Abstract
The primary goal of exception mechanisms is to help ensure that when an operation fails, code that depends on the operation’s successful completion is not executed (a property we call dependency safety). However, the exception mechanisms of current mainstream programming languages make it hard to achieve dependency safety, in particular when objects manipulated inside a try block outlive the try block.
Many programming languages, mechanisms and paradigms have been proposed that address this issue. However, they all depart significantly from current practice. In this paper, we propose a language mechanism called failboxes. When applied correctly, failboxes have no significant impact on the structure, the semantics, or the performance of the program, other than to eliminate the executions that violate dependency safety.
Specifically, programmers may create failboxes dynamically and execute blocks of code in them. Once any such block fails, all subsequent attempts to execute code in the failbox will fail. To achieve dependency safety, programmers simply need to ensure that if an operation B depends on an operation A, then A and B are executed in the same failbox. Furthermore, failboxes help fix the unsafe interaction between locks and exceptions and they enable safe cancellation and robust resource cleanup. Finally, the Fail Fast mechanism prevents liveness issues when a thread is waiting on a failed thread.
We give a formal syntax and semantics of the new constructs, and prove dependency safety. Furthermore, to show that the new constructs are easy to reason about, we propose proof rules in separation logic. The theory has been machine-checked.
We used the term subsystems in preliminary work.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
References
Armstrong, J.: Making reliable distributed systems in the presence of software errors. PhD thesis, Royal Institute of Technology, Stockholm, Sweden (2003)
Barnett, M., Chang, B.-Y.E., DeLine, R., Jacobs, B., Leino, K.R.M.: Boogie: A modular reusable verifier for object-oriented programs. In: de Boer, F.S., Bonsangue, M.M., Graf, S., de Roever, W.-P. (eds.) FMCO 2005. LNCS, vol. 4111, pp. 364–387. Springer, Heidelberg (2006)
Brooke, P.J., Paige, R.F.: Exceptions in Concurrent Eiffel. Journal of Object Technology 6(10), 111–126 (2007)
Dony, C.: Exception handling and object-oriented programming: a synthesis. In: Proc. OOPSLA (1990)
Fetzer, C., Högstedt, K., Felber, P.: Automatic detection and masking of non-atomic exception handling. In: Proc. Intl. Conf. Dependable Systems and Networks (DSN) (2003)
Flanagan, C., Leino, K.R.M., Lillibridge, M., Nelson, G., Saxe, J.B., Stata, R.: Extended static checking for Java. In: Proc. PLDI, pp. 234–245 (2002)
Flatt, M., Findler, R.B.: Kill-safe synchronization abstractions. In: Proc. PLDI (2004)
Flatt, M., Findler, R.B., Krishnamurthi, S., Felleisen, M.: Programming languages as operating systems (or Revenge of the son of the Lisp machine). In: Proc. Intl. Conf. on Functional Programming (ICFP) (1999)
Garcia, A.F., Rubira, C.M.F., Romanovsky, A.B., Xu, J.: A comparative study of exception handling mechanisms for building dependable object-oriented software. Journal of Systems and Software 59(2), 197–222 (2001)
Gosling, J., Joy, B., Steele, G., Bracha, G.: The Java Language Specification, 3rd edn. Prentice Hall PTR, Englewood Cliffs (2005)
Hawblitzel, C., von Eicken, T.: Luna: a flexible Java protection system. In: Proc. OSDI (2002)
Jacobs, B., Piessens, F.: Failboxes: Prototype implementations, prototype verifier, machine-checked metatheory (July 2008), http://www.cs.kuleuven.be/~bartj/failboxes
Jacobs, B., Müller, P., Piessens, F.: Sound reasoning about unchecked exceptions. In: Proc. ICFEM (2007)
Lindholm, T., Yellin, F.: The Java Virtual Machine Specification, 2nd edn. Addison-Wesley, Reading (1999), http://java.sun.com/docs/books/jvms/
Liskov, B., Snyder, A.: Exception handling in CLU. IEEE Trans. Software Eng. 5(6), 546–558 (1979)
Marlow, S., Jones, S.P., Moran, A., Reppy, J.: Asynchronous exceptions in Haskell. In: Proc. PLDI (2001)
Meyer, B.: Eiffel: The Language. Prentice-Hall, Englewood Cliffs (1992)
Rudys, A., Clements, J., Wallach, D.S.: Termination in language-based systems. In: Network and Distributed System Security Symposium (NDSS) (February 2001)
Shavit, N., Touitou, D.: Software transactional memory. In: Proc. PODC, pp. 204–213 (1995)
Shore, J.: Fail fast. IEEE Software (September 2004)
Toub, S.: Keep your code running with the reliability features of the.NET Framework. MSDN Magazine (October 2005)
Weimer, W., Necula, G.C.: Finding and preventing run-time error handling mistakes. In: Proc. OOPSLA, pp. 419–431 (October 2004)
Welc, A., Jagannathan, S., Hosking, A.L.: Transactional monitors for concurrent objects. In: Odersky, M. (ed.) ECOOP 2004. LNCS, vol. 3086, pp. 518–541. Springer, Heidelberg (2004)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2009 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Jacobs, B., Piessens, F. (2009). Failboxes: Provably Safe Exception Handling. In: Drossopoulou, S. (eds) ECOOP 2009 – Object-Oriented Programming. ECOOP 2009. Lecture Notes in Computer Science, vol 5653. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-03013-0_22
Download citation
DOI: https://doi.org/10.1007/978-3-642-03013-0_22
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-642-03012-3
Online ISBN: 978-3-642-03013-0
eBook Packages: Computer ScienceComputer Science (R0)