Presentation is loading. Please wait.

Presentation is loading. Please wait.

Ivan Lanese Computer Science Department University of Bologna/INRIA Italy Fault in the Future Joint work with Gianluigi Zavattaro and Einar Broch Johnsen.

Published byRosa McGee Modified over 9 years ago

Similar presentations

Presentation on theme: "Ivan Lanese Computer Science Department University of Bologna/INRIA Italy Fault in the Future Joint work with Gianluigi Zavattaro and Einar Broch Johnsen."— Presentation transcript:

1 Ivan Lanese Computer Science Department University of Bologna/INRIA Italy Fault in the Future Joint work with Gianluigi Zavattaro and Einar Broch Johnsen From COORDINATION 2011

2 Error handling l Unexpected, dangerous events frequently happen –Alien invasions not so frequent l Unexpected events in distributed systems more frequent: –Client or server crash –Lost messages –Values outside the desired range –… l Error handling techniques are needed for programming reliable applications in an unreliable environment –Errors should not cause the crash of the whole application

3 Our approach l We consider the ABS language –Asynchronous method calls –Results returned using futures l We apply to it techniques for error handling inspired by web services (e.g., WS-BPEL language) –Activities may fail –Failures are notified to interacting services –Failures are managed by dedicated handlers –Past activities may be undone

4 Compensations l Perfectly undoing a past activity is not always possible –Sending of an e-mail l Sometimes not even desirable –If you undo an hotel reservation, the hotel may want to keep part of the payment l A compensation is a piece of code for (partially) undoing a previously terminated activity –Leads to a state which is not necessarily a past one –But it is consistent (e.g., the invariants hold)

5 Our approach: desired features l We want mechanisms to notify faults –From callee to caller –From caller to callee l We want mechanisms to compensate past method executions l These mechanisms are needed to manage distributed errors, i.e. errors involving more than one object

6 Motivating scenario l Hotel booking for the ENVISAGE meeting l Many available hotels l We assume that each hotel offers a method for online booking l Possible errors –Booking may fail: e.g., no rooms are available (or just the server may be down) –Booking may be annulled: e.g., trip canceled for health reasons »One should get back the money as far as possible

7 ABS: what our approach affects l S ::= …(standard o-o constructs) f := e!m(e 1,…e n )(asynchronous invocation) x := f.get(read future) await g do {s}(await) return e(return) l g is a guard including: –Boolean expressions –Checks for future availability: ?f

8 Booking without error handling l Bool bookHotel(hotelInfo info) { f := university!book(info); …; res := f.get; return true; } l No check for room availability l No facilities for undoing the booking

9 Introducing error handling in ABS l Failures are possible both on server and on client side l On server side –The invoked method may fail »E.g., no rooms available at Hotel University –The method execution is interrupted –Failure notified to the caller »It may thus react, e.g., trying to book a different hotel l On client side –The invoking method may fail »E.g., trip annulled for health reasons –The invocation may become useless or even undesired »Don’t want to pay for the hotel –The invocation should be annulled or compensated

10 Primitives for error handling: server side errors l Abort for throwing a server side error –Method execution is interrupted –Fault notification stored in the future l Get is extended with on fail clauses –One for each possible fault –Specifying how to manage it l Condition ?f in an await guard is true –When the future f contains a value –When the future f contains a fault notification

11 Primitives for error handling: client side errors l Kill to ask to annul a method call –Annulled if not already started –(Completed and) compensated otherwise l Compensation installed by return statement –Extended with an on compensate clause –A method may have different compensations

12 Server error example book f

13 Server error example book no-room f abort no-room

14 Server error example book on fail no-room … on x:=f.get no-room f abort no-room

15 Client error example book f

16 Client error example book f f’:=f.kill kill(f’) f’

17 Client error example book f f’:=f.kill kill(f’) return res f’ on compensate

18 Client error example book f f’:=f.kill kill(f’) return res f’ on compensate return v v …

19 Extended syntax l S ::= …(standard ABS) abort n(server abort) on x:=f.get do s (getting the result) on fail n i s i f’:=f.kill(killing a call) return e on compensate s(compensation def) await g do {s}(await)

20 Kinds of faults l Programmer-defined faults –e.g., no-rooms l Language faults –Ann: returned by kill when method execution has been annulled »Either killed before it started »Or aborted on its own before being killed –NoC: returned when a method that defines no compensation is asked to compensate

21 Example: hotel University server l Result book(hotelInfo info) { avail := localDB.check(info); if (avail == false) then abort no-rooms res := localDB.update(info); return res on compensate r := localDB.undo(info); return r; }

22 Example: client l Bool bookHotel(hotelInfo info) { f := university!book(info); g := health_monitor!state(“myself”); on state := g.get do if state == “ill” then f’ := f.kill on fail error screen!print(“Warning: no health information”) on res := f.get do return true on compensate f’ := f.kill on fail no-rooms return false on fail Ann return false }

23 Other contributions l Full formal semantics using rewriting logic –Extending ABS semantics l Extension of ABS type system –The client is able to manage all faults it may receive –Standard subject reduction and type safety results hold

24 Summary l We proposed a new framework for error handling in asynchronous object-oriented languages l It integrates asynchronous method calls, futures, faults and compensations l Fully formalized and well-typed l The approach is based on asynchronous invocations and futures, but does not rely on cooperative scheduling –It can be applied to Java

25 Future work: on fault model l Adding standard language faults such as division by zero or array out of bound –x=y/0 behaves as abort DivBy0 –One should extend the semantics of constructs raising them l Adding system level faults –E.g., related to shortage of resources –Same effect of abort, but triggered by system conditions –On which method(s) should the fault trigger? l Comparing/integrating with other fault models (cfr. next talk)

26 Future work: on analysis l Fault model has an impact on analysis –Should be carefully taken into account when developing it l Compensations should restore the invariant –Correctness of compensations not much discussed in the literature –This seems a reasonable requirement l Fault notification may allow to preserve invariants involving more than one object –How to reason on such invariants?

27 End of talk

Download ppt "Ivan Lanese Computer Science Department University of Bologna/INRIA Italy Fault in the Future Joint work with Gianluigi Zavattaro and Einar Broch Johnsen."

Similar presentations

Chapter 17 Failures and exceptions. This chapter discusses n Failure. n The meaning of system failure. n Causes of failure. n Handling failure. n Exception.

Chapter 17 Failures and exceptions. This chapter discusses n Failure. n The meaning of system failure. n Causes of failure. n Handling failure. n Exception.
1 Ivan Lanese Computer Science Department University of Bologna Italy Managing faults and compensations in SOCK Joint work with Claudio Guidi, Fabrizio.

1 Ivan Lanese Computer Science Department University of Bologna Italy Managing faults and compensations in SOCK Joint work with Claudio Guidi, Fabrizio.
Pontus Boström and Marina Waldén Åbo Akademi University/ TUCS Development of Fault Tolerant Grid Applications Using Distributed B.

Pontus Boström and Marina Waldén Åbo Akademi University/ TUCS Development of Fault Tolerant Grid Applications Using Distributed B.
1 Reversibility for Recoverability Ivan Lanese Computer Science Department FOCUS research group University of Bologna/INRIA Bologna, Italy.

1 Reversibility for Recoverability Ivan Lanese Computer Science Department FOCUS research group University of Bologna/INRIA Bologna, Italy.
The Fundamental Rule for Testing Methods Every method should be tested in a program in which every other method in the testing program has already been.

The Fundamental Rule for Testing Methods Every method should be tested in a program in which every other method in the testing program has already been.
Exception Handling The purpose of exception handling is to permit the program to catch and handle errors rather than letting the error occur and suffer.

Exception Handling The purpose of exception handling is to permit the program to catch and handle errors rather than letting the error occur and suffer.
1 Ivan Lanese Computer Science Department University of Bologna/INRIA Italy Fault Model Design Space for Cooperative Concurrency Joint work with Michael.

1 Ivan Lanese Computer Science Department University of Bologna/INRIA Italy Fault Model Design Space for Cooperative Concurrency Joint work with Michael.
Chair of Software Engineering Software Architecture Prof. Dr. Bertrand Meyer Lecture 6: Exception Handling.

Chair of Software Engineering Software Architecture Prof. Dr. Bertrand Meyer Lecture 6: Exception Handling.
CSI 3120, Exception handling, page 1 Exception and Event Handling Credits Robert W. Sebesta, Concepts of Programming Languages, 8 th ed., 2007 Dr. Nathalie.

CSI 3120, Exception handling, page 1 Exception and Event Handling Credits Robert W. Sebesta, Concepts of Programming Languages, 8 th ed., 2007 Dr. Nathalie.
1 Ivan Lanese Computer Science Department University of Bologna Italy On the Interplay between Fault Handling and Request-response Service Invocations.

1 Ivan Lanese Computer Science Department University of Bologna Italy On the Interplay between Fault Handling and Request-response Service Invocations.
1 The SOCK SAGA Ivan Lanese Computer Science Department University of Bologna Italy Joint work with Gianluigi Zavattaro.

1 The SOCK SAGA Ivan Lanese Computer Science Department University of Bologna Italy Joint work with Gianluigi Zavattaro.
-5- Exception handling What is an exception? “An abnormal event” Not a very precise definition Informally: something that you don’t want to happen.

-5- Exception handling What is an exception? “An abnormal event” Not a very precise definition Informally: something that you don’t want to happen.
CS 290C: Formal Models for Web Software Lecture 10: Language Based Modeling and Analysis of Navigation Errors Instructor: Tevfik Bultan.

CS 290C: Formal Models for Web Software Lecture 10: Language Based Modeling and Analysis of Navigation Errors Instructor: Tevfik Bultan.
Ivan Lanese Computer Science Department University of Bologna/INRIA Italy On the Expressive Power of Primitives for Compensation Handling Joint work with.

Ivan Lanese Computer Science Department University of Bologna/INRIA Italy On the Expressive Power of Primitives for Compensation Handling Joint work with.
1 Ivan Lanese Computer Science Department University of Bologna Italy Error Handling in Service Oriented Computing Joint work with Claudio Guidi, Fabrizio.

1 Ivan Lanese Computer Science Department University of Bologna Italy Error Handling in Service Oriented Computing Joint work with Claudio Guidi, Fabrizio.
Exceptions in Java Fawzi Emad Chau-Wen Tseng Department of Computer Science University of Maryland, College Park.

Exceptions in Java Fawzi Emad Chau-Wen Tseng Department of Computer Science University of Maryland, College Park.
1 SOCK and JOLIE from the formal basis to a service oriented programming language Ivan Lanese Computer Science Department University of Bologna Italy Joint.

1 SOCK and JOLIE from the formal basis to a service oriented programming language Ivan Lanese Computer Science Department University of Bologna Italy Joint.
© Copyright Eliyahu Brutman Exceptions. © Copyright Eliyahu Brutman Exceptions and Design Patterns - 2 Introduction to Exception Handling Definition:

© Copyright Eliyahu Brutman Exceptions. © Copyright Eliyahu Brutman Exceptions and Design Patterns - 2 Introduction to Exception Handling Definition:
1 Ivan Lanese Computer Science Department University of Bologna Italy Evolvable systems: some ideas for modelling With input from Davide Sangiorgi, Fabrizio.

1 Ivan Lanese Computer Science Department University of Bologna Italy Evolvable systems: some ideas for modelling With input from Davide Sangiorgi, Fabrizio.
1 Ivan Lanese Computer Science Department University of Bologna/INRIA Italy Error Handling: From Theory to Practice Joint work with Fabrizio Montesi italianaSoftware.

1 Ivan Lanese Computer Science Department University of Bologna/INRIA Italy Error Handling: From Theory to Practice Joint work with Fabrizio Montesi italianaSoftware.

Similar presentations

Ads by Google