Article

Finding and preventing run-time error handling mistakes

Authors:
Westley Weimer

University of California - Berkeley

University of California - Berkeley
View Profile

,
George C. Necula

University of California - Berkeley

University of California - Berkeley
View Profile

OOPSLA '04: Proceedings of the 19th annual ACM SIGPLAN conference on Object-oriented programming, systems, languages, and applicationsOctober 2004Pages 419–431https://doi.org/10.1145/1028976.1029011

Published:01 October 2004Publication History

OOPSLA '04: Proceedings of the 19th annual ACM SIGPLAN conference on Object-oriented programming, systems, languages, and applications

Pages 419–431

ABSTRACT

It is difficult to write programs that behave correctly in the presence of run-time errors. Existing programming language features often provide poor support for executing clean-up code and for restoring invariants in such exceptional situations. We present a dataflow analysis for finding a certain class of error-handling mistakes: those that arise from a failure to release resources or to clean up properly along all paths. Many real-world programs violate such resource safety policies because of incorrect error handling. Our flow-sensitive analysis keeps track of outstanding obligations along program paths and does a precise modeling of control flow in the presence of exceptions. Using it, we have found over 800 error handling mistakes almost 4 million lines of Java code. The analysis is unsound and produces false positives, but a few simple filtering rules suffice to remove them in practice. The remaining mistakes were manually verified. These mistakes cause sockets, files and database handles to be leaked along some paths. We present a characterization of the most common causes of those errors and discuss the limitations of exception handling, finalizers and destructors in addressing them. Based on those errors, we propose a programming language feature that keeps track of obligations at run time and ensures that they are discharged. Finally, we present case studies to demonstrate that this feature is natural, efficient, and can improve reliability; for example, retrofitting a 34kLOC program with it resulted in a 0.5% code size decrease, a surprising 17% speed increase (from correctly deallocating resources in the presence of exceptions), and more consistent behavior.

References

Advisor. Beware: 10 common web application security risks. Technical Report Doc 11756, Security Advisor Portal, Jan. 2003.Google Scholar
G. Alonso, C. Hagen, D. Agrawal, A. E. Abbadi, and C. Mohan. Enhancing the fault tolerance of workflow management systems. IEEE Concurrency, 8(3):74--81, July 2000. Google ScholarDigital Library
G. Ammons, R. Bodik, and J. R. Larus. Mining specifications. In ACM Symposium on Principles of Programming Languages, pages 4--16, 2002. Google ScholarDigital Library
P. Baldwin, S. Kohli, E. A. Lee, X. Liu, and Y. Zhao. Modeling of sensor nets in Ptolemy II. In Proceedings of Information Processing in Sensor Networks, Apr. 2004. Google ScholarDigital Library
H.-J. Boehm. Destructors, finalizers and synchronization. In ACM Symposium on Principles of Programming Languages. ACM, Jan. 2003. Google ScholarDigital Library
A. Borg, W. Blau, W. Graetsch, F. Herrmann, and W. Oberle. Fault tolerance under UNIX. ACM Transactions on Computer Systems, 7(1), Feb. 1989. Google ScholarDigital Library
A. Brown and D. Patterson. Undo for operators: Building an undoable e-mail store. In USENIX Annual Technical Conference, 2003. Google ScholarDigital Library
G. Candea, M. Delgado, M. Chen, and A. Fox. Automatic failure-path inference: A generic introspection technique for internet applications. In IEEE Workshop on Internet Applications. San Jose, California, June 2003. Google ScholarDigital Library
L. Cardelli and R. Davies. Service combinators for web computing. Software Engineering, 25(3):309--316, 1999. Google ScholarDigital Library
T. Cargill. Exception handling: a false sense of security. C++ Report, 6(9), 1994.Google Scholar
M. Chen, E. Kiciman, E. Fratkin, E. Brewer, and A. Fox. Pinpoint: Problem determination in large, dynamic, internet services. In International Conference on Dependable Systems and Networks, Washington D.C., 2002. Google ScholarDigital Library
F. Cristian. Exception handling. Technical Report RJ5724, IBM Research, 1987.Google Scholar
M. Das, S. Lerner, and M. Seigle. Esp: path-sensitive program verification in polynomial time. SIGPLAN Not., 37(5):57--68, 2002. Google ScholarDigital Library
U. Dayal, M. Hsu, and R. Ladin. Organizing long-running activities with triggers and transactions. In Proceedings of ACM SIGMOD, pages 204--214. Atlantic City, May 1990. Google ScholarDigital Library
R. DeLine and M. Fähndrich. Enforcing high-level protocols in low-level software. In ACM Conference on Programming Language Design and Implementation, pages 59--69, 2001. Google ScholarDigital Library
B. Demsky and M. C. Rinard. Automatic data structure repair for self-healing systems. In ACM Conference on Object-Oriented Programming, Systems, Languages, and Applications, 2003.Google Scholar
C. Dony. A fully object-oriented exception handling system. In Advances in Exception Handling Techniques, volume 2022 of Lecture Notes in Computer Science, pages 18--38, 2001. Google ScholarDigital Library
D. Engler, B. Chelf, A. Chou, and S. Hallem. Checking system rules using system-specific, programmer-written compiler extensions. In Symposium on Operating Systems Design and Implementation, 2000. Google ScholarDigital Library
D. R. Engler, D. Y. Chen, and A. Chou. Bugs as deviant behavior: A general approach to inferring errors in systems code. In Symposium on Operating Systems Principles, pages 57--72, 2001. Google ScholarDigital Library
M. Fähndrich and R. DeLine. Adoption and focus: Practical linear types for imperative programming. In ACM Conference on Programming Language Design and Implementation, June 2002. Google ScholarDigital Library
H. Garcia-Molina and K. Salem. Sagas. In ACM Conference on Management of Data, pages 249--259, 1987. Google ScholarDigital Library
D. Gay and A. Aiken. Memory management with explicit regions. In ACM Conference on Programming Language Design and Implementation, pages 313--323, 1998. Google ScholarDigital Library
J. B. Goodenough. Exception handling: issues and a proposed notation. Communications of the ACM, 18(12):683--696, 1975. Google ScholarDigital Library
J. Gosling, B. Joy, and G. L. Steele. The Java Language Specification. The Java Series. Addison-Wesley, Reading, MA, USA, 1996. Google ScholarDigital Library
J. Gray. The transaction concept: virtues and limitations. In International Conference on Very Large Data Bases, pages 144--154. Cannes, France, Sept. 1981.Google Scholar
C. Hagen and G. Alonso. Flexible exception handling in the OPERA process support system. In International Conference on Distributed Computing Systems, pages 526--533, 1998. Google ScholarDigital Library
C. Hagen and G. Alonso. Exception handling in workflow management systems. IEEE Transactions on Software Engineering, 26(9):943--959, Sept. 2000. Google ScholarDigital Library
S. Hangal and M. S. Lam. Tracking down software bugs using automatic anomaly detection. In International Conference on Software Engineering, May 2002. Google ScholarDigital Library
G. A. Kildall. A unified approach to global program optimization. In Proceedings of the 1st annual ACM SIGACT-SIGPLAN symposium on Principles of programming languages, pages 194--206. ACM Press, 1973. Google ScholarDigital Library
H. F. Korth, E. Levy, and A. Silberschatz. A formal approach to recovery by compensating transactions. In The VLDB Journal, pages 95--106, 1990. Google ScholarDigital Library
R. Levin. Program structures for exceptional condition handling. PhD thesis, Carnegie Mellon University, June 1977. Google ScholarDigital Library
B. Liskov and R. Scheifler. Guardians and actions: Linguistic support for robust, distributed programs. ACM Transactions on Programming Languages and Systems, 5(3):381--404, July 1983. Google ScholarDigital Library
C. Liu, M. E. Orlowska, X. Lin, and X. Zhou. Improving backward recovery in workflow systems. In Conference on Database Systems for Advanced Applications, Apr. 2001. Google ScholarDigital Library
D. E. Lowell, S. Chandra, and P. M. Chen. Exploring failure transparency and the limits of generic recovery. In USENIX Symposium on Operating Systems Design and Implementation, Oct. 2000. Google ScholarDigital Library
D. E. Lowell and P. M. Chen. Discount checking: transparent, low-overhead recovery for general applications. Technical Report CSE-TR-410-99, University of Michigan, Nov. 1998.Google Scholar
R. Miller and A. Tripathi. Issues with exception handling in object-oriented systems. In Object-Oriented Programming, 11th European Conference (ECOOP), pages 85--103, 1997.Google Scholar
M. Odersky and P. Wadler. Pizza into Java: Translating theory into practice. In ACM Symposium on Principles of Programming Languages, pages 146--159, 1997. Google ScholarDigital Library
M. P. Robillard and G. C. Murphy. Regaining control of exception handling. Technical Report TR-99-14, Dept. of Computer Science, University of British Columbia, 1, 1999. Google Scholar
M. I. Seltzer, Y. Endo, C. Small, and K. A. Smith. Dealing with disaster: Surviving misbehaved kernel extensions. In Symposium on Operating Systems Design and Implementation, pages 213--227, Seattle, Washington, 1996. Google ScholarDigital Library
J. S. Shapiro, J. M. Smith, and D. J. Farber. EROS: a fast capability system. In Symposium on Operating Systems Principles, pages 170--185, 1999. Google ScholarDigital Library
SourceForge.net. About SourceForge.net (document A1). http://sourceforge.net. Technical report, 2003.Google Scholar
Sun Microsystems. Java pet store 1.1.2 blueprint application. http://java.sun.com/blueprints/code/. Technical report, 2001.Google Scholar
M. Tofte and J.-P. Talpin. Region-based memory management. Information and Computation, 1997. Google ScholarDigital Library
G. Valetto and G. Kaiser. A case study in software adaptation. In ACM Workshop on Self-Healing Systems (WOSS '02), pages 73--78, Nov. 2002. Google ScholarDigital Library
S. Yemini and D. Berry. A modular verifiable exception handling mechanism. ACM Transactions on Programming Languages and Systems, 7(2), Apr. 1985. Google ScholarDigital Library

Index Terms

Recommendations

Error handling as an aspect
BPAOSD '07: Proceedings of the 2nd workshop on Best practices in applying aspect-oriented software development

One of the fundamental motivations for employing exception handling in the development of robust applications is to lexically separate error handling code from the normal code so that they can be independently modified. However, experience has shown ...
Read More
Finding and preventing run-time error handling mistakes
OOPSLA '04

It is difficult to write programs that behave correctly in the presence of run-time errors. Existing programming language features often provide poor support for executing clean-up code and for restoring invariants in such exceptional situations. We ...
Read More
Exceptions and exception handling in computerized information processes

Exceptions, situations that cannot be correctly processed by computer systems, occur frequently in computer-based information processes. Five perspectives on exceptions provide insights into why exceptions occur and how they might be eliminated or more ...
Read More

Comments

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Publication

Published in
OOPSLA '04: Proceedings of the 19th annual ACM SIGPLAN conference on Object-oriented programming, systems, languages, and applications
October 2004
462 pages
ISBN:1581138318
DOI:10.1145/1028976
General Chair:
John Vlissides
IBM Research
,
Program Chair:
Doug Schmidt
Vanderbilt
ACM SIGPLAN Notices Volume 39, Issue 10
OOPSLA '04
October 2004
448 pages
ISSN:0362-1340
EISSN:1558-1160
DOI:10.1145/1035292
Issue’s Table of Contents
Copyright © 2004 ACM
Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]
Sponsors
In-Cooperation
Publisher
Association for Computing Machinery
New York, NY, United States
Publication History
- Published: 1 October 2004
Permissions
Request permissions about this article.
Request Permissions

Check for updates
Author Tags
dataflow
destructors
exceptions
finalizers
try-finally
Qualifiers
- Article
Conference

Acceptance Rates
Overall Acceptance Rate268of1,244submissions,22%
Upcoming Conference
SPLASH '24

Sponsor:

sigplan

ACM SIGPLAN International Conference on Systems, Programming, Languages, and Applications: Software for Humanity

October 20 - 25, 2024

Pasadena , CA , USA
Funding Sources
Other Metrics
View Article Metrics

Article Metrics
- 100
  Total Citations
  View Citations
- 1,310
  Total Downloads
- Downloads (Last 12 months)43
- Downloads (Last 6 weeks)7
Other Metrics
View Author Metrics
Cited By
View all

PDF Format

View or Download as a PDF file.

PDF

eReader

View online with eReader.

eReader

Finding and preventing run-time error handling mistakes

OOPSLA '04: Proceedings of the 19th annual ACM SIGPLAN conference on Object-oriented programming, systems, languages, and applications

ABSTRACT

References

Cited By

Index Terms

Recommendations

Error handling as an aspect

Finding and preventing run-time error handling mistakes

Exceptions and exception handling in computerized information processes