Figure 3-2 - uploaded by Robert Olszewski
Content may be subject to copyright.
Fishbone diagram showing exception types and exemplars. The first letters of the rib labels spell the mnemonic children. 

Fishbone diagram showing exception types and exemplars. The first letters of the rib labels spell the mnemonic children. 

Source publication
Conference Paper
Full-text available
Programs fail mainly for two reasons: logic errors in the code, and exception failures. Exception failures can account for up to 2/3 of system crashes, hence are worthy of serious attention. Traditional approaches to reducing exception failures, such as code reviews, wallthroughs and formal testing, while very useful, are limited in their ability t...

Citations

... Exceptions are useful for structured separation of normal and error handling code. However, their improper use and handling could put a system in undetermined risky states or even crash it [29]. Understanding exceptions, especially their behaviors and flows may help with their better use and handling [28,35]. ...
... With the boundary exception RegDExc, the throws clauses of the methods withdraw and check should be changed to throws RegDExc since it is the only checked exception they can throw. 29 void event WithdrawEv throws RegDExc{ ...
Conference Paper
Full-text available
Modular understanding of behaviors and flows of exceptions may help in their better use and handling. Such reasoning tasks about exceptions face unique challenges in event-based implicit invocation (II) languages that allow subjects to implicitly invoke observers, and run the observers in a chain. In this work, we illustrate these challenge in Ptolemy and propose Ptolemy-X that enables modular reasoning about behaviors and flows of exceptions for event announcement and handling. Ptolemy-X's exception-aware specification expressions and boundary exceptions limit the set of (un)checked exceptions of subjects and observers of an event. Exceptional postconditions specify the behaviors of these exceptions. Greybox specifications specify the flows of these exceptions among the observers in the chain. Ptolemy-X's type system and refinement rules enforce these specifications and thus enable its modular reasoning. We evaluate the utility of Ptolemy-X's exception flow reasoning by applying it to understand a set of aspect-oriented (AO) bug patterns. We also present Ptolemy-X's semantics including its sound static semantics.
... It is important since software robustness is highly dependent on the presence of good exception handling codes. Exception failures can account for up to 2/3 of system crashes and 50% of system security vulnerabilities [10]. It is controversial since its dynamic semantics is often considered too complex to follow by both programmers and software tools. ...
Conference Paper
Full-text available
Exception handling is an important language feature for building more robust software programs. It is primarily concerned with capturing abnormal events, with the help of catch handlers for supporting recovery actions. In this paper, we advocate for a specification logic that can uniformly handle exceptions, program errors and other kinds of control flows. Our logic treats exceptions as possible outcomes that could be later remedied, while errors are conditions that should be avoided by user programs. This distinction is supported through a uniform mechanism that captures static control flows (such as normal execution) and dynamic control flows (such as exceptions) within a single formalism. Following Stroustrup’s definition [15,9], our verification technique could ensure exception safety in terms of four guarantees of increasing quality, namely no-leak guarantee, basic guarantee, strong guarantee and no-throw guarantee.
... One of the most important properties that makes a software technology applicable in the industrial settings is robustness. Robust technologies can detect, diagnose and recover from failures and uncertain situations[11,6]. Traditional technologies, such as object oriented paradigm, provide an infrastructure to develop robust software applications that have great degree of robustness maturity. ...
Conference Paper
Full-text available
Cooperative, autonomous and distributed properties of multi-agent systems deduce the dynamic capabilities of multi-agent system applications. On the other hand, these suitable features increase the error proneness of these applications. In this paper, we propose an exception handling approach to make multi-agent system applications more reliable and robust. And also we classify multi-agent exceptions and have implemented our approach on SEAGENT goal-oriented multi-agent development framework.
... Previous work by Maxion and Olszewski [15,16] analyzed the problem of programmers forgetting to write exception handling code in C programs. Dependability cases are used with quite good results. ...
Conference Paper
Full-text available
Web applications are typically developed with hard time constraints and are often deployed with critical software bugs, making them vulnerable to attacks. The classification and knowledge of the typical software bugs that lead to security vulnerabilities is of utmost importance. This paper presents a field study analyzing 655 security patches of six widely used web applications. Results are compared against other field studies on general software faults (i.e., faults not specifically related to security), showing that only a small subset of software fault types is related to security. Furthermore, the detailed analysis of the code of the patches has shown that web application vulnerabilities result from software bugs affecting a restricted collection of statements. A detailed analysis of the conditions/locations where each fault was observed in our field study is presented allowing future definition of realistic fault models that cause security vulnerabilities in web applications, which is the key element to design a realistic attack injector.
... Traditional technologies, such as object oriented paradigm, provide an infrastructure to develop reliable software applications that have great degree of error proneness maturity. Robust technologies can detect, diagnose and recover from failures and uncertain situations [6,11]. To recover failures and uncertain situations, initially it's clear that there is a requirement of identifying errors and deciding what should be done to recover . ...
... Maxion suggests that "dependability cases comprise an organising framework and methodology for thinking about exceptions and the conditions under which they occur" [50]. In this definition, the author identifies the association between assurance regarding the dependability and system failures. ...
Thesis
Dependability is a composite property consisting of attributes such as reliability, availability, safety and security. The achievement of these attributes is often essential for the operational success of systems undertaking critical and complex tasks. Assurance that the final system will demonstrate the required dependability qualities, can be crucial to the acceptance of the system into service. Safety cases are a well established concept used to establish assurance about the safety properties of a system. However, safety cases focus only on one attribute of dependability. The principles and processes of creating an integrated dependability case – that assures all aspects of dependable system behaviour – are less well understood. A number of challenges are faced when attempting to support dependability case development. These include the systematic elicitation of dependability goals, the management and justification of trade-offs, and the evolution of multi-attribute arguments in step with the design process. This thesis addresses these challenges by defining a rigorous framework, accompanied by a set of methods, for establishing dependability cases. Firstly, a method for eliciting dependability requirements is defined by extending existing safety deviational analysis techniques. Secondly, a method for systematically identifying and managing justified trade-offs is presented. Thirdly, the thesis describes the co-evolution of dependability case arguments alongside system development – using a dependability case architecture that corresponds to system structures. Finally, the thesis unifies these contributions by defining a metamodel that captures and interrelates the concepts underlying the proposed methods. Evaluation of the work is presented by means of peer review, pilot studies and industrial examples.
... Dependability has been associated with faults that can result in failures [5], [14], and [25]. With respect to the system's overall behaviour, failures can be interpreted according to the viewpoint of the attribute of interest. ...
Conference Paper
Full-text available
In mission critical systems the operational success of the system depends on many aspects of the system's operation such as availability, security, performance and safety. According to the design of the system, dependability attributes can be in conflict or in harmony often resulting in unavoidable trade-offs. Adopting a more flexible approach towards dependability allows us to achieve tolerable limits for each dependability attribute, whilst maintaining acceptable overall dependability levels for the system. Elicitation of the requirements that define the levels of the dependability attributes can only be meaningfully done in the context of the system's operation. In this paper we present how we can extend existing safety techniques to elicit dependability requirements. Well established deviation analysis techniques in the safety domain are already used to perform safety analysis. However the safety techniques cannot be used efficiently to explicitly elicit requirements for other attributes. This is primarily because the prompts as well as the models on which the prompts are applied are optimised for safety. The method presented uses a set of prompts optimised to examine the system for dependability attribute concerns, which are applied on models, taken from the MOD architectural framework, that are suitable for analysing each of the dependability attributes.
... Obviously, the stronger the test the smaller is the distance between an erroneous output and the correct value, and the more usable will be the system. For a further discussion and examples of assertions see for instance [13], [37], [38], [39], [40] and the recent papers on software robustness [41], [42], [43] [44]. ...
Article
Full-text available
In this paper the behavior of assertion-based error detection mechanisms is characterized under faults injected according to a quite general fault model. Assertions based on the knowledge of the application can be very effective at detecting corruption of critical data caused by hardware faults. The main drawbacks of that approach are identified as being the lack of protection of data outside the section covered by assertions, namely during input and output, and the possible incorrect execution of the assertions. To handle those weak-points the Robust Assertions technique is proposed, whose effectiveness is shown by extensive fault injection experiments. With this technique a system follows a new failure model, that is called Fail-Bounded, where with high probability all results produced are either correct or, if wrong, they are within a certain bound of the correct value, whose exact distance depends on the output assertions used. Any kind of assertions can be considered, from simple likelihood tests to high coverage assertions such as those used in the Algorithm Based Fault Tolerance paradigm. We claim that this failure model is very useful to describe the behavior of many low-cost fault-tolerant systems, that have low hardware and software redundancy, like embedded systems, were cost is a severe restriction, yet full availability is expected.
... Obviously, the stronger the test the smaller is the distance between an erroneous output and the correct value, and the more usable will be the system. For a further discussion and examples of assertions see for instance [13], [37], [38], [39], [40] and the recent papers on software robustness [41], [42], [43] [44]. ...
Article
Full-text available
In this paper the behavior of assertion-based error detection mechanisms is characterized under faults injected according to a quite general fault model. Assertions based on the knowledge of the application can be very effective at detecting corruption of critical data caused by hardware faults. The main drawbacks of that approach are identified as being the lack of protection of data outside the section covered by assertions, namely during input and output, and the possible incorrect execution of the assertions. To handle those weak-points the Robust Assertions technique is proposed, whose effectiveness is shown by extensive fault injection experiments. With this technique a system follows a new failure model, that is called Fail-Bounded, where with high probability all results produced are either correct or, if wrong, they are within a certain bound of the correct value, whose exact distance depends on the output assertions used. Any kind of assertions can be considered, from simple likelihood tests to high coverage assertions such as those used in the Algorithm Based Fault Tolerance paradigm. We claim that this failure model is very useful to describe the behavior of many low-cost fault-tolerant systems, that have low hardware and software redundancy, like embedded systems, were cost is a severe restriction, yet full availability is expected.
... The result from the survey is consistent with some prior works done about software robustness. An example is given in [17], where studies find that most developers have an incomplete understanding of how to build software systems with robust exception handling, or even the importance of good design with respect to handling errors and exceptional conditions. Content analysis on the comments provided by the respondents shows similar information in this survey. ...
Conference Paper
Full-text available
Software process improvement seeks for better methods and techniques to develop quality products with reduced time. A prerequisite for this is to understand the current status and problems. In this paper we present a survey that gives an overall picture of the status in the development of Web-based systems. We investigated how the recognized best practice in the software community is employed in WebSys development, with respect to time-to-market and quality requirements – reliability and robustness. Data have been collected through questionnaires and interviews. Exploratory data analysis is used to discover patterns underlying data through successive iterations. Ten main findings are presented in three groups: features of the WebSys development projects, results related to time-to-market and use of engineering methods for reliability and robustness. Based on these findings, some key research areas are identified.