Exception-Handling Bugs in Java and a Language Extension to Avoid Them

  • Westley Weimer
Part of the Lecture Notes in Computer Science book series (LNCS, volume 4119)


It is difficult to write programs that behave correctly in the presence of exceptions. We describe a dataflow analysis for finding a certain class of mistakes made while programs handle exceptions. These mistakes involve resource leaks and failures to restore program-specific invariants. Using this analysis we have found over 1,200 bugs in 4 million lines of Java. We give some evidence of the importance of the bugs we found and use them to highlight some limitations of destructors and finalizers. We propose and evaluate a new language feature, the compensation stack, to make it easier to write solid code in the presence of exceptions. These compensation stacks track obligations and invariants at run-time. Two case studies demonstrate that they can yield more natural source code and more consistent behavior in long-running programs.


Software Reliability Exception Handling Language Feature Error Handling Safety Policy 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.


  1. 1.
    Candea, G., Delgado, M., Chen, M., Fox, A.: Automatic failure-path inference: A generic introspection technique for internet applications. In: IEEE Workshop on Internet Applications, San Jose, California (2003)Google Scholar
  2. 2.
    Fu, C., Ryder, B., Milanova, A., Wannacott, D.: Testing of java web services for robustness. In: International Symposium on Software Testing and Analysis (2004)Google Scholar
  3. 3.
    Goodenough, J.B.: Exception handling: issues and a proposed notation. Communications of the ACM 18, 683–696 (1975)CrossRefMathSciNetzbMATHGoogle Scholar
  4. 4.
    Weimer, W., Necula, G.C.: Finding and preventing run-time error handling mistakes. In: Object-oriented programming, systems, languages, and applications, pp. 419–431 (2004)Google Scholar
  5. 5.
    Brown, A., Patterson, D.: Undo for operators: Building an undoable e-mail store. In: USENIX Annual Technical Conference (2003)Google Scholar
  6. 6.
    Engler, D., Chelf, B., Chou, A., Hallem, S.: Checking system rules using system-specific, programmer-written compiler extensions. In: Operating Systems Design and Implementation (2000)Google Scholar
  7. 7.
    Das, M., Lerner, S., Seigle, M.: ESP: path-sensitive program verification in polynomial time. SIGPLAN Notices 37, 57–68 (2002)CrossRefGoogle Scholar
  8. 8.
    Ball, T., Rajamani, S.K.: Automatically validating temporal safety properties of interfaces. In: Dwyer, M.B. (ed.) SPIN 2001. LNCS, vol. 2057, pp. 103–122. Springer, Heidelberg (2001)CrossRefGoogle Scholar
  9. 9.
    Chen, H., Dean, D., Wagner, D.: Model checking one million lines of C code. In: Network and Distributed System Security Symposium, San Diego, CA (2004)Google Scholar
  10. 10.
    Kildall, G.A.: A unified approach to global program optimization. In: Principles of Programming Languages, pp. 194–206. ACM Press, New York (1973)Google Scholar
  11. 11.
    DeLine, R., Fähndrich, M.: Enforcing high-level protocols in low-level software. In: Programming Language Design and Implementation, pp. 59–69 (2001)Google Scholar
  12. 12.
    Kremenek, T., Ashcraft, K., Yang, J., Engler, D.: Correlation exploitation in error ranking. In: Foundations of software engineering, pp. 83–93 (2004)Google Scholar
  13. 13.
    Weimer, W., Necula, G.C.: Mining Temporal Specifications for Error Detection. In: Halbwachs, N., Zuck, L.D. (eds.) TACAS 2005. LNCS, vol. 3440, pp. 461–476. Springer, Heidelberg (2005)CrossRefGoogle Scholar
  14. 14.
    Gay, D., Aiken, A.: Memory management with explicit regions. In: Programming Language Design and Implementation, pp. 313–323 (1998)Google Scholar
  15. 15.
    O’Hanley, J.: Always close streams (2005),
  16. 16.
    Boehm, H.J.: Destructors, finalizers and synchronization. In: Principles of Programming Languages. ACM Press, New York (2003)Google Scholar
  17. 17.
    Korth, H.F., Levy, E., Silberschatz, A.: A formal approach to recovery by compensating transactions. The VLDB Journal, 95–106 (1990)Google Scholar
  18. 18.
    Alonso, G., Kamath, M., Agrawal, D., Abbadi, A.E., Gunthor, R., Mohan, C.: Failure handling in large-scale workflow management systems. Technical Report RJ9913, IBM Almaden Research Center, San Jose, CA (1994)Google Scholar
  19. 19.
    Odersky, M., Wadler, P.: Pizza into Java: Translating theory into practice. In: Principles of Programming Languages, pp. 146–159 (1997)Google Scholar
  20. 20.
    Alonso, G., Hagen, C., Agrawal, D., Abbadi, A.E., Mohan, C.: Enhancing the fault tolerance of workflow management systems. IEEE Concurrency 8, 74–81 (2000)CrossRefGoogle Scholar
  21. 21.
    Sun Microsystems: Java pet store 1.1.2 blueprint application (2001),
  22. 22.
    Chen, M.Y., Kiciman, E., Fratkin, E., Fox, A., Brewer, E.: Pinpoint: Problem determination in large, dynamic Internet services. In: International Conference on Dependable Systems and Networks, pp. 595–604. IEEE Computer Society, Los Alamitos (2002)Google Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2006

Authors and Affiliations

  • Westley Weimer
    • 1
  1. 1.University of VirginiaCharlottesvilleUSA

Personalised recommendations