can make errors using a class attempting to dequeue an item from.

Nachos Phase 1 Code -Hints and Comments

1 Computing Software. Programming Style Programs that are not documented internally, while they may do what is requested, can be difficult to understand.

CMSC 414 Computer (and Network) Security Lecture 14 Jonathan Katz.

CMSC 202 Exceptions. Aug 7, Error Handling In the ideal world, all errors would occur when your code is compiled. That won’t happen. Errors which.

Introduction CS 3358 Data Structures. What is Computer Science? Computer Science is the study of algorithms, including their  Formal and mathematical.

Object Oriented Software Development 8. Exceptions, testing and debugging.

Testing. 2 Overview Testing and debugging are important activities in software development. Techniques and tools are introduced. Material borrowed here.

Software Development. Software Developers Refresher A person or organization that designs software and writes the programs. Software development is the.

Introduction CS 3358 Data Structures. What is Computer Science? Computer Science is the study of algorithms, including their  Formal and mathematical.

BIO Java 1 Exception Handling Aborting program not always a good idea – can’t lose messages – E-commerce: must ensure correct handling of private.

Response to Undesired Events Response to Undesired Events In In Software Systems Presented by Presented by Joe Piccioni Joe Piccioni Kim Ushe Mupfumira.

Exceptions cs1043. Program Exceptions When a program detects an error, what should it do? – Nothing, simply allow the program to fail. – Implement a course.

RELIABILITY ENGINEERING 28 March 2013 William W. McMillan.

Operating Systems 1 K. Salah Module 1.2: Fundamental Concepts Interrupts System Calls.

1 An Exception is… An unusual, often unpredictable event, detectable by software or hardware, that requires special processing An exception handler is.

Exceptions and Assertions Chapter 15 – CSCI 1302.

CSCI 383 Object-Oriented Programming & Design Lecture 20 Martin van Bommel.

Karlstad University Computer Science Design Contracts and Error Management External and internal errors and their contracts.

CS116 COMPILER ERRORS George Koutsogiannakis 1. How to work with compiler Errors The Compiler provide error messages to help you debug your code. The.

Chapter 8-Exception Handling/ Robust Programming.

(c) University of Washington10-1 CSC 143 Java Errors and Exceptions Reading: Ch. 15.

Exceptions Lecture 11 COMP 401, Fall /25/2014.

I/O Software CS 537 – Introduction to Operating Systems.

1 Device Controller I/O units typically consist of A mechanical component: the device itself An electronic component: the device controller or adapter.

Effective Java, Chapter 9: Exceptions Items Last modified Fall 2012 Paul Ammann.

1 Exceptions When the Contract is Broken. 2 Definitions A routine call succeeds if it terminates its execution in a state satisfying its contract A routine.

Testing Overview Software Reliability Techniques Testing Concepts CEN 4010 Class 24 – 11/17.

SENG521 (Fall SENG 521 Software Reliability & Testing Fault Tolerant Software Systems: Techniques (Part 4a) Department of Electrical.

ECE122 L23: Exceptions December 6, 2007 ECE 122 Engineering Problem Solving with Java Lecture 24 Exceptions.

Introduction to Exceptions in Java CS201, SW Development Methods.

CSE 332: C++ Exceptions Motivation for C++ Exceptions Void Number:: operator/= (const double denom) { if (denom == 0.0) { // what to do here? } m_value.

Certification of Reusable Software Artifacts

Modularity Most useful abstractions an OS wants to offer can’t be directly realized by hardware Modularity is one technique the OS uses to provide better.

CMSC202 Computer Science II for Majors Lecture 16 – Exceptions

Operating System Structure

EE422C Software Implementation II

Fault Tolerance Distributed Web-based Systems

BIC 10503: COMPUTER ARCHITECTURE

Exception Handling Imran Rashid CTO at ManiWeber Technologies.

Effective Java, Chapter 9: Exceptions

Debugging and Handling Exceptions

Chapter 13: I/O Systems.

CMSC 202 Exceptions.

Exception Handling.

Presentation transcript:

Response to Undesired Events in Software Systems Kimberly Hanks and Phil Varner A Presentation brought to you by David Parnas

Undesired != Unexpected Undesired Events are: –Deviation from the ideal operation of the system –Not always correctable like errors –A fact of life we have to deal with “Correct programs”, in the sense that would make UE handling unnecessary, do not exist

UE Handling Overview Problem: Even with "correct" programs, UEs at runtime will occur To deal with them, we need to: –Know what to look for –Successfully diagnose –Recover if possible This paper proposes how

Problems with Perfect World Everyone makes errors Machines fail, causing programs/data to fail Programs change, new errors pop up Incorrect or inconsistent data may be supplied

Where Do We Start? Parnas assumes systems that are structured according to good information hiding and the “uses” hierarchy This shapes all of his proposals In particular, UE detection and handling is predicated on a system of levels

Levels of Detection and Handling The first clue that something is wrong can appear at a level other than where an UE originates Example: –Initiate a read on a storage resource, e.g., a tape block, which turns out to be bad –Detection occurs at the HW level when the read can’t be completed, even though initiated from some high-level application

Levels…(2) Should the HW be responsible for a recovery attempt? Parnas says no—but where should it be handled? –At the originating level Why?

Levels…(3) The originating level is “where the knowledge is” –The failed read happens at the HW level, but the HW doesn’t know any useful implications –The level where the read was initiated sits on a VM that provides certain abstractions to the user –The UE is only meaningful in the context of these abstractions

Levels…(4) What would meaningful handling look like? –A diagnostic stated in the abstractions of the level –A provision of an alternative, in the context of those abstractions

UE Handlers and Info Hiding We want to handle the UE at the level at which it is meaningful, but… This doesn’t necessarily mean the information necessary to handle it is available (it may have been abstracted away to effect good information hiding) How should we manage this tradeoff?

UE Handlers and Info Hiding (2) “Everything should be made as simple as possible, but not simpler.” –Einstein Hide all and only information which is not likely to be useful in diagnosing and recovering from UEs Prediction is the key

Meta-structure The general policy proposed constitutes a meta-structure of UE handling It has several advantages –Handlers don’t violate info-hiding –“Uses” hierarchy is intact –Allows refinement without major revision –Aids debugging

Separation of Case and EH/R Separation of Normal Case and Error Handling/Recovery Java: try{} catch{}

Suggestion 1 Assign responsibility for the detection of attempts to violate its specification to the "abstract machine” –trap metaphor - hide detection mechanism, expose interface for handling UEs –should be able to handle errors in context of VM abstraction

Degrees of Recovery Hardware - handle or crash Instead, design for multi-level recovery Policy determined by cost and aim

No Recovery local attempts: INTEGER do if attempts < Max_attempts then last_character := low_level_read_function (f) else failed := True end

Simple Recovery local attempts: INTEGER do if attempts < Max_attempts then last_character := low_level_read_function (f) else failed := True end rescue attempts := attempts + 1 retry end

Degrees of Recovery local attempts: INTEGER do if attempts < Max_attempts then last_character := low_level_read_function(f) else failed := True end rescue attempts := attempts + 1 if attempts == 1 retry elseif attempts == 2 sleep(2) retry elseif attempts == 3 flush_buffers sleep(4) retry else end

Suggestion 2 Do not specify a module to have properties which UEs will frequently violate Examples: –don’t use limited cap data structures when # of objects is unknown, etc. –don’t allow possibility of, e.g. calling pop() on empty stack

Error Indication Strongly "typed" errors - Java Limitations on values of parameters (Eiffel) Capacity limitations Requests for undefined information Restrictions on the order of operations (encapsulation?) Detection of actions which are likely to be unintentional (defined how?)

Error Indication II Sufficiency - ensure your module will work correctly or complain Priority of Traps - multiple error handling? Size of Trap Vector - how many commands in one trap try{}catch{} State after Trap - Atomicity Errors of Mechanism - tradeoff between simplicity and detail

Redundancy and Efficiency Redundant error checks slow the system Can often be removed in later versions –Retain upper level, remove lower –Retain lower, remove upper Which is best, and why?

Reliability/Dependability How does UE handling relate to reliability and dependability?

Conclusion Things go wrong UE detection and handling is good Must be correctly implemented to be useful