Docstoc

Run-Time Error Handling

Document Sample
Run-Time Error Handling Powered By Docstoc
					Run-Time Error Handling
   Wes Weimer, George Necula
                  Motivation
► Static   Safety Analyses:
   Good
   Often Incomplete
   Or program may actually have bugs
► Could    ask the programmers …
   Fix it, annotate it, tell us if it is a bug, etc.
   Not always feasible
   Loops, heap data structures, preconditions, etc.
         Add Run-Time Checks
► CCured,  virtual memory hardware
► Perl’s Taint Analysis
► Java downcasts
► SLAM / BLAST
   Use predicates to instrument error paths


► Now   nothing can possibly go wrong!
    When Good Checks Go Bad
► Most common* Java exception handler:
   catch (Exception e) {
     e.printStackTrace(System.err);
     System.exit(-1);
   }
► Second most common:
   catch (Exception e) { ; }
► Can we do more than Abort or Ignore?
             Why So Abysmal?
► Ironclad   error-handling is
     Repetitive – no way to set generic policies
     Path- and flow-sensitive
     Distant – handling separate from normal code
     Complicated by exceptions
► Programs   have errors in their error-handling
► Let’s add language support!
                        Plan
► Annotate    interfaces and actions with
     Compensations
     Obligations
     Things-to-be-done-before-leaving
     Ways to restore invariants
► Keep    dynamic stacks of these at run-time
   As first-class citizens
► Like   ‘sagas’ or ‘compensating xactions’
                    Guarantees
► Strong static type system + run-time checks
► Obligations cannot be ignored
► Dynamic extents (e.g., loops) handled
► Nesting, passing obligations, etc.


► Can   enforce (but is more general than):
   t1 … t n
   t1 … t k c k … c 1
               Why not use …
► Transactions,failure transparency, discount
 checking, system-level undo, linear type
 systems, regions, guide, purely static
 methods, more general exceptions,
 workflow, flowmark, Barbara Liskov, vino, …
   All are imperfect fits for this area.
                 Conclusion
► Many   sources of run-time errors in code
   And we’re adding new ones with CCured, etc.
► Run-time    is only “too late” if unhandled
► What to do when a run-time error occurs?
► Difficult to specify!
► Let’s make it easier to code up.
► Future: automatic inference
   For standard libraries and interfaces

				
DOCUMENT INFO
Shared By:
Categories:
Tags:
Stats:
views:3
posted:8/10/2012
language:English
pages:10