Institute of Computing – UNICAMP - Brazil Modeling and Analysis of Architectural Exceptions Fernando Castor Filho Patrick Henrique da S. Brito {fernando}@ic.unicamp.br { patrick.silva}@ic.unicamp.br Cecília Mary F. Rubira {cmrubira}@ic.unicamp.br FM’2005 Workshop on Rigorous Engineering of Fault-Tolerant Systems
Modeling and Analysis of Architectural Exceptions. Fernando Castor Filho Patrick Henrique da S. Brito {fernando}@ic.unicamp.br {patrick.silva}@ic.unicamp.br Cecília Mary F. Rubira {cmrubira}@ic.unicamp.br FM’2005 Workshop on Rigorous Engineering of Fault-Tolerant Systems - PowerPoint PPT Presentation
Welcome message from author
This document is posted to help you gain knowledge. Please leave a comment to let me know what you think about it! Share it to your friends and learn new things together.
Transcript
Institute of Computing – UNICAMP - Brazil
Modeling and Analysis ofArchitectural Exceptions
Fernando Castor Filho Patrick Henrique da S. Brito {fernando}@ic.unicamp.br {patrick.silva}@ic.unicamp.br
Cecília Mary F. Rubira{cmrubira}@ic.unicamp.br
FM’2005 Workshop on Rigorous Engineering of Fault-Tolerant SystemsREFT’2005, Newcastle upon Tyne, July 19th 2005
REFT'2005 - July 19th 2005 2
Exception Handling
Popular mechanism for structuring forward error recovery in software systemsExceptions can be derived incrementally at different phases of development: Requirements Architecture Detailed Design Implementation
REFT'2005 - July 19th 2005 3
Exception Handling
Popular mechanism for structuring forward error recovery in software systemsExceptions can be derived incrementally at different phases of development: Requirements Architecture Detailed Design Implementation
REFT'2005 - July 19th 2005 4
Exceptions at the Architectural Level
A system’s exceptional activity should be addressed since the early phases of development
In recent years, many approaches combining software architecture and exception handling have been proposed
There hasn’t been much focus on the description of exceptions at the architectural level This may be required for systems with strict
dependability requirements such as commercial applications, control systems, and so on.
REFT'2005 - July 19th 2005 5
An Air-Traffic Control System Example
M&C Console
G.A.M
Local/Group A.M.
ATC Console
A.S.O.U
O/S E. A. S.
Network Operating System
Processor I/O Devices
Attachments
Exceptions
Exceptions
Exceptions
Exceptions
Exceptions
Source: Bass, Clements, and Kazman, SoftwareArchitecture in Practice, 2nd Edition, 2003.
Exceptions
REFT'2005 - July 19th 2005 6
... Some Interesting questions...
What does a double-headed arrow mean?
What are the exceptions that each component signals and handles?
Are there any relevant cause-effect relationships?
Is this analyzable?
REFT'2005 - July 19th 2005 7
Problem
To describe software architectures so that it is possible to reason about the flow of exceptions at the architectural level
REFT'2005 - July 19th 2005 8
Requirements of the Solution
1. Easy to use (pictorial representation)2. Integrated with the concept of
architectural style3. Precise (unambiguous)4. Analyzable5. Capable of expressing rules of
existing exception handling models
REFT'2005 - July 19th 2005 9
Alloy Design Language
Lightweight formal methodSimilar to Z (less expressive but supports automated analysis) Support for complex data structures Declarative
Alloy constraint analyzerEasy to useRequirements 3-5
Verified using the Alloy Analyzer Violations of properties generate
graphical counter-examples
REFT'2005 - July 19th 2005 18
Examples of PropertiesExceptions encountered by a component and not handled or propagated are signaledIf a component raises an exception, it must also signal the exceptionThe exceptions encountered by a component are all the exceptions signaled by ducts in the components CatchesFrom setNo useless handlers
REFT'2005 - July 19th 2005 19
Example: No useless handlers
pred no_useless_handlers() { all C : Component | all D : C.CatchesFrom | D.(C.Handles) in D.(C.Encounters) && D.(C.Encounters)<:(D.(C.Propagates))=D.
(C.Propagates)}
REFT'2005 - July 19th 2005 20
Future Directions
Model coordinated exception handlingTechnical report describing the whole modelExtend the implementation of Aereal in order to automatically compute the sets of exceptions that are caught and signaled