Exception-Handling Bugs in Java and a Language Extension to Avoid Them

It is difficult to write programs that behave correctly in the presence of exceptions. We describe a dataflow analysis for finding a certain class of mistakes made while programs handle exceptions. These mistakes involve resource leaks and failures to restore program-specific invariants. Using this analysis we have found over 1,200 bugs in 4 million lines of Java. We give some evidence of the importance of the bugs we found and use them to highlight some limitations of destructors and finalizers. We propose and evaluate a new language feature, the compensation stack, to make it easier to write solid code in the presence of exceptions. These compensation stacks track obligations and invariants at run-time. Two case studies demonstrate that they can yield more natural source code and more consistent behavior in long-running programs.

[1]  Sorin Lerner,et al.  ESP: path-sensitive program verification in polynomial time , 2002, PLDI '02.

[2]  Chen Fu,et al.  Testing of java web services for robustness , 2004, ISSTA '04.

[3]  David A. Patterson,et al.  Undo for Operators: Building an Undoable E-mail Store , 2003, USENIX Annual Technical Conference, General Track.

[4]  Eric A. Brewer,et al.  Pinpoint: problem determination in large, dynamic Internet services , 2002, Proceedings International Conference on Dependable Systems and Networks.

[5]  Sriram K. Rajamani,et al.  Automatically validating temporal safety properties of interfaces , 2001, SPIN '01.

[6]  Junfeng Yang,et al.  Correlation exploitation in error ranking , 2004, SIGSOFT '04/FSE-12.

[7]  Andreas Podelski,et al.  ACSAR: Software Model Checking with Transfinite Refinement , 2007, SPIN.

[8]  George C. Necula,et al.  Finding and preventing run-time error handling mistakes , 2004, OOPSLA.

[9]  Abraham Silberschatz,et al.  A Formal Approach to Recovery by Compensating Transactions , 1990, VLDB.

[10]  David A. Wagner,et al.  Model Checking One Million Lines of C Code , 2004, NDSS.

[11]  John B. Goodenough,et al.  Exception handling: issues and a proposed notation , 1975, CACM.

[12]  Marvin V. Zelkowitz,et al.  Programming Languages: Design and Implementation , 1975 .

[13]  Gary A. Kildall,et al.  A unified approach to global program optimization , 1973, POPL.

[14]  George Candea,et al.  Automatic failure-path inference: a generic introspection technique for Internet applications , 2003, Proceedings the Third IEEE Workshop on Internet Applications. WIAPP 2003.

[15]  David Gay,et al.  Memory management with explicit regions , 1998, PLDI.

[16]  George C. Necula,et al.  Mining Temporal Specifications for Error Detection , 2005, TACAS.

[17]  Dawson R. Engler,et al.  Checking system rules using system-specific, programmer-written compiler extensions , 2000, OSDI.

[18]  Rajeev Alur,et al.  A Temporal Logic of Nested Calls and Returns , 2004, TACAS.

[19]  Martin Odersky,et al.  Pizza into Java: translating theory into practice , 1997, POPL '97.

[20]  Hans-J. Boehm Destructors, finalizers, and synchronization , 2003, POPL '03.

[21]  Robert DeLine,et al.  Enforcing high-level protocols in low-level software , 2001, PLDI '01.

[22]  Gustavo Alonso,et al.  Enhancing the fault tolerance of workflow management systems , 2000, IEEE Concurr..