provably live exception handling
play

Provably Live Exception Handling Bart Jacobs DistriNet, KU Leuven - PowerPoint PPT Presentation

Nov 26, 2023 •202 likes •565 views

Provably Live Exception Handling Bart Jacobs DistriNet, KU Leuven FTfJP 2015 Bart Jacobs Provably Live Exception Handling Contents Problem and Proposed Fix 1 Verification Approach (Ignoring Exceptions) 2 Verification Approach (With

  1. Provably Live Exception Handling Bart Jacobs DistriNet, KU Leuven FTfJP 2015 Bart Jacobs Provably Live Exception Handling

  2. Contents Problem and Proposed Fix 1 Verification Approach (Ignoring Exceptions) 2 Verification Approach (With Exceptions) 3 Bart Jacobs Provably Live Exception Handling

  3. Contents Problem and Proposed Fix 1 Verification Approach (Ignoring Exceptions) 2 Verification Approach (With Exceptions) 3 Bart Jacobs Provably Live Exception Handling

  4. Problem Statement Does this Scala program, running on the JVM, always terminate? val queue = new LinkedBlockingQueue[String]() fork { queue . put(”Hello , world”) } queue . take() Bart Jacobs Provably Live Exception Handling

  5. Problem Statement Does this Scala program, running on the JVM, always terminate? val queue = new LinkedBlockingQueue[String]() fork { queue . put(”Hello , world”) } queue . take() What if put fails? Bart Jacobs Provably Live Exception Handling

  6. Problem Statement Does this Scala program, running on the JVM, always terminate? val queue = new LinkedBlockingQueue[String]() fork { queue . put(”Hello , world”) } queue . take() What if put fails? What if the JVM fails? Bart Jacobs Provably Live Exception Handling

  7. Problem Statement The Java Language Specification, Java SE 8 Edition: Bart Jacobs Provably Live Exception Handling

  8. First Fix Attempt val queue = new LinkedBlockingQueue[String]() fork { try { queue . put(”Hello , world”) } catch { ⇒ System . exit(1) case } } queue . take() Bart Jacobs Provably Live Exception Handling

  9. Proposed Fix new Failbox() . enter { val queue = new LinkedBlockingQueue[String]() Failbox . fork { queue . put(”Hello , world”) } queue . take() } Bart Jacobs Provably Live Exception Handling

  10. Failboxes (Partial) class Failbox { val threads = new ArrayList[Thread]() def enter(body: ⇒ Unit) { synchronized { threads . add(Thread . currentThread()) } try { try { body } finally { synchronized { threads . remove(Thread . currentThread()) } } } catch { case e ⇒ synchronized { for (t ← threads) t . interrupt() } throw e } } } Bart Jacobs Provably Live Exception Handling

  11. Proposed Fix new Failbox() . enter { val queue = new LinkedBlockingQueue[String]() Failbox . fork { queue . put(”Hello , world”) } queue . take() } Bart Jacobs Provably Live Exception Handling

  12. Proposed Fix (Alternative) val fb = new Failbox() val queue = new LinkedBlockingQueue[String]() fb . enter { Failbox . fork { queue . put(”Hello , world”) } } fb . enter { queue . take() } Bart Jacobs Provably Live Exception Handling

  13. Failboxes (Partial) class Failbox { var failed = false val threads = new ArrayList[Thread]() def enter(body: ⇒ Unit) { � � if (failed) throw new FailboxException synchronized threads . add(Thread . currentThread()) try { try { body } finally { synchronized { threads . remove(Thread . currentThread()) } } } catch { case e ⇒ failed = true synchronized { for (t ← threads) t . interrupt() } throw e } } } Bart Jacobs Provably Live Exception Handling

  14. Proposed Fix (Alternative) val fb = new Failbox() val queue = new LinkedBlockingQueue[String]() fb . enter { Failbox . fork { queue . put(”Hello , world”) } } fb . enter { queue . take() } Bart Jacobs Provably Live Exception Handling

  15. Contents Problem and Proposed Fix 1 Verification Approach (Ignoring Exceptions) 2 Verification Approach (With Exceptions) 3 Bart Jacobs Provably Live Exception Handling

  16. Formal Programming Language c ::= new sema | fork c | x . V | x . P | let x := c in c Bart Jacobs Provably Live Exception Handling

  17. Formal Programming Language c ::= new sema | fork c | x . V | x . P | let x := c in c let s := new sema in fork s . V ; s . P Bart Jacobs Provably Live Exception Handling

  18. Programming Language Semantics ( h , T ⊎ { [ new sema ; ξ ] } ) � ( h ⊎ { s �→ 0 } , T ⊎ { [ s ; ξ ] } ) ( h , T ⊎ { [ fork c ; ξ ] } ) � ( h , T ⊎ { [tt; ξ, c ; done ] } ) ( h ⊎ { s �→ n } , T ⊎ { [ x . V ; ξ ] } ) � ( h ⊎ { s �→ n + 1 } , T ⊎ { [tt; ξ ] } ) ( h ⊎ { s �→ n + 1 } , T ⊎ { [ x . P ; ξ ] } ) � ( h ⊎ { s �→ n } , T ⊎ { [tt; ξ ] } ) [ let x := c in c ′ ; ξ ] [ c ; let x := [] in c ′ ; ξ ] ( h , T ⊎ { } ) � ( h , T ⊎ { } ) [ v ; let x := [] in c ′ ; ξ ] [ c ′ [ v / x ]; ξ ] ( h , T ⊎ { } ) � ( h , T ⊎ { } ) ( h , T ⊎ { [ v ; done ] } ) � ( h , T ) } ) � ∗ ( h , T ) ∧ ( h , T ) � � ∧ T � = ∅ c deadlocks ⇔ ∃ h , T . ( ∅ , { [ c ; done ] Bart Jacobs Provably Live Exception Handling

  19. Assertion Language P ::= b | s . credit | obs( S ) | P ∗ P Bart Jacobs Provably Live Exception Handling

  20. Ghost Reachability P ⇒ P ′ P ⊑ P ′ P ∗ R ⊑ P ′ ∗ R P ⊑ P ′ P ′ ⊑ P ′′ P ⊑ P ′ obs ( S ) ⊒⊑ obs ( S ⊎ { [ s ] } ) ∗ s . credit P ⊑ P ′′ Bart Jacobs Provably Live Exception Handling

  21. Proof Rules (1/2) ⊢ { true } new sema { w(res) = w } ⊢ { obs( S ′ ) ∗ P } c { obs( ∅ ) ∗ true } ⊢ { true } s . V { s . credit } ⊢ { obs( S ⊎ S ′ ) ∗ P } fork c { obs( S ) } ⊢ { obs( S ) ∗ s . credit ∧ w( s ) < w( S ) } s . P { obs( S ) } Bart Jacobs Provably Live Exception Handling

  22. Proof Rules (2/2) ⊢ { P } c { Q } ∀ v . ⊢ { Q [ v / res] } c ′ [ v / x ] { R } ⊢ { P } let x := c in c ′ { R } P ⊑ P ′ ⊢ { P ′ } c { Q } Q ⊑ Q ′ ⊢ { P } c { Q } ⊢ { P ∗ R } c { Q ∗ R } ⊢ { P } c { Q ′ } Bart Jacobs Provably Live Exception Handling

  23. Soundness Lemma (Invariant) ∀ s . #credits( s ) ≤ #obligations( s ) + value( s ) Theorem (Soundness) If ⊢ { obs( ∅ ) } c { obs( ∅ ) ∗ true } , then c does not deadlock. Proof. Deadlock implies cycle in wait graph, implies false. Bart Jacobs Provably Live Exception Handling

  24. Example Proof { obs( ∅ ) } let s := new sema in { obs( ∅ ) } { obs( { [ s ] } ) ∗ s . credit } fork { obs( { [ s ] } ) } s . V ; { obs( { [ s ] } ) ∗ s . credit } { obs( ∅ ) } { obs( ∅ ) ∗ s . credit } s . P { obs( ∅ ) } Bart Jacobs Provably Live Exception Handling

  25. Contents Problem and Proposed Fix 1 Verification Approach (Ignoring Exceptions) 2 Verification Approach (With Exceptions) 3 Bart Jacobs Provably Live Exception Handling

  26. Formal Programming Language c ::= · · · | new failbox | x . enter c | throw | fork x c Bart Jacobs Provably Live Exception Handling

  27. Formal Programming Language c ::= · · · | new failbox | x . enter c | throw | fork x c let fb := new failbox in fb . enter ( let s := new sema in fork fb s . V ; s . P ) Bart Jacobs Provably Live Exception Handling

  28. Programming Language Semantics (1/2) ( h , F , T ⊎ { [( f , new failbox ; ξ )] } ) ( h , F ⊎ { f �→ ok } , T ⊎ { } ) [( f , f ; ξ )] � ( h , F , T ⊎ { [( f , f . enter c ; ξ )] } ) ( h , F , T ⊎ { [( f · f , c ; leave f ; ξ )] } ) � ′ , v ; leave f ; ξ )] ( h , F , T ⊎ { [( f · f } ) ′ , v ; ξ )] ( h , F , T ⊎ { [( f } ) � ( h , F , T ⊎ { } ) [( f , fork f ′ c ; ξ )] ′ , c ; leave f ( h , F , T ⊎ { [( f , tt; ξ ) , ( f ′ ; done )] } ) � Bart Jacobs Provably Live Exception Handling

  29. Programming Language Semantics (2/2) ( h , F , T ⊎ { [( f , c ; ξ )] } ) fail ( h , F , T ⊎ { [( f , throw ; ξ )] } ) � ( h , F , T ⊎ { [( f , throw ; let x := [] in c ′ ; ξ )] } ) ( h , F , T ⊎ { [( f , throw ; ξ )] } ) � ( h , F , T ⊎ { [( f · f , c ; ξ )] } ) ( h , F , T ⊎ { [( f · f , throw ; ξ )] } ) � if F ( f ) = failed ′ , throw ; leave f ; ξ )] ( h , F , T ⊎ { [( f · f } ) ′ , throw ; ξ )] ( h , F [ f := failed] , T ⊎ { [( f } ) � ( h , F , T ⊎ { [( ǫ, ˜ v ; done )] } ) ( h , F , T ) � Bart Jacobs Provably Live Exception Handling

  30. Assertion Language P ::= b | s . credit | obs( f , S ) | P ∗ P Bart Jacobs Provably Live Exception Handling

  31. Ghost Reachability obs ( f , S ) ∧ f( S ′ ) ⊆ f ⊒⊑ obs ( f , S ⊎ S ′ ) ∗ S ′ . credit Bart Jacobs Provably Live Exception Handling

  32. Proof Rules ⊢ { true } new sema { w(res) = w ∧ f(res) = f } ′ ′ , S ′ ) ∗ P } c { obs( f ′ , ∅ ) ∗ true } f( S ′ ) ⊆ f ⊢ { obs( f ⊢ { obs( f , S ⊎ S ′ ) ∗ P } fork f ′ c { obs( f , S ) } ⊢ { true } s . V { s . credit } ⊢ { obs(f( s ) · f , S ) ∗ s . credit ∧ w( s ) < w( S ) } s . P { obs(f( s ) · f , S ) } ⊢ { true } new failbox { true } ⊢ { obs( f · f , S ) ∗ P } c { obs( f · f , S ′ ) ∗ Q ∧ f( S ′ ) ⊆ f } ⊢ { obs( f , S ) ∗ P } f . enter c { obs( f , S ′ ) ∗ Q } ⊢ { true } throw { false } Bart Jacobs Provably Live Exception Handling

  33. Soundness Lemma (Invariants) ∀ t . t . obs( f , S ) ⇒ f( S ) ⊆ f ∀ s . F ( s ) = ok ⇒ #credits( s ) ≤ #obligations( s ) + value( s ) Theorem (Soundness) If ⊢ { obs( ǫ, ∅ ) } c { obs( ǫ, ∅ ) ∗ true } , then c does not deadlock. Bart Jacobs Provably Live Exception Handling

  34. Example Proof { obs( ǫ, ∅ ) } let fb := new failbox in { obs( ǫ, ∅ ) } fb . enter ( { obs(fb , ∅ ) } let s := new sema in { obs(fb , ∅ ) ∧ f(s) = fb) } { obs(fb , { [s] } ) ∗ s . credit } fork { obs(fb , { [s] } ) } s . V ; { obs(fb , { [s] } ) ∗ s . credit } { obs(fb , ∅ ) } { obs(fb , ∅ ) ∗ s . credit } s . P { obs(fb , ∅ ) } ) { obs( ǫ, ∅ ) } Bart Jacobs Provably Live Exception Handling

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

1 Benefits of exception handling Handling exceptions Generally, there are many ways to handle an

1 Benefits of exception handling Handling exceptions Generally, there are many ways to handle an

Java exception mechanism when an error or exceptional condition occurs, you throw an exception which is caught by an exception handler try { // statements that may throw an exception.. if (someCondition) Exceptions and error handling

289 views • 6 slides
Control Exception Handling: Exception handling is the control of error conditions or other

Control Exception Handling: Exception handling is the control of error conditions or other

Control Exception Handling: Exception handling is the control of error conditions or other unusual events during the execution of a program. 1 Control In a language without exception handling: When an exception occurs, control

1.15k views • 19 slides
Exception Handling in C++ throw - try - catch ! class InvalidNumber { }; void main() {

Exception Handling in C++ throw - try - catch ! class InvalidNumber { }; void main() {

14 . Exception Handling: Mechanism and Usage Exception Handling Synchronous Errors Asynchronous Errors An Example function : Call may result in an error double sqrt(int number); Traditional Error Handling Exit the program Return an

453 views • 8 slides
exception handling Bart Jacobs and Frank Piessens Katholieke Universiteit Leuven Overview of

exception handling Bart Jacobs and Frank Piessens Katholieke Universiteit Leuven Overview of

Failboxes: Provably safe exception handling Bart Jacobs and Frank Piessens Katholieke Universiteit Leuven Overview of Presentation Purpose of exceptions: Dependency safety Conflicts with: Non-exception-safe objects and:

813 views • 68 slides
Exception Handling and Initialization Marco Chiarandini Department of Mathematics &amp; Computer

Exception Handling and Initialization Marco Chiarandini Department of Mathematics &amp; Computer

DM545 Linear and Integer Programming Lecture 4 Exception Handling and Initialization Marco Chiarandini Department of Mathematics &amp; Computer Science University of Southern Denmark Exception Handling Simplex: Exception Handling, Overview

452 views • 27 slides
ITEC 1630 Yves Lesp erance Exception Handling Exception handling is a mechanism for making

ITEC 1630 Yves Lesp erance Exception Handling Exception handling is a mechanism for making

ITEC 1630 Yves Lesp erance Exception Handling Exception handling is a mechanism for making programs more robust, i.e. have then continue executing when errors, failures, or exceptional conditions occur, rather than crash. Lecture Notes

500 views • 7 slides
The Simplex Method: Exception Handling Marco Chiarandini Department of Mathematics &amp;

The Simplex Method: Exception Handling Marco Chiarandini Department of Mathematics &amp;

DM545 Linear and Integer Programming Lecture 3 The Simplex Method: Exception Handling Marco Chiarandini Department of Mathematics &amp; Computer Science University of Southern Denmark Tableaux and Dictionaries Outline Exception Handling

212 views • 19 slides
Exception handling Exception infrequent, abnormal situation in program logic at program

Exception handling Exception infrequent, abnormal situation in program logic at program

Exception handling Exception infrequent, abnormal situation in program logic at program execution not necessarily an error Reasons for exceptions: hardware events arithmetic overflow, parity errors operating

957 views • 24 slides
Object Oriented Programming COP3330 / CGS5409 Exception Handling Bitwise Operators

Object Oriented Programming COP3330 / CGS5409 Exception Handling Bitwise Operators

Object Oriented Programming COP3330 / CGS5409 Exception Handling Bitwise Operators Many erroneous situations could occur during program execution Usually related to things like user input Exception Handling is a type of error-

379 views • 22 slides
1 Handling exceptions (III) Handling exceptions (II) n try -statements can be nested and

1 Handling exceptions (III) Handling exceptions (II) n try -statements can be nested and

2.6 Error, exception and event Error and exception handling in handling Pascal n There are conditions that have to be fulfilled by a n While errors definitely can occur in Pascal programs, program that sometimes are not fulfilled, which Pascal

143 views • 3 slides
COMP 110-001 Exception Handling Yi Hong June 10, 2015 Announcement Lab 7 is due today

COMP 110-001 Exception Handling Yi Hong June 10, 2015 Announcement Lab 7 is due today

COMP 110-001 Exception Handling Yi Hong June 10, 2015 Announcement Lab 7 is due today 2 Today Exception Handling Important in developing Java code. But not a major focus of this course 3 Recall Homework 2

483 views • 36 slides
Exception Handling 18-849b Dependable Embedded Systems Charles P. Shelton March 9, 1999

Exception Handling 18-849b Dependable Embedded Systems Charles P. Shelton March 9, 1999

Exception Handling 18-849b Dependable Embedded Systems Charles P. Shelton March 9, 1999 Required Reading: Romanovsky, Alexander; Xiu, Jie; Randell, Brian; Exception Handling in Object-Oriented Real-Time Distributed Systems Overview:

561 views • 12 slides
Exceptions Defensive programming Anticipating that something could go wrong Handling

Exceptions Defensive programming Anticipating that something could go wrong Handling

Exceptions Defensive programming Anticipating that something could go wrong Handling errors Exception handling and throwing Example: File processing Exception handling and throwing Java: try-catch-finally, throw, throws

420 views • 7 slides
Interrupt and Exception Handling on the x86 ( Lecture 8 ) x86 Interrupt Vectors - Every

Interrupt and Exception Handling on the x86 ( Lecture 8 ) x86 Interrupt Vectors - Every

6.828: Operating System Engineering Interrupt and Exception Handling on the x86 ( Lecture 8 ) x86 Interrupt Vectors - Every Exception/Interrupt type is assigned a number: - its vector - When an interrupt occurs, the vector determines what code

456 views • 13 slides
Exception handling in LLVM, from Itanium to MSVC Reid Kleckner David Majnemer Agenda

Exception handling in LLVM, from Itanium to MSVC Reid Kleckner David Majnemer Agenda

Exception handling in LLVM, from Itanium to MSVC Reid Kleckner David Majnemer Agenda Exception handling: what it is, where it came from Introduction to the landingpad model used in LLVM and GCC Elegant simplicity of the

765 views • 32 slides
Advanced Java Course Exception Handling Throwables Class Throwable has two subclasses:

Advanced Java Course Exception Handling Throwables Class Throwable has two subclasses:

Advanced Java Course Exception Handling Throwables Class Throwable has two subclasses: Error So bad that you never even think about trying to catch these Exception Most Exceptions must be handled (i.e. either declared in

524 views • 13 slides
Estimation of Dynamic Discrete Choice Models by Maximum Likelihood and the Simulated Method of

Estimation of Dynamic Discrete Choice Models by Maximum Likelihood and the Simulated Method of

Estimation of Dynamic Discrete Choice Models by Maximum Likelihood and the Simulated Method of Moments Philipp Eisenhauer, James J. Heckman, &amp; Stefano Mosso International Economic Review , 2015 Econ 312, Spring 2019 Heckman Estimation of

1.33k views • 113 slides
Hindsight Experience Replay Practice Environment Siddharth Ancha, Nicholay Topin MLD, Carnegie

Hindsight Experience Replay Practice Environment Siddharth Ancha, Nicholay Topin MLD, Carnegie

Hindsight Experience Replay Practice Environment Siddharth Ancha, Nicholay Topin MLD, Carnegie Mellon University (10-703 Recitation Slides) 1 Environment (states) Goal (random initial location within boundary) (does not move during episode)

467 views • 13 slides
NDN, CoAP, and MQTT: A Comparative Measurement Study in the IoT ACM ICN 2018, Boston Cenk

NDN, CoAP, and MQTT: A Comparative Measurement Study in the IoT ACM ICN 2018, Boston Cenk

NDN, CoAP, and MQTT: A Comparative Measurement Study in the IoT ACM ICN 2018, Boston Cenk Gndoan 1 Peter Kietzmann 1 Martine Lenders 2 Hauke Petersen 2 Thomas C. Schmidt 1 Matthias Whlisch 2 1 HAW Hamburg 2 Freie Universitt Berlin CoAP

1.12k views • 56 slides
Uncertainty quantification for nonconvex tensor completion Yuxin Chen Electrical Engineering,

Uncertainty quantification for nonconvex tensor completion Yuxin Chen Electrical Engineering,

Uncertainty quantification for nonconvex tensor completion Yuxin Chen Electrical Engineering, Princeton University Changxiao Cai H. Vincent Poor Princeton EE Princeton EE Ubiquity of high-dimensional tensor data computational genomics

819 views • 34 slides
YOPP archive: needs of the verification community B. Casati, B. Brown, T. Haiden, C. Coelho Talk

YOPP archive: needs of the verification community B. Casati, B. Brown, T. Haiden, C. Coelho Talk

YOPP archive: needs of the verification community B. Casati, B. Brown, T. Haiden, C. Coelho Talk Outline: P1 model and observation data P2 observation uncertainty P2 matched model and observation: time series P3,P4,P5

121 views • 11 slides
Lecture 32/Chapter 27 Putting Skills to the Test Seven Guidelines Applied to Night Light

Lecture 32/Chapter 27 Putting Skills to the Test Seven Guidelines Applied to Night Light

Lecture 32/Chapter 27 Putting Skills to the Test Seven Guidelines Applied to Night Light Article Chi-Square Analysis of Night Light Data Seven Guidelines (Review) Step 1: Determine if study was sample survey, experiment, obs study,

559 views • 11 slides
A Statistical Framework for Designing On-chip Thermal Sensing Infrastructure Yufu Zhang, Bing

A Statistical Framework for Designing On-chip Thermal Sensing Infrastructure Yufu Zhang, Bing

A Statistical Framework for Designing On-chip Thermal Sensing Infrastructure Yufu Zhang, Bing Shi, Ankur Srivastava University of Maryland, College Park {yufuzh, bingshi, ankurs}@umd.edu Outline Motivation/overview Fusion center design

478 views • 19 slides
Assimilation of AIRS CO 2 Observations with EnKF in a Carbon-Climate Model Junjie Liu, Inez Fung

Assimilation of AIRS CO 2 Observations with EnKF in a Carbon-Climate Model Junjie Liu, Inez Fung

Assimilation of AIRS CO 2 Observations with EnKF in a Carbon-Climate Model Junjie Liu, Inez Fung (UCB) Eugenia Kalnay, Ji-Sun Kang (UMD) Mous Chahine, Ed Olsen, Luke Chen (JPL) 1 Differ Di eren ent CO CO 2 v vertical gradient forecasts

456 views • 35 slides

More recommend